diff options
| -rw-r--r-- | ChangeLog | 18 | ||||
| -rw-r--r-- | configure.ac | 22 | ||||
| -rw-r--r-- | src/ptunnel-ng.8 | 197 |
3 files changed, 186 insertions, 51 deletions
@@ -1,3 +1,21 @@ +PingTunnel-NG Changelog +======================= + +1.00 - 18. December 2017 +- First public release +- Fixes a exploitable memory leak (proxy/forwarder) if using password + protected challenge response authentication. +- Fixes an invalid memory write during a pcap capture. +- Full source refactoring. The code should be more readable imho. +- This project is now Autotools based. + Disable optional features: SeLinux, pcap. +- Removed an already disabled and highly buggy feature: kPT_add_iphdr +- Added a more "GNU" alike option parsing. +- Support a user defined PingTunnel-NG magic value which is required + for bypassing Cisco IPS (and maybe other IDS/IPS/Firewalls). + This feature was well tested against Cisco's "IronPort" which + scans for fingerprints in an ICMP packet (PingTunnel magic value). + PingTunnel Changelog ==================== diff --git a/configure.ac b/configure.ac index 85d2539..8c0dce5 100644 --- a/configure.ac +++ b/configure.ac @@ -26,6 +26,7 @@ esac AM_SILENT_RULES([yes]) AM_INIT_AUTOMAKE AC_PROG_INSTALL +AC_USE_SYSTEM_EXTENSIONS AC_C_CONST AC_C_INLINE AC_TYPE_SIZE_T @@ -41,13 +42,30 @@ if test x"${use_msw}" != x"yes"; then [AC_MSG_ERROR([Missing essential non-Windows std headers.])]) AC_SEARCH_LIBS([pthread_create], [pthread],, [AC_MSG_ERROR([Missing pthread library.])],) - AC_CHECK_FUNCS([pthread_mutex_init pthread_mutex_lock pthread_mutex_unlock],, + AC_CHECK_FUNCS([pthread_mutex_init pthread_mutex_lock pthread_mutex_unlock syslog],, [AC_MSG_ERROR([Missing essential pthread functions.])]) else AC_CHECK_HEADERS([winsock2.h windows.h ws2tcpip.h],, [AC_MSG_ERROR([Missing essential Windows std headers.])]) fi +AC_MSG_CHECKING([for GNU getopt_long]) +AC_COMPILE_IFELSE( +[AC_LANG_PROGRAM([[ +#include <stdlib.h> +#include <getopt.h> +struct option long_options[] = { + {"opt1", required_argument, 0, 'a'}, + {"opt2", optional_argument, 0, 'b'}, + {"opt3", no_argument, 0, 'c'} +}; +void parse_opts(int argc, char **argv) { + getopt_long(argc, argv, "a:b::c", &long_options[0], &optind); +} +]], [])] +,[AC_MSG_RESULT([yes])] +,[AC_MSG_ERROR([Your compiler does not support \`_GNU_SOURCE\`.])]) + dnl Check timeval struct members. AC_CHECK_MEMBER([struct timeval.tv_sec], [], [AC_MSG_ERROR([Invalid \`struct timeval\` structure.])], @@ -84,7 +102,7 @@ struct foo { ,[AC_MSG_ERROR([Your compiler does not support \`__attribute__ ((packed))\`.])]) dnl Check for std functions. -AC_CHECK_FUNCS([malloc calloc free memcpy memset signal printf sprintf vsnprintf strerror strlen strncmp strstr strtol strtoul fopen fprintf gettimeofday close fclose exit],, +AC_CHECK_FUNCS([malloc calloc free memcpy memset signal printf sprintf vsnprintf strerror strlen strncmp strstr strtol strtoul fopen fprintf gettimeofday close fclose exit getopt_long],, [AC_MSG_ERROR([Missing essential std functions.])]) dnl `--disable-pcap`: Enabled if found. diff --git a/src/ptunnel-ng.8 b/src/ptunnel-ng.8 index 2377b2f..5388cfd 100644 --- a/src/ptunnel-ng.8 +++ b/src/ptunnel-ng.8 @@ -1,78 +1,171 @@ -.TH ptunnel 8 "September 5, 2011" "Version 0.72" "Yellow Lemon Software" +.TH ptunnel-ng 8 "December 19, 2017" "Version 1.00" .SH NAME -ptunnel \- tunnel TCP connections over ICMP echo request/reply packets. +ptunnel-ng \- tunnel TCP connections over ICMP echo request/reply packets. .SH SYNOPSIS -.B ptunnel -\-p proxy_address \-lp listen_port \-da destination_address \-dp dest_port [\-c network_device] [\-v verbosity] [\-f file] [\-udp] [\-syslog] - -.B ptunnel -[\-c network_device] [\-v verbosity] [\-f file] [\-udp] [\-syslog] [\-daemon file] - -.B ptunnel -[\-u] [\-x password] [\-setuid user] [\-setgid group] [\-chroot dir] [\-setcon context] - -.B ptunnel -\-h +.na +.B ptunnel-ng +\-p <address> \-l <port> \-r<address> \-R<port> [\-m <magic>] [\-c <connections>] [\-v <level>] [\-L <interface>] [\-o<file>] [\-s] [\-P <password>] [\-\-udp] [\-\-unprivileged] [\-d<pidfile>] [\-S] [\-u<user>] [\-g<group>] [\-C<directory>] [\-e<context>] [\-h <help>] .SH DESCRIPTION +PingTunnel-NG is a