X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/11ad66c29764521f87f0dd399a1e592147c7af36..a8ce36a6a9e8bfb6f8b41ed3de0a250f91baa56a:/proxy/tripe-mitm.c diff --git a/proxy/tripe-mitm.c b/proxy/tripe-mitm.c index ee7036c2..2530f151 100644 --- a/proxy/tripe-mitm.c +++ b/proxy/tripe-mitm.c @@ -62,9 +62,9 @@ #include #include +#include #include #include -#include #include "util.h" @@ -72,7 +72,6 @@ typedef struct peer { sel_file sf; - dh_pub kpub; const char *name; struct filter *f; } peer; @@ -98,6 +97,7 @@ static peer peers[2]; static unsigned npeer = 0; static key_file keys; static grand *rng; +static const char *delim = ":"; #define PASS(f, buf, sz) ((f) ? (f)->func((f), (buf), (sz)) : (void)0) #define RND(i) (rng->ops->range(rng, (i))) @@ -117,26 +117,17 @@ static void dopacket(int fd, unsigned mode, void *vv) static void addpeer(unsigned ac, char **av) { - key_packstruct kps[DH_PUBFETCHSZ]; - key_packdef *kp; struct hostent *h; struct sockaddr_in sin; int len = PKBUFSZ; peer *p; int fd; - int e; - if (ac != 4) - die(1, "syntax: peer:NAME:PORT:ADDR:PORT"); - if (npeer >= 2) - die(1, "enough peers already"); + if (ac != 4) die(1, "syntax: peer:NAME:PORT:ADDR:PORT"); + if (npeer >= 2) die(1, "enough peers already"); + if (!key_bytag(&keys, av[0])) die(1, "no key named `%s'", av[0]); p = &peers[npeer++]; p->name = xstrdup(av[0]); - kp = key_fetchinit(dh_pubfetch, kps, &p->kpub); - e = key_fetchbyname(kp, &keys, av[0]); - key_fetchdone(kp); - if (e) - die(1, "key_fetch `%s': %s", av[0], key_strerror(e)); if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) die(1, "socket: %s", strerror(errno)); fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); @@ -191,8 +182,7 @@ static void dofork(filter *f, const octet *buf, size_t sz) static void addfork(filter *f, unsigned ac, char **av) { forkfilt *ff; - if (ac != 1) - die(1, "syntax: filt:fork:NAME"); + if (ac != 1) die(1, "syntax: filt:fork:NAME"); ff = CREATE(forkfilt); ff->name = xstrdup(av[0]); ff->fn = 0; @@ -208,23 +198,18 @@ static void nextfork(unsigned ac, char **av) forknode *fn, **ffn; peer *p; - if (ac < 1) - die(1, "syntax: next:NAME:..."); + if (ac < 1) die(1, "syntax: next:NAME:..."); for (i = 0; i < 2; i++) { p = &peers[i]; for (f = p->f; f; f = f->next) { - if (f->func != dofork) - continue; + if (f->func != dofork) continue; ff = f->state; - for (j = 0; j < ac; j++) { - if (strcmp(av[j], ff->name) == 0) - goto match; - } + for (j = 0; j < ac; j++) + if (strcmp(av[j], ff->name) == 0) goto match; continue; match: fn = CREATE(forknode); - for (ffn = &ff->fn; *ffn; ffn = &(*ffn)->next) - ; + for (ffn = &ff->fn; *ffn; ffn = &(*ffn)->next); fn->f = f->next; f->next = 0; fn->next = 0; @@ -255,13 +240,10 @@ static void docorrupt(filter *f, const octet *buf, size_t sz) static void addcorrupt(filter *f, unsigned ac, char **av) { corrupt *c; - if (ac > 1) - die(1, "syntax: filt:corrupt[:P-CORRUPT]"); + if (ac > 1) die(1, "syntax: filt:corrupt[:P-CORRUPT]"); c = CREATE(corrupt); - if (ac > 0) - c->p_corrupt = atoi(av[0]); - else - c->p_corrupt = 5; + if (ac > 0) c->p_corrupt = atoi(av[0]); + else c->p_corrupt = 5; f->state = c; f->func = docorrupt; } @@ -276,22 +258,17 @@ static void dodrop(filter *f, const octet *buf, size_t sz) { drop *d = f->state; - if (!RND(d->p_drop)) - puts("drop packet"); - else - PASS(f->next, buf, sz); + if (!RND(d->p_drop)) puts("drop packet"); + else PASS(f->next, buf, sz); } static void adddrop(filter *f, unsigned ac, char **av) { drop *d; - if (ac > 1) - die(1, "syntax: filt:drop[:P-DROP]"); + if (ac > 1) die(1, "syntax: filt:drop[:P-DROP]"); d = CREATE(drop); - if (ac > 0) - d->p_drop = atoi(av[0]); - else - d->p_drop = 5; + if (ac > 0) d->p_drop = atoi(av[0]); + else d->p_drop = 5; f->state = d; f->func = dodrop; } @@ -340,6 +317,8 @@ static void dsend(delaynode *dn, unsigned force) { delay *d = dn->d; delaynode *ddn; + unsigned i; + fputs(" send...\n", stdout); assert(dn->buf); PASS(d->f->next, dn->buf, dn->sz); @@ -362,7 +341,7 @@ static void dsend(delaynode *dn, unsigned force) ddn->flag = 0; printf(" move id %u from slot %u to slot %u", ddn->seq, ddn->i, dn->i); } - { unsigned i; for (i = 0; i < d->n; i++) assert(d->q[i].buf); } + for (i = 0; i < d->n; i++) assert(d->q[i].buf); fputs(" remove", stdout); } } @@ -407,19 +386,14 @@ static void adddelay(filter *f, unsigned ac, char **av) delay *d; unsigned i; - if (ac < 1 || ac > 3) - die(1, "syntax: filt:delay:QLEN[:MILLIS:P-REPLAY]"); + if (ac < 1 || ac > 3) die(1, "syntax: filt:delay:QLEN[:MILLIS:P-REPLAY]"); d = CREATE(delay); d->max = atoi(av[0]); - if (ac > 1) - d->t = strtoul(av[1], 0, 10); - else - d->t = 100; + if (ac > 1) d->t = strtoul(av[1], 0, 10); + else d->t = 100; d->t *= 1000; - if (ac > 2) - d->p_replay = atoi(av[2]); - else - d->p_replay = 20; + if (ac > 2) d->p_replay = atoi(av[2]); + else d->p_replay = 20; d->n = 0; d->q = xmalloc(d->max * sizeof(delaynode)); d->f = f; @@ -443,8 +417,7 @@ static void dosend(filter *f, const octet *buf, size_t sz) static void addsend(filter *f, unsigned ac, char **av) { - if (ac) - die(1, "syntax: filt:send"); + if (ac) die(1, "syntax: filt:send"); f->func = dosend; } @@ -464,21 +437,16 @@ static void dofilter(peer *from, peer *to, unsigned ac, char **av) { filter **ff, *f = CREATE(filter); const struct filtab *ft; - if (ac < 1) - die(1, "syntax: {l,r,}filt:NAME:..."); + if (ac < 1) die(1, "syntax: {l,r,}filt:NAME:..."); f->next = 0; f->p_from = from; f->p_to = to; f->state = 0; - for (ff = &from->f; *ff; ff = &(*ff)->next) - ; + for (ff = &from->f; *ff; ff = &(*ff)->next); *ff = f; - for (ft = filtab; ft->name; ft++) { - if (strcmp(av[0], ft->name) == 0) { - ft->func(f, ac - 1, av + 1); - return; - } - } + for (ft = filtab; ft->name; ft++) + if (strcmp(av[0], ft->name) == 0) + { ft->func(f, ac - 1, av + 1); return; } die(1, "unknown filter `%s'", av[0]); } @@ -507,8 +475,7 @@ static void floodtimer(struct timeval *tv, void *vv) sz /= 2; rng->ops->fill(rng, buf, sz); - if (f->type < 0x100) - buf[0] = f->type; + if (f->type < 0x100) buf[0] = f->type; puts("flood packet"); PASS(f->p->f, buf, sz); setflood(f); @@ -525,22 +492,15 @@ static void setflood(flood *f) static void doflood(peer *p, unsigned ac, char **av) { flood *f; - if (ac > 3) - die(1, "syntax: flood[:TYPE:MILLIS:SIZE]"); + if (ac > 3) die(1, "syntax: flood[:TYPE:MILLIS:SIZE]"); f = CREATE(flood); f->p = p; - if (ac > 0) - f->type = strtoul(av[0], 0, 16); - else - f->type = 0x100; - if (ac > 1) - f->t = atoi(av[1]); - else - f->t = 10; - if (ac > 2) - f->sz = atoi(av[2]); - else - f->sz = 128; + if (ac > 0) f->type = strtoul(av[0], 0, 16); + else f->type = 