X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=ipif%2Fforwarder.c;h=66f869080117af064b4b80ed00921b34aabfbb8c;hb=33e8a62b26621ae0dc48ee96cfcefbf5e70af7cd;hp=a9e43e096e16bd8c62b38a92c7241fa70b8dcddd;hpb=9d4e63db418172c744c7bc98a7bc21c1c876f1ef;p=userv-utils.git

diff --git a/ipif/forwarder.c b/ipif/forwarder.c
index a9e43e0..66f8690 100644
--- a/ipif/forwarder.c
+++ b/ipif/forwarder.c
@@ -1,22 +1,30 @@
 /*
- * Encrypting tunnel for userv-ipif tunnels, actual implementation
- *
+ * Encrypting tunnel for userv-ipif tunnels, actual core implementation
+ */
+/*
  * usage:
- *  udptunnel-forwarder <public-local-fd> <private-in-fd> <private-out-fd>
- *                      <mtu> <keepalive> <timeout>
+ *  udptunnel-forwarder <optchars>
+ *                      <public-local-fd> <private-in-fd> <private-out-fd>
+ *                      <encdec-keys-fd>
+ *                      <mtu> <keepalive> <timeout> <reannounce>
  *                      <public-remote-addr> [<public-remote-port>]
- *                      <encdec-keys-fd> <encdec-keys-write>
- *                      <mech1> [<mech1-params> ...]
- *                      <mech2> [<mech2-params> ...]
+ *                      |<mech1> [<mech1-params> ...]
+ *                      |<mech2> [<mech2-params> ...]
  *                      ''
  *
  * Remote addr may '' to mean wait to receive a packet and reply to
  * whereever we get a good packet from first, in which case port
  * should not be specified.
  *
- * <enc-keys-write> is '' to mean read, anything else to mean write.
+ * <optchars> is zero or more of
+ *    w   means generate and write encdec keys, rather than reading them
+ *    K   means do crypto debug (use with care!)
  *
- * Every must be numeric.  There is very little argument checking.
+ * encdec keys datastream has keys for packets from key datastream
+ * writer to reader first, then keys for packets from reader to
+ * writer.
+ *
+ * Every addr or port must be numeric.  There is very little argument checking.
  *
  * Exit status:
  *  SIGALARM   timed out
@@ -26,6 +34,24 @@
  *      12     usage error
  *      16     bad trouble
  */
+/*
+ * Copyright (C) 2000,2003 Ian Jackson
+ * This file is part of ipif, part of userv-utils
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with userv-utils; if not, write to the Free Software
+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
 
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -46,12 +72,14 @@
 #define MAXMECHS 10
 
 static size_t buffer_size;
+static struct utsname uname_result;
 
+static const char *opt_chars;
 static int public_local_fd, private_in_fd, private_out_fd;
-static int mtu2, keepalive, timeout;
+static int mtu2, keepalive, timeout, reannounce;
 static int public_remote_specd;
 static struct sockaddr_in public_remote;
-static int encdec_keys_fd, encdec_keys_write;
+static int encdec_keys_fd, encdec_keys_write, crypto_debug;
 static int n_mechs;
 static const struct mechanism *mechs[MAXMECHS];
 
@@ -64,6 +92,57 @@ static size_t accum_used, accum_avail;
 
 static time_t nextsendka;
 
