diff options
| -rw-r--r-- | src/pdesc.c | 17 | ||||
| -rw-r--r-- | src/pdesc.h | 11 | ||||
| -rw-r--r-- | src/pkt.c | 75 | ||||
| -rw-r--r-- | src/pkt.h | 4 | ||||
| -rw-r--r-- | src/ptunnel.c | 24 |
5 files changed, 90 insertions, 41 deletions
diff --git a/src/pdesc.c b/src/pdesc.c index 51fa3ab..af580e8 100644 --- a/src/pdesc.c +++ b/src/pdesc.c @@ -111,6 +111,11 @@ proxy_desc_t *create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, pthread_mutex_unlock(&chain_lock); cur->xfer.bytes_in = 0.0; cur->xfer.bytes_out = 0.0; + cur->window_size = 64; + cur->ack_interval = 1.0; + cur->resend_interval = 1.5; + cur->send_ring = calloc(cur->window_size, sizeof(icmp_desc_t)); + cur->recv_ring = calloc(cur->window_size, sizeof(forward_desc_t *)); return cur; } @@ -130,7 +135,7 @@ void remove_proxy_desc(proxy_desc_t *cur, proxy_desc_t *prev) { if (cur->buf) free(cur->buf); cur->buf = 0; - for (i=0;i<kPing_window_size;i++) { + for (i=0;i<cur->window_size;i++) { if (cur->send_ring[i].pkt) free(cur->send_ring[i].pkt); cur->send_ring[i].pkt = 0; @@ -138,6 +143,8 @@ void remove_proxy_desc(proxy_desc_t *cur, proxy_desc_t *prev) { free(cur->recv_ring[i]); cur->recv_ring[i] = 0; } + free(cur->send_ring); + free(cur->recv_ring); close(cur->sock); cur->sock = 0; @@ -171,7 +178,7 @@ int queue_packet(int icmp_sock, uint8_t type, char *buf, int num_bytes, uint16_t id_no, uint16_t icmp_id, uint16_t *seq, icmp_desc_t ring[], int *insert_idx, int *await_send, uint32_t ip, uint32_t port, uint32_t state, struct sockaddr_in *dest_addr, uint16_t next_expected_seq, - int *first_ack, uint16_t *ping_seq) + int *first_ack, uint16_t *ping_seq, uint16_t window_size) { int pkt_len = sizeof(icmp_echo_packet_t) + sizeof(ping_tunnel_pkt_t) + num_bytes; @@ -233,7 +240,7 @@ int queue_packet(int icmp_sock, uint8_t type, char *buf, int num_bytes, *first_ack = *insert_idx; (*await_send)++; (*insert_idx)++; - if (*insert_idx >= kPing_window_size) + if (*insert_idx >= window_size) *insert_idx = 0; return 0; } @@ -241,7 +248,7 @@ int queue_packet(int icmp_sock, uint8_t type, char *buf, int num_bytes, /* send_packets: * Examines the passed-in ring, and forwards data in it over TCP. */ -uint32_t send_packets(forward_desc_t *ring[], int *xfer_idx, int *await_send, int *sock) { +uint32_t send_packets(forward_desc_t *ring[], int *xfer_idx, int *await_send, int *sock, uint16_t window_size) { forward_desc_t *fwd_desc; int bytes, total = 0; @@ -267,7 +274,7 @@ uint32_t send_packets(forward_desc_t *ring[], int *xfer_idx, int *await_send, in free(fwd_desc); (*xfer_idx)++; (*await_send)--; - if (*xfer_idx >= kPing_window_size) + if (*xfer_idx >= window_size) *xfer_idx = 0; } else diff --git a/src/pdesc.h b/src/pdesc.h index d0767aa..e8180fd 100644 --- a/src/pdesc.h +++ b/src/pdesc.h @@ -156,8 +156,11 @@ typedef struct proxy_desc_t { double last_ack; /** Time when a packet was last received. */ double last_activity; - icmp_desc_t send_ring[kPing_window_size]; - forward_desc_t *recv_ring[kPing_window_size]; + uint16_t window_size; + double ack_interval; + double resend_interval; + icmp_desc_t *send_ring; + forward_desc_t **recv_ring; xfer_stats_t xfer; struct proxy_desc_t *next; } proxy_desc_t; @@ -176,8 +179,8 @@ int queue_packet(int icmp_sock, uint8_t type, char *buf, int num_byt uint16_t id_no, uint16_t icmp_id, uint16_t *seq, icmp_desc_t ring[], int *insert_idx, int *await_send, uint32_t ip, uint32_t port, uint32_t state, struct sockaddr_in *dest_addr, uint16_t next_expected_seq, - int *first_ack, uint16_t *ping_seq); + int *first_ack, uint16_t *ping_seq, uint16_t window_size); -uint32_t send_packets(forward_desc_t *ring[], int *xfer_idx, int *await_send, int *sock); +uint32_t send_packets(forward_desc_t *ring[], int *xfer_idx, int *await_send, int *sock, uint16_t window_size); #endif @@ -179,6 +179,9 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a pt_log(kLog_error, "Failed to create proxy descriptor!