[Pkg-privacy-commits] [onioncat] 85/241: IPv6 routing table now is dynamic flat list in head routing table manipulation through controller or config file
Intrigeri
intrigeri at moszumanska.debian.org
Wed Aug 26 16:16:36 UTC 2015
This is an automated email from the git hooks/post-receive script.
intrigeri pushed a commit to branch upstream-master
in repository onioncat.
commit edd5b632f6ce32c53d9dce1cf6b405f22c49a51d
Author: eagle <eagle at 58e1ccc2-750e-0410-8d0d-f93ca75ab447>
Date: Sun Dec 7 15:30:04 2008 +0000
IPv6 routing table now is dynamic flat list in head
routing table manipulation through controller or config file
git-svn-id: https://www.cypherpunk.at/svn/onioncat/trunk@376 58e1ccc2-750e-0410-8d0d-f93ca75ab447
---
ChangeLog | 1 +
man/man1/ocat.1 | 17 +++++++-
src/ocat.c | 2 +-
src/ocat.h | 12 +++++-
src/ocatctrl.c | 73 ++++++++++++++------------------
src/ocatipv4route.c | 13 +++---
src/ocatipv6route.c | 120 +++++++++++++++++++++++++++++++++++++++++++++-------
7 files changed, 169 insertions(+), 69 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 1b09733..16a176a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
* version
+ - IPv6 routing table can be manipulated through controller or config file
- limited IPv6 routing capability
- keepalive sent after connection setup (eases identification for remote
ocat)
diff --git a/man/man1/ocat.1 b/man/man1/ocat.1
index 38d55ce..e9e8791 100644
--- a/man/man1/ocat.1
+++ b/man/man1/ocat.1
@@ -30,15 +30,28 @@ ocat \- OnionCat creates a transparent IPv6 layer on top of TOR's hidden service
.SH DESCRIPTION
OnionCat creates a transparent IPv6 layer on top of TOR's hidden services. It
transmits any kind of IP-based data transparently through the TOR network on a
-location hidden basis. You can think of it as a point-to-multipoint VPN
+location hidden basis. You can think of it as a point-to-multipoint VPN
between hidden services.
OnionCat is a stand-alone application which runs in userland and is a connector
-between TOR and the local OS. Any protocol which is based on IP can be
+between TOR and the local OS. Any protocol which is based on IP can be
transmitted. Of course, UDP and TCP (and probably ICMP) are the most important
ones but all other protocols can also be forwarded through it.
.TP
+\fB\-a\fR
+OnionCat creates a log file at $HOME/.ocat/connect_log. All incomming connects are
+log to that file. $HOME is determined from the user under which OnionCat runs (see option -u).
+.TP
+\fB\-b\fR
+Run OnionCat in background.
+.TP
+\fB\-C\fR
+Disable the local controller interface. The controller interfaces listens on localhost (127.0.0.1 and ::1 port 8066)
+for incomming connections. It's currently used for debugging purpose and not thread-safe and does not
+have any kind of authentication or authorization mechanism. Hence,
+it should not be used in production environments.
