├── INSTALL ├── Makefile ├── README.md ├── VERSION ├── build.sh ├── cfg.mk.in ├── configure-freebsd.ac ├── configure-windows.ac ├── configure.ac └── src ├── Makefile ├── Makefile.windows ├── base64.c ├── base64.h ├── capture.h ├── cfg.h.in ├── checksum.c ├── checksum.h ├── cktp.h ├── cktp_client.c ├── cktp_client.h ├── cktp_common.c ├── cktp_common.h ├── cktp_encoding.c ├── cktp_encoding.h ├── cktp_server.c ├── cktp_server.h ├── cktp_url.c ├── cktp_url.h ├── client.c ├── config.c ├── config.h ├── cookie.h ├── encodings ├── aes.c ├── aes.h ├── aes_hardware.c ├── aes_hardware.h ├── crypt.c ├── crypt.h ├── natural.c ├── natural.h ├── pad.c └── pad.h ├── freebsd ├── capture.c ├── misc.c ├── socket.h └── thread.h ├── http_server.c ├── http_server.h ├── install.c ├── install.h ├── install ├── install.browser.sh ├── install.cache ├── install.config ├── install.crypt.cache ├── install.pf.conf └── install.version ├── linux ├── capture.c ├── misc.c ├── socket.h └── thread.h ├── log.c ├── log.h ├── macosx ├── misc.h ├── options.c ├── options.h ├── packet.c ├── packet.h ├── packet_dispatch.c ├── packet_dispatch.h ├── packet_filter.c ├── packet_filter.h ├── packet_protocol.c ├── packet_protocol.h ├── packet_track.c ├── packet_track.h ├── quota.c ├── quota.h ├── random.c ├── random.h ├── server.c ├── server_table.c ├── server_table.h ├── socket.h ├── thread.h ├── tools ├── build_clientdeb.sh ├── build_serverdeb.sh ├── client.deb │ ├── control │ └── postinst.in ├── file2c.c ├── init.d.sh.in ├── reqrypt.service └── server.deb │ ├── control │ ├── postinst.in │ ├── postrm.in │ └── prerm.in ├── tunnel.c ├── tunnel.h ├── ui ├── 404.html ├── 500.html ├── favicon.ico ├── gpl3.txt ├── head.html ├── help-contents.html ├── help.html ├── license.html ├── log-frame.html ├── log.html ├── log.js ├── motd.js ├── options.html ├── script.js ├── state.html ├── style.css ├── tabs-error.html ├── tabs.html ├── title.html └── tunnels.js └── windows ├── capture.c ├── icon.ico ├── install └── install.nsi.in ├── manifest.xml ├── misc.c ├── resources.rc ├── socket.h └── thread.h /INSTALL: -------------------------------------------------------------------------------- 1 | BUILD INSTRUCTIONS: 2 | =================== 3 | 4 | NOTES: 5 | 6 | Linux users can build with the build.sh script. This script will build 7 | the Linux client and server, and Windows clients. The script will attempt 8 | to automatically download the WinDivert dependency, otherwise it can be 9 | specified by the '-d ' option. 10 | 11 | LINUX: 12 | 13 | 1) Make sure that the following packages are installed (e.g. with apt-get 14 | install): 15 | - gcc 16 | - autoconf 17 | - libssl-dev (server only) 18 | - libgmp3-dev (server only) 19 | 20 | 2) Run the following commands: 21 | $ autoconf 22 | $ ./configure 23 | $ make client_install 24 | $ make server_install # (server) 25 | $ make client_install32 # (32-bit client) 26 | 27 | FREEBSD: 28 | 29 | NOTE: freebsd version can only be built on a FreeBSD system. 30 | 31 | NOTE: to run the freebsd version you need to enable ipfw and divert 32 | sockets, i.e., ipfw_load="YES" and ipdivert_load="YES" 33 | 34 | 1) Make sure that the following packages are installed (e.g. with 35 | pkg_add -r): 36 | - gcc 37 | - autoconf 38 | - sudo (& add yourself as a sudoer) 39 | - gmake (& replace make with gmake) 40 | 41 | 2) Run the following commands: 42 | $ autoconf -o configure configure-freebsd.ac 43 | $ ./configure 44 | $ make client_install_freebsd 45 | 46 | MACOSX: 47 | 48 | NOTE: to run the macosx version you need to enable ipfw and divert 49 | sockets. 50 | 51 | 1) Make sure the following packages are installed: 52 | - gcc 53 | - autoconf 54 | 55 | 2) Run the following commands: 56 | $ autoconf -o configure configure-freebsd.ac 57 | $ ./configure 58 | $ make client_install_macosx 59 | 60 | WINDOWS [LINUX CROSS COMPILATION]: 61 | 62 | 1) Make sure the following packages are installed: 63 | - WinDivert [http://reqrypt.org/windivert.html] 64 | - mingw-w64 65 | - nsis 66 | - autoconf 67 | 68 | 2) Run the following commands: 69 | 70 | (32-bit version) 71 | $ autoconf -o configure configure-windows.ac 72 | $ ./configure --host=i686-w64-mingw32 'DIVERT=path/to/windivert/' 73 | $ make client_install_windows 74 | 75 | (64-bit version) 76 | $ autoconf -o configure configure-windows.ac 77 | $ ./configure --host=x86_64-w64-mingw32 'DIVERT=path/to/windivert/' 78 | $ make client_install_windows 79 | 80 | WINDOWS [NATIVE COMPILATION]: 81 | 82 | Note: This method cannot be used to build the 64-bit version. 83 | Note: This method is no longer supported, use Linux cross-compilation 84 | instead. 85 | 86 | 1) Make sure the following packages are installed: 87 | - WinDivert [http://reqrypt.org/windivert.html] 88 | - MinGW 89 | - MSYS 90 | - NSIS 91 | 92 | 2) Run the following commands: 93 | $ autoconf -o configure configure-windows.ac 94 | $ ./configure 'DIVERT=path/to/divert/' 95 | $ make client_install_windows 96 | 97 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile 2 | # (C) 2017, all rights reserved, 3 | # 4 | # This program is free software: you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation, either version 3 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | include cfg.mk 18 | 19 | client: 20 | (cd src; \ 21 | make clean; \ 22 | make -j 4 client) 23 | 24 | client32: 25 | (cd src; \ 26 | make clean; \ 27 | make -j 4 client32) 28 | 29 | client_windows: 30 | (cd src; \ 31 | make -f Makefile.windows clean; \ 32 | make -f Makefile.windows -j 4 install) 33 | 34 | server: 35 | (cd src; \ 36 | make clean; \ 37 | make -j 4 server) 38 | 39 | ctool: 40 | (cd src; \ 41 | make clean; \ 42 | make -j 4 ctool) 43 | 44 | client_install: client 45 | (cd src/tools; \ 46 | ./build_clientdeb.sh $(PACKAGE_NAME) $(PACKAGE_VERSION_SHORT); \ 47 | mv $(PACKAGE_NAME)_*.deb ../../) 48 | 49 | client_install32: client32 50 | (cd src/tools; \ 51 | ./build_clientdeb.sh $(PACKAGE_NAME) $(PACKAGE_VERSION_SHORT); \ 52 | mv $(PACKAGE_NAME)_*.deb ../../) 53 | 54 | client_install_freebsd: client 55 | (cd src; \ 56 | cp reqrypt ../$(CLIENT_PROG)-$(PACKAGE_VERSION_SHORT)-freebsd) 57 | 58 | client_install_macosx: client 59 | (cd src; \ 60 | cp reqrypt ../$(CLIENT_PROG)-$(PACKAGE_VERSION_SHORT)-macosx) 61 | 62 | client_install_windows: client_windows 63 | (cd src; \ 64 | mv $(PACKAGE_NAME)-install.exe \ 65 | ../$(CLIENT_PROG)-$(PACKAGE_VERSION_SHORT)-win$(BITS)-install.exe; \ 66 | mv $(PACKAGE_NAME)-files.zip \ 67 | ../$(CLIENT_PROG)-$(PACKAGE_VERSION_SHORT)-win$(BITS)-files.zip) 68 | 69 | server_install: server ctool 70 | (cd src/tools; \ 71 | ./build_serverdeb.sh $(PACKAGE_NAME) $(PACKAGE_VERSION_SHORT); \ 72 | mv $(PACKAGE_NAME)d_*.deb ../../) 73 | 74 | clean: 75 | (cd src; make clean; make -f Makefile.windows clean) 76 | rm -rf autom4te.cache cfg.mk config.log config.status configure 77 | 78 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # REQRYPT 2 | 3 | ReQrypt is a tool for tunneling and encrypting web browser requests to hide 4 | them from local (e.g. router-level, or ISP-level) snooping and interception. 5 | ReQrypt is useful for bypassing ISP-level URL censorship/filtering/logging 6 | systems. 7 | 8 | ReQrypt works very differently than other bypassing methods. ReQrypt is based 9 | on a technology known as "triangular routing". In a nutshell, ReQrypt works 10 | like this: 11 | 12 | 13 | (1) Tunneled request +----------------+ (2) Forwarded request 14 | +------------->| ReQrypt server |-------------+ 15 | | +----------------+ | 16 | | | 17 | | V 18 | +----------------+ +----------------+ 19 | | PC web browser |<----------------------------| Web server | 20 | +----------------+ +----------------+ 21 | (3) Web-page response 22 | 23 | Basically: 24 | 25 | 1. Your web browser issues a HTTP request to the web-server, which is 26 | encrypted and tunnelled to a ReQrypt server. 27 | 2. The ReQrypt server decrypts the tunneled packet, and forwards it to the 28 | web-server. 29 | 3. The web-server responds the HTTP request as if it came directly from your 30 | computer, and the web page response is sent back via the normal route. 31 | 32 | Ordinarily, the HTTP request is sent directly to the web server, unencrypted. 33 | This means it may be read and/or intercepted by a local eavesdropper, such as 34 | your ISP, workplace, or shared family router. However, with ReQrypt the 35 | outgoing HTTP requests are encrypted and tunneled, rendering them unreadable 36 | to any local eavesdropper. 37 | 38 | ReQrypt is effective against systems that only attack outbound HTTP requests 39 | only, and ignore inbound HTTP responses. Such systems are very common is 40 | ISP-level censorship and logging systems, since processing URL traffic (HTTP 41 | requests) is significantly easier than processing web page responses. 42 | 43 | Finally, unlike proxies, VPNs, Tor, etc., ReQrypt is not an anonymity tool. 44 | It does not change the IP address of the tunneled packet. This can be a good 45 | thing: it means the web responses are sent directly to your PC which means 46 | ReQrypt is typically faster than these other systems. 47 | 48 | # LICENSE 49 | 50 | This package is distributed under the GNU Public License (GPL) Version 3. 51 | 52 | Please note the following: 53 | 54 | This program is free software: you can redistribute it and/or modify 55 | it under the terms of the GNU General Public License as published by 56 | the Free Software Foundation, either version 3 of the License, or 57 | (at your option) any later version. 58 | 59 | This program is distributed in the hope that it will be useful, 60 | but WITHOUT ANY WARRANTY; without even the implied warranty of 61 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 62 | GNU General Public License for more details. 63 | 64 | You should have received a copy of the GNU General Public License 65 | along with this program. If not, see http://www.gnu.org/licenses/ 66 | 67 | # COPYRIGHT 68 | 69 | (C) 2018, basil00, all rights reserved. 70 | 71 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 1.4.1 2 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # build.sh 3 | # (C) 2018, all rights reserved, 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | if [ "`uname -s`" != "Linux" ] 19 | then 20 | echo "$0: error: this build script is only for Linux" >&2 21 | exit 1 22 | fi 23 | 24 | DIVERT= 25 | while getopts "hd:" OPTION 26 | do 27 | case $OPTION in 28 | d) DIVERT=$OPTARG;; 29 | ?) echo "usage: $0 [-h] [-d ]" >&2 30 | exit 1;; 31 | esac 32 | done 33 | 34 | set -e 35 | set -x 36 | 37 | # Build Linux 64/32-bit 38 | rm -rf autom4te.cache cfg.mk config.log config.status configure 39 | autoconf 40 | ./configure 41 | make client_install 42 | # make client_install32 43 | make server_install 44 | 45 | # Build Windows 64/32-bit 46 | DIVERT_VERSION=WinDivert-1.4.3-A 47 | set +x 48 | if [ "$DIVERT" = "" ] 49 | then 50 | if [ ! -d "$DIVERT_VERSION/" ] 51 | then 52 | wget https://reqrypt.org/download/$DIVERT_VERSION.zip 53 | unzip $DIVERT_VERSION.zip 54 | set -x 55 | if [ ! -d "$DIVERT_VERSION/" ] 56 | then 57 | echo "$0: unable to download divert package; cannot build \ 58 | windows client" 1>&2 59 | exit 1 60 | fi 61 | fi 62 | DIVERT=$DIVERT_VERSION/ 63 | fi 64 | set -x 65 | 66 | rm -rf autom4te.cache cfg.mk config.log config.status configure 67 | autoconf -o configure configure-windows.ac 68 | ./configure --host=i686-w64-mingw32 "DIVERT=$DIVERT" 69 | make client_install_windows 70 | ./configure --host=x86_64-w64-mingw32 "DIVERT=$DIVERT" 71 | make client_install_windows 72 | 73 | -------------------------------------------------------------------------------- /cfg.mk.in: -------------------------------------------------------------------------------- 1 | ROOT = "@ROOT@" 2 | TOOLS = "@ROOT@/tools/" 3 | PLATFORM = @PLATFORM@ 4 | CLIENT_PROG = @PACKAGE_NAME@ 5 | SERVER_PROG = @PACKAGE_NAME@d 6 | CTOOL_PROG = @PACKAGE_NAME@d_tool 7 | PACKAGE_NAME = @PACKAGE_NAME@ 8 | PACKAGE_NAME_LONG = @PACKAGE_NAME_LONG@ 9 | PACKAGE_VERSION = @PACKAGE_VERSION@ 10 | PACKAGE_VERSION_SHORT = @PACKAGE_VERSION_SHORT@ 11 | BITS = @BITS@ 12 | ARCH = @ARCH@ 13 | CC = @CC@ 14 | CLIENT_CFLAGS = -DCLIENT -D@PLATFORM_CAPS@ -maes -Wall -O2 -I "@ROOT@/src/" 15 | SERVER_CFLAGS = -DSERVER -DLINUX -Wall -maes -O2 -I "@ROOT@/src/" 16 | CTOOL_CFLAGS = -DTOOL -DLINUX -Wall -maes -O2 -I "@ROOT@/src/" 17 | CLIENT_DEBUG_CFLAGS = -DCLIENT -D@PLATFORM_CAPS@ -DDEBUG -maes -Wall -O0 -g \ 18 | -I "@ROOT@/src/" 19 | SERVER_DEBUG_CFLAGS = -DSERVER -DLINUX -DDEBUG -maes -Wall -O0 -g \ 20 | -I "@ROOT@/src/" 21 | CTOOL_DEBUG_CFLAGS = -DTOOL -DLINUX -DDEBUG -maes -Wall -O0 -g -I "@ROOT@/src/" 22 | CLIENT_CLIBS = -lpthread 23 | SERVER_CLIBS = -lgmp -lpthread 24 | CTOOL_CLIBS = -lssl -lcrypto 25 | 26 | # Windows: 27 | WDK_PATH = @WDK_PATH@ 28 | WDK_WINPATH = @WDK_WINPATH@ 29 | WINDRES_PATH = @WINDRES_PATH@ 30 | NSIS_PATH = @NSIS_PATH@ 31 | CROSS = @CROSS@ 32 | DIVERT_ROOT = @DIVERT_ROOT@ 33 | -------------------------------------------------------------------------------- /configure-freebsd.ac: -------------------------------------------------------------------------------- 1 | # configure.ac 2 | # (C) 2018, all rights reserved, 3 | # 4 | # This program is free software: you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation, either version 3 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | AC_INIT(reqrypt, 0) 18 | AC_SUBST(PACKAGE_NAME_LONG, "ReQrypt") 19 | AC_SUBST(PACKAGE_VERSION, `cat VERSION`) 20 | AC_SUBST(PACKAGE_VERSION_SHORT, `cat VERSION`) 21 | 22 | error=no 23 | 24 | AC_PROG_CC([], [true], [error=yes]) 25 | AC_PROG_CC_C99 26 | 27 | if test "$ac_cv_prog_cc_c99" = "no" 28 | then 29 | AC_MSG_NOTICE([*** compiler does not support C99.]) 30 | error=yes 31 | fi 32 | 33 | AC_CHECK_HEADER(pthread.h, [true], [error=yes]) 34 | 35 | if test "$error" = "yes" 36 | then 37 | AC_MSG_NOTICE([*** correct the above errors first ***]) 38 | exit 1; 39 | fi 40 | 41 | case `uname -m` in 42 | i?86) 43 | AC_SUBST(BITS, 32) 44 | AC_SUBST(ARCH, x86) 45 | ;; 46 | *) 47 | AC_SUBST(BITS, 64) 48 | AC_SUBST(ARCH, x86_64) 49 | ;; 50 | esac 51 | 52 | case `uname -s` in 53 | Darwin) 54 | AC_SUBST(PLATFORM_CAPS, MACOSX) 55 | AC_SUBST(PLATFORM, macosx) 56 | ;; 57 | *) 58 | AC_SUBST(PLATFORM_CAPS, FREEBSD) 59 | AC_SUBST(PLATFORM, freebsd) 60 | ;; 61 | esac 62 | 63 | AC_SUBST(ROOT, `pwd`) 64 | 65 | AC_OUTPUT([cfg.mk src/cfg.h]) 66 | 67 | -------------------------------------------------------------------------------- /configure-windows.ac: -------------------------------------------------------------------------------- 1 | # configure-windows-cross.ac 2 | # (C) 2018, all rights reserved, 3 | # 4 | # This program is free software: you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation, either version 3 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | AC_INIT(reqrypt, 0) 18 | AC_SUBST(PACKAGE_NAME_LONG, "ReQrypt") 19 | AC_SUBST(PACKAGE_VERSION, `cat VERSION`) 20 | AC_SUBST(PACKAGE_VERSION_SHORT, `cat VERSION`) 21 | 22 | error=no 23 | 24 | AC_PROG_CC([], [true], [error=yes]) 25 | AC_PROG_CC_C99 26 | 27 | if test "$ac_cv_prog_cc_c99" = "no" 28 | then 29 | AC_MSG_NOTICE([*** compiler does not support C99.]) 30 | error=yes 31 | fi 32 | 33 | if test -d 'C:/Program Files/NSIS/' 34 | then 35 | export PATH=$PATH:'/c/Program Files/NSIS/' 36 | elif test -d 'C:/Program Files (x86)/NSIS/' 37 | then 38 | export PATH=$PATH:'/c/Program Files (x86)/NSIS/' 39 | fi 40 | 41 | AC_PATH_PROG([NSIS_PATH], [makensis], [no]) 42 | if test "$NSIS_PATH" = "no" 43 | then 44 | AC_MSG_NOTICE([*** NSIS is not installed.]) 45 | error=yes 46 | fi 47 | 48 | AC_PATH_TOOL([WINDRES_PATH], [windres], [no]) 49 | if test "$WINDRES_PATH" = "no" 50 | then 51 | AC_MSG_NOTICE([*** windres command not found.]) 52 | error=yes 53 | fi 54 | 55 | if test "$DIVERT" = "" 56 | then 57 | DIVERT="./" 58 | fi 59 | DIV=windiv # Anything called 'divert' seems to break autoconf 60 | ERT=ert 61 | DIVERT_WORD=$DIV$ERT 62 | DIVERT_NAME=WinDivert 63 | 64 | AC_MSG_CHECKING([for $DIVERT_NAME files]) 65 | 66 | if test -e $DIVERT/x86/${DIVERT_NAME}32.sys -a \ 67 | -e $DIVERT/x86/$DIVERT_NAME.dll -a \ 68 | -e $DIVERT/x86_64/${DIVERT_NAME}64.sys -a \ 69 | -e $DIVERT/x86_64/$DIVERT_NAME.dll -a \ 70 | -e $DIVERT/include/$DIVERT_WORD.h 71 | then 72 | AC_MSG_RESULT([yes]) 73 | else 74 | AC_MSG_RESULT([no]) 75 | AC_MSG_NOTICE([*** $DIVERT_NAME files not found.]) 76 | error=yes 77 | fi 78 | 79 | if test "$error" = "yes" 80 | then 81 | AC_MSG_NOTICE([*** correct the above errors first ***]) 82 | exit 1; 83 | fi 84 | 85 | case "$host" in 86 | amd64-*) 87 | AC_SUBST(BITS, 64) 88 | AC_SUBST(ARCH, x86_64) 89 | ;; 90 | x86_64-*) 91 | AC_SUBST(BITS, 64) 92 | AC_SUBST(ARCH, x86_64) 93 | ;; 94 | *) 95 | AC_SUBST(BITS, 32) 96 | AC_SUBST(ARCH, x86) 97 | ;; 98 | esac 99 | 100 | AC_SUBST(ROOT, `pwd`) 101 | AC_SUBST(PLATFORM_CAPS, WINDOWS) 102 | AC_SUBST(PLATFORM, windows) 103 | AC_SUBST(CROSS, yes) 104 | AC_SUBST(DIVERT_ROOT, `pwd`/$DIVERT) 105 | 106 | AC_OUTPUT([cfg.mk src/cfg.h src/windows/install/install.nsi]) 107 | 108 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | # configure.ac 2 | # (C) 2018, all rights reserved, 3 | # 4 | # This program is free software: you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation, either version 3 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | AC_INIT(reqrypt, 0) 18 | AC_SUBST(PACKAGE_NAME_LONG, "ReQrypt") 19 | AC_SUBST(PACKAGE_VERSION, `cat VERSION`) 20 | AC_SUBST(PACKAGE_VERSION_SHORT, `cat VERSION`) 21 | 22 | error=no 23 | server=yes 24 | 25 | AC_PROG_CC([], [true], [error=yes]) 26 | AC_PROG_CC_C99 27 | 28 | if test "$ac_cv_prog_cc_c99" = "no" 29 | then 30 | AC_MSG_NOTICE([*** compiler does not support C99.]) 31 | error=yes 32 | fi 33 | 34 | AC_CHECK_FILE(/usr/include/linux/netfilter.h, [true], [error=yes]) 35 | AC_CHECK_FILE(/usr/include/linux/netfilter/nfnetlink.h, [true], [error=yes]) 36 | AC_CHECK_FILE(/usr/include/linux/netfilter/nfnetlink_queue.h, [true], 37 | [error=yes]) 38 | AC_CHECK_FILE(/usr/include/linux/netlink.h, [true], [error=yes]) 39 | AC_CHECK_HEADER(pthread.h, [true], [error=yes]) 40 | AC_CHECK_HEADER(gmp.h, [true], [server=no]) 41 | AC_CHECK_HEADER(openssl/rsa.h, [true], [server=no]) 42 | 43 | if test "$error" = "yes" 44 | then 45 | AC_MSG_NOTICE([*** correct the above errors first ***]) 46 | exit 1; 47 | fi 48 | 49 | if test "$server" = "no" 50 | then 51 | AC_MSG_NOTICE([*** WARNING: missing SSL or GMP -- cannot build server ***]) 52 | fi 53 | 54 | case `uname -m` in 55 | i?86) 56 | AC_SUBST(BITS, 32) 57 | AC_SUBST(ARCH, x86) 58 | ;; 59 | *) 60 | AC_SUBST(BITS, 64) 61 | AC_SUBST(ARCH, x86_64) 62 | ;; 63 | esac 64 | 65 | AC_SUBST(ROOT, `pwd`) 66 | AC_SUBST(PLATFORM_CAPS, LINUX) 67 | AC_SUBST(PLATFORM, linux) 68 | 69 | AC_OUTPUT([cfg.mk src/cfg.h src/tools/init.d.sh]) 70 | 71 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile 2 | # (C) 2013, all rights reserved, 3 | # 4 | # This program is free software: you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation, either version 3 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | include ../cfg.mk 18 | 19 | CLIENT_OBJS = \ 20 | base64.o \ 21 | client.o \ 22 | checksum.o \ 23 | cktp_client.o \ 24 | cktp_common.o \ 25 | cktp_encoding.o \ 26 | cktp_url.o \ 27 | config.o \ 28 | encodings/aes.o \ 29 | encodings/aes_hardware.o \ 30 | encodings/crypt.o \ 31 | encodings/pad.o \ 32 | encodings/natural.o \ 33 | http_server.o \ 34 | install.o \ 35 | log.o \ 36 | options.o \ 37 | packet.o \ 38 | packet_dispatch.o \ 39 | packet_filter.o \ 40 | packet_protocol.o \ 41 | packet_track.o \ 42 | random.o \ 43 | tunnel.o \ 44 | $(PLATFORM)/capture.o \ 45 | $(PLATFORM)/misc.o 46 | 47 | SERVER_OBJS = \ 48 | base64.o \ 49 | checksum.o \ 50 | config.o \ 51 | cktp_common.o \ 52 | cktp_encoding.o \ 53 | cktp_server.o \ 54 | cktp_url.o \ 55 | encodings/aes.o \ 56 | encodings/aes_hardware.o \ 57 | encodings/crypt.o \ 58 | encodings/pad.o \ 59 | linux/misc.o \ 60 | quota.o \ 61 | random.o \ 62 | server.o \ 63 | server_table.o 64 | 65 | CTOOL_OBJS = \ 66 | base64.o \ 67 | encodings/aes.o \ 68 | encodings/aes_hardware.o \ 69 | encodings/crypt.o 70 | 71 | client: CFLAGS = $(CLIENT_CFLAGS) 72 | client: CLIBS = $(CLIENT_CLIBS) 73 | client: $(CLIENT_OBJS) http_data.c install_data.c 74 | $(CC) -o $(CLIENT_PROG) $(CLIENT_OBJS) $(CLIBS) 75 | strip $(CLIENT_PROG) 76 | 77 | client32: CC := $(CC) -m32 78 | client32: client 79 | 80 | encodings/natural.o: CFLAGS = $(CLIENT_CFLAGS) -O3 81 | encodings/aes_hardware.o: CFLAGS = $(CLIENT_CFLAGS) -maes -mssse3 \ 82 | -flax-vector-conversions 83 | 84 | client_cap: client 85 | sudo setcap cap_net_raw,cap_net_admin,cap_setgid,cap_setuid=ep \ 86 | $(CLIENT_PROG) 87 | 88 | client_suid: client 89 | sudo chmod +s $(CLIENT_PROG) 90 | sudo chown 0:0 $(CLIENT_PROG) 91 | 92 | client_debug: CFLAGS = $(CLIENT_DEBUG_CFLAGS) 93 | client_debug: CLIBS = $(CLIENT_CLIBS) 94 | client_debug: $(CLIENT_OBJS) http_data.c 95 | $(CC) -o $(CLIENT_PROG) $(CLIENT_OBJS) $(CLIBS) 96 | mv $(CLIENT_PROG) $(CLIENT_PROG).debug 97 | 98 | $(CLIENT_PROG): client 99 | 100 | http_data.c: ui/* tools/file2c 101 | (cd ui/; ../tools/file2c * > ../http_data.c) 102 | install_data.c: install/* tools/file2c 103 | (cd install/; ../tools/file2c * > ../install_data.c) 104 | 105 | http_server.o: http_data.c 106 | install.o: install_data.c 107 | 108 | server: CFLAGS = $(SERVER_CFLAGS) 109 | server: CLIBS = $(SERVER_CLIBS) 110 | server: $(SERVER_OBJS) 111 | $(CC) -o $(SERVER_PROG) $(SERVER_OBJS) $(CLIBS) 112 | strip $(SERVER_PROG) 113 | 114 | server_debug: CFLAGS = $(SERVER_DEBUG_CFLAGS) 115 | server_debug: CLIBS = $(SERVER_CLIBS) 116 | server_debug: $(SERVER_OBJS) 117 | $(CC) -o $(SERVER_PROG) $(SERVER_OBJS) $(CLIBS) 118 | 119 | $(SERVER_PROG): server 120 | 121 | ctool: CFLAGS = $(CTOOL_CFLAGS) -Wno-unused-function 122 | ctool: CLIBS = $(CTOOL_CLIBS) 123 | ctool: $(CTOOL_OBJS) 124 | $(CC) -o $(CTOOL_PROG) $(CTOOL_OBJS) $(CLIBS) 125 | strip $(CTOOL_PROG) 126 | 127 | ctool_debug: CFLAGS = $(CTOOL_DEBUG_CFLAGS) 128 | ctool_debug: CLIBS = $(CTOOL_CLIBS) 129 | ctool_debug: $(CTOOL_OBJS) 130 | $(CC) -o $(CTOOL_PROG) $(CTOOL_OBJS) $(CLIBS) 131 | 132 | clean: 133 | rm -f $(CLIENT_OBJS) $(SERVER_OBJS) http_data.c install_data.c tools/file2c 134 | 135 | -------------------------------------------------------------------------------- /src/Makefile.windows: -------------------------------------------------------------------------------- 1 | # Makefile.windows 2 | # (C) 2018, all rights reserved, 3 | # 4 | # This program is free software: you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation, either version 3 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | include ../cfg.mk 18 | 19 | PWD = $(shell echo %CD%) 20 | 21 | OBJS = \ 22 | base64.obj \ 23 | checksum.obj \ 24 | client.obj \ 25 | cktp_client.obj \ 26 | cktp_common.obj \ 27 | cktp_encoding.obj \ 28 | cktp_url.obj \ 29 | config.obj \ 30 | encodings/aes.obj \ 31 | encodings/aes_hardware.obj \ 32 | encodings/crypt.obj \ 33 | encodings/pad.obj \ 34 | encodings/natural.obj \ 35 | http_server.obj \ 36 | install.obj \ 37 | log.obj \ 38 | options.obj \ 39 | packet.obj \ 40 | packet_dispatch.obj \ 41 | packet_filter.obj \ 42 | packet_protocol.obj \ 43 | packet_track.obj \ 44 | random.obj \ 45 | tunnel.obj \ 46 | $(PLATFORM)/capture.obj \ 47 | $(PLATFORM)/misc.obj \ 48 | $(PLATFORM)/resources.obj 49 | 50 | client: CFLAGS = $(CLIENT_CFLAGS) -I$(DIVERT_ROOT)/include/ -mno-ms-bitfields 51 | client: CLIBS = -lws2_32 -lkernel32 -lWinDivert -L$(DIVERT_ROOT)/$(ARCH)/ 52 | client: $(OBJS) 53 | $(CC) -o $(CLIENT_PROG).exe $(OBJS) -Wl,-subsystem,windows $(CLIBS) 54 | strip $(CLIENT_PROG).exe 55 | 56 | $(PLATFORM)/resources.obj: $(PLATFORM)/resources.rc 57 | (cd $(PLATFORM); $(WINDRES_PATH) resources.rc resources.obj) 58 | 59 | %.obj: %.c http_data.c install_data.c 60 | $(CC) $(CFLAGS) -o $@ -c $< 61 | 62 | encodings/natural.obj: CFLAGS = $(CLIENT_CFLAGS) -O3 -mno-ms-bitfields 63 | encodings/aes_hardware.obj: CFLAGS = $(CLIENT_CFLAGS) -maes -mssse3 \ 64 | -flax-vector-conversions -mno-ms-bitfields 65 | 66 | http_data.c: ui/* tools/file2c.exe 67 | (cd ui/; ../tools/file2c.exe * > ../http_data.c) 68 | install_data.c: install/* tools/file2c.exe 69 | (cd install/; ../tools/file2c.exe * > ../install_data.c) 70 | 71 | ifeq ($(CROSS),yes) 72 | tools/file2c.exe: CC := gcc --std=c99 73 | endif 74 | tools/file2c.exe: tools/file2c.c 75 | $(CC) $(CLIENT_CFLAGS) -o $@ $< 76 | 77 | install: client 78 | cp "$(DIVERT_ROOT)/x86/WinDivert32.sys" \ 79 | "$(ROOT)/src/$(PLATFORM)/install/WinDivert32.sys" 80 | cp "$(DIVERT_ROOT)/x86_64/WinDivert64.sys" \ 81 | "$(ROOT)/src/$(PLATFORM)/install/WinDivert64.sys" 82 | cp "$(DIVERT_ROOT)/$(ARCH)/WinDivert.dll" \ 83 | "$(ROOT)/src/$(PLATFORM)/install/WinDivert.dll" 84 | cp "$(ROOT)/src/$(CLIENT_PROG).exe" \ 85 | "$(ROOT)/src/$(PLATFORM)/install/$(CLIENT_PROG).exe" 86 | cp "$(ROOT)/src/$(PLATFORM)/manifest.xml" \ 87 | "$(ROOT)/src/$(PLATFORM)/install/$(CLIENT_PROG).exe.manifest" 88 | (cd $(ROOT)/src/$(PLATFORM)/install/; \ 89 | "$(NSIS_PATH)" install.nsi) 90 | (cd $(ROOT)/src/$(PLATFORM)/install/; \ 91 | zip -r $(PACKAGE_NAME)-files.zip WinDivert32.sys WinDivert64.sys \ 92 | WinDivert.dll $(CLIENT_PROG).exe $(CLIENT_PROG).exe.manifest) 93 | cp "$(ROOT)/src/$(PLATFORM)/install/$(PACKAGE_NAME)-install.exe" \ 94 | "$(ROOT)/src/" 95 | cp "$(ROOT)/src/$(PLATFORM)/install/$(PACKAGE_NAME)-files.zip" \ 96 | "$(ROOT)/src/" 97 | 98 | clean: 99 | rm -f $(OBJS) http_data.c install_data.c tools/file2c.exe 100 | rm -f $(PLATFORM)/install/$(PACKAGE_NAME)* \ 101 | $(PLATFORM)/install/divert.