diff options
| -rw-r--r--[-rwxr-xr-x] | CHANGELOG | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | LICENSE | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | Makefile | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | README | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | md5.c | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | md5.h | 0 | ||||
| -rw-r--r-- | options.c | 142 | ||||
| -rw-r--r-- | options.h | 29 | ||||
| -rw-r--r--[-rwxr-xr-x] | ptunnel.8 | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | ptunnel.c | 103 | ||||
| -rw-r--r--[-rwxr-xr-x] | ptunnel.h | 1 |
11 files changed, 158 insertions, 117 deletions
diff --git a/CHANGELOG b/CHANGELOG index d3a3e8f..d3a3e8f 100755..100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -37,55 +37,58 @@ static const struct option_usage usage[] = { "and can be used to bypass Cisco IPS\n" "This value has to be the same on the server and client!\n" }, - {"address", 1, OPT_STR, {.unum = 0}, + {"address", 1, OPT_DEC32, {.unum = 0}, "Set address of peer running packet forwarder. This causes\n" "ptunnel to operate in forwarding mode - the absence of this\n" "option causes ptunnel to operate in proxy mode.\n" }, - {"port", 1, OPT_DEC32, {.num = 1234}, + {"port", 1, OPT_DEC32, {.unum = 2222}, "Set TCP listening port (only used when operating in forward mode)\n" }, - {"address:port", 1, OPT_STR, {.str = "127.0.0.1:22"}, - "Set remote proxy destination address:port if client\n" - "Restrict to only this destination address:port if server\n" + {"address", 1, OPT_STR, {.str = "127.0.0.1"}, + "Set remote proxy destination address if client\n" + "Restrict to only this destination address if server\n" }, - {"connections", 0, OPT_DEC32, {.num = 4}, + {"port", 1, OPT_DEC32, {.unum = 22}, + "Set remote proxy destination port if client\n" + "Restrict to only this destination port if server\n" + }, + {"connections", 0, OPT_DEC32, {.unum = kMax_tunnels}, "Set maximum number of concurrent tunnels\n" }, - {"level", 0, OPT_DEC32, {.num = 1}, + {"level", 0, OPT_DEC32, {.num = kLog_event}, "Verbosity level (-1 to 4, where -1 is no output, and 4 is all output)\n" + "The special level 5 (or higher) includes xfer logging (lots of output)\n" }, - {NULL, 0, OPT_BOOL, {.unum = 0}, + {"interface", 0, OPT_STR, {.str = "eth0"}, "Enable libpcap on the given device.\n" }, {"file", 0, OPT_STR, {.str = "/var/log/ptunnel.log"}, "Specify a file to log to, rather than printing to standard out.\n" }, - {NULL, 0, OPT_BOOL, {.unum = 0}, + {NULL, 0, OPT_BOOL, {.num = 0}, "Client only. Enables continuous output of statistics (packet loss, etc.)\n" }, -#ifndef WIN32 - {NULL, 0, OPT_BOOL, {.unum = 0}, - "Run in background, the PID will be written in the file supplied as argument\n" - }, - {NULL, 0, OPT_BOOL, {.unum = 0}, - "Output debug to syslog instead of standard out.\n" - }, -#endif - {NULL, 0, OPT_BOOL, {.unum = 0}, - "Toggle use of UDP instead of ICMP. Proxy will listen on port 53 (must be root).\n" - }, {"password", 0, OPT_STR, {.str = NULL}, "Set password (must be same on client and proxy)\n" "If no password is set, you will be asked during runtime.\n" }, {NULL, 0, OPT_BOOL, {.unum = 0}, + "Toggle use of UDP instead of ICMP. Proxy will listen on port 53 (must be root).\n" + }, + {NULL, 0, OPT_BOOL, {.unum = 0}, "Run proxy in unprivileged mode. This causes the proxy to forward\n" "packets using standard echo requests, instead of crafting custom echo replies.