--- gvpe/src/util.h 2003/03/17 15:20:18 1.2 +++ gvpe/src/util.h 2008/08/10 15:04:55 1.28 @@ -2,42 +2,58 @@ util.h -- process management and other utility functions Copyright (C) 1998-2002 Ivo Timmermans 2000-2002 Guus Sliepen - 2003 Marc Lehmannn + 2003-2008 Marc Lehmann - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. */ #ifndef UTIL_H__ #define UTIL_H__ -#include -#include +#include +#include + +#include -#include +#include "gettext.h" -#include "device.h" +#include "slog.h" +#include "ev_cpp.h" +#include "callback.h" -#define SOCKADDR sockaddr_in // this is lame, I know +typedef ev_tstamp tstamp; /* - * check for an existing vped for this net, and write pid to pidfile + * check for an existing gvpe for this net, and write pid to pidfile */ extern int write_pidfile (void); /* - * kill older vped + * kill older gvpe */ extern int kill_other (int signal); @@ -47,122 +63,20 @@ extern int detach (int do_detach); /* - * Set all files and paths according to netname - */ -extern void make_names (void); - -/* * check wether the given path is an absolute pathname */ #define ABSOLUTE_PATH(c) ((c)[0] == '/') -static inline void -id2mac (unsigned int id, void *m) -{ - mac &p = *(mac *)m; - - p[0] = 0xfe; - p[1] = 0xfd; - p[2] = 0x80; - p[3] = 0x00; - p[4] = id >> 8; - p[5] = id; -} - -#define mac2id(p) (p[0] & 0x01 ? 0 : (p[4] << 8) | p[5]) - -// a very simple fifo pkt-queue -class pkt_queue - { - tap_packet *queue[QUEUEDEPTH]; - int i, j; - - public: - - void put (tap_packet *p); - tap_packet *get (); - - pkt_queue (); - ~pkt_queue (); - }; - -struct sockinfo - { - u32 host; - u16 port; - - void set (const SOCKADDR *sa) - { - host = sa->sin_addr.s_addr; - port = sa->sin_port; - } - - sockinfo() - { - host = port = 0; - } - - sockinfo(const SOCKADDR &sa) - { - set (&sa); - } - - sockinfo(const SOCKADDR *sa) - { - set (sa); - } +/*****************************************************************************/ - SOCKADDR *sa() - { - static SOCKADDR sa; +typedef u8 mac[6]; - sa.sin_family = AF_INET; - sa.sin_port = port; - sa.sin_addr.s_addr = host; +extern void id2mac (unsigned int id, void *m); - return &sa; - } - - operator const char *(); - }; - -inline bool -operator == (const sockinfo &a, const sockinfo &b) -{ - return a.host == b.host && a.port == b.port; -} +#define mac2id(p) ((p)[0] & 0x01 ? 0 : ((p)[4] << 8) | (p)[5]) -inline bool -operator < (const sockinfo &a, const sockinfo &b) +struct sliding_window { - return a.host < b.host - || (a.host == b.host && a.port < b.port); -} - -// only do action once every x seconds per host. -// currently this is quite a slow implementation, -// but suffices for normal operation. -struct u32_rate_limiter : private map - { - int every; - - bool can (u32 host); - - u32_rate_limiter (time_t every = 1) - { - this->every = every; - } - }; - -struct net_rate_limiter : u32_rate_limiter - { - bool can (SOCKADDR *sa) { return u32_rate_limiter::can((u32)sa->sin_addr.s_addr); } - bool can (sockinfo &si) { return u32_rate_limiter::can((u32)si.host); } - - net_rate_limiter (time_t every) : u32_rate_limiter (every) {} - }; - -struct sliding_window { u32 v[(WINDOWSIZE + 31) / 32]; u32 seq; @@ -172,14 +86,13 @@ seq = seqno; } - bool recv_ok (u32 seqno) + // 0 == ok, 1 == far history, 2 == duplicate in-window, 3 == far future + int seqno_classify (u32 seqno) { if (seqno <= seq - WINDOWSIZE) - slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n" - "possible replay attack, or just massive packet reordering"), seqno, seq + 1);//D - else if (seqno > seq + WINDOWSIZE) - slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n" - "possible replay attack, or just massive packet loss"), seqno, seq + 1);//D + return 1; + else if (seqno > seq + WINDOWSIZE * 16) + return 3; else { while (seqno > seq) @@ -197,21 +110,47 @@ u32 *cell = v + (s >> 5); u32 mask = 1 << (s & 31); - //printf ("received seqno %08lx, seq %08lx, mask %08lx is %08lx\n", seqno, seq, mask, ismask); if (*cell & mask) - { - slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n" - "possible replay attack, or just packet duplication"), seqno, seq + 1);//D - return false; - } + return 2; else { *cell |= mask; - return true; + return 0; } } } }; +typedef callback run_script_cb; + +// run a shell script (or actually an external program). +pid_t run_script (const run_script_cb &cb, bool wait); + +#if ENABLE_HTTP_PROXY +u8 *base64_encode (const u8 *data, unsigned int len); +#endif + +/*****************************************************************************/ + +typedef u8 rsaclear[RSA_KEYLEN - RSA_OVERHEAD]; // challenge data; +typedef u8 rsacrypt[RSA_KEYLEN]; // encrypted challenge + +static inline void +rsa_encrypt (RSA *key, const rsaclear &chg, rsacrypt &encr) +{ + if (RSA_public_encrypt (sizeof chg, + (unsigned char *)&chg, (unsigned char *)&encr, + key, RSA_PKCS1_OAEP_PADDING) < 0) + fatal ("RSA_public_encrypt error"); +} + +static inline bool +rsa_decrypt (RSA *key, const rsacrypt &encr, rsaclear &chg) +{ + return RSA_private_decrypt (sizeof encr, + (unsigned char *)&encr, (unsigned char *)&chg, + key, RSA_PKCS1_OAEP_PADDING) > 0; +} + #endif