Browse Source

Got rid of those non working extended options, because:

 * legendary spaghetti code
 * did not work at all, caused several buffer overflows
 * pain-in-the-ass to maintain and test
 * badly reviewed from my side :/
 * improved and working "extended options" may be added later
 * basically reverts most of #8

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Toni Uhlig 2 years ago
parent
commit
b96e7a6fa4
8 changed files with 22 additions and 170 deletions
  1. 1 57
      src/options.c
  2. 0 5
      src/options.h
  3. 1 1
      src/pconfig.h
  4. 10 11
      src/pdesc.c
  5. 0 2
      src/pdesc.h
  6. 5 54
      src/pkt.c
  7. 1 3
      src/pkt.h
  8. 4 37
      src/ptunnel.c

+ 1 - 57
src/options.c

@@ -146,32 +146,6 @@ static const struct option_usage usage[] = {
 		"Unprivileged mode will only work on some systems, and is in general less reliable\n"
 		"than running in privileged mode.\n"
 	},
-	/** --window-size */
-	{"packets",      0, OPT_DEC32,  {.unum = 64},
-		"Tune the number of packets that can be in-flight at the same time.\n"
-		"Increasing the window size will improve the maximum potential bandwidth.\n"
-	},
-	/** --ack-interval */
-	{"milliseconds", 0, OPT_DEC32,  {.unum = 1000},
-		"Tune the explicit acknowledgement interval (in milliseconds)\n"
-		"Decreasing the acknowledgement interval can improve NAT stability.\n"
-	},
-	/** --resend-interval */
-	{"milliseconds", 0, OPT_DEC32,  {.unum = 1500},
-		"Tune the lost packet timeout (in milliseconds)\n"
-		"Decreasing the resend interval can compensate for frequent packet loss.\n"
-	},
-	/** --payload-size */
-	{"bytes",        0, OPT_DEC32,  {.unum = 1024},
-		"Tune the amount of data per packet (in bytes)\n"
-		"Decreasing the payload size can avoid corruption of large packets.\n"
-		"Increasing the payload size can compensate for out-of-order delivery.\n"
-	},
-	/** --empty-pings */
-	{"count",        0, OPT_DEC32,  {.unum = 0},
-		"Tune the number of empty pings to send with each explicit acknowledgement.\n"
-		"Empty pings can compensate for ICMP sequence number inspection.\n"
-	},
 	/** --force-sha512 */
 	{"force-sha512", 0, OPT_BOOL,   {.num = 0},
 		"Force SHA512 as challenge response checksum generator.\n"
@@ -244,11 +218,6 @@ static struct option long_options[] = {
 	{"passwd",      required_argument, 0, 'P'},
 	{"udp",               no_argument, &opts.udp, 1},
 	{"unprivileged",      no_argument, &opts.unprivileged, 1},
-	{"window-size", required_argument, 0, 'w'},
-	{"ack-interval", required_argument, 0, 'a'},
-	{"resend-interval", required_argument, 0, 't'},
-	{"payload-size", required_argument, 0, 'y'},
-	{"empty-pings", required_argument, 0, 'E'},
 	{"force-sha512",      no_argument, &opts.force_sha512, 1},
 	{"daemon",      optional_argument, 0, 'd'},
 	{"syslog",            no_argument, 0, 'S'},
@@ -437,7 +406,7 @@ int parse_options(int argc, char **argv) {
          *        since you have to pass long options as '--option=value'. Commonly used
          *        '--option value' is *NOT* allowed for some libc implementations.
          */
-		c = getopt_long(argc, argv, "m:p:l:r::R::c:v:L:o::sP:d::Su::g::C::e::w:a:t:y:E:h", &long_options[0], &oidx);
+		c = getopt_long(argc, argv, "m:p:l:r::R::c:v:L:o::sP:d::Su::g::C::e::h", &long_options[0], &oidx);
 		if (c == -1) break;
 
 		switch (c) {
@@ -590,31 +559,6 @@ int parse_options(int argc, char **argv) {
 				pt_log(kLog_error, "SeLinux: %s\n", "feature not supported");
 				exit(1);
 #endif
-			case 'w':
-				if (!optarg)
-					break;
-				opts.window_size = atoi(optarg);
-				break;
-			case 'a':
-				if (!optarg)
-					break;
-				opts.ack_interval = atoi(optarg);
-				break;
-			case 't':
-				if (!optarg)
-					break;
-				opts.resend_interval = atoi(optarg);
-				break;
-			case 'y':
-				if (!optarg)
-					break;
-				opts.payload_size = atoi(optarg);
-				break;
-			case 'E':
-				if (!optarg)
-					break;
-				opts.empty_pings = atoi(optarg);
-				break;
 			case 'h':
 				print_usage(argv[0]);
 				exit(EXIT_SUCCESS);

