[Pkg-privacy-commits] [onioncat] 105/340: SOCKS destination IP configurable
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 13:04:29 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch debian
in repository onioncat.
commit 04353352c1b8425a622dd09f7173b60ee77d751d
Author: eagle <eagle at 58e1ccc2-750e-0410-8d0d-f93ca75ab447>
Date: Tue Dec 30 16:30:21 2008 +0000
SOCKS destination IP configurable
git-svn-id: http://www.cypherpunk.at/svn/onioncat/trunk@411 58e1ccc2-750e-0410-8d0d-f93ca75ab447
---
ChangeLog | 1 +
config.h.in | 3 ++
configure | 10 +++++
configure.ac | 1 +
src/Makefile.am | 2 +-
src/Makefile.in | 6 ++-
src/ocat.c | 15 +++++--
src/ocat.h | 8 +++-
src/ocaticmp.c | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/ocatpeer.c | 14 +++++-
src/ocatsetup.c | 36 ++++++++++++---
src/ocatsocks.c | 8 ++--
src/ocatthread.c | 3 +-
13 files changed, 221 insertions(+), 19 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ff4544e..c6370bb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
* version
+ - SOCKS destination IP configurable (v4 only)
- disabled self connections to root nodes
- fatal memory error in SOCKS queue fixed
- bugfix in ether_ntoa_r()
diff --git a/config.h.in b/config.h.in
index a849a50..5d2175e 100644
--- a/config.h.in
+++ b/config.h.in
@@ -117,6 +117,9 @@
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
+/* enable RTT measurement */
+#undef MEASURE_RTT
+
/* Name of package */
#undef PACKAGE
diff --git a/configure b/configure
index 4964f4e..e47b68f 100755
--- a/configure
+++ b/configure
@@ -1284,6 +1284,7 @@ Optional Features:
--enable-handle-http enable handling of accidental HTTP requests
--enable-packet-queue enable queueuing of packets while connecting setup
--disable-check-ipsrc disable source ip checking before forwarding
+ --enable-rtt enable inband RTT measurement
--disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors
@@ -2262,6 +2263,15 @@ _ACEOF
fi
+# Check whether --enable-rtt was given.
+if test "${enable_rtt+set}" = set; then
+ enableval=$enable_rtt;
+cat >>confdefs.h <<\_ACEOF
+#define MEASURE_RTT
+_ACEOF
+
+fi
+
# Checks for programs.
ac_ext=c
diff --git a/configure.ac b/configure.ac
index a46cd17..ed7ca31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -11,6 +11,7 @@ AC_ARG_ENABLE([packet-log], AC_HELP_STRING([--enable-packet-log], [enable packet
AC_ARG_ENABLE([handle-http], AC_HELP_STRING([--enable-handle-http], [enable handling of accidental HTTP requests]), AC_DEFINE([HANDLE_HTTP], [], [enable handling of accidental HTTP requests]))
AC_ARG_ENABLE([packet-queue], AC_HELP_STRING([--enable-packet-queue], [enable queueuing of packets while connecting setup]), AC_DEFINE([PACKET_QUEUE], [], [enable packet queue]))
AC_ARG_ENABLE([check-ipsrc], AC_HELP_STRING([--disable-check-ipsrc], [disable source ip checking before forwarding]), AC_DEFINE([CHECK_IPSRC], [], [disable source ip checking]))
+AC_ARG_ENABLE([rtt], AC_HELP_STRING([--enable-rtt], [enable inband RTT measurement]), AC_DEFINE([MEASURE_RTT], [], [enable RTT measurement]))