+.TP
\fB\-T\fR tun_dev
tun device file to open for creation of tun interface, defaults to
/dev/net/tun. Setup of a tun device needs root permissions. ocat automatically
diff --git a/src/ocat.c b/src/ocat.c
index bcde0cc..2bac31d 100644
--- a/src/ocat.c
+++ b/src/ocat.c
@@ -265,7 +265,7 @@ int main(int argc, char *argv[])
exit(0);
}
- log_msg(LOG_INFO, "%s (c) Bernhard R. Fischer -- compiled %s %s", PACKAGE_STRING, __DATE__, __TIME__);
+ log_msg(LOG_INFO, "%s (c) %s -- compiled %s %s", OCAT_AUTHOR, PACKAGE_STRING, __DATE__, __TIME__);
#if 0
if (CNF(config_file))
diff --git a/src/ocat.h b/src/ocat.h
index 7607cc3..e46c93a 100644
--- a/src/ocat.h
+++ b/src/ocat.h
@@ -75,6 +75,7 @@
#define OCAT_DIR ".ocat"
#define OCAT_CONNECT_LOG "connect_log"
#define PID_FILE "/var/run/ocat.pid"
+#define OCAT_AUTHOR "Bernhard R. Fischer"
//! Maximum frame (packet) size, should be able to keep one maximum size ipv6-packet: 2^16 + 40 + 4
#define FRAME_SIZE 65580
@@ -127,11 +128,14 @@
#define E_ETH_ILLPROTO -10
#define E_ETH_INTERCEPT -11
-
//! maximum number of MAC address entries in table
#define MAX_MAC_ENTRY 128
//! maximum age of MAC address in table
#define MAX_MAC_AGE 120
+/*
+//! maximum number of IPv6 routes
+#define MAX_IPV6_ROUTE 1024
+*/
#define IPV4_KEY 0
#define IPV6_KEY 1
@@ -239,9 +243,10 @@ typedef struct SocksQueue
int perm;
} SocksQueue_t;
+//! IPv4 routing table entry
typedef struct IPv4Route
{
- struct IPv4Route *next[2]; //!< next routes in binary tree
+ struct IPv4Route *next[2]; //!< pointer to next routes in binary tree
uint32_t dest;
uint32_t netmask;
struct in6_addr gw;
@@ -392,6 +397,7 @@ void *ocat_controller(void *);
void *ctrl_handler(void *);
int insert_peer(int, const SocksQueue_t *, time_t);
int run_local_listeners(short, int *, int (action_accept)(int));
+int send_keepalive(OcatPeer_t *);
/* ocatthread.c */
const OcatThread_t *init_ocat_thread(const char *);
@@ -446,6 +452,8 @@ int oe_remtr(char *);
/* ocatipv6route.c */
struct in6_addr *ipv6_lookup_route(const struct in6_addr *);
+void ipv6_print_routes(FILE *);
+int ipv6_parse_route(const char *);
#endif
diff --git a/src/ocatctrl.c b/src/ocatctrl.c
index 1b0b1a0..8930db5 100644
--- a/src/ocatctrl.c
+++ b/src/ocatctrl.c
@@ -15,7 +15,7 @@
* along with OnionCat. If not, see <http://www.gnu.org/licenses/>.
*/
-/*! ocatctrl.c
+/*! @file
* Contains functions for local controller interface.
*
* @author Bernhard Fischer <rahra _at_ cypherpunk at>
@@ -28,39 +28,23 @@
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
-//#include <fcntl.h>
#include <pthread.h>
#include <arpa/inet.h>
#include <errno.h>
-//#include <sys/time.h>
-//#include <sys/select.h>
-//#include <sys/types.h>
-//#include <sys/stat.h>
#include <sys/socket.h>
-//#include <sys/ioctl.h>
-//#ifdef HAVE_LINUX_SOCKIOS_H
-//#include <linux/sockios.h>
-//#endif
-//#ifdef HAVE_NETINET_IN_SYSTM_H
-//#include <netinet/in_systm.h>
-//#endif
-//#ifdef HAVE_NETINET_IP_H
-//#include <netinet/ip.h>
-//#endif
-
-//#include <net/ethernet.h>
#include "ocat.h"
-// file descriptors of control port
+//! file descriptors of control port
static int ctrlfd_[2];
-/**! ctrl_handler handles connections to local control port.
- * @param p void* typcasted to int contains fd of connected socket.
- * @return Currently always returns NULL.
+/*! ctrl_handler handles connections to local control port.
+ * @param p void* typcasted to int contains fd of connected socket.
+ * @return Currently always returns NULL.
+ *
+ * FIXME: ctrl_handler probably is not thread-safe.