+ 0 - 5
src/options.h

@@ -94,11 +94,6 @@ struct options {
 	int udp;
 	/** unpriviledged mode */
 	int unprivileged;
-	uint16_t window_size;
-	uint16_t ack_interval;
-	uint16_t resend_interval;
-	uint16_t payload_size;
-	uint16_t empty_pings;
 
 #ifndef WIN32
 	/** run as daemon if non zero value */

+ 1 - 1
src/pconfig.h

@@ -75,7 +75,7 @@ enum {
 	 * we send. Note that this does not include
 	 * the IP or ICMP headers!
 	 */
-	kDefault_buf_size    = 0xFFFF,
+	kDefault_buf_size    = 1024,
 	/** Type code for echo request and replies */
 	kICMP_echo_request   = 8,
 	kICMP_echo_reply     = 0,

+ 10 - 11
src/pdesc.c

@@ -93,15 +93,16 @@ proxy_desc_t *create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id,
 		{
 			pt_log(kLog_error, "Connect to %s:%d failed: %s\n", inet_ntoa(*(struct in_addr*)&addr->sin_addr.s_addr)  , ntohs(addr->sin_port), strerror(errno));
 		}
-	}
-	else
+	} else {
 		cur->sock           = sock;
+	}
 	cur->state              = init_state;
 	cur->type_flag          = type;
-	if (cur->type_flag == kUser_flag)
+	if (cur->type_flag == kUser_flag) {
 		cur->pkt_type       = kICMP_echo_request;
-	else
+	} else {
 		cur->pkt_type       = (opts.unprivileged ? kICMP_echo_request : kICMP_echo_reply);
+	}
 	cur->buf                = (char *) malloc(icmp_receive_buf_len);
 	cur->last_activity      = time_as_double();
 	cur->authenticated      = 0;
@@ -112,13 +113,11 @@ proxy_desc_t *create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id,
 	pthread_mutex_unlock(&chain_lock);
 	cur->xfer.bytes_in      = 0.0;
 	cur->xfer.bytes_out     = 0.0;
-	cur->window_size	= opts.window_size ? opts.window_size : 64;
-	cur->ack_interval	= opts.ack_interval ? opts.ack_interval / 1000.0 : 1.0;
-	cur->resend_interval	= opts.resend_interval ? opts.resend_interval / 1000.0 : 1.5;
-	cur->payload_size	= opts.payload_size ? opts.payload_size : 1024;
-	memset(cur->extended_options, 0, sizeof(cur->extended_options));
-	cur->send_ring		= (icmp_desc_t *) calloc(cur->window_size, sizeof(icmp_desc_t));
-	cur->recv_ring		= (forward_desc_t **) calloc(cur->window_size, sizeof(forward_desc_t *));
+	cur->window_size        = kPing_window_size;
+	cur->ack_interval       = 1.0;
+	cur->resend_interval    = 1.5;
+	cur->send_ring          = (icmp_desc_t *) calloc(cur->window_size, sizeof(icmp_desc_t));
+	cur->recv_ring          = (forward_desc_t **) calloc(cur->window_size, sizeof(forward_desc_t *));
 	return cur;
 }
 

+ 0 - 2
src/pdesc.h

@@ -159,8 +159,6 @@ typedef struct proxy_desc_t {
 	uint16_t window_size;
 	double ack_interval;
 	double resend_interval;
-	uint16_t payload_size;
-	uint16_t extended_options[4];
 	icmp_desc_t *send_ring;
 	forward_desc_t **recv_ring;
 	xfer_stats_t xfer;

+ 5 - 54
src/pkt.c

@@ -104,10 +104,7 @@ handle_incoming_tunnel_request(unsigned bytes, struct sockaddr_in *addr, int icm
         return NULL;
     }
     if (pt_pkt->data_len > 0) {
-        handle_data(pkt, bytes, cur, 1);
-        if (!opts.password) {
-            handle_extended_options(cur);
-        }
+        handle_data(pkt, bytes, cur);
     }
     if (init_state == kProto_authenticate) {
         pt_log(kLog_debug, "Sending authentication challenge..\n");
@@ -152,7 +149,7 @@ static void handle_auth_request(unsigned bytes, int icmp_sock,
      * It's up to the proxy now if it accepts our   response or not..
      */
     cur->authenticated = 1;
-    handle_data(pkt, bytes, cur, 0);
+    handle_data(pkt, bytes, cur);
 }
 