# Checks for programs.
AC_PROG_CC
diff --git a/src/Makefile.am b/src/Makefile.am
index 9d02e59..95b3b60 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,4 +1,4 @@
bin_PROGRAMS = ocat
-ocat_SOURCES = ocat.c ocatlog.c ocatroute.c ocatthread.c ocattun.c ocatv6conv.c ocatcompat.c ocatpeer.c ocatsetup.c ocatipv4route.c ocateth.c ocatsocks.c ocatlibe.c ocatctrl.c ocatipv6route.c
+ocat_SOURCES = ocat.c ocatlog.c ocatroute.c ocatthread.c ocattun.c ocatv6conv.c ocatcompat.c ocatpeer.c ocatsetup.c ocatipv4route.c ocateth.c ocatsocks.c ocatlibe.c ocatctrl.c ocatipv6route.c ocaticmp.c
include_HEADERS = ocat.h strlcpy.c strlcat.c
diff --git a/src/Makefile.in b/src/Makefile.in
index 164191b..48eaf6c 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -49,7 +49,8 @@ am_ocat_OBJECTS = ocat.$(OBJEXT) ocatlog.$(OBJEXT) ocatroute.$(OBJEXT) \
ocatthread.$(OBJEXT) ocattun.$(OBJEXT) ocatv6conv.$(OBJEXT) \
ocatcompat.$(OBJEXT) ocatpeer.$(OBJEXT) ocatsetup.$(OBJEXT) \
ocatipv4route.$(OBJEXT) ocateth.$(OBJEXT) ocatsocks.$(OBJEXT) \
- ocatlibe.$(OBJEXT) ocatctrl.$(OBJEXT) ocatipv6route.$(OBJEXT)
+ ocatlibe.$(OBJEXT) ocatctrl.$(OBJEXT) ocatipv6route.$(OBJEXT) \
+ ocaticmp.$(OBJEXT)
ocat_OBJECTS = $(am_ocat_OBJECTS)
ocat_LDADD = $(LDADD)
DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
@@ -156,7 +157,7 @@ sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-ocat_SOURCES = ocat.c ocatlog.c ocatroute.c ocatthread.c ocattun.c ocatv6conv.c ocatcompat.c ocatpeer.c ocatsetup.c ocatipv4route.c ocateth.c ocatsocks.c ocatlibe.c ocatctrl.c ocatipv6route.c
+ocat_SOURCES = ocat.c ocatlog.c ocatroute.c ocatthread.c ocattun.c ocatv6conv.c ocatcompat.c ocatpeer.c ocatsetup.c ocatipv4route.c ocateth.c ocatsocks.c ocatlibe.c ocatctrl.c ocatipv6route.c ocaticmp.c
include_HEADERS = ocat.h strlcpy.c strlcat.c
all: all-am
@@ -228,6 +229,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ocatcompat.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ocatctrl.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ocateth.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ocaticmp.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ocatipv4route.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ocatipv6route.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ocatlibe.Po at am__quote@
diff --git a/src/ocat.c b/src/ocat.c
index a0b1931..849567d 100644
--- a/src/ocat.c
+++ b/src/ocat.c
@@ -38,7 +38,7 @@ void usage(const char *s)
" -P <pid_file> create pid file at location of <pid_file> (default = %s)\n"
" -r run as root, i.e. do not change uid/gid\n"
" -s <port> set hidden service virtual port, default = %d\n"
- " -t <port> set tor SOCKS port, default = %d\n"
+ " -t [<ip>:]<port> set Tor SOCKS ip and port, default = %d\n"
#ifndef WITHOUT_TUN
" -T <tun_device> path to tun character device, default = \"%s\"\n"
#endif
@@ -48,7 +48,7 @@ void usage(const char *s)
// option defaults start here
OCAT_DIR, OCAT_CONNECT_LOG, CNF(create_clog), CNF(debug_level), CNF(ocat_listen_port),
CNF(pid_file),
- CNF(ocat_dest_port), CNF(tor_socks_port),
+ CNF(ocat_dest_port), ((struct sockaddr_in*) CNF(socks_dst))->sin_port,
#ifndef WITHOUT_TUN
TUN_DEV,
#endif
@@ -188,7 +188,16 @@ int main(int argc, char *argv[])
break;
case 't':
- CNF(tor_socks_port) = atoi(optarg);
+ s = optarg;
+ if (strchr(optarg, ':'))
+ {
+ s = strtok(optarg, ":");
+ if (!inet_pton(AF_INET, optarg, &((struct sockaddr_in*) CNF(socks_dst))->sin_addr))
+ log_msg(LOG_ALERT, "\"%s\" is not a valid IPv4 address", optarg), exit(1);
+ s = strtok(NULL, ":");
+ }
+
+ ((struct sockaddr_in*) CNF(socks_dst))->sin_port = htons(atoi(s));
break;
#ifndef WITHOUT_TUN
diff --git a/src/ocat.h b/src/ocat.h
index 2f753c2..b2cd48e 100644
--- a/src/ocat.h
+++ b/src/ocat.h
@@ -211,7 +211,7 @@ struct OcatSetup
uint32_t fhd_key[2];
int fhd_key_len;
//! TCP port of SOCKS port of local Tor proxy
- uint16_t tor_socks_port;
+ //uint16_t tor_socks_port;
//! reload port of OnionCat listening for connections
uint16_t ocat_listen_port;
//! virtual port of OnionCat hidden service
@@ -248,6 +248,8 @@ struct OcatSetup
#define ROOT_PEERS 2
struct in6_addr root_peer[ROOT_PEERS];
time_t uptime;
+ char *frandn;
+ struct sockaddr *socks_dst;
};
#ifdef PACKET_QUEUE
@@ -512,6 +514,10 @@ int ndp_solicit(const struct in6_addr *, const struct in6_addr *);
#ifndef HAVE_ETHER_NTOA_R
char *ether_ntoa_r(const struct ether_addr *, char *);
#endif
+uint16_t checksum(const uint16_t *, int);
+void free_ckbuf(uint16_t *);
+uint16_t *malloc_ckbuf(const struct in6_addr *, const struct in6_addr *, uint16_t, uint8_t, const void *);
+
/* ocatsocks.c */
void socks_queue(struct in6_addr, int);
diff --git a/src/ocaticmp.c b/src/ocaticmp.c
new file mode 100644
index 0000000..4448aa8
--- /dev/null
+++ b/src/ocaticmp.c
@@ -0,0 +1,133 @@
+/* Copyright 2008 Bernhard R. Fischer, Daniel Haslinger.
