diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2019-01-24 14:18:17 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2019-01-24 14:21:57 +0100 |
| commit | 22a07d791bf74b7c6478058e8b1c91018b1bc2f7 (patch) | |
| tree | d9900b963cf331a3a6cb69061576c76800a88501 /src | |
| parent | 476d6b28848f952c09a094e2227f20d69d4f1482 (diff) | |
| parent | cea2b50c81db45d3f0eb19c327d2cc04bc01e1d2 (diff) | |
Merge branch 'master' into releasev1.32
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 12 | ||||
| -rw-r--r-- | src/Makefile.in | 26 | ||||
| -rw-r--r-- | src/challenge.c | 7 | ||||
| -rw-r--r-- | src/challenge.h | 2 | ||||
| -rw-r--r-- | src/config.h.in | 15 | ||||
| -rw-r--r-- | src/options.c | 2 | ||||
| -rw-r--r-- | src/options.h | 2 | ||||
| -rw-r--r-- | src/pconfig.h | 2 | ||||
| -rw-r--r-- | src/pdesc.c | 4 | ||||
| -rw-r--r-- | src/pdesc.h | 2 | ||||
| -rw-r--r-- | src/pkt.c | 17 | ||||
| -rw-r--r-- | src/pkt.h | 2 | ||||
| -rw-r--r-- | src/ptunnel.c | 36 | ||||
| -rw-r--r-- | src/ptunnel.h | 3 | ||||
| -rw-r--r-- | src/utils.c | 29 | ||||
| -rw-r--r-- | src/utils.h | 4 |
16 files changed, 125 insertions, 40 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 6d37a49..1d161a2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,6 +14,18 @@ if HAVE_SELINUX ptunnel_ng_CFLAGS += -DHAVE_SELINUX=1 endif +if HAVE_ICMPFILTER +ptunnel_ng_CFLAGS += -DHAVE_ICMPFILTER=1 +endif + +if HAVE_ARC4RANDOM +ptunnel_ng_CFLAGS += -DHAVE_ARC4RANDOM=1 +else +if HAVE_RANDOM +ptunnel_ng_CFLAGS += -DHAVE_RANDOM=1 +endif +endif + ptunnel_ng_SOURCES = \ md5.c \ challenge.c \ diff --git a/src/Makefile.in b/src/Makefile.in index 2c84d72..4d3bc76 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -91,11 +91,14 @@ host_triplet = @host@ bin_PROGRAMS = ptunnel-ng$(EXEEXT) @HAVE_PCAP_TRUE@am__append_1 = -DHAVE_PCAP=1 @HAVE_SELINUX_TRUE@am__append_2 = -DHAVE_SELINUX=1 -@IS_WINDOWS_TRUE@am__append_3 = -I$(abs_srcdir)/win32/includes -@IS_WINDOWS_TRUE@am__append_4 = $(wpcap_IMP) -@IS_WINDOWS_TRUE@am__append_5 = $(wpcap_DEF) -@IS_WINDOWS_TRUE@am__append_6 = $(wpcap_IMP) -@IS_WINDOWS_TRUE@am__append_7 = $(wpcap_DEF) +@HAVE_ICMPFILTER_TRUE@am__append_3 = -DHAVE_ICMPFILTER=1 +@HAVE_ARC4RANDOM_TRUE@am__append_4 = -DHAVE_ARC4RANDOM=1 +@HAVE_ARC4RANDOM_FALSE@@HAVE_RANDOM_TRUE@am__append_5 = -DHAVE_RANDOM=1 +@IS_WINDOWS_TRUE@am__append_6 = -I$(abs_srcdir)/win32/includes +@IS_WINDOWS_TRUE@am__append_7 = $(wpcap_IMP) +@IS_WINDOWS_TRUE@am__append_8 = $(wpcap_DEF) +@IS_WINDOWS_TRUE@am__append_9 = $(wpcap_IMP) +@IS_WINDOWS_TRUE@am__append_10 = $(wpcap_DEF) subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac @@ -118,7 +121,7 @@ am_ptunnel_ng_OBJECTS = ptunnel_ng-md5.$(OBJEXT) \ ptunnel_ng-pdesc.$(OBJEXT) ptunnel_ng-ptunnel.$(OBJEXT) \ $(am__objects_2) ptunnel_ng_OBJECTS = $(am_ptunnel_ng_OBJECTS) -ptunnel_ng_DEPENDENCIES = $(am__append_4) +ptunnel_ng_DEPENDENCIES = $(am__append_7) ptunnel_ng_LINK = $(CCLD) $(ptunnel_ng_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) @@ -312,12 +315,13 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ man8_MANS = ptunnel-ng.8 ptunnel_ng_CFLAGS = -Wall $(am__append_1) $(am__append_2) \ - $(am__append_3) -ptunnel_ng_LDADD = $(am__append_4) -CLEANFILES = $(am__append_6) -EXTTRA_DIST = $(am__append_7) + $(am__append_3) $(am__append_4) $(am__append_5) \ + $(am__append_6) +ptunnel_ng_LDADD = $(am__append_7) +CLEANFILES = $(am__append_9) +EXTTRA_DIST = $(am__append_10) ptunnel_ng_SOURCES = md5.c challenge.c options.c utils.c pkt.c pdesc.c \ - ptunnel.c $(am__append_5) + ptunnel.c $(am__append_8) @IS_WINDOWS_TRUE@wpcap_DEF = $(abs_srcdir)/win32/WPCAP.DEF @IS_WINDOWS_TRUE@wpcap_IMP = $(abs_srcdir)/win32/libwpcap_implib.a all: config.h diff --git a/src/challenge.c b/src/challenge.c index 24a13f7..f269313 100644 --- a/src/challenge.c +++ b/src/challenge.