* \ 102 | $(PLATFORM)/install/WdfCoInstaller01009.dll 103 | 104 | -------------------------------------------------------------------------------- /src/base64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * base64.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "base64.h" 25 | 26 | /* 27 | * Read 8-bits. 28 | */ 29 | static uint8_t read_bits(const uint8_t *data, size_t idx) 30 | { 31 | size_t idx_base = idx / 8; 32 | size_t idx_off = idx % 8; 33 | return 0x3F & 34 | ((data[idx_base] >> idx_off) | (data[idx_base+1] << (8 - idx_off))); 35 | } 36 | 37 | /* 38 | * Write 8-bits. 39 | */ 40 | static void write_bits(uint8_t *data, size_t idx, uint8_t val) 41 | { 42 | size_t idx_base = idx / 8; 43 | size_t idx_off = idx % 8; 44 | data[idx_base] = (data[idx_base] & (0xFF >> (8 - idx_off))) | 45 | (val << idx_off); 46 | data[idx_base+1] = val >> (8 - idx_off); 47 | } 48 | 49 | /* 50 | * Convert a 6-bit number to a base64 digit. 51 | */ 52 | static char base64_todigit(uint8_t val) 53 | { 54 | val &= 0x3F; 55 | if (val < 10) 56 | { 57 | return val + '0'; 58 | } 59 | val -= 10; 60 | if (val < 26) 61 | { 62 | return val + 'a'; 63 | } 64 | val -= 26; 65 | if (val < 26) 66 | { 67 | return val + 'A'; 68 | } 69 | val -= 26; 70 | if (val == 0) 71 | { 72 | return '-'; 73 | } 74 | if (val == 1) 75 | { 76 | return '='; 77 | } 78 | return EOF; 79 | } 80 | 81 | /* 82 | * Convert a base64 digit to a 6-bit integer. 83 | */ 84 | static uint8_t base64_fromdigit(char dig) 85 | { 86 | if (dig >= '0' && dig <= '9') 87 | { 88 | return dig - '0'; 89 | } 90 | if (dig >= 'a' && dig <= 'z') 91 | { 92 | return dig - 'a' + 10; 93 | } 94 | if (dig >= 'A' && dig <= 'Z') 95 | { 96 | return dig - 'A' + 10 + 26; 97 | } 98 | if (dig == '-') 99 | { 100 | return 0x3E; 101 | } 102 | if (dig == '=') 103 | { 104 | return 0x3F; 105 | } 106 | return (uint8_t)EOF; 107 | } 108 | 109 | /* 110 | * Encode data as base64. 111 | */ 112 | size_t base64_encode(const uint8_t *in, size_t insize, char *out) 113 | { 114 | size_t outsize = (insize*8 - 1) / 6 + 1; 115 | for (size_t i = 0; i < outsize; i++) 116 | { 117 | uint8_t val = read_bits(in, 6 * i); 118 | out[i] = base64_todigit(val); 119 | } 120 | return outsize; 121 | } 122 | 123 | /* 124 | * Decode base64 data. 125 | */ 126 | size_t base64_decode(const char *in, size_t insize, uint8_t *out) 127 | { 128 | for (size_t i = 0; i < insize; i++) 129 | { 130 | uint8_t val = base64_fromdigit(in[i]); 131 | if (val == (uint8_t)EOF) 132 | { 133 | return (size_t)-1; 134 | } 135 | write_bits(out, i*6, val); 136 | } 137 | return (6*insize - 1) / 8 + 1; 138 | } 139 | 140 | -------------------------------------------------------------------------------- /src/base64.h: -------------------------------------------------------------------------------- 1 | /* 2 | * base64.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __BASE64_H 20 | #define __BASE64_H 21 | 22 | #include 23 | #include 24 | 25 | /* 26 | * Prototypes. 27 | */ 28 | size_t base64_encode(const uint8_t *in, size_t insize, char *out); 29 | size_t base64_decode(const char *in, size_t insize, uint8_t *out); 30 | 31 | #endif /* __BASE64_H */ 32 | -------------------------------------------------------------------------------- /src/capture.h: -------------------------------------------------------------------------------- 1 | /* 2 | * capture.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CAPTURE_H 20 | #define __CAPTURE_H 21 | 22 | #include 23 | #include 24 | 25 | /* 26 | * Prototypes. 27 | */ 28 | void init_capture(void); 29 | size_t get_packet(uint8_t *buff, size_t size); 30 | void inject_packet(uint8_t *buff, size_t size); 31 | 32 | #endif /* __CAPTURE_H */ 33 | -------------------------------------------------------------------------------- /src/cfg.h.in: -------------------------------------------------------------------------------- 1 | /* 2 | * cfg.h.in 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CFG_H 20 | #define __CFG_H 21 | 22 | /* 23 | * The name of the package. 24 | */ 25 | #define PACKAGE_NAME "@PACKAGE_NAME@" 26 | 27 | /* 28 | * The name of the program. 29 | */ 30 | #ifdef CLIENT 31 | #define PROGRAM_NAME PACKAGE_NAME 32 | #endif /* CLIENT */ 33 | 34 | #if defined(SERVER) || defined(TOOL) 35 | #define PROGRAM_NAME "@PACKAGE_NAME@d" 36 | #endif /* SERVER */ 37 | 38 | /* 39 | * The human readable name of the program. 40 | */ 41 | #define PROGRAM_NAME_LONG "@PACKAGE_NAME_LONG@" 42 | 43 | /* 44 | * The program's version. 45 | */ 46 | #define PROGRAM_VERSION "@PACKAGE_VERSION@" 47 | 48 | /* 49 | * The program's platform. 50 | */ 51 | #define PLATFORM "@PLATFORM@" 52 | 53 | /* 54 | * 32-bit vs. 64-bit? 55 | */ 56 | #define BITS @BITS@ 57 | 58 | /* 59 | * The program's working directory. 60 | */ 61 | #ifdef CLIENT 62 | #ifdef WINDOWS 63 | #define PROGRAM_DIR "C:\\Program Files\\" PROGRAM_NAME_LONG "\\" 64 | #else /* WINDOWS */ 65 | #define PROGRAM_DIR "." PROGRAM_NAME 66 | #endif /* WINDOWS */ 67 | #endif /* CLIENT */ 68 | 69 | #if defined(SERVER) || defined(TOOL) 70 | #define PROGRAM_DIR "/etc/" PROGRAM_NAME "/" 71 | #endif /* SERVER */ 72 | 73 | /* 74 | * The default UI port. 75 | */ 76 | #define PROGRAM_UI_PORT 40404 77 | 78 | /* 79 | * size_t format. 80 | */ 81 | #ifdef WINDOWS 82 | #if BITS == 32 83 | #define SIZE_T_FMT "%u" 84 | #else /* BITS == 32 */ 85 | #define SIZE_T_FMT "%Iu" 86 | #endif /* BITS == 32 */ 87 | #else /* WINDOWS */ 88 | #define SIZE_T_FMT "%zu" 89 | #endif /* WINDOWS */ 90 | 91 | /* 92 | * Main function name. 93 | */ 94 | #ifdef WINDOWS 95 | #define MAIN client_main 96 | #else /* WINDOWS */ 97 | #define MAIN main 98 | #endif /* WINDOWS */ 99 | 100 | /* 101 | * MACOSX is really FREEBSD 102 | */ 103 | #ifdef MACOSX 104 | #define FREEBSD 105 | #endif /* MACOSX */ 106 | 107 | #endif /* __CFG_H */ 108 | -------------------------------------------------------------------------------- /src/checksum.c: -------------------------------------------------------------------------------- 1 | /* 2 | * checksum.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | 22 | #include "checksum.h" 23 | #include "socket.h" 24 | 25 | /* 26 | * Prototypes. 27 | */ 28 | static uint16_t checksum(const void *pseudo_header, size_t pseudo_header_size, 29 | const void *data, size_t size); 30 | static uint16_t tcp_udp_checksum(struct iphdr *ip_header); 31 | 32 | /* 33 | * Calculate a checksum. 34 | */ 35 | static uint16_t checksum(const void *pseudo_header, size_t pseudo_header_size, 36 | const void *data, size_t size) 37 | { 38 | register const uint16_t *data16 = (const uint16_t *)pseudo_header; 39 | register size_t len16 = pseudo_header_size >> 1; 40 | register uint32_t sum = 0; 41 | size_t i; 42 | 43 | // Pseudo header: 44 | for (i = 0; i < len16; i++) 45 | { 46 | sum += (uint32_t)data16[i]; 47 | } 48 | 49 | // Main data: 50 | data16 = (const uint16_t *)data; 51 | len16 = size >> 1; 52 | for (i = 0; i < len16; i++) 53 | { 54 | sum += (uint32_t)data16[i]; 55 | } 56 | 57 | if (size & 0x1) 58 | { 59 | const uint8_t *data8 = (const uint8_t *)data; 60 | sum += (uint16_t)data8[size-1]; 61 | } 62 | 63 | sum = (sum & 0xFFFF) + (sum >> 16); 64 | sum += (sum >> 16); 65 | sum = ~sum; 66 | return (uint16_t)sum; 67 | } 68 | 69 | /* 70 | * IPv4 checksum. 71 | */ 72 | extern uint16_t ip_checksum(struct iphdr *ip_header) 73 | { 74 | return checksum(NULL, 0, ip_header, ip_header->ihl*sizeof(uint32_t)); 75 | } 76 | 77 | /* 78 | * TCP (IPv4) checksum. 79 | */ 80 | extern uint16_t tcp_checksum(struct iphdr *ip_header) 81 | { 82 | return tcp_udp_checksum(ip_header); 83 | } 84 | 85 | /* 86 | * UDP (IPv4) checksum. 87 | */ 88 | extern uint16_t udp_checksum(struct iphdr *ip_header) 89 | { 90 | return tcp_udp_checksum(ip_header); 91 | } 92 | 93 | /* 94 | * TCP/UDP (IPv4) checksum. 95 | */ 96 | static uint16_t tcp_udp_checksum(struct iphdr *ip_header) 97 | { 98 | struct 99 | { 100 | uint32_t saddr; 101 | uint32_t daddr; 102 | uint8_t zeros; 103 | uint8_t protocol; 104 | uint16_t tcp_size; 105 | } __attribute__((__packed__)) pseudo_header; 106 | 107 | size_t ip_header_size = ip_header->ihl*sizeof(uint32_t); 108 | size_t tcp_size = ntohs(ip_header->tot_len) - ip_header_size; 109 | 110 | pseudo_header.saddr = ip_header->saddr; 111 | pseudo_header.daddr = ip_header->daddr; 112 | pseudo_header.zeros = 0x0; 113 | pseudo_header.protocol = IPPROTO_TCP; 114 | pseudo_header.tcp_size = htons(tcp_size); 115 | 116 | struct tcphdr *tcp_header = (struct tcphdr *)((const uint8_t *)ip_header + 117 | ip_header_size); 118 | 119 | return checksum(&pseudo_header, sizeof(pseudo_header), tcp_header, 120 | tcp_size); 121 | } 122 | 123 | /* 124 | * ICMP (IPv4) checksum. 125 | */ 126 | extern uint16_t icmp_checksum(struct icmphdr *icmp_header, size_t size) 127 | { 128 | return checksum(NULL, 0, icmp_header, size); 129 | } 130 | 131 | -------------------------------------------------------------------------------- /src/checksum.h: -------------------------------------------------------------------------------- 1 | /* 2 | * checksum.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CHECKSUM_H 20 | #define __CHECKSUM_H 21 | 22 | #include 23 | 24 | #include "socket.h" 25 | 26 | extern uint16_t ip_checksum(struct iphdr *ip_header); 27 | extern uint16_t tcp_checksum(struct iphdr *ip_header); 28 | extern uint16_t udp_checksum(struct iphdr *ip_header); 29 | extern uint16_t icmp_checksum(struct icmphdr *icmp_header, size_t size); 30 | 31 | #endif /* __CHECKSUM_H */ 32 | -------------------------------------------------------------------------------- /src/cktp_client.h: -------------------------------------------------------------------------------- 1 | /* 2 | * cktp_client.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CKTP_CLIENT_H 20 | #define __CKTP_CLIENT_H 21 | 22 | #include 23 | #include 24 | 25 | /* 26 | * An open CKTP tunnel. 27 | */ 28 | typedef struct cktp_tunnel_s *cktp_tunnel_t; 29 | #define CKTP_TUNNEL_NULL ((cktp_tunnel_t)NULL) 30 | 31 | /* 32 | * Prototypes. 33 | */ 34 | cktp_tunnel_t cktp_open_tunnel(const char *url); 35 | void cktp_close_tunnel(cktp_tunnel_t tunnel); 36 | uint16_t cktp_tunnel_get_mtu(cktp_tunnel_t tunnel, uint16_t mtu); 37 | bool cktp_tunnel_timeout(cktp_tunnel_t tunnel, uint64_t currtime); 38 | void cktp_tunnel_packet(cktp_tunnel_t tunnel, const uint8_t *packet); 39 | void cktp_fragmentation_required(cktp_tunnel_t tunnel, uint16_t mtu, 40 | const uint8_t *packet); 41 | 42 | #endif /* __CKTP_CLIENT_H */ 43 | -------------------------------------------------------------------------------- /src/cktp_common.c: -------------------------------------------------------------------------------- 1 | /* 2 | * cktp_common.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include "cktp.h" 20 | #include "cktp_common.h" 21 | 22 | /* 23 | * Table for CRC16 0x1021 24 | */ 25 | static uint16_t crc16_table[256] = 26 | { 27 | 0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50A5, 0x60C6, 0x70E7, 0x8108, 28 | 0x9129, 0xA14A, 0xB16B, 0xC18C, 0xD1AD, 0xE1CE, 0xF1EF, 0x1231, 0x0210, 29 | 0x3273, 0x2252, 0x52B5, 0x4294, 0x72F7, 0x62D6, 0x9339, 0x8318, 0xB37B, 30 | 0xA35A, 0xD3BD, 0xC39C, 0xF3FF, 0xE3DE, 0x2462, 0x3443, 0x0420, 0x1401, 31 | 0x64E6, 0x74C7, 0x44A4, 0x5485, 0xA56A, 0xB54B, 0x8528, 0x9509, 0xE5EE, 32 | 0xF5CF, 0xC5AC, 0xD58D, 0x3653, 0x2672, 0x1611, 0x0630, 0x76D7, 0x66F6, 33 | 0x5695, 0x46B4, 0xB75B, 0xA77A, 0x9719, 0x8738, 0xF7DF, 0xE7FE, 0xD79D, 34 | 0xC7BC, 0x48C4, 0x58E5, 0x6886, 0x78A7, 0x0840, 0x1861, 0x2802, 0x3823, 35 | 0xC9CC, 0xD9ED, 0xE98E, 0xF9AF, 0x8948, 0x9969, 0xA90A, 0xB92B, 0x5AF5, 36 | 0x4AD4, 0x7AB7, 0x6A96, 0x1A71, 0x0A50, 0x3A33, 0x2A12, 0xDBFD, 0xCBDC, 37 | 0xFBBF, 0xEB9E, 0x9B79, 0x8B58, 0xBB3B, 0xAB1A, 0x6CA6, 0x7C87, 0x4CE4, 38 | 0x5CC5, 0x2C22, 0x3C03, 0x0C60, 0x1C41, 0xEDAE, 0xFD8F, 0xCDEC, 0xDDCD, 39 | 0xAD2A, 0xBD0B, 0x8D68, 0x9D49, 0x7E97, 0x6EB6, 0x5ED5, 0x4EF4, 0x3E13, 40 | 0x2E32, 0x1E51, 0x0E70, 0xFF9F, 0xEFBE, 0xDFDD, 0xCFFC, 0xBF1B, 0xAF3A, 41 | 0x9F59, 0x8F78, 0x9188, 0x81A9, 0xB1CA, 0xA1EB, 0xD10C, 0xC12D, 0xF14E, 42 | 0xE16F, 0x1080, 0x00A1, 0x30C2, 0x20E3, 0x5004, 0x4025, 0x7046, 0x6067, 43 | 0x83B9, 0x9398, 0xA3FB, 0xB3DA, 0xC33D, 0xD31C, 0xE37F, 0xF35E, 0x02B1, 44 | 0x1290, 0x22F3, 0x32D2, 0x4235, 0x5214, 0x6277, 0x7256, 0xB5EA, 0xA5CB, 45 | 0x95A8, 0x8589, 0xF56E, 0xE54F, 0xD52C, 0xC50D, 0x34E2, 0x24C3, 0x14A0, 46 | 0x0481, 0x7466, 0x6447, 0x5424, 0x4405, 0xA7DB, 0xB7FA, 0x8799, 0x97B8, 47 | 0xE75F, 0xF77E, 0xC71D, 0xD73C, 0x26D3, 0x36F2, 0x0691, 0x16B0, 0x6657, 48 | 0x7676, 0x4615, 0x5634, 0xD94C, 0xC96D, 0xF90E, 0xE92F, 0x99C8, 0x89E9, 49 | 0xB98A, 0xA9AB, 0x5844, 0x4865, 0x7806, 0x6827, 0x18C0, 0x08E1, 0x3882, 50 | 0x28A3, 0xCB7D, 0xDB5C, 0xEB3F, 0xFB1E, 0x8BF9, 0x9BD8, 0xABBB, 0xBB9A, 51 | 0x4A75, 0x5A54, 0x6A37, 0x7A16, 0x0AF1, 0x1AD0, 0x2AB3, 0x3A92, 0xFD2E, 52 | 0xED0F, 0xDD6C, 0xCD4D, 0xBDAA, 0xAD8B, 0x9DE8, 0x8DC9, 0x7C26, 0x6C07, 53 | 0x5C64, 0x4C45, 0x3CA2, 0x2C83, 0x1CE0, 0x0CC1, 0xEF1F, 0xFF3E, 0xCF5D, 54 | 0xDF7C, 0xAF9B, 0xBFBA, 0x8FD9, 0x9FF8, 0x6E17, 0x7E36, 0x4E55, 0x5E74, 55 | 0x2E93, 0x3EB2, 0x0ED1, 0x1EF0 56 | }; 57 | 58 | /* 59 | * Calculates the CKTP checksum (CRC16 0x1021) 60 | */ 61 | uint16_t cktp_calculate_checksum(uint8_t *data, uint16_t length) 62 | { 63 | uint16_t remainder = 0; 64 | 65 | for (uint16_t i = 0; i < length; i++) 66 | { 67 | uint8_t byte = data[i] ^ (remainder >> 8*(sizeof(uint16_t)-1)); 68 | remainder = crc16_table[byte] ^ (remainder << 8); 69 | } 70 | 71 | return remainder; 72 | } 73 | 74 | /* 75 | * Converts a CKTP error code into a readable error message. 76 | */ 77 | const char *cktp_error_to_string(uint8_t err) 78 | { 79 | switch (err) 80 | { 81 | case CKTP_OK: 82 | return "Success"; 83 | case CKTP_ERROR_NOT_AUTHENTICATED: 84 | return "Not authenticated"; 85 | case CKTP_ERROR_NOT_SUPPORTED: 86 | return "Operation not supported"; 87 | case CKTP_ERROR_INVALID_ARGUMENT: 88 | return "Invalid argument"; 89 | default: 90 | return "Unknown error"; 91 | } 92 | } 93 | 94 | -------------------------------------------------------------------------------- /src/cktp_common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * cktp_common.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CKTP_COMMON_H 20 | #define __CKTP_COMMON_H 21 | 22 | #include 23 | 24 | /* 25 | * Prototypes. 26 | */ 27 | uint16_t cktp_calculate_checksum(uint8_t *data, uint16_t length); 28 | const char *cktp_error_to_string(uint8_t err); 29 | 30 | #define cktp_checksum(message, length) \ 31 | cktp_calculate_checksum((uint8_t *)(&((message)->checksum) + 1), \ 32 | (length) - ((uint8_t *)(&((message)->checksum) + 1) - \ 33 | (uint8_t *)(message))) 34 | 35 | #endif /* __CKTP_COMMON_H */ 36 | -------------------------------------------------------------------------------- /src/cktp_encoding.c: -------------------------------------------------------------------------------- 1 | /* 2 | * cktp_encoding.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "base64.h" 24 | #include "cfg.h" 25 | #include "cktp_encoding.h" 26 | #include "log.h" 27 | #include "misc.h" 28 | #include "random.h" 29 | 30 | /* 31 | * Prototypes. 32 | */ 33 | static int enc_parse_param(const cktp_enc_param_t params, size_t params_size, 34 | const char *param_str, cktp_enc_val_t val); 35 | static size_t enc_base64_encode(const uint8_t *in, size_t insize, char *out); 36 | static size_t enc_base64_decode(const char *in, size_t insize, uint8_t *out); 37 | static cktp_enc_rng_t enc_random_init(void); 38 | static void enc_random_free(cktp_enc_rng_t rng); 39 | static void enc_random(cktp_enc_rng_t rng, void *ptr, size_t size); 40 | static uint64_t enc_gettime(void); 41 | static void enc_sleeptime(uint64_t ms); 42 | 43 | /* 44 | * Global encoding helper library. 45 | */ 46 | struct cktp_enc_lib_s encoding_lib = 47 | { 48 | enc_parse_param, 49 | enc_base64_encode, 50 | enc_base64_decode, 51 | enc_random_init, 52 | enc_random_free, 53 | enc_random, 54 | enc_gettime, 55 | enc_sleeptime 56 | }; 57 | 58 | /* 59 | * Parameter compare function. 60 | */ 61 | static int cktp_enc_param_s_compare(const void *a, const void *b) 62 | { 63 | const struct cktp_enc_param_s *a1 = (const struct cktp_enc_param_s *)a; 64 | const struct cktp_enc_param_s *b1 = (const struct cktp_enc_param_s *)b; 65 | 66 | size_t a1_size = strlen(a1->name); 67 | size_t b1_size = strlen(b1->name); 68 | size_t min_size = (a1_size < b1_size? a1_size: b1_size); 69 | return strncmp(a1->name, b1->name, min_size); 70 | } 71 | 72 | /* 73 | * Parse an encoding option/parameter. 74 | */ 75 | static int enc_parse_param(const cktp_enc_param_t params, size_t params_size, 76 | const char *param_str, cktp_enc_val_t val) 77 | { 78 | if (*param_str == '\0') 79 | { 80 | errno = EINVAL; 81 | return -1; 82 | } 83 | 84 | struct cktp_enc_param_s key; 85 | key.name = param_str; 86 | cktp_enc_param_t p = bsearch(&key, params, params_size, 87 | sizeof(struct cktp_enc_param_s), cktp_enc_param_s_compare); 88 | 89 | if (p == NULL) 90 | { 91 | errno = EINVAL; 92 | return -1; 93 | } 94 | 95 | val->param = p; 96 | const char *val_str = param_str + strlen(p->name); 97 | if (*val_str == '.') 98 | { 99 | val_str++; 100 | } 101 | switch (p->type) 102 | { 103 | case CKTP_ENCODING_TYPE_NIL: 104 | break; 105 | case CKTP_ENCODING_TYPE_INT: 106 | { 107 | char *end_ptr; 108 | val->val.int_val = strtoll(val_str, &end_ptr, 10); 109 | if (*val_str == '\0' || *end_ptr != '\0') 110 | { 111 | errno = EINVAL; 112 | return -1; 113 | } 114 | break; 115 | } 116 | case CKTP_ENCODING_TYPE_UINT: 117 | { 118 | char *end_ptr; 119 | val->val.uint_val = strtoull(val_str, &end_ptr, 10); 120 | if (*val_str == '\0' || *end_ptr != '\0') 121 | { 122 | errno = EINVAL; 123 | return -1; 124 | } 125 | break; 126 | } 127 | case CKTP_ENCODING_TYPE_STRING: 128 | { 129 | size_t i; 130 | for (i = 0; val_str[i] != '\0' && i < CKTP_MAX_STRING_LENGTH; i++) 131 | { 132 | val->val.str_val[i] = val_str[i]; 133 | } 134 | if (val_str[i] != '\0') 135 | { 136 | errno = EINVAL; 137 | return -1; 138 | } 139 | val->val.str_val[i] = '\0'; 140 | break; 141 | } 142 | default: 143 | errno = EINVAL; 144 | return -1; 145 | } 146 | 147 | return 0; 148 | } 149 | 150 | /* 151 | * Random numbers. 152 | */ 153 | static cktp_enc_rng_t enc_random_init(void) 154 | { 155 | return random_init(); 156 | } 157 | static void enc_random_free(cktp_enc_rng_t rng) 158 | { 159 | random_free(rng); 160 | } 161 | static void enc_random(cktp_enc_rng_t rng, void *ptr, size_t size) 162 | { 163 | random_memory(rng, ptr, size); 164 | } 165 | 166 | /* 167 | * Encode data as base64. 168 | */ 169 | size_t enc_base64_encode(const uint8_t *in, size_t insize, char *out) 170 | { 171 | return base64_encode(in, insize, out); 172 | } 173 | 174 | /* 175 | * Decode base64 data. 176 | */ 177 | size_t enc_base64_decode(const char *in, size_t insize, uint8_t *out) 178 | { 179 | return base64_decode(in, insize, out); 180 | } 181 | 182 | /* 183 | * Called after encoding/decoding packets. 184 | */ 185 | bool cktp_encoding_verify(cktp_enc_info_t info, size_t overhead, 186 | const uint8_t *oldptr, const uint8_t *newptr, size_t oldsize, 187 | size_t newsize) 188 | { 189 | if (newptr == NULL) 190 | { 191 | return false; 192 | } 193 | if (newsize == 0) 194 | { 195 | return false; 196 | } 197 | 198 | // Check for buggy encoding implementations: 199 | if (newsize > oldsize) 200 | { 201 | size_t sizediff = newsize - oldsize; 202 | if (sizediff > 2*overhead) 203 | { 204 | error("unable to encode/decode packet; encoding %s implementation " 205 | "bug; consumed " SIZE_T_FMT " bytes, maximum allowed is " 206 | SIZE_T_FMT " bytes", info->protocol, sizediff, 2*overhead); 207 | exit(EXIT_FAILURE); 208 | } 209 | } 210 | size_t ptrdiff = (size_t)llabs((intptr_t)newptr - (intptr_t)oldptr); 211 | if (ptrdiff > overhead) 212 | { 213 | error("unable to encode/decode packet; encoding %s implementation " 214 | "bug; buffer moved " SIZE_T_FMT " bytes, maximum allowed is " 215 | SIZE_T_FMT " bytes", 216 | info->protocol, ptrdiff, overhead); 217 | exit(EXIT_FAILURE); 218 | } 219 | 220 | return true; 221 | } 222 | 223 | /* 224 | * Get the current time. 225 | */ 226 | static uint64_t enc_gettime(void) 227 | { 228 | return gettime() / MILLISECONDS; 229 | } 230 | 231 | /* 232 | * Sleep for the given number of milliseconds. 233 | */ 234 | static void enc_sleeptime(uint64_t ms) 235 | { 236 | sleeptime(ms * MILLISECONDS); 237 | } 238 | 239 | -------------------------------------------------------------------------------- /src/cktp_encoding.h: -------------------------------------------------------------------------------- 1 | /* 2 | * cktp_encoding.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CKTP_ENCODING_H 20 | #define __CKTP_ENCODING_H 21 | 22 | #include 23 | #include 24 | 25 | #include "cktp.h" 26 | #include "random.h" 27 | 28 | /* 29 | * Encoding related constants. 30 | */ 31 | #define CKTP_MAX_ENCODINGS 8 32 | #define CKTP_MAX_ENCODING_NAME 16 33 | #define CKTP_MAX_ENCODING_OPTIONS 64 34 | #define CKTP_MAX_ENCODING_HANDSHAKE 32 35 | #define CKTP_MAX_ENCODING_RETRIES 3 36 | 37 | /* 38 | * Encoding parameters. 39 | */ 40 | #define CKTP_ENCODING_TYPE_NIL 0 41 | #define CKTP_ENCODING_TYPE_INT 1 42 | #define CKTP_ENCODING_TYPE_UINT 2 43 | #define CKTP_ENCODING_TYPE_STRING 3 44 | typedef uint8_t cktp_enc_type_t; 45 | struct cktp_enc_param_s 46 | { 47 | const char *name; 48 | uint16_t id; 49 | cktp_enc_type_t type; 50 | }; 51 | typedef struct cktp_enc_param_s *cktp_enc_param_t; 52 | 53 | struct cktp_enc_val_s 54 | { 55 | cktp_enc_param_t param; 56 | union 57 | { 58 | int64_t int_val; 59 | uint64_t uint_val; 60 | char str_val[CKTP_MAX_STRING_LENGTH+1]; 61 | } val; 62 | }; 63 | typedef struct cktp_enc_val_s *cktp_enc_val_t; 64 | 65 | /* 66 | * Encoding helper library. 