source: trunk/src/ocat.h

Last change on this file was 571, checked in by eagle, 7 weeks ago

Added option -e <ifup> to support execution of 'ifup'-scripts to bring up the network interface in a flexible way.

File size: 16.5 KB
Line 
1/* Copyright 2008-2017 Bernhard R. Fischer, Daniel Haslinger.
2 *
3 * This file is part of OnionCat.
4 *
5 * OnionCat is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, version 3 of the License.
8 *
9 * OnionCat is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with OnionCat. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18#ifndef OCAT_H
19#define OCAT_H
20
21#ifdef HAVE_CONFIG_H
22#include "config.h"
23#endif
24
25#include <stdio.h>
26#include <stdlib.h>
27#include <stdarg.h>
28#include <string.h>
29#include <unistd.h>
30#include <fcntl.h>
31#include <pwd.h>
32#include <errno.h>
33#include <time.h>
34#include <pthread.h>
35#include <signal.h>
36#include <ctype.h>
37#include <syslog.h>
38
39
40#include <sys/time.h>
41#include <sys/select.h>
42#include <sys/ioctl.h>
43#include <sys/stat.h>
44
45#ifdef HAVE_SYS_TYPES_H
46#include <sys/types.h>
47#endif
48#ifdef HAVE_SYS_SOCKET_H
49#include <sys/socket.h>
50#endif
51#ifdef HAVE_ENDIAN_H
52#include <endian.h>
53#elif HAVE_SYS_ENDIAN_H
54#include <sys/endian.h>
55#endif
56#ifdef HAVE_SYS_WAIT_H
57#include <sys/wait.h>
58#endif
59#ifdef HAVE_SYS_ETHERNET_H
60#include <sys/ethernet.h>
61#endif
62#ifdef HAVE_NETINET_IN_H
63#include <netinet/in.h>
64#endif
65#ifdef HAVE_NETINET_IN_SYSTM_H
66#include <netinet/in_systm.h>
67#endif
68#include <arpa/inet.h>
69#ifdef HAVE_NET_IF_H
70#include <net/if.h>
71#endif
72#ifdef HAVE_NETINET_IP_H
73#include <netinet/ip.h>
74#endif
75#ifdef HAVE_NETINET_ICMP6_H
76#include <netinet/icmp6.h>
77#endif
78#ifdef HAVE_NETINET_ETHER_H
79#include <netinet/ether.h>
80#endif
81#ifdef HAVE_NETINET_IF_ETHER_H
82#include <netinet/if_ether.h>
83#endif
84#ifdef HAVE_NETINET_IP6_H
85#include <netinet/ip6.h>
86#endif
87#ifdef HAVE_NETINET_UDP_H
88#include <netinet/udp.h>
89#endif
90#ifdef HAVE_ARPA_NAMESER_H
91#include <arpa/nameser.h>
92#endif
93#ifdef HAVE_NET_ETHERNET_H
94#include <net/ethernet.h>
95#endif
96#ifdef HAVE_LINUX_SOCKIOS_H
97#include <linux/sockios.h>
98#endif
99#ifdef HAVE_LINUX_IF_TUN_H
100#include <linux/if_tun.h>
101#endif
102#ifdef HAVE_NET_IF_TUN_H
103#include <net/if_tun.h>
104#endif
105#ifdef HAVE_NET_TUN_IF_TUN_H
106#include <net/tun/if_tun.h>
107#endif
108
109#ifdef __CYGWIN__
110#include "cygwin/ocat_cygwin.h"
111#endif
112
113#ifndef ETHERTYPE_IP
114#define ETHERTYPE_IP 0x0800
115#endif
116#ifndef ETHERTYPE_IPV6
117#define ETHERTYPE_IPV6 0x86dd
118#endif
119
120#ifndef ETHER_ADDR_LEN
121#ifdef ETHERADDRL
122#define ETHER_ADDR_LEN ETHERADDRL
123#endif
124#endif
125
126// At least on Solaris the Ethernet addresses are defined as struct containing
127// an array of bytes.  This is different from most other OSes which define the
128// addresses directly as array.
