From: mdw Date: Sat, 3 Sep 2005 23:52:20 +0000 (+0000) Subject: Support SLIP encapsulation as a tunnelling mechanism. X-Git-Tag: 1.0.0pre7~1 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/b9066fbb5c1c160eb305a33a3335b77d17e0f502 Support SLIP encapsulation as a tunnelling mechanism. --- diff --git a/Makefile.am b/Makefile.am index cb7455a1..bbf743ea 100644 --- a/Makefile.am +++ b/Makefile.am @@ -43,7 +43,7 @@ tripe_SOURCES = \ keymgmt.c keyexch.c keyset.c \ servutil.c util.c util.h EXTRA_tripe_SOURCES = \ - tun-unet.c tun-bsd.c tun-linux.c + tun-unet.c tun-bsd.c tun-linux.c tun-slip.c tripe_LDADD = $(CATACOMB_LIBS) tripectl_SOURCES = \ client.c util.c util.h diff --git a/configure.in b/configure.in index 6163a8d8..db4ddf9a 100644 --- a/configure.in +++ b/configure.in @@ -84,32 +84,44 @@ AC_ARG_WITH([ethereal], esac], [ethereal=true requireethereal=false]) -case $host_os in - linux*) - case `uname -r` in +tun=guess +AC_ARG_WITH([tunnel], +[ --with-tunnel=KIND kind of tunnel device to use + (linux, unet, bsd, slip)], +[tun=$withval]) + +if test "$tun" = guess; then + AC_CACHE_CHECK([tunnel device to use], [mdw_cv_tunnel], [ + case $host_os in + linux*) + case `uname -r` in changequote(,)dnl - 2.[4-9].* | 2.[1-9][0-9]*.* | [3-9].* | [1-9][0-9]*.*) + 2.[4-9].* | 2.[1-9][0-9]*.* | [3-9].* | [1-9][0-9]*.*) changequote([,])dnl - tun=linux - AC_DEFINE([TUN_TYPE], [TUN_LINUX], - [Set to the tunnel driver for your OS. See TUN_* in tripe.h.]) + mdw_cv_tunnel=linux + ;; + *) + mdw_cv_tunnel=unet + ;; + esac + ;; + *bsd*) + mdw_cv_tunnel=bsd ;; *) - tun=unet - AC_DEFINE([TUN_TYPE], [TUN_UNET], - [Set to the tunnel driver for your OS. See TUN_* in tripe.h.]) + mdw_cv_tunnel=slip ;; esac - ;; - *bsd*) - tun=bsd - AC_DEFINE([TUN_TYPE], [TUN_BSD], - [Set to the tunnel driver for your OS. See TUN_* in tripe.h.]) - ;; - *) - AC_MSG_ERROR([Unsupported OS: no tunnel interface available]) - ;; + ]) + tun=$mdw_cv_tunnel +fi + +case $tun in + linux | unet | bsd | slip) ;; + *) AC_MSG_ERROR([Unknown tunnel type]) ;; esac +AC_DEFINE_UNQUOTED([TUN_TYPE], [TUN_`echo $tun | tr a-z A-Z`], + [Set to the tunnel driver for your OS. See TUN_* in tripe.h.]) AC_SUBST(tun) mdw_MLIB(2.0.0) diff --git a/doc/tripe-admin.5 b/doc/tripe-admin.5 index 9f434bdc..35a0f08b 100644 --- a/doc/tripe-admin.5 +++ b/doc/tripe-admin.5 @@ -654,6 +654,10 @@ create some more .BI /dev/tun nn files, it will work. .TP +.BI "TUN \- slip no-slip-interfaces" +The driver ran out of SLIP interfaces. You probably need to preallocate +some more and restart. +.TP .BI "TUN - open-error " device " \-\- " message An attempt to open the tunnel device file .I device @@ -676,6 +680,23 @@ and shouldn't be used any more. .BI "TUN \- unet ifname-too-long \-\- " message The Unet interface's name overflowed, so we couldn't read it properly. Unet is obsolete and shouldn't be used any more. +.TP +.BI "TUN " ifname " slip eof" +The SLIP driver encountered end-of-file on its input descriptor. +Pending data is discarded, and no attempt is made to read any more data +from that interface ever. +.TP +.BI "TUN " ifname " slip escape-end" +The SLIP driver encountered an escaped `end' marker. This probably +means that someone's been sending it junk. The erroneous packet is +discarded, and we hope that we've rediscovered synchronization. +.TP +.BI "TUN " ifname " slip bad-escape" +The SLIP driver encountered a escaped byte it wasn't expecting to see. +The erroneous packet will be ignored. +.TP +.BI "TUN " ifname " slip overflow" +The SLIP driver gave up reading a packet because it got too large. .SS "USER warnings" These are issued by administration clients using the .B WARN diff --git