\n"); return; } + if (pt_pkt->data_len > 0) { + handle_data(pkt, bytes, 0, 0, 0, 0, cur, 0); + } if (init_state == kProto_authenticate) { pt_log(kLog_debug, "Sending authentication challenge..\n"); /* Send challenge */ @@ -190,7 +193,7 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a &cur->send_idx, &cur->send_wait_ack, 0, 0, kProto_authenticate | cur->type_flag, &cur->dest_addr, cur->next_remote_seq, - &cur->send_first_ack, &cur->ping_seq); + &cur->send_first_ack, &cur->ping_seq, cur->window_size); } } else if (type_flag == kUser_flag) { @@ -231,13 +234,13 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a &cur->my_seq, cur->send_ring, &cur->send_idx, &cur->send_wait_ack, 0, 0, kProto_authenticate | cur->type_flag, &cur->dest_addr, - cur->next_remote_seq, &cur->send_first_ack, &cur-> ping_seq); + cur->next_remote_seq, &cur->send_first_ack, &cur-> ping_seq, cur->window_size); /* We have authenticated locally. * It's up to the proxy now if it accepts our response or not.. */ cur->authenticated = 1; handle_data(pkt, bytes, cur->recv_ring, &cur->recv_wait_send, - &cur->recv_idx, &cur->next_remote_seq); + &cur->recv_idx, &cur->next_remote_seq, 0, cur->window_size); return; } /* If proxy: Handle client's response to challenge */ @@ -256,7 +259,7 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a * confusing the reliab ility mechanism. */ handle_data(pkt, bytes, cur->recv_ring, &cur->recv_wait_send, - &cur->recv_idx, &cur->next_remote_seq); + &cur->recv_idx, &cur->next_remote_seq, 0, cur->window_size); } else { pt_log(kLog_info, "Remote end failed authentication.\n"); @@ -288,12 +291,15 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a if (pt_pkt->state == kProto_data || pt_pkt->state == kProxy_start || pt_pkt->state == kProto_ack) { + if (pt_pkt->state == kProxy_start) { + pt_pkt->data_len = 0; + } handle_data(pkt, bytes, cur->recv_ring, &cur->recv_wait_send, - &cur->recv_idx, &cur->next_remote_seq); + &cur->recv_idx, &cur->next_remote_seq, 0, cur->window_size); } handle_ack((uint16_t)pt_pkt->ack, cur->send_ring, &cur->send_wait_ack, 0, cur->send_idx, &cur->send_first_ack, &cur->remote_ack_val, - is_pcap); + is_pcap, cur->window_size); cur->last_activity = time_as_double(); } } @@ -308,7 +314,7 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a * onto the passed-in receive ring. */ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[], - int *await_send, int *insert_idx, uint16_t *next_expected_seq) + int *await_send, int *insert_idx, uint16_t *next_expected_seq, void *cur, uint16_t window_size) { ping_tunnel_pkt_t *pt_pkt = (ping_tunnel_pkt_t*)pkt->data; int expected_len = sizeof(ip_packet_t) + sizeof(icmp_echo_packet_t) + @@ -337,6 +343,35 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[], */ exit(0); } + if (cur) { + uint16_t *extended_options = (uint16_t *)pt_pkt->data; + if (pt_pkt->data_len >= 2) { + extended_options[0] = ntohs(extended_options[0]); + if (extended_options[0] > 0) { + ((proxy_desc_t *)cur)->window_size = extended_options[0]; + free(((proxy_desc_t *)cur)->send_ring); + free(((proxy_desc_t *)cur)->recv_ring); + ((proxy_desc_t *)cur)->send_ring = calloc(((proxy_desc_t *)cur)->window_size, sizeof(icmp_desc_t)); + ((proxy_desc_t *)cur)->recv_ring = calloc(((proxy_desc_t *)cur)->window_size, sizeof(forward_desc_t *)); + pt_log(kLog_verbose, "Received extended option for window size %d \n", ((proxy_desc_t *)cur)->window_size); + } + } + if (pt_pkt->data_len >= 4) { + extended_options[1] = ntohs(extended_options[1]); + if (extended_options[1] > 0) { + ((proxy_desc_t *)cur)->ack_interval = extended_options[1] / 1000.0; + pt_log(kLog_verbose, "Received extended option for ack interval %f \n", ((proxy_desc_t *)cur)->ack_interval); + } + } + if (pt_pkt->data_len >= 6) { + extended_options[2] = ntohs(extended_options[2]); + if (extended_options[2] > 0) { + ((proxy_desc_t *)cur)->resend_interval = extended_options[2] / 1000.0; + pt_log(kLog_verbose, "Received extended option for resend interval %f \n", ((proxy_desc_t *)cur)->resend_interval); + } + } + return; + } if (pt_pkt->seq_no == *next_expected_seq) { /* hmm, what happens if this test is true? */ if (!ring[*insert_idx]) { /* && pt_pkt->state == kProto_data */ @@ -349,14 +384,14 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[], pt_log(kLog_debug, "Dup packet?