129#ifdef HAVE_ETHER_ADDR_OCTET
130#define ether_dst ether_dhost.ether_addr_octet
131#define ether_src ether_shost.ether_addr_octet
132#else
133#define ether_dst ether_dhost
134#define ether_src ether_shost
135#endif
136
137#define IP6HLEN sizeof(struct ip6_hdr)
138//! Length of an .onion-URL (without ".onion" and '\0')
139#define ONION_URL_LEN 16
140
141#define MAXPEERS 1024
142#ifdef __OpenBSD__
143#define OCAT_UNAME "_tor"
144#elif __FreeBSD__
145#define OCAT_UNAME "_tor"
146#else
147#define OCAT_UNAME "tor"
148#endif
149#define OCAT_UNPRIV_UID 65534
150#define OCAT_UNPRIV_UNAME "(unknown)"
151#define OCAT_URL "http://www.abenteuerland.at/onioncat/"
152#define OCAT_DIR ".ocat"
153//#define OCAT_CONNECT_LOG "connect_log"
154#define PID_FILE "/var/run/ocat.pid"
155#define OCAT_AUTHOR "Bernhard R. Fischer"
156
157//! Maximum frame (packet) size, should be able to keep one maximum size ipv6-packet: 2^16 + 40 + 4
158#define FRAME_SIZE 65580
159
160//! Standard buffer size 1024 bytes
161#define SIZE_1K 1024
162#define SIZE_256 256
163
164#define DEQUEUER_WAKEUP 3
165//! maximum number a packet stays in queue
166#define MAX_QUEUE_DELAY 10
167
168//! Maximum idle time for a peer, after that time the peer is closed.
169#define MAX_IDLE_TIME 180
170//! # of secs after a cleaner wakeup occurs
171#define CLEANER_WAKEUP 10
172//! # of secs after stats output is generated
173#define STAT_WAKEUP 600
174//! keepalive time
175#define KEEPALIVE_TIME 60
176//! select timeout (to avoid endless blocking)
177#define SELECT_TIMEOUT 10
178
179#define LOG_FCONN 0x400
180#define LOG_FERR 0x800
181
182#define E_SOCKS_SOCK -1
183#define E_SOCKS_CONN -2
184#define E_SOCKS_REQ -3
185#define E_SOCKS_RQFAIL -4
186#define E_SOCKS_TERMREQ -5
187
188#define E_FWD_NOPEER -1
189#define E_FWD_NOBUF -2
190
191//#define PEER_CONNECT 0
192#define PEER_ACTIVE 1
193
194#define PEER_INCOMING 0
195#define PEER_OUTGOING 1
196
197#define THREAD_NAME_LEN 11
198//! thread stack size (default stack size on OpenBSD is too small)
199#define THREAD_STACK_SIZE 262144
200
201#define SOCKS_NEW 0
202#define SOCKS_CONNECTING 1
203#define SOCKS_4AREQ_SENT 2
204#define SOCKS_4ARESPONSE 3
205#define SOCKS_DELETE 127
206
207#define SOCKS_MAX_RETRY 3
208
209#define E_RT_NOMEM -1
210#define E_RT_DUP -2
211#define E_RT_ILLNM -3
212#define E_RT_SYNTAX -4
213#define E_RT_NULLPTR -5
214#define E_RT_NOTORGW -6
215#define E_RT_GWSELF -7
216
217#define E_ETH_TRUNC -8
218#define E_ETH_ILLDEST -9
219#define E_ETH_ILLPROTO -10
220#define E_ETH_INTERCEPT -11
221
222//! maximum number of MAC address entries in table
223#define MAX_MAC_ENTRY 128
224//! maximum age of MAC address in table
225#define MAX_MAC_AGE 120
226/*
227//! maximum number of IPv6 routes
228#define MAX_IPV6_ROUTE 1024
229*/
230//! retry-delay if connection to TOR's SOCKS port fails
231#define TOR_SOCKS_CONN_TIMEOUT 30
232//! number of attempts for MIN_RECONNECT_TIME is measured
233#define RECONN_ATTEMPTS 3
234//! RECONN_ATTEMPTS must not be faster than MIN_RECONNECT_TIME
235#define MIN_RECONNECT_TIME 30
236//! define default maximum number of concurrent controller sessions
237#define MAX_DEF_CTRL_SESS 5
238
239#define MFD_SET(f,s,m) {FD_SET(f, s); m = f > m ? f : m;}
240
241//! copy an IPv6 address from b to a
242#define IN6_ADDR_COPY(a,b) *((struct in6_addr*)a)=*(struct in6_addr*)b
243
244#define IPV4_KEY 0