0x100; + if (ac > 1) f->t = atoi(av[1]); + else f->t = 10; + if (ac > 2) f->sz = atoi(av[2]); + else f->sz = 128; f->t *= 1000; setflood(f); } @@ -575,15 +535,11 @@ static void include(unsigned ac, char **av) { FILE *fp; dstr d = DSTR_INIT; - if (!ac) - die(1, "syntax: include:FILE:..."); + if (!ac) die(1, "syntax: include:FILE:..."); while (*av) { if ((fp = fopen(*av, "r")) == 0) die(1, "fopen `%s': %s", *av, strerror(errno)); - while (dstr_putline(&d, fp) != EOF) { - parse(d.buf); - DRESET(&d); - } + while (dstr_putline(&d, fp) != EOF) { parse(d.buf); DRESET(&d); } fclose(fp); av++; } @@ -613,12 +569,11 @@ static void parse(char *p) unsigned c = 0; const struct cmdtab *ct; - p = strtok(p, ":"); - if (!p || *p == '#') - return; + p = strtok(p, delim); + if (!p || *p == '#') return; do { v[c++] = p; - p = strtok(0, ":"); + p = strtok(0, delim); } while (p && c < AVMAX - 1); v[c] = 0; for (ct = cmdtab; ct->name; ct++) { @@ -636,7 +591,7 @@ static void version(FILE *fp) { pquis(fp, "$, TrIPE version " VERSION "\n"); } static void usage(FILE *fp) - { pquis(fp, "Usage: $ [-k KEYRING] DIRECTIVE...\n"); } + { pquis(fp, "Usage: $ [-d CHAR] [-k KEYRING] DIRECTIVE...\n"); } static void help(FILE *fp) { @@ -650,6 +605,7 @@ Options:\n\ -v, --version Show the version number.\n\ -u, --usage Show terse usage summary.\n\ \n\ +-d, --delimiter=CHAR Use CHAR rather than `:' as delimiter.\n\ -k, --keyring=FILE Fetch keys from FILE.\n\ \n\ Directives:\n\ @@ -673,7 +629,8 @@ int main(int argc, char *argv[]) const char *kfname = "keyring.pub"; int i; unsigned f = 0; - char buf[16]; + char buf[32]; + static octet zero[CHACHA_NONCESZ]; #define f_bogus 1u @@ -683,46 +640,39 @@ int main(int argc, char *argv[]) { "help", 0, 0, 'h' }, { "version", 0, 0, 'v' }, { "usage", 0, 0, 'u' }, + { "delimiter", OPTF_ARGREQ, 0, 'd' }, { "keyring", OPTF_ARGREQ, 0, 'k' }, { 0, 0, 0, 0 } }; - if ((i = mdwopt(argc, argv, "hvuk:", opt, 0, 0, 0)) < 0) - break; + if ((i = mdwopt(argc, argv, "hvud:k:", opt, 0, 0, 0)) < 0) break; switch (i) { - case 'h': - help(stdout); - exit(0); - case 'v': - version(stdout); - exit(0); - case 'u': - usage(stdout); - exit(0); - case 'k': - kfname = optarg; - break; - default: - f |= f_bogus; + case 'h': help(stdout); exit(0); + case 'v': version(stdout); exit(0); + case 'u': usage(stdout); exit(0); + case 'd': + if (!optarg[0] || optarg[1]) + die(1, "delimiter must be a single character"); + delim = optarg; break; + case 'k': kfname = optarg; break; + default: f |= f_bogus; break; } } - if (f & f_bogus) { - usage(stderr); - exit(1); - } + if (f & f_bogus) { usage(stderr); exit(1); } + rand_noisesrc(RAND_GLOBAL, &noise_source); - rand_seed(RAND_GLOBAL, 160); + rand_seed(RAND_GLOBAL, 256); rand_get(RAND_GLOBAL, buf, sizeof(buf)); - rng = rc4_rand(buf, sizeof(buf)); + rng = chacha20_rand(buf, sizeof(buf), zero); sel_init(&sel); if (key_open(&keys, kfname, KOPEN_READ, key_moan, 0)) die(1, "couldn't open `%s': %s", kfname, strerror(errno)); - for (i = optind; i < argc; i++) - parse(argv[i]); - if (npeer != 2) - die(1, "need two peers"); - for (;;) - sel_select(&sel); + for (i = optind; i < argc; i++) parse(argv[i]); + if (npeer != 2) die(1, "need two peers"); + for (;;) { + if (sel_select(&sel) && errno != EINTR) + die(1, "select failed: %s", strerror(errno)); + } #undef f_bogus }