From c111bf3080a91d4acd242419b0ab1263dfd939f3 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 26 Jan 2017 21:54:55 +0000 Subject: Fix tcp-proxy build. --- tcp-proxy/tcp-proxy.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'tcp-proxy/tcp-proxy.cpp') diff --git a/tcp-proxy/tcp-proxy.cpp b/tcp-proxy/tcp-proxy.cpp index 2fe500d1..a7906aae 100644 --- a/tcp-proxy/tcp-proxy.cpp +++ b/tcp-proxy/tcp-proxy.cpp @@ -120,7 +120,7 @@ struct TcpProxyService return (PhySocket *)0; } - void phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *from,void *data,unsigned long len) + void phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *localAddr,const struct sockaddr *from,void *data,unsigned long len) { if (!*uptr) return; @@ -134,7 +134,7 @@ struct TcpProxyService if ((c.tcpWritePtr + 5 + mlen) <= sizeof(c.tcpWriteBuf)) { if (!c.tcpWritePtr) - phy->tcpSetNotifyWritable(c.tcp,true); + phy->setNotifyWritable(c.tcp,true); c.tcpWriteBuf[c.tcpWritePtr++] = 0x17; // look like TLS data c.tcpWriteBuf[c.tcpWritePtr++] = 0x03; // look like TLS 1.2 @@ -257,13 +257,13 @@ struct TcpProxyService { Client &c = *((Client *)*uptr); if (c.tcpWritePtr) { - long n = phy->tcpSend(sock,c.tcpWriteBuf,c.tcpWritePtr); + long n = phy->streamSend(sock,c.tcpWriteBuf,c.tcpWritePtr); if (n > 0) { memmove(c.tcpWriteBuf,c.tcpWriteBuf + n,c.tcpWritePtr -= (unsigned long)n); if (!c.tcpWritePtr) - phy->tcpSetNotifyWritable(sock,false); + phy->setNotifyWritable(sock,false); } - } else phy->tcpSetNotifyWritable(sock,false); + } else phy->setNotifyWritable(sock,false); } void doHousekeeping() -- cgit v1.2.3 From e8d11eb5c548deecf75daa9542da6e27e17acff6 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 1 Jun 2017 17:21:04 -0700 Subject: . --- attic/tcp-proxy/Makefile | 7 + attic/tcp-proxy/README.md | 4 + attic/tcp-proxy/tcp-proxy.cpp | 317 ++++++++++++++++++++++++++++++++++++++++++ service/OneService.cpp | 32 +---- service/OneService.hpp | 45 ++---- tcp-proxy/Makefile | 7 - tcp-proxy/README.md | 4 - tcp-proxy/tcp-proxy.cpp | 317 ------------------------------------------ 8 files changed, 344 insertions(+), 389 deletions(-) create mode 100644 attic/tcp-proxy/Makefile create mode 100644 attic/tcp-proxy/README.md create mode 100644 attic/tcp-proxy/tcp-proxy.cpp delete mode 100644 tcp-proxy/Makefile delete mode 100644 tcp-proxy/README.md delete mode 100644 tcp-proxy/tcp-proxy.cpp (limited to 'tcp-proxy/tcp-proxy.cpp') diff --git a/attic/tcp-proxy/Makefile b/attic/tcp-proxy/Makefile new file mode 100644 index 00000000..af4e71e3 --- /dev/null +++ b/attic/tcp-proxy/Makefile @@ -0,0 +1,7 @@ +CXX=$(shell which clang++ g++ c++ 2>/dev/null | head -n 1) + +all: + $(CXX) -O3 -fno-rtti -o tcp-proxy tcp-proxy.cpp + +clean: + rm -f *.o tcp-proxy *.dSYM diff --git a/attic/tcp-proxy/README.md b/attic/tcp-proxy/README.md new file mode 100644 index 00000000..6f347d64 --- /dev/null +++ b/attic/tcp-proxy/README.md @@ -0,0 +1,4 @@ +TCP Proxy Server +====== + +This is the TCP proxy server we run for TCP tunneling from peers behind fascist NATs. Regular users won't have much use for this. diff --git a/attic/tcp-proxy/tcp-proxy.cpp b/attic/tcp-proxy/tcp-proxy.cpp new file mode 100644 index 00000000..a7906aae --- /dev/null +++ b/attic/tcp-proxy/tcp-proxy.cpp @@ -0,0 +1,317 @@ +/* + * ZeroTier One - Network Virtualization Everywhere + * Copyright (C) 2011-2016 ZeroTier, Inc. https://www.zerotier.com/ + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +// HACK! Will eventually use epoll() or something in Phy<> instead of select(). +// Also be sure to change ulimit -n and fs.file-max in /etc/sysctl.conf on relays. +#if defined(__linux__) || defined(__LINUX__) || defined(__LINUX) || defined(LINUX) +#include +#include +#undef __FD_SETSIZE +#define __FD_SETSIZE 1048576 +#undef FD_SETSIZE +#define FD_SETSIZE 1048576 +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "../osdep/Phy.hpp" + +#define ZT_TCP_PROXY_CONNECTION_TIMEOUT_SECONDS 300 +#define ZT_TCP_PROXY_TCP_PORT 443 + +using namespace ZeroTier; + +/* + * ZeroTier TCP Proxy Server + * + * This implements a simple packet encapsulation that is designed to look like + * a TLS connection. It's not a TLS connection, but it sends TLS format record + * headers. It could be extended in the future to implement a fake TLS + * handshake. + * + * At the moment, each packet is just made to look like TLS application data: + * <[1] TLS content type> - currently 0x17 for "application data" + * <[1] TLS major version> - currently 0x03 for TLS 1.2 + * <[1] TLS minor version> - currently 0x03 for TLS 1.2 + * <[2] payload length> - 16-bit length of payload in bytes + * <[...] payload> - Message payload + * + * TCP is inherently inefficient for encapsulating Ethernet, since TCP and TCP + * like protocols over TCP lead to double-ACKs. So this transport is only used + * to enable access when UDP or other datagram protocols are not available. + * + * Clients send a greeting, which is a four-byte message that contains: + * <[1] ZeroTier major version> + * <[1] minor version> + * <[2] revision> + * + * If a client has sent a greeting, it uses the new version of this protocol + * in which every encapsulated ZT packet is prepended by an IP address where + * it should be forwarded (or where it came from for replies). This causes + * this proxy to act as a remote UDP socket similar to a socks proxy, which + * will allow us to move this function off the rootservers and onto dedicated + * proxy nodes. + * + * Older ZT clients that do not send this message get their packets relayed + * to/from 127.0.0.1:9993, which will allow them to talk to and relay via + * the ZT node on the same machine as the proxy. We'll only support this for + * as long as such nodes appear to be in the wild. + */ + +struct TcpProxyService; +struct TcpProxyService +{ + Phy *phy; + int udpPortCounter; + struct Client + { + char tcpReadBuf[131072]; + char tcpWriteBuf[131072]; + unsigned long tcpWritePtr; + unsigned long tcpReadPtr; + PhySocket *tcp; + PhySocket *udp; + time_t lastActivity; + bool newVersion; + }; + std::map< PhySocket *,Client > clients; + + PhySocket *getUnusedUdp(void *uptr) + { + for(int i=0;i<65535;++i) { + ++udpPortCounter; + if (udpPortCounter > 0xfffe) + udpPortCounter = 1024; + struct sockaddr_in laddr; + memset(&laddr,0,sizeof(struct sockaddr_in)); + laddr.sin_family = AF_INET; + laddr.sin_port = htons((uint16_t)udpPortCounter); + PhySocket *udp = phy->udpBind(reinterpret_cast(&laddr),uptr); + if (udp) + return udp; + } + return (PhySocket *)0; + } + + void phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *localAddr,const struct sockaddr *from,void *data,unsigned long len) + { + if (!