From fdc6a2f106315cd9ed22943d8c0bd279631e66b4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 Aug 2000 14:52:16 +0000 Subject: [PATCH] - Added experimental hackish tunneling-over-TCP support. Just use TCPonly = true in the configuration file. --- src/conf.c | 3 +- src/conf.h | 3 +- src/net.c | 17 +++++++--- src/net.h | 3 +- src/protocol.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++---- src/protocol.h | 3 +- 6 files changed, 103 insertions(+), 16 deletions(-) diff --git a/src/conf.c b/src/conf.c index 9bc25a7..3b1eb49 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.6 2000/07/02 13:36:18 guus Exp $ + $Id: conf.c,v 1.9.4.7 2000/08/07 14:52:14 guus Exp $ */ @@ -71,6 +71,7 @@ static internal_config_t hazahaza[] = { { "VpnMask", vpnmask, TYPE_IP }, { "Hostnames", resolve_dns, TYPE_BOOL }, { "IndirectData", indirectdata, TYPE_BOOL }, + { "TCPonly", tcponly, TYPE_BOOL }, { NULL, 0, 0 } }; diff --git a/src/conf.h b/src/conf.h index 1d75859..9402090 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.5 2000/06/30 11:45:14 guus Exp $ + $Id: conf.h,v 1.6.4.6 2000/08/07 14:52:14 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -49,6 +49,7 @@ typedef enum which_t { vpnmask, resolve_dns, indirectdata, + tcponly, } which_t; typedef struct config_t { diff --git a/src/net.c b/src/net.c index dce4ae4..93be1cb 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.20 2000/07/02 13:40:57 guus Exp $ + $Id: net.c,v 1.35.4.21 2000/08/07 14:52:15 guus Exp $ */ #include "config.h" @@ -107,16 +107,19 @@ cp syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), ntohs(rp.len), cl->vpn_hostname, cl->real_hostname); + total_socket_out += r; + + cl->want_ping = 1; + + if((cl->flags | myself->flags) & TCPONLY) + return send_tcppacket(cl, packet, ntohs(rp.len)); + if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->vpn_hostname, cl->real_hostname); return -1; } - - total_socket_out += r; - - cl->want_ping = 1; cp return 0; } @@ -606,6 +609,10 @@ cp if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; + if(cfg = get_config_val(tcponly)) + if(cfg->data.val == stupid_true) + myself->flags |= TCPONLY; + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening socket")); diff --git a/src/net.h b/src/net.h index a74a9f9..40bc934 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.6 2000/07/01 07:49:21 guus Exp $ + $Id: net.h,v 1.9.4.7 2000/08/07 14:52:15 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -50,6 +50,7 @@ /* flags */ #define INDIRECTDATA 0x0001 /* Used to indicate that this host has to be reached indirect */ #define EXPORTINDIRECTDATA 0x0002 /* Used to indicate uplink that it has to tell others to do INDIRECTDATA */ +#define TCPONLY 0x0004 /* Tells sender to send packets over TCP instead of UDP (for firewalls) */ typedef unsigned long ip_t; typedef short length_t; diff --git a/src/protocol.c b/src/protocol.c index 3c20f3b..a3fa5f1 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.19 2000/06/30 21:03:51 guus Exp $ + $Id: protocol.c,v 1.28.4.20 2000/08/07 14:52:15 guus Exp $ */ #include "config.h" @@ -120,6 +120,32 @@ cp return 0; } +/* Evil hack - TCP tunneling is bad */ +int send_tcppacket(conn_list_t *cl, void *data, int len) +{ +cp + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending PACKET to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + + buflen = snprintf(buffer, MAXBUFSIZE, "%d %d\n", PACKET, len); + + if((write(cl->meta_socket, buffer, buflen)) < 0) + { + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); + return -1; + } + + if((write(cl->meta_socket, data, len)) < 0) + { + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); + return -1; + } + +cp + return 0; +} + int send_ping(conn_list_t *cl) { cp @@ -638,6 +664,50 @@ cp return 0; } +int tcppacket_h(conn_list_t *cl) +{ + char packet[1600]; + int len; +cp + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized PACKET from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + if(sscanf(cl->buffer, "%*d %d", &len) != 1) + { + syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + if(len>1600) + { + syslog(LOG_ERR, _("Got too big PACKET from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got PACKET from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + + /* Evil kludge comming up */ + if(read(cl->meta_socket,packet,len)!=len) + { + syslog(LOG_ERR, _("Error while receiving PACKET data from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + xrecv(cl,packet); +cp + return 0; +} + + int ping_h(conn_list_t *cl) { cp @@ -963,13 +1033,19 @@ int (*request_handlers[256])(conn_list_t*) = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + tcppacket_h, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, req_key_h, ans_key_h, key_changed_h, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0 }; diff --git a/src/protocol.h b/src/protocol.h index 110dde8..fecaa88 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.3 2000/06/29 17:09:08 guus Exp $ + $Id: protocol.h,v 1.5.4.4 2000/08/07 14:52:16 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -59,6 +59,7 @@ enum { CALCULATE = 100, /* calculate the following numer^privkey and send me the result */ CALC_RES, /* result of the above */ ALMOST_KEY, /* this number^privkey is the shared key */ + PACKET = 110, /* TCP tunneled network packet */ REQ_KEY = 160, /* request public key */ ANS_KEY, /* answer to such request */ KEY_CHANGED, /* public key has changed */ -- 2.25.1