static
void do_tcp_connection_destroy(void *userdata)
{
tcp_connection_t* connection = (tcp_connection_t*)userdata;
if (buffer_readablebytes(connection->out_buffer) > 0)
{
channel_clearevent(connection->channel, EPOLLIN);
channel_setevent(connection->channel, EPOLLOUT);
connection->need_closed_after_sent_done = 1;
}
else
{
if (connection->is_in_callback)
{
connection->is_alive = 0;
}
else
{
delete_connection(connection);
}
}
return;
}
/**
* Shutdown a connection and all associated. Also frees the
* proxy_connection structure and removes it from the
* connection_context.
*
* @access private
* @param fd_set master
* @param connection_context *
* @param int hsocket
* @return int success
*/
int _shutdown_connections(fd_set *master, connection_context *ctx, int hSocket) {
proxy_connection *conn;
/* Retrieve the connection context */
if (NULL == (conn= get_connection_by_socket (ctx, hSocket))) {
ERR ("Unable to find proxy connection in context");
return 0;
}
/* Perform filter shutdown */
csta_filter_shutdown(conn);
/* Close all associated sockets */
if (conn->hServer) {
close (conn->hServer);
FD_CLR(conn->hServer, master);
}
if (conn->hClient) {
close (conn->hClient);
FD_CLR(conn->hClient, master);
}
/* Now free anything left */
delete_connection(ctx, conn);
free_connection(&conn);
return 1;
}
static void
delete_clicked (GtkButton *button, gpointer user_data)
{
NMConnectionList *list = user_data;
NMRemoteConnection *connection;
connection = get_active_connection (list->connection_list);
g_return_if_fail (connection != NULL);
delete_connection (GTK_WINDOW (list->dialog), connection,
delete_connection_cb, list);
}
//for array_data_ports
void set_outports(BASE_CL *st, int num){
if (st->outports<=num){
st->outports = num;
return;
}
for (int i=num;i<st->outports;i++){
for (int j=0;j<MAX_CONNECTS;j++){
if (st->out[j].from_port==i){
delete_connection(&st->out[j]);
}
}
}
st->outports = num;
get_session_length();
}
void connection_pool::delete_connection(int16_t id) {
delete_connection(&m_connections[id]);
}
/* FIXME: This should be in userspace. Later. */
static int help(const struct iphdr *iph, size_t len,
struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo)
{
/* tcplen not negative guaranteed by ip_conntrack_tcp.c */
struct tcphdr *tcph = (void *)iph + iph->ihl * 4;
unsigned int tcplen = iph->tot_len - iph->ihl * 4;
// int dir = CTINFO2DIR(ctinfo);
struct pptp_pkt_hdr *pptph;
pptph = (struct pptp_pkt_hdr *) ((char *) iph + sizeof(struct iphdr) + sizeof(struct tcphdr));
/* Until there's been traffic both ways, don't look in packets. */
if (ctinfo != IP_CT_ESTABLISHED
&& ctinfo != IP_CT_ESTABLISHED+IP_CT_IS_REPLY) {
DEBUGP("pptp: Conntrackinfo = %u\n", ctinfo);
return NF_ACCEPT;
}
/* If we get a FIN or RST, this connection's going down, and so is */
/* the GRE tunnel. Deal. */
if (tcph->rst || tcph->fin) {
DEBUGP("pptp: bringing down gre connection.\n");
delete_connection(ct, ctinfo);
}
/* Not whole TCP header? */
if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff*4) {
DEBUGP("pptp: tcplen = %u\n", (unsigned)tcplen);
return NF_ACCEPT;
}
/* Checksum invalid? Ignore. */
/* FIXME: Source route IP option packets --RR */
if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr,
csum_partial((char *)tcph, tcplen, 0))) {
DEBUGP("pptp_help: bad csum: %p %u %u.%u.%u.%u %u.%u.%u.%u\n",
tcph, tcplen, NIPQUAD(iph->saddr),
NIPQUAD(iph->daddr));
/* WHAT?!? Win2k seems to send OUT_CALL_REQ packets with bogus checksums...