67 | */ 68 | typedef int (*encoding_parse_param_t)(const cktp_enc_param_t params, 69 | size_t params_size, const char *param_str, cktp_enc_val_t val); 70 | typedef size_t (*encoding_base64_encode_t)(const uint8_t *in, size_t insize, 71 | char *out); 72 | typedef size_t (*encoding_base64_decode_t)(const char *in, size_t insize, 73 | uint8_t *out); 74 | typedef random_state_t cktp_enc_rng_t; 75 | typedef cktp_enc_rng_t (*encoding_random_init_t)(void); 76 | typedef void (*encoding_random_free_t)(cktp_enc_rng_t rng); 77 | typedef void (*encoding_random_t)(cktp_enc_rng_t rng, void *ptr, size_t size); 78 | typedef uint64_t (*encoding_gettime_t)(void); 79 | typedef void (*encoding_sleeptime_t)(uint64_t ms); 80 | 81 | struct cktp_enc_lib_s 82 | { 83 | encoding_parse_param_t parse_param; 84 | encoding_base64_encode_t base64_encode; 85 | encoding_base64_decode_t base64_decode; 86 | encoding_random_init_t random_init; 87 | encoding_random_free_t random_free; 88 | encoding_random_t random; 89 | encoding_gettime_t gettime; 90 | encoding_sleeptime_t sleeptime; 91 | }; 92 | typedef struct cktp_enc_lib_s *cktp_enc_lib_t; 93 | 94 | extern struct cktp_enc_lib_s encoding_lib; 95 | 96 | /* 97 | * Encoding protocol's state. 98 | */ 99 | typedef void *cktp_enc_state_t; 100 | 101 | /* 102 | * Encoding driver functions. 103 | */ 104 | typedef int (*encoding_init_t)(const cktp_enc_lib_t lib, const char *protocol, 105 | const char *options, size_t options_size, cktp_enc_state_t *stateptr); 106 | typedef int (*encoding_activate_t)(cktp_enc_state_t state); 107 | typedef int (*encoding_clone_t)(cktp_enc_state_t state, 108 | cktp_enc_state_t *stateptr); 109 | typedef void (*encoding_free_t)(cktp_enc_state_t state); 110 | typedef size_t (*encoding_overhead_t)(cktp_enc_state_t state); 111 | typedef uint64_t (*encoding_timeout_t)(cktp_enc_state_t state); 112 | typedef int (*encoding_handshake_request_t)(cktp_enc_state_t state, 113 | uint8_t *data, size_t *size); 114 | typedef int (*encoding_handshake_reply_t)(cktp_enc_state_t state, 115 | uint8_t *data, size_t size); 116 | typedef int (*encoding_encode_t)(cktp_enc_state_t state, uint8_t **dataptr, 117 | size_t *sizeptr); 118 | typedef int (*encoding_decode_t)(cktp_enc_state_t state, uint8_t **dataptr, 119 | size_t *sizeptr); 120 | typedef int (*encoding_server_decode_t)(cktp_enc_state_t state, 121 | uint32_t *source_addr, size_t source_size, uint8_t **dataptr, 122 | size_t *sizeptr, uint8_t **replyptr, size_t *replysizeptr); 123 | typedef const char *(*encoding_error_string_t)(cktp_enc_state_t state, 124 | int err); 125 | 126 | /* 127 | * Encoding info. 128 | */ 129 | struct cktp_enc_info_s 130 | { 131 | const char *protocol; 132 | encoding_init_t init; 133 | encoding_free_t free; 134 | encoding_overhead_t overhead; 135 | encoding_error_string_t error_string; 136 | 137 | #ifdef CLIENT 138 | encoding_timeout_t timeout; 139 | encoding_handshake_request_t handshake_request; 140 | encoding_handshake_reply_t handshake_reply; 141 | encoding_encode_t encode; 142 | encoding_decode_t decode; 143 | #endif /* CLIENT */ 144 | 145 | #ifdef SERVER 146 | encoding_activate_t activate; 147 | encoding_clone_t clone; 148 | encoding_encode_t encode; 149 | encoding_server_decode_t decode; 150 | #endif /* SERVER */ 151 | }; 152 | typedef struct cktp_enc_info_s *cktp_enc_info_t; 153 | 154 | /* 155 | * Encoding itself. 156 | */ 157 | struct cktp_enc_s 158 | { 159 | cktp_enc_info_t info; // Encoding's implementation 160 | cktp_enc_state_t state; // Encoding's state 161 | size_t overhead; // Maximum overhead of this encoding 162 | }; 163 | 164 | /* 165 | * Initialise an encoding buffer. 166 | */ 167 | #define CKTP_ENCODING_BUFF_SIZE(size0, overhead) ((size0)+2*(overhead)) 168 | #define CKTP_ENCODING_BUFF_INIT(buff0, overhead) ((buff0)+(overhead)) 169 | bool cktp_encoding_verify(cktp_enc_info_t info, size_t overhead, 170 | const uint8_t *oldptr, const uint8_t *newptr, size_t oldsize, 171 | size_t newsize); 172 | 173 | #endif /* __ENCODING_H */ 174 | -------------------------------------------------------------------------------- /src/cktp_server.h: -------------------------------------------------------------------------------- 1 | /* 2 | * cktp_server.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CKTP_SERVER_H 20 | #define __CKTP_SERVER_H 21 | 22 | #include 23 | 24 | /* 25 | * An open CKTP tunnel. 26 | */ 27 | typedef struct cktp_tunnel_s *cktp_tunnel_t; 28 | 29 | /* 30 | * Prototypes. 31 | */ 32 | bool cktp_init(void); 33 | cktp_tunnel_t cktp_open_tunnel(const char *url, size_t bps); 34 | void cktp_close_tunnel(cktp_tunnel_t tunnel); 35 | void cktp_listen(cktp_tunnel_t tunnel, int socket_out, int socket_icmp, 36 | unsigned threads); 37 | bool cktp_is_ipv4_addr_public(uint32_t addr); 38 | 39 | #endif /* __CKTP_SERVER_H */ 40 | -------------------------------------------------------------------------------- /src/cktp_url.h: -------------------------------------------------------------------------------- 1 | /* 2 | * cktp_url.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CKTP_URL_H 20 | #define __CKTP_URL_H 21 | 22 | #include 23 | 24 | #include "cktp_encoding.h" 25 | #include "socket.h" 26 | 27 | #define CKTP_PROTO_IP 0 28 | #define CKTP_PROTO_UDP 1 29 | #define CKTP_PROTO_UDPLITE 2 30 | #define CKTP_PROTO_PING 3 31 | #define CKTP_PROTO_TCP 4 32 | 33 | /* 34 | * Parse a tunnel url. 35 | */ 36 | bool cktp_parse_url(const char *url, int *transport, char *server, 37 | uint16_t *port, struct cktp_enc_s *encodings); 38 | 39 | #endif /* __CKTP_URL_H */ 40 | -------------------------------------------------------------------------------- /src/config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * config.h 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __CONFIG_H 20 | #define __CONFIG_H 21 | 22 | #include 23 | #include 24 | 25 | #include "cfg.h" 26 | #include "http_server.h" 27 | #include "packet_protocol.h" 28 | 29 | #ifdef CLIENT 30 | #include "log.h" 31 | #define CONFIG_FILENAME PROGRAM_NAME ".config" 32 | #endif 33 | 34 | #ifdef SERVER 35 | #define CONFIG_FILENAME "/etc/reqryptd/reqrypt.conf" 36 | #endif 37 | 38 | typedef uint8_t config_enum_t; 39 | 40 | /* 41 | * Values for TCP flags. 42 | */ 43 | typedef config_enum_t config_flag_t; 44 | #define FLAG_UNSET 0 45 | #define FLAG_SET 1 46 | #define FLAG_DONT_CARE 2 47 | #define FLAG_UNSET_NAME "unset" 48 | #define FLAG_SET_NAME "set" 49 | #define FLAG_DONT_CARE_NAME "*" 50 | 51 | /* 52 | * Values for 'split_mode'. 53 | */ 54 | typedef config_enum_t config_split_t; 55 | #define SPLIT_NONE 0 56 | #define SPLIT_FULL 1 57 | #define SPLIT_PARTIAL 2 58 | #define SPLIT_NONE_NAME "none" 59 | #define SPLIT_FULL_NAME "full" 60 | #define SPLIT_PARTIAL_NAME "partial" 61 | 62 | /* 63 | * Values for the log level. 64 | */ 65 | #define LOGLEVEL_ALL LOG_MESSAGE_TRACE 66 | #define LOGLEVEL_PACKETS LOG_MESSAGE_PACKET 67 | #define LOGLEVEL_INFO LOG_MESSAGE_INFO 68 | #define LOGLEVEL_WARNINGS LOG_MESSAGE_NONE 69 | #define LOGLEVEL_NONE LOG_MESSAGE_NONE 70 | #define LOGLEVEL_ALL_NAME "all" 71 | #define LOGLEVEL_PACKETS_NAME "packets" 72 | #define LOGLEVEL_INFO_NAME "info" 73 | #define LOGLEVEL_WARNINGS_NAME "warnings" 74 | #define LOGLEVEL_NONE_NAME "none" 75 | 76 | /* 77 | * Values for the ghost packet mode. 78 | */ 79 | typedef config_enum_t config_ghost_t; 80 | #define GHOST_NONE 0 81 | #define GHOST_NAT 1 82 | #define GHOST_ALWAYS 2 83 | #define GHOST_NONE_NAME "none" 84 | #define GHOST_NAT_NAME "nat" 85 | #define GHOST_ALWAYS_NAME "always" 86 | 87 | /* 88 | * Values for the fragmentation mode. 89 | */ 90 | typedef config_enum_t config_frag_t; 91 | #define FRAG_NETWORK 0 92 | #define FRAG_TRANSPORT 1 93 | #define FRAG_NETWORK_NAME "network" 94 | #define FRAG_TRANSPORT_NAME "transport" 95 | 96 | /* 97 | * Configuration representation. 98 | */ 99 | struct config_s 100 | { 101 | #ifdef CLIENT 102 | bool enabled; // Is circumvention enabled? 103 | bool hide_tcp; // Hide TCP packets? 104 | bool hide_tcp_data; // Hide TCP data packets? 105 | config_flag_t hide_tcp_syn; // Hide TCP packets with SYN flag set? 106 | config_flag_t hide_tcp_ack; // Hide TCP packets with ACK flag set? 107 | config_flag_t hide_tcp_psh; // Hide TCP packets with PSH flag set? 108 | config_flag_t hide_tcp_fin; // Hide TCP packets with FIN flag set? 109 | config_flag_t hide_tcp_rst; // Hide TCP packets with RST flag set? 110 | bool hide_udp; // Hide UDP packets? 111 | bool tunnel; // Tunnel packets? 112 | bool multi_route; // Send TCP flows over multiple tunnels? 113 | config_split_t split; // How to split data. 114 | config_ghost_t ghost; // Send ghost packets? 115 | bool ghost_check; // Use a valid checksum for ghost packets? 116 | bool ghost_set_ttl; // Set the TTL of ghost packets? 117 | uint8_t ghost_ttl; // TTL for ghost packets. 118 | config_frag_t fragment; // How to fragment packets. 119 | uint16_t tcp_port; // TCP port. 120 | proto_t tcp_proto; // TCP protocol handler. 121 | uint16_t tcp_port_2; // TCP port (2). 122 | proto_t tcp_proto_2; // TCP protocol handler (2). 123 | uint16_t udp_port; // UDP port. 124 | proto_t udp_proto; // UDP protocol handler. 125 | uint16_t mtu; // MTU for tunnelled packets. 126 | bool launch_ui; // Auto-launch the UI on startup. 127 | bool check_updates; // Check for new versions of this program. 128 | #endif 129 | 130 | #ifdef SERVER 131 | uint8_t threads; // Number of threads. 132 | uint32_t kb_per_sec; // Rate limit. 133 | #endif 134 | }; 135 | 136 | /* 137 | * Prototypes. 138 | */ 139 | void config_init(void); 140 | void config_get(struct config_s *config); 141 | void config_callback(struct http_user_vars_s *vars); 142 | 143 | #endif /* __CONFIG_H */ 144 | -------------------------------------------------------------------------------- /src/cookie.h: -------------------------------------------------------------------------------- 1 | /* 2 | * cookie.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __COOKIE_H 20 | #define __COOKIE_H 21 | 22 | /* 23 | * Note: this module is fully defined in this header file. This is for: 24 | * - speed, and 25 | * - use in encodings 26 | */ 27 | 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | /* 34 | * Cookie generator parameters. 35 | */ 36 | struct cookie_gen_s 37 | { 38 | uint32_t v[4]; 39 | uint32_t k[4]; 40 | uint32_t r[4]; 41 | }; 42 | 43 | typedef struct cookie_gen_s *cookie_gen_t; 44 | 45 | /* 46 | * Initialise a cookie_gen_t. 47 | */ 48 | static inline bool cookie_gen_init(cookie_gen_t gen) 49 | { 50 | const char *rand_dev = "/dev/urandom"; 51 | FILE *rand = fopen(rand_dev, "r"); 52 | if (rand == NULL) 53 | { 54 | return false; 55 | } 56 | if (fread(gen, sizeof(struct cookie_gen_s), 1, rand) != 1) 57 | { 58 | fclose(rand); 59 | return false; 60 | } 61 | fclose(rand); 62 | return true; 63 | } 64 | 65 | /* 66 | * Generate a cookie based on the given data. 67 | * The algorithm is based on reduced-round XXTEA. 68 | */ 69 | #define COOKIE_ROUNDS 10 // Reduced from 19 70 | #define COOKIE_DELTA 0x9E3779B9 71 | #define COOKIE_MIX(i, y, z, sum, k, e) \ 72 | (((z) >> 5 ^ (y) << 2) + ((y) >> 3 ^ (z) << 4)) ^ (((sum) ^ (y)) + \ 73 | ((k)[((i) & 0x03) ^ (e)] ^ (z))); 74 | 75 | static inline void generate_cookie128(cookie_gen_t gen, uint32_t *data, 76 | size_t size, uint64_t *r0, uint64_t *r1) 77 | { 78 | register uint32_t v0 = gen->v[0], v1 = gen->v[1], v2 = gen->v[2], 79 | v3 = gen->v[3]; 80 | switch (size) 81 | { 82 | case 4: 83 | v3 ^= data[3]; 84 | case 3: 85 | v2 ^= data[2]; 86 | case 2: 87 | v3 ^= data[1]; 88 | case 1: 89 | v1 ^= data[0]; 90 | } 91 | register uint32_t sum = 0, e; 92 | for (unsigned i = 0; i < COOKIE_ROUNDS; i++) 93 | { 94 | sum += COOKIE_DELTA; 95 | e = (sum >> 2) & 0x03; 96 | v0 += COOKIE_MIX(0, v1, v3, sum, gen->k, e); 97 | v1 += COOKIE_MIX(1, v2, v0, sum, gen->k, e); 98 | v2 += COOKIE_MIX(2, v3, v1, sum, gen->k, e); 99 | v3 += COOKIE_MIX(3, v0, v2, sum, gen->k, e); 100 | } 101 | 102 | v0 ^= gen->r[0]; 103 | v1 ^= gen->r[1]; 104 | v2 ^= gen->r[2]; 105 | v3 ^= gen->r[3]; 106 | 107 | *r0 = (((uint64_t)v0) << 32) | v1; 108 | *r1 = (((uint64_t)v2) << 32) | v3; 109 | } 110 | 111 | /* 112 | * 64-bit version. 113 | */ 114 | static inline uint64_t generate_cookie64(cookie_gen_t gen, uint32_t *data, 115 | size_t size) 116 | { 117 | uint64_t r0, r1; 118 | generate_cookie128(gen, data, size, &r0, &r1); 119 | return r0 ^ r1; 120 | } 121 | 122 | /* 123 | * 32-bit version. 124 | */ 125 | static inline uint32_t generate_cookie32(cookie_gen_t gen, uint32_t *data, 126 | size_t size) 127 | { 128 | uint64_t r0 = generate_cookie64(gen, data, size); 129 | return ((uint32_t)(r0 >> 32)) ^ (uint32_t)r0; 130 | } 131 | 132 | /* 133 | * 16-bit version. 134 | */ 135 | static inline uint16_t generate_cookie16(cookie_gen_t gen, uint32_t *data, 136 | size_t size) 137 | { 138 | uint32_t r0 = generate_cookie64(gen, data, size); 139 | return ((uint16_t)(r0 >> 16)) ^ (uint16_t)r0; 140 | } 141 | 142 | #endif /* __COOKIE_H */ 143 | -------------------------------------------------------------------------------- /src/encodings/aes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * aes.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __AES_H 20 | #define __AES_H 21 | 22 | #define AES_ROUNDS 10 23 | 24 | extern void aes_expandkey(const uint8_t *key, size_t keysize, uint8_t *ekey); 25 | extern void aes_encrypt(const uint8_t *v, const uint32_t *rk, uint8_t *o); 26 | 27 | #endif /* __AES_H */ 28 | -------------------------------------------------------------------------------- /src/encodings/aes_hardware.c: -------------------------------------------------------------------------------- 1 | /* 2 | * aes_hardware.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | /* 20 | * AES hardware accelerated encryption. 21 | */ 22 | 23 | #include 24 | #include 25 | #include 26 | 27 | #include "aes_hardware.h" 28 | 29 | /* 30 | * Beautification. 31 | */ 32 | typedef long long int int128_t __attribute__ ((vector_size (16))); 33 | 34 | #define aes_enc __builtin_ia32_aesenc128 35 | #define aes_enc_last __builtin_ia32_aesenclast128 36 | #define aes_keygen_assist __builtin_ia32_aeskeygenassist128 37 | 38 | #define bshuffle __builtin_ia32_pshufd 39 | #define lshift4(a, b) \ 40 | __builtin_ia32_pslldqi128((a), (b) * 8) 41 | 42 | #define cpuid(f, ax, bx, cx, dx) \ 43 | __asm__ __volatile__ ("cpuid" : "=a" (ax), "=b" (bx), "=c" (cx), \ 44 | "=d" (dx) : "a" (f)) 45 | 46 | /* 47 | * Prototypes. 48 | */ 49 | static int128_t aes_expandkey_assist(int128_t a, int128_t b); 50 | 51 | /* 52 | * AES hardware test. 53 | */ 54 | extern bool aes_hardware_test(void) 55 | { 56 | unsigned a, b, c, d; 57 | cpuid(1, a, b, c, d); 58 | return ((c & 0x02000000) != 0); 59 | } 60 | 61 | /* 62 | * AES key expansion assist. 63 | */ 64 | static int128_t aes_expandkey_assist(int128_t a, int128_t b) 65 | { 66 | b = bshuffle(b, 0xFF); 67 | int128_t c = lshift4(a, 4); 68 | a = c ^ a; 69 | c = lshift4(a, 4); 70 | a = c ^ a; 71 | c = lshift4(a, 4); 72 | return c ^ a ^ b; 73 | } 74 | 75 | /* 76 | * AES key expansion. 77 | */ 78 | extern void aes_hardware_expandkey(const uint8_t *key0, size_t keysize, 79 | uint8_t *ekey0) 80 | { 81 | // Warning: key0 need not be aligned, gcc will assume it is. 82 | size_t i; 83 | for (i = 0; i < keysize; i++) 84 | { 85 | ekey0[i] = key0[i]; 86 | } 87 | for (; i < 16; i++) 88 | { 89 | ekey0[i] = 0x0; 90 | } 91 | 92 | int128_t *ekey = (int128_t *)ekey0; 93 | int128_t key = ekey[0]; 94 | ekey[1] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x1)); 95 | ekey[2] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x2)); 96 | ekey[3] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x4)); 97 | ekey[4] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x8)); 98 | ekey[5] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x10)); 99 | ekey[6] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x20)); 100 | ekey[7] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x40)); 101 | ekey[8] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x80)); 102 | ekey[9] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x1B)); 103 | ekey[10] = key = aes_expandkey_assist(key, aes_keygen_assist(key, 0x36)); 104 | } 105 | 106 | /* 107 | * AES encryption. 108 | */ 109 | extern void aes_hardware_encrypt(const uint8_t *v0, const uint32_t *rk0, 110 | uint8_t *o) 111 | { 112 | const int128_t *rk = (const int128_t *)rk0; 113 | int128_t v = *(int128_t *)v0; 114 | 115 | v ^= rk[0]; 116 | v = aes_enc(v, rk[1]); 117 | v = aes_enc(v, rk[2]); 118 | v = aes_enc(v, rk[3]); 119 | v = aes_enc(v, rk[4]); 120 | v = aes_enc(v, rk[5]); 121 | v = aes_enc(v, rk[6]); 122 | v = aes_enc(v, rk[7]); 123 | v = aes_enc(v, rk[8]); 124 | v = aes_enc(v, rk[9]); 125 | v = aes_enc_last(v, rk[10]); 126 | 127 | *(int128_t *)o = v; 128 | } 129 | 130 | -------------------------------------------------------------------------------- /src/encodings/aes_hardware.h: -------------------------------------------------------------------------------- 1 | /* 2 | * aes_hardware.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __AES_HARDWARE_H 20 | #define __AES_HARDWARE_H 21 | 22 | #include 23 | #include 24 | 25 | extern bool aes_hardware_test(void); 26 | extern void aes_hardware_expandkey(const uint8_t *key, size_t keysize, 27 | uint8_t *ekey); 28 | extern void aes_hardware_encrypt(const uint8_t *v, const uint32_t *rk, 29 | uint8_t *o); 30 | 31 | #endif /* __AES_HARDWARE_H */ 32 | -------------------------------------------------------------------------------- /src/encodings/crypt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * crypt.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __CRYPT_H 19 | #define __CRYPT_H 20 | 21 | #include "cfg.h" 22 | #include "cktp_encoding.h" 23 | 24 | #define CRYPT_CERT_CACHE_FILENAME PACKAGE_NAME ".crypt.cache" 25 | 26 | extern struct cktp_enc_info_s crypt_encoding; 27 | 28 | #endif /* __CRYPT_H */ 29 | -------------------------------------------------------------------------------- /src/encodings/natural.h: -------------------------------------------------------------------------------- 1 | /* 2 | * natural.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __NATURAL_H 19 | #define __NATURAL_H 20 | 21 | #include 22 | 23 | /* 24 | * (Big) natural number type. 25 | */ 26 | typedef uint64_t N; 27 | typedef N* N_t; 28 | 29 | /* 30 | * Number of N digits in a 'normal' N_t. 31 | */ 32 | #define N_SIZE 19 33 | 34 | /* 35 | * Prototypes. 36 | */ 37 | void N_set(const uint8_t *data, size_t size, N_t a); 38 | void N_get(uint8_t *data, size_t size, N_t a); 39 | void N_modexp(N_t b, N_t e, N_t m, N_t r); 40 | bool N_lt2(N_t a, N_t b); 41 | bool N_neq1(N_t a); 42 | 43 | #endif /* __NATURAL_H */ 44 | -------------------------------------------------------------------------------- /src/encodings/pad.h: -------------------------------------------------------------------------------- 1 | /* 2 | * pad.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __PAD_H 19 | #define __PAD_H 20 | 21 | #include "cktp_encoding.h" 22 | 23 | extern struct cktp_enc_info_s pad_encoding; 24 | 25 | #endif /* __PAD_H */ 26 | -------------------------------------------------------------------------------- /src/freebsd/capture.c: -------------------------------------------------------------------------------- 1 | /* 2 | * capture.c 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | /* 20 | * Filtering, packet capture, and re-injection for FreeBSD 21 | * 22 | * FILTERING: 23 | * Filtering is achieved by issuing pfctl commands to redirect packets 24 | * to IP_DIVERT sockets. 25 | * 26 | * CAPTURING/RE-INJECTION: 27 | * This is all handled by IP_DIVERT sockets. 28 | * (I really wish Linux would implement this...) 29 | */ 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | #include "capture.h" 39 | #include "log.h" 40 | #include "misc.h" 41 | #include "options.h" 42 | #include "socket.h" 43 | 44 | /* 45 | * Divert port 46 | */ 47 | #define DIVERT_PORT 40403 48 | 49 | /* 50 | * Anchorname 51 | */ 52 | #define ANCHOR PROGRAM_NAME 53 | 54 | /* 55 | * PFCTL commands. 56 | */ 57 | #define PFCTL_BUFFSIZE 256 58 | #define PFCTL_ARGS_MAX 32 59 | static const char *pfctl_divert = 60 | "/sbin/pactl -a " ANCHOR " -f " PFCONF_FILENAME; 61 | static const char *pfctl_undo = 62 | "/sbin/pfctl -a " ANCHOR " -F rules"; 63 | 64 | /* 65 | * Prototypes. 66 | */ 67 | static void pfctl(const char *command); 68 | static void pfctl_undo_on_signal(int sig); 69 | static void pfctl_undo_flush(void); 70 | 71 | /* 72 | * Global divert socket for capture/injection. 73 | */ 74 | static int socket_divert; 75 | 76 | /* 77 | * Cleaned up pf state? 78 | */ 79 | static bool pf_clean = true; 80 | 81 | /* 82 | * Initialise packet capturing. 83 | */ 84 | void init_capture(void) 85 | { 86 | // Set-up divert socket. 87 | trace("[" PLATFORM "] setting up divert socket to port %d", DIVERT_PORT); 88 | 89 | socket_divert = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT); 90 | if (socket_divert < 0) 91 | { 92 | error("unable to create a divert socket"); 93 | } 94 | 95 | struct sockaddr_in addr; 96 | memset(&addr, 0x0, sizeof(addr)); 97 | addr.sin_family = AF_INET; 98 | addr.sin_port = htons(DIVERT_PORT); 99 | 100 | if (bind(socket_divert, (struct sockaddr *)&addr, sizeof(addr)) != 0) 101 | { 102 | error("unable to bind divert socket to port %d", DIVERT_PORT); 103 | } 104 | 105 | // Initialise packet capture/redirection with pf. 106 | #ifndef DEBUG 107 | signal(SIGINT, pfctl_undo_on_signal); 108 | signal(SIGQUIT, pfctl_undo_on_signal); 109 | signal(SIGHUP, pfctl_undo_on_signal); 110 | signal(SIGILL, pfctl_undo_on_signal); 111 | signal(SIGFPE, pfctl_undo_on_signal); 112 | signal(SIGABRT, pfctl_undo_on_signal); 113 | signal(SIGSEGV, pfctl_undo_on_signal); 114 | signal(SIGTERM, pfctl_undo_on_signal); 115 | signal(SIGPIPE, pfctl_undo_on_signal); 116 | signal(SIGALRM, pfctl_undo_on_signal); 117 | #endif /* DEBUG */ 118 | pfctl(pfctl_divert); 119 | pf_clean = false; 120 | atexit(pfctl_undo_flush); 121 | } 122 | 123 | /* 124 | * Get a captured packet. 125 | */ 126 | size_t get_packet(uint8_t *buff, size_t size) 127 | { 128 | if (size <= sizeof(struct ethhdr)) 129 | { 130 | return 0; 131 | } 132 | 133 | ssize_t result; 134 | do 135 | { 136 | result = recv(socket_divert, buff + sizeof(struct ethhdr), 137 | size - sizeof(struct ethhdr), 0); 138 | if (result < 0) 139 | { 140 | warning("failed to read packet from netfilter socket"); 141 | continue; 142 | } 143 | } 144 | while (false); 145 | 146 | // Add fake ethhdr 147 | struct ethhdr *eth_header = (struct ethhdr *)buff; 148 | memset(ð_header->h_dest, 0x0, ETH_ALEN); 149 | memset(ð_header->h_source, 0x0, ETH_ALEN); 150 | eth_header->h_proto = htons(ETH_P_IP); 151 | 152 | return (size_t)result + sizeof(struct ethhdr); 153 | } 154 | 155 | /* 156 | * Re-inject a packet. 157 | */ 158 | void inject_packet(uint8_t *buff, size_t size) 159 | { 160 | struct ethhdr *eth_header = (struct ethhdr *)buff; 161 | struct iphdr *ip_header = (struct iphdr *)(eth_header + 1); 162 | size -= sizeof(struct ethhdr); 163 | 164 | struct sockaddr_in to_addr; 165 | memset(&to_addr, 0x0, sizeof(to_addr)); 166 | to_addr.sin_family = AF_INET; 167 | to_addr.sin_port = htons(DIVERT_PORT); 168 | to_addr.sin_addr.s_addr = INADDR_ANY; 169 | 170 | int n = sendto(socket_divert, ip_header, size, 0, 171 | (struct sockaddr *)(&to_addr), sizeof(to_addr)); 172 | if (n < 0) 173 | { 174 | warning("unable to re-inject packet of size %zu", size); 175 | } 176 | } 177 | 178 | /* 179 | * Execute an pfctl command. 