diff options
author | Toni Uhlig <matzeton@googlemail.com> | 2017-11-04 23:04:46 +0100 |
---|---|---|
committer | Toni Uhlig <matzeton@googlemail.com> | 2017-11-05 00:08:01 +0100 |
commit | 21be61692cefc489883822c7f718de1fe904fefe (patch) | |
tree | f2184767417abc7366e719bb2b5973a718b4cca0 | |
parent | 168e28e950f8540b287aa095f03ce37f4e3811e1 (diff) |
ptunnel-ng:
* text formatting
* user defined magic value (prevent Cisco WSA/ironport detection)
* memset bugfix
-rwxr-xr-x | Makefile | 2 | ||||
-rwxr-xr-x | debian/rules | 2 | ||||
-rwxr-xr-x | ptunnel.c | 136 | ||||
-rwxr-xr-x | ptunnel.h | 299 |
4 files changed, 247 insertions, 192 deletions
@@ -2,7 +2,7 @@ # (c) 2004-2009 Daniel Stoedle, daniels@cs.uit.no # ptunnel.exe target added by Mike Miller, mike@mikeage.net -CC = gcc +CC = gcc CFLAGS = -Wall -g LDOPTS = -lpthread -lpcap PT_OBJS = ptunnel.o md5.o diff --git a/debian/rules b/debian/rules index 896d652..3e3040a 100755 --- a/debian/rules +++ b/debian/rules @@ -8,4 +8,4 @@ LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS) dh $@ override_dh_auto_build: - dh_auto_build -- CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" CPPFLAGS="$(CPPFLAGS)" + dh_auto_build -- CFLAGS="-Wall $(CFLAGS)" LDFLAGS="$(LDFLAGS)" CPPFLAGS="$(CPPFLAGS)" @@ -81,49 +81,55 @@ // Lots of globals -pthread_mutex_t chain_lock, // Lock protecting the chain of connections - num_threads_lock; // Lock protecting the num_threads variable - -bool unprivileged = false, // True if user wants to run without root - pcap = false, // True if user wants packet capturing - print_stats = false, // True if user wants continuous statistics printed. - use_syslog = false; // True if user wants to log to syslog -FILE *log_file = 0; // Usually stdout, but can be altered by the user - -int tcp_port = -1, // Port to send data to from the proxy - tcp_listen_port = -1, // Port the client listens on - log_level = kLog_event, // Default log level - mode = kMode_proxy, // Default mode (proxy) - num_threads = 0, // Current thread count - max_tunnels = kMax_tunnels, // Default maximum number of tunnels to support at once - num_tunnels = 0, // Current tunnel count - use_udp = 0; // True if UDP should be used for transport (proxy runs on port 53) -uint32_t *seq_expiry_tbl = 0, // Table indicating when a connection ID is allowable (used by proxy) - given_proxy_ip = 0, // Proxy's internet address - given_dst_ip = 0; // Destination client wants data forwarded to -char *password = 0, // Password (must be the same on proxy and client for authentication to succeed) - password_digest[kMD5_digest_size], // MD5 digest of password - *pcap_device = 0; // Device to capture packets from +pthread_mutex_t + chain_lock, // Lock protecting the chain of connections + num_threads_lock; // Lock protecting the num_threads variable +bool + unprivileged = false, // True if user wants to run without root + pcap = false, // True if user wants packet capturing + print_stats = false, // True if user wants continuous statistics printed. + use_syslog = false; // True if user wants to log to syslog +FILE + *log_file = 0; // Usually stdout, but can be altered by the user +int + tcp_port = -1, // Port to send data to from the proxy + tcp_listen_port = -1, // Port the client listens on + log_level = kLog_event, // Default log level + mode = kMode_proxy, // Default mode (proxy) + num_threads = 0, // Current thread count + max_tunnels = kMax_tunnels, // Default maximum number of tunnels to support at once + num_tunnels = 0, // Current tunnel