X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=ipif%2Fforwarder.c;h=d92fdd9294dc34842a0d4257895384937e996975;hb=03e3cd7d0224293624a17af7de6638cdd8659917;hp=58678329378e2bb04ac5c8b08e77c101bea138fb;hpb=b18a1d7b97679cf304b8badd9d011dffd0e7bcdf;p=userv-utils.git diff --git a/ipif/forwarder.c b/ipif/forwarder.c index 5867832..d92fdd9 100644 --- a/ipif/forwarder.c +++ b/ipif/forwarder.c @@ -1,14 +1,15 @@ /* - * Encrypting tunnel for userv-ipif tunnels, actual implementation - * + * Encrypting tunnel for userv-ipif tunnels, actual core implementation + */ +/* * usage: * udptunnel-forwarder * * - * + * * [] - * ! [ ...] - * ! [ ...] + * | [ ...] + * | [ ...] * '' * * Remote addr may '' to mean wait to receive a packet and reply to @@ -19,7 +20,11 @@ * w means generate and write encdec keys, rather than reading them * K means do crypto debug (use with care!) * - * Every must be numeric. There is very little argument checking. + * encdec keys datastream has keys for packets from key datastream + * writer to reader first, then keys for packets from reader to + * writer. + * + * Every addr or port must be numeric. There is very little argument checking. * * Exit status: * SIGALARM timed out @@ -29,6 +34,28 @@ * 12 usage error * 16 bad trouble */ +/* + * This file is part of ipif, part of userv-utils + * + * Copyright 1996-2013 Ian Jackson + * Copyright 1998 David Damerell + * Copyright 1999,2003 + * Chancellor Masters and Scholars of the University of Cambridge + * Copyright 2010 Tony Finch + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with userv-utils; if not, see http://www.gnu.org/licenses/. + */ #include #include @@ -53,7 +80,7 @@ static struct utsname uname_result; static const char *opt_chars; static int public_local_fd, private_in_fd, private_out_fd; -static int mtu2, keepalive, timeout; +static int mtu2, keepalive, timeout, reannounce; static int public_remote_specd; static struct sockaddr_in public_remote; static int encdec_keys_fd, encdec_keys_write, crypto_debug; @@ -61,7 +88,7 @@ static int n_mechs; static const struct mechanism *mechs[MAXMECHS]; static struct mechdata *md_in[MAXMECHS], *md_out[MAXMECHS]; -static size_t maxprefix, maxsuffix; +static int maxprefix, maxsuffix; static struct buffer buf_in, buf_out; static unsigned char *accum_buf; @@ -71,8 +98,8 @@ static time_t nextsendka; static void cdebug(int mechno /*or -1*/, const char *msg) { if (!crypto_debug) return; - printf("%s: CRYPTO: %-20s %s\n", - programid, + printf("%-8.8s: CRYPTO: %-20s %s\n", + uname_result.nodename, mechno >= 0 ? mechs[mechno]->name : "", msg); } @@ -127,6 +154,7 @@ void random_key(void *ptr, size_t sz) { write_must(encdec_keys_fd,ptr,sz,"write keys datastream"); } else { read_must(encdec_keys_fd,ptr,sz,"read keys datastream"); + cdebughex(-1, "random_key", ptr, sz, 0,0,0); } } @@ -155,9 +183,12 @@ static const struct mechanism *find_mech(const char *name) { static void inbound(void) { static int any_recvd; + static time_t nextreann; + static unsigned long npackets, nbytes; struct sockaddr_in this_saddr; - int r, i, different, this_saddrlen; + size_t this_saddrlen; + int r, i, different; const char *emsg; buf_in.start= buf_in.base+1; @@ -186,12 +217,18 @@ static void inbound(void) { for (i=n_mechs-1; i>=0; i--) { emsg= mechs[i]->decode(md_in[i],&buf_in); if (emsg) { - fprintf(stderr, "%s: bad packet: %s: %s\n", programid, mechs[i]->name, emsg); + if (*emsg) + fprintf(stderr, "%s: bad packet: %s: %s\n", + programid, mechs[i]->name, emsg); + else + cdebug(i,"silently discarded"); return; } cdebugbuf(i, "decode", &buf_in, 3,0); } + npackets++; + nbytes += buf_in.size; alarm(timeout); different= (!public_remote_specd || @@ -218,8 +255,22 @@ static void inbound(void) { diag("tunnel open"); + } else if (reannounce && now() >= nextreann) { + + fprintf(stderr, "%s: tunnel still open: received %lu packets, %lu bytes\n", + programid, npackets, nbytes); + + } else { + + goto no_set_reann; /* only reset this if we don't print a message. */ + } + if (reannounce) + nextreann= now() + reannounce; + +no_set_reann: + any_recvd= 1; if (!buf_in.size || *buf_in.start != 0300) { @@ -318,6 +369,7 @@ int main(int argc, const char *const *const argv_in) { mtu2= getarg_ulong() * 2; keepalive= getarg_ulong(); timeout= getarg_ulong(); + reannounce= getarg_ulong(); arg= getarg_string(); if (*arg) { @@ -335,18 +387,26 @@ int main(int argc, const char *const *const argv_in) { maxprefix= 0; i= 0; while ((arg= *++argv)) { - arg_assert(*arg++ == '!'); + arg_assert(*arg++ == '|'); arg_assert(i <= MAXMECHS); mechs[i]= find_mech(arg); - cdebug(i,"encsetup"); + cdebug(i,"writer->reader setup"); argv_save= argv; - mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix); + + if (encdec_keys_write) + mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix); + else + mechs[i]->decsetup(&md_in[i]); argv_done= argv; argv= argv_save; - cdebug(i,"decsetup"); - mechs[i]->decsetup(&md_in[i]); + cdebug(i,"reader->writer setup"); + + if (encdec_keys_write) + mechs[i]->decsetup(&md_in[i]); + else + mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix); assert(argv == argv_done); @@ -374,7 +434,8 @@ int main(int argc, const char *const *const argv_in) { if (keepalive) { tnow= now(); - if (tnow >= nextsendka && public_remote_specd) sendpacket("\300",1); + if (tnow >= nextsendka && public_remote_specd) + sendpacket((unsigned char*)"\300",1); polltimeout= (nextsendka - tnow)*1000; } else { polltimeout= -1;