| 1 | /* |
1 | /* |
| 2 | util.h -- process management and other utility functions |
2 | util.h -- process management and other utility functions |
| 3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
| 4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
| 5 | 2003 Marc Lehmann <gvpe@schmorp.de> |
5 | 2003-2013 Marc Lehmann <gvpe@schmorp.de> |
| 6 | |
6 | |
| 7 | This file is part of GVPE. |
7 | This file is part of GVPE. |
| 8 | |
8 | |
| 9 | GVPE is free software; you can redistribute it and/or modify |
9 | GVPE is free software; you can redistribute it and/or modify it |
| 10 | it under the terms of the GNU General Public License as published by |
10 | under the terms of the GNU General Public License as published by the |
| 11 | the Free Software Foundation; either version 2 of the License, or |
11 | Free Software Foundation; either version 3 of the License, or (at your |
| 12 | (at your option) any later version. |
12 | option) any later version. |
| 13 | |
13 | |
| 14 | This program is distributed in the hope that it will be useful, |
14 | This program is distributed in the hope that it will be useful, but |
| 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
| 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
| 17 | GNU General Public License for more details. |
17 | Public License for more details. |
| 18 | |
18 | |
| 19 | You should have received a copy of the GNU General Public License |
19 | You should have received a copy of the GNU General Public License along |
| 20 | along with gvpe; if not, write to the Free Software |
20 | with this program; if not, see <http://www.gnu.org/licenses/>. |
| 21 | Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
21 | |
|
|
22 | Additional permission under GNU GPL version 3 section 7 |
|
|
23 | |
|
|
24 | If you modify this Program, or any covered work, by linking or |
|
|
25 | combining it with the OpenSSL project's OpenSSL library (or a modified |
|
|
26 | version of that library), containing parts covered by the terms of the |
|
|
27 | OpenSSL or SSLeay licenses, the licensors of this Program grant you |
|
|
28 | additional permission to convey the resulting work. Corresponding |
|
|
29 | Source for a non-source form of such a combination shall include the |
|
|
30 | source code for the parts of OpenSSL used as well as that of the |
|
|
31 | covered work. |
| 22 | */ |
32 | */ |
| 23 | |
33 | |
| 24 | #ifndef UTIL_H__ |
34 | #ifndef UTIL_H__ |
| 25 | #define UTIL_H__ |
35 | #define UTIL_H__ |
| 26 | |
36 | |
| 27 | #include <openssl/rsa.h> |
37 | #include <cstring> |
|
|
38 | #include <sys/types.h> |
|
|
39 | |
|
|
40 | #include "gettext.h" |
| 28 | |
41 | |
| 29 | #include "slog.h" |
42 | #include "slog.h" |
|
|
43 | #include "ev_cpp.h" |
|
|
44 | #include "callback.h" |
| 30 | #include "iom.h" |
45 | #include "global.h" |
|
|
46 | |
|
|
47 | typedef ev_tstamp tstamp; |
| 31 | |
48 | |
| 32 | /* |
49 | /* |
| 33 | * check for an existing vped for this net, and write pid to pidfile |
50 | * check for an existing gvpe for this net, and write pid to pidfile |
| 34 | */ |
51 | */ |
| 35 | extern int write_pidfile (void); |
52 | extern int write_pidfile (void); |
| 36 | |
53 | |
| 37 | /* |
54 | /* |
| 38 | * kill older vped |
55 | * kill older gvpe |
| 39 | */ |
56 | */ |
| 40 | extern int kill_other (int signal); |
57 | extern int kill_other (int signal); |
| 41 | |
58 | |
| 42 | /* |
59 | /* |
| 43 | * Detach from current terminal, write pidfile, kill parent |
60 | * Detach from current terminal, write pidfile, kill parent |
| … | |
… | |
| 55 | |
72 | |
| 56 | extern void id2mac (unsigned int id, void *m); |
73 | extern void id2mac (unsigned int id, void *m); |
| 57 | |
74 | |
| 58 | #define mac2id(p) ((p)[0] & 0x01 ? 0 : ((p)[4] << 8) | (p)[5]) |
75 | #define mac2id(p) ((p)[0] & 0x01 ? 0 : ((p)[4] << 8) | (p)[5]) |
| 59 | |
76 | |
| 60 | struct sliding_window { |
77 | struct sliding_window |
|
|
78 | { |
| 61 | u32 v[(WINDOWSIZE + 31) / 32]; |
79 | u32 v[(WINDOWSIZE + 31) / 32]; |
| 62 | u32 seq; |
80 | u32 seq; |
| 63 | |
81 | |
| 64 | void reset (u32 seqno) |
82 | void reset (u32 seqno) |
| 65 | { |
83 | { |