+ *
+ * This file is part of OnionCat.
+ *
+ * OnionCat is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3 of the License.
+ *
+ * OnionCat is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with OnionCat. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*! @file
+ * Contains functions for internal echo request/responses
+ *
+ * @author Bernhard Fischer <rahra _at_ cypherpunk at>
+ * @version 2008/10/10
+ */
+
+#ifdef MEASURE_RTT
+
+#include "ocat.h"
+
+
+#define ECHO_SIZE 400
+#define E_ECHO_NOMEM -1
+#define E_ECHO_DUP -2
+
+
+typedef struct IcmpTree
+{
+ struct IcmpTree *next[2];
+ uint32_t idseq;
+ struct timeval tv;
+} IcmpTree_t;
+
+
+static IcmpTree_t *itree_ = NULL;
+
+
+IcmpTree_t *get_icmp(IcmpTree_t *tree, uint32_t id)
+{
+ if (!tree)
+ return NULL;
+
+ if (tree->idseq == id)
+ return tree;
+
+ return get_icmp(tree->next[tree->idseq > id], id);
+}
+
+
+int reg_icmp(IcmpTree_t **tree, uint32_t id)
+{
+ if (!(*tree))
+ {
+ if (!(*tree = malloc(sizeof(IcmpTree_t))))
+ {
+ log_msg(LOG_ERR, "error allocating icmp tree: \"%s\"", strerror(errno));
+ return E_ECHO_NOMEM;
+ }
+ (*tree)->next[0] = (*tree)->next[1] = NULL;
+ (*tree)->idseq = 0;
+ }
+
+ if (!(*tree)->idseq)
+ {
+ (*tree)->idseq = id;
+ if (gettimeofday(&(*tree)->tv, NULL) == -1)
+ log_msg(LOG_ERR, "gettimeofday: \"%s\"", strerror(errno));
+ return 0;
+ }
+
+ if (id == (*tree)->idseq)
+ {
+ log_debug("duplicate icmp id 0x%08x", id);
+ return E_ECHO_DUP;
+ }
+
+ return reg_icmp(&(*tree)->next[(*tree)->idseq > id], id);
+}
+
+
+uint16_t ocat_rand(void)
+{
+ return rand();
+}
+
+
+uint64_t icmp_data(void)
+{
+ return 0x28af362ee6d0937eLL;
+}
+
+
+int ocat_echo_request(void)
+{
+ char buf[ECHO_SIZE];
+ struct ip6_hdr *hdr = (struct ip6_hdr*) buf;
+ struct icmp6_hdr *icmp = (struct icmp6_hdr*) (hdr + 1);
+ uint16_t *ckb;
+
+ memset(buf, ECHO_SIZE, 0);
+ hdr->ip6_vfc = 0x60;
+ hdr->ip6_nxt = IPPROTO_ICMPV6;
+ hdr->ip6_plen = htons(ECHO_SIZE - sizeof(struct ip6_hdr));
+ hdr->ip6_hlim = 255;
+ icmp->icmp6_type = ICMP6_ECHO_REQUEST;
+
+ for (;;)
+ {
+ icmp->icmp6_id = ocat_rand();
+ icmp->icmp6_seq = ocat_rand();
+ log_debug("registering icmp, id = %d, seq = %d", icmp->icmp6_id, icmp->icmp6_seq);
+ if (!reg_icmp(&itree_, ((uint32_t) icmp->icmp6_id << 16) | icmp->icmp6_seq))
+ break;
+ }
+
+ // calculate checksum
+ ckb = malloc_ckbuf(&hdr->ip6_src, &hdr->ip6_dst, ntohs(hdr->ip6_plen), IPPROTO_ICMPV6, icmp);
+ icmp->icmp6_cksum = checksum(ckb, ntohs(hdr->ip6_plen) + sizeof(struct ip6_psh));
+ free_ckbuf(ckb);
+
+ return 0;
+}
+
+#endif
+
diff --git a/src/ocatpeer.c b/src/ocatpeer.c
index c9231e1..251e258 100644
--- a/src/ocatpeer.c
+++ b/src/ocatpeer.c
@@ -33,42 +33,52 @@ static OcatPeer_t *peer_ = NULL;
static pthread_mutex_t peer_mutex_ = PTHREAD_MUTEX_INITIALIZER;
+/*! Return pointer to first peer. */
OcatPeer_t *get_first_peer(void)
{