\n" "Unprivileged mode will only work on some systems, and is in general less reliable\n" "than running in privileged mode.\n" }, #ifndef WIN32 + {NULL, 0, OPT_BOOL, {.unum = 0}, + "Run in background, the PID will be written in the file supplied as argument\n" + }, + {NULL, 0, OPT_BOOL, {.unum = 0}, + "Output debug to syslog instead of standard out.\n" + }, {"user", 0, OPT_STR, {.str = "nobody"}, "When started in privileged mode, drop down to user's rights as soon as possible\n" }, @@ -109,20 +112,21 @@ static const struct option_usage usage[] = { static struct option long_options[] = { {"magic", required_argument, 0, 'm'}, {"proxy", required_argument, 0, 'p'}, - {"listen", required_argument, 0, 'l'}, - {"remote", required_argument, 0, 'r'}, + {"listen", optional_argument, 0, 'l'}, + {"remote-adr", optional_argument, 0, 'r'}, + {"remote-port", optional_argument, 0, 'R'}, {"connections", required_argument, 0, 'c'}, {"verbosity", required_argument, 0, 'v'}, {"libpcap", required_argument, 0, 'a'}, - {"logfile", required_argument, 0, 'o'}, + {"logfile", optional_argument, 0, 'o'}, {"statistics", no_argument, 0, 's'}, + {"passwd", required_argument, 0, 'x'}, + {"udp", no_argument, &opts.udp, 1 }, + {"unprivileged", no_argument, &opts.unprivileged, 1 }, #ifndef WIN32 {"daemon", no_argument, 0, 'd'}, {"syslog", no_argument, 0, 'S'}, #endif - {"udp", no_argument, &opts.udp, 1 }, - {"passwd", required_argument, 0, 'x'}, - {"unprivileged", no_argument, &opts.unprivledged, 1 }, #ifndef WIN32 {"user", required_argument, 0, 'u'}, {"group", required_argument, 0, 'g'}, @@ -136,6 +140,34 @@ static struct option long_options[] = { }; +static const void *get_default_optval(enum option_type opttype, const char *optname) { + for (unsigned i = 0; i < ARRAY_SIZE(long_options); ++i) { + if (strncmp(long_options[i].name, optname, strlen(long_options[i].name)) == 0) { + assert(usage[i].otype == opttype); + return &usage[i].str; + } + } + assert(NULL); + return NULL; +} + +static void set_options_defaults(void) { + memset(&opts, 0, sizeof(opts)); + opts.magic = *(uint32_t *) get_default_optval(OPT_HEX32, "magic"); + opts.mode = kMode_proxy; + opts.given_proxy_ip = *(uint32_t *) get_default_optval(OPT_DEC32, "proxy"); + opts.tcp_listen_port = *(uint32_t *) get_default_optval(OPT_DEC32, "listen"); + opts.given_dst_hostname = strdup(*(char **) get_default_optval(OPT_STR, "remote-adr")); + opts.given_dst_port = *(uint32_t *) get_default_optval(OPT_DEC32, "remote-port"); + opts.max_tunnels = *(uint32_t *) get_default_optval(OPT_DEC32, "connections"); + opts.log_level = *(int *) get_default_optval(OPT_DEC32, "verbosity"); + opts.pcap_device = strdup((char *)get_default_optval(OPT_STR, "libpcap")); + opts.log_file = fopen(*(char **) get_default_optval(OPT_STR, "logfile"), "a"); + opts.print_stats = *(int *) get_default_optval(OPT_BOOL, "statistics"); +#ifndef WIN32 +#endif +} + static void print_multiline(const char *prefix, const char *multiline) { const char sep[] = "\n"; const char *start, *end; @@ -212,8 +244,6 @@ static void print_short_help(unsigned index, int required_state) { void print_usage(const char *arg0) { unsigned i; - assert( ARRAY_SIZE(long_options) == ARRAY_SIZE(usage) ); - printf("ptunnel-ng v%d.