count + use_udp = 0; // True if UDP should be used for transport (proxy runs on port 53) +uint32_t + magic = kPing_tunnel_magic, // user defined magic value (prevent Cisco WSA/ironport detection) + *seq_expiry_tbl = 0, // Table indicating when a connection ID is allowable (used by proxy) + given_proxy_ip = 0, // Proxy's internet address + given_dst_ip = 0; // Destination client wants data forwarded to +char + *password = 0, // Password (must be the same on proxy and client for authentication to succeed) + password_digest[kMD5_digest_size], // MD5 digest of password + *pcap_device = 0; // Device to capture packets from // Some buffer constants -const int tcp_receive_buf_len = kDefault_buf_size, - icmp_receive_buf_len = kDefault_buf_size + kIP_header_size + kICMP_header_size + sizeof(ping_tunnel_pkt_t), - pcap_buf_size = (kDefault_buf_size + kIP_header_size + kICMP_header_size + sizeof(ping_tunnel_pkt_t)+64)*64; -char pcap_filter_program[] = "icmp"; // && (icmp[icmptype] = icmp-echo || icmp[icmptype] = icmp-echoreply)"; +const int + tcp_receive_buf_len = kDefault_buf_size, + icmp_receive_buf_len = kDefault_buf_size + kIP_header_size + kICMP_header_size + sizeof(ping_tunnel_pkt_t), + pcap_buf_size = (kDefault_buf_size + kIP_header_size + kICMP_header_size + sizeof(ping_tunnel_pkt_t)+64)*64; +char pcap_filter_program[] = "icmp"; // && (icmp[icmptype] = icmp-echo || icmp[icmptype] = icmp-echoreply)"; // The chain of client/proxy connections -proxy_desc_t *chain = 0; -const char *state_name[kNum_proto_types] = { "start", "ack", "data", "close", "authenticate" }; +proxy_desc_t *chain = 0; +const char *state_name[kNum_proto_types] = { "start", "ack", "data", "close", "authenticate" }; // Let the fun begin! -int main(int argc, char *argv[]) { - int i, opt; - md5_state_t state; +int main(int argc, char *argv[]) { + int i, opt; + md5_state_t state; struct hostent *host_ent; #ifndef WIN32 struct passwd *pwnam; struct group *grnam; - pid_t pid; + pid_t pid; #endif #ifdef WIN32 WORD wVersionRequested; @@ -161,7 +167,10 @@ int main(int argc, char *argv[]) { opt = kOpt_undefined; mode = kMode_proxy; for (i=1;i<argc;i++) { - if (strcmp(argv[i], "-p") == 0) { + if (strcmp(argv[i], "-a") == 0) { + opt = kOpt_set_magic; + } + else if (strcmp(argv[i], "-p") == 0) { mode = kMode_forward; opt = kOpt_set_proxy_addr; } @@ -203,6 +212,9 @@ int main(int argc, char *argv[]) { use_udp = 1; else { switch (opt) { + case kOpt_set_magic: + magic = strtoul(argv[i], NULL, 16); + break; case kOpt_set_proxy_addr: if (NULL == (host_ent = gethostbyname(argv[i]))) { pt_log(kLog_error, "Failed to look up %s as proxy address\n", argv[i]); @@ -351,9 +363,10 @@ int main(int argc, char *argv[]) { fprintf(pid_file, "%d\n", getpid()); fclose(pid_file); } - freopen("/dev/null", "r", stdin); - freopen("/dev/null", "w", stdout); - freopen("/dev/null", "w", stderr); + if (! freopen("/dev/null", "r", stdin) || + ! freopen("/dev/null", "w", stdout) || + ! freopen("/dev/null", "w", stderr)) + pt_log(kLog_error, "freopen: %s\n", strerror(errno)); } } } @@ -416,6 +429,7 @@ void usage(char *exec_name) { printf("ptunnel v %d.%.2d.\n", kMajor_version, kMinor_version); printf("Usage: %s -p <addr> -lp <port> -da <dest_addr> -dp <dest_port> [-m max_tunnels] [-v verbosity] [-f logfile]\n", exec_name); printf(" %s [-m max_threads] [-v verbosity] [-c <device>]\n", exec_name); + printf(" -a: Set ICMP Tunnel magic hexadecimal number e.g. %X\n", magic); printf(" -p: Set address of peer running packet forwarder. This causes\n"); printf(" ptunnel to operate in forwarding mode - the absence of this\n"); printf(" option causes ptunnel to operate in proxy mode.