fork from the famous PingTunnel with the aim of an improved and refactored code base and some additional features. +.PP ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in handy in some cases. The following example illustrates the main motivation in creating ptunnel: .PP Setting: You're on the go, and stumble across an open wireless network. The network gives you an IP address, but won't let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP. .SH OPTIONS .TP -.SH Client options: +.SH Client options only: +.TP +.B \-p +.PD 0 .TP -.B \-p proxy_address +.BI \-\-proxy= proxy_address +.PD Specify the host on which the proxy is running. .TP -.B \-lp listen_port +.B \-l +.PD 0 +.TP +.BI \-\-listen= listen_port +.PD Specifies the port on which the client will listen for incoming TCP connections. .TP -.B \-da destination_addr +.B \-s +.PD 0 +.TP +.BI \-\-statistics +.PD +Enables continuous output of statistics (packet loss, etc.) +.TP +.SH Server and Client options: +.TP +.B \-m +.PD 0 +.TP +.BI \-\-magic= magic_value +.PD +Sets a different magic value which can be used to bypass Cisco's IPS. It may also work for other IDS/IPS/Firewalls. +.br +.B Remember: This value has to be the same on the server and client! +.TP +.B \-r +.PD 0 +.TP +.BI \-\-remote\-adr= destination_addr +.PD Specifies the address to which you want your packets tunneled after reaching the proxy when in client mode, or restricts the destination packets can be forwarded to when in server mode. .TP -.B \-dp destination_port +.B \-R +.PD 0 +.TP +.BI \-\-remote\-port= destination_port +.PD Specifies/restrict the port that the proxy should tunnel the TCP connection to. .TP -.SH Shared options: +.B \-c +.PD 0 .TP -.B \-c network_device -Specify the network interface to capture packets from. Note that packet capturing isn't always necessary, but you should try this if you experience problems with ptunnel. +.BI \-\-connections= max_value +.PD +Set the maximum of concurrent tunnels. .TP -.B \-v verbosity +.B \-v +.PD 0 +.TP +.BI \-\-verbosity= level +.PD Controls the verbosity level. \-1 is no output, 0 shows errors only, 1 shows info messages, 2 gives more output, 3 provides even more output, level 4 displays debug info and level 5 displays absolutely everything, including the nasty details of sends and receives. .TP -.B \-udp -Enables tunneling over UDP port 53 (DNS) instead of using ICMP. This will only work if your proxy can accept incoming traffic on port 53, and the client is able to send data to the proxy on port 53. Note that this option does not wrap ptunnel's data in DNS\-compliant packets. This option must be given on both the proxy and client side for things to work correctly. +.B \-L +.PD 0 .TP -.B \-syslog (Not available on Windows.) -Changes logging to use the built\-in syslog fascility. +.BI \-\-libpcap= network_device +.PD +Specify the network interface to capture packets from. Note that packet capturing isn't always necessary, but you should try this if you experience problems with ptunnel. .TP -.B \-daemon file (Not available on Windows.) -Run in background, writing PID in file. +.B \-o +.PD 0 .TP -.B \-u -Attempts to run ptunnel without privileges. This doesn't usually work! On UNIX systems please consider using the following three options instead: +.BI \-\-logfile= logfile +.PD +Specify a file to log to, rather than printing to standard out. .TP -.B \-setuid user (Not available on Windows.) -When started in privileged mode, drop down to user's rights as soon as possible. +.B \-P +.PD 0 .TP -.B \-setgid group (Not available on Windows.) -When started in privileged mode, drop down to group's rights as soon as possible. +.BI \-\-passwd= secret_password +.PD +Set a password (must be same on client and proxy) which will be used for the challenge response authentication. The program will try to hide the password from `/proc/PID/cmdline` but it may not work for ld wrapper or debugging/profiling tools like valgrind. .TP -.B \-chroot dir (Not available on Windows.) -When started in privileged mode, restrict file access to the specified directory. +.BI \-\-udp +.br +.PD +Enables tunneling over UDP port 53 (DNS) instead of using ICMP. This will only work if your proxy