+static void cdebug(int mechno /*or -1*/, const char *msg) {
+  if (!crypto_debug) return;
+  printf("%-8.8s: CRYPTO: %-20s %s\n",
+	 uname_result.nodename,
+	 mechno >= 0 ? mechs[mechno]->name : "",
+	 msg);
+}
+
+static void cdebughex(int mechno /*or -1*/, const char *msg, const void *ptr,
+		      size_t sz, size_t skipbefore,
+		      int spc_offset, int dot_offset) {
+  const unsigned char *p;
+  size_t i;
+  unsigned j= dot_offset;
+  
+  if (!crypto_debug) return;
+  printf("%-8.8s: CRYPTO: %-20s %-10s",
+	 uname_result.nodename,
+	 mechno >= 0 ? mechs[mechno]->name : "",
+	 msg);
+
+  for (i=0; i<spc_offset; i++, j++) fputs(j&3 ? "  " : "   ",stdout);
+  for (i=0; i<skipbefore; i++, j++) fputs(j&3 ? ".." : " ..",stdout);
+  for (i=0, p=ptr; i<sz; i++, j++, p++) printf(j&3 ? "%02x" : " %02x",*p);
+
+  fputc('\n',stdout);
+}
+
+static void cdebugbuf(int mechno /*or -1*/, const char *msg,
+		      const struct buffer *buf, int spc_offset, int dot_offset) {
+  cdebughex(mechno, msg, buf->start, buf->size, buf->start - buf->base,
+	    spc_offset, dot_offset);
+}
+
+void get_random(void *ptr, size_t sz) {
+  static FILE *randfile;
+
+  size_t r;
+
+  if (!randfile) {
+    randfile= fopen("/dev/urandom","rb");
+    if (!randfile && errno==ENOENT) randfile= fopen("/dev/random","rb");
+    if (!randfile) sysfail("open random number generator");
+  }
+
+  r= fread(ptr,1,sz,randfile);
+  if (r != sz)
+    (ferror(randfile) ? sysfail : fail)("cannot read random number generator");
+
+  cdebughex(-1, "get_random", ptr, sz, 0,0,0);
+}
 
 void random_key(void *ptr, size_t sz) {
   if (encdec_keys_write) {
@@ -71,6 +150,7 @@ void random_key(void *ptr, size_t sz) {
     write_must(encdec_keys_fd,ptr,sz,"write keys datastream");
   } else {
     read_must(encdec_keys_fd,ptr,sz,"read keys datastream");
+    cdebughex(-1, "random_key", ptr, sz, 0,0,0);
   }
 }
 
@@ -84,12 +164,9 @@ static void setnonblock(int fd, int nonblock) {
   if (r==-1) sysfail("fcntl F_SETFL");
 }
 
-static const struct mechanism *getarg_mech(void) {
-  const char *name;
+static const struct mechanism *find_mech(const char *name) {
   const struct mechanism *mech, *const *mechlist;
 
-  name= getarg_string();
-
   for (mechlist= mechanismlists;
        *mechlist;
        mechlist++)
@@ -102,6 +179,8 @@ static const struct mechanism *getarg_mech(void) {
 
 static void inbound(void) {
   static int any_recvd;
+  static time_t nextreann;
+  static unsigned long npackets, nbytes;
   
   struct sockaddr_in this_saddr;
   int r, i, different, this_saddrlen;
@@ -129,14 +208,22 @@ static void inbound(void) {
 
   assert(r <= buf_in.size);
   buf_in.size= r;
+  cdebugbuf(-1, "decode", &buf_in, 3,0);
   for (i=n_mechs-1; i>=0; i--) {
     emsg= mechs[i]->decode(md_in[i],&buf_in);
     if (emsg) {
-      fprintf(stderr, "%s: bad packet: %s: %s\n", programid, mechs[i]->name, emsg);
+      if (*emsg)
+	fprintf(stderr, "%s: bad packet: %s: %s\n",
+		programid, mechs[i]->name, emsg);
+      else
+	cdebug(i,"silently discarded");
       return;
     }
+    cdebugbuf(i, "decode", &buf_in, 3,0);
   }
 
+  npackets++;
+  nbytes += buf_in.size;
   alarm(timeout);
 
   different= (!public_remote_specd ||
@@ -163,8 +250,22 @@ static void inbound(void) {
 
     diag("tunnel open");
 
