Support SLIP encapsulation as a tunnelling mechanism.

diff --git a/Makefile.am b/Makefile.am
index cb7455a1e4501b7d57cef2e5d707f6662b15323d..bbf743ea63ec8b69186d63ea67e8b6d4a7defb04 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -43,7 +43,7 @@ tripe_SOURCES = \
        keymgmt.c keyexch.c keyset.c \
        servutil.c util.c util.h
 EXTRA_tripe_SOURCES = \
-       tun-unet.c tun-bsd.c tun-linux.c
+       tun-unet.c tun-bsd.c tun-linux.c tun-slip.c
 tripe_LDADD = $(CATACOMB_LIBS)
 tripectl_SOURCES = \
        client.c util.c util.h

diff --git a/configure.in b/configure.in
index 6163a8d87fed39f15e96709ade8f83f57dbf5ff5..db4ddf9aad4cebab46c5dfb0d6f808c366d0925f 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -84,32 +84,44 @@ AC_ARG_WITH([ethereal],
 esac],
 [ethereal=true requireethereal=false])
 
-case $host_os in
-  linux*)
-    case `uname -r` in
+tun=guess
+AC_ARG_WITH([tunnel],
+[  --with-tunnel=KIND      kind of tunnel device to use
+                            (linux, unet, bsd, slip)],
+[tun=$withval])
+
+if test "$tun" = guess; then
+  AC_CACHE_CHECK([tunnel device to use], [mdw_cv_tunnel], [
+    case $host_os in
+      linux*)
+       case `uname -r` in
 changequote(,)dnl
-      2.[4-9].* | 2.[1-9][0-9]*.* | [3-9].* | [1-9][0-9]*.*)
+         2.[4-9].* | 2.[1-9][0-9]*.* | [3-9].* | [1-9][0-9]*.*)
 changequote([,])dnl
-       tun=linux
-       AC_DEFINE([TUN_TYPE], [TUN_LINUX], 
-        [Set to the tunnel driver for your OS.  See TUN_* in tripe.h.])
+           mdw_cv_tunnel=linux
+           ;;
+         *)
+           mdw_cv_tunnel=unet
+           ;;
+       esac
+       ;;
+      *bsd*)
+       mdw_cv_tunnel=bsd
        ;;
       *)
-       tun=unet
-       AC_DEFINE([TUN_TYPE], [TUN_UNET],
-        [Set to the tunnel driver for your OS.  See TUN_* in tripe.h.])
+        mdw_cv_tunnel=slip
        ;;
     esac
-    ;;
-  *bsd*)
-    tun=bsd
-    AC_DEFINE([TUN_TYPE], [TUN_BSD],
-    [Set to the tunnel driver for your OS.  See TUN_* in tripe.h.])
-    ;;
-  *)
-    AC_MSG_ERROR([Unsupported OS: no tunnel interface available])
-    ;;
+  ])
+  tun=$mdw_cv_tunnel
+fi
+
+case $tun in
+  linux | unet | bsd | slip) ;;
+  *) AC_MSG_ERROR([Unknown tunnel type]) ;;
 esac
+AC_DEFINE_UNQUOTED([TUN_TYPE], [TUN_`echo $tun | tr a-z A-Z`],
+  [Set to the tunnel driver for your OS.  See TUN_* in tripe.h.])
 AC_SUBST(tun)
 
 mdw_MLIB(2.0.0)

diff --git a/doc/tripe-admin.5 b/doc/tripe-admin.5
index 9f434bdc9f3e7b6cf3be42248c0906635cb1cd2e..35a0f08bb4e647b1f8dbb34565233fcab7cceaab 100644 (file)
--- a/doc/tripe-admin.5
+++ b/doc/tripe-admin.5
@@ -654,6 +654,10 @@ create some more
 .BI /dev/tun nn
 files, it will work.
 .TP
+.BI "TUN \- slip no-slip-interfaces"
+The driver ran out of SLIP interfaces.  You probably need to preallocate
+some more and restart.
+.TP
 .BI "TUN - open-error " device " \-\- " message
 An attempt to open the tunnel device file
 .I device
@@ -676,6 +680,23 @@ and shouldn't be used any more.
 .BI "TUN \- unet ifname-too-long \-\- " message
 The Unet interface's name overflowed, so we couldn't read it properly.
 Unet is obsolete and shouldn't be used any more.
+.TP
+.BI "TUN " ifname " slip eof"
+The SLIP driver encountered end-of-file on its input descriptor.
+Pending data is discarded, and no attempt is made to read any more data
+from that interface ever.
+.TP
+.BI "TUN " ifname " slip escape-end"
+The SLIP driver encountered an escaped `end' marker.  This probably
+means that someone's been sending it junk.  The erroneous packet is
+discarded, and we hope that we've rediscovered synchronization.
+.TP
+.BI "TUN " ifname " slip bad-escape"
+The SLIP driver encountered a escaped byte it wasn't expecting to see.
+The erroneous packet will be ignored.
+.TP
+.BI "TUN " ifname " slip overflow"
+The SLIP driver gave up reading a packet because it got too large.
 .SS "USER warnings"
 These are issued by administration clients using the
 .B WARN

