diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-03-21 12:26:04 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-03-22 18:07:44 +0100 |
| commit | b96e7a6fa47ff523d14f1d1502b04cb3ad837186 (patch) | |
| tree | 9e0d3f4069b62eb066879d099b8fac8fb764fc07 | |
| parent | da8f7aa18c9d3b61ee5c58eb1c641443a3b8669e (diff) | |
Got rid of those non working extended options, because:removed_extended_options
* legendary spaghetti code
* did not work at all, caused several buffer overflows
* pain-in-the-ass to maintain and test
* badly reviewed from my side :/
* improved and working "extended options" may be added later
* basically reverts most of #8
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | src/options.c | 58 | ||||
| -rw-r--r-- | src/options.h | 5 | ||||
| -rw-r--r-- | src/pconfig.h | 2 | ||||
| -rw-r--r-- | src/pdesc.c | 21 | ||||
| -rw-r--r-- | src/pdesc.h | 2 | ||||
| -rw-r--r-- | src/pkt.c | 59 | ||||
| -rw-r--r-- | src/pkt.h | 4 | ||||
| -rw-r--r-- | src/ptunnel.c | 41 |
8 files changed, 22 insertions, 170 deletions
diff --git a/src/options.c b/src/options.c index 5f2de0f..f811cb5 100644 --- a/src/options.c +++ b/src/options.c @@ -146,32 +146,6 @@ static const struct option_usage usage[] = { "Unprivileged mode will only work on some systems, and is in general less reliable\n" "than running in privileged mode.\n" }, - /** --window-size */ - {"packets", 0, OPT_DEC32, {.unum = 64}, - "Tune the number of packets that can be in-flight at the same time.\n" - "Increasing the window size will improve the maximum potential bandwidth.\n" - }, - /** --ack-interval */ - {"milliseconds", 0, OPT_DEC32, {.unum = 1000}, - "Tune the explicit acknowledgement interval (in milliseconds)\n" - "Decreasing the acknowledgement interval can improve NAT stability.\n" - }, - /** --resend-interval */ - {"milliseconds", 0, OPT_DEC32, {.unum = 1500}, - "Tune the lost packet timeout (in milliseconds)\n" - "Decreasing the resend interval can compensate for frequent packet loss.\n" - }, - /** --payload-size */ - {"bytes", 0, OPT_DEC32, {.unum = 1024}, - "Tune the amount of data per packet (in bytes)\n" - "Decreasing the payload size can avoid corruption of large packets.\n" - "Increasing the payload size can compensate for out-of-order delivery.\n" - }, - /** --empty-pings */ - {"count", 0, OPT_DEC32, {.unum = 0}, - "Tune the number of empty pings to send with each explicit acknowledgement.\n" - "Empty pings can compensate for ICMP sequence number inspection.\n" - }, /** --force-sha512 */ {"force-sha512", 0, OPT_BOOL, {.num = 0}, "Force SHA512 as challenge response checksum generator.\n" @@ -244,11 +218,6 @@ static struct option long_options[] = { {"passwd", required_argument, 0, 'P'}, {"udp", no_argument, &opts.udp, 1}, {"unprivileged", no_argument, &opts.unprivileged, 1}, - {"window-size", required_argument, 0, 'w'}, - {"ack-interval", required_argument, 0, 'a'}, - {"resend-interval", required_argument, 0, 't'}, - {"payload-size", required_argument, 0, 'y'}, - {"empty-pings", required_argument, 0, 'E'}, {"force-sha512", no_argument, &opts.force_sha512, 1}, {"daemon", optional_argument, 0, 'd'}, {"syslog", no_argument, 0, 'S'}, @@ -437,7 +406,7 @@ int parse_options(int argc, char **argv) { * since you have to pass long options as '--option=value'. Commonly used * '--option value' is *NOT* allowed for some libc implementations. */ - c = getopt_long(argc, argv, "m:p:l:r::R::c:v:L:o::sP:d::Su::g::C::e::w:a:t:y:E:h", &long_options[0], &oidx); + c = getopt_long(argc, argv, "m:p:l:r::R::c:v:L:o::sP:d::Su::g::C::e::h", &long_options[0], &oidx); if (c == -1) break; switch (c) { @@ -590,31 +559,6 @@ int parse_options(int argc, char **argv) { pt_log(kLog_error, "SeLinux: %s\n", "feature not supported"); exit(1); #endif - case 'w': - if (!optarg) - break; - opts.window_size = atoi(optarg); - break; - case 'a': - if (!optarg) - break; - opts.ack_interval = atoi(optarg); - break; - case 't': - if (!optarg) - break; - opts.resend_interval = atoi(optarg); - break; - case 'y': - if (!optarg) - break; - opts.payload_size = atoi(optarg); - break; - case 'E': - if (!optarg) - break; - opts.empty_pings = atoi(optarg); - break; case 'h': print_usage(argv[0]); exit(EXIT_SUCCESS); diff --git a/src/options.h b/src/options.h index b950d70..bea713b 100644 --- a/src/options.h +++ b/src/options.h @@ -94,11 +94,6 @@ struct options { int udp; /** unpriviledged mode */ int unprivileged; - uint16_t window_size; - uint16_t ack_interval; - uint16_t resend_interval; - uint16_t payload_size; - uint16_t empty_pings; #ifndef WIN32 /** run as daemon if non zero value */ diff --git a/src/pconfig.h b/src/pconfig.h index 5c642ee..53fcbe7 100644 --- a/src/pconfig.h +++ b/src/pconfig.h @@ -75,7 +75,7 @@ enum { * we send. Note that this does not include * the IP or ICMP headers! */ - kDefault_buf_size = 0xFFFF, + kDefault_buf_size = 1024, /** Type code for echo request and replies */ kICMP_echo_request = 8, kICMP_echo_reply = 0, diff --git a/src/pdesc.c b/src/pdesc.c index aebaa1e..90a8a2e 100644 --- a/src/pdesc.c +++ b/src/pdesc.c @@ -93,15 +93,16 @@ proxy_desc_t *create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, { pt_log(kLog_error, "Connect to %s:%d failed: %s\n", inet_ntoa(*(struct in_addr*)&addr->sin_addr.s_addr) , ntohs(addr->sin_port), strerror(errno)); } - } - else + } else { cur->sock = sock; + } cur->state = init_state; cur->type_flag = type; - if (cur->type_flag == kUser_flag) + if (cur->type_flag == kUser_flag) { cur->pkt_type = kICMP_echo_request; - else + } else { cur->pkt_type = (opts.unprivileged ? kICMP_echo_request : kICMP_echo_reply); + } cur->buf = (char *) malloc(icmp_receive_buf_len); cur->last_activity = time_as_double(); cur->authenticated = 0; @@ -112,13 +113,11 @@ proxy_desc_t *create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, pthread_mutex_unlock(&chain_lock); cur->xfer.bytes_in = 0.0; cur->xfer.bytes_out = 0.0; - cur->window_size = opts.window_size ? opts.window_size : 64; - cur->ack_interval = opts.ack_interval ? opts.ack_interval / 1000.0 : 1.0; - cur->resend_interval = opts.resend_interval ? opts.resend_interval / 1000.0 : 1.5; - cur->payload_size = opts.payload_size ? opts.payload_size : 1024; - memset(cur->extended_options, 0, sizeof(cur->extended_options)); - cur->send_ring = (icmp_desc_t *) calloc(cur->window_size, sizeof(icmp_desc_t)); - cur->recv_ring = (forward_desc_t **) calloc(cur->window_size, sizeof(forward_desc_t *)); + cur->window_size = kPing_window_size; + cur->ack_interval = 1.0; + cur->resend_interval = 1.5; + cur->send_ring = (icmp_desc_t *) calloc(cur->window_size, sizeof(icmp_desc_t)); + cur->recv_ring = (forward_desc_t **) calloc(cur->window_size, sizeof(forward_desc_t *)); return cur; } diff --git a/src/pdesc.h b/src/pdesc.h index 49aa733..7ff6898 100644 --- a/src/pdesc.h +++ b/src/pdesc.h @@ -159,8 +159,6 @@ typedef struct proxy_desc_t { uint16_t window_size; double ack_interval; double resend_interval; - uint16_t payload_size; - uint16_t extended_options[4]; icmp_desc_t *send_ring; forward_desc_t **recv_ring; xfer_stats_t xfer; @@ -104,10 +104,7 @@ handle_incoming_tunnel_request(unsigned bytes, struct sockaddr_in *addr, int icm return NULL; } if (pt_pkt->data_len > 0) { - handle_data(pkt, bytes, cur, 1); - if (!opts.password) { - handle_extended_options(cur); - } + handle_data(pkt, bytes, cur); } if (init_state == kProto_authenticate) { pt_log(kLog_debug, "Sending authentication challenge..