\n"); @@ -814,7 +828,7 @@ void* pt_proxy(void *args) { //pt_log(kLog_verbose, "pcap captured %d packets - handling them..\n", pc.pkt_q.elems); while (pc.pkt_q.head) { cur = pc.pkt_q.head; - memset(&addr, sizeof(struct sockaddr), 0); + memset(&addr, 0, sizeof(struct sockaddr)); addr.sin_family = AF_INET; addr.sin_addr.s_addr = *(in_addr_t*)&(((ip_packet_t*)(cur->data))->src_ip); handle_packet(cur->data, cur->bytes, 1, &addr, fwd_sock); @@ -950,7 +964,7 @@ void handle_packet(char *buf, int bytes, int is_pcap, struct sockaddr_in *addr, pkt = (icmp_echo_packet_t*)ip_pkt->data; pt_pkt = (ping_tunnel_pkt_t*)pkt->data; } - if (ntohl(pt_pkt->magic) == kPing_tunnel_magic) { + if (ntohl(pt_pkt->magic) == magic) { pt_pkt->state = ntohl(pt_pkt->state); pkt->identifier = ntohs(pkt->identifier); pt_pkt->id_no = ntohs(pt_pkt->id_no); @@ -1205,14 +1219,14 @@ static int ip_id_counter = 1; int queue_packet(int icmp_sock, uint8_t type, char *buf, int num_bytes, uint16_t id_no, uint16_t icmp_id, uint16_t *seq, icmp_desc_t ring[], int *insert_idx, int *await_send, uint32_t ip, uint32_t port, uint32_t state, struct sockaddr_in *dest_addr, uint16_t next_expected_seq, int *first_ack, uint16_t *ping_seq) { #if kPT_add_iphdr ip_packet_t *ip_pkt = 0; - int pkt_len = sizeof(ip_packet_t)+sizeof(icmp_echo_packet_t)+sizeof(ping_tunnel_pkt_t)+num_bytes, + int pkt_len = sizeof(ip_packet_t)+sizeof(icmp_echo_packet_t)+sizeof(ping_tunnel_pkt_t)+num_bytes, #else - int pkt_len = sizeof(icmp_echo_packet_t)+sizeof(ping_tunnel_pkt_t)+num_bytes, + int pkt_len = sizeof(icmp_echo_packet_t)+sizeof(ping_tunnel_pkt_t)+num_bytes, #endif - err = 0; + err = 0; icmp_echo_packet_t *pkt = 0; ping_tunnel_pkt_t *pt_pkt = 0; - uint16_t ack_val = next_expected_seq-1; + uint16_t ack_val = next_expected_seq-1; if (pkt_len % 2) @@ -1220,35 +1234,35 @@ int queue_packet(int icmp_sock, uint8_t type, char *buf, int num_bytes, uint16 #if kPT_add_iphdr printf("add header\n"); - ip_pkt = malloc(pkt_len); - pkt = (icmp_echo_packet_t*)ip_pkt->data; + ip_pkt = malloc(pkt_len); + pkt = (icmp_echo_packet_t*)ip_pkt->data; memset(ip_pkt, 0, sizeof(ip_packet_t)); - ip_pkt->vers_ihl = 0x45;//|(pkt_len>>2);//5;//(IPVERSION << 4) | (sizeof(ip_packet_t) >> 2); - ip_pkt->tos = IPTOS_LOWDELAY; - ip_pkt->pkt_len = pkt_len; - ip_pkt->id = 0; //kernel sets proper value htons(ip_id_counter); + ip_pkt->vers_ihl = 0x45;//|(pkt_len>>2);//5;//(IPVERSION << 4) | (sizeof(ip_packet_t) >> 2); + ip_pkt->tos = IPTOS_LOWDELAY; + ip_pkt->pkt_len = pkt_len; + ip_pkt->id = 0; //kernel sets proper value htons(ip_id_counter); ip_pkt->flags_frag_offset = 0; - ip_pkt->ttl = IPDEFTTL; // default time to live (64) - ip_pkt->proto = 1; // ICMP - ip_pkt->checksum = 0; // maybe the kernel helps us out..? - ip_pkt->src_ip = htonl(0x0); // insert source IP address here - ip_pkt->dst_ip = dest_addr->sin_addr.s_addr;//htonl(0x7f000001); // localhost.. + ip_pkt->ttl = IPDEFTTL; // default time to live (64) + ip_pkt->proto = 1; // ICMP + ip_pkt->checksum = 0; // maybe the kernel helps us out..? + ip_pkt->src_ip = htonl(0x0); // insert source IP address here + ip_pkt->dst_ip = dest_addr->sin_addr.s_addr;//htonl(0x7f000001); // localhost.. #else - pkt = malloc(pkt_len); + pkt = calloc(1, pkt_len); #endif - pkt->type = type; // ICMP Echo request or reply - pkt->code = 0; // Must be zero (non-zero requires root) + pkt->type = type; // ICMP Echo request