 static void handle_auth_response(unsigned bytes, int icmp_sock,
@@ -171,7 +168,6 @@ static void handle_auth_response(unsigned bytes, int icmp_sock,
         cur->authenticated)
     {
         pt_log(kLog_verbose, "Remote end authenticated successfully.\n");
-        handle_extended_options(cur);
         /* Authentication has succeeded, so now we can proceed
          * to handle incoming   TCP data.
          */
@@ -180,7 +176,7 @@ static void handle_auth_response(unsigned bytes, int icmp_sock,
         /* Insert the packet into the receive ring, to avoid
          * confusing the reliab  ility mechanism.
          */
-        handle_data(pkt, bytes, cur, 0);
+        handle_data(pkt, bytes, cur);
     } else {
         pt_log(kLog_info, "Remote end failed authentication.\n");
         send_termination_msg(cur, icmp_sock);
@@ -377,7 +373,7 @@ void handle_packet(char * buf, unsigned bytes, int is_pcap, struct sockaddr_in *
                 if (pt_pkt->state == kProxy_start) {
                     pt_pkt->data_len = 0;
                 }
-                handle_data(pkt, bytes, cur, 0);
+                handle_data(pkt, bytes, cur);
             }
             handle_ack(pt_pkt->ack, cur);
             cur->last_activity = now;
@@ -454,7 +450,7 @@ static void queue_payload_data_out_of_order(ping_tunnel_pkt_t * const pt_pkt, pr
  * Utility function for handling kProto_data packets, and place the data it contains
  * onto the passed-in receive ring.
  */
-void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur, int handle_extended_options)
+void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur)
 {
     ping_tunnel_pkt_t * pt_pkt = (ping_tunnel_pkt_t *)pkt->data;
     int expected_len = sizeof(ip_packet_t) + sizeof(icmp_echo_packet_t) + sizeof(ping_tunnel_pkt_t); /* 20+8+28 */
@@ -484,23 +480,6 @@ void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur, in
         return;
     }
 
-    if (handle_extended_options) {
-        uint16_t * extended_options = (uint16_t *)pt_pkt->data;
-        if (pt_pkt->data_len >= 2) {
-            cur->extended_options[0] = ntohs(extended_options[0]);
-        }
-        if (pt_pkt->data_len >= 4) {
-            cur->extended_options[1] = ntohs(extended_options[1]);
-        }
-        if (pt_pkt->data_len >= 6) {
-            cur->extended_options[2] = ntohs(extended_options[2]);
-        }
-        if (pt_pkt->data_len >= 8) {
-            cur->extended_options[3] = ntohs(extended_options[3]);
-        }
-        return;
-    }
-
     if (pt_pkt->seq_no == cur->next_remote_seq) {
         queue_payload_data(pt_pkt, cur);
     } else {
@@ -508,34 +487,6 @@ void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur, in
     }
 }
 
-void handle_extended_options(proxy_desc_t * cur)
-{
-    if (cur->extended_options[0] > 0) {
-        if (cur->extended_options[0] > cur->window_size) {
-            size_t extend = cur->extended_options[0] - cur->window_size;
-            cur->send_ring = (icmp_desc_t *)realloc(cur->send_ring, cur->extended_options[0] * sizeof(icmp_desc_t));
-            cur->recv_ring =
-                (forward_desc_t **)realloc(cur->recv_ring, cur->extended_options[0] * sizeof(forward_desc_t *));
-            memset(cur->send_ring + cur->window_size, 0, extend * sizeof(icmp_desc_t));
-            memset(cur->recv_ring + cur->window_size, 0, extend * sizeof(forward_desc_t *));
-        }
-        cur->window_size = cur->extended_options[0];
-        pt_log(kLog_verbose, "Received extended option for window size %d \n", cur->window_size);
-    }
-    if (cur->extended_options[1] > 0) {
-        cur->ack_interval = cur->extended_options[1] / 1000.0;
-        pt_log(kLog_verbose, "Received extended option for ack interval %f \n", cur->ack_interval);
-    }
-    if (cur->extended_options[2] > 0) {
-        cur->resend_interval = cur->extended_options[2] / 1000.0;
-        pt_log(kLog_verbose, "Received extended option for resend interval %f \n", cur->resend_interval);
-    }
-    if (cur->extended_options[3] > 0) {
-        cur->payload_size = cur->extended_options[3];
-        pt_log(kLog_verbose, "Received extended option for payload size %d \n", cur->payload_size);
-    }
-}
-
 void handle_ack(uint32_t seq_no, proxy_desc_t * cur)
 {
     if (cur->send_wait_ack > 0) {

