From: ian Date: Tue, 30 May 2000 23:06:46 +0000 (+0000) Subject: Works at least without crypto. X-Git-Tag: userv-utils-0-1-finger-mergeup-1~10 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv-utils.git;a=commitdiff_plain;h=09966b4959fa31ea3f6746b6b6583907744484e1 Works at least without crypto. --- diff --git a/ipif/forwarder.c b/ipif/forwarder.c index a9e43e0..015afbd 100644 --- a/ipif/forwarder.c +++ b/ipif/forwarder.c @@ -2,10 +2,11 @@ * Encrypting tunnel for userv-ipif tunnels, actual implementation * * usage: - * udptunnel-forwarder + * udptunnel-forwarder + * + * * * [] - * * [ ...] * [ ...] * '' @@ -14,7 +15,9 @@ * whereever we get a good packet from first, in which case port * should not be specified. * - * is '' to mean read, anything else to mean write. + * is zero or more of + * w means generate and write encdec keys, rather than reading them + * D means do crypto debug (use with care!) * * Every must be numeric. There is very little argument checking. * @@ -47,11 +50,12 @@ static size_t buffer_size; +static const char *opt_chars; static int public_local_fd, private_in_fd, private_out_fd; static int mtu2, keepalive, timeout; static int public_remote_specd; static struct sockaddr_in public_remote; -static int encdec_keys_fd, encdec_keys_write; +static int encdec_keys_fd, encdec_keys_write, crypto_debug; static int n_mechs; static const struct mechanism *mechs[MAXMECHS]; @@ -64,6 +68,46 @@ static size_t accum_used, accum_avail; static time_t nextsendka; +static void cdebug(int mechno /*or -1*/, const char *msg) { + if (!crypto_debug) return; + printf("%s: CRYPTO: %-20s encrypt setup\n", + programid, + mechno >= 0 ? mechs[i]->name : "", + msg); +} + +static void cdebughex(int mechno /*or -1*/, const char *msg, + size_t skipbefore, const void *ptr, size_t sz, size_t skipafter) { + const unsigned char *p; + + if (!crypto_debug) return; + printf("%s: CRYPTO: %-20s %s", + programid, + mechno >= 0 ? mechs[i]->name : "", + msg); + for (i=0; iencsetup(&md_in[i], &maxprefix, &maxsuffix); - for (i=0; idecsetup(&md_out[i]); + for (i=0; iencsetup(&md_in[i], &maxprefix, &maxsuffix); + } + for (i=0; idecsetup(&md_out[i]); + } if (maxprefix<1) maxprefix= 1; if (maxsuffix<1) maxsuffix= 1; diff --git a/ipif/udptunnel b/ipif/udptunnel index c2da428..08b75a3 100755 --- a/ipif/udptunnel +++ b/ipif/udptunnel @@ -8,6 +8,7 @@ # | -m (`masquerade support': subcommand gets `Wait' instead of our addr/port) # | -d (`dump keys': when no subcmd, spew keys rather than reading them; # we always send keys to our subcmd if there is one) +# | -Dcrypto (debug crypto - use with care, prints keys, packets &c on screen!) # | -f # ... # ] @@ -172,6 +173,7 @@ $|=1; $masq= 0; $dump= 0; $fcmd= 'udptunnel-forwarder'; +$xfwdopts= ''; while ($ARGV[0] =~ m/^-/) { $_= shift @ARGV; @@ -191,6 +193,8 @@ while ($ARGV[0] =~ m/^-/) { $masq= 1; } elsif (s/^-d/-/) { $dump= 1; + } elsif (s/^-Dcrypto$/-/) { + $xfwdopts.= 'K'; } else { quit("unknown option \`$_'"); } @@ -345,11 +349,12 @@ if (!$c_lcmd) { close UW; close DR; -@fcmd= ($fcmd, - fileno(L), fileno(DW), fileno(UR), +$xfwdopts.= 'w' if $dump; + +@fcmd= ($fcmd, $xfwdopts, + fileno(L), fileno(DW), fileno(UR), fileno(DUMPKEYS), $mtu, $keepalive, $timeout, @rapf, - fileno(DUMPKEYS), $dump ? 'y' : '', @encryption); debug("forwarding command @fcmd."); diff --git a/ipif/utils.c b/ipif/utils.c index c215390..97ff430 100644 --- a/ipif/utils.c +++ b/ipif/utils.c @@ -81,22 +81,6 @@ void read_must(int fd, void *p_in, int sz, const char *what) { } } -void get_random(void *ptr, size_t sz) { - static FILE *randfile; - - size_t r; - - if (!randfile) { - randfile= fopen("/dev/urandom","rb"); - if (!randfile && errno==ENOENT) randfile= fopen("/dev/random","rb"); - if (!randfile) sysfail("open random number generator"); - } - - r= fread(ptr,1,sz,randfile); - if (r == sz) return; - (ferror(randfile) ? sysfail : fail)("cannot read random number generator"); -} - const char *getarg_string(void) { const char *arg;