[people/stevee/aiccu.git] / common / ayiya.c

/**********************************************************
 SixXS - Automatic IPv6 Connectivity Configuration Utility
***********************************************************
 Copyright 2003-2005 SixXS - http://www.sixxs.net
***********************************************************
 common/ayiya.c - AYIYA - Anything In Anything
***********************************************************
 $Author: jeroen $
 $Id: ayiya.c,v 1.15 2007-01-07 16:17:48 jeroen Exp $
 $Date: 2007-01-07 16:17:48 $
**********************************************************/

#include "aiccu.h"
#include "ayiya.h"
#include "tic.h"
#include "tun.h"

struct pseudo_ayh
{
	struct ayiyahdr	ayh;
	struct in6_addr	identity;
	sha1_byte	hash[SHA1_DIGEST_LENGTH];
	char		payload[2048];
};

struct in_addr		ayiya_ipv4_pop;			/* IPv4 remote endpoint */
struct in6_addr		ayiya_ipv6_local,		/* IPv6 local  endpoint */
			ayiya_ipv6_pop;			/* IPv6 remote endpoint */
sha1_byte		ayiya_hash[SHA1_DIGEST_LENGTH];	/* SHA1 Hash of the shared secret. */

TLSSOCKET ayiya_socket = NULL;

static const char reader_name[]	= "tundev->tun";
static const char writer_name[]	= "tun->tundev";
static const char beat_name[]	= "beat";

void ayiya_log(int level, const char *what, struct sockaddr_storage *clientaddr, socklen_t addrlen, const char *fmt, ...);
void ayiya_log(int level, const char *what, struct sockaddr_storage *clientaddr, socklen_t addrlen, const char *fmt, ...)
{
	char	buf[1024];
	char	clienthost[NI_MAXHOST];
	char	clientservice[NI_MAXSERV];
	va_list	ap;

	/* Clear them just in case */
	memset(buf, 0, sizeof(buf));
	memset(clienthost, 0, sizeof(clienthost));
	memset(clientservice, 0, sizeof(clientservice));

	if (clientaddr)
	{
		int ret;
		ret = getnameinfo((struct sockaddr *)clientaddr, addrlen,
			clienthost, sizeof(clienthost),
			clientservice, sizeof(clientservice),
			NI_NUMERICHOST|NI_NUMERICSERV);
		if (ret != 0)
		{
			dolog(LOG_ERR, "ayiya_log() getnameinfo() ret: %d, errno: %u, %s\n", ret, errno, strerror(errno));
		}
	}

	/* Print the host+port this is coming from */
	snprintf(buf, sizeof(buf), "[AYIYA-%s]%s%s%s%s : ",
		what,
		clientaddr ? " [" : "",
		clientaddr ? clienthost : "" ,
		clientaddr ? "]:" : "",
		clientservice ? clientservice : "");

	/* Print the log message behind it */
	va_start(ap, fmt);
	vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), fmt, ap);
	va_end(ap);
	
	/* Actually Log it */
	dolog(level, buf);
}

/* Tun -> Socket */
void ayiya_reader(char *buf, unsigned int length);
void ayiya_reader(char *buf, unsigned int length)
{
	struct pseudo_ayh	*s = (struct pseudo_ayh *)buf, s2;
	int			lenout;
	SHA_CTX			sha1;
	sha1_byte		hash[SHA1_DIGEST_LENGTH];
	struct sockaddr_in	target;

	/* We tunnel over IPv4 */
	memcpy(&target.sin_addr, &ayiya_ipv4_pop, sizeof(target.sin_addr));
	target.sin_family = AF_INET;
	target.sin_port = htons(atoi(AYIYA_PORT));
	
	/* Prefill some standard AYIYA values */
	memset(&s, 0, sizeof(s));
	s2.ayh.ayh_idlen	= 4;			/* 2^4 = 16 bytes = 128 bits (IPv6 address) */
	s2.ayh.ayh_idtype	= ayiya_id_integer;
	s2.ayh.ayh_siglen	= 5;			/* 5*4 = 20 bytes = 160 bits (SHA1) */
	s2.ayh.ayh_hshmeth	= ayiya_hash_sha1;
	s2.ayh.ayh_autmeth	= ayiya_auth_sharedsecret;
	s2.ayh.ayh_opcode	= ayiya_op_forward;
	s2.ayh.ayh_nextheader	= IPPROTO_IPV6;

	/* Our IPv6 side of this tunnel */
	memcpy(&s2.identity, &ayiya_ipv6_local, sizeof(s2.identity));

	/* The payload */
	memcpy(&s2.payload, buf, length);

	/* Fill in the current time */
	s2.ayh.ayh_epochtime = htonl((u_long)time(NULL));

	/*
	 * The hash of the shared secret needs to be in the
	 * spot where we later put the complete hash
	 */
	memcpy(&s2.hash, ayiya_hash, sizeof(s2.hash));

	/* Generate a SHA1 */
	SHA1_Init(&sha1);
	/* Hash the complete AYIYA packet */
	SHA1_Update(&sha1, (sha1_byte *)&s2, sizeof(s2)-sizeof(s2.payload)+length);
	/* Store the hash in the packets hash */
	SHA1_Final(hash, &sha1);