*/
-// FIXME: ctrl_handler probably is not thread-safe.
void *ctrl_handler(void *p)
{
int fd, c;
@@ -74,7 +58,6 @@ void *ctrl_handler(void *p)
if ((rlen = pthread_detach(pthread_self())))
log_msg(LOG_ERR, "thread couldn't self-detach: \"%s\"", strerror(rlen));
- log_debug("thread detached");
fd = (int) p;
if (CNF(config_read))
@@ -84,7 +67,7 @@ void *ctrl_handler(void *p)
log_msg(LOG_ERR, "could not open %d for writing: %s", fd, strerror(errno));
return NULL;
}
- log_debug("fd %d fdopen'ed", fd);
+ log_debug("fd %d fdopen'ed \"r+\"", fd);
fo = ff;
}
else
@@ -95,11 +78,14 @@ void *ctrl_handler(void *p)
CNF(config_read) = 1;
return NULL;
}
- log_debug("fd %d fdopen'ed", fd);
+ log_debug("fd %d fdopen'ed \"r\"", fd);
fo = CNF(logf);
//CNF(config_read) = 1;
}
+ fprintf(fo, "%s (c) %s -- %s %s\n", PACKAGE_STRING, OCAT_AUTHOR, __DATE__, __TIME__);
+ fprintf(fo, "*** ATTENTION! Controller interface not thread-safe yet! Usage could cause deadlocks. ***\n");
+
for (;;)
{
if (CNF(config_read))
@@ -201,7 +187,8 @@ void *ctrl_handler(void *p)
{
if (rlen > 6)
{
- c = parse_route(&buf[6]);
+ if ((c = parse_route(&buf[6])) == E_RT_SYNTAX)
+ c = ipv6_parse_route(&buf[6]);
switch (c)
{
case E_RT_NOTORGW:
@@ -219,7 +206,10 @@ void *ctrl_handler(void *p)
fprintf(ff, "ERR %d %s\n", c, s);
}
else
+ {
print_routes(fo);
+ ipv6_print_routes(fo);
+ }
}
else if (!strcmp(buf, "connect"))
{
@@ -256,20 +246,21 @@ void *ctrl_handler(void *p)
{
fprintf(fo,
"commands:\n"
- "exit | quit exit from control interface\n"
- "terminate terminate OnionCat\n"
- "close <n> close file descriptor <n> of a peer\n"
- "status list peer status\n"
- "threads show active threads\n"
- "fds show open file descriptors (w/o peers)\n"
- "route [<dst IP> show routing table or add route\n"
- " <netmask>\n"
- " <IPv6 gw>]\n"
- "connect <.onion-URL> connect to a hidden service. if \"perm\" is set,\n"
- " [\"perm\"] connection will stay open forever\n"
- "macs show MAC address table\n"
- "setup show internal setup struct\n"
- "version show version\n"
+ "exit | quit .... exit from control interface\n"
+ "terminate ...... terminate OnionCat\n"
+ "close <n> ...... close file descriptor <n> of a peer\n"
+ "status ......... list peer status\n"
+ "threads ........ show active threads\n"
+ "fds ............ show open file descriptors (w/o peers)\n"
+ "route .......... show routing table\n"
+ "route <dst IP> <netmask> <IPv6 gw>\n"
+ " ............. add route to routing table\n"
+ "connect <.onion-URL> [\"perm\"]\n"
+ " ............. connect to a hidden service. if \"perm\" is set,\n"
+ " ............. connection will stay open forever\n"
+ "macs ........... show MAC address table\n"
+ "setup .......... show internal setup struct\n"
+ "version ........ show version\n"
);
}
else
diff --git a/src/ocatipv4route.c b/src/ocatipv4route.c
index d2c6e5d..eda7dd6 100644
--- a/src/ocatipv4route.c
+++ b/src/ocatipv4route.c
@@ -46,6 +46,9 @@ static IPv4Route_t *rroot_ = NULL;
static pthread_mutex_t route_mutex_ = PTHREAD_MUTEX_INITIALIZER;
+/*! Add an IPv4 route to IPv4 routing table.