diff --git a/doc/tripe.8 b/doc/tripe.8
index 373271a7440920e78e8292fefea0f0a0fa288265..bcfdcbb4a94829c059ecdefe7b2db03e38b9bf12 100644 (file)
--- a/doc/tripe.8
+++ b/doc/tripe.8
@@ -477,6 +477,34 @@ at half the underlying hash function's output length.
 A `mask-generation function', used in the key-exchange.  The default is
 .IB hash \-mgf
 and there's no good reason to change it.
+.SS "Using SLIP interfaces"
+Though not for the faint of heart, it is possible to get
+.B tripe
+to read and write network packets to a pair of file descriptors using
+SLIP encapsulation.  No fancy header compression of any kind is
+supported.  The intended use is that you allocate a pty pair, set the
+slave's line discipline to SLIP, and hand the
+.B tripe
+server the master end, though in fact any old file descriptors will do.
+.PP
+The SLIP descriptors must be set up and running before the daemon is
+started, and you must inform it about the SLIP descriptors it's meant to
+use in an environment variable
+.BR TRIPE_SLIPIF ,
+whose value must be a colon-separated list of items of the form
+.IR infd [ \c
+.BI , outfd \c
+.RB ] \c
+.BI = \c
+.IR ifname .
+If the
+.I outfd
+is omitted, the same file descriptor is used for input and output.
+.PP
+The output file descriptor should not block unless it really needs to:
+the
+.B tripe
+daemon assumes that it won't, and will get wait for it to accept output.
 .SS "About the name"
 The program's name is
 .BR tripe ,

diff --git a/peer.c b/peer.c
index 5fdfc1bca4ec14354039b72a461d34e95985ccf4..15243b712c694715e0de45529bfe1702bf5ba8bb 100644 (file)
--- a/peer.c
+++ b/peer.c
@@ -80,8 +80,10 @@ static void p_read(int fd, unsigned mode, void *v)
   return;
 
 found:
-  T( trace(T_PEER, "peer: packet received from `%s'", p->name);
-     trace_block(T_PACKET, "peer: packet contents", buf_i, n); )
+  IF_TRACING(T_PEER, {
+    trace(T_PEER, "peer: packet received from `%s'", p->name);
+    trace_block(T_PACKET, "peer: packet contents", buf_i, n);
+  })
 
   /* --- Pick the packet apart --- */
 

diff --git a/tripe-init.in b/tripe-init.in
index b02b8269fd03aaa7b11497a892dd724bae7c99f6..82ada434fedee70eed4da0e475afe1fae3335e07 100755 (executable)
--- a/tripe-init.in
+++ b/tripe-init.in
@@ -99,6 +99,12 @@ case `$tripe --tunnel` in
        ;;
     esac
     ;;
+  slip)
+    if test "$TRIPE_SLIPIF" = ""; then
+      echo >&2 "$tripe needs SLIP interfaces set up!"
+      exit 1
+    fi
+    ;;
 esac
   