or reply + pkt->code = 0; // Must be zero (non-zero requires root) pkt->identifier = htons(icmp_id); - pkt->seq = htons(*ping_seq); + pkt->seq = htons(*ping_seq); pkt->checksum = 0; (*ping_seq)++; // Add our information - pt_pkt = (ping_tunnel_pkt_t*)pkt->data; - pt_pkt->magic = htonl(kPing_tunnel_magic); + pt_pkt = (ping_tunnel_pkt_t*)pkt->data; + pt_pkt->magic = htonl(magic); pt_pkt->dst_ip = ip; pt_pkt->dst_port = htonl(port); - pt_pkt->ack = htonl(ack_val); + pt_pkt->ack = htonl(ack_val); pt_pkt->data_len = htonl(num_bytes); pt_pkt->state = htonl(state); pt_pkt->seq_no = htons(*seq); @@ -89,6 +89,7 @@ enum { kOpt_undefined = 0, // Constants for parsing options + kOpt_set_magic, kOpt_set_proxy_addr, kOpt_set_mode, kOpt_set_password, @@ -105,47 +106,47 @@ enum { kOpt_set_root_dir, kOpt_set_selinux_context, kOpt_daemonize, - + kMode_forward = 0, // Ping tunnel's operating mode (client or - kMode_proxy, // proxy) - + kMode_proxy, // proxy) + kMax_tunnels = 10,/* Set this constant to the number of concurrent - connections you wish to handle by default. */ - - kNo_log = -1, // Different verbosity levels. - kLog_error = 0, + connections you wish to handle by default. */ + + kNo_log = -1, // Different verbosity levels. + kLog_error = 0, kLog_info, kLog_event, kLog_verbose, kLog_debug, kLog_sendrecv, - + kMajor_version = 0, // Major (0.xx) and minor (x.70) version kMinor_version = 72, // numbers. - + kIP_packet_max_size = 576, kIP_header_size = 20, // In bytes, mind you kIP_actual_size = (kIP_packet_max_size - kIP_header_size) - ((kIP_packet_max_size - kIP_header_size) % 8), kICMP_header_size = 8, // Also in bytes - + kDefault_buf_size = 1024, /* This constant control the maximum size of - the payload-portion of the ICMP packets - we send. Note that this does not include - the IP or ICMP headers! */ - + the payload-portion of the ICMP packets + we send. Note that this does not include + the IP or ICMP headers! */ + kICMP_echo_request = 8, // Type code for echo request and replies kICMP_echo_reply = 0, - + kPing_window_size = 64, // number of packets we can have in our send/receive ring - + /* Tunnels are automatically closed after one minute of inactivity. Since we continously send acknowledgements between the two peers, this mechanism won't disconnect "valid" connections. */ kAutomatic_close_timeout = 60, // Seconds! - + kMD5_digest_size = 16, // size of md5 digest in bytes - + /* These constants are used to indicate the protocol state. The protocol works as follows: - The identifier is used by both the proxy and the forwarder @@ -157,18 +158,18 @@ enum { kProxy_start Causes the proxy to open a connection to the given host and port, associating the ID with the socket, before the data on the socket are transmitted. - kProxy_data Indicates that the packet contains data from the proxy. + kProxy_data Indicates that the packet contains data from the proxy. Data ordering is indicated by the seq-no, which will start at 0. (The proxy and forwarder maintain different seq-nos.) - kUser_data This packet contains user data. + kUser_data This packet contains user data. kConnection_close Indicates that the connection is being closed. kProxy_ack and Acknowledges the packet (and all packets before it) with seq_no = ack. - kUser_ack This is used if there are no implicit acknowledgements due to data + kUser_ack This is used if there are no implicit acknowledgements due to data being sent. - + Acknowledgements work by the remote peer acknowledging the last continuous seq no it has