From dc4ff6f72ddcb019259d8846add4f0343e2cfc58 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 22 Jun 2007 11:16:50 +0000 Subject: added options for window size, cypher, auth algo added seqWindow class replaced some pointers with references --- Makefile | 4 ++++ anytun.cpp | 77 +++++++++++++++++++++++++++++++---------------------------- datatypes.h | 2 ++ options.cpp | 52 ++++++++++++++++++++++++++++++++++++++-- options.h | 9 +++++++ seqWindow.cpp | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++ seqWindow.h | 64 +++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 238 insertions(+), 38 deletions(-) create mode 100644 seqWindow.cpp create mode 100644 seqWindow.h diff --git a/Makefile b/Makefile index 2b093d5..8ed60d9 100644 --- a/Makefile +++ b/Makefile @@ -40,6 +40,7 @@ OBJS = anytun.o \ signalController.o \ log.o \ options.o \ + seqWindow.o \ $(OPENVPNDEPS) EXECUTABLE = anytun @@ -79,6 +80,9 @@ log.o: log.cpp log.h options.o: options.cpp options.h $(C++) $(CCFLAGS) $< -c +seqWindow.o: seqWindow.cpp seqWindow.h + $(C++) $(CCFLAGS) $< -c + anytun.o: anytun.cpp $(C++) $(CCFLAGS) $< -c diff --git a/anytun.cpp b/anytun.cpp index 8a4fed5..1a05b88 100644 --- a/anytun.cpp +++ b/anytun.cpp @@ -42,17 +42,19 @@ #include "packetSource.h" #include "tunDevice.h" #include "options.h" +#include "seqWindow.h" #define PAYLOAD_TYPE_TAP 0x6558 #define PAYLOAD_TYPE_TUN 0x0800 struct Param { - Options* opt; - TunDevice* dev; - Cypher* c; - AuthAlgo* a; - PacketSource* src; + Options& opt; + TunDevice& dev; + Cypher& c; + AuthAlgo& a; + PacketSource& src; + SeqWindow& seq; }; void* sender(void* p) @@ -65,32 +67,32 @@ void* sender(void* p) Packet pack(1600); // read packet from device - int len = param->dev->read(pack); + int len = param->dev.read(pack); pack.resizeBack(len); - if(param->opt->getRemoteAddr() == "") + if(param->opt.getRemoteAddr() == "") continue; // add payload type - if(param->dev->getType() == TunDevice::TYPE_TUN) + if(param->dev.getType() == TunDevice::TYPE_TUN) pack.addPayloadType(PAYLOAD_TYPE_TUN); - else if(param->dev->getType() == TunDevice::TYPE_TAP) + else if(param->dev.getType() == TunDevice::TYPE_TAP) pack.addPayloadType(PAYLOAD_TYPE_TAP); else pack.addPayloadType(0); // cypher the packet - param->c->cypher(pack); + param->c.cypher(pack); // add header to packet - pack.addHeader(param->opt->getSenderId(), seq); + pack.addHeader(param->opt.getSenderId(), seq); // calc auth_tag and add it to the packet - auth_tag_t at = param->a->calc(pack); + auth_tag_t at = param->a.calc(pack); pack.addAuthTag(at); // send it out to remote host - param->src->send(pack, param->opt->getRemoteAddr(), param->opt->getRemotePort()); + param->src.send(pack, param->opt.getRemoteAddr(), param->opt.getRemotePort()); } pthread_exit(NULL); } @@ -105,34 +107,39 @@ void* receiver(void* p) u_int16_t remote_port; Packet pack(1600); // read packet from socket - u_int32_t len = param->src->recv(pack, remote_host, remote_port); + u_int32_t len = param->src.recv(pack, remote_host, remote_port); pack.resizeBack(len); pack.withPayloadType(true).withHeader(true).withAuthTag(true); // check auth_tag and remove it auth_tag_t at = pack.getAuthTag(); pack.removeAuthTag(); - if(at != param->a->calc(pack)) + if(at != param->a.calc(pack)) continue; // autodetect peer - if(param->opt->getRemoteAddr() == "") - param->opt->setRemoteAddrPort(remote_host, remote_port); - + if(param->opt.getRemoteAddr() == "") + { + param->opt.setRemoteAddrPort(remote_host, remote_port); + cLog.msg(Log::PRIO_NOTICE) << "autodetected remote host " << remote_host << ":" << remote_port; + } // compare sender_id and seq with window + if(param->seq.hasSeqNr(pack.getSenderId(), pack.getSeqNr())) + continue; + param->seq.addSeqNr(pack.getSenderId(), pack.getSeqNr()); pack.removeHeader(); // decypher the packet - param->c->cypher(pack); + param->c.cypher(pack); // check