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -50,6 +50,7 @@ #include "challenge.h" #include "options.h" #include "md5.h" +#include "utils.h" /* generate_challenge: Generates a random challenge, incorporating the current * local timestamp to avoid replay attacks. @@ -62,9 +63,9 @@ challenge_t* generate_challenge(void) { c = (challenge_t *) calloc(1, sizeof(challenge_t)); gettimeofday(&tt, 0); c->sec = tt.tv_sec; - c->usec_rnd = tt.tv_usec + rand(); + c->usec_rnd = tt.tv_usec + pt_random(); for (i=0;i<6;i++) - c->random[i] = rand(); + c->random[i] = pt_random(); return c; } diff --git a/src/challenge.h b/src/challenge.h index 035a97e..18495cf 100644 --- a/src/challenge.h +++ b/src/challenge.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/config.h.in b/src/config.h.in index 609856e..0cd059a 100644 --- a/src/config.h.in +++ b/src/config.h.in @@ -1,11 +1,17 @@ /* src/config.h.in. Generated from configure.ac by autoheader. */ +/* Define to 1 if you have the `arc4random' function. */ +#undef HAVE_ARC4RANDOM + /* Define to 1 if you have the <arpa/inet.h> header file. */ #undef HAVE_ARPA_INET_H /* Define to 1 if you have the <assert.h> header file. */ #undef HAVE_ASSERT_H +/* Define to 1 if you have the <bsd/stdlib.h> header file. */ +#undef HAVE_BSD_STDLIB_H + /* Define to 1 if you have the `calloc' function. */ #undef HAVE_CALLOC @@ -111,6 +117,9 @@ /* Define to 1 if you have the <pwd.h> header file. */ #undef HAVE_PWD_H +/* Define to 1 if you have the `random' function. */ +#undef HAVE_RANDOM + /* Define to 1 if you have the <selinux/selinux.h> header file. */ #undef HAVE_SELINUX_SELINUX_H @@ -123,6 +132,9 @@ /* Define to 1 if you have the `sprintf' function. */ #undef HAVE_SPRINTF +/* Define to 1 if you have the `srandom' function. */ +#undef HAVE_SRANDOM + /* Define to 1 if you have the <stdarg.h> header file. */ #undef HAVE_STDARG_H @@ -177,6 +189,9 @@ /* Define to 1 if you have the <sys/unistd.h> header file. */ #undef HAVE_SYS_UNISTD_H +/* Define to 1 if you have the `timespec_get' function. */ +#undef HAVE_TIMESPEC_GET + /* Define to 1 if you have the <time.h> header file. */ #undef HAVE_TIME_H diff --git a/src/options.c b/src/options.c index beecd39..4ae434f 100644 --- a/src/options.c +++ b/src/options.c @@ -2,7 +2,7 @@ * options.c * ptunnel is licensed under the BSD license: * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/options.h b/src/options.h index 3c42a19..176620a 100644 --- a/src/options.h +++ b/src/options.h @@ -2,7 +2,7 @@ * options.h * ptunnel is licensed under the BSD license: * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/pconfig.h b/src/pconfig.h index c85df14..6be141e 100644 --- a/src/pconfig.h +++ b/src/pconfig.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/pdesc.c b/src/pdesc.c index 906f35c..51fa3ab 100644 --- a/src/pdesc.c +++ b/src/pdesc.