180 | */ 181 | static void pfctl(const char *command) 182 | { 183 | if (options_get()->seen_no_pf) 184 | { 185 | return; 186 | } 187 | 188 | char buff[PFCTL_BUFFSIZE]; 189 | if (snprintf(buff, sizeof(buff), command, DIVERT_PORT, getuid()) >= 190 | sizeof(buff)) 191 | { 192 | panic("pfctl buffer is too small"); 193 | } 194 | log("[" PLATFORM "] executing pfctl command \"%s\"", buff); 195 | 196 | // Note: never use system() because we have setuid as root. 197 | char *args[PFCTL_ARGS_MAX]; 198 | args[0] = buff; 199 | int i, j; 200 | for (i = 0, j = 1; buff[i] && j < PFCTL_ARGS_MAX-1; i++) 201 | { 202 | if(buff[i] == ' ') 203 | { 204 | buff[i] = '\0'; 205 | if (buff[i+1] != '\0') 206 | { 207 | args[j++] = buff+i+1; 208 | } 209 | } 210 | } 211 | args[j] = NULL; 212 | 213 | pid_t pid = fork(); 214 | if (pid == -1) 215 | { 216 | error("unable to execute pfctl command; failed to fork current " 217 | "process"); 218 | } 219 | else if (pid == 0) 220 | { 221 | if (setgid(0) != 0) 222 | { 223 | error("unable to set the group ID to 0 (root) for pfctl command"); 224 | } 225 | if (setuid(0) != 0) 226 | { 227 | error("unable to set the user ID to 0 (root) for pfctl command"); 228 | } 229 | execv("/sbin/pfctl", args); 230 | error("unable to execute pfctl command"); 231 | } 232 | 233 | int exit_status; 234 | while (waitpid(pid, &exit_status, 0) < 0) 235 | { 236 | if (errno != EINTR) 237 | { 238 | error("unable to execute pfctl command; failed to wait for pfctl " 239 | "to complete"); 240 | } 241 | } 242 | if(exit_status != 0) 243 | { 244 | error("pfctl command returned non-zero exit status %d", exit_status); 245 | } 246 | } 247 | 248 | /* 249 | * Undo pfctl commands on signal then exit. 250 | */ 251 | static void pfctl_undo_on_signal(int sig) 252 | { 253 | log("[" PLATFORM "] caught deadly signal %d; cleaning up pf state", sig); 254 | pfctl_undo_flush(); 255 | error("caught deadly signal %d; exitting", sig); 256 | } 257 | 258 | /* 259 | * Undo pfctl commands. 260 | */ 261 | static void pfctl_undo_flush(void) 262 | { 263 | if (!pf_clean) 264 | { 265 | pfctl(pfctl_undo); 266 | pf_clean = true; 267 | } 268 | } 269 | 270 | -------------------------------------------------------------------------------- /src/freebsd/misc.c: -------------------------------------------------------------------------------- 1 | ../linux/misc.c -------------------------------------------------------------------------------- /src/freebsd/socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * socket.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __SOCKET_H 19 | #define __SOCKET_H 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | /* 32 | * We don't use standard BSD-style structs. 33 | */ 34 | 35 | /* 36 | * Ethernet header. 37 | */ 38 | #define ETH_ALEN 6 39 | struct ethhdr 40 | { 41 | uint8_t h_dest[ETH_ALEN]; 42 | uint8_t h_source[ETH_ALEN]; 43 | uint16_t h_proto; 44 | }; 45 | 46 | #define ETH_P_IP 0x0800 47 | 48 | /* 49 | * IPv4 header. 50 | */ 51 | struct iphdr 52 | { 53 | uint8_t ihl:4; 54 | uint8_t version:4; 55 | uint8_t tos; 56 | uint16_t tot_len; 57 | uint16_t id; 58 | uint16_t frag_off; 59 | uint8_t ttl; 60 | uint8_t protocol; 61 | uint16_t check; 62 | uint32_t saddr; 63 | uint32_t daddr; 64 | }; 65 | 66 | #define IP_MSS 576 67 | 68 | /* 69 | * IPv6 header. 70 | */ 71 | struct ip6_hdr 72 | { 73 | union 74 | { 75 | struct ip6_hdrctl 76 | { 77 | uint32_t ip6_un1_flow; 78 | uint16_t ip6_un1_plen; 79 | uint8_t ip6_un1_nxt; 80 | uint8_t ip6_un1_hlim; 81 | } ip6_un1; 82 | uint8_t ip6_un2_vfc; 83 | } ip6_ctlun; 84 | struct in6_addr ip6_src; 85 | struct in6_addr ip6_dst; 86 | }; 87 | 88 | #define ip6_vfc ip6_ctlun.ip6_un2_vfc 89 | #define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow 90 | #define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen 91 | #define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt 92 | #define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim 93 | #define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim 94 | 95 | #ifdef IN6ADDR_LOOPBACK_INIT 96 | #undef IN6ADDR_LOOPBACK_INIT 97 | #define IN6ADDR_LOOPBACK_INIT {{{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1}}} 98 | #endif 99 | 100 | /* 101 | * TCP header. 102 | */ 103 | struct tcphdr 104 | { 105 | uint16_t source; 106 | uint16_t dest; 107 | uint32_t seq; 108 | uint32_t ack_seq; 109 | uint16_t res1:4; 110 | uint16_t doff:4; 111 | uint16_t fin:1; 112 | uint16_t syn:1; 113 | uint16_t rst:1; 114 | uint16_t psh:1; 115 | uint16_t ack:1; 116 | uint16_t urg:1; 117 | uint16_t res2:2; 118 | uint16_t window; 119 | uint16_t check; 120 | uint16_t urg_ptr; 121 | }; 122 | 123 | #define TCPOPT_EOL 0 124 | #define TCPOPT_NOP 1 125 | #define TCPOPT_MAXSEG 2 126 | 127 | /* 128 | * UDP header. 129 | */ 130 | struct udphdr 131 | { 132 | uint16_t source; 133 | uint16_t dest; 134 | uint16_t len; 135 | uint16_t check; 136 | }; 137 | 138 | /* 139 | * ICMP header. 140 | */ 141 | struct icmphdr 142 | { 143 | uint8_t type; 144 | uint8_t code; 145 | uint16_t checksum; 146 | union 147 | { 148 | struct 149 | { 150 | uint16_t id; 151 | uint16_t sequence; 152 | } echo; 153 | uint32_t gateway; 154 | struct 155 | { 156 | uint16_t unused; 157 | uint16_t mtu; 158 | } frag; 159 | } un; 160 | }; 161 | 162 | #define ICMP_DEST_UNREACH 3 163 | #define ICMP_FRAG_NEEDED 4 164 | #define ICMP_TIME_EXCEEDED 11 165 | #define ICMP_EXC_TTL 0 166 | #define ICMP_ECHOREPLY 0 167 | #define ICMP_ECHO 8 168 | 169 | typedef int socket_t; 170 | 171 | #define SOCKET_T_FMT "%d" 172 | 173 | #define INVALID_SOCKET (-1) 174 | #define SOCKET_ERROR (-1) 175 | 176 | #define init_sockets() /* NOP */ 177 | #define close_socket(socket) close(socket) 178 | 179 | #define UDP_NO_CHECK_LAYER SOL_SOCKET 180 | #define UDP_NO_CHECK_OPTION SO_NO_CHECK 181 | 182 | #endif /* __SOCKET_H */ 183 | -------------------------------------------------------------------------------- /src/freebsd/thread.h: -------------------------------------------------------------------------------- 1 | ../linux/thread.h -------------------------------------------------------------------------------- /src/http_server.h: -------------------------------------------------------------------------------- 1 | /* 2 | * http_server.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __HTTP_SERVER_H 19 | #define __HTTP_SERVER_H 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | /* 26 | * Key value pair for looking up enum values. 27 | */ 28 | struct http_pair_s 29 | { 30 | const char *key; 31 | unsigned val; 32 | }; 33 | int http_pair_s_compare(const void *a, const void *b); 34 | 35 | /* 36 | * Representation of the user key/value pair. 37 | */ 38 | struct http_user_var_s 39 | { 40 | const char *var; 41 | const char *val; 42 | }; 43 | 44 | /* 45 | * Representation of a set of user key/value pairs. 46 | */ 47 | #define MAX_USER_VARS 64 48 | struct http_user_vars_s 49 | { 50 | size_t size; 51 | bool sorted; 52 | struct http_user_var_s vars[MAX_USER_VARS]; 53 | }; 54 | 55 | /* 56 | * A HTTP buffer. 57 | */ 58 | struct http_buffer_s 59 | { 60 | bool dynamic; 61 | size_t get_pos; 62 | size_t put_pos; 63 | size_t size; 64 | char *buff; 65 | }; 66 | typedef struct http_buffer_s *http_buffer_t; 67 | 68 | /* 69 | * Callbacks for program generated content. 70 | */ 71 | typedef bool (*http_callback_func_t)(http_buffer_t buff); 72 | void http_register_callback(const char *name, http_callback_func_t func); 73 | 74 | /* 75 | * Launch a http server that listens on the given port. 76 | */ 77 | void http_server(uint16_t port, void (*callback)(struct http_user_vars_s *), 78 | bool launch); 79 | 80 | /* 81 | * Helper functions for user vars. 82 | */ 83 | void http_user_vars_init(struct http_user_vars_s *vars); 84 | void http_user_vars_free(struct http_user_vars_s *vars); 85 | const char *http_user_var_lookup(const struct http_user_vars_s *vars, 86 | const char *var); 87 | void http_user_var_insert(struct http_user_vars_s *vars, const char *var, 88 | const char *val); 89 | bool http_get_string_var(const struct http_user_vars_s *vars, 90 | const char *var, const char **sval); 91 | bool http_get_bool_var(const struct http_user_vars_s *vars, 92 | const char *var, bool *bval); 93 | bool http_get_int_var(const struct http_user_vars_s *vars, 94 | const char *var, unsigned min, unsigned max, size_t size, void *ival); 95 | bool http_get_enum_var(const struct http_user_vars_s *vars, 96 | const char *var, struct http_pair_s *def, size_t def_len, uint8_t *ival); 97 | 98 | /* 99 | * Helper functions for buffer type. 100 | */ 101 | http_buffer_t http_buffer_open(void); 102 | void http_buffer_close(http_buffer_t buff); 103 | void http_buffer_putc(http_buffer_t buff, char c); 104 | void http_buffer_puts(http_buffer_t buff, const char *s); 105 | char http_buffer_getc(http_buffer_t buff); 106 | 107 | #endif /* __HTTP_SERVER_H */ 108 | -------------------------------------------------------------------------------- /src/install.c: -------------------------------------------------------------------------------- 1 | /* 2 | * install.c 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "config.h" 25 | #include "encodings/crypt.h" 26 | #include "install.h" 27 | #include "log.h" 28 | #include "misc.h" 29 | #include "tunnel.h" 30 | 31 | #define VERSION_FILENAME PROGRAM_NAME ".version" 32 | 33 | #ifdef WINDOWS 34 | #define SKIP_data_install_browser_sh 1 35 | #endif 36 | #ifndef FREEBSD 37 | #define SKIP_data_install_pf_conf 1 38 | #endif 39 | 40 | #include "install_data.c" 41 | 42 | /* 43 | * Prototypes. 44 | */ 45 | static void install_file(const char *keyname, const char *filename, bool force); 46 | 47 | /* 48 | * Install files (if required). 49 | */ 50 | void install_files(void) 51 | { 52 | bool force = false; 53 | FILE *file = fopen(VERSION_FILENAME, "r"); 54 | if (file == NULL) 55 | { 56 | force = true; 57 | } 58 | else 59 | { 60 | unsigned major, minor; 61 | if (fscanf(file, "%u.%u", &major, &minor) != 2) 62 | { 63 | force = true; 64 | } 65 | else 66 | { 67 | force = (major < 1 || minor < 4); 68 | } 69 | } 70 | 71 | install_file("install.version", VERSION_FILENAME, force); 72 | install_file("install.config", CONFIG_FILENAME, force); 73 | install_file("install.cache", TUNNELS_FILENAME, force); 74 | install_file("install.crypt.cache", CRYPT_CERT_CACHE_FILENAME, force); 75 | #ifndef WINDOWS 76 | install_file("install.browser.sh", BROWSER_FILENAME, force); 77 | #endif /* WINDOWS */ 78 | #ifdef FREEBSD 79 | install_file("install.pf.conf", PFCONF_FILENAME, force); 80 | #endif /* FREEBSD */ 81 | } 82 | 83 | /* 84 | * Install a file. 85 | */ 86 | static void install_file(const char *keyname, const char *filename, bool force) 87 | { 88 | bool install = force; 89 | if (!force) 90 | { 91 | FILE *file = fopen(filename, "r"); 92 | install = (file == NULL && errno == ENOENT); 93 | if (file != NULL) 94 | { 95 | fclose(file); 96 | } 97 | } 98 | if (!install) 99 | { 100 | return; 101 | } 102 | log("installing \"%s\"", filename); 103 | 104 | struct file_data_s key; 105 | key.name = keyname; 106 | 107 | struct file_data_s *data = bsearch(&key, 108 | file_data, sizeof(file_data) / sizeof(struct file_data_s), 109 | sizeof(struct file_data_s), file_data_s_compare); 110 | 111 | if (data == NULL) 112 | { 113 | warning("unable to find install data for \"%s\"", filename); 114 | return; 115 | } 116 | 117 | FILE *file = fopen(filename, "w"); 118 | if (file == NULL) 119 | { 120 | warning("unable to install file \"%s\"", filename); 121 | return; 122 | } 123 | fputs(data->data, file); 124 | fclose(file); 125 | return; 126 | } 127 | 128 | -------------------------------------------------------------------------------- /src/install.h: -------------------------------------------------------------------------------- 1 | /* 2 | * install.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __INSTALL_H 20 | #define __INSTALL_H 21 | 22 | void install_files(void); 23 | 24 | #endif /* __INSTALL_H */ 25 | -------------------------------------------------------------------------------- /src/install/install.browser.sh: -------------------------------------------------------------------------------- 1 | # Uncomment to override default browser: 2 | 3 | # BROWSER=firefox 4 | # BROWSER=google-chrome 5 | # BROWSER=chromium 6 | # BROWSER=opera 7 | # BROWSER=open # (for MacOSX only) 8 | 9 | if [ "$#" != 1 ] 10 | then 11 | echo "usage: $0 URL" >&2 12 | exit 1 13 | fi 14 | 15 | if [ -z "$BROWSER" ] 16 | then 17 | BROWSER=xdg-open 18 | fi 19 | 20 | if [ -x "`which $BROWSER`" ] 21 | then 22 | exec $BROWSER "$1" 23 | fi 24 | 25 | echo "$0: error: browser '$BROWSER' not found" >&2 26 | exit 1 27 | 28 | -------------------------------------------------------------------------------- /src/install/install.cache: -------------------------------------------------------------------------------- 1 | # Installed tunnel cache 2 | # AUTOMATICALLY GENERATED, DO NOT EDIT 3 | 4 | udp://109.248.168.126:48168?crypt=cipher.aes,cert.loWNhcG7iQwVbQS44EidtM,sec.2888 16 1 5 | udp://taiga.reqrypt.org:48168?crypt=cipher.aes,cert.loWNhcG7iQwVbQS44EidtM,sec.2888 16 1 6 | 7 | -------------------------------------------------------------------------------- /src/install/install.config: -------------------------------------------------------------------------------- 1 | # Installed configuration file 2 | # AUTOMATICALLY GENERATED, DO NOT EDIT 3 | 4 | ENABLED = "true" 5 | HIDE_TCP = "true" 6 | HIDE_TCP_DATA = "false" 7 | HIDE_TCP_SYN = "set" 8 | HIDE_TCP_ACK = "set" 9 | HIDE_TCP_PSH = "set" 10 | HIDE_TCP_FIN = "set" 11 | HIDE_TCP_RST = "set" 12 | HIDE_UDP = "false" 13 | TUNNEL = "true" 14 | MULTI_ROUTE = "false" 15 | SPLIT_MODE = "none" 16 | LOG_LEVEL = "packets" 17 | GHOST_MODE = "nat" 18 | GHOST_CHECK = "true" 19 | GHOST_SET_TTL = "true" 20 | GHOST_TTL = "3" 21 | FRAG_MODE = "transport" 22 | TCP_PORT = "80" 23 | TCP_PROTO = "http_url" 24 | TCP_PORT_2 = "443" 25 | TCP_PROTO_2 = "tls_sni" 26 | UDP_PORT = "53" 27 | UDP_PROTO = "dns" 28 | MTU = "1492" 29 | LAUNCH_UI = "true" 30 | CHECK_UPDATES = "true" 31 | -------------------------------------------------------------------------------- /src/install/install.crypt.cache: -------------------------------------------------------------------------------- 1 | xxtea a5p7i0RZlcs8y58ersfl75 lup4jiVIHBWbyvSLUyGyJZdNaRVM35FECFRlqmYQQ8E3iURziQbiX11HUOrSEMejRQVFrrWkKbaQop6KHcgVBeNXNxVyfP9m08KC8zF4UvB=agu6tFi2DPGBaBgdDzqOygGT9y6K5KE2RvZNpccIO6uyZG3fckcf9AtBS7ye36r 2 | aes JnWvfd1nOJEA55p6uJNuRF PfzLdsxSOL6twVuX3MwwqvXIxG4Ms8EjdNBYno=vrYgjOZ3ZuDoTTcP8x2ezbQOoHzYGCLJjvLBo0DO4z-Xw5iWOzjlR8Wc3H52CTXrkOcIZl8UnThf3Od46Y2=dG28kfx4Sar2qi6sN3uyCo-aDR4c9oeGXqrOw3XhV4gBQHVq 3 | aes 3=j3L53U9Jy0jhMsyaUmDe pTzZHkTO4quH28s5x1TOoRT8gAEYssrhDrwjDfF-TPetFr-yOqYfLbJBReZ9sl47xnhXzKsHZ9GhSreNTr8TJRUe=H6NxKIOihtCYv0nOhJYzZDQYFvtqUtlDGhN0nC-QvQwpg1is1DJ484DY3Vf-I6Z6zoQLY-YhKDxgRssWIu 4 | aes VpCsj5RmAZuIfnDcpPDXmr 1BzzJqYDA5dBvE-15fwdflM7M6hgcLuuJcE-zHl811UratQCw5gsRlHJVBYXrEKiHGD4ZdIY71nVlzKpyccdKGfKKNbZ6RpyJnvXY4R=T6GQZGmf-piTav6rIIkNEDlhK-R46m6sqRX-K-8Uvxefw1tR2T-ZDG2HL-ARZh4qh2r 5 | -------------------------------------------------------------------------------- /src/install/install.pf.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Note: In order to use ReQrypt, do the following steps as root: 3 | # 4 | # 1) Add the following line to /etc/pf.conf: 5 | # 6 | # anchor reqrypt 7 | # 8 | # 2) Reload pf: 9 | # 10 | # $ pactl -f /etc/pf.conf 11 | # 12 | # 3) Now, you can run ReQrypt as normal (still as root): 13 | # 14 | # $ reqrypt 15 | # 16 | 17 | set reassemble no 18 | pass out on em0 inet proto tcp to port 80 divert-packet port 40403 19 | pass out on em0 inet proto tcp to port 443 divert-packet port 40403 20 | pass out on em0 inet proto udp to port 53 divert-packet port 40403 21 | block in on em0 inet proto icmp all icmp-type 11 code 0 22 | 23 | -------------------------------------------------------------------------------- /src/install/install.version: -------------------------------------------------------------------------------- 1 | 1.4 2 | -------------------------------------------------------------------------------- /src/linux/misc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * misc.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #define _POSIX_C_SOURCE 200809L 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | #include "cfg.h" 31 | #include "log.h" 32 | #include "misc.h" 33 | 34 | #ifndef CLOCK_MONOTONIC_RAW 35 | #define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC 36 | #endif 37 | 38 | /* 39 | * Initialise a buffer with random data from /dev/urandom 40 | */ 41 | void random_ext_init(uint8_t *ptr, size_t size) 42 | { 43 | const char *rand_dev = "/dev/urandom"; 44 | FILE *rand = fopen(rand_dev, "r"); 45 | 46 | if (rand == NULL) 47 | { 48 | error("unable to open random number device \"%s\"", rand_dev); 49 | } 50 | 51 | if (fread(ptr, sizeof(uint8_t), size, rand) != size) 52 | { 53 | error("unable to read %zu bytes from random number device \"%s\"", 54 | size, rand_dev); 55 | } 56 | 57 | fclose(rand); 58 | } 59 | 60 | /* 61 | * Change to home directory (and create it if required). 62 | */ 63 | void chdir_home(void) 64 | { 65 | #ifdef CLIENT 66 | const char *home_dir = getenv("HOME"); 67 | if (home_dir == NULL) 68 | { 69 | warning("unable to find home directory; $HOME environment variable is " 70 | "not set"); 71 | goto chdir_home_error; 72 | } 73 | if (chdir(home_dir) != 0) 74 | { 75 | warning("unable to change to home directory %s", home_dir); 76 | goto chdir_home_error; 77 | } 78 | if (chdir(PROGRAM_DIR) != 0) 79 | { 80 | if (errno == ENOENT) 81 | { 82 | log("creating program directory %s", PROGRAM_DIR); 83 | if (mkdir(PROGRAM_DIR, S_IRUSR | S_IWUSR | S_IXUSR) != 0) 84 | { 85 | warning("unable to create program directory %s", 86 | PROGRAM_DIR); 87 | goto chdir_home_error; 88 | } 89 | if (chdir(PROGRAM_DIR) == 0) 90 | { 91 | return; 92 | } 93 | } 94 | warning("unable to change to program directory %s", PROGRAM_DIR); 95 | goto chdir_home_error; 96 | } 97 | return; 98 | 99 | chdir_home_error: 100 | warning("using /tmp as the program directory"); 101 | if (chdir("/tmp") != 0) 102 | { 103 | error("unable to change to program directory %s", "/tmp"); 104 | } 105 | #endif /* CLIENT */ 106 | } 107 | 108 | /* 109 | * Launch the UI. 110 | */ 111 | void launch_ui(uint16_t port) 112 | { 113 | #ifdef CLIENT 114 | bool err_exit = false; 115 | pid_t pid = fork(); 116 | if (pid == -1) 117 | { 118 | goto launch_ui_error; 119 | } 120 | 121 | if (pid > 0) 122 | { 123 | return; 124 | } 125 | 126 | const char url_fmt[] = "http://localhost:%u/"; 127 | char url[sizeof(url_fmt) - 2 + 5]; // - "%u" + 5 port digits 128 | snprintf(url, sizeof(url), url_fmt, port); 129 | #ifdef MACOSX 130 | setenv("BROWSER", "open", false); 131 | #endif 132 | execlp("/bin/sh", "/bin/sh", BROWSER_FILENAME, url, NULL); 133 | err_exit = true; 134 | 135 | launch_ui_error: 136 | warning("unable to launch user interface http://localhost:%u/", port); 137 | if (err_exit) 138 | { 139 | exit(EXIT_FAILURE); 140 | } 141 | #endif /* CLIENT */ 142 | } 143 | 144 | /* 145 | * Gets the current time in microseconds. 146 | */ 147 | uint64_t gettime(void) 148 | { 149 | struct timespec ts; 150 | clock_gettime(CLOCK_MONOTONIC_RAW, &ts); 151 | return ts.tv_sec * 1000000 + ts.tv_nsec / 1000; 152 | } 153 | 154 | /* 155 | * Sleep for the given number of microseconds. 156 | */ 157 | void sleeptime(uint64_t us) 158 | { 159 | uint64_t ns = 1000*us; 160 | struct timespec ts; 161 | ts.tv_sec = ns / 1000000000; 162 | ts.tv_nsec = ns % 1000000000; 163 | while (nanosleep(&ts, &ts) != 0 && errno == EINTR) 164 | ; 165 | } 166 | 167 | /* 168 | * Quit this application. 169 | */ 170 | void quit(int status) 171 | { 172 | exit(status); 173 | } 174 | 175 | -------------------------------------------------------------------------------- /src/linux/socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * socket.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __SOCKET_H 19 | #define __SOCKET_H 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | 37 | typedef int socket_t; 38 | 39 | #define SOCKET_T_FMT "%d" 40 | 41 | #define INVALID_SOCKET (-1) 42 | #define SOCKET_ERROR (-1) 43 | 44 | #define init_sockets() /* NOP */ 45 | #define close_socket(socket) close(socket) 46 | 47 | #define UDP_NO_CHECK_LAYER SOL_SOCKET 48 | #define UDP_NO_CHECK_OPTION SO_NO_CHECK 49 | 50 | #endif /* __SOCKET_H */ 51 | -------------------------------------------------------------------------------- /src/linux/thread.h: -------------------------------------------------------------------------------- 1 | /* 2 | * thread.h 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __THREAD_H 19 | #define __THREAD_H 20 | 21 | #include 22 | 23 | typedef pthread_t thread_t; 24 | typedef pthread_mutex_t mutex_t; 25 | 26 | static inline int thread_create(thread_t *thread, void *(*start)(void *), 27 | void *arg) 28 | { 29 | int result = pthread_create(thread, NULL, start, arg); 30 | if (result == 0) 31 | { 32 | result = pthread_detach(*thread); 33 | } 34 | return result; 35 | } 36 | 37 | static inline int thread_lock_init(mutex_t *lock) 38 | { 39 | return pthread_mutex_init(lock, NULL); 40 | } 41 | 42 | static inline int thread_lock_free(mutex_t *lock) 43 | { 44 | return pthread_mutex_destroy(lock); 45 | } 46 | 47 | static inline int thread_lock(mutex_t *lock) 48 | { 49 | return pthread_mutex_lock(lock); 50 | } 51 | 52 | static inline int thread_unlock(mutex_t *lock) 53 | { 54 | return pthread_mutex_unlock(lock); 55 | } 56 | 57 | #endif /* __THREAD_H */ 58 | -------------------------------------------------------------------------------- /src/log.h: -------------------------------------------------------------------------------- 1 | /* 2 | * log.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __LOG_H 19 | #define __LOG_H 20 | 21 | #include 22 | #include 23 | 24 | #include "http_server.h" 25 | 26 | /* 27 | * Global flag indicates current log level. 28 | */ 29 | extern int __log_level; 30 | 31 | /* 32 | * Log message types. 33 | */ 34 | #define LOG_MESSAGE_ERROR ((int8_t)-1) 35 | #define LOG_MESSAGE_WARNING ((int8_t)-2) 36 | #define LOG_MESSAGE_PANIC ((int8_t)-3) 37 | #define LOG_MESSAGE_NONE ((int8_t)0) 38 | #define LOG_MESSAGE_INFO ((int8_t)1) 39 | #define LOG_MESSAGE_PACKET ((int8_t)2) 40 | #define LOG_MESSAGE_TRACE ((int8_t)3) 41 | 42 | /* 43 | * Prototypes. 44 | */ 45 | void log_init(void); 46 | void log_message(int8_t type, const char *message, ...) 47 | __attribute__ ((format (printf, 2, 3))); 48 | bool log_html_message(http_buffer_t buff); 49 | void log_packet(const uint8_t *packet); 50 | 51 | #define log_get_level() \ 52 | (__log_level) 53 | #define log_set_level(level) \ 54 | do { \ 55 | __log_level = (level); \ 56 | } while (false) 57 | 58 | #define make_string(s) make_string_2(s) 59 | #define make_string_2(s) #s 60 | 61 | #define error(message, ...) \ 62 | do { \ 63 | log_message(LOG_MESSAGE_ERROR, message, ## __VA_ARGS__); \ 64 | exit(EXIT_FAILURE); \ 65 | } while (false) 66 | #define warning(message, ...) \ 67 | do { \ 68 | log_message(LOG_MESSAGE_WARNING, message, ## __VA_ARGS__); \ 69 | } while (false) 70 | #define panic(message, ...) \ 71 | do { \ 72 | log_message(LOG_MESSAGE_PANIC, __FILE__ ": " \ 73 | make_string(__LINE__) ": " message, ## __VA_ARGS__); \ 74 | exit(EXIT_FAILURE); \ 75 | } while (false) 76 | #define log(message, ...) \ 77 | do { \ 78 | if (LOG_MESSAGE_INFO <= __log_level) \ 79 | log_message(LOG_MESSAGE_INFO, message, ## __VA_ARGS__); \ 80 | } while (false) 81 | #define packet(message, ...) \ 82 | do { \ 83 | if (LOG_MESSAGE_PACKET <= __log_level) \ 84 | log_message(LOG_MESSAGE_PACKET, message, ## __VA_ARGS__); \ 85 | } while (false) 86 | #define trace(message, ...) \ 87 | do { \ 88 | if (LOG_MESSAGE_TRACE <= __log_level) \ 89 | log_message(LOG_MESSAGE_TRACE, message, ## __VA_ARGS__); \ 90 | } while (false) 91 | #define log_enabled(level) \ 92 | ((level) <= __log_level) 93 | 94 | #endif /* __LOG_H */ 95 | -------------------------------------------------------------------------------- /src/macosx: -------------------------------------------------------------------------------- 1 | freebsd/ -------------------------------------------------------------------------------- /src/misc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * misc.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __MISC_H 20 | #define __MISC_H 21 | 22 | /* 23 | * Misc. system specific functions. 