	/* Store the hash in the actual packet */
	memcpy(&s2.hash, &hash, sizeof(s2.hash));

	/* Send it onto the network */
	length = sizeof(s2)-sizeof(s2.payload)+length;
#if defined(_FREEBSD) || defined(_DFBSD) || defined(_OPENBSD) || defined(_DARWIN) || defined(_NETBSD)
	lenout = send(ayiya_socket->socket, (const char *)&s2, length, 0);
#else
	lenout = sendto(ayiya_socket->socket, (const char *)&s2, length, 0, (struct sockaddr *)&target, sizeof(target));
#endif
	if (lenout < 0)
	{
		ayiya_log(LOG_ERR, reader_name, NULL, 0, "Error (%d) while sending %u bytes to network: %s (%d)\n", lenout, length, strerror(errno), errno);
	}
	else if (length != (unsigned int)lenout)
	{
		ayiya_log(LOG_ERR, reader_name, NULL, 0, "Only %u of %u bytes sent to network: %s (%s)\n", lenout, length, strerror(errno), errno);
	}
}

struct tun_reader ayiya_tun = { (TUN_PROCESS)ayiya_reader };

/* Socket -> Tun */
#ifndef _WIN32
void *ayiya_writer(void UNUSED *arg);
void *ayiya_writer(void UNUSED *arg)
#else
DWORD WINAPI ayiya_writer(LPVOID arg);
DWORD WINAPI ayiya_writer(LPVOID arg)
#endif
{
	unsigned char		buf[2048];
	struct pseudo_ayh	*s = (struct pseudo_ayh *)buf;
	struct sockaddr_storage	ci;
	socklen_t		cl;
	int			i, n;
	unsigned int		payloadlen = 0;
	SHA_CTX			sha1;
	sha1_byte		their_hash[SHA1_DIGEST_LENGTH],
				our_hash[SHA1_DIGEST_LENGTH];

	ayiya_log(LOG_INFO, writer_name, NULL, 0, "(Socket to TUN) started\n");

	/* Tun/TAP device is now running */
	g_aiccu->tunrunning = true;

	while (true)
	{
		cl = sizeof(ci);
		memset(buf, 0, sizeof(buf));
		n = recvfrom(ayiya_socket->socket, (char *)buf, sizeof(buf), 0, (struct sockaddr *)&ci, &cl);

		if (n < 0) continue;

		if (n < (int)sizeof(struct ayiyahdr))
		{
			ayiya_log(LOG_WARNING, writer_name, &ci, cl, "Received packet is too short");
			continue;
		}

		if (	s->ayh.ayh_idlen != 4 ||
			s->ayh.ayh_idtype != ayiya_id_integer ||
			s->ayh.ayh_siglen != 5 ||
			s->ayh.ayh_hshmeth != ayiya_hash_sha1 ||
			s->ayh.ayh_autmeth != ayiya_auth_sharedsecret ||
			(s->ayh.ayh_nextheader != IPPROTO_IPV6 &&
			 s->ayh.ayh_nextheader != IPPROTO_NONE) ||
			(s->ayh.ayh_opcode != ayiya_op_forward &&
			 s->ayh.ayh_opcode != ayiya_op_echo_request &&
			 s->ayh.ayh_opcode != ayiya_op_echo_request_forward))
		{
			/* Invalid AYIYA packet */
			ayiya_log(LOG_ERR, writer_name, &ci, cl, "Dropping invalid AYIYA packet\n");
			ayiya_log(LOG_ERR, writer_name, &ci, cl, "idlen:   %u != %u\n", s->ayh.ayh_idlen, 4);
			ayiya_log(LOG_ERR, writer_name, &ci, cl, "idtype:  %u != %u\n", s->ayh.ayh_idtype, ayiya_id_integer);
			ayiya_log(LOG_ERR, writer_name, &ci, cl, "siglen:  %u != %u\n", s->ayh.ayh_siglen, 5);
			ayiya_log(LOG_ERR, writer_name, &ci, cl, "hshmeth: %u != %u\n", s->ayh.ayh_hshmeth, ayiya_hash_sha1);
			ayiya_log(LOG_ERR, writer_name, &ci, cl, "autmeth: %u != %u\n", s->ayh.ayh_autmeth, ayiya_auth_sharedsecret);
			ayiya_log(LOG_ERR, writer_name, &ci, cl, "nexth  : %u != %u || %u\n", s->ayh.ayh_nextheader, IPPROTO_IPV6, IPPROTO_NONE);
			ayiya_log(LOG_ERR, writer_name, &ci, cl, "opcode : %u != %u || %u || %u\n", s->ayh.ayh_opcode, ayiya_op_forward, ayiya_op_echo_request, ayiya_op_echo_request_forward);
			continue;
		}

		if (memcmp(&s->identity, &ayiya_ipv6_pop, sizeof(s->identity)) != 0)
		{
			memset(buf, 0, sizeof(buf));
			inet_ntop(AF_INET6, &s->identity, (char *)&buf, sizeof(buf));
			ayiya_log(LOG_WARNING, writer_name, &ci, cl, "Received packet from a wrong identity \"%s\"\n", buf);
			continue;
		}
	