\n"); (*next_expected_seq)++; - if (*insert_idx >= kPing_window_size) + if (*insert_idx >= window_size) *insert_idx = 0; /* Check if we have already received some of the next packets */ while (ring[*insert_idx]) { if (ring[*insert_idx]->seq_no == *next_expected_seq) { (*next_expected_seq)++; (*insert_idx)++; - if (*insert_idx >= kPing_window_size) + if (*insert_idx >= window_size) *insert_idx = 0; } else @@ -371,13 +406,13 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[], d = s - r; if (d < 0) { /* This packet _may_ be old, or seq_no may have wrapped around */ d = (s+0xFFFF) - r; - if (d < kPing_window_size) { + if (d < window_size) { /* Counter has wrapped, so we should add this packet to the recv ring */ - pos = ((*insert_idx)+d) % kPing_window_size; + pos = ((*insert_idx)+d) % window_size; } } - else if (d < kPing_window_size) - pos = ((*insert_idx)+d) % kPing_window_size; + else if (d < window_size) + pos = ((*insert_idx)+d) % window_size; if (pos != -1) { if (!ring[pos]) { @@ -396,14 +431,14 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[], void handle_ack(uint16_t seq_no, icmp_desc_t ring[], int *packets_awaiting_ack, int one_ack_only, int insert_idx, int *first_ack, - uint16_t *remote_ack, int is_pcap) + uint16_t *remote_ack, int is_pcap, uint16_t window_size) { int i, j, k; ping_tunnel_pkt_t *pt_pkt; if (*packets_awaiting_ack > 0) { if (one_ack_only) { - for (i = 0; i < kPing_window_size; i++) { + for (i = 0; i < window_size; i++) { if (ring[i].pkt && ring[i].seq_no == seq_no && !is_pcap) { pt_log(kLog_debug, "Received ack for only seq %d\n", seq_no); pt_pkt = (ping_tunnel_pkt_t*)ring[i].pkt->data; @@ -413,8 +448,8 @@ void handle_ack(uint16_t seq_no, icmp_desc_t ring[], int *packets_awaiting_ack, ring[i].pkt = 0; (*packets_awaiting_ack)--; if (i == *first_ack) { - for (j=1;j<kPing_window_size;j++) { - k = (i+j)%kPing_window_size; + for (j=1;j<window_size;j++) { + k = (i+j)%window_size; if (ring[k].pkt) { *first_ack = k; break; @@ -433,10 +468,10 @@ void handle_ack(uint16_t seq_no, icmp_desc_t ring[], int *packets_awaiting_ack, int i, can_ack = 0, count = 0; i = insert_idx-1; if (i < 0) - i = kPing_window_size - 1; + i = window_size - 1; pt_log(kLog_debug, "Received ack-series starting at seq %d\n", seq_no); - while (count < kPing_window_size) { + while (count < window_size) { if (!ring[i].pkt) break; @@ -452,7 +487,7 @@ void handle_ack(uint16_t seq_no, icmp_desc_t ring[], int *packets_awaiting_ack, } i--; if (i < 0) - i = kPing_window_size - 1; + i = window_size - 1; count++; } } @@ -138,10 +138,10 @@ typedef struct icmp_desc_t icmp_desc_t; void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *addr, int icmp_sock); void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t **ring, - int *await_send, int *insert_idx, uint16_t *next_expected_seq); + int *await_send, int *insert_idx, uint16_t *next_expected_seq, void *cur, uint16_t window_size); void handle_ack(uint16_t seq_no, icmp_desc_t *ring, int *packets_awaiting_ack, int one_ack_only, int insert_idx, int *first_ack, - uint16_t *remote_ack, int is_pcap); + uint16_t *remote_ack, int is_pcap, uint16_t window_size); #endif diff --git a/src/ptunnel.c b/src/ptunnel.c index 8766acf..6f9fdc7 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -536,7 +536,7 @@ void* pt_proxy(void *args) { * room in our send window AND we either don't use a password, or * have been authenticated. */ - if (cur->sock && cur->send_wait_ack < kPing_window_size && + if (cur->sock && cur->send_wait_ack < cur->window_size && (!opts.password || cur->authenticated)) { FD_SET(cur->sock, &set); @@ -558,10 +558,14 @@ void* pt_proxy(void *args) { if (cur->state == kProxy_start) { pt_log(kLog_verbose, "Sending proxy request.