*/
/* return NF_ACCEPT; */
}
/* verify we have data (i.e. pptph points before end of packet) */
if ((void *) pptph >= (void *) ((iph) + len)) {
DEBUGP("pptp_help(): no TCP data in pkt\n");
return NF_ACCEPT;
}
/* if it's not a control message we can't do anything with it */
if (ntohs(pptph->packetType) != PPTP_CONTROL_PACKET ||
ntohl(pptph->magicCookie) != PPTP_MAGIC_COOKIE) {
DEBUGP("pptp_help(): not a control pkt\n");
return NF_ACCEPT;
}
if(ctinfo >= IP_CT_IS_REPLY)
ip_inbound_pptp_tcp(iph, ct, ctinfo);
else
ip_outbound_pptp_tcp(iph, ct, ctinfo);
return NF_ACCEPT;
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
//list_public_keys(FALSE, FALSE);
#ifndef SKIP_ORIENT_ASSERT
assert(orient(c1, 500));
#endif
show_one_connection(c1);
#ifndef SKIP_INITIATE
/* do calculation if not -r for regression */
st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0);
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
#endif
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
if(argc != 4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile> <pcapout>\n", progname);
exit(10);
}
tool_init_log();
init_crypto();
load_oswcrypto();
init_fake_vendorid();
init_parker_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
/* input packets */
recv_pcap_setup(argv[2]);
/* output first packets to /dev/null */
send_packet_setup_pcap("/dev/null");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
st = sendI1(c1, DBG_CONTROL, regression == 0);
/* now accept the reply packet */
cur_debugging = DBG_CONTROL|DBG_PARSING;
/* now output interesting packet to capture file */
send_packet_setup_pcap(argv[3]);
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
pcap_close(pt);
recv_pcap_setup(argv[2]);
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* dump the delete message that comes out */
send_packet_setup_pcap("/dev/null");
delete_connection(c1, TRUE);
st = state_with_serialno(1);
if(st!=NULL) {
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
static
void connection_onevent(int fd, int event, void* userdata)
{
tcp_connection_t *connection = (tcp_connection_t*)userdata;
inetaddr_t *peer_addr = &connection->peer_addr;
buffer_t* in_buffer;
buffer_t* out_buffer;
void* data;
unsigned size;
unsigned written;
int error;
log_debug("connection_onevent: fd(%d), event(%d), peer addr: %s:%u", fd, event, peer_addr->ip, peer_addr->port);
if (event & EPOLLHUP)
{
connection->is_connected = 0;
connection->is_in_callback = 1;
connection->closecb(connection, connection->userdata);
connection->is_in_callback = 0;
}
else
{
if (event & EPOLLIN)
{
if (connection->need_closed_after_sent_done == 0)
{
in_buffer = connection->in_buffer;
size = buffer_readFd(in_buffer, connection->fd);
if (0 == size)
{
assert(NULL != connection->closecb);
connection->is_connected = 0;
connection->is_in_callback = 1;
connection->closecb(connection, connection->userdata);
connection->is_in_callback = 0;
}
else
{
assert(NULL != connection->datacb);
connection->is_in_callback = 1;
connection->datacb(connection, in_buffer, connection->userdata);
connection->is_in_callback = 0;
}
}
else
{
char temp[256];
while (read(fd, temp, sizeof(temp)) > 0);
}
}
if (event & EPOLLOUT)
{
out_buffer = connection->out_buffer;
data = buffer_peek(out_buffer);
size = buffer_readablebytes(out_buffer);
written = write(connection->fd, data, size);
if (written < 0)
{
error = errno;
if (error != EAGAIN && error != EINTR)
{
log_error("connection_onevent: write() failed, fd(%d), errno(%d), peer addr: %s:%u", fd, error, peer_addr->ip, peer_addr->port);
return;
}
else
{
written = 0;
}
}
buffer_retrieve(out_buffer, written);
if(written >= size)
{
channel_clearevent(connection->channel, EPOLLOUT);
if (connection->need_closed_after_sent_done)
{
connection->is_alive = 0;
}