*uptr) + return; + if ((from->sa_family == AF_INET)&&(len >= 16)&&(len < 2048)) { + Client &c = *((Client *)*uptr); + c.lastActivity = time((time_t *)0); + + unsigned long mlen = len; + if (c.newVersion) + mlen += 7; // new clients get IP info + + if ((c.tcpWritePtr + 5 + mlen) <= sizeof(c.tcpWriteBuf)) { + if (!c.tcpWritePtr) + phy->setNotifyWritable(c.tcp,true); + + c.tcpWriteBuf[c.tcpWritePtr++] = 0x17; // look like TLS data + c.tcpWriteBuf[c.tcpWritePtr++] = 0x03; // look like TLS 1.2 + c.tcpWriteBuf[c.tcpWritePtr++] = 0x03; // look like TLS 1.2 + + c.tcpWriteBuf[c.tcpWritePtr++] = (char)((mlen >> 8) & 0xff); + c.tcpWriteBuf[c.tcpWritePtr++] = (char)(mlen & 0xff); + + if (c.newVersion) { + c.tcpWriteBuf[c.tcpWritePtr++] = (char)4; // IPv4 + *((uint32_t *)(c.tcpWriteBuf + c.tcpWritePtr)) = ((const struct sockaddr_in *)from)->sin_addr.s_addr; + c.tcpWritePtr += 4; + *((uint16_t *)(c.tcpWriteBuf + c.tcpWritePtr)) = ((const struct sockaddr_in *)from)->sin_port; + c.tcpWritePtr += 2; + } + + for(unsigned long i=0;i %.16llx\n",inet_ntoa(reinterpret_cast(from)->sin_addr),(int)ntohs(reinterpret_cast(from)->sin_port),(unsigned long long)&c); + } + } + + void phyOnTcpConnect(PhySocket *sock,void **uptr,bool success) + { + // unused, we don't initiate outbound connections + } + + void phyOnTcpAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN,const struct sockaddr *from) + { + Client &c = clients[sockN]; + PhySocket *udp = getUnusedUdp((void *)&c); + if (!udp) { + phy->close(sockN); + clients.erase(sockN); + //printf("** TCP rejected, no more UDP ports to assign\n"); + return; + } + c.tcpWritePtr = 0; + c.tcpReadPtr = 0; + c.tcp = sockN; + c.udp = udp; + c.lastActivity = time((time_t *)0); + c.newVersion = false; + *uptrN = (void *)&c; + //printf("<< TCP from %s -> %.16llx\n",inet_ntoa(reinterpret_cast(from)->sin_addr),(unsigned long long)&c); + } + + void phyOnTcpClose(PhySocket *sock,void **uptr) + { + if (!*uptr) + return; + Client &c = *((Client *)*uptr); + phy->close(c.udp); + clients.erase(sock); + //printf("** TCP %.16llx closed\n",(unsigned long long)*uptr); + } + + void phyOnTcpData(PhySocket *sock,void **uptr,void *data,unsigned long len) + { + Client &c = *((Client *)*uptr); + c.lastActivity = time((time_t *)0); + + for(unsigned long i=0;i= sizeof(c.tcpReadBuf)) { + phy->close(sock); + return; + } + c.tcpReadBuf[c.tcpReadPtr++] = ((const char *)data)[i]; + + if (c.tcpReadPtr >= 5) { + unsigned long mlen = ( ((((unsigned long)c.tcpReadBuf[3]) & 0xff) << 8) | (((unsigned long)c.tcpReadBuf[4]) & 0xff) ); + if (c.tcpReadPtr >= (mlen + 5)) { + if (mlen == 4) { + // Right now just sending this means the client is 'new enough' for the IP header + c.newVersion = true; + //printf("<< TCP %.16llx HELLO\n",(unsigned long long)*uptr); + } else if (mlen >= 7) { + char *payload = c.tcpReadBuf + 5; + unsigned long payloadLen = mlen; + + struct sockaddr_in dest; + memset(&dest,0,sizeof(dest)); + if (c.newVersion) { + if (*payload == (char)4) { + // New clients tell us where their packets go. + ++payload; + dest.sin_family = AF_INET; + dest.sin_addr.s_addr = *((uint32_t *)payload); + payload += 4; + dest.sin_port = *((uint16_t *)payload); // will be in network byte order already + payload += 2; + payloadLen -= 7; + } + } else { + // For old clients we will just proxy everything to a local ZT instance. The + // fact that this will come from 127.0.0.1 will in turn prevent that instance + // from doing unite() with us. It'll just forward. There will not be many of + // these. + dest.sin_family = AF_INET; + dest.sin_addr.s_addr = htonl(0x7f000001); // 127.0.0.1 + dest.sin_port = htons(9993); + } + + // Note: we do not relay to privileged ports... just an abuse prevention rule. + if ((ntohs(dest.sin_port) > 1024)&&(payloadLen >= 16)) { + phy->udpSend(c.udp,(const struct sockaddr *)&dest,payload,payloadLen); + //printf(">> TCP %.16llx to %s:%d\n",(unsigned long long)*uptr,inet_ntoa(dest.sin_addr),(int)ntohs(dest.sin_port)); + } + } + + memmove(c.tcpReadBuf,c.tcpReadBuf + (mlen + 5),c.tcpReadPtr -= (mlen + 5)); + } + } + } + } + + void phyOnTcpWritable(PhySocket *sock,void **uptr) + { + Client &c = *((Client *)*uptr); + if (c.tcpWritePtr) { + long n = phy->streamSend(sock,c.tcpWriteBuf,c.tcpWritePtr); + if (n > 0) { + memmove(c.tcpWriteBuf,c.tcpWriteBuf + n,c.tcpWritePtr -= (unsigned long)n); + if (!c.tcpWritePtr) + phy->setNotifyWritable(sock,false); + } + } else phy->setNotifyWritable(sock,false); + } + + void doHousekeeping() + { + std::vector toClose; + time_t now = time((time_t *)0); + for(std::map< PhySocket *,Client >::iterator c(clients.begin());c!=clients.end();++c) { + if ((now - c->second.lastActivity) >= ZT_TCP_PROXY_CONNECTION_TIMEOUT_SECONDS) { + toClose.push_back(c->first); + toClose.push_back(c->second.udp); + } + } + for(std::vector::iterator s(toClose.begin());s!=toClose.end();++s) + phy->close(*s); + } +}; + +int main(int argc,char **argv) +{ + signal(SIGPIPE,SIG_IGN); + signal(SIGHUP,SIG_IGN); + srand(time((time_t *)0)); + + TcpProxyService svc; + Phy phy(&svc,false,true); + svc.phy = &phy; + svc.udpPortCounter = 1023; + + { + struct sockaddr_in laddr; + memset(&laddr,0,sizeof(laddr)); + laddr.sin_family = AF_INET; + laddr.sin_port = htons(ZT_TCP_PROXY_TCP_PORT); + if (!phy.tcpListen((const struct sockaddr *)&laddr)) { + fprintf(stderr,"%s: fatal error: unable to bind TCP port %d\n",argv[0],ZT_TCP_PROXY_TCP_PORT); + return 1; + } + } + + time_t lastDidHousekeeping = time((time_t *)0); + for(;;) { + phy.poll(120000); + time_t now = time((time_t *)0); + if ((now - lastDidHousekeeping) > 120) { + lastDidHousekeeping = now; + svc.doHousekeeping(); + } + } + + return 0; +} diff --git a/service/OneService.cpp b/service/OneService.cpp index 1fabb7d9..7d290df7 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -85,16 +85,6 @@ using json = nlohmann::json; -/** - * Uncomment to enable UDP breakage switch - * - * If this is defined, the presence of a file called /tmp/ZT_BREAK_UDP - * will cause direct UDP TX/RX to stop working. This can be used to - * test TCP tunneling fallback and other robustness features. Deleting - * this file will cause it to start working again. - */ -//#define ZT_BREAK_UDP - #include "../controller/EmbeddedNetworkController.hpp" #ifdef ZT_USE_TEST_TAP @@ -105,11 +95,13 @@ namespace ZeroTier { typedef TestEthernetTap EthernetTap; } #else #ifdef ZT_SDK - #include "../controller/EmbeddedNetworkController.hpp" - #include "../node/Node.hpp" - // Use the virtual netcon endpoint instead of a tun/tap port driver - #include "../src/SocketTap.hpp" - namespace ZeroTier { typedef SocketTap EthernetTap; } + +#include "../controller/EmbeddedNetworkController.hpp" +#include "../node/Node.hpp" +// Use the virtual netcon endpoint instead of a tun/tap port driver +#include "../src/SocketTap.hpp" +namespace ZeroTier { typedef SocketTap EthernetTap; } + #else #ifdef __APPLE__ @@ -1783,11 +1775,6 @@ public: } #endif -#ifdef ZT_BREAK_UDP - if (OSUtils::fileExists("/tmp/ZT_BREAK_UDP")) - return; -#endif - if ((len >= 16)&&(reinterpret_cast(from)->ipScope() == InetAddress::IP_SCOPE_GLOBAL)) _lastDirectReceiveFromGlobal = OSUtils::now(); @@ -2271,11 +2258,6 @@ public: return -1; } -#ifdef ZT_BREAK_UDP - if (OSUtils::fileExists("/tmp/ZT_BREAK_UDP")) - return 0; // silently break UDP -#endif - return (_bindings[fromBindingNo].udpSend(_phy,*(reinterpret_cast(localAddr)),*(reinterpret_cast(addr)),data,len,ttl)) ? 0 : -1; } diff --git a/service/OneService.hpp b/service/OneService.hpp index b770a3c0..eba10ca0 100644 --- a/service/OneService.hpp +++ b/service/OneService.hpp @@ -33,10 +33,10 @@ #include "../node/InetAddress.hpp" #ifdef ZT_SDK - #include "../node/Node.hpp" - // Use the virtual netcon endpoint instead of a tun/tap port driver - #include "../src/SocketTap.hpp" - namespace ZeroTier { typedef SocketTap EthernetTap; } +#include "../node/Node.hpp" +// Use the virtual netcon endpoint instead of a tun/tap port driver +#include "../src/SocketTap.hpp" +namespace ZeroTier { typedef SocketTap EthernetTap; } #endif namespace ZeroTier { @@ -147,42 +147,15 @@ public: virtual std::string portDeviceName(uint64_t nwid) const = 0; #ifdef ZT_SDK - /** - * Leaves a network - */ - virtual void leave(const char *hp) = 0; - - /** - * Joins a network - */ + virtual void leave(const char *hp) = 0; virtual void join(const char *hp) = 0; - - /** - * Returns the homePath given by the client application - */ - virtual std::string givenHomePath() = 0; - - /* - * Returns a SocketTap that is associated with the given nwid - */ - virtual EthernetTap * getTap(uint64_t nwid) = 0; - - /* - * Returns a SocketTap that cant function as a route to the specified host - */ - virtual EthernetTap * getTap(InetAddress &addr) = 0; - - /* - * Returns a pointer to the Node - */ + virtual std::string givenHomePath() = 0; + virtual EthernetTap * getTap(uint64_t nwid) = 0; + virtual EthernetTap * getTap(InetAddress &addr) = 0; virtual Node * getNode() = 0; - - /* - * Delete all SocketTap interfaces - */ virtual void removeNets() = 0; #endif - + /** * Terminate background service (can be called from other threads) */ diff --git a/tcp-proxy/Makefile b/tcp-proxy/Makefile deleted file mode 100644 index af4e71e3..00000000 --- a/tcp-proxy/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -CXX=$(shell which clang++ g++ c++ 2>/dev/null | head -n 1) - -all: - $(CXX) -O3 -fno-rtti -o tcp-proxy tcp-proxy.cpp - -clean: - rm -f *.o tcp-proxy *.dSYM diff --git a/tcp-proxy/README.md b/tcp-proxy/README.md deleted file mode 100644 index 6f347d64..00000000 --- a/tcp-proxy/README.md +++ /dev/null @@ -1,4 +0,0 @@ -TCP Proxy Server -====== - -This is the TCP proxy server we run for TCP tunneling from peers behind fascist NATs. Regular users won't have much use for this. diff --git a/tcp-proxy/tcp-proxy.cpp b/tcp-proxy/tcp-proxy.cpp deleted file mode 100644 index a7906aae..00000000 --- a/tcp-proxy/tcp-proxy.cpp +++ /dev/null @@ -1,317 +0,0 @@ -/* - * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2016 ZeroTier, Inc. https://www.zerotier.com/ - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// HACK! Will eventually use epoll() or something in Phy<> instead of select(). -// Also be sure to change ulimit -n and fs.file-max in /etc/sysctl.conf on relays. -#if defined(__linux__) || defined(__LINUX__) || defined(__LINUX) || defined(LINUX) -#include -#include -#undef __FD_SETSIZE -#define __FD_SETSIZE 1048576 -#undef FD_SETSIZE -#define FD_SETSIZE 1048576 -#endif - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include "../osdep/Phy.hpp" - -#define ZT_TCP_PROXY_CONNECTION_TIMEOUT_SECONDS 300 -#define ZT_TCP_PROXY_TCP_PORT 443 - -using namespace ZeroTier; - -/* - * ZeroTier TCP Proxy Server - * - * This implements a simple packet encapsulation that is designed to look like - * a TLS connection. It's not a TLS connection, but it sends TLS format record - * headers. It could be extended in the future to implement a fake TLS - * handshake. - * - * At the moment, each packet is just made to look like TLS application data: - * <[1] TLS content type> - currently 0x17 for "application data" - * <[1] TLS major version> - currently 0x03 for TLS 1.2 - * <[1] TLS minor version> - currently 0x03 for TLS 1.2 - * <[2] payload length> - 16-bit length of payload in bytes - * <[...] payload> - Message payload - * - * TCP is inherently inefficient for encapsulating Ethernet, since TCP and TCP - * like protocols over TCP lead to double-ACKs. So this transport is only used - * to enable access when UDP or other datagram protocols are not available. - * - * Clients send a greeting, which is a four-byte message that contains: - * <[1] ZeroTier major version> - * <[1] minor version> - * <[2] revision> - * - * If a client has sent a greeting, it uses the new version of this protocol - * in which every encapsulated ZT packet is prepended by an IP address where - * it should be forwarded (or where it came from for replies). This causes - * this proxy to act as a remote UDP socket similar to a socks proxy, which - * will allow us to move this function off the rootservers and onto dedicated - * proxy nodes. - * - * Older ZT clients that do not send this message get their packets relayed - * to/from 127.0.0.1:9993, which will allow them to talk to and relay via - * the ZT node on the same machine as the proxy. We'll only support this for - * as long as such nodes appear to be in the wild. - */ - -struct TcpProxyService; -struct TcpProxyService -{ - Phy *phy; - int udpPortCounter; - struct Client - { - char tcpReadBuf[131072]; - char tcpWriteBuf[131072]; - unsigned long