%.2d\n\nUsage: %s", kMajor_version, kMinor_version, arg0); /* print (short)help argument line */ for (i = 0; i < ARRAY_SIZE(usage); ++i) { @@ -234,7 +264,7 @@ void print_usage(const char *arg0) { } int parse_options(int argc, char **argv) { - int c = 0, optind = -1; + int c = 0, optind = -1, has_logfile = 0; struct hostent *host_ent; md5_state_t state; #ifndef WIN32 @@ -242,13 +272,14 @@ int parse_options(int argc, char **argv) { struct group *grnam; #endif + assert( ARRAY_SIZE(long_options) == ARRAY_SIZE(usage) ); + /* set defaults */ - memset(&opts, 0, sizeof(opts)); - opts.proxy_mode = kMode_proxy; + set_options_defaults(); /* parse command line arguments */ while (1) { - c = getopt_long(argc, argv, "m:p:l:r:c:v:a:o:sdSx:u:g:t:eh", &long_options[0], &optind); + c = getopt_long(argc, argv, "m:p:l::r::R::c:v:a:o::sdSx:u:g:t:eh", &long_options[0], &optind); if (c == -1) break; switch (c) { @@ -256,7 +287,7 @@ int parse_options(int argc, char **argv) { opts.magic = strtoul(optarg, NULL, 16); break; case 'p': - opts.proxy_mode = kMode_forward; + opts.mode = kMode_forward; if (NULL == (host_ent = gethostbyname(optarg))) { pt_log(kLog_error, "Failed to look up %s as proxy address\n", optarg); return 1; @@ -264,14 +295,16 @@ int parse_options(int argc, char **argv) { opts.given_proxy_ip = *(uint32_t*)host_ent->h_addr_list[0]; break; case 'l': - opts.tcp_listen_port = strtoul(optarg, NULL, 10); + if (optarg) + opts.tcp_listen_port = strtoul(optarg, NULL, 10); break; case 'r': - if (NULL == (host_ent = gethostbyname(optarg))) { - pt_log(kLog_error, "Failed to look up %s as destination address\n", optarg); - return 1; - } - opts.given_dst_ip = *(uint32_t*)host_ent->h_addr_list[0]; + if (optarg) + opts.given_dst_hostname = strdup(optarg); + break; + case 'R': + if (optarg) + opts.given_dst_port = strtoul(optarg, NULL, 10); break; case 'c': opts.max_tunnels = strtoul(optarg, NULL,10); @@ -279,17 +312,24 @@ int parse_options(int argc, char **argv) { opts.max_tunnels = kMax_tunnels; break; case 'v': - opts.log_level = strtoul(optarg, NULL, 10); + opts.log_level = strtol(optarg, NULL, 10); break; case 'a': + if (opts.pcap_device) + free(opts.pcap_device); opts.pcap_device = strdup(optarg); break; case 'o': - opts.log_file = fopen(optarg, "a"); + if (optarg) { + if (opts.log_file) + fclose(opts.log_file); + opts.log_file = fopen(optarg, "a"); + } if (!opts.log_file) { - opts.log_file = stdout; - pt_log(kLog_error, "Failed to open log file: '%s'. Cause: % s\n", optarg, strerror(errno)); + pt_log(kLog_error, "Failed to open log file: \"%s\", Cause: %s\n", (optarg ? optarg : "default"), strerror(errno)); pt_log(kLog_error, "Reverting log to standard out.\n"); + } else { + has_logfile = 1; } break; case 's': @@ -312,7 +352,7 @@ int parse_options(int argc, char **argv) { pt_log(kLog_error, "%s: %s\n", optarg, strerror(errno)); break; case 'S': - opts.syslog = 1; + opts.use_syslog = 1; break; case 'u': errno = 0; @@ -355,11 +395,25 @@ int parse_options(int argc, char **argv) { case 'h': print_usage(argv[0]); _exit(EXIT_SUCCESS); + case 0: /* long opt only */ + break; default: pt_log(kLog_error, "%s: option unknown", optarg); break; } } + if (NULL == (host_ent = gethostbyname(opts.given_dst_hostname))) { + pt_log(kLog_error, "Failed to look up %s as destination address\n", opts.given_dst_hostname); + return 1; + } + opts.given_dst_ip = *(uint32_t*)host_ent->h_addr_list[0]; + + if (!has_logfile) { + if (opts.log_file) + fclose(opts.log_file); + opts.log_file = stdout; + } + return 0; } @@ -14,20 +14,19 @@ struct options { - /** proxy or forwarder? */ - int