}
}
}
if (0 == connection->is_alive)
{
delete_connection(connection);
}
return;
}
/* called when an inotify event is received */
static void process_inotify(int fd)
{
int bytes;
/* union to avoid strict-aliasing problems */
union {
char buffer[256]; /* a tad large */
struct inotify_event event;
} eventbuf;
bytes = read(fd, &eventbuf.buffer, sizeof(eventbuf.buffer));
acpid_log(LOG_DEBUG, "inotify read bytes: %d", bytes);
/* eof is not expected */
if (bytes == 0) {
acpid_log(LOG_WARNING, "inotify fd eof encountered");
return;
}
else if (bytes < 0) {
/* EINVAL means buffer wasn't big enough. See inotify(7). */
acpid_log(LOG_ERR, "inotify read error: %s (%d)",
strerror(errno), errno);
acpid_log(LOG_ERR, "disconnecting from inotify");
delete_connection(fd);
return;
}
acpid_log(LOG_DEBUG, "inotify name len: %d", eventbuf.event.len);
const int dnsize = 256;
char devname[dnsize];
/* if a name is included */
if (eventbuf.event.len > 0) {
/* devname = ACPID_INPUTLAYERDIR + "/" + pevent -> name */
strcpy(devname, ACPID_INPUTLAYERDIR);
strcat(devname, "/");
strncat(devname, eventbuf.event.name, dnsize - strlen(devname) - 1);
}
/* if this is a create */
if (eventbuf.event.mask & IN_CREATE) {
acpid_log(LOG_DEBUG, "inotify about to open: %s", devname);
open_inputfile(devname);
}
/* if this is a delete */
if (eventbuf.event.mask & IN_DELETE) {
/* struct connection *c; */
acpid_log(LOG_DEBUG, "inotify received a delete for: %s", devname);
#if 0
/* Switching back to the original ENODEV detection scheme. See
process_input() in input_layer.c. */
/* keeping this for future reference */
/* search for the event file in the connection list */
/* ??? Or should we just have a delete_connection_name()? */
c = find_connection_name(devname);
/* close that connection if found */
if (c)
delete_connection(c->fd);
#endif
}
}
int main(int argc, char *argv[])
{
int len;
char *infile, *pcapin, *pcapout;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
char eb1[256]; /* error buffer for pcap open */
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc <= 4) {
usage:
fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin> <pcapout>\n", progname);
exit(10);
}
/* argv[1] == "-r" ?? */
tool_init_log();
init_crypto();
init_fake_vendorid();
init_fake_secrets();
init_jamesjohnson_interface();
infile = NULL;
conn_name = NULL;
pcapin = NULL;
pcapout = NULL;
argc--; argv++;
if(argc > 0) {
infile = argv[0];
argc--; argv++;
}
if(argc > 0) {
conn_name = argv[0];
argc--; argv++;
}
if(argc > 0) {
pcapin = argv[0];
argc--; argv++;
}
if(argc > 0) {
pcapout = argv[0];
argc--; argv++;
}
if(conn_name == NULL ||
infile == NULL ||
pcapin == NULL ||
pcapout == NULL) {
goto usage;
}
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1, whack_log);
send_packet_setup_pcap(pcapout);
/* setup to process the I1 packet */
recv_pcap_setup(pcapin);
cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* clean up so that we can see any leaks */
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
/* Handle a kernel request. Supposedly, there's a message in
* the kernelsock socket.
*/
void
whack_handle(int whackctlfd)
{
struct whack_message msg;
struct sockaddr_un whackaddr;
int whackaddrlen = sizeof(whackaddr);
int whackfd = accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen);
ssize_t n;
if (whackfd < 0)
{
log_errno((e, "accept() failed in whack_handle()"));
return;
}
n = read(whackfd, &msg, sizeof(msg));
if (n == -1)
{
log_errno((e, "read() failed in whack_handle()"));
close(whackfd);
return;
}
whack_log_fd = whackfd;
/* sanity check message */
{
err_t ugh = NULL;
next_str = msg.string;
str_roof = (char *)&msg + n;
if (next_str > str_roof)
{
ugh = builddiag("truncated message from whack: got %d bytes; expected %d. Message ignored."