		/* Verify the epochtime */
		i = tic_checktime(ntohl(s->ayh.ayh_epochtime));
		if (i != 0)
		{
			memset(buf, 0, sizeof(buf));
			inet_ntop(AF_INET6, &s->identity, (char *)&buf, sizeof(buf));
			ayiya_log(LOG_WARNING, writer_name, &ci, cl, "Time is %d seconds off for %s\n", i, buf);
			continue;
		}
	
		/* How long is the payload? */
		payloadlen = n - (sizeof(*s) - sizeof(s->payload));
	
		/* Save their hash */
		memcpy(&their_hash, &s->hash, sizeof(their_hash));

		/* Copy in our SHA1 hash */
		memcpy(&s->hash, &ayiya_hash, sizeof(s->hash));

		/* Generate a SHA1 of the header + identity + shared secret */
		SHA1_Init(&sha1);
		/* Hash the Packet */
		SHA1_Update(&sha1, (sha1_byte *)s, n);
		/* Store the hash */
		SHA1_Final(our_hash, &sha1);

		memcpy(&s->hash, &our_hash, sizeof(s->hash));

		/* Compare the SHA1's */
		if (memcmp(&their_hash, &our_hash, sizeof(their_hash)) != 0)
		{
			ayiya_log(LOG_WARNING, writer_name, &ci, cl, "Incorrect Hash received\n");
			continue;
		}

		if (s->ayh.ayh_nextheader == IPPROTO_IPV6)
		{
			/* Verify that this is really IPv6 */
			if (s->payload[0] >> 4 != 6)
			{
				ayiya_log(LOG_ERR, writer_name, &ci, cl, "Received packet didn't start with a 6, thus is not IPv6\n");
				continue;
			}

			/* Forward the packet to the kernel */
			tun_write(s->payload, payloadlen);
		}
	}

	/* Tun/TAP device is not running anymore */
	g_aiccu->tunrunning = false;

#ifndef _WIN32
	return NULL;
#else
	return 0;
#endif
}

/* Construct a beat and send it outwards */
void ayiya_beat(void)
{
	SHA_CTX			sha1;
	sha1_byte		hash[SHA1_DIGEST_LENGTH];
	struct sockaddr_in	target;
	struct pseudo_ayh	s;
	int			lenout, n;

	/* We tunnel over IPv4 */
	memcpy(&target.sin_addr, &ayiya_ipv4_pop, sizeof(target.sin_addr));
	target.sin_family	= AF_INET;
	target.sin_port		= htons(atoi(AYIYA_PORT));

	/* Prefill some standard AYIYA values */
	memset(&s, 0, sizeof(s));
	s.ayh.ayh_idlen		= 4;			/* 2^4 = 16 bytes = 128 bits (IPv6 address) */
	s.ayh.ayh_idtype	= ayiya_id_integer;
	s.ayh.ayh_siglen	= 5;			/* 5*4 = 20 bytes = 160 bits (SHA1) */
	s.ayh.ayh_hshmeth	= ayiya_hash_sha1;
	s.ayh.ayh_autmeth	= ayiya_auth_sharedsecret;
	s.ayh.ayh_opcode	= ayiya_op_noop;
	s.ayh.ayh_nextheader	= IPPROTO_NONE;

	/* Our IPv6 side of this tunnel */
	memcpy(&s.identity, &ayiya_ipv6_local, sizeof(s.identity));

	/* No Payload */

	/* Fill in the current time */
	s.ayh.ayh_epochtime = htonl((u_long)time(NULL));

	/* Our IPv6 side of this tunnel */
	memcpy(&s.identity, &ayiya_ipv6_local, sizeof(s.identity));

	/*
	 * The hash of the shared secret needs to be in the
	 * spot where we later put the complete hash
	 */
        memcpy(&s.hash, ayiya_hash, sizeof(s.hash));

	/* Generate a SHA1 */
	SHA1_Init(&sha1);
	/* Hash the complete AYIYA packet */
	SHA1_Update(&sha1, (sha1_byte *)&s, sizeof(s)-sizeof(s.payload));
	/* Store the hash in the packets hash */
	SHA1_Final(hash, &sha1);

	/* Store the hash in the actual packet */
	memcpy(&s.hash, &hash, sizeof(s.hash));

	/* Send it onto the network */
	n = sizeof(s)-sizeof(s.payload);
#if defined(_FREEBSD) || defined(_DFBSD) || defined(_OPENBSD) || defined(_DARWIN) || defined(_NETBSD)
	lenout = send(ayiya_socket->socket, (const char *)&s, (unsigned int)n, 0);
#else
	lenout = sendto(ayiya_socket->socket, (const char *)&s, (unsigned int)n, 0, (struct sockaddr *)&target, sizeof(target));
#endif
	if (lenout < 0)
	{
		ayiya_log(LOG_ERR, beat_name, NULL, 0, "Error (%d) while sending %u bytes sent to network: %s (%d)\n", lenout, n, strerror(errno), errno);
	}
	else if (n != lenout)
	{
		ayiya_log(LOG_ERR, beat_name, NULL, 0, "Only %u of %u bytes sent to network: %s (%d)\n", lenout, n, strerror(errno), errno);
	}
}

bool ayiya(struct TIC_Tunnel *hTunnel)
{
        SHA_CTX			sha1;
	struct addrinfo hints, *res, *ressave;
#ifndef _WIN32
	pthread_t		thread;
#else
	DWORD			pID;
	HANDLE			h;
#endif