return peer_;
}
+/*! Return double pointer to first peer. */
OcatPeer_t **get_first_peer_ptr(void)
{
return &peer_;
}
+/*! Lock complete peer list. */
int lock_peers(void)
{
return pthread_mutex_lock(&peer_mutex_);
}
+/*! Unlock peer list. */
int unlock_peers(void)
{
return pthread_mutex_unlock(&peer_mutex_);
}
+/*! Lock specific peer. Peer list MUST be locked before and
+ * maybe unlock directly after lock_peer(). */
int lock_peer(OcatPeer_t *peer)
{
return pthread_mutex_lock(&peer->mutex);
}
+/*! Unlock secific peer. Lock must NOT be reclaimed without
+ * calling lock_peers() before! */
int unlock_peer(OcatPeer_t *peer)
{
return pthread_mutex_unlock(&peer->mutex);
}
+/*! Search a specific peer by IPv6 address.
+ * Peer list MUST be locked before. */
OcatPeer_t *search_peer(const struct in6_addr *addr)
{
OcatPeer_t *peer;
@@ -81,6 +91,8 @@ OcatPeer_t *search_peer(const struct in6_addr *addr)
}
+/*! Create a new empty peer and add it to the peer list.
+ * Peer list MUST be locked befored. */
OcatPeer_t *get_empty_peer(void)
{
int rc;
@@ -108,7 +120,7 @@ OcatPeer_t *get_empty_peer(void)
}
-/** peer list must be locked with lock_peers() in advance!
+/*! peer list MUST be locked with lock_peers() in advance!
* @param peer pointer to peer that shall be deleted.
*/
void delete_peer(OcatPeer_t *peer)
diff --git a/src/ocatsetup.c b/src/ocatsetup.c
index 629ad86..46b8660 100644
--- a/src/ocatsetup.c
+++ b/src/ocatsetup.c
@@ -31,7 +31,8 @@ struct OcatSetup setup_ =
{0, 0},
// fhd_key_len
sizeof(uint32_t),
- TOR_SOCKS_PORT, OCAT_LISTEN_PORT, OCAT_DEST_PORT, OCAT_CTRL_PORT,
+ //TOR_SOCKS_PORT,
+ OCAT_LISTEN_PORT, OCAT_DEST_PORT, OCAT_CTRL_PORT,
//! default tunfd is stdin/stdout
{0, 1},
//! default debug level
@@ -50,14 +51,26 @@ struct OcatSetup setup_ =
{{{0xfd, 0x87, 0xd8, 0x7e, 0xeb, 0x43,
0xf6, 0x83, 0x64, 0xac, 0x73, 0xf9, 0x61, 0xac, 0x9a, 0x00}}} // initial permanent peer "62bwjldt7fq2zgqa" (dot.cat)
},
- 0
+ 0,
+ "/dev/urandom",
+ NULL
};
+static struct sockaddr_in socks_dst_;
+
void init_setup(void)
{
setup_.logf = stderr;
setup_.uptime = time(NULL);
+
+ socks_dst_.sin_family = AF_INET;
+ socks_dst_.sin_port = htons(TOR_SOCKS_PORT);
+ socks_dst_.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+#ifdef HAVE_SIN_LEN
+ socks_dst_.sin_len = sizeof(socks_dst_);
+#endif
+ setup_.socks_dst = (struct sockaddr*) &socks_dst_;
}
@@ -65,7 +78,7 @@ void init_setup(void)
void print_setup_struct(FILE *f)
{
- char ip[SBUF], nm[SBUF], ip6[SBUF], logf[SBUF], hw[SBUF], rp[SBUF];
+ char ip[SBUF], nm[SBUF], ip6[SBUF], logf[SBUF], hw[SBUF], rp[SBUF], sk[SBUF];
int i, t;
inet_ntop(AF_INET, &setup_.ocat_addr4, ip, SBUF);
@@ -80,11 +93,13 @@ void print_setup_struct(FILE *f)
t = time(NULL) - setup_.uptime;
+ inet_ntop(socks_dst_.sin_family, &socks_dst_.sin_addr, sk, SBUF);
+
fprintf(f,
"fhd_key[IPV4(%d)] = 0x%04x\n"
"fhd_key[IPV6(%d)] = 0x%04x\n"