 # --- Do what was wanted ---

diff --git a/tripe.c b/tripe.c
index 78a3d726c583f948cc387d02f3d2e4ab59906498..180177ee66450b8876ff63f3b9fe064017a616d3 100644 (file)
--- a/tripe.c
+++ b/tripe.c
@@ -247,7 +247,8 @@ int main(int argc, char *argv[])
        break;
 #endif
       case '0': {
-       static const char *tun[] = { "notdef", "unet", "bsd", "linux" };
+       static const char *tun[] =
+         { "notdef", "unet", "bsd", "linux", "slip" };
        puts(tun[TUN_TYPE]);
        exit(0);
       } break;

diff --git a/tripe.h b/tripe.h
index 320a2ca5218f91d4672aabf6e95a8f81ba4f2895..c8ad9ae1a40a42c2a278046f23eac11cf319cc0c 100644 (file)
--- a/tripe.h
+++ b/tripe.h
@@ -40,6 +40,7 @@
 #include <assert.h>
 #include <ctype.h>
 #include <errno.h>
+#include <limits.h>
 #include <signal.h>
 #include <stdarg.h>
 #include <stddef.h>
@@ -111,6 +112,7 @@
 #define TUN_UNET 1
 #define TUN_BSD 2
 #define TUN_LINUX 3
+#define TUN_SLIP 4
 
 /* --- Trace flags --- */
 
@@ -263,6 +265,16 @@ enum {
 #  include <linux/if_tun.h>
 #endif
 
+#if TUN_TYPE == TUN_SLIP
+  typedef struct slipif {
+    struct slipif *next;               /* Next one in the list */
+    int ifd, ofd;                      /* File descriptors to talk on */
+    char *name;                                /* Interface name */
+    unsigned f;                                /* Various flags */
+#     define SLIPIFF_INUSE 1u          /*   Interface is in use */
+  } slipif;
+#endif
+
 typedef struct tunnel {
 #if TUN_TYPE == TUN_UNET 
   sel_file f;                          /* Selector for Usernet device */
@@ -275,6 +287,16 @@ typedef struct tunnel {
   sel_file f;                          /* Selector for tunnel device */
   struct peer *p;                      /* Pointer to my peer */
   unsigned n;                          /* Number of my tunnel device */
+#elif TUN_TYPE == TUN_SLIP
+  slipif *sl;                          /* My interface record */
+  sel_file f;                          /* Selector for SLIP tty */
+  struct peer *p;                      /* Pointer to my peer */
+  unsigned st;                         /* Current parser state */
+#   define SLIPST_ESC 1u               /*   Last saw an escape character */
+#   define SLIPST_BAD 2u               /*   This packet is malformed */
+#   define SLIPST_EOF 4u               /*   File descriptor reported EOF */
+  size_t n;                            /* Number of bytes used in buffer */
+  octet buf[PKBUFSZ];                  /* Buffer for incoming data */
 #else
 #  error "No support for this tunnel type"
 #endif

diff --git a/tun-linux.c b/tun-linux.c
index 6aa5adb4219da4426728aa5505e20a0944e24d5d..ff65a5e7b032c4b0dea12456ad8020156a3d93ab 100644 (file)
--- a/tun-linux.c
+++ b/tun-linux.c
@@ -105,7 +105,7 @@ int tun_create(tunnel *t, peer *p)
   }
   fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
   iff.ifr_name[0] = 0;
-  iff.ifr_flags = IFF_TUN;
+  iff.ifr_flags = IFF_TUN | IFF_NO_PI;
   if ((f = ioctl(fd, TUNSETIFF, &iff)) < 0) {
     a_warn("TUN - linux config-error -- %s", strerror(errno));
     close(fd);