| 66 | memset (v, -1, sizeof v); |
84 | memset (v, -1, sizeof v); |
| 67 | seq = seqno; |
85 | seq = seqno; |
| 68 | } |
86 | } |
| 69 | |
87 | |
| 70 | bool recv_ok (u32 seqno) |
88 | // 0 == ok, 1 == far history, 2 == duplicate in-window, 3 == far future |
|
|
89 | int seqno_classify (u32 seqno) |
| 71 | { |
90 | { |
| 72 | if (seqno <= seq - WINDOWSIZE) |
91 | if (seqno <= seq - WINDOWSIZE) |
| 73 | slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n" |
92 | return 1; |
| 74 | "possible replay attack, or just massive packet reordering"), seqno, seq + 1);//D |
|
|
| 75 | else if (seqno > seq + WINDOWSIZE) |
93 | else if (seqno > seq + WINDOWSIZE * 16) |
| 76 | slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n" |
94 | return 3; |
| 77 | "possible replay attack, or just massive packet loss"), seqno, seq + 1);//D |
|
|
| 78 | else |
95 | else |
| 79 | { |
96 | { |
| 80 | while (seqno > seq) |
97 | while (seqno > seq) |
| 81 | { |
98 | { |
| 82 | seq++; |
99 | seq++; |
| … | |
… | |
| 91 | u32 s = seqno % WINDOWSIZE; |
108 | u32 s = seqno % WINDOWSIZE; |
| 92 | u32 *cell = v + (s >> 5); |
109 | u32 *cell = v + (s >> 5); |
| 93 | u32 mask = 1 << (s & 31); |
110 | u32 mask = 1 << (s & 31); |
| 94 | |
111 | |
| 95 | if (*cell & mask) |
112 | if (*cell & mask) |
| 96 | { |
|
|
| 97 | slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n" |
|
|
| 98 | "possible replay attack, or just packet duplication"), seqno, seq + 1);//D |
|
|
| 99 | return false; |
113 | return 2; |
| 100 | } |
|
|
| 101 | else |
114 | else |
| 102 | { |
115 | { |
| 103 | *cell |= mask; |
116 | *cell |= mask; |
| 104 | return true; |
117 | return 0; |
| 105 | } |
118 | } |
| 106 | } |
119 | } |
| 107 | } |
120 | } |
| 108 | }; |
121 | }; |
| 109 | |
122 | |
| 110 | typedef callback0<const char *> run_script_cb; |
123 | typedef callback<const char *()> run_script_cb; |
| 111 | |
124 | |
| 112 | // run a shell script (or actually an external program). |
125 | // run a shell script (or actually an external program). |
| 113 | void run_script (const run_script_cb &cb, bool wait); |
126 | pid_t run_script (const run_script_cb &cb, bool wait); |
|
|
127 | |
|
|
128 | void hexdump (const char *header, void *data, int len); |
| 114 | |
129 | |
| 115 | #if ENABLE_HTTP_PROXY |
130 | #if ENABLE_HTTP_PROXY |
| 116 | u8 *base64_encode (const u8 *data, unsigned int len); |
131 | u8 *base64_encode (const u8 *data, unsigned int len); |
| 117 | #endif |
132 | #endif |
| 118 | |
133 | |
|
|
134 | /* always take more or less the same time to compare */ |
|
|
135 | bool slow_memeq (const void *a, const void *b, int len); |
|
|
136 | |
| 119 | /*****************************************************************************/ |
137 | /*****************************************************************************/ |
| 120 | |
138 | |
| 121 | typedef u8 rsaclear[RSA_KEYLEN - RSA_OVERHEAD]; // challenge data; |
139 | void rand_fill (void *data, int len); |
| 122 | typedef u8 rsacrypt[RSA_KEYLEN]; // encrypted challenge |
|
|
| 123 | |
140 | |
| 124 | static inline void |
141 | template<class T> |
| 125 | rsa_encrypt (RSA *key, const rsaclear &chg, rsacrypt &encr) |
142 | inline void rand_fill (T &t) |
| 126 | { |
143 | { |
| 127 | if (RSA_public_encrypt (sizeof chg, |
144 | rand_fill (&t, sizeof (T)); |
| 128 | (unsigned char *)&chg, (unsigned char *)&encr, |
|
|
| 129 | key, RSA_PKCS1_OAEP_PADDING) < 0) |
|
|
| 130 | fatal ("RSA_public_encrypt error"); |
|
|
| 131 | } |
145 | } |
| 132 | |
146 | |
| 133 | static inline bool |
147 | /*****************************************************************************/ |
| 134 | rsa_decrypt (RSA *key, const rsacrypt &encr, rsaclear &chg) |
148 | |
| 135 | { |
149 | // run work_cb in another thread, call done_cb in main thread when finished |
| 136 | return RSA_private_decrypt (sizeof encr, |
150 | // only one work_cb will execute at any one time. |
| 137 | (unsigned char *)&encr, (unsigned char *)&chg, |
151 | void async (callback<void ()> work_cb, callback<void ()> done_cb); |
| 138 | key, RSA_PKCS1_OAEP_PADDING) > 0; |
|
|
| 139 | } |
|
|
| 140 | |
152 | |
| 141 | #endif |
153 | #endif |
| 142 | |
154 | |