	/* Setup the tunnel */
	if (!tun_start(&ayiya_tun)) return false;

	/* Resolve hTunnel entries */
	memset(&hints, 0, sizeof(struct addrinfo));
	hints.ai_family = AF_INET;
	hints.ai_socktype = SOCK_DGRAM;

	if (getaddrinfo(hTunnel->sIPv4_POP, AYIYA_PORT, &hints, &res) != 0)
	{
		dolog(LOG_ERR, "Couldn't resolve PoP IPv4 %s\n", hTunnel->sIPv4_POP);
		return false;
	}
	ressave = res;
        while (res)
        {
		if (res->ai_family != AF_INET)
		{
			res = res->ai_next;
			continue;
		}
		memcpy(&ayiya_ipv4_pop, &((struct sockaddr_in *)res->ai_addr)->sin_addr, 4);
		break;
        }
        freeaddrinfo(ressave);
        if (res == NULL)
        {
		dolog(LOG_ERR, "No valid IPv4 address for PoP address %s could be found\n", hTunnel->sIPv4_POP);
		return false;
        }

	memset(&hints, 0, sizeof(struct addrinfo));
	hints.ai_family = AF_INET6;
	if (getaddrinfo(hTunnel->sIPv6_Local, NULL, &hints, &res) != 0)
	{
		dolog(LOG_ERR, "Couldn't resolve Local IPv6 %s\n", hTunnel->sIPv6_Local);
		return false;
	}
	ressave = res;
        while (res)
        {
		if (res->ai_family != AF_INET6)
		{
			res = res->ai_next;
			continue;
		}
		memcpy(&ayiya_ipv6_local, &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, 16);
		break;
        }
        freeaddrinfo(ressave);
        if (res == NULL)
        {
		dolog(LOG_ERR, "No valid IPv6 address for Local IPv6 address %s could be found\n", hTunnel->sIPv6_Local);
		return false;
        }

	memset(&hints, 0, sizeof(struct addrinfo));
	hints.ai_family = AF_INET6;
	if (getaddrinfo(hTunnel->sIPv6_POP, NULL, &hints, &res) != 0)
	{
		dolog(LOG_ERR, "Couldn't resolve Local IPv6 %s\n", hTunnel->sIPv6_POP);
		return false;
	}
	ressave = res;
        while (res)
        {
		if (res->ai_family != AF_INET6)
		{
			res = res->ai_next;
			continue;
		}
		memcpy(&ayiya_ipv6_pop, &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, 16);
		break;
        }
        freeaddrinfo(ressave);
        if (res == NULL)
        {
		dolog(LOG_ERR, "No valid IPv6 address for POP IPv6 address %s could be found\n", hTunnel->sIPv6_POP);
		return false;
        }

	if (!hTunnel->sPassword)
	{
		dolog(LOG_ERR, "A password is required for using AYIYA tunnels\n");
		return false;
	}

	/* Generate a SHA1 of the shared secret */
	SHA1_Init(&sha1);
	SHA1_Update(&sha1, (const sha1_byte *)hTunnel->sPassword, (unsigned int)strlen(hTunnel->sPassword));
	SHA1_Final(ayiya_hash, &sha1);

	/* Setup listening socket */
	ayiya_socket = connect_client(hTunnel->sIPv4_POP , AYIYA_PORT, AF_INET, SOCK_DGRAM);
	if (!ayiya_socket)
	{
		ayiya_log(LOG_ERR, "start", NULL, 0, "Connection error:: could not create connection to AYIYA server\n");
		return false;
	}

	/* Let AICCU configure the thing */
	if (!aiccu_setup(hTunnel, false))
	{
		return false;
	}

	/* Show that we have started */
	ayiya_log(LOG_INFO, "start", NULL, 0, "Anything in Anything (%s)\n", AYIYA_VERSION);

	/* Launch a thread for reader */
#ifndef _WIN32
	pthread_create(&thread, NULL, ayiya_writer, (void *)hTunnel);
#else
	h = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ayiya_writer, hTunnel, 0, &pID);
#endif