"fhd_key_len = %d\n"
- "tor_socks_port = %d\n"
+ //"tor_socks_port = %d\n"
"ocat_listen_port = %d\n"
"ocat_dest_port = %d\n"
"ocat_ctrl_port = %d\n"
@@ -110,11 +125,15 @@ void print_setup_struct(FILE *f)
"logfn = \"%s\"\n"
"logf = %s\n"
"daemon = %d\n"
- "uptime = %d days, %d:%02d\n",
+ "uptime = %d days, %d:%02d\n"
+ "socks_dst.sin_family = %d\n"
+ "socks_dst.sin_port = %d\n"
+ "socks_dst.sin_addr = %s\n",
+
IPV4_KEY, ntohl(setup_.fhd_key[IPV4_KEY]), IPV6_KEY, ntohl(setup_.fhd_key[IPV6_KEY]),
setup_.fhd_key_len,
- setup_.tor_socks_port,
+ //setup_.tor_socks_port,
setup_.ocat_listen_port,
setup_.ocat_dest_port,
setup_.ocat_ctrl_port,
@@ -139,7 +158,10 @@ void print_setup_struct(FILE *f)
setup_.logfn,
logf,
setup_.daemon,
- t / (3600 * 24), t / 3600 % 24, t / 60 % 60
+ t / (3600 * 24), t / 3600 % 24, t / 60 % 60,
+ ((struct sockaddr_in*) setup_.socks_dst)->sin_family,
+ ntohs(((struct sockaddr_in*) setup_.socks_dst)->sin_port),
+ sk
);
for (i = 0; i < ROOT_PEERS; i++)
diff --git a/src/ocatsocks.c b/src/ocatsocks.c
index 0f36b51..3959370 100644
--- a/src/ocatsocks.c
+++ b/src/ocatsocks.c
@@ -36,12 +36,13 @@ static pthread_cond_t socks_queue_cond_ = PTHREAD_COND_INITIALIZER;
int socks_connect(const SocksQueue_t *sq)
{
- struct sockaddr_in in;
+// struct sockaddr_in in;
int fd, t, len;
char buf[FRAME_SIZE], onion[ONION_NAME_SIZE];
SocksHdr_t *shdr = (SocksHdr_t*) buf;
OcatPeer_t *peer;
+ /*
memset(&in, 0, sizeof(in));
in.sin_family = AF_INET;
in.sin_port = htons(CNF(tor_socks_port));
@@ -49,6 +50,7 @@ int socks_connect(const SocksQueue_t *sq)
#ifdef HAVE_SIN_LEN
in.sin_len = sizeof(in);
#endif
+*/
ipv6tonion(&sq->addr, onion);
strlcat(onion, ".onion", sizeof(onion));
@@ -59,9 +61,9 @@ int socks_connect(const SocksQueue_t *sq)
return E_SOCKS_SOCK;
t = time(NULL);
- if (connect(fd, (struct sockaddr*) &in, sizeof(in)) == -1)
+ if (connect(fd, CNF(socks_dst), sizeof(*CNF(socks_dst))) == -1)
{
- log_msg(LOG_ERR, "connect() to TOR's SOCKS port %d failed: \"%s\". Sleeping for %d seconds.", CNF(tor_socks_port), strerror(errno), TOR_SOCKS_CONN_TIMEOUT);
+ log_msg(LOG_ERR, "connect() to TOR's SOCKS port %d failed: \"%s\". Sleeping for %d seconds.", ntohs(((struct sockaddr_in*) CNF(socks_dst))->sin_port), strerror(errno), TOR_SOCKS_CONN_TIMEOUT);
oe_close(fd);
sleep(TOR_SOCKS_CONN_TIMEOUT);
return E_SOCKS_CONN;
diff --git a/src/ocatthread.c b/src/ocatthread.c
index 796d698..886c41c 100644
--- a/src/ocatthread.c
+++ b/src/ocatthread.c
@@ -16,7 +16,8 @@
*/
/*! ocatthread.c
- * contains thread management functions.
+ * contains thread management functions. Basically these are
+ * wrapper functions around create_pthread.
*
* @author Bernhard R. Fischer <rahra _at_ cypherpunk at>
* @version 2008/02/03-01
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onioncat.git
More information about the Pkg-privacy-commits
mailing list