+ 1 - 3
src/pkt.h

@@ -137,9 +137,7 @@ typedef struct proxy_desc_t proxy_desc_t;
 
 void handle_packet(char * buf, unsigned bytes, int is_pcap, struct sockaddr_in * addr, int icmp_sock);
 
-void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur, int handle_extended_options);
-
-void handle_extended_options(proxy_desc_t * cur);
+void handle_data(icmp_echo_packet_t * pkt, int total_len, proxy_desc_t * cur);
 
 void handle_ack(uint32_t seq_no, proxy_desc_t * cur);
 

+ 4 - 37
src/ptunnel.c

@@ -108,6 +108,7 @@ uint32_t num_tunnels = 0;
 time_t *seq_expiry_tbl = NULL;
 
 /* Some buffer constants */
+const int tcp_receive_buf_len  = kDefault_buf_size;
 const int icmp_receive_buf_len = kDefault_buf_size + kIP_header_size +
                                  kICMP_header_size + sizeof(ping_tunnel_pkt_t);
 const int pcap_buf_size        = (kDefault_buf_size + kIP_header_size +
@@ -631,27 +632,7 @@ unsigned int __stdcall pt_proxy(void *args)
 			if (cur->state == kProxy_start) {
 				pt_log(kLog_verbose, "Sending proxy request.\n");
 				cur->last_ack = time_as_double();
-				uint16_t extended_options[4];
-				size_t extended_options_size = 0;
-				memset(extended_options, 0, sizeof(extended_options));
-				if (opts.window_size) {
-					extended_options_size = sizeof(uint16_t);
-					extended_options[0] = htons(opts.window_size);
-				}
-				if (opts.ack_interval) {
-					extended_options_size = 2*sizeof(uint16_t);
-					extended_options[1] = htons(opts.ack_interval);
-				}
-				if (opts.resend_interval) {
-					extended_options_size = 3*sizeof(uint16_t);
-					extended_options[2] = htons(opts.resend_interval);
-				}
-				if (opts.payload_size) {
-					extended_options_size = 4*sizeof(uint16_t);
-					extended_options[3] = htons(opts.payload_size);
-				}
-				queue_packet(fwd_sock, cur, (char *)extended_options, extended_options_size,
-				             cur->dst_ip, cur->dst_port, cur->state | cur->type_flag);
+				queue_packet(fwd_sock, cur, NULL, 0, cur->dst_ip, cur->dst_port, cur->state | cur->type_flag);
 				cur->xfer.icmp_out++;
 				cur->state = kProto_data;
 			}
@@ -665,7 +646,7 @@ unsigned int __stdcall pt_proxy(void *args)
 			}
 			/* Handle TCP traffic */
 			if (FD_ISSET(cur->sock, &set)) {
-				bytes = recv(cur->sock, cur->buf, cur->payload_size, 0);
+				bytes = recv(cur->sock, cur->buf, tcp_receive_buf_len, 0);
 				if (bytes <= 0) {
 					pt_log(kLog_info, "Connection closed or lost.\n");
 					tmp	= cur->next;
@@ -730,23 +711,9 @@ unsigned int __stdcall pt_proxy(void *args)
 			if (cur->last_ack+cur->ack_interval < now && cur->send_wait_ack < cur->window_size &&
 			    cur->remote_ack_val+1 != cur->next_remote_seq)
 			{
-				idx = cur->send_idx;
 				queue_packet(fwd_sock, cur, NULL, 0, cur->dst_ip, cur->dst_port, kProto_ack | cur->type_flag);
-				cur->xfer.icmp_ack_out++;
-				if (opts.empty_pings &&
-					cur->last_data_activity > cur->last_ack &&
-					cur->send_ring[idx].pkt_len > sizeof(icmp_echo_packet_t) &&
-					cur->send_ring[idx].pkt->type == kICMP_echo_request) {
-					for (uint16_t e = 0; e < opts.empty_pings; e++) {
-						cur->send_ring[idx].pkt->seq      = htons(cur->ping_seq);
-						cur->ping_seq++;
-						cur->send_ring[idx].pkt->checksum = 0;
-						cur->send_ring[idx].pkt->checksum = htons(calc_icmp_checksum((uint16_t*)cur->send_ring[idx].pkt, sizeof(icmp_echo_packet_t)));
-						sendto(fwd_sock, (const void*)cur->send_ring[idx].pkt, sizeof(icmp_echo_packet_t),
-						       0, (struct sockaddr*)&cur->dest_addr, sizeof(struct sockaddr));
-					}
-				}
 				cur->last_ack = now;
+				cur->xfer.icmp_ack_out++;
 			}
 		}
 		pthread_mutex_unlock(&chain_lock);