payload_type and remove it - if((param->dev->getType() == TunDevice::TYPE_TUN && pack.getPayloadType() != PAYLOAD_TYPE_TUN) || - (param->dev->getType() == TunDevice::TYPE_TAP && pack.getPayloadType() != PAYLOAD_TYPE_TAP)) + if((param->dev.getType() == TunDevice::TYPE_TUN && pack.getPayloadType() != PAYLOAD_TYPE_TUN) || + (param->dev.getType() == TunDevice::TYPE_TAP && pack.getPayloadType() != PAYLOAD_TYPE_TAP)) continue; pack.removePayloadType(); // write it on the device - param->dev->write(pack); + param->dev.write(pack); } pthread_exit(NULL); } @@ -148,23 +155,24 @@ int main(int argc, char* argv[]) } cLog.msg(Log::PRIO_NOTICE) << "anytun started..."; - SignalController sig; sig.init(); - struct Param p; - p.opt = &opt; - p.dev = new TunDevice(opt.getDevName().c_str(), opt.getIfconfigParamLocal().c_str(), opt.getIfconfigParamRemoteNetmask().c_str()); - p.c = new NullCypher(); - p.a = new NullAuthAlgo(); + TunDevice dev(opt.getDevName().c_str(), opt.getIfconfigParamLocal().c_str(), opt.getIfconfigParamRemoteNetmask().c_str()); + SeqWindow seq(opt.getSeqWindowSize()); + NullCypher c; + NullAuthAlgo a; + PacketSource* src; if(opt.getLocalAddr() == "") - p.src = new UDPPacketSource(opt.getLocalPort()); + src = new UDPPacketSource(opt.getLocalPort()); else - p.src = new UDPPacketSource(opt.getLocalAddr(), opt.getLocalPort()); + src = new UDPPacketSource(opt.getLocalAddr(), opt.getLocalPort()); + + struct Param p = {opt, dev, c, a, *src, seq}; std::cout << "dev created (opened)" << std::endl; - std::cout << "dev opened - actual name is '" << p.dev->getActualName() << "'" << std::endl; - std::cout << "dev type is '" << p.dev->getTypeString() << "'" << std::endl; + std::cout << "dev opened - actual name is '" << p.dev.getActualName() << "'" << std::endl; + std::cout << "dev type is '" << p.dev.getTypeString() << "'" << std::endl; pthread_t senderThread; pthread_create(&senderThread, NULL, sender, &p); @@ -178,10 +186,7 @@ int main(int argc, char* argv[]) pthread_join(senderThread, NULL); pthread_join(receiverThread, NULL); - delete p.dev; - delete p.c; - delete p.a; - delete p.src; + delete src; return ret; } diff --git a/datatypes.h b/datatypes.h index 654fddb..46177cc 100644 --- a/datatypes.h +++ b/datatypes.h @@ -43,6 +43,8 @@ typedef unsigned int u_int32_t; //typedef signed long long int64_t; //typedef unsigned long long u_int64_t; +typedef u_int32_t window_size_t; + typedef u_int32_t seq_nr_t; #define SEQ_NR_T_NTOH(a) ntohl(a) #define SEQ_NR_T_HTON(a) htonl(a) diff --git a/options.cpp b/options.cpp index 2be4538..b427f57 100644 --- a/options.cpp +++ b/options.cpp @@ -82,6 +82,9 @@ Options::Options() dev_name_ = "tap"; ifconfig_param_local_ = "192.168.200.1"; ifconfig_param_remote_netmask_ = "255.255.255.0"; + seq_window_size_ = 100; + cypher_ = "null"; + auth_algo_ = "null"; } bool Options::parse(int argc, char* argv[]) @@ -104,7 +107,10 @@ bool Options::parse(int argc, char* argv[]) PARSE_SCALAR_PARAM("-r","--remote-host", remote_addr_) PARSE_SCALAR_PARAM("-o","--remote-port", remote_port_) PARSE_SCALAR_PARAM("-d","--dev", dev_name_) - PARSE_SCALAR_PARAM2("-c","--ifconfig", ifconfig_param_local_, ifconfig_param_remote_netmask_) + PARSE_SCALAR_PARAM2("-n","--ifconfig", ifconfig_param_local_, ifconfig_param_remote_netmask_) + PARSE_SCALAR_PARAM("-w","--window-size", seq_window_size_) + PARSE_SCALAR_PARAM("-c","--cypher", cypher_) + PARSE_SCALAR_PARAM("-a","--auth-algo", auth_algo_) else return false; } @@ -122,8 +128,11 @@ void Options::printUsage() std::cout << " [-r|--remote-host] remote host" << std::endl; std::cout << " [-o|--remote-port] remote port" << std::endl; std::cout << " [-d|--dev] device name/type" << std::endl; - std::cout << " [-c|--ifconfig] the local address for the tun/tap device" << std::endl + std::cout << " [-n|--ifconfig] the local address for the tun/tap device" << std::endl << " the remote address(tun) or