proxy_mode; /** user defined magic value (prevent Cisco WSA/IronPort fingerprint scan) */ uint32_t magic; + /** proxy or forwarder? */ + int mode; /** Proxy's internet address */ - uint32_t given_proxy_ip; - /** Password-Digest (must be the same on proxy and client for authentication to succeed) */ - unsigned char *password_digest; + uint32_t given_proxy_ip; /** Port the client listens on */ - uint16_t tcp_listen_port; - /** Proxy's internet address */ + uint32_t tcp_listen_port; + /** Forward/Proxy destination internet address */ + char *given_dst_hostname; uint32_t given_dst_ip; - /** Port to send data to from the proxy */ - int tcp_port; + /** Forward/Proxy destination port */ + uint32_t given_dst_port; /** Default maximum number of tunnels to support at once */ uint32_t max_tunnels; /** Default log level */ @@ -38,15 +37,21 @@ struct options { FILE *log_file; /** Print more detailed traffic statistics if non zero value */ int print_stats; + /** Password-Digest (must be the same on proxy and client for authentication to succeed) */ + unsigned char *password_digest; /** use UDP instead of ICMP */ int udp; /** unpriviledged mode */ - int unprivledged; + int unprivileged; #ifdef HAVE_SELINUX char *selinux_context; #endif #ifndef WIN32 + /** run as daemon if non zero value */ + int daemonize; + /** log to syslog if non zero value */ + int use_syslog; /** UID of the running process */ uid_t uid; /** GID of the running process */ @@ -55,10 +60,6 @@ struct options { char *root_dir; /** PIDFILE */ FILE *pid_file; - /** run as daemon */ - bool daemonize; - /** log to syslog if non zero value */ - int syslog; #endif }; diff --git a/ptunnel.8 b/ptunnel.8 index 2377b2f..2377b2f 100755..100644 --- a/ptunnel.8 +++ b/ptunnel.8 diff --git a/ptunnel.c b/ptunnel.c index 5abc54a..3f9028d 100755..100644 --- a/ptunnel.c +++ b/ptunnel.c @@ -86,26 +86,12 @@ pthread_mutex_t chain_lock, // Lock protecting the chain of connections num_threads_lock; // Lock protecting the num_threads variable bool - unprivileged = false, // True if user wants to run without root - pcap = false, // True if user wants packet capturing - print_stats = false, // True if user wants continuous statistics printed. - use_syslog = false; // True if user wants to log to syslog -FILE - *log_file = 0; // Usually stdout, but can be altered by the user + pcap = false; // True if user wants packet capturing int - tcp_port = -1, // Port to send data to from the proxy - tcp_listen_port = -1, // Port the client listens on - log_level = kLog_event, // Default log level - mode = kMode_proxy, // Default mode (proxy) num_threads = 0, // Current thread count - max_tunnels = kMax_tunnels, // Default maximum number of tunnels to support at once - num_tunnels = 0, // Current tunnel count - use_udp = 0; // True if UDP should be used for transport (proxy runs on port 53) + num_tunnels = 0; // Current tunnel count uint32_t - magic = kPing_tunnel_magic, // user defined magic value (prevent Cisco WSA/ironport detection) - *seq_expiry_tbl = 0, // Table indicating when a connection ID is allowable (used by proxy) - given_proxy_ip = 0, // Proxy's internet address - given_dst_ip = 0; // Destination client wants data forwarded to + *seq_expiry_tbl = 0; // Table indicating when a connection ID is allowable (used by proxy) char *password = 0, // Password (must be the same on proxy and client for authentication to succeed) password_digest[kMD5_digest_size], // MD5 digest of password @@ -156,12 +142,10 @@ int main(int argc, char *argv[]) { */ seq_expiry_tbl = calloc(65536, sizeof(uint32_t)); - log_file = stdout; - // Parse options parse_options(argc, argv); - if (pcap && use_udp) { + if (pcap && opts.udp) { pt_log(kLog_error, "Packet capture is not supported (or needed) when using UDP for transport.