lupine/hide-eid
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reorganise so we have wrapper, unwraper and hide-eid.

Browse Source 
unwrapper and hide-eid don't work yet, of course.
This commit is contained in:
Nick Thomas
2013-08-06 15:20:48 +01:00
parent 202b77bb57
commit 13090d3c75
9 changed files with 391 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
pass-1/packet.c
View File

@@ -1,3 +1,8 @@
#include <string.h>
#include <assert.h>
#include "util.h"
#include "rlocs.h"
#include "packet.h"
// shamelessly copied from:
@@ -33,3 +38,130 @@ void compute_ip_checksum(struct iphdr* pkt)
pkt->check = 0x0000;
pkt->check = compute_checksum( (unsigned short*) pkt, pkt->ihl * 4 );
}
int wrap_ipv4_packet(struct rlocs* reg, struct recv_pkt* pkt, struct rsp_data* out)
{
out->count = 3;
assert( out->count < MAX_IOVS );
unsigned char *scratch = &out->scratch[0];
// iovec 0: wrapping header
struct iphdr* wrap_hdr = (struct iphdr*) scratch;
unsigned int wrap_hdr_size = sizeof( struct iphdr );
scratch += wrap_hdr_size;
memset( wrap_hdr, 0, wrap_hdr_size );
wrap_hdr->version = 0x04;
wrap_hdr->ihl = wrap_hdr_size / 4;
wrap_hdr->ttl = IPDEFTTL;
wrap_hdr->protocol = IPPROTO_HIDE_EID;
out->iovs[0].iov_base = wrap_hdr;
out->iovs[0].iov_len = wrap_hdr_size;
// TODO: id, still needs filling now.
// We need to know source and destination rlocs to construct the packet
struct rloc* s_rloc;
struct rloc* d_rloc;
struct in_addr tmp;
// TODO: check endianness of saddr/daddr
tmp.s_addr = pkt->hdr.ip.saddr;
if ( ( s_rloc = rloc_find_for_ipv4( reg, &tmp ) ) == NULL ) {
warn( "Couldn't find source rloc, dropping packet" );
// TODO: fallback behaviour here?
return 0;
}
tmp.s_addr = pkt->hdr.ip.daddr;
if ( ( d_rloc = rloc_find_for_ipv4( reg, &tmp ) ) == NULL ) {
warn( "Couldn't find destination rloc, dropping packet" );
// TODO: fallback behaviour here?
return 0;
}
wrap_hdr->saddr = s_rloc->addr.ip4.s_addr;
wrap_hdr->daddr = d_rloc->addr.ip4.s_addr;
// iovec 1: encrypted part.
// FIXME: Need to inspect the protocol field and gobble up the TCP/UDP/etc
// header as well, for decent anonymity. TCP/UDP ports are an obvious way
// to perform a correlation attack.
// RSA pubkey encryption with 4096-bit keys gobbles up at least 512 bytes
// of space, so we make sure to use it.
ssize_t enc_size;
size_t orig_data_size = ntohs( pkt->hdr.ip.tot_len );
size_t bytes_to_encrypt;
if ( orig_data_size > 512 ) {
bytes_to_encrypt = pkt->hdr.ip.ihl * 4;
} else {
bytes_to_encrypt = orig_data_size;
}
off_t enc_max_len = IP_MAXPACKET - wrap_hdr_size - orig_data_size - bytes_to_encrypt;
// We use two bytes to store the size of the encrypted blob
unsigned short *pkt_enc_size = (unsigned short *) scratch;
scratch += 2;
enc_size = rloc_encrypt( d_rloc, (unsigned char *)&pkt->hdr, bytes_to_encrypt, scratch, enc_max_len - 2 );
if ( enc_size < 0 ) {
warn( "failed to encrypt, dropping packet" );
return 0;
}
*pkt_enc_size = htons( enc_size );
enc_size += 2;
scratch = (unsigned char*) pkt_enc_size;
warn( "Encrypted size: 2 + %zu", enc_size - 2);
out->iovs[1].iov_base = scratch;
out->iovs[1].iov_len = enc_size;
scratch += enc_size;
// iovec 2: unencrypted remains
if ( bytes_to_encrypt == orig_data_size ) {
out->count = 2;
out->iovs[2].iov_base = NULL;
out->iovs[2].iov_len = 0;
} else {
out->iovs[2].iov_base = (char *) pkt + bytes_to_encrypt;
out->iovs[2].iov_len = ntohs( pkt->hdr.ip.tot_len ) - bytes_to_encrypt;
}
wrap_hdr->tot_len = htons( wrap_hdr_size + enc_size + out->iovs[2].iov_len );
compute_ip_checksum( wrap_hdr );
info( "Finished building return packet" );
return 1;
}
int wrap_ipv6_packet(struct rlocs *reg, struct recv_pkt* pkt, struct rsp_data* out)
{
warn( "STUB: wrap_ipv6_packet" );
return 0;
}
int unwrap_ipv4_packet(struct rlocs* reg, struct recv_pkt* pkt, struct rsp_data* out)
{
warn( "STUB: unwrap_ipv4_packet" );
return 0;
}
int unwrap_ipv6_packet(struct rlocs *reg, struct recv_pkt* pkt, struct rsp_data* out)
{
warn( "STUB: unwrap_ipv6_packet" );
return 0;
}