	return true;
}
Commit	Line	Data
d98f6a46 SS	1	/**********************************************************
	2	SixXS - Automatic IPv6 Connectivity Configuration Utility
	3	***********************************************************
	4	Copyright 2003-2005 SixXS - http://www.sixxs.net
	5	***********************************************************
	6	common/ayiya.c - AYIYA - Anything In Anything
	7	***********************************************************
	8	$Author: jeroen $
	9	$Id: ayiya.c,v 1.15 2007-01-07 16:17:48 jeroen Exp $
	10	$Date: 2007-01-07 16:17:48 $
	11	**********************************************************/
	12
	13	#include "aiccu.h"
	14	#include "ayiya.h"
	15	#include "tic.h"
	16	#include "tun.h"
	17
	18	struct pseudo_ayh
	19	{
	20	struct ayiyahdr ayh;
	21	struct in6_addr identity;
	22	sha1_byte hash[SHA1_DIGEST_LENGTH];
	23	char payload[2048];
	24	};
	25
	26	struct in_addr ayiya_ipv4_pop; /* IPv4 remote endpoint */
	27	struct in6_addr ayiya_ipv6_local, /* IPv6 local endpoint */
	28	ayiya_ipv6_pop; /* IPv6 remote endpoint */
	29	sha1_byte ayiya_hash[SHA1_DIGEST_LENGTH]; /* SHA1 Hash of the shared secret. */
	30
	31	TLSSOCKET ayiya_socket = NULL;
	32
	33	static const char reader_name[] = "tundev->tun";
	34	static const char writer_name[] = "tun->tundev";
	35	static const char beat_name[] = "beat";
	36
	37	void ayiya_log(int level, const char what, struct sockaddr_storage clientaddr, socklen_t addrlen, const char *fmt, ...);
	38	void ayiya_log(int level, const char what, struct sockaddr_storage clientaddr, socklen_t addrlen, const char *fmt, ...)
	39	{
	40	char buf[1024];
	41	char clienthost[NI_MAXHOST];
	42	char clientservice[NI_MAXSERV];
	43	va_list ap;
	44
	45	/* Clear them just in case */
	46	memset(buf, 0, sizeof(buf));
	47	memset(clienthost, 0, sizeof(clienthost));
	48	memset(clientservice, 0, sizeof(clientservice));
	49
	50	if (clientaddr)
	51	{
	52	int ret;
	53	ret = getnameinfo((struct sockaddr *)clientaddr, addrlen,
	54	clienthost, sizeof(clienthost),
	55	clientservice, sizeof(clientservice),
	56	NI_NUMERICHOST\|NI_NUMERICSERV);
	57	if (ret != 0)
	58	{
	59	dolog(LOG_ERR, "ayiya_log() getnameinfo() ret: %d, errno: %u, %s\n", ret, errno, strerror(errno));
	60	}
	61	}
	62
	63	/* Print the host+port this is coming from */
	64	snprintf(buf, sizeof(buf), "[AYIYA-%s]%s%s%s%s : ",
65	what,
66	clientaddr ? " [" : "",
67	clientaddr ? clienthost : "" ,
68	clientaddr ? "]:" : "",
69	clientservice ? clientservice : "");
70
71	/* Print the log message behind it */
72	va_start(ap, fmt);
73	vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), fmt, ap);
74	va_end(ap);
75
76	/* Actually Log it */
77	dolog(level, buf);
78	}
79
80	/* Tun -> Socket */
81	void ayiya_reader(char *buf, unsigned int length);
82	void ayiya_reader(char *buf, unsigned int length)
83	{
84	struct pseudo_ayh s = (struct pseudo_ayh )buf, s2;
85	int lenout;
86	SHA_CTX sha1;
87	sha1_byte hash[SHA1_DIGEST_LENGTH];
88	struct sockaddr_in target;
89
90	/* We tunnel over IPv4 */
91	memcpy(&target.sin_addr, &ayiya_ipv4_pop, sizeof(target.sin_addr));
92	target.sin_family = AF_INET;
93	target.sin_port = htons(atoi(AYIYA_PORT));
94
95	/* Prefill some standard AYIYA values */
96	memset(&s, 0, sizeof(s));
97	s2.ayh.ayh_idlen = 4; /* 2^4 = 16 bytes = 128 bits (IPv6 address) */
98	s2.ayh.ayh_idtype = ayiya_id_integer;
99	s2.ayh.ayh_siglen = 5; /* 54 = 20 bytes = 160 bits (SHA1) /
100	s2.ayh.ayh_hshmeth = ayiya_hash_sha1;
101	s2.ayh.ayh_autmeth = ayiya_auth_sharedsecret;
102	s2.ayh.ayh_opcode = ayiya_op_forward;
103	s2.ayh.ayh_nextheader = IPPROTO_IPV6;
104
105	/* Our IPv6 side of this tunnel */
106	memcpy(&s2.identity, &ayiya_ipv6_local, sizeof(s2.identity));
107
108	/* The payload */
109	memcpy(&s2.payload, buf, length);
110
111	/* Fill in the current time */
112	s2.ayh.ayh_epochtime = htonl((u_long)time(NULL));
113
114	/*