+ * @return 0 on success or < 0 on failure.
+ */
int ipv4_add_route(IPv4Route_t *route, IPv4Route_t **root, uint32_t cur_nm)
{
if (!(*root))
@@ -61,14 +64,12 @@ int ipv4_add_route(IPv4Route_t *route, IPv4Route_t **root, uint32_t cur_nm)
if (route->netmask == cur_nm /*(*root)->netmask*/)
{
- //if (!memcmp(&(*root)->gw, &in6addr_any, sizeof(struct in6_addr)))
if (IN6_ARE_ADDR_EQUAL(&(*root)->gw, &in6addr_any))
{
memcpy(&(*root)->gw, &route->gw, sizeof(struct in6_addr));
return 0;
}
- //if (!memcmp(&(*root)->gw, &route->gw, sizeof(struct in6_addr)))
if (IN6_ARE_ADDR_EQUAL(&(*root)->gw, &route->gw))
return 0;
@@ -149,13 +150,11 @@ void ipv4_print(IPv4Route_t *route, void *f)
return;
iaddr.s_addr = htonl(route->dest);
- fprintf(f, "%s ", inet_ntoa(iaddr));
+ fprintf(f, "IN %s ", inet_ntoa(iaddr));
iaddr.s_addr = htonl(route->netmask);
fprintf(f, "%s ", inet_ntoa(iaddr));
inet_ntop(AF_INET6, &route->gw, addr, INET6_ADDRSTRLEN);
- fprintf(f, "%s", addr);
- fprintf(f, " %p", route);
- fprintf(f, "\n");
+ fprintf(f, "%s %p\n", addr, route);
}
@@ -174,7 +173,7 @@ int parse_route(const char *rs)
if (!rs)
return E_RT_NULLPTR;
- log_debug("parsing route \"%s\"", rs);
+ log_debug("IPv4 route parser: \"%s\"", rs);
strlcpy(buf, rs, strlen(rs) + 1);
if (!(s = strtok_r(buf, " \t", &b)))
diff --git a/src/ocatipv6route.c b/src/ocatipv6route.c
index 2eaf679..2bea9db 100644
--- a/src/ocatipv6route.c
+++ b/src/ocatipv6route.c
@@ -25,7 +25,11 @@
#include "config.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <arpa/inet.h>
#include <netinet/in.h>
+#include <errno.h>
#include "ocat.h"
@@ -33,32 +37,116 @@
/*! IPv6 Routing table. Each entry contains 3 values:
* destination network, prefix length, gateway
*/
-static IPv6Route_t v6route_[] =
-{
- // enter static IPv6 routes here for each host! (prefix lengths are not supported yet)
- //
- // sample entry
- // route 3001::1 via fd87:d87e:eb43:1e53:0c75:2a27:72dc:c9a8
- //
- //{{{{0x30,0x01,0,0,0,0,0,0,0,0,0,0,0,0,0,1}}}, 0, {{{0xfd,0x87,0xd8,0x7e,0xeb,0x43,0x1e,0x53,0x0c,0x75,0x2a,0x27,0x72,0xdc,0xc9,0xa8}}}},
-
- // do NOT remove this entry, it terminates the array!
- {IN6ADDR_ANY_INIT, 0, IN6ADDR_ANY_INIT}
-};
+static IPv6Route_t *v6route_ = NULL;
+static int v6route_cnt_ = 0;
+static pthread_mutex_t v6route_mutex_ = PTHREAD_MUTEX_INITIALIZER;
/*! Lookup IPv6 route.