diff --git a/tun-slip.c b/tun-slip.c
new file mode 100644 (file)
index 0000000..1d1bd14
--- /dev/null
+++ b/tun-slip.c
@@ -0,0 +1,325 @@
+/* -*-c-*-
+ *
+ * $Id$
+ *
+ * Tunnel packets via SLIP
+ *
+ * (c) 2005 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------* 
+ *
+ * This file is part of Trivial IP Encryption (TrIPE).
+ *
+ * TrIPE is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * TrIPE is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with TrIPE; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include "tripe.h"
+
+/*----- Static variables --------------------------------------------------*/
+
+static slipif *slipifs;                        /* List of available interfaces */
+
+/*----- Main code ---------------------------------------------------------*/
+
+#if TUN_TYPE != TUN_SLIP
+#  error "Tunnel type mismatch: fix the Makefile"
+#endif
+
+#define SL_END 0xc0
+#define SL_ESC 0xdb
+#define SL_ESCEND 0xdc
+#define SL_ESCESC 0xdd
+
+/* --- @t_read@ --- *
+ *
+ * Arguments:  @int fd@ = file descriptor to read
+ *             @unsigned mode@ = what's happened
+ *             @void *v@ = pointer to tunnel block
+ *
+ * Returns:    ---
+ *
+ * Use:                Reads data from the tunnel.
+ */
+
+static void t_read(int fd, unsigned mode, void *v)
+{
+  tunnel *t = v;
+  ssize_t n;
+  const octet *p, *l, *ll;
+  octet *q;
+  unsigned st;
+  octet o;
+  buf b;
+
+  /* --- Read the input data --- */
+
+  n = read(fd, buf_t, sizeof(buf_t));
+  if (n < 0) {
+    if (errno == EINTR ||
+#ifdef EWOULDBLOCK
+       errno == EWOULDBLOCK ||
+#endif
+       errno == EAGAIN)
+      return;
+    a_warn("TUN %s read-error -- %s", t->sl->name, strerror(errno));
+    return;
+  }
+  if (!n) {
+    a_warn("TUN %s slip eof", t->sl->name);
+    t->st = SLIPST_EOF;
+    sel_rmfile(&t->f);
+    return;
+  }
+  IF_TRACING(T_TUNNEL, {
+    trace_block(T_PACKET, "tunnel: SLIP-encapsulated data",
+               buf_t, n);
+  })
+
+  /* --- Decapsulate the packet --- */
+
+  for (p = buf_t, l = p + n, st = t->st,
+       q = t->buf + t->n, ll = t->buf + sizeof(t->buf);
+       p < l;
+       p++) {
+    o = *p;
+    switch (o) {
+      case SL_END:
+       if (st & SLIPST_BAD)
+         ;
+       else if (st & SLIPST_ESC)
+         a_warn("TUN %s slip escape-end", t->sl->name);
+       else if (q == t->buf) {
+         T( trace(T_TUNNEL, "tunnel: empty packet"); )
+       } else {
+         IF_TRACING(T_TUNNEL, {
+           trace(T_TUNNEL, "tunnel: packet arrived");
+           trace_block(T_PACKET, "tunnel: packet contents",
+                       t->buf, q - t->buf);
+         })
+         buf_init(&b, t->buf, q - t->buf);
+         p_tun(t->p, &b);
+       }
+       q = t->buf;
+       st &= ~(SLIPST_ESC | SLIPST_BAD);
+       break;
+      case SL_ESC:
+       if ((st & SLIPST_ESC) && !(st & SLIPST_BAD)) {
+         a_warn("TUN %s slip bad-escape", t->sl->name);
+         st |= SLIPST_BAD;
+       } else
+         st |= SLIPST_ESC;
+       break;
+      case SL_ESCEND:
+       if (st & SLIPST_ESC)
+         o = SL_END;
+       goto emit;
+      case SL_ESCESC:
+       if (st & SLIPST_ESC)
+         o = SL_ESC;
+       goto emit;
+      default:
+       if ((st & SLIPST_ESC) && !(st & SLIPST_BAD)) {
+         a_warn("TUN %s slip bad-escape", t->sl->name);
+         st |= SLIPST_BAD;
+       }
+      emit:
+       if (!(st & SLIPST_BAD)) {
+         if (q < ll)
+           *q++ = o;
+         else {
+           a_warn("TUN %s slip overflow", t->sl->name);
+           st |= SLIPST_BAD;
+         }
+       }
+       st &= ~SLIPST_ESC;
+       break;
+    }
+  }
+
+  t->n = q - t->buf;
+  t->st = st;
+}
+
+/* --- @tun_init@ --- *
+ *
+ * Arguments:  ---
+ *
+ * Returns:    ---