\n"); pcap = 0; } @@ -172,17 +156,20 @@ int main(int argc, char *argv[]) { #else pt_log(kLog_info, "Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>\n"); #endif - pt_log(kLog_info, "%s.\n", (mode == kMode_forward ? "Relaying packets from incoming TCP streams" : "Forwarding incoming ping packets over TCP")); - if (use_udp) + pt_log(kLog_info, "%s.\n", (opts.mode == kMode_forward ? "Relaying packets from incoming TCP streams" : "Forwarding incoming ping packets over TCP")); + if (opts.udp) pt_log(kLog_info, "UDP transport enabled.\n"); + pt_log(kLog_debug, "Destination at %s:%u\n", opts.given_dst_hostname, opts.given_dst_port); + if (opts.mode == kMode_forward) + pt_log(kLog_debug, "Listen for incoming connections at 0.0.0.0:%u\n", opts.tcp_listen_port); #ifndef WIN32 signal(SIGPIPE, SIG_IGN); - if (use_syslog) { - if (log_file != stdout) { + if (opts.use_syslog) { + if (opts.log_file != stdout) { pt_log(kLog_error, "Logging using syslog overrides the use of a specified logfile (using -f).\n"); - fclose(log_file); - log_file = stdout; + fclose(opts.log_file); + opts.log_file = stdout; } openlog("ptunnel", LOG_PID, LOG_USER); } @@ -243,8 +230,8 @@ int main(int argc, char *argv[]) { pthread_mutex_init(&num_threads_lock, 0); // Check mode, validate arguments and start either client or proxy. - if (mode == kMode_forward) { - if (!given_proxy_ip || !given_dst_ip || !tcp_port || !tcp_listen_port) { + if (opts.mode == kMode_forward) { + if (!opts.given_proxy_ip || !opts.given_dst_ip || !opts.given_dst_port || !opts.tcp_listen_port) { printf("One of the options are missing or invalid.\n"); print_usage(argv[0]); return -1; @@ -255,8 +242,8 @@ int main(int argc, char *argv[]) { pt_proxy(0); // Clean up - if (log_file != stdout) - fclose(log_file); + if (opts.log_file != stdout) + fclose(opts.log_file); #ifdef WIN32 WSACleanup(); @@ -295,7 +282,7 @@ void pt_forwarder(void) { return; } addr.sin_family = AF_INET; - addr.sin_port = htons(tcp_listen_port); + addr.sin_port = htons(opts.tcp_listen_port); addr.sin_addr.s_addr = INADDR_ANY; memset(&(addr.sin_zero), 0, 8); if (bind(sock, (struct sockaddr*)&addr, sizeof(struct sockaddr)) == -1) { @@ -307,12 +294,12 @@ void pt_forwarder(void) { // Fill out address structure memset(&dest_addr, 0, sizeof(struct sockaddr_in)); dest_addr.sin_family = AF_INET; - if (use_udp) + if (opts.udp) dest_addr.sin_port = htons(kDNS_port /* dns port.. */); else dest_addr.sin_port = 0; - dest_addr.sin_addr.s_addr = given_proxy_ip; - pt_log(kLog_verbose, "Proxy IP address: %s\n", inet_ntoa(*((struct in_addr*)&given_proxy_ip))); + dest_addr.sin_addr.s_addr = opts.given_proxy_ip; + pt_log(kLog_verbose, "Proxy IP address: %s\n", inet_ntoa(*((struct in_addr*)&opts.given_proxy_ip))); listen(server_sock, 10); while (1) { @@ -345,7 +332,7 @@ void pt_forwarder(void) { } addr = dest_addr; rand_id = (uint16_t)rand(); - create_and_insert_proxy_desc(rand_id, rand_id, new_sock, &addr, given_dst_ip, tcp_port, kProxy_start, kUser_flag); + create_and_insert_proxy_desc(rand_id, rand_id, new_sock, &addr, opts.given_dst_ip, opts.given_dst_port, kProxy_start, kUser_flag); pthread_mutex_unlock(&num_threads_lock); } } @@ -408,9 +395,9 @@ void* pt_proxy(void *args) { // Start the thread, initialize protocol and ring states. pt_log(kLog_debug, "Starting ping proxy..