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -56,7 +56,7 @@ * the descriptor chain. If the sock argument is 0, the function will establish * a TCP connection to the ip and port given by dst_ip, dst_port. */ -proxy_desc_t* create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, +proxy_desc_t *create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, int sock, struct sockaddr_in *addr, uint32_t dst_ip, uint32_t dst_port, uint32_t init_state, uint32_t type) { diff --git a/src/pdesc.h b/src/pdesc.h index 35147db..d0767aa 100644 --- a/src/pdesc.h +++ b/src/pdesc.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -124,6 +124,10 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a pkt_flag = pt_pkt->state & kFlag_mask; pt_pkt->state &= ~kFlag_mask; + if (pt_pkt->state > (kNum_proto_types-1)) { + pt_log(kLog_error, "Dropping packet with invalid state.\n"); + return; + } pt_log(kLog_sendrecv, "Recv: %d [%d] bytes " "[seq = %d] [type = %s] " "[ack = %d] [icmp = %d] " @@ -166,10 +170,15 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a else init_state = kProto_data; - cur = create_and_insert_proxy_desc(pt_pkt->id_no, pkt->identifier, 0, + cur = (proxy_desc_t *) create_and_insert_proxy_desc(pt_pkt->id_no, pkt->identifier, 0, addr, pt_pkt->dst_ip, ntohl(pt_pkt->dst_port), init_state, kProxy_flag); + if (!cur) { + /* if failed, abort. Logging is done in create_insert_proxy_desc */ + pt_log(kLog_error, "Failed to create proxy descriptor!\n"); + return; + } if (init_state == kProto_authenticate) { pt_log(kLog_debug, "Sending authentication challenge..\n"); /* Send challenge */ @@ -189,7 +198,9 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a return; } else - pt_log(kLog_error, "Dropping duplicate proxy session request.\n"); + pt_log(kLog_error, "Dropping duplicate proxy session request " + "with ID %d and seq %d.\n", + pt_pkt->id_no, pt_pkt->seq_no); } else if (cur && pt_pkt->state == kProto_authenticate) { /* Sanity check packet length, and make sure it matches what we expect */ @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/ptunnel.c b/src/ptunnel.c index a4c5ae5..8fdf7a8 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -62,7 +62,7 @@ #define errno GetLastError() /** Local error string storage */ static char errorstr[255]; -static char * print_last_windows_error() { +static char * print_last_windows_error() { char last_errorstr[255]; DWORD last_error = GetLastError(); @@ -126,10 +126,6 @@ int main(int argc, char *argv[]) { } #endif /* WIN32 */ - /* Seed random generator; it'll be used in combination with a timestamp - * when generating authentication challenges. - */ - srand(time(0)); memset(opts.password_digest, 0, kMD5_digest_size); /* The seq_expiry_tbl is used to prevent the remote ends from prematurely @@ -154,7 +150,7 @@ int main(int argc, char *argv[]) { #endif pt_log(kLog_info, "Starting %s.\n", PACKAGE_STRING); pt_log(kLog_info, "(c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>\n"); - pt_log(kLog_info, "(c) 2017 Toni Uhlig, <matzeton@googlemail.com>\n"); + pt_log(kLog_info, "(c) 2017-2019 Toni Uhlig, <matzeton@googlemail.com>\n"); #ifdef WIN32 pt_log(kLog_info, "Windows version by Mike Miller, <mike@mikeage.net>\n"); #else @@ -184,7 +180,7 @@ int main(int argc, char *argv[]) { if (opts.chroot) { pt_log(kLog_info, "Restricting file access to %s\n", opts.root_dir); if (-1 == chdir(opts.root_dir) || -1 == chroot(opts.root_dir)) { - pt_log(kLog_error, "%s: %s\n", opts.root_dir, strerror(errno)); + pt_log(kLog_error, "chdir/chroot `%s': %s\n", opts.root_dir, strerror(errno)); exit(1); } } @@ -210,7 +206,7 @@ int main(int argc, char *argv[]) { if (! freopen("/dev/null", "r", stdin) || ! freopen("/dev/null", "w", stdout) || ! freopen("/dev/null", "w", stderr)) - pt_log(kLog_error, "freopen: %s\n", strerror(errno)); + pt_log(kLog_error, "freopen `%s': %s\n", "/dev/null", strerror(errno)); } } } @@ -323,7 +319,7 @@ void pt_forwarder(void) { } } addr = dest_addr; - rand_id = (uint16_t)rand(); + rand_id = (uint16_t) pt_random(); create_and_insert_proxy_desc(rand_id, rand_id, new_sock, &addr, opts.given_dst_ip, opts.given_dst_port, kProxy_start, kUser_flag); pthread_mutex_unlock(&num_threads_lock); } @@ -388,6 +384,9 @@ void* pt_proxy(void *args) { in_addr_t *adr; #endif struct in_addr in_addr; +#ifdef HAVE_ICMPFILTER + struct icmp_filter filt; +#endif /* Start the thread, initialize protocol and ring states. */ pt_log(kLog_debug, "Starting ping proxy..\n"); @@ -403,13 +402,24 @@ void* pt_proxy(void *args) { } } else { - if (opts.unprivileged) { + if (opts.unprivileged) + { pt_log(kLog_debug, "Attempting to create unprivileged ICMP datagram socket..\n"); fwd_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP); - } - else { + } else { pt_log(kLog_debug, "Attempting to create privileged ICMP raw socket..\n"); fwd_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); +#ifdef HAVE_ICMPFILTER + if (opts.mode == kMode_forward) + filt.data = ~(1<<ICMP_ECHOREPLY); + else + filt.data = ~(1<<ICMP_ECHO); + if (fwd_sock >= 0 && + setsockopt(fwd_sock, SOL_RAW, ICMP_FILTER, &filt, sizeof filt) == -1) + { + pt_log(kLog_error, "setockopt for ICMP_FILTER: %s\n", strerror(errno)); + } +#endif } if (fwd_sock < 0) { pt_log(kLog_error, "Couldn't create %s socket: %s\n", diff --git a/src/ptunnel.h b/src/ptunnel.h index 7566f92..d93f997 100644 --- a/src/ptunnel.h +++ b/src/ptunnel.h @@ -45,6 +45,9 @@ #define PING_TUNNEL_H 1 #ifndef WIN32 +#ifdef HAVE_ICMPFILTER +#include <linux/icmp.h> +#endif #ifdef HAVE_SYS_UNISTD_H #include <sys/unistd.h> #endif diff --git a/src/utils.c b/src/utils.c index 66ed4c0..462d688 100644 --- a/src/utils.c +++ b/src/utils.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -43,8 +43,15 @@ * Note that the source code is best viewed with tabs set to 4 spaces. */ +#include <stdio.h> +#include <stdlib.h> #include <stdarg.h> #include <string.h> +#include <time.h> +#include <assert.h> +#ifdef HAVE_ARC4RANDOM +#include <bsd/stdlib.h> +#endif #ifndef WIN32 #include <syslog.h> @@ -142,3 +149,23 @@ void print_hexstr(unsigned char *buf, size_t siz) { free(out); } #endif + +int pt_random(void) { +#ifdef HAVE_ARC4RANDOM + return arc4random(); +#else +#ifdef HAVE_RANDOM +#ifndef TIME_UTC +#define TIME_UTC 1 +#endif + struct timespec ts; + + assert(timespec_get(&ts, TIME_UTC)); + srandom(ts.tv_nsec ^ ts.tv_sec); + return random(); +#else + srand(time(0)); + return rand(); +#endif +#endif +} diff --git a/src/utils.h b/src/utils.h index 8afa45c..0796848 100644 --- a/src/utils.h +++ b/src/utils.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle <daniels@cs.uit.no>, * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig <matzeton@googlemail.com> + * Copyright (c) 2017-2019, Toni Uhlig <matzeton@googlemail.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -60,4 +60,6 @@ int host_to_addr(const char *hostname, uint32_t *result); void print_hexstr(unsigned char *buf, size_t siz); #endif +int pt_random(void); + #endif |