received. - + Note: A proxy receiving a kProxy_data packet, or a user receiving a kUser_data packet, should ignore it, as it is the host operating system actually returning the ping. This is mostly relevant for users, and for @@ -180,15 +181,15 @@ enum { kProto_close, kProto_authenticate, kNum_proto_types, - - kUser_flag = 1 << 30, // set when packet comes from a user - kProxy_flag = 1 << 31, // set when packet comes from the proxy - kFlag_mask = kUser_flag | kProxy_flag, - - kDNS_port = 53, + + kUser_flag = 1 << 30, // set when packet comes from a user + kProxy_flag = 1 << 31, // set when packet comes from the proxy + kFlag_mask = kUser_flag | kProxy_flag, + + kDNS_port = 53, }; -#define kPing_tunnel_magic 0xD5200880 +#define kPing_tunnel_magic 0xDEADC0DE // Resend packets after this interval (in seconds) #define kResend_interval 1.5 @@ -198,15 +199,18 @@ enum { in packets from the client to the proxy. */ typedef struct { - uint32_t magic, // magic number, used to identify ptunnel packets. - dst_ip, // destination IP and port (used by proxy to figure - dst_port, // out where to tunnel to) - state, // current connection state; see constants above. - ack, // sequence number of last packet received from other end - data_len; // length of data buffer - uint16_t seq_no, // sequence number of this packet - id_no; // id number, used to separate different tunnels from each other - char data[0]; // optional data buffer + uint32_t + magic, // magic number, used to identify ptunnel packets. + dst_ip, // destination IP and port (used by proxy to figure + dst_port, // out where to tunnel to) + state, // current connection state; see constants above. + ack, // sequence number of last packet received from other end + data_len; // length of data buffer + uint16_t + seq_no, // sequence number of this packet + id_no; // id number, used to separate different tunnels from each other + char + data[0]; // optional data buffer } __attribute__ ((packed)) ping_tunnel_pkt_t; @@ -215,17 +219,23 @@ typedef struct { (or even the RFC) for info on the contents of this packet. */ typedef struct { - uint8_t vers_ihl, - tos; - uint16_t pkt_len, - id, - flags_frag_offset; - uint8_t ttl, - proto; // 1 for ICMP - uint16_t checksum; - uint32_t src_ip, - dst_ip; - char data[0]; + uint8_t + vers_ihl, + tos; + uint16_t + pkt_len, + id, + flags_frag_offset; + uint8_t + ttl, + proto; // 1 for ICMP + uint16_t + checksum; + uint32_t + src_ip, + dst_ip; + char + data[0]; } __attribute__ ((packed)) ip_packet_t; @@ -239,12 +249,15 @@ typedef struct { taken care of by the OS. */ typedef struct { - uint8_t type, - code; - uint16_t checksum, - identifier, - seq; - char data[0]; + uint8_t + type, + code; + uint16_t + checksum, + identifier, + seq; + char + data[0]; } __attribute__ ((packed)) icmp_echo_packet_t; @@ -254,29 +267,32 @@ typedef struct { to. */ typedef struct { - int sock; + int + sock; } pt_thread_info_t; /* forward_desc_t: Describes a piece of that needs to be forwarded. This structure is used for receiving data from the network, and for subsequent forwarding over TCP: - + 1. Client sends data to proxy over ICMP 2. Proxy receives the data, and puts it into a forward_desc_t 3. The proxy starts send()-ing the data over the TCP socket to the destination, decreasing forward_desc_t->remaining with the number of bytes transferred. 