24 | */ 25 | 26 | #include 27 | 28 | #define SECONDS 1000000L 29 | #define MILLISECONDS 1000L 30 | #define MICROSECONDS 1L 31 | 32 | void random_ext_init(uint8_t *ptr, size_t size); 33 | void chdir_home(void); 34 | void launch_ui(uint16_t port); 35 | uint64_t gettime(void); 36 | void sleeptime(uint64_t us); 37 | void quit(int status) __attribute__((noreturn)); 38 | 39 | #ifndef WINDOWS 40 | #define BROWSER_FILENAME PROGRAM_NAME ".browser.sh" 41 | #endif 42 | #ifdef FREEBSD 43 | #define PFCONF_FILENAME PROGRAM_NAME ".pf.conf" 44 | #endif 45 | 46 | #endif /* __MISC_H */ 47 | -------------------------------------------------------------------------------- /src/options.c: -------------------------------------------------------------------------------- 1 | /* 2 | * options.c 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | /* 20 | * NOTE: MinGW64 doesn't support getopt, so we implement our own solution. 21 | */ 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | #include "cfg.h" 30 | #include "misc.h" 31 | #include "options.h" 32 | 33 | typedef void *opt_val_t; 34 | typedef uint8_t opt_type_t; 35 | #define OPT_BOOL 0 36 | #define OPT_INT 1 37 | 38 | /* 39 | * Representation of an option. 40 | */ 41 | struct opt_info_s 42 | { 43 | const char *name; 44 | opt_type_t type; 45 | bool *seen; 46 | void *val; 47 | }; 48 | 49 | /* 50 | * Comparison function for opt_info_s. 51 | */ 52 | static int opt_info_s_compare(const void *a, const void *b) 53 | { 54 | const struct opt_info_s *a1 = (const struct opt_info_s *)a; 55 | const struct opt_info_s *b1 = (const struct opt_info_s *)b; 56 | return strcmp(a1->name, b1->name); 57 | } 58 | 59 | /* 60 | * Global options table. 61 | */ 62 | struct options_s options = {0}; 63 | 64 | /* 65 | * Table of all options. Must be in alphabetical order. 66 | */ 67 | struct opt_info_s opt_info[] = 68 | { 69 | {"help", OPT_BOOL, &options.seen_help, NULL}, 70 | {"no-capture", OPT_BOOL, &options.seen_no_capture, NULL}, 71 | #ifdef FREEBSD 72 | {"no-pf", OPT_BOOL, &options.seen_no_pf, NULL}, 73 | #endif 74 | #ifdef LINUX 75 | {"no-iptables", OPT_BOOL, &options.seen_no_iptables, NULL}, 76 | #endif 77 | {"no-launch-ui", OPT_BOOL, &options.seen_no_launch_ui, NULL}, 78 | {"no-ui", OPT_BOOL, &options.seen_no_ui, NULL}, 79 | {"num-threads", OPT_INT, &options.seen_num_threads, 80 | &options.val_num_threads}, 81 | {"ui-port", OPT_INT, &options.seen_ui_port, 82 | &options.val_ui_port}, 83 | {"version", OPT_BOOL, &options.seen_version, NULL} 84 | }; 85 | 86 | /* 87 | * Prototypes. 88 | */ 89 | static void usage(void); 90 | static void help(void); 91 | 92 | /* 93 | * Process any command line options. 94 | */ 95 | void options_init(int argc, char **argv) 96 | { 97 | bool err = false; 98 | for (int i = 1; i < argc; i++) 99 | { 100 | const char *arg = argv[i]; 101 | if (arg[0] != '-' || arg[1] != '-') 102 | { 103 | fprintf(stderr, "%s: expected an option; found \"%s\"\n", argv[0], 104 | arg); 105 | err = true; 106 | break; 107 | } 108 | 109 | struct opt_info_s key; 110 | key.name = arg + 2; 111 | struct opt_info_s *info = bsearch(&key, opt_info, 112 | sizeof(opt_info) / sizeof(struct opt_info_s), 113 | sizeof(struct opt_info_s), opt_info_s_compare); 114 | if (info == NULL) 115 | { 116 | fprintf(stderr, "%s: unrecognized option \"%s\"\n", PROGRAM_NAME, 117 | arg); 118 | err = true; 119 | break; 120 | } 121 | 122 | *info->seen = true; 123 | 124 | if (info->type != OPT_BOOL) 125 | { 126 | i++; 127 | if (i == argc) 128 | { 129 | fprintf(stderr, "%s: option \"%s\" missing argument", 130 | PROGRAM_NAME, arg); 131 | err = true; 132 | break; 133 | } 134 | 135 | arg = argv[i]; 136 | switch (info->type) 137 | { 138 | case OPT_INT: 139 | { 140 | errno = 0; 141 | int val = strtol(arg, NULL, 10); 142 | if (errno) 143 | { 144 | fprintf(stderr, "%s: option \"%s\" expects an " 145 | "integer argument", PROGRAM_NAME, arg); 146 | err = true; 147 | break; 148 | } 149 | *(int *)info->val = val; 150 | } 151 | } 152 | 153 | if (err) 154 | { 155 | break; 156 | } 157 | } 158 | } 159 | 160 | if (err) 161 | { 162 | usage(); 163 | quit(EXIT_FAILURE); 164 | } 165 | 166 | if (options.seen_help) 167 | { 168 | help(); 169 | quit(EXIT_SUCCESS); 170 | } 171 | 172 | if (options.seen_version) 173 | { 174 | quit(EXIT_SUCCESS); 175 | } 176 | } 177 | 178 | /* 179 | * Get the processed options. 180 | */ 181 | const struct options_s *options_get(void) 182 | { 183 | return &options; 184 | } 185 | 186 | /* 187 | * Print the usage message. 188 | */ 189 | static void usage(void) 190 | { 191 | fprintf(stderr, "usage: %s [OPTIONS]\n", PROGRAM_NAME); 192 | fprintf(stderr, "Run `%s --help' for more information.\n", PROGRAM_NAME); 193 | } 194 | 195 | /* 196 | * Print the help message. 197 | */ 198 | static void help(void) 199 | { 200 | printf("\nusage: %s [OPTIONS]\n\n", PROGRAM_NAME); 201 | puts("OPTIONS are:"); 202 | puts("\t--help"); 203 | puts("\t\tPrint this helpful message."); 204 | puts("\t--no-capture"); 205 | puts("\t\tDo not capture and tunnel packets (this option effectively"); 206 | printf("\t\tdisables %s).\n", PROGRAM_NAME); 207 | #ifdef FREEBSD 208 | puts("\t--no-pf"); 209 | printf("\t\tPrevent %s from issuing pf commands.\n", PROGRAM_NAME); 210 | puts("\t\tUse this option if you wish to configure pf manually."); 211 | #endif 212 | #ifdef LINUX 213 | puts("\t--no-iptables"); 214 | printf("\t\tPrevent %s from issuing iptables commands.\n", PROGRAM_NAME); 215 | puts("\t\tUse this option if you wish to configure iptables manually."); 216 | #endif 217 | puts("\t--no-launch-ui"); 218 | puts("\t\tDo not automatically launch the user interface."); 219 | puts("\t--no-ui"); 220 | puts("\t\tDisable the user interface."); 221 | puts("\t--num-threads NUMBER"); 222 | puts("\t\tUse NUMBER threads to process packets."); 223 | puts("\t--ui-port PORT"); 224 | puts("\t\tUse PORT for the user interface."); 225 | puts("\t--version"); 226 | puts("\t\tPrint version information and exit."); 227 | putchar('\n'); 228 | } 229 | 230 | -------------------------------------------------------------------------------- /src/options.h: -------------------------------------------------------------------------------- 1 | /* 2 | * options.h 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __OPTIONS_H 19 | #define __OPTIONS_H 20 | 21 | #include 22 | 23 | #include "cfg.h" 24 | 25 | /* 26 | * Options table. 27 | */ 28 | struct options_s 29 | { 30 | bool seen_help; 31 | bool seen_no_capture; 32 | #ifdef FREEBSD 33 | bool seen_no_pf; 34 | #endif 35 | #ifdef LINUX 36 | bool seen_no_iptables; 37 | #endif 38 | bool seen_no_launch_ui; 39 | bool seen_no_ui; 40 | bool seen_num_threads; 41 | int val_num_threads; 42 | bool seen_ui_port; 43 | int val_ui_port; 44 | bool seen_version; 45 | }; 46 | 47 | /* 48 | * Prototypes. 49 | */ 50 | void options_init(int argc, char **argv); 51 | const struct options_s *options_get(void); 52 | 53 | #endif /* __OPTIONS_H */ 54 | -------------------------------------------------------------------------------- /src/packet.c: -------------------------------------------------------------------------------- 1 | /* 2 | * packet.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | 22 | #include "log.h" 23 | #include "packet.h" 24 | 25 | /* 26 | * Initialise various packet information: 27 | */ 28 | void packet_init(uint8_t *packet, bool has_eth_header, 29 | struct ethhdr **eth_header_ptr, struct iphdr **ip_header_ptr, 30 | struct ip6_hdr **ip6_header_ptr, struct tcphdr **tcp_header_ptr, 31 | struct udphdr **udp_header_ptr, uint8_t **data_ptr, 32 | size_t *header_size_ptr, size_t *data_size_ptr) 33 | { 34 | struct ethhdr *eth_header; 35 | struct iphdr *ip_header; 36 | size_t header_size = 0; 37 | if (has_eth_header) 38 | { 39 | eth_header = (struct ethhdr *)packet; 40 | header_size += sizeof(struct ethhdr); 41 | ip_header = (struct iphdr *)(eth_header + 1); 42 | } 43 | else 44 | { 45 | eth_header = NULL; 46 | ip_header = (struct iphdr *)packet; 47 | } 48 | 49 | // Network layer 50 | struct ip6_hdr *ip6_header = (struct ip6_hdr *)ip_header; 51 | size_t packet_len; 52 | uint8_t ip_proto; 53 | uint8_t *ip_header_end; 54 | switch (ip_header->version) 55 | { 56 | case 4: 57 | ip6_header = NULL; 58 | packet_len = ntohs(ip_header->tot_len) + header_size; 59 | header_size += ip_header->ihl*sizeof(uint32_t); 60 | ip_proto = ip_header->protocol; 61 | ip_header_end = (uint8_t *)ip_header + 62 | ip_header->ihl*sizeof(uint32_t); 63 | break; 64 | case 6: 65 | ip_header = NULL; 66 | packet_len = ntohs(ip6_header->ip6_plen) + header_size + 67 | sizeof(struct ip6_hdr); 68 | header_size += sizeof(struct ip6_hdr); 69 | ip_proto = ip_header->protocol; 70 | ip_header_end = (uint8_t *)(ip6_header + 1); 71 | break; 72 | default: 73 | panic("expected IP version 4 or 6, found %d", ip_header->version); 74 | } 75 | 76 | // Transport layer 77 | struct tcphdr *tcp_header; 78 | struct udphdr *udp_header; 79 | switch (ip_proto) 80 | { 81 | case IPPROTO_TCP: 82 | tcp_header = (struct tcphdr *)ip_header_end; 83 | udp_header = NULL; 84 | header_size += tcp_header->doff*sizeof(uint32_t); 85 | break; 86 | case IPPROTO_UDP: 87 | tcp_header = NULL; 88 | udp_header = (struct udphdr *)ip_header_end; 89 | header_size += sizeof(struct udphdr); 90 | break; 91 | default: 92 | panic("expected IP protocol %d or %d", IPPROTO_TCP, IPPROTO_UDP); 93 | } 94 | 95 | uint8_t *data = (header_size == packet_len? NULL: packet + header_size); 96 | size_t data_size = packet_len - header_size; 97 | 98 | // Init the vars: 99 | if (eth_header_ptr != NULL) 100 | { 101 | *eth_header_ptr = eth_header; 102 | } 103 | if (ip_header_ptr != NULL) 104 | { 105 | *ip_header_ptr = ip_header; 106 | } 107 | if (ip6_header_ptr != NULL) 108 | { 109 | *ip6_header_ptr = ip6_header; 110 | } 111 | if (tcp_header_ptr != NULL) 112 | { 113 | *tcp_header_ptr = tcp_header; 114 | } 115 | if (udp_header_ptr != NULL) 116 | { 117 | *udp_header_ptr = udp_header; 118 | } 119 | if (data_ptr != NULL) 120 | { 121 | *data_ptr = data; 122 | } 123 | if (header_size_ptr != NULL) 124 | { 125 | *header_size_ptr = header_size; 126 | } 127 | if (data_size_ptr != NULL) 128 | { 129 | *data_size_ptr = data_size; 130 | } 131 | } 132 | 133 | -------------------------------------------------------------------------------- /src/packet.h: -------------------------------------------------------------------------------- 1 | /* 2 | * packet.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __PACKET_H 20 | #define __PACKET_H 21 | 22 | #include 23 | #include 24 | 25 | #include "socket.h" 26 | 27 | /* 28 | * Prototypes. 29 | */ 30 | void packet_init(uint8_t *packet, bool has_eth_header, 31 | struct ethhdr **eth_header_ptr, struct iphdr **ip_header_ptr, 32 | struct ip6_hdr **ip6_header_ptr, struct tcphdr **tcp_header_ptr, 33 | struct udphdr **udp_header_ptr, uint8_t **data_ptr, 34 | size_t *header_size_ptr, size_t *data_size_ptr); 35 | 36 | #endif /* __PACKET_H */ 37 | -------------------------------------------------------------------------------- /src/packet_dispatch.h: -------------------------------------------------------------------------------- 1 | /* 2 | * packet_dispatch.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __PACKET_DISPATCH_H 20 | #define __PACKET_DISPATCH_H 21 | 22 | #include "cktp.h" 23 | #include "config.h" 24 | #include "random.h" 25 | #include "socket.h" 26 | 27 | /* 28 | * Minimum size of 'buff' for 'packet_dispatch'. 29 | */ 30 | #define PACKET_BUFF_SIZE (2*CKTP_MAX_PACKET_SIZE+256) 31 | 32 | /* 33 | * Maximum number of fragments packet_dispatch can generate. 34 | */ 35 | #define DISPATCH_MAX_FRAGMENTS 8 36 | 37 | /* 38 | * Prototypes. 39 | */ 40 | void packet_dispatch(struct config_s *config, random_state_t rng, 41 | uint8_t *packet, size_t packet_len, uint64_t packet_hash, 42 | unsigned packet_rep, struct ethhdr **allowed_packets, 43 | struct ethhdr **tunneled_packets, uint8_t *buff); 44 | 45 | #endif /* __PACKET_DISPATCH_H */ 46 | -------------------------------------------------------------------------------- /src/packet_filter.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | #ifndef __PACKET_FILTER_H 4 | #define __PACKET_FILTER_H 5 | 6 | #include 7 | #include 8 | 9 | #include "config.h" 10 | 11 | /* 12 | * Prototypes. 13 | */ 14 | bool packet_filter(struct config_s *config, const uint8_t *packet, 15 | size_t packet_len); 16 | 17 | #endif /* __PACKET_FILTER_H */ 18 | -------------------------------------------------------------------------------- /src/packet_protocol.h: -------------------------------------------------------------------------------- 1 | /* 2 | * packet_protocol.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __PACKET_PROTOCOL_H 19 | #define __PACKET_PROTOCOL_H 20 | 21 | #include 22 | #include 23 | 24 | typedef uint8_t proto_t; 25 | typedef bool (*proto_match_t)(uint8_t *packet, size_t *start, size_t *end); 26 | typedef void (*proto_gen_t)(uint8_t *packet, uint64_t hash); 27 | 28 | #define PROTOCOL_TCP_DEFAULT 0 29 | #define PROTOCOL_TCP_2_DEFAULT 2 30 | #define PROTOCOL_UDP_DEFAULT 1 31 | #define PROTOCOL_DEFAULT PROTOCOL_TCP_DEFAULT 32 | 33 | struct proto_s 34 | { 35 | const char *name; 36 | proto_match_t match; 37 | proto_gen_t generate; 38 | }; 39 | 40 | proto_t protocol_get(const char *name); 41 | const struct proto_s *protocol_get_def(proto_t proto); 42 | 43 | #define protocol_get_name(proto) (protocol_get_def(proto)->name) 44 | 45 | #endif /* __PACKET_PROTOCOL_H */ 46 | -------------------------------------------------------------------------------- /src/packet_track.c: -------------------------------------------------------------------------------- 1 | /* 2 | * packet_track.c 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "packet.h" 24 | #include "packet_track.h" 25 | #include "socket.h" 26 | 27 | #define PACKET_TABLE_NUM_BUCKETS 512 28 | #define PACKET_TABLE_BUCKET_SIZE 4 29 | #define MAX_SEQ 0x00FFFFFF 30 | 31 | struct packet_node_s 32 | { 33 | uint32_t hash; 34 | uint32_t seq:24; 35 | uint8_t rep; 36 | }; 37 | 38 | /* 39 | * Prototypes. 40 | */ 41 | static uint64_t data_hash(void *data0, size_t data_size, uint64_t hash); 42 | 43 | /* 44 | * Track a packet. Determine its hash value and how many times it has been 45 | * repeated. 46 | * 47 | * NOTE: packet_table is not multi-thread safe. We do not care since, at 48 | * worst, we get false negatives, which are tolerable. 49 | */ 50 | void packet_track(uint8_t *packet, uint64_t *hash, unsigned *repeat) 51 | { 52 | static struct packet_node_s 53 | packet_table[PACKET_TABLE_NUM_BUCKETS][PACKET_TABLE_BUCKET_SIZE]; 54 | static uint32_t seq = 0; 55 | seq = (seq == MAX_SEQ? 0: seq + 1); 56 | 57 | uint64_t hash64 = packet_hash(packet, true); 58 | uint32_t hash32 = (uint32_t)hash64 ^ 59 | (uint32_t)(hash64 >> sizeof(uint32_t)); 60 | uint16_t hash16 = (uint16_t)hash32 ^ 61 | (uint16_t)(hash32 >> sizeof(uint16_t)); 62 | *hash = hash64; 63 | 64 | struct packet_node_s *bucket = 65 | packet_table[hash16 % PACKET_TABLE_NUM_BUCKETS]; 66 | 67 | unsigned j = 0; 68 | unsigned max_diff = 0; 69 | for (unsigned i = 0; i < PACKET_TABLE_BUCKET_SIZE; i++) 70 | { 71 | if (bucket[i].hash == hash32) 72 | { 73 | bucket[i].seq = seq; 74 | bucket[i].rep++; 75 | *repeat = bucket[i].rep; 76 | return; 77 | } 78 | unsigned diff = seq - bucket[i].seq; 79 | if (diff > max_diff) 80 | { 81 | j = i; 82 | } 83 | } 84 | 85 | bucket[j].hash = hash32; 86 | bucket[j].seq = seq; 87 | bucket[j].rep = 0; 88 | *repeat = 0; 89 | } 90 | 91 | /* 92 | * Calculate the given packet's hash value. If full=false then just 93 | * calculates flow hash. 94 | */ 95 | uint64_t packet_hash(uint8_t *packet, bool full) 96 | { 97 | struct iphdr *ip_header; 98 | struct tcphdr *tcp_header; 99 | struct udphdr *udp_header; 100 | uint8_t *data; 101 | size_t data_size; 102 | packet_init(packet, true, NULL, &ip_header, NULL, &tcp_header, 103 | &udp_header, &data, NULL, &data_size); 104 | 105 | uint64_t hash = 0x7126076C08D72A48ULL; 106 | if (full) 107 | { 108 | uint16_t data_size16 = (uint16_t)data_size; 109 | hash = data_hash(&data_size16, sizeof(data_size16), hash); 110 | hash = data_hash(&ip_header->saddr, sizeof(ip_header->saddr), hash); 111 | } 112 | hash = data_hash(&ip_header->protocol, sizeof(ip_header->protocol), hash); 113 | hash = data_hash(&ip_header->daddr, sizeof(ip_header->daddr), hash); 114 | if (tcp_header != NULL) 115 | { 116 | hash = data_hash(&tcp_header->source, sizeof(tcp_header->source), 117 | hash); 118 | hash = data_hash(&tcp_header->dest, sizeof(tcp_header->dest), hash); 119 | if (full) 120 | { 121 | hash = data_hash(&tcp_header->seq, sizeof(tcp_header->seq), hash); 122 | hash = data_hash(&tcp_header->ack_seq, sizeof(tcp_header->ack_seq), 123 | hash); 124 | uint8_t tcp_flags = *(((uint8_t *)&tcp_header->window)-1); 125 | hash = data_hash(&tcp_flags, sizeof(tcp_flags), hash); 126 | } 127 | } 128 | else 129 | { 130 | hash = data_hash(&udp_header->source, sizeof(udp_header->source), 131 | hash); 132 | hash = data_hash(&udp_header->dest, sizeof(udp_header->dest), hash); 133 | } 134 | if (full) 135 | { 136 | hash = data_hash(data, data_size, hash); 137 | } 138 | return hash; 139 | } 140 | 141 | /* 142 | * Generic hash function. 143 | */ 144 | #define FNV_64_PRIME 0x100000001b3ULL 145 | uint64_t data_hash(void *data0, size_t data_size, uint64_t hash) 146 | { 147 | uint8_t *data = (uint8_t *)data0; 148 | for (size_t i = 0; i < data_size; i++) 149 | { 150 | hash ^= (uint64_t)data[i]; 151 | hash *= FNV_64_PRIME; 152 | } 153 | return hash; 154 | } 155 | 156 | -------------------------------------------------------------------------------- /src/packet_track.h: -------------------------------------------------------------------------------- 1 | /* 2 | * packet_track.h 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __PACKET_TRACK_H 20 | #define __PACKET_TRACK_H 21 | 22 | #include 23 | 24 | void packet_track(uint8_t *packet, uint64_t *hash, unsigned *repeat); 25 | uint64_t packet_hash(uint8_t *packet, bool full); 26 | 27 | #endif /* __PACKET_TRACK_H */ 28 | -------------------------------------------------------------------------------- /src/quota.c: -------------------------------------------------------------------------------- 1 | /* 2 | * quota.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "cookie.h" 25 | #include "cktp_encoding.h" 26 | #include "misc.h" 27 | #include "quota.h" 28 | #include "thread.h" 29 | 30 | /* 31 | * Quota structure: 32 | */ 33 | struct quota_s 34 | { 35 | random_state_t rng; // RNG 36 | struct cookie_gen_s salt; // Salt for hashing 37 | mutex_t lock; // Lock 38 | uint32_t rps; // Requests-per-second 39 | uint32_t timemin; // Reset time min (ms) 40 | uint32_t timemax; // Reset time max (ms) 41 | uint64_t starttime; // Start time 42 | uint64_t totaltime; // Total time until reset 43 | uint64_t maxcount; // Maximum count 44 | uint16_t countssize; // Counts size 45 | uint64_t counts[]; // Counts 46 | }; 47 | 48 | /* 49 | * Prototypes. 50 | */ 51 | static uint64_t quota_hash(quota_t quota, uint32_t *ip, size_t ipsize); 52 | extern void error(const char *message, ...); 53 | 54 | /* 55 | * Create and initialise a quota_t. 56 | */ 57 | quota_t quota_init(uint32_t timemin, uint32_t timemax, 58 | uint16_t numcounts, uint32_t rps) 59 | { 60 | size_t quota_size = sizeof(struct quota_s) + numcounts*sizeof(uint64_t); 61 | quota_t quota = (quota_t)malloc(quota_size); 62 | if (quota == NULL) 63 | { 64 | error("unable to allocation %zu bytes for quota tracker", quota_size); 65 | exit(EXIT_FAILURE); 66 | } 67 | memset(quota, 0, quota_size); 68 | if (thread_lock_init("a->lock) != 0) 69 | { 70 | error("unable to initialise lock for quota tracker"); 71 | exit(EXIT_FAILURE); 72 | } 73 | uint64_t currtime = gettime()/1000; 74 | quota->rng = random_init(); 75 | quota->timemin = timemin; 76 | quota->timemax = timemax; 77 | quota->countssize = numcounts; 78 | quota->starttime = currtime; 79 | quota->totaltime = 0; // Ensure reset. 80 | quota->rps = rps; 81 | quota->maxcount = 0; 82 | 83 | return quota; 84 | } 85 | 86 | /* 87 | * Free a quota_t. 88 | */ 89 | void quota_free(quota_t quota) 90 | { 91 | thread_lock_free("a->lock); 92 | free(quota); 93 | } 94 | 95 | /* 96 | * Check if we should accept the request or not. 97 | */ 98 | bool quota_check(quota_t quota, uint32_t *ip, size_t ipsize, uint16_t delta) 99 | { 100 | uint64_t currtime = gettime()/1000; 101 | uint64_t usedtime = currtime - quota->starttime; 102 | uint64_t hash = quota_hash(quota, ip, ipsize); 103 | size_t idx = hash % quota->countssize; 104 | 105 | thread_lock("a->lock); 106 | if (usedtime >= quota->totaltime) 107 | { 108 | uint64_t r64 = random_uint64(quota->rng); 109 | uint64_t resettime = currtime + 110 | r64 % (quota->timemax - quota->timemin) + quota->timemin; 111 | quota->starttime = currtime; 112 | quota->totaltime = resettime - quota->starttime; 113 | quota->maxcount = (quota->rps * quota->totaltime) / 1000 + 1; 114 | random_memory(quota->rng, "a->salt, sizeof(quota->salt)); 115 | memset(quota->counts, 0x0, quota->countssize*sizeof(uint64_t)); 116 | } 117 | 118 | uint64_t count = quota->counts[idx]; 119 | uint64_t starttime = quota->starttime; 120 | uint64_t resettime = quota->starttime + quota->totaltime; 121 | uint64_t maxcount = quota->maxcount; 122 | uint64_t totaltime = quota->totaltime; 123 | if (count <= maxcount / 4) 124 | { 125 | quota->counts[idx] += delta; 126 | thread_unlock("a->lock); 127 | return true; 128 | } 129 | if (count > maxcount) 130 | { 131 | thread_unlock("a->lock); 132 | return false; 133 | } 134 | 135 | uint64_t difftime = currtime - starttime; 136 | difftime += (difftime == 0? 1: 0); 137 | uint64_t remtime = resettime - currtime; 138 | remtime += (remtime == 0? 1: 0); 139 | 140 | // rate = current rate 141 | double rate = (double)count / (double)difftime; 142 | double projected = rate * (double)totaltime; 143 | if (projected <= (double)maxcount) 144 | { 145 | quota->counts[idx] += delta; 146 | thread_unlock("a->lock); 147 | return true; 148 | } 149 | 150 | // rate2 = max allowable rate to stay below maxcount 151 | double rate2 = (double)(maxcount - count) / (double)remtime; 152 | if (rate2 >= rate) 153 | { 154 | quota->counts[idx] += delta; 155 | thread_unlock("a->lock); 156 | return true; 157 | } 158 | double ratio = rate2 / rate; 159 | if (ratio < 1.0 / (double)UINT8_MAX) 160 | { 161 | thread_unlock("a->lock); 162 | return false; 163 | } 164 | 165 | // Probablistic throttle: 166 | uint8_t r8 = random_uint8(quota->rng); 167 | bool allow = (double)r8 < ((double)UINT8_MAX * ratio); 168 | if (allow) 169 | quota->counts[idx] += delta; 170 | thread_unlock("a->lock); 171 | 172 | return allow; 173 | } 174 | 175 | /* 176 | * Compute the hash value. 177 | */ 178 | static uint64_t quota_hash(quota_t quota, uint32_t *ip, size_t ipsize) 179 | { 180 | return generate_cookie64("a->salt, ip, ipsize / sizeof(uint32_t)); 181 | } 182 | 183 | -------------------------------------------------------------------------------- /src/quota.h: -------------------------------------------------------------------------------- 1 | /* 2 | * quota.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __QUOTA_H 20 | #define __QUOTA_H 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | typedef struct quota_s *quota_t; 27 | 28 | /* 29 | * Prototypes. 30 | */ 31 | quota_t quota_init(uint32_t timemin, uint32_t timemax, 32 | uint16_t numcounts, uint32_t rps); 33 | void quota_free(quota_t quota); 34 | bool quota_check(quota_t quota, uint32_t *ip, size_t ipsize, uint16_t delta); 35 | 36 | #endif /* __QUOTA_H */ 37 | -------------------------------------------------------------------------------- /src/random.c: -------------------------------------------------------------------------------- 1 | /* 2 | * random.c 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "cfg.h" 24 | #include "log.h" 25 | #include "misc.h" 26 | #include "random.h" 27 | #include "thread.h" 28 | 29 | struct random_state_s 30 | { 31 | uint32_t v[4]; // Plain text 32 | uint32_t k[4]; // Key 33 | uint32_t r[4]; // Seed 34 | uint32_t e[4]; // Cipher text 35 | size_t e_idx; // Next byte 36 | }; 37 | 38 | /* 39 | * Prototypes. 