115	* The hash of the shared secret needs to be in the
116	* spot where we later put the complete hash
117	*/
118	memcpy(&s2.hash, ayiya_hash, sizeof(s2.hash));
119
120	/* Generate a SHA1 */
121	SHA1_Init(&sha1);
122	/* Hash the complete AYIYA packet */
123	SHA1_Update(&sha1, (sha1_byte *)&s2, sizeof(s2)-sizeof(s2.payload)+length);
124	/* Store the hash in the packets hash */
125	SHA1_Final(hash, &sha1);
126
127	/* Store the hash in the actual packet */
128	memcpy(&s2.hash, &hash, sizeof(s2.hash));
129
130	/* Send it onto the network */
131	length = sizeof(s2)-sizeof(s2.payload)+length;
132	#if defined(_FREEBSD) \|\| defined(_DFBSD) \|\| defined(_OPENBSD) \|\| defined(_DARWIN) \|\| defined(_NETBSD)
133	lenout = send(ayiya_socket->socket, (const char *)&s2, length, 0);
134	#else
135	lenout = sendto(ayiya_socket->socket, (const char )&s2, length, 0, (struct sockaddr )&target, sizeof(target));
136	#endif
137	if (lenout < 0)
138	{
139	ayiya_log(LOG_ERR, reader_name, NULL, 0, "Error (%d) while sending %u bytes to network: %s (%d)\n", lenout, length, strerror(errno), errno);
140	}
141	else if (length != (unsigned int)lenout)
142	{
143	ayiya_log(LOG_ERR, reader_name, NULL, 0, "Only %u of %u bytes sent to network: %s (%s)\n", lenout, length, strerror(errno), errno);
144	}
145	}
146
147	struct tun_reader ayiya_tun = { (TUN_PROCESS)ayiya_reader };
148
149	/* Socket -> Tun */
150	#ifndef _WIN32
151	void ayiya_writer(void UNUSED arg);
152	void ayiya_writer(void UNUSED arg)
153	#else
154	DWORD WINAPI ayiya_writer(LPVOID arg);
155	DWORD WINAPI ayiya_writer(LPVOID arg)
156	#endif
157	{
158	unsigned char buf[2048];
159	struct pseudo_ayh s = (struct pseudo_ayh )buf;
160	struct sockaddr_storage ci;
161	socklen_t cl;
162	int i, n;
163	unsigned int payloadlen = 0;
164	SHA_CTX sha1;
165	sha1_byte their_hash[SHA1_DIGEST_LENGTH],
166	our_hash[SHA1_DIGEST_LENGTH];
167
168	ayiya_log(LOG_INFO, writer_name, NULL, 0, "(Socket to TUN) started\n");
169
170	/* Tun/TAP device is now running */
171	g_aiccu->tunrunning = true;
172
173	while (true)
174	{
175	cl = sizeof(ci);
176	memset(buf, 0, sizeof(buf));
177	n = recvfrom(ayiya_socket->socket, (char )buf, sizeof(buf), 0, (struct sockaddr )&ci, &cl);
178
179	if (n < 0) continue;
180
181	if (n < (int)sizeof(struct ayiyahdr))
182	{
183	ayiya_log(LOG_WARNING, writer_name, &ci, cl, "Received packet is too short");
184	continue;
185	}
186
187	if ( s->ayh.ayh_idlen != 4 \|\|
188	s->ayh.ayh_idtype != ayiya_id_integer \|\|
189	s->ayh.ayh_siglen != 5 \|\|
190	s->ayh.ayh_hshmeth != ayiya_hash_sha1 \|\|
191	s->ayh.ayh_autmeth != ayiya_auth_sharedsecret \|\|
192	(s->ayh.ayh_nextheader != IPPROTO_IPV6 &&
193	s->ayh.ayh_nextheader != IPPROTO_NONE) \|\|
194	(s->ayh.ayh_opcode != ayiya_op_forward &&
195	s->ayh.ayh_opcode != ayiya_op_echo_request &&
196	s->ayh.ayh_opcode != ayiya_op_echo_request_forward))
197	{
198	/* Invalid AYIYA packet */
199	ayiya_log(LOG_ERR, writer_name, &ci, cl, "Dropping invalid AYIYA packet\n");
200	ayiya_log(LOG_ERR, writer_name, &ci, cl, "idlen: %u != %u\n", s->ayh.ayh_idlen, 4);
201	ayiya_log(LOG_ERR, writer_name, &ci, cl, "idtype: %u != %u\n", s->ayh.ayh_idtype, ayiya_id_integer);
202	ayiya_log(LOG_ERR, writer_name, &ci, cl, "siglen: %u != %u\n", s->ayh.ayh_siglen, 5);
203	ayiya_log(LOG_ERR, writer_name, &ci, cl, "hshmeth: %u != %u\n", s->ayh.ayh_hshmeth, ayiya_hash_sha1);
204	ayiya_log(LOG_ERR, writer_name, &ci, cl, "autmeth: %u != %u\n", s->ayh.ayh_autmeth, ayiya_auth_sharedsecret);
205	ayiya_log(LOG_ERR, writer_name, &ci, cl, "nexth : %u != %u \|\| %u\n", s->ayh.ayh_nextheader, IPPROTO_IPV6, IPPROTO_NONE);
206	ayiya_log(LOG_ERR, writer_name, &ci, cl, "opcode : %u != %u \|\| %u \|\| %u\n", s->ayh.ayh_opcode, ayiya_op_forward, ayiya_op_echo_request, ayiya_op_echo_request_forward);
207	continue;
208	}
209
210	if (memcmp(&s->identity, &ayiya_ipv6_pop, sizeof(s->identity)) != 0)
211	{