\n"); - if (use_udp) { + if (opts.udp) { pt_log(kLog_debug, "Creating UDP socket..\n"); - if (mode == kMode_proxy) + if (opts.mode == kMode_proxy) fwd_sock = pt_create_udp_socket(kDNS_port); else fwd_sock = pt_create_udp_socket(0); @@ -420,7 +407,7 @@ void* pt_proxy(void *args) { } } else { - if (unprivileged) { + if (opts.unprivileged) { pt_log(kLog_debug, "Attempting to create unprivileged ICMP datagram socket..\n"); fwd_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP); } @@ -438,18 +425,18 @@ void* pt_proxy(void *args) { #endif } if (fwd_sock < 0) { - pt_log(kLog_error, "Couldn't create %s socket: %s\n", (unprivileged ? "unprivileged datagram" : "privileged raw"), strerror(errno)); + pt_log(kLog_error, "Couldn't create %s socket: %s\n", (opts.unprivileged ? "unprivileged datagram" : "privileged raw"), strerror(errno)); return 0; } } max_sock = fwd_sock+1; if (pcap) { - if (use_udp) { + if (opts.udp) { pt_log(kLog_error, "Packet capture is not useful with UDP [should not get here!]!\n"); close(fwd_sock); return 0; } - if (!unprivileged) { + if (!opts.unprivileged) { pt_log(kLog_info, "Initializing pcap.\n"); pc.pcap_err_buf = malloc(PCAP_ERRBUF_SIZE); pc.pcap_data_buf = malloc(pcap_buf_size); @@ -500,7 +487,7 @@ void* pt_proxy(void *args) { buf = malloc(icmp_receive_buf_len); // Start forwarding :) - pt_log(kLog_info, "Ping proxy is listening in %s mode.\n", (unprivileged ? "unprivileged" : "privileged")); + pt_log(kLog_info, "Ping proxy is listening in %s mode.\n", (opts.unprivileged ? "unprivileged" : "privileged")); #ifndef WIN32 #ifdef HAVE_SELINUX @@ -646,7 +633,7 @@ void* pt_proxy(void *args) { } } // Update running statistics, if requested (only once every second) - if (print_stats && mode == kMode_forward && now > last_status_update+1) { + if (opts.print_stats && opts.mode == kMode_forward && now > last_status_update+1) { pthread_mutex_lock(&chain_lock); memset(&xfer, 0, sizeof(xfer_stats_t)); for (cur=chain;cur;cur=cur->next) { @@ -657,7 +644,7 @@ void* pt_proxy(void *args) { xfer.icmp_resent += cur->xfer.icmp_resent; } pthread_mutex_unlock(&chain_lock); - print_statistics(&xfer, 1); + print_statistics(&xfer, (opts.log_level > kLog_verbose ? 0 : 1)); last_status_update = now; } } @@ -759,7 +746,7 @@ void handle_packet(char *buf, int bytes, int is_pcap, struct sockaddr_in *addr, if (bytes < sizeof(icmp_echo_packet_t)+sizeof(ping_tunnel_pkt_t)) pt_log(kLog_verbose, "Skipping this packet - too short. Expect: %d+%d = %d ; Got: %d\n", sizeof(icmp_echo_packet_t), sizeof(ping_tunnel_pkt_t), sizeof(icmp_echo_packet_t)+sizeof(ping_tunnel_pkt_t), bytes); else { - if (use_udp) { + if (opts.udp) { ip_pkt = 0; pkt = (icmp_echo_packet_t*)buf; pt_pkt = (ping_tunnel_pkt_t*)pkt->data; @@ -769,7 +756,7 @@ void handle_packet(char *buf, int bytes, int is_pcap, struct sockaddr_in *addr, pkt = (icmp_echo_packet_t*)ip_pkt->data; pt_pkt = (ping_tunnel_pkt_t*)pkt->data; } - if (ntohl(pt_pkt->magic) == magic) { + if (ntohl(pt_pkt->magic) == opts.magic) { pt_pkt->state = ntohl(pt_pkt->state); pkt->identifier = ntohs(pkt->identifier); pt_pkt->id_no = ntohs(pt_pkt->id_no); @@ -818,7 +805,7 @@ void handle_packet(char *buf, int bytes, int is_pcap, struct sockaddr_in *addr, return; } pt_log(kLog_info, "Starting new session to %s:%d with ID %d\n", inet_ntoa(*(struct in_addr*)&pt_pkt->dst_ip), ntohl(pt_pkt->dst_port), pt_pkt->id_no); - if ((given_dst_ip && given_dst_ip != pt_pkt->dst_ip) || (-1 != tcp_port && tcp_port != ntohl(pt_pkt->dst_port))) { + if ((opts.given_dst_ip && opts.given_dst_ip != pt_pkt->dst_ip) || (-1 != opts.given_dst_port && opts.given_dst_port != ntohl(pt_pkt->dst_port))) { pt_log(kLog_info, "Destination administratively prohibited!