40 | */ 41 | static void generate_random(random_state_t state); 42 | 43 | /* 44 | * Initialise the random number generator. 45 | */ 46 | random_state_t random_init(void) 47 | { 48 | random_state_t state = (random_state_t)malloc( 49 | sizeof(struct random_state_s)); 50 | if (state == NULL) 51 | { 52 | error("unable to allocate " SIZE_T_FMT " bytes for random state", 53 | sizeof(struct random_state_s)); 54 | exit(EXIT_FAILURE); // For server. 55 | } 56 | 57 | state->e_idx = sizeof(state->e); 58 | uint8_t buff[sizeof(state->v) + sizeof(state->k) + sizeof(state->r)]; 59 | random_ext_init(buff, sizeof(buff)); 60 | memmove(state->v, buff, sizeof(state->v)); 61 | memmove(state->k, buff + sizeof(state->v), sizeof(state->k)); 62 | memmove(state->r, buff + sizeof(state->v) + sizeof(state->k), 63 | sizeof(state->r)); 64 | return state; 65 | } 66 | 67 | /* 68 | * Free the random number generator. 69 | */ 70 | void random_free(random_state_t state) 71 | { 72 | free(state); 73 | } 74 | 75 | /* 76 | * Generic random functions: 77 | */ 78 | uint8_t random_uint8(random_state_t state) 79 | { 80 | uint8_t r; 81 | random_memory(state, &r, sizeof(r)); 82 | return r; 83 | } 84 | uint16_t random_uint16(random_state_t state) 85 | { 86 | uint16_t r; 87 | random_memory(state, &r, sizeof(r)); 88 | return r; 89 | } 90 | uint32_t random_uint32(random_state_t state) 91 | { 92 | uint32_t r; 93 | random_memory(state, &r, sizeof(r)); 94 | return r; 95 | } 96 | uint64_t random_uint64(random_state_t state) 97 | { 98 | uint64_t r; 99 | random_memory(state, &r, sizeof(r)); 100 | return r; 101 | } 102 | 103 | /* 104 | * Cryptographically secure random number generator. 105 | */ 106 | void random_memory(random_state_t state, void *ptr0, size_t size) 107 | { 108 | uint8_t *ptr = (uint8_t *)ptr0; 109 | uint8_t *e8 = (uint8_t *)state->e; 110 | 111 | while (size != 0) 112 | { 113 | if (state->e_idx >= sizeof(state->e)) 114 | { 115 | generate_random(state); 116 | state->e_idx = 0; 117 | } 118 | *(ptr++) = e8[state->e_idx++]; 119 | size--; 120 | } 121 | } 122 | 123 | /* 124 | * Generate more random bytes based on the XXTEA algorithm. 125 | */ 126 | #define RANDOM_ROUNDS 19 127 | #define RANDOM_DELTA 0x9E3779B9 128 | #define RANDOM_MIX(i, y, z, sum, k, e) \ 129 | (((z) >> 5 ^ (y) << 2) + ((y) >> 3 ^ (z) << 4)) ^ (((sum) ^ (y)) + \ 130 | ((k)[((i) & 0x03) ^ (e)] ^ (z))) 131 | static void generate_random(random_state_t state) 132 | { 133 | // Next value: 134 | state->v[0]++; 135 | if (state->v[0] == 0) 136 | { 137 | state->v[1]--; 138 | } 139 | 140 | // Encrypt the value: 141 | register uint32_t v0 = state->v[0], v1 = state->v[1], v2 = state->v[2], 142 | v3 = state->v[3]; 143 | register uint32_t sum = 0, e; 144 | for (unsigned i = 0; i < RANDOM_ROUNDS; i++) 145 | { 146 | sum += RANDOM_DELTA; 147 | e = (sum >> 2) & 0x03; 148 | v0 += RANDOM_MIX(0, v1, v3, sum, state->k, e); 149 | v1 += RANDOM_MIX(1, v2, v0, sum, state->k, e); 150 | v2 += RANDOM_MIX(2, v3, v1, sum, state->k, e); 151 | v3 += RANDOM_MIX(3, v0, v2, sum, state->k, e); 152 | } 153 | 154 | // Write out encrypted data & xor with seed: 155 | state->e[0] = v0 ^ state->r[0]; 156 | state->e[1] = v1 ^ state->r[1]; 157 | state->e[2] = v2 ^ state->r[2]; 158 | state->e[3] = v3 ^ state->r[3]; 159 | } 160 | 161 | /****************************************************************************/ 162 | 163 | struct rand_state_s 164 | { 165 | uint32_t z; 166 | uint32_t w; 167 | uint32_t e; 168 | size_t e_idx; 169 | }; 170 | 171 | /* 172 | * Prototypes. 173 | */ 174 | static void generate_rand(rand_state_t state); 175 | 176 | /* 177 | * Initialise the random number generator. 178 | */ 179 | rand_state_t rand_init(uint64_t seed) 180 | { 181 | rand_state_t state = (rand_state_t)malloc(sizeof(struct rand_state_s)); 182 | if (state == NULL) 183 | { 184 | error("unable to allocate " SIZE_T_FMT " bytes for random state", 185 | sizeof(struct rand_state_s)); 186 | exit(EXIT_FAILURE); // For server. 187 | } 188 | 189 | state->e_idx = sizeof(state->e); 190 | state->z = (uint32_t)seed; 191 | state->z = (state->z == 0? ~state->z: state->z); 192 | seed >>= 32; 193 | state->w = (uint32_t)seed; 194 | state->w = (state->w == 0? ~state->w: state->w); 195 | return state; 196 | } 197 | 198 | /* 199 | * Free the random number generator. 200 | */ 201 | void rand_free(rand_state_t state) 202 | { 203 | free(state); 204 | } 205 | 206 | /* 207 | * Generic random functions: 208 | */ 209 | uint8_t rand_uint8(rand_state_t state) 210 | { 211 | uint8_t r; 212 | rand_memory(state, &r, sizeof(r)); 213 | return r; 214 | } 215 | uint16_t rand_uint16(rand_state_t state) 216 | { 217 | uint16_t r; 218 | rand_memory(state, &r, sizeof(r)); 219 | return r; 220 | } 221 | uint32_t rand_uint32(rand_state_t state) 222 | { 223 | uint32_t r; 224 | rand_memory(state, &r, sizeof(r)); 225 | return r; 226 | } 227 | uint64_t rand_uint64(rand_state_t state) 228 | { 229 | uint64_t r; 230 | rand_memory(state, &r, sizeof(r)); 231 | return r; 232 | } 233 | 234 | /* 235 | * Fast random number generator. 236 | */ 237 | void rand_memory(rand_state_t state, void *ptr0, size_t size) 238 | { 239 | uint8_t *ptr = (uint8_t *)ptr0; 240 | uint8_t *e8 = (uint8_t *)&state->e; 241 | 242 | while (size != 0) 243 | { 244 | if (state->e_idx >= sizeof(state->e)) 245 | { 246 | generate_rand(state); 247 | state->e_idx = 0; 248 | } 249 | *(ptr++) = e8[state->e_idx++]; 250 | size--; 251 | } 252 | } 253 | 254 | /* 255 | * Generate more random bytes based on the Multiply-with-carry method. 256 | */ 257 | static void generate_rand(rand_state_t state) 258 | { 259 | state->z = 36969 * (state->z & 0xFFFF) + (state->z >> 16); 260 | state->w = 18000 * (state->w & 0xFFFF) + (state->w >> 16); 261 | state->e = (state->z << 16) + state->w; 262 | } 263 | 264 | -------------------------------------------------------------------------------- /src/random.h: -------------------------------------------------------------------------------- 1 | /* 2 | * random.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __RANDOM_H 20 | #define __RANDOM_H 21 | 22 | #include 23 | #include 24 | 25 | typedef struct random_state_s *random_state_t; 26 | typedef struct rand_state_s *rand_state_t; 27 | 28 | /* 29 | * Cryptographically secure: 30 | */ 31 | random_state_t random_init(void); 32 | void random_free(random_state_t state); 33 | uint8_t random_uint8(random_state_t state); 34 | uint16_t random_uint16(random_state_t state); 35 | uint32_t random_uint32(random_state_t state); 36 | uint64_t random_uint64(random_state_t state); 37 | void random_memory(random_state_t state, void *ptr, size_t size); 38 | 39 | /* 40 | * Faster but insecure: 41 | */ 42 | rand_state_t rand_init(uint64_t seed); 43 | void rand_free(rand_state_t state); 44 | uint8_t rand_uint8(rand_state_t state); 45 | uint16_t rand_uint16(rand_state_t state); 46 | uint32_t rand_uint32(rand_state_t state); 47 | uint64_t rand_uint64(rand_state_t state); 48 | void rand_memory(rand_state_t state, void *ptr, size_t size); 49 | 50 | #endif /* __RANDOM_H */ 51 | -------------------------------------------------------------------------------- /src/server_table.h: -------------------------------------------------------------------------------- 1 | /* 2 | * server_table.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __SERVER_TABLE_H 20 | #define __SERVER_TABLE_H 21 | 22 | #include 23 | #include 24 | 25 | #include "cfg.h" 26 | 27 | #define SERVER_TABLE_FILENAME PACKAGE_NAME ".tab" 28 | 29 | #define SERVER_DEAD ((pid_t)(-1)) 30 | #define SERVER_SUSPENDED ((pid_t)(-2)) 31 | 32 | /* 33 | * Server table entry: 34 | */ 35 | struct server_entry_s 36 | { 37 | pid_t pid; // PID of server process 38 | char *url; // URL of server 39 | struct server_entry_s *next; // Next server or NULL 40 | }; 41 | typedef struct server_entry_s *server_entry_t; 42 | 43 | /* 44 | * Prototypes. 45 | */ 46 | void server_table_free(server_entry_t table); 47 | void server_table_insert(server_entry_t *table_ptr, pid_t pid, 48 | const char *url); 49 | pid_t server_table_delete(server_entry_t *table_ptr, const char *url); 50 | server_entry_t server_table_read(void); 51 | bool server_table_write(server_entry_t table); 52 | 53 | #endif /* __SERVER_TABLE_H */ 54 | -------------------------------------------------------------------------------- /src/socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * socket.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include "cfg.h" 20 | 21 | #ifdef WINDOWS 22 | #include "windows/socket.h" 23 | #endif 24 | 25 | #ifdef LINUX 26 | #include "linux/socket.h" 27 | #endif 28 | 29 | #ifdef FREEBSD 30 | #include "freebsd/socket.h" 31 | #endif 32 | 33 | #ifndef __SOCKET_COMMON_H 34 | #define __SOCKET_COMMON_H 35 | 36 | /* 37 | * Common to all OSs: 38 | */ 39 | 40 | /* 41 | * IPv4 flags. 42 | */ 43 | #define IP_DF 0x4000 44 | #define IP_MF 0x2000 45 | 46 | /* 47 | * UDPLITE macros. 48 | */ 49 | #ifndef IPPROTO_UDPLITE 50 | #define IPPROTO_UDPLITE 136 51 | #endif 52 | 53 | #ifndef UDPLITE_SEND_CSCOV 54 | #define UDPLITE_SEND_CSCOV 10 55 | #endif 56 | 57 | #ifndef UDPLITE_RECV_CSCOV 58 | #define UDPLITE_RECV_CSCOV 11 59 | #endif 60 | 61 | #endif /* __SOCKET_COMMON_H */ 62 | -------------------------------------------------------------------------------- /src/thread.h: -------------------------------------------------------------------------------- 1 | /* 2 | * thread.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include "cfg.h" 20 | 21 | #ifdef WINDOWS 22 | #include "windows/thread.h" 23 | #endif 24 | 25 | #ifdef LINUX 26 | #include "linux/thread.h" 27 | #endif 28 | 29 | #ifdef FREEBSD 30 | #include "freebsd/thread.h" 31 | #endif 32 | 33 | -------------------------------------------------------------------------------- /src/tools/build_clientdeb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # build_clientdeb.sh 3 | # (C) 2017, all rights reserved, 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | # Simple script that generates a .deb file for client installation. 19 | # This is to avoid all the complexity of doing it the "correct way" 20 | # (although eventually this will be unavoidable). 21 | 22 | if [ $# != 2 ] 23 | then 24 | echo "usage: $0 package-name package-version" 1>&2 25 | exit 1 26 | fi 27 | 28 | if [ ! -x `which fakeroot` ] 29 | then 30 | echo "$0: error: fakeroot is not installed" 1>&2 31 | exit 1 32 | fi 33 | 34 | PACKAGE_NAME=$1 35 | PACKAGE_VERSION=$2 36 | 37 | set -e 38 | 39 | mkdir -p root 40 | cd root 41 | mkdir -p "./usr/sbin/" 42 | cp "../../${PACKAGE_NAME}" "./usr/sbin/" 43 | mkdir -p "./usr/lib/systemd/system/" 44 | cp "../reqrypt.service" "./usr/lib/systemd/system/" 45 | tar cz --owner root --group root -f ../data.tar.gz . 46 | md5sum `find ../root/ -type f -printf "%P "` > md5sums 47 | mv md5sums ../client.deb/ 48 | cd .. 49 | rm -rf root/ 50 | cd client.deb 51 | for INFILE in *.in 52 | do 53 | OUTFILE=`basename "$INFILE" .in` 54 | sed "s/@PACKAGE_NAME@/${PACKAGE_NAME}/g" < "$INFILE" > "$OUTFILE" 55 | chmod a+x "$OUTFILE" 56 | done 57 | tar cz --owner root --group root -f ../control.tar.gz control postinst \ 58 | md5sums 59 | rm -f postinst md5sums 60 | cd .. 61 | echo "2.0" > debian-binary 62 | fakeroot ar cr "${PACKAGE_NAME}_${PACKAGE_VERSION}_amd64.deb" debian-binary \ 63 | control.tar.gz data.tar.gz 64 | rm -f debian-binary control.tar.gz data.tar.gz 65 | 66 | -------------------------------------------------------------------------------- /src/tools/build_serverdeb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # build_serverdeb.sh 3 | # (C) 2017, all rights reserved, 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | # Simple script that generates a .deb file for server installation. 19 | # This is to avoid all the complexity of doing it the "correct way" 20 | # (although eventually this will be unavoidable). 21 | 22 | if [ $# != 2 ] 23 | then 24 | echo "usage: $0 package-name package-version" 1>&2 25 | exit 1 26 | fi 27 | 28 | if [ ! -x `which fakeroot` ] 29 | then 30 | echo "$0: error: fakeroot is not installed" 1>&2 31 | exit 1 32 | fi 33 | 34 | PACKAGE_NAME=$1 35 | PACKAGE_VERSION=$2 36 | 37 | set -e 38 | 39 | mkdir -p root 40 | cd root 41 | mkdir -p "./etc/${PACKAGE_NAME}d/" 42 | mkdir -p "./etc/init.d/" 43 | mkdir -p "./usr/sbin/" 44 | cp "../../${PACKAGE_NAME}d" "./usr/sbin/" 45 | cp "../../${PACKAGE_NAME}d_tool" "./usr/sbin/" 46 | cp "../init.d.sh" "./etc/init.d/${PACKAGE_NAME}d" 47 | chmod a+x "./etc/init.d/${PACKAGE_NAME}d" 48 | touch "./etc/${PACKAGE_NAME}d/${PACKAGE_NAME}.tab" 49 | touch "./etc/${PACKAGE_NAME}d/${PACKAGE_NAME}.crypt.keys" 50 | tar cz --owner root --group root -f ../data.tar.gz . 51 | md5sum `find ../root/ -type f -printf "%P "` > md5sums 52 | mv md5sums ../server.deb/ 53 | cd .. 54 | rm -rf root/ 55 | cd server.deb 56 | for INFILE in *.in 57 | do 58 | OUTFILE=`basename "$INFILE" .in` 59 | sed "s/@PACKAGE_NAME@/${PACKAGE_NAME}/g" < "$INFILE" > "$OUTFILE" 60 | chmod a+x "$OUTFILE" 61 | done 62 | tar cz --owner root --group root -f ../control.tar.gz control postinst \ 63 | prerm postrm md5sums 64 | rm -f postinst prerm postrm md5sums 65 | cd .. 66 | echo "2.0" > debian-binary 67 | fakeroot ar cr "${PACKAGE_NAME}d_${PACKAGE_VERSION}_amd64.deb" debian-binary \ 68 | control.tar.gz data.tar.gz 69 | rm -f debian-binary control.tar.gz data.tar.gz 70 | 71 | -------------------------------------------------------------------------------- /src/tools/client.deb/control: -------------------------------------------------------------------------------- 1 | Package: reqrypt 2 | Version: 1.4.1 3 | Maintainer: Basil 4 | Section: net 5 | Priority: optional 6 | Homepage: http://reqrypt.org 7 | Architecture: amd64 8 | Depends: libc6 (>= 2.7) 9 | Description: Reqrypt client 10 | ReQrypt (REQuest ecRYPTion) is a tool for encrypting your web browser requests 11 | -- i.e. the URLs you type into your address bar -- so malicious parties cannot 12 | read them. ReQrypt is specifically designed for (1) bypassing ISP-level URL 13 | censorship systems; and (2) bypassing ISP-level URL logging and data retention 14 | systems. 15 | -------------------------------------------------------------------------------- /src/tools/client.deb/postinst.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postinst.in 3 | # (C) 2017, all rights reserved, 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | set -e 19 | 20 | if [ -x "/usr/sbin/@PACKAGE_NAME@" ] 21 | then 22 | if [ -x "`which setcap`" ] 23 | then 24 | setcap cap_net_raw,cap_net_admin,cap_setgid,cap_setuid=ep \ 25 | "/usr/sbin/@PACKAGE_NAME@" 26 | else 27 | chown 0:0 "/usr/sbin/@PACKAGE_NAME@" 28 | chmod +xs "/usr/sbin/@PACKAGE_NAME@" 29 | fi 30 | fi 31 | 32 | -------------------------------------------------------------------------------- /src/tools/file2c.c: -------------------------------------------------------------------------------- 1 | /* 2 | * file2c.c 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | static void print_symbol(const char *name) 27 | { 28 | fputs("data_", stdout); 29 | for (int i = 0; name[i]; i++) 30 | { 31 | if (isalnum(name[i])) 32 | { 33 | fputc(name[i], stdout); 34 | } 35 | else 36 | { 37 | fputc('_', stdout); 38 | } 39 | } 40 | } 41 | 42 | static bool match_suffix(const char *name, const char *suffix) 43 | { 44 | size_t suffix_len = strlen(suffix); 45 | size_t name_len = strlen(name); 46 | if (name_len <= suffix_len) 47 | { 48 | return false; 49 | } 50 | return (strcmp(name + name_len - suffix_len, suffix) == 0); 51 | } 52 | 53 | static bool should_optimise(const char *name) 54 | { 55 | return (match_suffix(name, ".html") || 56 | match_suffix(name, ".css") || 57 | match_suffix(name, ".js")); 58 | } 59 | 60 | static int string_compare(const void *a, const void *b) 61 | { 62 | const char *a1 = *((const char **)a); 63 | const char *b1 = *((const char **)b); 64 | return strcmp(a1, b1); 65 | } 66 | 67 | int main(int argc, char **argv) 68 | { 69 | qsort(argv+1, argc-1, sizeof(char *), string_compare); 70 | 71 | fputs("/* GENERATED CODE -- DO NOT EDIT */\n\n", stdout); 72 | for (int i = 1; i < argc; i++) 73 | { 74 | FILE *file = fopen(argv[i], "r"); 75 | if (file == NULL) 76 | { 77 | fprintf(stderr, "unable to open file \"%s\" for reading: %s\n", 78 | argv[i], strerror(errno)); 79 | return EXIT_FAILURE; 80 | } 81 | 82 | printf("/* GENERATED FROM FILE \"%s\" */\n", argv[i]); 83 | fputs("#ifndef SKIP_", stdout); 84 | print_symbol(argv[i]); 85 | fputs("\nstatic const char ", stdout); 86 | print_symbol(argv[i]); 87 | fputs("[] =\n{\n", stdout); 88 | bool ws = true; 89 | bool optimise = should_optimise(argv[i]); 90 | while (true) 91 | { 92 | char c = getc(file); 93 | if (c == EOF) 94 | { 95 | if (ferror(file)) 96 | { 97 | fprintf(stderr, "unable to read from file \"%s\": %s\n", 98 | argv[i], strerror(errno)); 99 | return EXIT_FAILURE; 100 | } 101 | if (feof(file)) 102 | { 103 | break; 104 | } 105 | } 106 | 107 | // Simple whitespace optimisation. 108 | if (optimise && isspace(c)) 109 | { 110 | if (ws) 111 | { 112 | continue; 113 | } 114 | ws = true; 115 | } 116 | else 117 | { 118 | ws = false; 119 | } 120 | printf("\t0x%.2X,\n", c & 0xFF); 121 | } 122 | fclose(file); 123 | fputs("\t0x00\n", stdout); 124 | fputs("};\n", stdout); 125 | fputs("#endif\n\n", stdout); 126 | } 127 | 128 | fputs("/* GENERATED LOOKUP TABLE */\n", stdout); 129 | fputs("struct file_data_s\n", stdout); 130 | fputs("{\n", stdout); 131 | fputs("\tconst char *name;\n", stdout); 132 | fputs("\tconst char *data;\n", stdout); 133 | fputs("\tsize_t size;\n", stdout); 134 | fputs("};\n", stdout); 135 | fputs("static int file_data_s_compare(const void *a, const void *b)\n", 136 | stdout); 137 | fputs("{\n", stdout); 138 | fputs("\tconst struct file_data_s *a1 = (const struct file_data_s *)a;\n", 139 | stdout); 140 | fputs("\tconst struct file_data_s *b1 = (const struct file_data_s *)b;\n", 141 | stdout); 142 | fputs("\treturn strcmp(a1->name, b1->name);\n", stdout); 143 | fputs("}\n", stdout); 144 | fputs("static const struct file_data_s file_data[] =\n{\n", stdout); 145 | for (int i = 1; i < argc; i++) 146 | { 147 | fputs("#ifndef SKIP_", stdout); 148 | print_symbol(argv[i]); 149 | printf("\n\t{\"%s\", ", argv[i]); 150 | print_symbol(argv[i]); 151 | fputs(", sizeof(", stdout); 152 | print_symbol(argv[i]); 153 | fputs(")-1},\n", stdout); 154 | fputs("#endif\n", stdout); 155 | } 156 | fputs("};\n", stdout); 157 | 158 | return EXIT_SUCCESS; 159 | } 160 | 161 | -------------------------------------------------------------------------------- /src/tools/init.d.sh.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # init.d.sh.in 3 | # (C) 2017, all rights reserved, 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | ### BEGIN INIT INFO 19 | # Provides: @PACKAGE_NAME@d 20 | # Required-Start: $local_fs $remote_fs $syslog $network $named $time 21 | # Required-Stop: $local_fs $remote_fs $syslog $network $named $time 22 | # Default-Start: 2 3 4 5 23 | # Default-Stop: 0 1 6 24 | # Short-Description: @PACKAGE_NAME_LONG@ daemon processes 25 | ### END INIT INFO 26 | 27 | set -e 28 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 29 | DAEMON=/usr/sbin/@PACKAGE_NAME@d 30 | 31 | if [ ! -x "$DAEMON" ] 32 | then 33 | echo "$0: $DAEMON: not executable" 34 | exit 1 35 | fi 36 | 37 | case "$1" in 38 | start) 39 | "$DAEMON" --init-start 40 | exit 0 41 | ;; 42 | stop) 43 | "$DAEMON" --init-stop 44 | exit 0 45 | ;; 46 | restart|reload|force-reload) 47 | "$DAEMON" --init-stop 48 | "$DAEMON" --init-start 49 | exit 0 50 | ;; 51 | *) 52 | echo "usage: $0 {start|stop|restart|reload|force-reload}" 2>&1 53 | exit 1 54 | ;; 55 | esac 56 | 57 | -------------------------------------------------------------------------------- /src/tools/reqrypt.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=ReQrypt Client 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=root 8 | PIDFile=/run/reqrypt.pid 9 | ExecStart=/usr/bin/reqrypt --no-launch-ui 10 | ExecStop=/bin/kill -s INT $MAINPID 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /src/tools/server.deb/control: -------------------------------------------------------------------------------- 1 | Package: reqryptd 2 | Version: 1.4.1 3 | Maintainer: Basil 4 | Section: net 5 | Priority: optional 6 | Homepage: http://reqrypt.org 7 | Architecture: amd64 8 | Depends: libc6 (>= 2.7), libgmp10, libssl1.0.0 9 | Description: Reqrypt tunnel server 10 | Reqrypt (REQuest ecRYPTion) is a tool for encrypting and tunneling HTTP 11 | request packets. This package provides the reqrypt tunnel server. Install 12 | this package if you wish to create one or more reqrypt tunnel endpoints on 13 | this system. 14 | . 15 | Reqrypt servers are designed to consume minimal CPU and memory resources. 16 | They can be run on low-resource systems such as cheap virtual private servers. 17 | The reqrypt tunnel server is known to be compatible with Linux dedicated 18 | servers, or Xen (Linux) virtual private servers, provided the server is 19 | hosted by a compatible network. Please test your tunnels before publishing 20 | them. 21 | -------------------------------------------------------------------------------- /src/tools/server.deb/postinst.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postinst.in 3 | # (C) 2017, all rights reserved, 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | set -e 19 | 20 | if [ -x "/etc/init.d/@PACKAGE_NAME@d" ] 21 | then 22 | update-rc.d @PACKAGE_NAME@d defaults 16 80 > /dev/null 23 | fi 24 | 25 | -------------------------------------------------------------------------------- /src/tools/server.deb/postrm.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postrm.in 3 | # (C) 2017, all rights reserved, 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | set -e 19 | 20 | update-rc.d @PACKAGE_NAME@d remove > /dev/null 21 | 22 | -------------------------------------------------------------------------------- /src/tools/server.deb/prerm.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # prerm.in 3 | # (C) 2017, all rights reserved, 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | set -e 19 | 20 | if [ -x "/etc/init.d/@PACKAGE_NAME@d" ] 21 | then 22 | "/etc/init.d/@PACKAGE_NAME@d" stop > /dev/null 23 | fi 24 | 25 | -------------------------------------------------------------------------------- /src/tunnel.h: -------------------------------------------------------------------------------- 1 | /* 2 | * tunnel.h 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #ifndef __TUNNEL_H 20 | #define __TUNNEL_H 21 | 22 | #include 23 | #include 24 | 25 | #include "cfg.h" 26 | #include "http_server.h" 27 | 28 | #define TUNNELS_FILENAME PROGRAM_NAME ".cache" 29 | 30 | typedef struct tunnel_s *tunnel_t; 31 | 32 | /* 33 | * Prototypes. 34 | */ 35 | void tunnel_init(void); 36 | void tunnel_file_read(void); 37 | void tunnel_file_write(void); 38 | bool tunnel_ready(void); 39 | void tunnel_open(void); 40 | bool tunnel_packets(uint8_t *packet, uint8_t **packets, uint64_t hash, 41 | unsigned repeat, uint16_t config_mtu, bool config_multi); 42 | bool tunnel_active_html(http_buffer_t buff); 43 | bool tunnel_all_html(http_buffer_t buff); 44 | void tunnel_open_url(const char *url); 45 | void tunnel_close_url(const char *url); 46 | void tunnel_delete_url(const char *url); 47 | 48 | #endif /* __TUNNEL_H */ 49 | -------------------------------------------------------------------------------- /src/ui/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | $INCLUDE(head.html) 5 | 6 | 7 |
8 | $INCLUDE(title.html) 9 | $INCLUDE(tabs-error.html) 10 |
11 |