212	memset(buf, 0, sizeof(buf));
213	inet_ntop(AF_INET6, &s->identity, (char *)&buf, sizeof(buf));
214	ayiya_log(LOG_WARNING, writer_name, &ci, cl, "Received packet from a wrong identity \"%s\"\n", buf);
215	continue;
216	}
217
218	/* Verify the epochtime */
219	i = tic_checktime(ntohl(s->ayh.ayh_epochtime));
220	if (i != 0)
221	{
222	memset(buf, 0, sizeof(buf));
223	inet_ntop(AF_INET6, &s->identity, (char *)&buf, sizeof(buf));
224	ayiya_log(LOG_WARNING, writer_name, &ci, cl, "Time is %d seconds off for %s\n", i, buf);
225	continue;
226	}
227
228	/* How long is the payload? */
229	payloadlen = n - (sizeof(*s) - sizeof(s->payload));
230
231	/* Save their hash */
232	memcpy(&their_hash, &s->hash, sizeof(their_hash));
233
234	/* Copy in our SHA1 hash */
235	memcpy(&s->hash, &ayiya_hash, sizeof(s->hash));
236
237	/* Generate a SHA1 of the header + identity + shared secret */
238	SHA1_Init(&sha1);
239	/* Hash the Packet */
240	SHA1_Update(&sha1, (sha1_byte *)s, n);
241	/* Store the hash */
242	SHA1_Final(our_hash, &sha1);
243
244	memcpy(&s->hash, &our_hash, sizeof(s->hash));
245
246	/* Compare the SHA1's */
247	if (memcmp(&their_hash, &our_hash, sizeof(their_hash)) != 0)
248	{
249	ayiya_log(LOG_WARNING, writer_name, &ci, cl, "Incorrect Hash received\n");
250	continue;
251	}
252
253	if (s->ayh.ayh_nextheader == IPPROTO_IPV6)
254	{
255	/* Verify that this is really IPv6 */
256	if (s->payload[0] >> 4 != 6)
257	{
258	ayiya_log(LOG_ERR, writer_name, &ci, cl, "Received packet didn't start with a 6, thus is not IPv6\n");
259	continue;
260	}
261
262	/* Forward the packet to the kernel */
263	tun_write(s->payload, payloadlen);
264	}
265	}
266
267	/* Tun/TAP device is not running anymore */
268	g_aiccu->tunrunning = false;
269
270	#ifndef _WIN32
271	return NULL;
272	#else
273	return 0;
274	#endif
275	}
276
277	/* Construct a beat and send it outwards */
278	void ayiya_beat(void)
279	{
280	SHA_CTX sha1;
281	sha1_byte hash[SHA1_DIGEST_LENGTH];
282	struct sockaddr_in target;
283	struct pseudo_ayh s;
284	int lenout, n;
285
286	/* We tunnel over IPv4 */
287	memcpy(&target.sin_addr, &ayiya_ipv4_pop, sizeof(target.sin_addr));
288	target.sin_family = AF_INET;
289	target.sin_port = htons(atoi(AYIYA_PORT));
290
291	/* Prefill some standard AYIYA values */
292	memset(&s, 0, sizeof(s));
293	s.ayh.ayh_idlen = 4; /* 2^4 = 16 bytes = 128 bits (IPv6 address) */
294	s.ayh.ayh_idtype = ayiya_id_integer;
295	s.ayh.ayh_siglen = 5; /* 54 = 20 bytes = 160 bits (SHA1) /
296	s.ayh.ayh_hshmeth = ayiya_hash_sha1;
297	s.ayh.ayh_autmeth = ayiya_auth_sharedsecret;
298	s.ayh.ayh_opcode = ayiya_op_noop;
299	s.ayh.ayh_nextheader = IPPROTO_NONE;
300
301	/* Our IPv6 side of this tunnel */
302	memcpy(&s.identity, &ayiya_ipv6_local, sizeof(s.identity));
303
304	/* No Payload */
305
306	/* Fill in the current time */
307	s.ayh.ayh_epochtime = htonl((u_long)time(NULL));
308
309	/* Our IPv6 side of this tunnel */
310	memcpy(&s.identity, &ayiya_ipv6_local, sizeof(s.identity));
311
312	/*
313	* The hash of the shared secret needs to be in the
314	* spot where we later put the complete hash
315	*/
316	memcpy(&s.hash, ayiya_hash, sizeof(s.hash));
317
318	/* Generate a SHA1 */
319	SHA1_Init(&sha1);
320	/* Hash the complete AYIYA packet */
321	SHA1_Update(&sha1, (sha1_byte *)&s, sizeof(s)-sizeof(s.payload));
322	/* Store the hash in the packets hash */
323	SHA1_Final(hash, &sha1);
324
325	/* Store the hash in the actual packet */
326	memcpy(&s.hash, &hash, sizeof(s.hash));
327
328	/* Send it onto the network */
329	n = sizeof(s)-sizeof(s.payload);
330	#if defined(_FREEBSD) \|\| defined(_DFBSD) \|\| defined(_OPENBSD) \|\| defined(_DARWIN) \|\| defined(_NETBSD)
331	lenout = send(ayiya_socket->socket, (const char *)&s, (unsigned int)n, 0);
332	#else
333	lenout = sendto(ayiya_socket->socket, (const char )&s, (unsigned int)n, 0, (struct sockaddr )&target, sizeof(target));