a/doc/tripe.8 b/doc/tripe.8 index 373271a7..bcfdcbb4 100644 --- a/doc/tripe.8 +++ b/doc/tripe.8 @@ -477,6 +477,34 @@ at half the underlying hash function's output length. A `mask-generation function', used in the key-exchange. The default is .IB hash \-mgf and there's no good reason to change it. +.SS "Using SLIP interfaces" +Though not for the faint of heart, it is possible to get +.B tripe +to read and write network packets to a pair of file descriptors using +SLIP encapsulation. No fancy header compression of any kind is +supported. The intended use is that you allocate a pty pair, set the +slave's line discipline to SLIP, and hand the +.B tripe +server the master end, though in fact any old file descriptors will do. +.PP +The SLIP descriptors must be set up and running before the daemon is +started, and you must inform it about the SLIP descriptors it's meant to +use in an environment variable +.BR TRIPE_SLIPIF , +whose value must be a colon-separated list of items of the form +.IR infd [ \c +.BI , outfd \c +.RB ] \c +.BI = \c +.IR ifname . +If the +.I outfd +is omitted, the same file descriptor is used for input and output. +.PP +The output file descriptor should not block unless it really needs to: +the +.B tripe +daemon assumes that it won't, and will get wait for it to accept output. .SS "About the name" The program's name is .BR tripe , diff --git a/peer.c b/peer.c index 5fdfc1bc..15243b71 100644 --- a/peer.c +++ b/peer.c @@ -80,8 +80,10 @@ static void p_read(int fd, unsigned mode, void *v) return; found: - T( trace(T_PEER, "peer: packet received from `%s'", p->name); - trace_block(T_PACKET, "peer: packet contents", buf_i, n); ) + IF_TRACING(T_PEER, { + trace(T_PEER, "peer: packet received from `%s'", p->name); + trace_block(T_PACKET, "peer: packet contents", buf_i, n); + }) /* --- Pick the packet apart --- */ diff --git a/tripe-init.in b/tripe-init.in index b02b8269..82ada434 100755 --- a/tripe-init.in +++ b/tripe-init.in @@ -99,6 +99,12 @@ case `$tripe --tunnel` in ;; esac ;; + slip) + if test "$TRIPE_SLIPIF" = ""; then + echo >&2 "$tripe needs SLIP interfaces set up!" + exit 1 + fi + ;; esac # --- Do what was wanted --- diff --git a/tripe.c b/tripe.c index 78a3d726..180177ee 100644 --- a/tripe.c +++ b/tripe.c @@ -247,7 +247,8 @@ int main(int argc, char *argv[]) break; #endif case '0': { - static const char *tun[] = { "notdef", "unet", "bsd", "linux" }; + static const char *tun[] = + { "notdef", "unet", "bsd", "linux", "slip" }; puts(tun[TUN_TYPE]); exit(0); } break; diff --git a/tripe.h b/tripe.h index 320a2ca5..c8ad9ae1 100644 --- a/tripe.h +++ b/tripe.h @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include @@ -111,6 +112,7 @@ #define TUN_UNET 1 #define TUN_BSD 2 #define TUN_LINUX 3 +#define TUN_SLIP 4 /* --- Trace flags --- */ @@ -263,6 +265,16 @@ enum { # include #endif +#if TUN_TYPE == TUN_SLIP + typedef struct slipif { + struct slipif *next; /* Next one in the list */ + int ifd, ofd; /* File descriptors to talk on */ + char *name; /* Interface name */ + unsigned f; /* Various flags */ +# define SLIPIFF_INUSE 1u /* Interface is in use */ + } slipif; +#endif + typedef struct tunnel { #if TUN_TYPE == TUN_UNET sel_file f; /* Selector for Usernet device */ @@ -275,6 +287,16 @@ typedef struct tunnel { sel_file f; /* Selector for tunnel device */ struct peer *p; /* Pointer to my peer */ unsigned n; /* Number of my tunnel device */ +#elif TUN_TYPE == TUN_SLIP + slipif *sl; /* My interface record */ + sel_file f; /* Selector for SLIP tty */ + struct peer *p; /* Pointer to my peer */ + unsigned st; /* Current parser state */ +# define SLIPST_ESC 1u /* Last saw an escape character */ +# define