+ *
+ * Use:                Initializes the tunneling system.  Maybe this will require
+ *             opening file descriptors or something.
+ */
+
+void tun_init(void)
+{
+  char *p, *q;
+  dstr d = DSTR_INIT;
+  slipif *sl, **tail = &slipifs;
+  unsigned long uli, ulo;
+  size_t n;
+
+  /* --- Build the list of available interfaces --- */
+
+  if ((p = getenv("TRIPE_SLIPIF")) == 0)
+    die(1, "no slip interfaces listed: set TRIPE_SLIPIF");
+  dstr_puts(&d, p);
+
+  p = d.buf;
+  for (;;) {
+    uli = strtoul(p, &q, 0);
+    if (uli > INT_MAX || q == p)
+      goto whine;
+    if (*q != ',')
+      ulo = uli;
+    else {
+      p = q + 1;
+      ulo = strtoul(p, &q, 0);
+      if (ulo > INT_MAX || q == p)
+       goto whine;
+    }
+    if (*q != '=' || (n = strcspn(q + 1, ":")) == 0)
+      goto whine;
+    sl = CREATE(slipif);
+    sl->next = 0;
+    sl->ifd = uli;
+    sl->ofd = ulo;
+    sl->name = xmalloc(n + 1);
+    sl->f = 0;
+    memcpy(sl->name, q + 1, n);
+    sl->name[n] = 0;
+    *tail = sl;
+    tail = &sl->next;
+    T( trace(T_TUNNEL, "tunnel: declared slipif %d,%d=%s",
+            sl->ifd, sl->ofd, sl->name); )
+    p = q + n + 1;
+    if (!*p)
+      break;
+    p++;
+  }
+  return;
+
+whine:
+  die(1, "bad slip interface list");
+}
+
+/* --- @tun_create@ --- *
+ *
+ * Arguments:  @tunnel *t@ = pointer to tunnel block
+ *             @peer *p@ = pointer to peer block
+ *
+ * Returns:    Zero if it worked, nonzero on failure.
+ *
+ * Use:                Initializes a new tunnel.
+ */
+
+int tun_create(tunnel *t, peer *p)
+{
+  slipif *sl;
+  static const char end[] = { SL_END, SL_END };
+
+  for (sl = slipifs; sl; sl = sl->next) {
+    if (!(sl->f & SLIPIFF_INUSE))
+      goto found;
+  }
+  a_warn("TUN - slip no-slip-interfaces");
+  return (-1);
+
+found:
+  t->p = p;
+  t->sl = sl;
+  t->st = 0;
+  t->n = 0;
+  sl->f |= SLIPIFF_INUSE;
+  sel_initfile(&sel, &t->f, sl->ifd, SEL_READ, t_read, t);
+  sel_addfile(&t->f);
+  write(sl->ofd, end, sizeof(end));
+  T( trace(T_TUNNEL, "tunnel: attached interface %s to peer `%s'",
+          sl->name, p_name(p)); )
+  return (0);
+}
+
+/* --- @tun_ifname@ --- *
+ *
+ * Arguments:  @tunnel *t@ = pointer to tunnel block
+ *
+ * Returns:    A pointer to the tunnel's interface name.
+ */
+
+const char *tun_ifname(tunnel *t)
+{
+  return (t->sl->name);
+}
+
+/* --- @tun_inject@ --- *
+ *
+ * Arguments:  @tunnel *t@ = pointer to tunnel block
+ *             @buf *b@ = buffer to send
+ *
+ * Returns:    ---
+ *
+ * Use:                Injects a packet into the local network stack.
+ */
+
+void tun_inject(tunnel *t, buf *b)
+{
+  octet buf[PKBUFSZ * 2 + 2];
+  const octet *p, *l;
+  octet *q;
+
+  IF_TRACING(T_TUNNEL, {
+    trace(T_TUNNEL, "tunnel: inject decrypted packet");
+    trace_block(T_PACKET, "tunnel: packet contents", BBASE(b), BLEN(b));
+  })
+
+  q = buf;
+  *q++ = SL_END;
+  for (p = BBASE(b), l = BCUR(b); p < l; p++) {
+    switch (*p) {
+      case SL_END: *q++ = SL_ESC; *q++ = SL_ESCEND; break;
+      case SL_ESC: *q++ = SL_ESC; *q++ = SL_ESCESC; break;
+      default: *q++ = *p; break;
+    }
+  }
+  *q++ = SL_END;
+  IF_TRACING(T_TUNNEL, {
+    trace_block(T_PACKET, "tunnel: SLIP-encapsulated contents",
+               buf, q - buf);
+  })
+  write(t->sl->ofd, buf, q - buf);
+}
+
+/* --- @tun_destroy@ --- *
+ *
+ * Arguments:  @tunnel *t@ = pointer to tunnel block
+ *
+ * Returns:    ---
+ *
+ * Use:                Destroys a tunnel.
+ */
+
+void tun_destroy(tunnel *t)
+{
+  /* --- If it reported EOF, leave it out-of-action --- */
+
+  if (!(t->st & SLIPST_EOF)) {
+    sel_rmfile(&t->f);
+    t->sl->f &= ~SLIPIFF_INUSE;
+  }
+}
+
+/*----- That's all, folks -------------------------------------------------*/