334	#endif
335	if (lenout < 0)
336	{
337	ayiya_log(LOG_ERR, beat_name, NULL, 0, "Error (%d) while sending %u bytes sent to network: %s (%d)\n", lenout, n, strerror(errno), errno);
338	}
339	else if (n != lenout)
340	{
341	ayiya_log(LOG_ERR, beat_name, NULL, 0, "Only %u of %u bytes sent to network: %s (%d)\n", lenout, n, strerror(errno), errno);
342	}
343	}
344
345	bool ayiya(struct TIC_Tunnel *hTunnel)
346	{
347	SHA_CTX sha1;
348	struct addrinfo hints, res, ressave;
349	#ifndef _WIN32
350	pthread_t thread;
351	#else
352	DWORD pID;
353	HANDLE h;
354	#endif
355
356	/* Setup the tunnel */
357	if (!tun_start(&ayiya_tun)) return false;
358
359	/* Resolve hTunnel entries */
360	memset(&hints, 0, sizeof(struct addrinfo));
361	hints.ai_family = AF_INET;
362	hints.ai_socktype = SOCK_DGRAM;
363
364	if (getaddrinfo(hTunnel->sIPv4_POP, AYIYA_PORT, &hints, &res) != 0)
365	{
366	dolog(LOG_ERR, "Couldn't resolve PoP IPv4 %s\n", hTunnel->sIPv4_POP);
367	return false;
368	}
369	ressave = res;
370	while (res)
371	{
372	if (res->ai_family != AF_INET)
373	{
374	res = res->ai_next;
375	continue;
376	}
377	memcpy(&ayiya_ipv4_pop, &((struct sockaddr_in *)res->ai_addr)->sin_addr, 4);
378	break;
379	}
380	freeaddrinfo(ressave);
381	if (res == NULL)
382	{
383	dolog(LOG_ERR, "No valid IPv4 address for PoP address %s could be found\n", hTunnel->sIPv4_POP);
384	return false;
385	}
386
387	memset(&hints, 0, sizeof(struct addrinfo));
388	hints.ai_family = AF_INET6;
389	if (getaddrinfo(hTunnel->sIPv6_Local, NULL, &hints, &res) != 0)
390	{
391	dolog(LOG_ERR, "Couldn't resolve Local IPv6 %s\n", hTunnel->sIPv6_Local);
392	return false;
393	}
394	ressave = res;
395	while (res)
396	{
397	if (res->ai_family != AF_INET6)
398	{
399	res = res->ai_next;
400	continue;
401	}
402	memcpy(&ayiya_ipv6_local, &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, 16);
403	break;
404	}
405	freeaddrinfo(ressave);
406	if (res == NULL)
407	{
408	dolog(LOG_ERR, "No valid IPv6 address for Local IPv6 address %s could be found\n", hTunnel->sIPv6_Local);
409	return false;
410	}
411
412	memset(&hints, 0, sizeof(struct addrinfo));
413	hints.ai_family = AF_INET6;
414	if (getaddrinfo(hTunnel->sIPv6_POP, NULL, &hints, &res) != 0)
415	{
416	dolog(LOG_ERR, "Couldn't resolve Local IPv6 %s\n", hTunnel->sIPv6_POP);
417	return false;
418	}
419	ressave = res;
420	while (res)
421	{
422	if (res->ai_family != AF_INET6)
423	{
424	res = res->ai_next;
425	continue;
426	}
427	memcpy(&ayiya_ipv6_pop, &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, 16);
428	break;
429	}
430	freeaddrinfo(ressave);
431	if (res == NULL)
432	{
433	dolog(LOG_ERR, "No valid IPv6 address for POP IPv6 address %s could be found\n", hTunnel->sIPv6_POP);
434	return false;
435	}
436
437	if (!hTunnel->sPassword)
438	{
439	dolog(LOG_ERR, "A password is required for using AYIYA tunnels\n");
440	return false;
441	}
442
443	/* Generate a SHA1 of the shared secret */
444	SHA1_Init(&sha1);
445	SHA1_Update(&sha1, (const sha1_byte *)hTunnel->sPassword, (unsigned int)strlen(hTunnel->sPassword));
446	SHA1_Final(ayiya_hash, &sha1);
447
448	/* Setup listening socket */
449	ayiya_socket = connect_client(hTunnel->sIPv4_POP , AYIYA_PORT, AF_INET, SOCK_DGRAM);
450	if (!ayiya_socket)
451	{
452	ayiya_log(LOG_ERR, "start", NULL, 0, "Connection error:: could not create connection to AYIYA server\n");
453	return false;
454	}
455
456	/* Let AICCU configure the thing */
457	if (!aiccu_setup(hTunnel, false))
458	{
459	return false;
460	}
461
462	/* Show that we have started */
463	ayiya_log(LOG_INFO, "start", NULL, 0, "Anything in Anything (%s)\n", AYIYA_VERSION);
464
465	/* Launch a thread for reader */
466	#ifndef _WIN32
467	pthread_create(&thread, NULL, ayiya_writer, (void *)hTunnel);
468	#else
469	h = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ayiya_writer, hTunnel, 0, &pID);
470	#endif
471
472	return true;
473	}