tcpWritePtr; - unsigned long tcpReadPtr; - PhySocket *tcp; - PhySocket *udp; - time_t lastActivity; - bool newVersion; - }; - std::map< PhySocket *,Client > clients; - - PhySocket *getUnusedUdp(void *uptr) - { - for(int i=0;i<65535;++i) { - ++udpPortCounter; - if (udpPortCounter > 0xfffe) - udpPortCounter = 1024; - struct sockaddr_in laddr; - memset(&laddr,0,sizeof(struct sockaddr_in)); - laddr.sin_family = AF_INET; - laddr.sin_port = htons((uint16_t)udpPortCounter); - PhySocket *udp = phy->udpBind(reinterpret_cast(&laddr),uptr); - if (udp) - return udp; - } - return (PhySocket *)0; - } - - void phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *localAddr,const struct sockaddr *from,void *data,unsigned long len) - { - if (!*uptr) - return; - if ((from->sa_family == AF_INET)&&(len >= 16)&&(len < 2048)) { - Client &c = *((Client *)*uptr); - c.lastActivity = time((time_t *)0); - - unsigned long mlen = len; - if (c.newVersion) - mlen += 7; // new clients get IP info - - if ((c.tcpWritePtr + 5 + mlen) <= sizeof(c.tcpWriteBuf)) { - if (!c.tcpWritePtr) - phy->setNotifyWritable(c.tcp,true); - - c.tcpWriteBuf[c.tcpWritePtr++] = 0x17; // look like TLS data - c.tcpWriteBuf[c.tcpWritePtr++] = 0x03; // look like TLS 1.2 - c.tcpWriteBuf[c.tcpWritePtr++] = 0x03; // look like TLS 1.2 - - c.tcpWriteBuf[c.tcpWritePtr++] = (char)((mlen >> 8) & 0xff); - c.tcpWriteBuf[c.tcpWritePtr++] = (char)(mlen & 0xff); - - if (c.newVersion) { - c.tcpWriteBuf[c.tcpWritePtr++] = (char)4; // IPv4 - *((uint32_t *)(c.tcpWriteBuf + c.tcpWritePtr)) = ((const struct sockaddr_in *)from)->sin_addr.s_addr; - c.tcpWritePtr += 4; - *((uint16_t *)(c.tcpWriteBuf + c.tcpWritePtr)) = ((const struct sockaddr_in *)from)->sin_port; - c.tcpWritePtr += 2; - } - - for(unsigned long i=0;i %.16llx\n",inet_ntoa(reinterpret_cast(from)->sin_addr),(int)ntohs(reinterpret_cast(from)->sin_port),(unsigned long long)&c); - } - } - - void phyOnTcpConnect(PhySocket *sock,void **uptr,bool success) - { - // unused, we don't initiate outbound connections - } - - void phyOnTcpAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN,const struct sockaddr *from) - { - Client &c = clients[sockN]; - PhySocket *udp = getUnusedUdp((void *)&c); - if (!udp) { - phy->close(sockN); - clients.erase(sockN); - //printf("** TCP rejected, no more UDP ports to assign\n"); - return; - } - c.tcpWritePtr = 0; - c.tcpReadPtr = 0; - c.tcp = sockN; - c.udp = udp; - c.lastActivity = time((time_t *)0); - c.newVersion = false; - *uptrN = (void *)&c; - //printf("<< TCP from %s -> %.16llx\n",inet_ntoa(reinterpret_cast(from)->sin_addr),(unsigned long long)&c); - } - - void phyOnTcpClose(PhySocket *sock,void **uptr) - { - if (!*uptr) - return; - Client &c = *((Client *)*uptr); - phy->close(c.udp); - clients.erase(sock); - //printf("** TCP %.16llx closed\n",(unsigned long long)*uptr); - } - - void phyOnTcpData(PhySocket *sock,void **uptr,void *data,unsigned long len) - { - Client &c = *((Client *)*uptr); - c.lastActivity = time((time_t *)0); - - for(unsigned long i=0;i= sizeof(c.tcpReadBuf)) { - phy->close(sock); - return; - } - c.tcpReadBuf[c.tcpReadPtr++] = ((const char *)data)[i]; - - if (c.tcpReadPtr >= 5) { - unsigned long mlen = ( ((((unsigned