245#define IPV6_KEY 1
246
247#define SOCKADDR_SIZE(x) (((struct sockaddr*) x)->sa_family == AF_INET ? sizeof(struct sockaddr_in) : ((struct sockaddr*) x)->sa_family == AF_INET6 ? sizeof(struct sockaddr_in6) : 0)
248
249#define VERSION_STRING_LEN 256
250
251#define MAX_DEF_CTRL 6
252
253#define NTYPE_TOR 0
254#define NTYPE_I2P 1
255
256#ifndef SYSCONFDIR
257#define SYSCONFDIR "/etc"
258#endif
259
260// this macro returns a constains string if a buffer points to NULL.
261#define SSTR(x) (x != NULL ? x : "(nil)")
262
263// Solaris and the Windows OpenVPN tunnel driver do not send a 4 byte tunnel
264// header thus we adjust reads and writes.
265#if defined(__sun__) || defined(__CYGWIN__)
266#define BUF_OFF 4
267#else
268#define BUF_OFF 0
269#endif
270
271
272struct OcatSetup
273{
274   //! frame header of local OS in network byte order
275   //! it is initialized in ocattun.c
276   uint32_t fhd_key[2];
277   int fhd_key_len;
278   //! TCP port of SOCKS port of local Tor proxy
279   //uint16_t tor_socks_port;
280   //! reload port of OnionCat listening for connections
281   //uint16_t ocat_listen_port;
282   //! virtual port of OnionCat hidden service
283   uint16_t ocat_dest_port;
284   //! local port of controller interface
285   uint16_t ocat_ctrl_port;
286   //! file descriptors of TUN device (usually tunfd[0] == tunfd[1])
287   int tunfd[2];
288   int debug_level;
289   //! user name to change uid to
290   char *usrname;
291   char onion_url[SIZE_256];
292   struct in6_addr ocat_addr;
293   //! flag to create connection log
294   int create_clog;
295   //! flag to not change uid to unprivileged user
296   int runasroot;
297   int controller;
298   char *ocat_dir;
299   //! name of tunnel charcter device
300   char *tun_dev;
301   //! tunnel interface name
302   char tunname[SIZE_256];
303   int ipv4_enable;
304   struct in_addr ocat_addr4;
305   int ocat_addr4_mask;
306   char *config_file;
307   int config_read;
308   int config_failed;
309   char *ifup;             //!< path to ifup scripts
310   int use_tap;
311   //! local OnionCat MAC address
312   uint8_t ocat_hwaddr[ETHER_ADDR_LEN];
313   char *pid_file;
314   int create_pid_file;
315   char *logfn;
316   FILE *logf;
317   int use_syslog;
318   int daemon;
319#ifdef CONNECT_ROOT_PEERS
320   //! hardcoded permanent peers
321#define ROOT_PEERS 1
322   struct in6_addr root_peer[ROOT_PEERS];
323#endif
324   time_t uptime;
325   char *frandn;
326   //! destination socket address of Tor's SOCKS port
327   union
328   {
329      struct sockaddr_in *socks_dst;
330      struct sockaddr_in6 *socks_dst6;
331   };
332   //! local listening socket address for incoming connections
333   struct sockaddr **oc_listen;
334   int *oc_listen_fd;
335   int oc_listen_cnt;
336   int rand_addr;
337   char version[VERSION_STRING_LEN];
338   int sizeof_setup;
339   int sig_term, term_req;
340   pthread_mutex_t mutex;
341   //! listening sockets for controller interface
342   struct sockaddr **ctrl_listen;
343   int *ctrl_listen_fd;
344   int ctrl_listen_cnt;
345   //! communication pipe for socks "selected" connector
346   int socksfd[2];
347   int net_type;
348   int max_ctrl, ctrl_active;
349   //! pipe filedescriptors for pid deletion process
350   int pid_fd[2];
351   int sig_usr1, clear_stats;
352   /*! Define if OC connection should be used uni- or bidirectional.
