X-Git-Url: https://git.distorted.org.uk/~mdw/userv-utils/blobdiff_plain/b18a1d7b97679cf304b8badd9d011dffd0e7bcdf..c07be3595a60917243c741a53d7a2644db897a71:/ipif/forwarder.c

diff --git a/ipif/forwarder.c b/ipif/forwarder.c
index 5867832..66f8690 100644
--- a/ipif/forwarder.c
+++ b/ipif/forwarder.c
@@ -1,14 +1,15 @@
 /*
- * Encrypting tunnel for userv-ipif tunnels, actual implementation
- *
+ * Encrypting tunnel for userv-ipif tunnels, actual core implementation
+ */
+/*
  * usage:
  *  udptunnel-forwarder <optchars>
  *                      <public-local-fd> <private-in-fd> <private-out-fd>
  *                      <encdec-keys-fd>
- *                      <mtu> <keepalive> <timeout>
+ *                      <mtu> <keepalive> <timeout> <reannounce>
  *                      <public-remote-addr> [<public-remote-port>]
- *                      !<mech1> [<mech1-params> ...]
- *                      !<mech2> [<mech2-params> ...]
+ *                      |<mech1> [<mech1-params> ...]
+ *                      |<mech2> [<mech2-params> ...]
  *                      ''
  *
  * Remote addr may '' to mean wait to receive a packet and reply to
@@ -19,7 +20,11 @@
  *    w   means generate and write encdec keys, rather than reading them
  *    K   means do crypto debug (use with care!)
  *
- * Every must be numeric.  There is very little argument checking.
+ * encdec keys datastream has keys for packets from key datastream
+ * writer to reader first, then keys for packets from reader to
+ * writer.
+ *
+ * Every addr or port must be numeric.  There is very little argument checking.
  *
  * Exit status:
  *  SIGALARM   timed out
@@ -29,6 +34,24 @@
  *      12     usage error
  *      16     bad trouble
  */
+/*
+ * Copyright (C) 2000,2003 Ian Jackson
+ * This file is part of ipif, part of userv-utils
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with userv-utils; if not, write to the Free Software
+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
 
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -53,7 +76,7 @@ static struct utsname uname_result;
 
 static const char *opt_chars;
 static int public_local_fd, private_in_fd, private_out_fd;
-static int mtu2, keepalive, timeout;
+static int mtu2, keepalive, timeout, reannounce;
 static int public_remote_specd;
 static struct sockaddr_in public_remote;
 static int encdec_keys_fd, encdec_keys_write, crypto_debug;
@@ -71,8 +94,8 @@ static time_t nextsendka;
 
 static void cdebug(int mechno /*or -1*/, const char *msg) {
   if (!crypto_debug) return;
-  printf("%s: CRYPTO: %-20s %s\n",
-	 programid,
+  printf("%-8.8s: CRYPTO: %-20s %s\n",
+	 uname_result.nodename,
 	 mechno >= 0 ? mechs[mechno]->name : "",
 	 msg);
 }
@@ -127,6 +150,7 @@ void random_key(void *ptr, size_t sz) {
     write_must(encdec_keys_fd,ptr,sz,"write keys datastream");
   } else {
     read_must(encdec_keys_fd,ptr,sz,"read keys datastream");
+    cdebughex(-1, "random_key", ptr, sz, 0,0,0);
   }
 }
 
@@ -155,6 +179,8 @@ static const struct mechanism *find_mech(const char *name) {
 
 static void inbound(void) {
   static int any_recvd;
+  static time_t nextreann;
+  static unsigned long npackets, nbytes;
   
   struct sockaddr_in this_saddr;
   int r, i, different, this_saddrlen;
@@ -186,12 +212,18 @@ static void inbound(void) {
   for (i=n_mechs-1; i>=0; i--) {
     emsg= mechs[i]->decode(md_in[i],&buf_in);
     if (emsg) {
-      fprintf(stderr, "%s: bad packet: %s: %s\n", programid, mechs[i]->name, emsg);
+      if (*emsg)
+	fprintf(stderr, "%s: bad packet: %s: %s\n",
+		programid, mechs[i]->name, emsg);
+      else
+	cdebug(i,"silently discarded");
       return;
     }
     cdebugbuf(i, "decode", &buf_in, 3,0);
   }
 
+  npackets++;
+  nbytes += buf_in.size;
   alarm(timeout);
 
   different= (!public_remote_specd ||
@@ -218,8 +250,22 @@ static void inbound(void) {
 
     diag("tunnel open");
 
+  } else if (reannounce && now() >= nextreann) {
+
+    fprintf(stderr, "%s: tunnel still open: received %lu packets, %lu bytes\n",
+	    programid, npackets, nbytes);
+
+  } else {
+
+    goto no_set_reann; /* only reset this if we don't print a message. */
+
   }
 
+  if (reannounce)
+    nextreann= now() + reannounce;
+  
+no_set_reann:
+
   any_recvd= 1;
 
   if (!buf_in.size || *buf_in.start != 0300) {
@@ -318,6 +364,7 @@ int main(int argc, const char *const *const argv_in) {
   mtu2= getarg_ulong() * 2;
   keepalive= getarg_ulong();
   timeout= getarg_ulong();
+  reannounce= getarg_ulong();
   
   arg= getarg_string();
   if (*arg) {
@@ -335,18 +382,26 @@ int main(int argc, const char *const *const argv_in) {
   maxprefix= 0;
   i= 0;
   while ((arg= *++argv)) {
-    arg_assert(*arg++ == '!');
+    arg_assert(*arg++ == '|');
     arg_assert(i <= MAXMECHS);
     mechs[i]= find_mech(arg);
-    cdebug(i,"encsetup");
 
+    cdebug(i,"writer->reader setup");
     argv_save= argv;
-    mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix);
+
+    if (encdec_keys_write)
+      mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix);
+    else
+      mechs[i]->decsetup(&md_in[i]);
 
     argv_done= argv;
     argv= argv_save;
-    cdebug(i,"decsetup");
-    mechs[i]->decsetup(&md_in[i]);
+    cdebug(i,"reader->writer setup");
+
+    if (encdec_keys_write)
+      mechs[i]->decsetup(&md_in[i]);
+    else
+      mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix);
 
     assert(argv == argv_done);