SLIPST_BAD 2u /* This packet is malformed */ +# define SLIPST_EOF 4u /* File descriptor reported EOF */ + size_t n; /* Number of bytes used in buffer */ + octet buf[PKBUFSZ]; /* Buffer for incoming data */ #else # error "No support for this tunnel type" #endif diff --git a/tun-linux.c b/tun-linux.c index 6aa5adb4..ff65a5e7 100644 --- a/tun-linux.c +++ b/tun-linux.c @@ -105,7 +105,7 @@ int tun_create(tunnel *t, peer *p) } fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); iff.ifr_name[0] = 0; - iff.ifr_flags = IFF_TUN; + iff.ifr_flags = IFF_TUN | IFF_NO_PI; if ((f = ioctl(fd, TUNSETIFF, &iff)) < 0) { a_warn("TUN - linux config-error -- %s", strerror(errno)); close(fd); diff --git a/tun-slip.c b/tun-slip.c new file mode 100644 index 00000000..1d1bd14b --- /dev/null +++ b/tun-slip.c @@ -0,0 +1,325 @@ +/* -*-c-*- + * + * $Id$ + * + * Tunnel packets via SLIP + * + * (c) 2005 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Trivial IP Encryption (TrIPE). + * + * TrIPE is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * TrIPE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with TrIPE; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/*----- Header files ------------------------------------------------------*/ + +#include "tripe.h" + +/*----- Static variables --------------------------------------------------*/ + +static slipif *slipifs; /* List of available interfaces */ + +/*----- Main code ---------------------------------------------------------*/ + +#if TUN_TYPE != TUN_SLIP +# error "Tunnel type mismatch: fix the Makefile" +#endif + +#define SL_END 0xc0 +#define SL_ESC 0xdb +#define SL_ESCEND 0xdc +#define SL_ESCESC 0xdd + +/* --- @t_read@ --- * + * + * Arguments: @int fd@ = file descriptor to read + * @unsigned mode@ = what's happened + * @void *v@ = pointer to tunnel block + * + * Returns: --- + * + * Use: Reads data from the tunnel. + */ + +static void t_read(int fd, unsigned mode, void *v) +{ + tunnel *t = v; + ssize_t n; + const octet *p, *l, *ll; + octet *q; + unsigned st; + octet o; + buf b; + + /* --- Read the input data --- */ + + n = read(fd, buf_t, sizeof(buf_t)); + if (n < 0) { + if (errno == EINTR || +#ifdef EWOULDBLOCK + errno == EWOULDBLOCK || +#endif + errno == EAGAIN) + return; + a_warn("TUN %s read-error -- %s", t->sl->name, strerror(errno)); + return; + } + if (!n) { + a_warn("TUN %s slip eof", t->sl->name); + t->st = SLIPST_EOF; + sel_rmfile(&t->f); + return; + } + IF_TRACING(T_TUNNEL, { + trace_block(T_PACKET, "tunnel: SLIP-encapsulated data", + buf_t, n); + }) + + /* --- Decapsulate the packet --- */ + + for (p = buf_t, l = p + n, st = t->st, + q = t->buf + t->n, ll = t->buf + sizeof(t->buf); + p < l; + p++) { + o = *p; + switch (o) { + case SL_END: + if (st & SLIPST_BAD) + ; + else if (st & SLIPST_ESC) + a_warn("TUN %s slip escape-end", t->sl->name); + else if (q == t->buf) { + T( trace(T_TUNNEL, "tunnel: empty packet"); ) + } else { + IF_TRACING(T_TUNNEL, { + trace(T_TUNNEL, "tunnel: packet arrived"); + trace_block(T_PACKET, "tunnel: packet contents", + t->buf, q - t->buf); + }) + buf_init(&b, t->buf, q - t->buf); + p_tun(t->p, &b); + } + q = t->buf; + st &= ~(SLIPST_ESC | SLIPST_BAD); + break; + case SL_ESC: + if ((st & SLIPST_ESC) && !(st & SLIPST_BAD)) { + a_warn("TUN %s slip bad-escape", t->sl->name); + st |= SLIPST_BAD; + } else + st |= SLIPST_ESC; + break; + case SL_ESCEND: + if (st & SLIPST_ESC) + o = SL_END; + goto emit; + case SL_ESCESC: + if (st & SLIPST_ESC) + o = SL_ESC; + goto emit; + default: + if ((st & SLIPST_ESC) && !(st & SLIPST_BAD)) { + a_warn("TUN %s slip bad-escape", t->sl->name); + st |= SLIPST_BAD; + } + emit: + if (!