353      Bidirectional has a faster setup time but unidirectional is more safe in
354      respect to security because both ends are verfied. */
355   int unidirectional;
356   int hosts_lookup;
357   const char *domain;     //!< domain name appended to network host name
358   struct in6_addr oc_vdns;
359};
360
361#ifdef PACKET_QUEUE
362typedef struct PacketQueue
363{
364   struct PacketQueue *next;
365   struct in6_addr addr;
366   int psize;
367   time_t time;
368   void *data;
369} PacketQueue_t;
370#endif
371
372typedef struct SocksHdr
373{
374   char ver;
375   char cmd;
376   uint16_t port;
377   struct in_addr addr;
378} __attribute__((packed)) SocksHdr_t;
379
380typedef struct Socks5Hdr
381{
382   char ver;
383   char cmd;
384   char rsv;
385   char atyp;
386   char addr;
387} __attribute__((packed)) Socks5Hdr_t;
388
389typedef struct OcatPeer
390{
391   struct OcatPeer *next;  //!< pointer to next peer in list
392   struct in6_addr addr;   //!< remote address of peer
393   int tcpfd;              //!< remote file descriptor
394   time_t time;            //!< timestamp of latest packet
395   time_t sdelay;          //!< connection setup delay
396   time_t otime;           //!< opening time
397   int state;              //!< status of peer
398   int dir;                //!< direction this session was opened
399   unsigned long out;      //!< bytes output
400   unsigned long in;       //!< bytes input
401   uint32_t *tunhdr;       //!< pointer to local tun frame header
402   char *fragbuf;          //!< pointer to (de)frag buffer
403   char _fragbuf[FRAME_SIZE]; //!< (de)frag buffer
404   int fraglen;            //!< current frag buffer size
405   pthread_mutex_t mutex;  //!< mutex for thread locking
406   int perm;               //!< keep peer permanently open
407   time_t last_io;         //!< timestamp when last I/O packet measurement started
408   unsigned inm;
409   unsigned outm;
410} OcatPeer_t;
411
412typedef struct OcatThread
413{
414   struct OcatThread *next;
415   pthread_t handle;
416   pthread_attr_t attr;
417   int detached;
418   int id;
419   char name[THREAD_NAME_LEN];
420   void *(*entry)(void*);
421   void *parm;
422} OcatThread_t;
423
424typedef struct SocksQueue
425{
426   struct SocksQueue *next;
427   struct in6_addr addr;
428   int state;
429   int perm;
430   int fd;
431   time_t restart_time;
432   time_t connect_time;
433   int retry;
434} SocksQueue_t;
435
436//! IPv4 routing table entry
437typedef struct IPv4Route
438{
439   struct IPv4Route *next[2];    //!< pointer to next routes in binary tree
440   uint32_t dest;
441   uint32_t netmask;
442   struct in6_addr gw;
443} IPv4Route_t;
444
445//! IPv6 routing table entry
446typedef struct IPv6Route
447{
448   struct in6_addr dest;
449   int prefixlen;
450   struct in6_addr gw;
451} IPv6Route_t;
452
453//! IPv6 pseudo header used for checksum calculation
454struct ip6_psh
455{
456   struct in6_addr src;
457   struct in6_addr dst;
458   uint32_t len;
459   char _pad[3];
460   uint8_t nxt;