$NAME

12 |
13 |

404 Not Found

14 |
15 |
16 | 17 | 18 | -------------------------------------------------------------------------------- /src/ui/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | $INCLUDE(head.html) 5 | 6 | 7 |
8 | $INCLUDE(title.html) 9 | $INCLUDE(tabs-error.html) 10 |
11 |

$NAME

12 |
13 |

500 Internal Server Error

14 |
15 |
16 | 17 | 18 | -------------------------------------------------------------------------------- /src/ui/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/basil00/reqrypt/98bc77d6c92204165fbe05016ac40b7a8d503314/src/ui/favicon.ico -------------------------------------------------------------------------------- /src/ui/head.html: -------------------------------------------------------------------------------- 1 | $PROGRAM $VERSION [$PLATFORM] 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /src/ui/help.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | $INCLUDE(head.html) 5 | 6 | 7 |
8 | $INCLUDE(title.html) 9 | $INCLUDE(tabs.html) 10 |
11 | $INCLUDE(exit.html) 12 |
13 | $INCLUDE(help-contents.html) 14 |
15 |
16 |
17 | 18 | 19 | -------------------------------------------------------------------------------- /src/ui/license.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | $INCLUDE(head.html) 5 | 6 | 7 |
8 | $INCLUDE(title.html) 9 | $INCLUDE(tabs.html) 10 |
11 | $INCLUDE(exit.html) 12 | 13 | LICENSE: 14 | 15 |
16 |