, n, (int) sizeof(msg));
}
else if (msg.magic != WHACK_MAGIC)
{
ugh = builddiag("message from whack has bad magic %d; should be %d; probably wrong version. Message ignored"
, msg.magic, WHACK_MAGIC);
}
else if (!unpack_str(&msg.name) /* string 1 */
|| !unpack_str(&msg.left.id) /* string 2 */
|| !unpack_str(&msg.left.cert) /* string 3 */
|| !unpack_str(&msg.left.updown) /* string 4 */
#ifdef VIRTUAL_IP
|| !unpack_str(&msg.left.virt)
#endif
|| !unpack_str(&msg.right.id) /* string 5 */
|| !unpack_str(&msg.right.cert) /* string 6 */
|| !unpack_str(&msg.right.updown) /* string 7 */
#ifdef VIRTUAL_IP
|| !unpack_str(&msg.right.virt)
#endif
|| !unpack_str(&msg.keyid) /* string 8 */
|| !unpack_str(&msg.ike) /* string 9 */
|| !unpack_str(&msg.esp) /* string 10 */
|| !unpack_str(&msg.dnshostname) /* string 11 */
|| str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */
{
ugh = "message from whack contains bad string";
}
else
{
msg.keyval.ptr = next_str; /* grab chunk */
}
if (ugh != NULL)
{
loglog(RC_BADWHACKMESSAGE, "%s", ugh);
whack_log_fd = NULL_FD;
close(whackfd);
return;
}
}
if (msg.whack_options)
{
#ifdef DEBUG
if (msg.name == NULL)
{
/* we do a two-step so that if either old or new would
* cause the message to print, it will be printed.
*/
cur_debugging |= msg.debugging;
DBG(DBG_CONTROL
, DBG_log("base debugging = %s"
, bitnamesof(debug_bit_names, msg.debugging)));
cur_debugging = base_debugging = msg.debugging;
}
else if (!msg.whack_connection)
{
struct connection *c = con_by_name(msg.name, TRUE);
if (c != NULL)
{
c->extra_debugging = msg.debugging;
DBG(DBG_CONTROL
, DBG_log("\"%s\" extra_debugging = %s"
, c->name
, bitnamesof(debug_bit_names, c->extra_debugging)));
}
}
#endif
}
/* Deleting combined with adding a connection works as replace.
* To make this more useful, in only this combination,
* delete will silently ignore the lack of the connection.
*/
if (msg.whack_delete)
{
struct connection *c = con_by_name(msg.name, !msg.whack_connection);
/* note: this is a "while" because road warrior
* leads to multiple connections with the same name.
*/
for (; c != NULL; c = con_by_name(msg.name, FALSE))
delete_connection(c);
}
if (msg.whack_deletestate)
{
struct state *st = state_with_serialno(msg.whack_deletestateno);
if (st == NULL)
{
loglog(RC_UNKNOWN_NAME, "no state #%lu to delete"
, msg.whack_deletestateno);
}
else
{
delete_state(st);
}
}
if (msg.whack_connection)
add_connection(&msg);
/* process "listen" before any operation that could require it */
if (msg.whack_listen)
{
log("listening for IKE messages");
listening = TRUE;
find_ifaces();
load_preshared_secrets();
}
if (msg.whack_unlisten)
{
log("no longer listening for IKE messages");
listening = FALSE;
}
if (msg.whack_reread & REREAD_SECRETS)
{
load_preshared_secrets();
}
if (msg.whack_reread & REREAD_MYCERT)
{
load_mycert();
}
if (msg.whack_reread & REREAD_CACERTS)
{
load_cacerts();
}
if (msg.whack_reread & REREAD_CRLS)
{
load_crls();
}
if (msg.whack_list & LIST_PUBKEYS)
{
list_public_keys(msg.whack_utc);
}
if (msg.whack_list & LIST_CERTS)
{
list_certs(msg.whack_utc);
}
if (msg.whack_list & LIST_CACERTS)
{
list_cacerts(msg.whack_utc);
}
if (msg.whack_list & LIST_CRLS)
{
list_crls(msg.whack_utc);
}
if (msg.whack_key)
{
/* add a public key */
struct id keyid;
err_t ugh = atoid(msg.keyid, &keyid);
if (ugh != NULL)
{
loglog(RC_BADID, "bad --keyid \"%s\": %s", msg.keyid, ugh);
}
else
{
if (!msg.whack_addkey)
delete_public_keys(&keyid, msg.pubkey_alg);
if (msg.keyval.len == 0)
{
struct key_add_continuation *kc
= alloc_thing(struct key_add_continuation
, "key add continuation");
int wfd = dup_any(whackfd);
kc->whack_fd = wfd;
ugh = start_adns_query(&keyid
, NULL
, T_KEY
, key_add_continue
, &kc->ac);
if (ugh != NULL)
{
key_add_ugh(&keyid, ugh);
close_any(wfd);
}
}
else
{
ugh = add_public_key(&keyid, DAL_LOCAL, msg.pubkey_alg
, &msg.keyval, &pubkeys);
if (ugh != NULL)
loglog(RC_LOG_SERIOUS, "%s", ugh);
}
}
}