+  } else if (reannounce && now() >= nextreann) {
+
+    fprintf(stderr, "%s: tunnel still open: received %lu packets, %lu bytes\n",
+	    programid, npackets, nbytes);
+
+  } else {
+
+    goto no_set_reann; /* only reset this if we don't print a message. */
+
   }
 
+  if (reannounce)
+    nextreann= now() + reannounce;
+  
+no_set_reann:
+
   any_recvd= 1;
 
   if (!buf_in.size || *buf_in.start != 0300) {
@@ -188,7 +289,11 @@ static void sendpacket(const unsigned char *message, size_t size) {
 
   nextsendka= now() + keepalive;
 
-  for (i=0; i<n_mechs; i++) mechs[i]->encode(md_out[i],&buf_out);
+  cdebugbuf(-1, "encode", &buf_out, 4,0);
+  for (i=0; i<n_mechs; i++) {
+    mechs[i]->encode(md_out[i],&buf_out);
+    cdebugbuf(i, "encode", &buf_out, 4,0);
+  }
   assert(public_remote_specd);
   
   setnonblock(public_local_fd,1);
@@ -236,8 +341,9 @@ static void outbound(void) {
 
 int main(int argc, const char *const *const argv_in) {
   const char *arg;
+  const char *const *argv_save;
+  const char *const *argv_done;
   struct pollfd pollfds[2];
-  struct utsname uname_result;
   int i, polltimeout, r;
   time_t tnow;
 
@@ -245,13 +351,20 @@ int main(int argc, const char *const *const argv_in) {
 
   if (uname(&uname_result)) { perror(PROGRAM ": uname failed"); exit(16); }
   sprintf(programid, PROGRAM ": %.*s", SYS_NMLN, uname_result.nodename);
-  
+
+  opt_chars= getarg_string();
+  encdec_keys_write= !!strchr(opt_chars,'w');
+  crypto_debug= !!strchr(opt_chars,'K');
+
   public_local_fd= getarg_ulong();
   private_in_fd= getarg_ulong();
   private_out_fd= getarg_ulong();
+  encdec_keys_fd= getarg_ulong();
+
   mtu2= getarg_ulong() * 2;
   keepalive= getarg_ulong();
   timeout= getarg_ulong();
+  reannounce= getarg_ulong();
   
   arg= getarg_string();
   if (*arg) {
@@ -261,13 +374,40 @@ int main(int argc, const char *const *const argv_in) {
     public_remote.sin_port= htons(getarg_ulong());
   }
 
-  encdec_keys_fd= getarg_ulong();
-  encdec_keys_write= !!*getarg_string();
+  if (crypto_debug) {
+    diag("crypto debugging enabled!");
+    setvbuf(stdout,0,_IOLBF,0);
+  }
 
   maxprefix= 0;
-  for (i=0; i<n_mechs; i++) mechs[i]= getarg_mech();
-  for (i=0; i<n_mechs; i++) mechs[i]->encsetup(&md_in[i], &maxprefix, &maxsuffix);
-  for (i=0; i<n_mechs; i++) mechs[i]->decsetup(&md_out[i]);
+  i= 0;
+  while ((arg= *++argv)) {
+    arg_assert(*arg++ == '|');
+    arg_assert(i <= MAXMECHS);
+    mechs[i]= find_mech(arg);
+
+    cdebug(i,"writer->reader setup");
+    argv_save= argv;
+
+    if (encdec_keys_write)
+      mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix);
+    else
+      mechs[i]->decsetup(&md_in[i]);
+
+    argv_done= argv;
+    argv= argv_save;
+    cdebug(i,"reader->writer setup");
+
+    if (encdec_keys_write)
+      mechs[i]->decsetup(&md_in[i]);
+    else
+      mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix);
+
+    assert(argv == argv_done);
+    
+    i++;
+  }
+  n_mechs= i;
 
   if (maxprefix<1) maxprefix= 1;
   if (maxsuffix<1) maxsuffix= 1;