461} __attribute__((packed));
462
463typedef struct MACTable
464{
465   uint16_t family;
466   union
467   {
468      struct in6_addr in6addr;
469      struct in_addr inaddr;
470   };
471   uint8_t hwaddr[ETHER_ADDR_LEN];
472   time_t age;
473} MACTable_t;
474
475typedef struct ndp6
476{
477   struct ether_header eth;
478   struct ip6_hdr ip6;
479   union
480   {
481      struct icmp6_hdr icmp6;
482      struct nd_neighbor_solicit ndp_sol;
483      struct nd_neighbor_advert ndp_adv;
484   };
485   //struct nd_opt_hdr ndp_opt;
486} __attribute__((packed)) ndp6_t;
487
488struct sockaddr_str
489{
490   sa_family_t sstr_family;
491   uint16_t sstr_port; 
492   char sstr_addr[INET6_ADDRSTRLEN];
493};
494
495/*
496// next header value for ocat internal use (RFC3692)
497#define OCAT_NEXT_HEADER 254
498
499typedef struct OcatHdr
500{
501   uint16_t oh_plen;
502   uint8_t oh_nxt;
503//   struct ip6_hdrctl oh_ip6hdrctl;
504//   char oh_srcid[10];
505} OcatHdr_t;
506
507
508#define OCAT_CTL_SRC 1
509#define OCAT_CTL_EREQ 2
510#define OCAT_CTL_ERES 3
511
512typedef struct OcatCtrlHdr
513{
514   uint8_t oct_type;
515   char oct_srcid[10];
516} OcatCtrlHdr_t;
517*/
518
519
520#ifndef WITHOUT_TUN
521#ifdef __sun__
522#define TUN_DEV "/dev/tun"
523#elif __linux__
524#define TUN_DEV "/dev/net/tun"
525#else
526#define TUN_DEV "/dev/tun0"
527#endif
528extern char *tun_dev_;
529#else
530#define TUN_DEV "STDIO"
531#endif
532
533extern pthread_mutex_t thread_mutex_;
534extern OcatThread_t *octh_;
535
536/* ocat.c */
537
538
539/* ocatlog.c */
540int open_connect_log(const char*);
541void log_msg(int, const char *, ...);
542#ifdef DEBUG
543#define log_debug(x...) log_msg(LOG_DEBUG, ## x)
544#else
545#define log_debug(x...)
546#endif
547
548/* ocatv6conv.c */
549char *ipv6tonion(const struct in6_addr *, char *);
550int oniontipv6(const char *, struct in6_addr *);
551int oniontipv4(const char *, struct in_addr *, int);
552int has_tor_prefix(const struct in6_addr *);
553void rand_onion(char *);
554const char *inet_ntops(const struct sockaddr *, struct sockaddr_str *);
555/*
556#define IN6_HAS_TOR_PREFIX(a) ((((__const uint32_t *) (a))[0] == ((__const uint32_t*)(TOR_PREFIX))[0]) \
557      && (((__const uint16_t*)(a))[2] == ((__const uint16_t*)(TOR_PREFIX))[2]))
558      */
559
560/* ocattun.c */
561#ifndef WITHOUT_TUN
562int tun_alloc(char *, int, struct in6_addr);
563#endif
564
565/* ocatroute.c */
566extern int sockfd_[2];
567void init_peers(void);
568void *socket_receiver(void *);
569void packet_forwarder(void);
570#ifdef PACKET_QUEUE
571void *packet_dequeuer(void *);
572#endif
573void *socket_acceptor(void *);
574void *socket_cleaner(void *);
575void *ocat_controller(void *);
576void *ctrl_handler(void *);
577int insert_peer(int, const SocksQueue_t *, time_t);
578int run_listeners(struct sockaddr **, int *, int, int (*)(int));
579int send_keepalive(OcatPeer_t *);
580void set_select_timeout(struct timeval *);
581void set_nonblock(int);
582void set_tunheader(char *, uint32_t);
583uint32_t get_tunheader(char *);