can accept incoming traffic on port 53, and the client is able to send data to the proxy on port 53. Note that this option does not wrap ptunnel's data in DNS\-compliant packets. This option must be given on both the proxy and client side for things to work correctly. +.TP +.BI \-\-unprivileged +.PD +Run proxy in unprivileged mode. This causes the proxy to forward packets using standard echo requests, instead of crafting custom echo replies. Unprivileged mode will only work on some systems, and is in general less reliable than running in privileged mode. .TP -.B \-setcon context (Not available on Windows.) -Set SELinux context when all there is left to do are network I/O operations. -In order to be able to combine with \-chroot you will have to `mount --bind /proc /chrootdir/proc` +.B \-d +.PD 0 .TP -.B \-x password -Specifies a password or passphrase to use. This will allow you to protect the proxy from use by others who don't know the password. It needs to be specified on both proxy and client. +.BI \-\-daemon= pidfile +.PD +.B (Not available on Windows.) +.br +Run in background, writing PID to a pidfile. .TP -.B \-f file -Specifies a log file. If you specify \-syslog, syslog is always used instead. +.B \-S +.PD 0 +.TP +.BI \-\-syslog +.PD +.B (Not available on Windows.) +.br +Changes logging to use the built\-in syslog fascility. +.TP +.B \-u +.PD 0 +.TP +.BI \-\-user= username +.PD +.B (Not available on Windows.) +.br +When started in privileged mode (as root), drop down to user's rights as soon as possible. +.TP +.B \-g +.PD 0 +.TP +.BI \-\-group= groupname +.PD +.B (Not available on Windows.) +.br +When started in privileged mode (as root), drop down to group's rights as soon as possible. If you set +.B \-\-user +it is not required to set this option too. The program will use the group associated with that user. +.TP +.B \-C +.PD 0 +.TP +.BI \-\-chroot= directory +.PD +.B (Not available on Windows.) +.br +When started in privileged mode (as root), restrict file access to the specified directory. +.TP +.B \-e +.PD 0 +.TP +.BI \-\-setcon= context +.PD +.B (Only available on Linux.) +.br +Set SELinux context when all there is left to do are network I/O operations. In order to be able to combine with \-\-chroot you will have to `mount \-\-bind /proc /chrootdir/proc`. .TP .B \-h +.PD 0 +.TP +.BI \-\-help +.br Displays brief usage information. .SH EXAMPLES @@ -95,13 +188,16 @@ If you find that the proxy isn't working, you will need to enable packet capturi To protect yourself from others using your proxy, you can protect access to it with a password using the <tt>\-x</tt> switch. The password is never sent in the clear, but keep in mind that it may be visible from tools like top or ps, which can display the command line used to start an application. .SH EXIT STATUS -.B ptunnel -does not exit until forced to do so by an interrupt (Ctrl\-C) or if it crashes. +.B ptunnel-ng +does only exit if an invalid command line option is found or a fatal error during the initialisation process occurred. If this happens the exit value should always be non zero. +The program does not exit until forced to do so by an external SIGNAL or if it crashes. .SH BUGS -.B ptunnel +.B ptunnel-ng currently does not handle packet capturing on network interfaces other than ethernet or wireless correctly. .SH AUTHORS AND CONTRIBUTORS -Daniel Stoedle (daniels@cs.uit.no) +PingTunnel-NG: Toni Uhlig (matzeton@googlemail.com) + +PingTunnel: Daniel Stoedle (daniels@cs.uit.no) Windows port: Mike Miller (mike@mikeage.net) @@ -110,14 +206,17 @@ SELinux support: Sebastien Raveau (sebastien.raveau@epita.fr) Patches: Joe McKenzie, Steffen Wendzel and StalkR. .SH LICENSE -.B ptunnel +.B ptunnel-ng is licensed under the BSD License. .SH AVAILABILITY .TP +The ptunnel-ng homepage is currently located here: +https://github.com/lnslbrty/ptunnel-ng +.TP The ptunnel homepage is currently located here: http://www.cs.uit.no/~daniels/PingTunnel/ .TP The freshmeat project page is located here: http://freshmeat.net/projects/ptunnel/ .PP -Please take the time to rate ptunnel if you find it useful. Thanks! +Please take the time to rate ptunnel or ptunnel-ng if you find it useful. Thanks! |