long)c.tcpReadBuf[3]) & 0xff) << 8) | (((unsigned long)c.tcpReadBuf[4]) & 0xff) ); - if (c.tcpReadPtr >= (mlen + 5)) { - if (mlen == 4) { - // Right now just sending this means the client is 'new enough' for the IP header - c.newVersion = true; - //printf("<< TCP %.16llx HELLO\n",(unsigned long long)*uptr); - } else if (mlen >= 7) { - char *payload = c.tcpReadBuf + 5; - unsigned long payloadLen = mlen; - - struct sockaddr_in dest; - memset(&dest,0,sizeof(dest)); - if (c.newVersion) { - if (*payload == (char)4) { - // New clients tell us where their packets go. - ++payload; - dest.sin_family = AF_INET; - dest.sin_addr.s_addr = *((uint32_t *)payload); - payload += 4; - dest.sin_port = *((uint16_t *)payload); // will be in network byte order already - payload += 2; - payloadLen -= 7; - } - } else { - // For old clients we will just proxy everything to a local ZT instance. The - // fact that this will come from 127.0.0.1 will in turn prevent that instance - // from doing unite() with us. It'll just forward. There will not be many of - // these. - dest.sin_family = AF_INET; - dest.sin_addr.s_addr = htonl(0x7f000001); // 127.0.0.1 - dest.sin_port = htons(9993); - } - - // Note: we do not relay to privileged ports... just an abuse prevention rule. - if ((ntohs(dest.sin_port) > 1024)&&(payloadLen >= 16)) { - phy->udpSend(c.udp,(const struct sockaddr *)&dest,payload,payloadLen); - //printf(">> TCP %.16llx to %s:%d\n",(unsigned long long)*uptr,inet_ntoa(dest.sin_addr),(int)ntohs(dest.sin_port)); - } - } - - memmove(c.tcpReadBuf,c.tcpReadBuf + (mlen + 5),c.tcpReadPtr -= (mlen + 5)); - } - } - } - } - - void phyOnTcpWritable(PhySocket *sock,void **uptr) - { - Client &c = *((Client *)*uptr); - if (c.tcpWritePtr) { - long n = phy->streamSend(sock,c.tcpWriteBuf,c.tcpWritePtr); - if (n > 0) { - memmove(c.tcpWriteBuf,c.tcpWriteBuf + n,c.tcpWritePtr -= (unsigned long)n); - if (!c.tcpWritePtr) - phy->setNotifyWritable(sock,false); - } - } else phy->setNotifyWritable(sock,false); - } - - void doHousekeeping() - { - std::vector toClose; - time_t now = time((time_t *)0); - for(std::map< PhySocket *,Client >::iterator c(clients.begin());c!=clients.end();++c) { - if ((now - c->second.lastActivity) >= ZT_TCP_PROXY_CONNECTION_TIMEOUT_SECONDS) { - toClose.push_back(c->first); - toClose.push_back(c->second.udp); - } - } - for(std::vector::iterator s(toClose.begin());s!=toClose.end();++s) - phy->close(*s); - } -}; - -int main(int argc,char **argv) -{ - signal(SIGPIPE,SIG_IGN); - signal(SIGHUP,SIG_IGN); - srand(time((time_t *)0)); - - TcpProxyService svc; - Phy phy(&svc,false,true); - svc.phy = &phy; - svc.udpPortCounter = 1023; - - { - struct sockaddr_in laddr; - memset(&laddr,0,sizeof(laddr)); - laddr.sin_family = AF_INET; - laddr.sin_port = htons(ZT_TCP_PROXY_TCP_PORT); - if (!phy.tcpListen((const struct sockaddr *)&laddr)) { - fprintf(stderr,"%s: fatal error: unable to bind TCP port %d\n",argv[0],ZT_TCP_PROXY_TCP_PORT); - return 1; - } - } - - time_t lastDidHousekeeping = time((time_t *)0); - for(;;) { - phy.poll(120000); - time_t now = time((time_t *)0); - if ((now - lastDidHousekeeping) > 120) { - lastDidHousekeeping = now; - svc.doHousekeeping(); - } - } - - return 0; -} -- cgit v1.2.3