(st & SLIPST_BAD)) { + if (q < ll) + *q++ = o; + else { + a_warn("TUN %s slip overflow", t->sl->name); + st |= SLIPST_BAD; + } + } + st &= ~SLIPST_ESC; + break; + } + } + + t->n = q - t->buf; + t->st = st; +} + +/* --- @tun_init@ --- * + * + * Arguments: --- + * + * Returns: --- + * + * Use: Initializes the tunneling system. Maybe this will require + * opening file descriptors or something. + */ + +void tun_init(void) +{ + char *p, *q; + dstr d = DSTR_INIT; + slipif *sl, **tail = &slipifs; + unsigned long uli, ulo; + size_t n; + + /* --- Build the list of available interfaces --- */ + + if ((p = getenv("TRIPE_SLIPIF")) == 0) + die(1, "no slip interfaces listed: set TRIPE_SLIPIF"); + dstr_puts(&d, p); + + p = d.buf; + for (;;) { + uli = strtoul(p, &q, 0); + if (uli > INT_MAX || q == p) + goto whine; + if (*q != ',') + ulo = uli; + else { + p = q + 1; + ulo = strtoul(p, &q, 0); + if (ulo > INT_MAX || q == p) + goto whine; + } + if (*q != '=' || (n = strcspn(q + 1, ":")) == 0) + goto whine; + sl = CREATE(slipif); + sl->next = 0; + sl->ifd = uli; + sl->ofd = ulo; + sl->name = xmalloc(n + 1); + sl->f = 0; + memcpy(sl->name, q + 1, n); + sl->name[n] = 0; + *tail = sl; + tail = &sl->next; + T( trace(T_TUNNEL, "tunnel: declared slipif %d,%d=%s", + sl->ifd, sl->ofd, sl->name); ) + p = q + n + 1; + if (!*p) + break; + p++; + } + return; + +whine: + die(1, "bad slip interface list"); +} + +/* --- @tun_create@ --- * + * + * Arguments: @tunnel *t@ = pointer to tunnel block + * @peer *p@ = pointer to peer block + * + * Returns: Zero if it worked, nonzero on failure. + * + * Use: Initializes a new tunnel. + */ + +int tun_create(tunnel *t, peer *p) +{ + slipif *sl; + static const char end[] = { SL_END, SL_END }; + + for (sl = slipifs; sl; sl = sl->next) { + if (!(sl->f & SLIPIFF_INUSE)) + goto found; + } + a_warn("TUN - slip no-slip-interfaces"); + return (-1); + +found: + t->p = p; + t->sl = sl; + t->st = 0; + t->n = 0; + sl->f |= SLIPIFF_INUSE; + sel_initfile(&sel, &t->f, sl->ifd, SEL_READ, t_read, t); + sel_addfile(&t->f); + write(sl->ofd, end, sizeof(end)); + T( trace(T_TUNNEL, "tunnel: attached interface %s to peer `%s'", + sl->name, p_name(p)); ) + return (0); +} + +/* --- @tun_ifname@ --- * + * + * Arguments: @tunnel *t@ = pointer to tunnel block + * + * Returns: A pointer to the tunnel's interface name. + */ + +const char *tun_ifname(tunnel *t) +{ + return (t->sl->name); +} + +/* --- @tun_inject@ --- * + * + * Arguments: @tunnel *t@ = pointer to tunnel block + * @buf *b@ = buffer to send + * + * Returns: --- + * + * Use: Injects a packet into the local network stack. + */ + +void tun_inject(tunnel *t, buf *b) +{ + octet buf[PKBUFSZ * 2 + 2]; + const octet *p, *l; + octet *q; + + IF_TRACING(T_TUNNEL, { + trace(T_TUNNEL, "tunnel: inject decrypted packet"); + trace_block(T_PACKET, "tunnel: packet contents", BBASE(b), BLEN(b)); + }) + + q = buf; + *q++ = SL_END; + for (p = BBASE(b), l = BCUR(b); p < l; p++) { + switch (*p) { + case SL_END: *q++ = SL_ESC; *q++ = SL_ESCEND; break; + case SL_ESC: *q++ = SL_ESC; *q++ = SL_ESCESC; break; + default: *q++ = *p; break; + } + } + *q++ = SL_END; + IF_TRACING(T_TUNNEL, { + trace_block(T_PACKET, "tunnel: SLIP-encapsulated contents", + buf, q - buf); + }) + write(t->sl->ofd, buf, q - buf); +} + +/* --- @tun_destroy@ --- * + * + * Arguments: @tunnel *t@ = pointer to tunnel block + * + * Returns: --- + * + * Use: Destroys a tunnel. + */ + +void tun_destroy(tunnel *t) +{ + /* --- If it reported EOF, leave it out-of-action --- */ + + if (!(t->st & SLIPST_EOF)) { + sel_rmfile(&t->f); + t->sl->f &= ~SLIPIFF_INUSE; + } +} + +/*----- That's all, folks -------------------------------------------------*/