4. Once remaining reaches 0, the forward_desc_t is removed from the receive ring. - + The same procedure is followed in proxy-to-client communication. Just replace proxy with client and vice versa in the list above. */ typedef struct { - int seq_no, // ping_tunnel_pkt_t seq_no - length, // length of data - remaining; // amount of data not yet transferred - char data[0]; + int + seq_no, // ping_tunnel_pkt_t seq_no + length, // length of data + remaining; // amount of data not yet transferred + char + data[0]; } forward_desc_t; @@ -287,11 +303,12 @@ typedef struct { ICMP packets. */ typedef struct { - int pkt_len; // total length of ICMP packet, including ICMP header and ptunnel data. - double last_resend; - int resend_count; - uint16_t seq_no, - icmp_id; + int pkt_len; // total length of ICMP packet, including ICMP header and ptunnel data. + double last_resend; + int resend_count; + uint16_t + seq_no, + icmp_id; icmp_echo_packet_t *pkt; } icmp_desc_t; @@ -300,9 +317,10 @@ typedef struct { authentication. */ typedef struct challenge_t { - uint32_t sec, // tv_sec as returned by gettimeofday - usec_rnd, // tv_usec as returned by gettimeofday + random value - random[6]; // random values + uint32_t + sec, // tv_sec as returned by gettimeofday + usec_rnd, // tv_usec as returned by gettimeofday + random value + random[6]; // random values } __attribute__ ((packed)) challenge_t; @@ -310,79 +328,102 @@ typedef struct challenge_t { number of ping packets sent/received, etc. */ typedef struct xfer_stats_t { - double bytes_in, - bytes_out; - uint32_t icmp_in, - icmp_out, - icmp_resent, - icmp_ack_out; + double + bytes_in, + bytes_out; + uint32_t + icmp_in, + icmp_out, + icmp_resent, + icmp_ack_out; } xfer_stats_t; /* proxy_desc_t: This massive structure describes a tunnel instance. */ typedef struct proxy_desc_t { - int sock, // ICMP or UDP socket - bytes, // number of bytes in receive buffer - should_remove; // set to true once this instance should be removed - char *buf; // data buffer, used to receive ping and pong packets - uint16_t id_no, - my_seq, - ping_seq, - next_remote_seq, - pkt_type, - remote_ack_val, - icmp_id; - int recv_idx, // first available slot in recv ring - recv_xfer_idx, // current slot in recv ring being transferred - send_idx, // first available slot in send ring - send_first_ack, // first packet in send ring not yet acked - recv_wait_send, // number of items in recv ring awaiting send - send_wait_ack, // number of items in send ring awaiting ack - next_resend_start, - authenticated; - challenge_t *challenge; // Contains the challenge, if used. - uint32_t state, // Protocol state - type_flag, // Either kProxy_flag or kUser_flag - dst_ip, // IP and port to which data should be forwarded. - dst_port; - struct sockaddr_in dest_addr; // Same as above - double last_ack, // Time when last ack packet was sent. - last_activity; // Time when a packet was last received. - icmp_desc_t send_ring[kPing_window_size]; - forward_desc_t *recv_ring[kPing_window_size]; - xfer_stats_t xfer; - struct proxy_desc_t *next; + int + sock, // ICMP or UDP socket + bytes, // number of bytes in receive buffer + should_remove; // set to true once this instance should be removed + char *buf; // data buffer, used to receive ping and pong packets + uint16_t + id_no, + my_seq, + ping_seq, + next_remote_seq, + pkt_type, + remote_ack_val, + icmp_id; + int + recv_idx, // first available slot in recv ring + recv_xfer_idx, // current slot in recv ring being transferred + send_idx, // first available slot in send ring + send_first_ack, // first packet in send ring not yet acked + recv_wait_send, // number of items in recv ring awaiting send + send_wait_ack, // number