netmask(tap)" << std::endl; + std::cout << " [-w|--window-size] seqence number window size" << std::endl; + std::cout << " [-c|--cypher] type of cypher" << std::endl; + std::cout << " [-a|--auth-algo] authentication algoritm" << std::endl; } void Options::printOptions() @@ -138,6 +147,9 @@ void Options::printOptions() std::cout << "dev_name='" << dev_name_ << "'" << std::endl; std::cout << "ifconfig_param_local='" << ifconfig_param_local_ << "'" << std::endl; std::cout << "ifconfig_param_remote_netmask='" << ifconfig_param_remote_netmask_ << "'" << std::endl; + std::cout << "seq_window_size='" << seq_window_size_ << "'" << std::endl; + std::cout << "cypher='" << cypher_ << "'" << std::endl; + std::cout << "auth_algo='" << auth_algo_ << "'" << std::endl; } std::string Options::getProgname() @@ -259,3 +271,39 @@ Options& Options::setIfconfigParamRemoteNetmask(std::string i) return *this; } +window_size_t Options::getSeqWindowSize() +{ + return seq_window_size_; +} + +Options& Options::setSeqWindowSize(window_size_t s) +{ + seq_window_size_ = s; + return *this; +} + +std::string Options::getCypher() +{ + Lock lock(mutex); + return cypher_; +} + +Options& Options::setCypher(std::string c) +{ + Lock lock(mutex); + cypher_ = c; + return *this; +} + +std::string Options::getAuthAlgo() +{ + Lock lock(mutex); + return auth_algo_; +} + +Options& Options::setAuthAlgo(std::string a) +{ + Lock lock(mutex); + auth_algo_ = a; + return *this; +} diff --git a/options.h b/options.h index 48cb31d..c73c47a 100644 --- a/options.h +++ b/options.h @@ -60,6 +60,12 @@ public: Options& setIfconfigParamLocal(std::string i); std::string getIfconfigParamRemoteNetmask(); Options& setIfconfigParamRemoteNetmask(std::string i); + window_size_t getSeqWindowSize(); + Options& setSeqWindowSize(window_size_t s); + std::string getCypher(); + Options& setCypher(std::string c); + std::string getAuthAlgo(); + Options& setAuthAlgo(std::string a); private: Mutex mutex; @@ -73,6 +79,9 @@ private: std::string dev_name_; std::string ifconfig_param_local_; std::string ifconfig_param_remote_netmask_; + window_size_t seq_window_size_; + std::string cypher_; + std::string auth_algo_; }; #endif diff --git a/seqWindow.cpp b/seqWindow.cpp new file mode 100644 index 0000000..2179762 --- /dev/null +++ b/seqWindow.cpp @@ -0,0 +1,68 @@ +/* + * anytun + * + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007 anytun.org + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include "threadUtils.hpp" +#include "datatypes.h" + +#include "seqWindow.h" + +SeqWindow::SeqWindow(window_size_t w) : window_size_(w) +{ +} + +SeqWindow::~SeqWindow() +{ + +} + +SeqWindow::SeqQueue::size_type SeqWindow::getLength(sender_id_t sender) +{ + return 0; +} + +bool SeqWindow::hasSeqNr(sender_id_t sender, seq_nr_t seq) +{ + return false; +} + +void SeqWindow::addSeqNr(sender_id_t sender, seq_nr_t seq) +{ + +} + +void SeqWindow::clear(sender_id_t sender) +{ + +} + +void SeqWindow::clear() +{ + +} diff --git a/seqWindow.h b/seqWindow.h new file mode 100644 index 0000000..9fb88dd --- /dev/null +++ b/seqWindow.h @@ -0,0 +1,64 @@ +/* + * anytun + * + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007 anytun.org + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef _SEQ_WINDOW_H_ +#define _SEQ_WINDOW_H_ + +#include +#include + +#include "threadUtils.hpp" +#include "datatypes.h" + +class SeqWindow +{ +public: + typedef std::queue SeqQueue; + typedef std::map SenderMap; + + SeqWindow(window_size_t w); + ~SeqWindow(); + + SeqQueue::size_type getLength(sender_id_t sender); + bool hasSeqNr(sender_id_t sender, seq_nr_t seq); + void addSeqNr(sender_id_t sender, seq_nr_t seq); + void clear(sender_id_t sender); + void clear(); + +private: + SeqWindow(const SeqWindow &s); + void operator=(const SeqWindow &s); + + window_size_t window_size_; + Mutex mutex_; + SenderMap sender; +}; + +#endif -- cgit v1.2.3