584
585/* ocatthread.c */
586const OcatThread_t *init_ocat_thread(const char *);
587int run_ocat_thread(const char *, void *(*)(void*), void*);
588const OcatThread_t *get_thread(void);
589int set_thread_name(const char *);
590int join_threads(void);
591void detach_thread(void);
592void print_threads(FILE *);
593int term_req(void);
594void set_term_req(void);
595
596/* ocatcompat.c */
597#ifndef HAVE_STRLCAT
598size_t strlcat(char*, const char*, size_t);
599#endif
600#ifndef HAVE_STRLCPY
601size_t strlcpy(char*, const char*, size_t);
602#endif
603
604/* ocatpeer.c */
605OcatPeer_t *get_first_peer(void);
606OcatPeer_t **get_first_peer_ptr(void);
607int lock_peers(void);
608int unlock_peers(void);
609int lock_peer(OcatPeer_t *);
610int unlock_peer(OcatPeer_t *);
611OcatPeer_t *search_peer(const struct in6_addr *);
612OcatPeer_t *get_empty_peer(void);
613void delete_peer(OcatPeer_t *);
614
615/* ocatsetup.c */
616#define CNF(x) setup_.x
617extern struct OcatSetup setup_;
618void print_setup_struct(FILE *);
619void init_setup(void);
620void post_init_setup(void);
621void lock_setup(void);
622void unlock_setup(void);
623
624/* ocatipv4route.c */
625struct in6_addr *ipv4_lookup_route(uint32_t);
626int parse_route(const char *);
627void print_routes(FILE *);
628
629/* ocateth.c */
630int eth_check(char *, int);
631int mac_set(const struct in6_addr *, uint8_t *);
632void print_mac_tbl(FILE *);
633void mac_cleanup(void);
634char *mac_hw2str(const uint8_t *, char *);
635int ndp_solicit(const struct in6_addr *, const struct in6_addr *);
636#ifndef HAVE_ETHER_NTOA_R
637char *ether_ntoa_r(const struct ether_addr *, char *);
638#endif
639uint16_t checksum(const uint16_t *, int);
640void free_ckbuf(uint16_t *);
641uint16_t *malloc_ckbuf(const struct in6_addr *, const struct in6_addr *, uint16_t, uint8_t, const void *);
642
643/* ocatsocks.c */
644void socks_queue(struct in6_addr, int);
645void print_socks_queue(FILE *);
646void sig_socks_connector(void);
647void *socks_connector_sel(void *);
648
649/* ocatlibe.c */
650void oe_close(int);
651int oe_remtr(char *);
652int strsockaddr(const char *, struct sockaddr *);
653void add_local_listeners(void);
654void add_listener(const char *);
655void delete_listeners(struct sockaddr **, int *, int);
656int fdprintf(int, const char *, va_list);
657
658/* ocatipv6route.c */
659struct in6_addr *ipv6_lookup_route(const struct in6_addr *);
660void ipv6_print_routes(FILE *);
661int ipv6_parse_route(const char *);
662
663#ifdef __CYGWIN__
664/* ocat_wintuntap.c */
665int win_open_tun(char *, int);
666int win_close_tun(void);
667int win_read_tun(char *, int);
668int win_write_tun(const char *, int);
669#define tun_read(x,y,z) win_read_tun(y,z)
670#define tun_write(x,y,z) win_write_tun(y,z)
671#else
672#define tun_read(x,y,z) read(x,y,z)
673#define tun_write(x,y,z) write(x,y,z)
674#endif
675
676/* ocatresolv.c */
677int check_dns(const struct ip6_hdr *, int);
678
679#endif
680
Note: See TracBrowser for help on using the repository browser.