of items in send ring awaiting ack + next_resend_start, + authenticated; + challenge_t + *challenge; // Contains the challenge, if used. + uint32_t + state, // Protocol state + type_flag, // Either kProxy_flag or kUser_flag + dst_ip, // IP and port to which data should be forwarded. + dst_port; + struct sockaddr_in + dest_addr; // Same as above + double + last_ack, // Time when last ack packet was sent. + last_activity; // Time when a packet was last received. + icmp_desc_t + send_ring[kPing_window_size]; + forward_desc_t + *recv_ring[kPing_window_size]; + xfer_stats_t + xfer; + struct proxy_desc_t + *next; } proxy_desc_t; /* pqueue_elem_t: An queue element in the pqueue structure (below). */ typedef struct pqueue_elem_t { - int bytes; // size of data buffer - struct pqueue_elem_t *next; // next queue element (if any) - char data[0]; // data (duh!) + int + bytes; // size of data buffer + struct pqueue_elem_t + *next; // next queue element (if any) + char + data[0]; // data (duh!) } pqueue_elem_t; /* pqueue_t: A simple queue strucutre. */ typedef struct { - pqueue_elem_t *head, - *tail; - int elems; + pqueue_elem_t + *head, + *tail; + int + elems; } pqueue_t; /* pcap_info_t: Structure to hold information related to packet capturing. */ typedef struct { - pcap_t *pcap_desc; - struct bpf_program fp; // Compiled filter program - uint32_t netp, - netmask; - char *pcap_err_buf, // Buffers for error and packet info - *pcap_data_buf; - pqueue_t pkt_q; // Queue of packets to process + pcap_t + *pcap_desc; + struct bpf_program + fp; // Compiled filter program + uint32_t + netp, + netmask; + char + *pcap_err_buf, // Buffers for error and packet info + *pcap_data_buf; + pqueue_t + pkt_q; // Queue of packets to process } pcap_info_t; @@ -391,12 +432,12 @@ typedef struct { void* pt_proxy(void *args); void pcap_packet_handler(u_char *refcon, const struct pcap_pkthdr *hdr, const u_char* pkt); void handle_packet(char *buf, int bytes, int is_pcap, struct sockaddr_in *addr, int icmp_sock); - + proxy_desc_t* create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, int sock, struct sockaddr_in *addr, uint32_t dst_ip, uint32_t dst_port, uint32_t init_state, uint32_t type); void remove_proxy_desc(proxy_desc_t *cur, proxy_desc_t *prev); - + void pt_forwarder(void); - + void print_statistics(xfer_stats_t *xfer, int is_continuous); int queue_packet(int icmp_sock, uint8_t type, char *buf, int num_bytes, uint16_t id_no, uint16_t icmp_id, uint16_t *seq, icmp_desc_t ring[], int *insert_idx, int *await_send, uint32_t ip, uint32_t port, uint32_t state, struct sockaddr_in *dest_addr, uint16_t next_expected_seq, int *first_ack, uint16_t *ping_seq); uint32_t send_packets(forward_desc_t *ring[], int *xfer_idx, int *await_send, int *sock); @@ -406,13 +447,13 @@ typedef struct { void init_ip_packet(ip_packet_t *packet, uint16_t id, uint16_t frag_offset, uint16_t pkt_len, uint8_t ttl, uint32_t src_ip, uint32_t dst_ip, bool is_last_frag, bool dont_frag); uint16_t calc_ip_checksum(ip_packet_t *pkt); uint16_t calc_icmp_checksum(uint16_t *data, int bytes); - + challenge_t* generate_challenge(void); - void generate_response(challenge_t *challenge); - int validate_challenge(challenge_t *local, challenge_t *remote); - + void generate_response(challenge_t *challenge); + int validate_challenge(challenge_t *local, challenge_t *remote); + void send_termination_msg(proxy_desc_t *cur, int icmp_sock); - + char* f_inet_ntoa(uint32_t ip); void pt_log(int level, char *fmt, ...); double time_as_double(void); |