\n"); return; } @@ -925,8 +912,8 @@ proxy_desc_t* create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, in proxy_desc_t *cur; pthread_mutex_lock(&chain_lock); - if (num_tunnels >= max_tunnels) { - pt_log(kLog_info, "Discarding incoming connection - too many tunnels! Maximum count is %d (adjust with the -m switch).\n", max_tunnels); + if (num_tunnels >= opts.max_tunnels) { + pt_log(kLog_info, "Discarding incoming connection - too many tunnels! Maximum count is %u (adjust with the -m switch).\n", opts.max_tunnels); if (sock) close(sock); pthread_mutex_unlock(&chain_lock); @@ -960,7 +947,7 @@ proxy_desc_t* create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, in if (cur->type_flag == kUser_flag) cur->pkt_type = kICMP_echo_request; else - cur->pkt_type = (unprivileged ? kICMP_echo_request : kICMP_echo_reply); + cur->pkt_type = (opts.unprivileged ? kICMP_echo_request : kICMP_echo_reply); cur->buf = malloc(icmp_receive_buf_len); cur->last_activity = time_as_double(); cur->authenticated = 0; @@ -1064,7 +1051,7 @@ int queue_packet(int icmp_sock, uint8_t type, char *buf, int num_bytes, uint16 (*ping_seq)++; // Add our information pt_pkt = (ping_tunnel_pkt_t*)pkt->data; - pt_pkt->magic = htonl(magic); + pt_pkt->magic = htonl(opts.magic); pt_pkt->dst_ip = ip; pt_pkt->dst_port = htonl(port); pt_pkt->ack = htonl(ack_val); @@ -1176,7 +1163,7 @@ void handle_data(icmp_echo_packet_t *pkt, int total_len, forward_desc_t *ring[] */ expected_len += pt_pkt->data_len; expected_len += expected_len % 2; - if (use_udp) + if (opts.udp) expected_len -= sizeof(ip_packet_t); if (total_len < expected_len) { pt_log(kLog_error, "Packet not completely received: %d Should be: %d. For some reason, this error is fatal.\n", total_len, expected_len); @@ -1407,10 +1394,10 @@ void pt_log(int level, const char *fmt, ...) { int syslog_levels[] = {LOG_ERR, LOG_NOTICE, LOG_NOTICE, LOG_INFO, LOG_DEBUG, LOG_DEBUG}; #endif /* !WIN32 */ - if (level <= log_level) { + if (level <= opts.log_level) { va_start(args, fmt); #ifndef WIN32 - if (use_syslog) { + if (opts.use_syslog) { char log[255]; int header_len; header_len = snprintf(log,sizeof(log),"%s",header[level]); @@ -1419,14 +1406,14 @@ void pt_log(int level, const char *fmt, ...) { } else #endif /* !WIN32 */ - fprintf(log_file, "%s", header[level]), vfprintf(log_file, fmt, args); + fprintf(opts.log_file, "%s", header[level]), vfprintf(opts.log_file, fmt, args); va_end(args); #ifndef WIN32 - if (log_file != stdout && !use_syslog) + if (opts.log_file != stdout && !opts.use_syslog) #else - if (log_file != stdout) + if (opts.log_file != stdout) #endif - fflush(log_file); + fflush(opts.log_file); } } diff --git a/ptunnel.h b/ptunnel.h index f6f20fa..67f479d 100755..100644 --- a/ptunnel.h +++ b/ptunnel.h @@ -169,7 +169,6 @@ enum { kDNS_port = 53, }; -#define kPing_tunnel_magic 0xDEADC0DE // Resend packets after this interval (in seconds) #define kResend_interval 1.5 |