\n"); @@ -152,7 +149,7 @@ static void handle_auth_request(unsigned bytes, int icmp_sock, * It's up to the proxy now if it accepts our response or not.. */ cur->authenticated = 1; - handle_data(pkt, bytes, cur, 0); + handle_data(pkt, bytes, cur); } static void handle_auth_response(unsigned bytes, int icmp_sock, @@ -171,7 +168,6 @@ static void handle_auth_response(unsigned bytes, int icmp_sock, cur->authenticated) { pt_log(kLog_verbose, "Remote end authenticated successfully.\n"); - handle_extended_options(cur); /* Authentication has succeeded, so now we can proceed * to handle incoming TCP data. */ @@ -180,7 +176,7 @@ static void handle_auth_response(unsigned bytes, int icmp_sock, /* Insert the packet into the receive ring, to avoid * confusing the reliab ility mechanism. */ - handle_data(pkt, bytes, cur, 0); + handle_data(pkt, bytes, cur); } else { pt_log(kLog_info, "Remote end failed authentication.\n"); send_termination_msg(cur, icmp_sock); @@ -377,7 +373,7 @@ void handle_packet(char * buf, unsigned bytes, int is_pcap, struct sockaddr_in * if (pt_pkt->state == kProxy_start) { pt_pkt->data_len = 0; } - handle_data(pkt, bytes, cur, 0); + handle_data(pkt, bytes, cur); } handle_ack(pt_pkt->ack, cur); cur->last_activity = now; @@ -454,7 +450,7 @@ static void queue_payload_data_out_of_order(ping_tunnel_pkt_t * const pt_pkt, pr * Utility function for handling kProto_data packets, and place the data it contains * onto the passed-in receive ring. */ -void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur, int handle_extended_options) +void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur) { ping_tunnel_pkt_t * pt_pkt = (ping_tunnel_pkt_t *)pkt->data; int expected_len = sizeof(ip_packet_t) + sizeof(icmp_echo_packet_t) + sizeof(ping_tunnel_pkt_t); /* 20+8+28 */ @@ -484,23 +480,6 @@ void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur, in return; } - if (handle_extended_options) { - uint16_t * extended_options = (uint16_t *)pt_pkt->data; - if (pt_pkt->data_len >= 2) { - cur->extended_options[0] = ntohs(extended_options[0]); - } - if (pt_pkt->data_len >= 4) { - cur->extended_options[1] = ntohs(extended_options[1]); - } - if (pt_pkt->data_len >= 6) { - cur->extended_options[2] = ntohs(extended_options[2]); - } - if (pt_pkt->data_len >= 8) { - cur->extended_options[3] = ntohs(extended_options[3]); - } - return; - } - if (pt_pkt->seq_no == cur->next_remote_seq) { queue_payload_data(pt_pkt, cur); } else { @@ -508,34 +487,6 @@ void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur, in } } -void handle_extended_options(proxy_desc_t * cur) -{ - if (cur->extended_options[0] > 0) { - if (cur->extended_options[0] > cur->window_size) { - size_t extend = cur->extended_options[0] - cur->window_size; - cur->send_ring = (icmp_desc_t *)realloc(cur->send_ring, cur->extended_options[0] * sizeof(icmp_desc_t)); - cur->recv_ring = - (forward_desc_t **)realloc(cur->recv_ring, cur->extended_options[0] * sizeof(forward_desc_t *)); - memset(cur->send_ring + cur->window_size, 0, extend * sizeof(icmp_desc_t)); - memset(cur->recv_ring + cur->window_size, 0, extend * sizeof(forward_desc_t *)); - } - cur->window_size = cur->extended_options[0]; - pt_log(kLog_verbose, "Received extended option for window size %d \n", cur->window_size); - } - if (cur->extended_options[1] > 0) { - cur->ack_interval = cur->extended_options[1] / 1000.0; - pt_log(kLog_verbose, "Received extended option for ack interval %f \n", cur->ack_interval); - } - if (cur->extended_options[2] > 0) { - cur->resend_interval = cur->extended_options[2] / 1000.0; - pt_log(kLog_verbose, "Received extended option for resend interval %f \n", cur->resend_interval); - } - if (cur->extended_options[3] > 0) { - cur->payload_size = cur->extended_options[3]; - pt_log(kLog_verbose, "Received extended option for payload size %d \n", cur->payload_size); - } -} - void handle_ack(uint32_t seq_no, proxy_desc_t * cur) { if (cur->send_wait_ack > 0) { @@ -137,9 +137,7 @@ typedef struct proxy_desc_t proxy_desc_t; void handle_packet(char * buf, unsigned bytes, int is_pcap, struct sockaddr_in * addr, int icmp_sock); -void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur, int handle_extended_options); - -void handle_extended_options(proxy_desc_t * cur); +void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur); void handle_ack(uint32_t seq_no, proxy_desc_t * cur); diff --git a/src/ptunnel.c b/src/ptunnel.c index 0a4ab38..f42ea98 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -108,6 +108,7 @@ uint32_t num_tunnels = 0; time_t *seq_expiry_tbl = NULL; /* Some buffer constants */ +const int tcp_receive_buf_len = kDefault_buf_size; const int icmp_receive_buf_len = kDefault_buf_size + kIP_header_size + kICMP_header_size + sizeof(ping_tunnel_pkt_t); const int pcap_buf_size = (kDefault_buf_size + kIP_header_size + @@ -631,27 +632,7 @@ unsigned int __stdcall pt_proxy(void *args) if (cur->state == kProxy_start) { pt_log(kLog_verbose, "Sending proxy request.\n"); cur->last_ack = time_as_double(); - uint16_t extended_options[4]; - size_t extended_options_size = 0; - memset(extended_options, 0, sizeof(extended_options)); - if (opts.window_size) { - extended_options_size = sizeof(uint16_t); - extended_options[0] = htons(opts.window_size); - } - if (opts.ack_interval) { - extended_options_size = 2*sizeof(uint16_t); - extended_options[1] = htons(opts.ack_interval); - } - if (opts.resend_interval) { - extended_options_size = 3*sizeof(uint16_t); - extended_options[2] = htons(opts.resend_interval); - } - if (opts.payload_size) { - extended_options_size = 4*sizeof(uint16_t); - extended_options[3] = htons(opts.payload_size); - } - queue_packet(fwd_sock, cur, (char *)extended_options, extended_options_size, - cur->dst_ip, cur->dst_port, cur->state | cur->type_flag); + queue_packet(fwd_sock, cur, NULL, 0, cur->dst_ip, cur->dst_port, cur->state | cur->type_flag); cur->xfer.icmp_out++; cur->state = kProto_data; } @@ -665,7 +646,7 @@ unsigned int __stdcall pt_proxy(void *args) } /* Handle TCP traffic */ if (FD_ISSET(cur->sock, &set)) { - bytes = recv(cur->sock, cur->buf, cur->payload_size, 0); + bytes = recv(cur->sock, cur->buf, tcp_receive_buf_len, 0); if (bytes <= 0) { pt_log(kLog_info, "Connection closed or lost.\n"); tmp = cur->next; @@ -730,23 +711,9 @@ unsigned int __stdcall pt_proxy(void *args) if (cur->last_ack+cur->ack_interval < now && cur->send_wait_ack < cur->window_size && cur->remote_ack_val+1 != cur->next_remote_seq) { - idx = cur->send_idx; queue_packet(fwd_sock, cur, NULL, 0, cur->dst_ip, cur->dst_port, kProto_ack | cur->type_flag); - cur->xfer.icmp_ack_out++; - if (opts.empty_pings && - cur->last_data_activity > cur->last_ack && - cur->send_ring[idx].pkt_len > sizeof(icmp_echo_packet_t) && - cur->send_ring[idx].pkt->type == kICMP_echo_request) { - for (uint16_t e = 0; e < opts.empty_pings; e++) { - cur->send_ring[idx].pkt->seq = htons(cur->ping_seq); - cur->ping_seq++; - cur->send_ring[idx].pkt->checksum = 0; - cur->send_ring[idx].pkt->checksum = htons(calc_icmp_checksum((uint16_t*)cur->send_ring[idx].pkt, sizeof(icmp_echo_packet_t))); - sendto(fwd_sock, (const void*)cur->send_ring[idx].pkt, sizeof(icmp_echo_packet_t), - 0, (struct sockaddr*)&cur->dest_addr, sizeof(struct sockaddr)); - } - } cur->last_ack = now; + cur->xfer.icmp_ack_out++; } } pthread_mutex_unlock(&chain_lock); |