\n"); cur->last_ack = time_as_double(); - queue_packet(fwd_sock, cur->pkt_type, 0, 0, cur->id_no, cur->id_no, + uint16_t extended_options[3]; + extended_options[0] = htons(cur->window_size); + extended_options[1] = htons(cur->ack_interval*1000); + extended_options[2] = htons(cur->resend_interval*1000); + queue_packet(fwd_sock, cur->pkt_type, (char *)extended_options, sizeof(extended_options), cur->id_no, cur->id_no, &cur->my_seq, cur->send_ring, &cur->send_idx, &cur->send_wait_ack, cur->dst_ip, cur->dst_port, cur->state | cur->type_flag, - &cur->dest_addr, cur->next_remote_seq, &cur->send_first_ack, &cur->ping_seq); + &cur->dest_addr, cur->next_remote_seq, &cur->send_first_ack, &cur->ping_seq, cur->window_size); cur->xfer.icmp_out++; cur->state = kProto_data; } @@ -591,7 +595,7 @@ void* pt_proxy(void *args) { queue_packet(fwd_sock, cur->pkt_type, cur->buf, bytes, cur->id_no, cur->icmp_id, &cur->my_seq, cur->send_ring, &cur->send_idx, &cur->send_wait_ack, 0, 0, cur->state | cur->type_flag, - &cur->dest_addr, cur->next_remote_seq, &cur->send_first_ack, &cur->ping_seq); + &cur->dest_addr, cur->next_remote_seq, &cur->send_first_ack, &cur->ping_seq, cur->window_size); } prev = cur; tmp = cur->next; @@ -622,11 +626,11 @@ void* pt_proxy(void *args) { continue; } if (cur->recv_wait_send && cur->sock) - cur->xfer.bytes_in += send_packets(cur->recv_ring, &cur->recv_xfer_idx, &cur->recv_wait_send, &cur->sock); + cur->xfer.bytes_in += send_packets(cur->recv_ring, &cur->recv_xfer_idx, &cur->recv_wait_send, &cur->sock, cur->window_size); /* Check for any icmp packets requiring resend, and resend _only_ the first packet. */ idx = cur->send_first_ack; - if (cur->send_ring[idx].pkt && cur->send_ring[idx].last_resend+kResend_interval < now) { + if (cur->send_ring[idx].pkt && cur->send_ring[idx].last_resend+cur->resend_interval < now) { pt_log(kLog_debug, "Resending packet with seq-no %d.\n", cur->send_ring[idx].seq_no); cur->send_ring[idx].last_resend = now; cur->send_ring[idx].pkt->seq = htons(cur->ping_seq); @@ -639,14 +643,14 @@ void* pt_proxy(void *args) { cur->xfer.icmp_resent++; } /* Figure out if it's time to send an explicit acknowledgement */ - if (cur->last_ack+1.0 < now && cur->send_wait_ack < kPing_window_size && + if (cur->last_ack+cur->ack_interval < now && cur->send_wait_ack < cur->window_size && cur->remote_ack_val+1 != cur->next_remote_seq) { cur->last_ack = now; queue_packet(fwd_sock, cur->pkt_type, 0, 0, cur->id_no, cur->icmp_id, &cur->my_seq, cur->send_ring, &cur->send_idx, &cur->send_wait_ack, cur->dst_ip, cur->dst_port, kProto_ack | cur->type_flag, - &cur->dest_addr, cur->next_remote_seq, &cur->send_first_ack, &cur->ping_seq); + &cur->dest_addr, cur->next_remote_seq, &cur->send_first_ack, &cur->ping_seq, cur->window_size); cur->xfer.icmp_ack_out++; } } @@ -794,10 +798,10 @@ void send_termination_msg(proxy_desc_t *cur, int icmp_sock) { queue_packet(icmp_sock, cur->pkt_type, 0, 0, cur->id_no, cur->icmp_id, &cur->my_seq, cur->send_ring, &cur->send_idx, &cur->send_wait_ack, 0, 0, kProto_close | cur->type_flag, &cur->dest_addr, cur->next_remote_seq, - &cur->send_first_ack, &cur->ping_seq); + &cur->send_first_ack, &cur->ping_seq, cur->window_size); queue_packet(icmp_sock, cur->pkt_type, 0, 0, cur->id_no, cur->icmp_id, &cur->my_seq, cur->send_ring, &cur->send_idx, &cur->send_wait_ack, 0, 0, kProto_close | cur->type_flag, &cur->dest_addr, cur->next_remote_seq, - &cur->send_first_ack, &cur->ping_seq); + &cur->send_first_ack, &cur->ping_seq, cur->window_size); cur->xfer.icmp_out += 2; } |