17 |

18 | This program is distributed under the 19 | GNU GPL VERSION 3: 20 |
21 |

22 |

23 |

24 | 27 |
28 |

29 |
30 |
31 |
32 |
33 |
34 | 35 | 36 | -------------------------------------------------------------------------------- /src/ui/log-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 |
10 | 11 | 12 | -------------------------------------------------------------------------------- /src/ui/log.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | $INCLUDE(head.html) 5 | 6 | 7 |
8 | $INCLUDE(title.html) 9 | $INCLUDE(tabs.html) 10 |
11 | $INCLUDE(exit.html) 12 | 13 | MESSAGES: 14 | 15 | 21 |
22 |
23 |
24 | Display messages? 25 | 🛈 26 |
27 |
28 | 44 |
45 |
46 |
47 |
48 | $INCLUDE(state.html) 49 |
50 | 51 | 52 | -------------------------------------------------------------------------------- /src/ui/log.js: -------------------------------------------------------------------------------- 1 | /* 2 | * log.js 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | var request = null; 20 | try 21 | { 22 | request = new XMLHttpRequest(); 23 | } 24 | catch (trymicrosoft) 25 | { 26 | try 27 | { 28 | request = new ActiveXObject("Msxml2.XMLHTTP"); 29 | } 30 | catch (othermicrosoft) 31 | { 32 | try 33 | { 34 | request = new ActiveXObject("Microsoft.XMLHTTP"); 35 | } 36 | catch (failed) 37 | { 38 | request = null; 39 | } 40 | } 41 | } 42 | 43 | if (request == null) 44 | { 45 | alert("unable to create request object"); 46 | } 47 | 48 | function getLog() 49 | { 50 | url = "log-entry.txt"; 51 | request.open("GET", url, true); 52 | request.onreadystatechange = updateLog; 53 | request.send(null); 54 | setTimeout("getLog()", 750); 55 | } 56 | 57 | function updateLog() 58 | { 59 | if (request.readyState == 4 && request.status == 200) 60 | { 61 | log_div = document.getElementById("log"); 62 | if (log_div) 63 | { 64 | log_div.innerHTML = request.responseText; 65 | window.scrollBy(0, 9999999); 66 | } 67 | } 68 | } 69 | 70 | -------------------------------------------------------------------------------- /src/ui/motd.js: -------------------------------------------------------------------------------- 1 | /* 2 | * motd.js 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | var request2 = null; 20 | try 21 | { 22 | request2 = new XMLHttpRequest(); 23 | } 24 | catch (trymicrosoft) 25 | { 26 | try 27 | { 28 | request2 = new ActiveXObject("Msxml2.XMLHTTP"); 29 | } 30 | catch (othermicrosoft) 31 | { 32 | try 33 | { 34 | request2 = new ActiveXObject("Microsoft.XMLHTTP"); 35 | } 36 | catch (failed) 37 | { 38 | request2 = null; 39 | } 40 | } 41 | } 42 | 43 | if (request2 == null) 44 | { 45 | alert("unable to create request2 object"); 46 | } 47 | 48 | function getMOTD() 49 | { 50 | if (document.state.CHECK_UPDATES.value == "true") 51 | { 52 | url = "https://reqrypt.org/motd-01.txt"; 53 | request2.open("GET", url, true); 54 | request2.onreadystatechange = updateMOTD; 55 | request2.send(null); 56 | } 57 | } 58 | 59 | function updateMOTD() 60 | { 61 | if (request2.readyState == 4 && request2.status == 200) 62 | { 63 | motd_div = document.getElementById("motd"); 64 | if (motd_div) 65 | { 66 | motd_div.innerHTML = request2.responseText; 67 | } 68 | } 69 | } 70 | 71 | -------------------------------------------------------------------------------- /src/ui/state.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 |
35 | -------------------------------------------------------------------------------- /src/ui/style.css: -------------------------------------------------------------------------------- 1 | body.style 2 | { 3 | background-color: #dedede; 4 | } 5 | 6 | h1.title 7 | { 8 | color: #6666dd; 9 | font-size: 160%; 10 | font-family: sans-serif; 11 | } 12 | 13 | div.ie 14 | { 15 | color: #ffffff; 16 | background-color: #aa0000; 17 | font-weight: bold; 18 | padding: 3px; 19 | } 20 | 21 | a.browser 22 | { 23 | color: #ffff55; 24 | text-decoration: none; 25 | } 26 | 27 | div.wrap 28 | { 29 | width: 1000px; 30 | height: 1200px; 31 | margin: 1em auto 1em auto; 32 | } 33 | 34 | div.tabs 35 | { 36 | padding: 0 1em 0 1em; 37 | } 38 | 39 | div.help 40 | { 41 | color: #000000; 42 | background-color: #ffffff; 43 | padding: 10px 10px 10px 10px; 44 | } 45 | 46 | a 47 | { 48 | text-decoration: none; 49 | } 50 | 51 | a.tab 52 | { 53 | background-color: #4444bb; 54 | color: #ffffff; 55 | margin: 0 0.2em 0 0; 56 | padding: 2px 1em 2px 1em; 57 | -moz-border-radius-topright: 7px; 58 | -moz-border-radius-topleft: 7px; 59 | -webkit-border-top-right-radius: 7px; 60 | -webkit-border-top-left-radius: 7px; 61 | position: relative; 62 | top: -1px; 63 | z-index: 10; 64 | } 65 | 66 | a.tab:hover 67 | { 68 | background-color: #5555cc; 69 | } 70 | 71 | a.tab.active, a.tab.active:hover 72 | { 73 | color: #ffffff; 74 | background-color: #7777ee; 75 | z-index: 12; 76 | } 77 | 78 | a.exit 79 | { 80 | background-color: #7777ee; 81 | float: right; 82 | } 83 | 84 | a.exit:hover 85 | { 86 | background-color: #9999ff; 87 | } 88 | 89 | div.main 90 | { 91 | color: #ffffff; 92 | background-color: #7777ee; 93 | padding: 1em; 94 | position: relative; 95 | z-index: 11; 96 | min-height: 500px; 97 | } 98 | 99 | iframe.log 100 | { 101 | background-color: #ddddff; 102 | } 103 | 104 | span.error 105 | { 106 | color: #aa0000; 107 | } 108 | 109 | span.panic 110 | { 111 | color: #aa0000; 112 | } 113 | 114 | span.warning 115 | { 116 | color: #aaaa00; 117 | } 118 | 119 | span.log 120 | { 121 | color: #00aa00; 122 | } 123 | 124 | div.log 125 | { 126 | color: #111111; 127 | font-family: monospace; 128 | } 129 | 130 | div.group 131 | { 132 | padding: 5px 0px 5px 0px; 133 | } 134 | 135 | div.option, div.option_hdr 136 | { 137 | padding: 2px 1em 3px 1em; 138 | border: 1px outset #ffffff; 139 | color: #000000; 140 | background-color: #ddddff; 141 | font-family: sans-serif; 142 | font-weight: normal; 143 | } 144 | 145 | div.option_hdr 146 | { 147 | color: #ffffff; 148 | background-color: #ffffdd; 149 | font-weight: bold; 150 | } 151 | 152 | div.option_box 153 | { 154 | background-color: #6666dd; 155 | color: #ffffff; 156 | padding: 10px 10px 10px 10px; 157 | -moz-border-radius: 7px; 158 | -webkit-border-radius: 7px; 159 | } 160 | 161 | div.option:hover 162 | { 163 | background-color: #eeeeee; 164 | } 165 | 166 | div.label 167 | { 168 | float: left; 169 | } 170 | 171 | div.input 172 | { 173 | text-align: right; 174 | } 175 | 176 | select.input 177 | { 178 | } 179 | 180 | select.url_select 181 | { 182 | width: 100%; 183 | overflow: auto; 184 | margin-bottom: 5px; 185 | } 186 | 187 | textarea.license 188 | { 189 | color: #000000; 190 | background-color: #ffffff; 191 | } 192 | 193 | div.question 194 | { 195 | font-weight: bold; 196 | background-color: #dddd99; 197 | } 198 | 199 | div.answer 200 | { 201 | font-size: 93%; 202 | background-color: #eeeeff; 203 | margin: 0 0 0 1em; 204 | padding: 0 1em 0 0; 205 | } 206 | 207 | -------------------------------------------------------------------------------- /src/ui/tabs-error.html: -------------------------------------------------------------------------------- 1 |
2 | 4 | ⛕ REQRYPT 5 | 6 | 7 | LOG 8 | 9 | 10 | HELP 11 | 12 | 14 | LICENSE 15 | 16 | ERROR 17 | 18 |
19 | -------------------------------------------------------------------------------- /src/ui/tabs.html: -------------------------------------------------------------------------------- 1 |
2 | 4 | ⛕ REQRYPT 5 | 6 | 7 | LOG 8 | 9 | 10 | HELP 11 | 12 | 14 | LICENSE 15 | 16 | 17 |
18 | -------------------------------------------------------------------------------- /src/ui/title.html: -------------------------------------------------------------------------------- 1 |

2 | $PROGRAM $VERSION WebUI 3 |

4 | -------------------------------------------------------------------------------- /src/ui/tunnels.js: -------------------------------------------------------------------------------- 1 | /* 2 | * tunnels.js 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | var request = null; 20 | try 21 | { 22 | request = new XMLHttpRequest(); 23 | } 24 | catch (trymicrosoft) 25 | { 26 | try 27 | { 28 | request = new ActiveXObject("Msxml2.XMLHTTP"); 29 | } 30 | catch (othermicrosoft) 31 | { 32 | try 33 | { 34 | request = new ActiveXObject("Microsoft.XMLHTTP"); 35 | } 36 | catch (failed) 37 | { 38 | request = null; 39 | } 40 | } 41 | } 42 | 43 | if (!request) 44 | { 45 | alert("unable to create request object"); 46 | } 47 | 48 | function getTunnels() 49 | { 50 | url = "tunnels-all.html"; 51 | request.open("GET", url, true); 52 | request.onreadystatechange = updateAllTunnels; 53 | request.send(null); 54 | setTimeout("getTunnels()", 1000); 55 | } 56 | 57 | function updateAllTunnels() 58 | { 59 | if (request.readyState == 4 && request.status == 200) 60 | { 61 | tunnels_all_select = document.getElementById("tunnels_all_select"); 62 | if (tunnels_all_select) 63 | { 64 | tunnels_all_select.innerHTML = request.responseText; 65 | reselectTunnel(); 66 | } 67 | } 68 | } 69 | 70 | function selectAllTunnel() 71 | { 72 | tunnels_all_select = document.getElementById("tunnels_all_select"); 73 | tunnel = document.getElementById("tunnel"); 74 | if (tunnels_all_select && tunnel) 75 | { 76 | for (i = 0; i < tunnels_all_select.length; i++) 77 | { 78 | if (tunnels_all_select[i].selected) 79 | { 80 | tunnel.value = tunnels_all_select[i].value; 81 | reselectTunnel(); 82 | return; 83 | } 84 | } 85 | } 86 | } 87 | 88 | function reselectTunnel() 89 | { 90 | tunnel = document.getElementById("tunnel"); 91 | if (!tunnel || tunnel.value == "") 92 | { 93 | return; 94 | } 95 | tunnels_all_select = document.getElementById("tunnels_all_select"); 96 | if (tunnels_all_select) 97 | { 98 | for (i = 0; i < tunnels_all_select.length; i++) 99 | { 100 | if (tunnels_all_select[i].value == tunnel.value) 101 | { 102 | tunnels_all_select[i].selected = "selected"; 103 | return; 104 | } 105 | } 106 | } 107 | } 108 | 109 | function openTunnel() 110 | { 111 | document.state.OPEN_URL.value = document.options.tunnel.value; 112 | document.options.tunnel.value = ""; 113 | doSubmit(); 114 | } 115 | 116 | function closeTunnel() 117 | { 118 | document.state.CLOSE_URL.value = document.options.tunnel.value; 119 | document.options.tunnel.value = ""; 120 | doSubmit(); 121 | } 122 | 123 | function delTunnel() 124 | { 125 | var tunnel = document.options.tunnel.value; 126 | if (!confirm("Permanently delete tunnel " + tunnel + "?")) 127 | return; 128 | document.state.DEL_URL.value = tunnel; 129 | document.options.tunnel.value = ""; 130 | doSubmit(); 131 | } 132 | 133 | -------------------------------------------------------------------------------- /src/windows/capture.c: -------------------------------------------------------------------------------- 1 | /* 2 | * capture.c 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | #include 20 | 21 | #include "capture.h" 22 | #include "cfg.h" 23 | #include "log.h" 24 | #include "socket.h" 25 | 26 | #include "windivert.h" 27 | 28 | /* 29 | * Pseudo ethhdr stores the DIVERT_ADDRESS 30 | */ 31 | struct pethhdr_s 32 | { 33 | uint32_t if_idx; // Packet's interface 34 | uint8_t direction; // Packet's direction 35 | uint8_t pad1; // Padding (0x0) 36 | uint32_t sub_if_idx; // Packet's sub-interface 37 | uint16_t pad2; // Padding (0x0) 38 | uint16_t proto; // ETH_P_IP 39 | } __attribute__((__packed__)); 40 | 41 | /* 42 | * Divert device handle. 43 | */ 44 | HANDLE handle = INVALID_HANDLE_VALUE; 45 | 46 | /* 47 | * Initialises the packet capture device. 48 | */ 49 | void init_capture(void) 50 | { 51 | handle = WinDivertOpen( 52 | "ip and " 53 | "!loopback and " 54 | "(outbound? tcp.DstPort == 80 or" 55 | " tcp.DstPort == 443 or" 56 | " udp.DstPort == 53 :" 57 | " icmp.Type == 11 and icmp.Code == 0)", 58 | WINDIVERT_LAYER_NETWORK, -501, 0); 59 | if (handle == INVALID_HANDLE_VALUE) 60 | { 61 | error("unable to open divert packet capture handle"); 62 | } 63 | } 64 | 65 | /* 66 | * Get a captured packet. 67 | */ 68 | size_t get_packet(uint8_t *buff, size_t len) 69 | { 70 | UINT offset = sizeof(struct pethhdr_s); 71 | if (len <= offset) 72 | { 73 | error("unable to read packet; buffer is too small"); 74 | } 75 | UINT read_len; 76 | WINDIVERT_ADDRESS addr; 77 | do 78 | { 79 | if (!WinDivertRecv(handle, (PVOID)(buff+offset), (UINT)(len-offset), 80 | &addr, &read_len)) 81 | { 82 | warning("unable to read packet from divert packet capture handle"); 83 | continue; 84 | } 85 | } 86 | while (addr.Direction == WINDIVERT_DIRECTION_INBOUND); // Drop icmp. 87 | struct pethhdr_s *peth_header = (struct pethhdr_s *)buff; 88 | peth_header->direction = addr.Direction; 89 | peth_header->if_idx = addr.IfIdx; 90 | peth_header->sub_if_idx = addr.SubIfIdx; 91 | peth_header->pad1 = 0x0; 92 | peth_header->pad2 = 0x0; 93 | peth_header->proto = htons(ETH_P_IP); 94 | 95 | WinDivertHelperCalcChecksums((PVOID)(buff+offset), (UINT)read_len, 96 | NULL, 0); 97 | 98 | return (size_t)(read_len+offset); 99 | } 100 | 101 | /* 102 | * Re-inject a captured packet. 103 | */ 104 | void inject_packet(uint8_t *buff, size_t len) 105 | { 106 | UINT offset = sizeof(struct pethhdr_s); 107 | if (len <= offset) 108 | { 109 | warning("unable to inject packet; buffer is too small"); 110 | } 111 | struct pethhdr_s *peth_header = (struct pethhdr_s *)buff; 112 | WINDIVERT_ADDRESS addr; 113 | memset(&addr, 0, sizeof(addr)); 114 | addr.Direction = peth_header->direction; 115 | addr.IfIdx = peth_header->if_idx; 116 | addr.SubIfIdx = peth_header->sub_if_idx; 117 | addr.Impostor = 1; 118 | 119 | len -= offset; 120 | buff += offset; 121 | 122 | UINT write_len; 123 | if (!WinDivertSend(handle, (PVOID)buff, (UINT)len, &addr, &write_len) || 124 | (UINT)len != write_len) 125 | { 126 | warning("unable to inject packet of size " SIZE_T_FMT " to " 127 | "divert packet capture handle", len); 128 | } 129 | } 130 | 131 | -------------------------------------------------------------------------------- /src/windows/icon.ico: -------------------------------------------------------------------------------- 1 | ../ui/favicon.ico -------------------------------------------------------------------------------- /src/windows/install/install.nsi.in: -------------------------------------------------------------------------------- 1 | ; install.nsi.in 2 | ; (C) 2017, all rights reserved, 3 | ; 4 | ; This program is free software: you can redistribute it and/or modify 5 | ; it under the terms of the GNU General Public License as published by 6 | ; the Free Software Foundation, either version 3 of the License, or 7 | ; (at your option) any later version. 8 | ; 9 | ; This program is distributed in the hope that it will be useful, 10 | ; but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | ; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | ; GNU General Public License for more details. 13 | ; 14 | ; You should have received a copy of the GNU General Public License 15 | ; along with this program. If not, see . 16 | 17 | !include "MUI2.nsh" 18 | 19 | SetCompressor /SOLID /FINAL lzma 20 | 21 | Name "@PACKAGE_NAME_LONG@" 22 | OutFile "@PACKAGE_NAME@-install.exe" 23 | 24 | InstallDir "$PROGRAMFILES\@PACKAGE_NAME_LONG@\" 25 | 26 | RequestExecutionLevel admin 27 | 28 | !insertmacro MUI_PAGE_WELCOME 29 | !insertmacro MUI_PAGE_INSTFILES 30 | 31 | !insertmacro MUI_UNPAGE_CONFIRM 32 | !insertmacro MUI_UNPAGE_INSTFILES 33 | 34 | !insertmacro MUI_LANGUAGE "English" 35 | 36 | Section "" 37 | SetOutPath $INSTDIR 38 | File "@PACKAGE_NAME@.exe" 39 | File "@PACKAGE_NAME@.exe.manifest" 40 | File "WinDivert32.sys" 41 | File "WinDivert64.sys" 42 | File "WinDivert.dll" 43 | WriteUninstaller "@PACKAGE_NAME@-uninstall.exe" 44 | WriteRegStr HKLM \ 45 | "Software\Microsoft\Windows\CurrentVersion\Uninstall\@PACKAGE_NAME_LONG@" \ 46 | "DisplayName" "@PACKAGE_NAME_LONG@" 47 | WriteRegStr HKLM \ 48 | "Software\Microsoft\Windows\CurrentVersion\Uninstall\@PACKAGE_NAME_LONG@" \ 49 | "UninstallString" "$\"$INSTDIR\@PACKAGE_NAME@-uninstall.exe$\"" 50 | CreateShortCut "$DESKTOP\@PACKAGE_NAME@.lnk" \ 51 | "$INSTDIR\@PACKAGE_NAME@.exe" "" 52 | SectionEnd 53 | 54 | Section "Uninstall" 55 | Delete "$INSTDIR\@PACKAGE_NAME@.exe" 56 | Delete "$INSTDIR\@PACKAGE_NAME@.exe.manifest" 57 | Delete "$INSTDIR\@PACKAGE_NAME@-uninstall.exe" 58 | Delete "$INSTDIR\@PACKAGE_NAME@.config" 59 | Delete "$INSTDIR\@PACKAGE_NAME@.config.bak" 60 | Delete "$INSTDIR\@PACKAGE_NAME@.config.tmp" 61 | Delete "$INSTDIR\@PACKAGE_NAME@.cache" 62 | Delete "$INSTDIR\@PACKAGE_NAME@.cache.bak" 63 | Delete "$INSTDIR\@PACKAGE_NAME@.cache.tmp" 64 | Delete "$INSTDIR\@PACKAGE_NAME@.crypt.cache" 65 | Delete "$INSTDIR\@PACKAGE_NAME@.crypt.cache.bak" 66 | Delete "$INSTDIR\@PACKAGE_NAME@.crypt.cache.tmp" 67 | Delete "$INSTDIR\@PACKAGE_NAME@.version" 68 | Delete "$INSTDIR\WinDivert32.sys" 69 | Delete "$INSTDIR\WinDivert64.sys" 70 | Delete "$INSTDIR\WinDivert.dll" 71 | RMDir "$INSTDIR\" 72 | DeleteRegKey HKLM \ 73 | "Software\Microsoft\Windows\CurrentVersion\Uninstall\@PACKAGE_NAME_LONG@" 74 | Delete "$DESKTOP\@PACKAGE_NAME@.lnk" 75 | SectionEnd 76 | 77 | -------------------------------------------------------------------------------- /src/windows/manifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ReQrypt 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /src/windows/resources.rc: -------------------------------------------------------------------------------- 1 | icon ICON "icon.ico" 2 | -------------------------------------------------------------------------------- /src/windows/socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * socket.h 3 | * (C) 2017, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __SOCKET_H 19 | #define __SOCKET_H 20 | 21 | #include 22 | #include 23 | 24 | /* 25 | * Ethernet header. 26 | */ 27 | struct ethhdr 28 | { 29 | uint8_t h_dest[6]; 30 | uint8_t h_source[6]; 31 | uint16_t h_proto; 32 | }; 33 | 34 | #define ETH_P_IP 0x0800 35 | 36 | /* 37 | * IPv4 header. 38 | */ 39 | struct iphdr 40 | { 41 | uint8_t ihl:4; 42 | uint8_t version:4; 43 | uint8_t tos; 44 | uint16_t tot_len; 45 | uint16_t id; 46 | uint16_t frag_off; 47 | uint8_t ttl; 48 | uint8_t protocol; 49 | uint16_t check; 50 | uint32_t saddr; 51 | uint32_t daddr; 52 | }; 53 | 54 | #define IP_MSS 576 55 | 56 | /* 57 | * IPv6 header. 58 | */ 59 | struct ip6_hdr 60 | { 61 | union 62 | { 63 | struct ip6_hdrctl 64 | { 65 | uint32_t ip6_un1_flow; 66 | uint16_t ip6_un1_plen; 67 | uint8_t ip6_un1_nxt; 68 | uint8_t ip6_un1_hlim; 69 | } ip6_un1; 70 | uint8_t ip6_un2_vfc; 71 | } ip6_ctlun; 72 | struct in6_addr ip6_src; 73 | struct in6_addr ip6_dst; 74 | }; 75 | 76 | #define ip6_vfc ip6_ctlun.ip6_un2_vfc 77 | #define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow 78 | #define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen 79 | #define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt 80 | #define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim 81 | #define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim 82 | 83 | #ifdef IN6ADDR_LOOPBACK_INIT 84 | #undef IN6ADDR_LOOPBACK_INIT 85 | #define IN6ADDR_LOOPBACK_INIT {{{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1}}} 86 | #endif 87 | 88 | /* 89 | * TCP header. 90 | */ 91 | struct tcphdr 92 | { 93 | uint16_t source; 94 | uint16_t dest; 95 | uint32_t seq; 96 | uint32_t ack_seq; 97 | uint16_t res1:4; 98 | uint16_t doff:4; 99 | uint16_t fin:1; 100 | uint16_t syn:1; 101 | uint16_t rst:1; 102 | uint16_t psh:1; 103 | uint16_t ack:1; 104 | uint16_t urg:1; 105 | uint16_t res2:2; 106 | uint16_t window; 107 | uint16_t check; 108 | uint16_t urg_ptr; 109 | }; 110 | 111 | #define TCPOPT_EOL 0 112 | #define TCPOPT_NOP 1 113 | #define TCPOPT_MAXSEG 2 114 | 115 | /* 116 | * UDP header. 117 | */ 118 | struct udphdr 119 | { 120 | uint16_t source; 121 | uint16_t dest; 122 | uint16_t len; 123 | uint16_t check; 124 | }; 125 | 126 | /* 127 | * ICMP header. 128 | */ 129 | struct icmphdr 130 | { 131 | uint8_t type; 132 | uint8_t code; 133 | uint16_t checksum; 134 | union 135 | { 136 | struct 137 | { 138 | uint16_t id; 139 | uint16_t sequence; 140 | } echo; 141 | uint32_t gateway; 142 | struct 143 | { 144 | uint16_t unused; 145 | uint16_t mtu; 146 | } frag; 147 | } un; 148 | }; 149 | 150 | #define ICMP_DEST_UNREACH 3 151 | #define ICMP_FRAG_NEEDED 4 152 | #define ICMP_TIME_EXCEEDED 11 153 | #define ICMP_EXC_TTL 0 154 | #define ICMP_ECHOREPLY 0 155 | #define ICMP_ECHO 8 156 | 157 | /* 158 | * Sockets: 159 | */ 160 | typedef SOCKET socket_t; 161 | 162 | #if BITS == 32 163 | #define SOCKET_T_FMT "%d" 164 | #else 165 | #define SOCKET_T_FMT "%Id" 166 | #endif 167 | 168 | #define init_sockets() \ 169 | static WSADATA wsa_data; \ 170 | WSAStartup(MAKEWORD(2, 2), &wsa_data) 171 | #define close_socket(socket) closesocket(socket) 172 | 173 | #define SHUT_RD SD_RECEIVE 174 | #define SHUT_WR SD_SEND 175 | #define SHUT_RDWR SD_BOTH 176 | 177 | #define UDP_NO_CHECK_LAYER IPPROTO_UDP 178 | #define UDP_NO_CHECK_OPTION UDP_NOCHECKSUM 179 | 180 | #ifndef IPV6_V6ONLY 181 | #define IPV6_V6ONLY 27 182 | #endif 183 | 184 | #endif /* __SOCKET_H */ 185 | -------------------------------------------------------------------------------- /src/windows/thread.h: -------------------------------------------------------------------------------- 1 | /* 2 | * thread.h 3 | * (C) 2018, all rights reserved, 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | #ifndef __THREAD_H 19 | #define __THREAD_H 20 | 21 | #include 22 | 23 | typedef HANDLE thread_t; 24 | typedef HANDLE mutex_t; 25 | 26 | static inline int thread_create(thread_t *thread, void *(*start)(void *), 27 | void *arg) 28 | { 29 | *thread = CreateThread(NULL, 1, (LPTHREAD_START_ROUTINE)start, (LPVOID)arg, 30 | 0, NULL); 31 | if (*thread != NULL) 32 | { 33 | CloseHandle(*thread); 34 | } 35 | return (*thread == NULL? -1: 0); 36 | } 37 | 38 | static inline int thread_lock_init(mutex_t *lock) 39 | { 40 | *lock = CreateMutex(NULL, FALSE, NULL); 41 | return (*lock == NULL? -1: 0); 42 | } 43 | 44 | static inline int thread_lock_free(mutex_t *lock) 45 | { 46 | return (CloseHandle(*lock)? 0: -1); 47 | } 48 | 49 | static inline int thread_lock(mutex_t *lock) 50 | { 51 | DWORD result = WaitForSingleObject(*lock, INFINITE); 52 | return (result == WAIT_OBJECT_0? 0: -1); 53 | } 54 | 55 | static inline int thread_unlock(mutex_t *lock) 56 | { 57 | return (ReleaseMutex(*lock)? 0: -1); 58 | } 59 | 60 | #endif /* __THREAD_H */ 61 | --------------------------------------------------------------------------------