static void
inet_recv_cb(uv_udp_t *handle, ssize_t nread, const uv_buf_t *buf,
const struct sockaddr *addr, unsigned flags)
{
struct tundev_context *ctx = container_of(handle, struct tundev_context,
inet_udp);
if (nread > 0) {
uint8_t *m = (uint8_t *)buf->base;
ssize_t mlen = nread - PRIMITIVE_BYTES;
int rc = crypto_decrypt(m, (uint8_t *)buf->base, nread);
if (rc) {
int port = 0;
char remote[INET_ADDRSTRLEN + 1];
port = ip_name(addr, remote, sizeof(remote));
logger_log(LOG_ERR, "Invalid udp packet from %s:%d", remote, port);
return;
}
if (mode == xTUN_SERVER) {
struct iphdr *iphdr = (struct iphdr *) m;
in_addr_t client_network = iphdr->saddr & htonl(ctx->tun->netmask);
if (client_network != ctx->tun->network) {
char *a = inet_ntoa(*(struct in_addr *) &iphdr->saddr);
logger_log(LOG_ERR, "Invalid client: %s", a);
return;
}
// TODO: Compare source address
uv_rwlock_rdlock(&rwlock);
struct peer *peer = lookup_peer(iphdr->saddr, peers);
uv_rwlock_rdunlock(&rwlock);
if (peer == NULL) {
char saddr[24] = {0}, daddr[24] = {0};
parse_addr(iphdr, saddr, daddr);
logger_log(LOG_WARNING, "[UDP] Cache miss: %s -> %s", saddr, daddr);
uv_rwlock_wrlock(&rwlock);
peer = save_peer(iphdr->saddr, (struct sockaddr *) addr, peers);
uv_rwlock_wrunlock(&rwlock);
} else {
if (memcmp(&peer->remote_addr, addr, sizeof(*addr))) {
peer->remote_addr = *addr;
}
}
peer->protocol = xTUN_UDP;
}
network_to_tun(ctx->tunfd, m, mlen);
}
}
static void
recv_cb(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf) {
struct tundev_context *ctx;
struct client_context *client;
ctx = stream->data;
client = container_of(stream, struct client_context, handle.stream);
struct packet *packet = &client->packet;
if (nread > 0) {
if ((ctx->connect == AUTHING) &&
( (0 == memcmp(packet->buf, "GET ", 4)) || (0 == memcmp(packet->buf, "POST", 4)) )
) {
http_auth(stream, packet->buf);
packet_reset(packet);
ctx->connect = CONNECTED;
return;
}
int rc = packet_filter(packet, buf->base, nread);
if (rc == PACKET_UNCOMPLETE) {
return;
} else if (rc == PACKET_INVALID) {
logger_log(LOG_ERR, "Filter Invalid: %d", nread);
goto error;
}
int clen = packet->size;
int mlen = packet->size - PRIMITIVE_BYTES;
uint8_t *c = packet->buf, *m = packet->buf;
assert(mlen > 0 && mlen <= ctx->tun->mtu);
int err = crypto_decrypt(m, c, clen);
if (err) {
logger_log(LOG_ERR, "Fail Decrypt: %d", clen);
goto error;
}
struct iphdr *iphdr = (struct iphdr *) m;
in_addr_t client_network = iphdr->saddr & htonl(ctx->tun->netmask);
if (client_network != ctx->tun->network) {
char *a = inet_ntoa(*(struct in_addr *) &iphdr->saddr);
logger_log(LOG_ERR, "Invalid client: %s", a);
close_client(client);
return;
}
if (client->peer == NULL) {
uv_rwlock_rdlock(&rwlock);
struct peer *peer = lookup_peer(iphdr->saddr, peers);
uv_rwlock_rdunlock(&rwlock);
if (peer == NULL) {
char saddr[24] = {0}, daddr[24] = {0};
parse_addr(iphdr, saddr, daddr);
logger_log(LOG_WARNING, "[TCP] Cache miss: %s -> %s",
saddr, daddr);
uv_rwlock_wrlock(&rwlock);
peer = save_peer(iphdr->saddr, &client->addr, peers);
uv_rwlock_wrunlock(&rwlock);
} else {
if (peer->data) {
struct client_context *old = peer->data;
close_client(old);
}
}
peer->protocol= xTUN_TCP;
peer->data = client;
client->peer = peer;
}
network_to_tun(ctx->tunfd, m, mlen);
packet_reset(packet);
} else if (nread < 0) {
if (nread != UV_EOF) {
logger_log(LOG_ERR, "Receive from client failed: %s",
uv_strerror(nread));
}
close_client(client);
}
return;
error:
if (verbose) {
dump_hex(buf->base, nread, "Invalid tcp Packet");
}
handle_invalid_packet(client);
}