*/
struct in6_addr *ipv6_lookup_route(const struct in6_addr *dest)
{
- int i;
+ int i, n;
- for (i = 0; !IN6_IS_ADDR_UNSPECIFIED(&v6route_[i].dest); i++)
+ pthread_mutex_lock(&v6route_mutex_);
+ n = v6route_cnt_;
+ //for (i = 0; !IN6_IS_ADDR_UNSPECIFIED(&v6route_[i].dest); i++)
+ for (i = 0; i < n; i++)
if (IN6_ARE_ADDR_EQUAL(&v6route_[i].dest, dest))
{
log_debug("IPv6 route found");
- return &v6route_[i].gw;
+ break;
+ //return &v6route_[i].gw;
}
- return NULL;
+ pthread_mutex_unlock(&v6route_mutex_);
+ return i < n ? &v6route_[i].gw : NULL;
+}
+
+
+/*! Add an IPv6 route to IPv6 routing table.
+ * @return -1 if table is full else return index of entry.
+ */
+int ipv6_add_route(const IPv6Route_t *route)
+{
+ int r = -1;
+ IPv6Route_t *rt;
+
+ pthread_mutex_lock(&v6route_mutex_);
+ if ((rt = realloc(v6route_, sizeof(IPv6Route_t) * (v6route_cnt_ + 1))))
+ {
+ v6route_ = rt;
+ r = v6route_cnt_;
+ memcpy(&v6route_[v6route_cnt_++], route, sizeof(IPv6Route_t));
+ }
+ pthread_mutex_unlock(&v6route_mutex_);
+ return r;
+}
+
+
+void ipv6_print(IPv6Route_t *route, void *f)
+{
+ char addr[INET6_ADDRSTRLEN];
+
+ inet_ntop(AF_INET6, &route->dest, addr, INET6_ADDRSTRLEN);
+ fprintf(f, "IN6 %s %3d ", addr, route->prefixlen);
+ inet_ntop(AF_INET6, &route->gw, addr, INET6_ADDRSTRLEN);
+ fprintf(f, "%s %p\n", addr, route);
+}
+
+
+void ipv6_print_routes(FILE *f)
+{
+ int i;
+
+ pthread_mutex_lock(&v6route_mutex_);
+ for (i = 0; i < v6route_cnt_; i++)
+ ipv6_print(&v6route_[i], f);
+ pthread_mutex_unlock(&v6route_mutex_);
+}
+
+
+/*! Parse IPv6 route and add it to routing table.
+ * @return index of routing table entry (>= 0) or an integer < 0 on failure.
+ */
+int ipv6_parse_route(const char *rs)
+{
+ char buf[strlen(rs) + 1], *s, *b;
+ IPv6Route_t route6;
+
+ if (!rs)
+ return E_RT_NULLPTR;
+
+ log_debug("IPv6 route parser: \"%s\"", rs);
+
+ strlcpy(buf, rs, strlen(rs) + 1);
+ if (!(s = strtok_r(buf, " \t", &b)))
+ return E_RT_SYNTAX;
+
+ if (inet_pton(AF_INET6, s, &route6.dest) != 1)
+ return E_RT_SYNTAX;
+
+ if (!(s = strtok_r(NULL, " \t", &b)))
+ return E_RT_SYNTAX;
+
+ errno = 0;
+ route6.prefixlen = strtol(s, NULL, 10);
+ if (errno)
+ return E_RT_SYNTAX;
+ if ((route6.prefixlen < 0) || (route6.prefixlen > 128))
+ return E_RT_ILLNM;
+
+ if (!(s = strtok_r(NULL, " \t", &b)))
+ return E_RT_SYNTAX;
+
+ if (inet_pton(AF_INET6, s, &route6.gw) != 1)
+ return E_RT_SYNTAX;
+
+ if (!has_tor_prefix(&route6.gw))
+ return E_RT_NOTORGW;
+
+ if (IN6_ARE_ADDR_EQUAL(&route6.gw, &CNF(ocat_addr)))
+ return E_RT_GWSELF;
+
+ return ipv6_add_route(&route6);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onioncat.git
More information about the Pkg-privacy-commits
mailing list