Tunnel TCP connections over the Tox protocol
List of commits:
| Subject | Hash | Author | Date (UTC) |
|---|---|---|---|
| removed enforce option | bb08cc0ae4789084f88586460c9c617fe6cbb328 | Pietro Bonfa | 2016-10-09 16:31:39 |
| changed arguments for rules optoins | fd085c2862153d16443451d96fc56d2e67873e9e | Pietro Bonfa | 2016-10-08 12:10:47 |
| fixed bug with filter_policy | 230e7ae1347fe613d63f3dca136128b29331f80d | Pietro Bonfa | 2016-10-07 12:17:09 |
| Changed gdr.name relay ports | d194df598555e6ba31d53f5b1ec74f370b869c8c | GDR! | 2016-10-05 19:45:34 |
| Separate TCP relays from bootstrap nodes during bootstrap | a5b237c6fc56787e8ce9e29c4c4778f462c0d849 | GDR! | 2016-10-05 18:56:18 |
| Updated node list with generate_tox_bootstrap.py | 298776994486b7c07dfede1d4190ff0e5aa8789a | GDR! | 2016-10-05 18:40:02 |
| Added filter for hostname and port requests | e5bf743ccb6f80b70a6017a39c30f7610012979b | Pietro Bonfa | 2016-10-05 18:10:15 |
| Update README.md | 24a0f954ce773571aff6562084553028c8352142 | GDR! | 2016-10-04 08:16:39 |
| Whitelist debug statement | a971c172985088d38297ed30318910144140a44b | GDR! | 2016-06-08 20:36:52 |
| Coverity fix | b081686b05931064b4f9a26621d77a5d43941832 | GDR! | 2016-06-08 15:28:41 |
| Fixed default value for server whitelist mode | e682a05cf64ea85e30cb88a089fe220c2081e5da | GDR! | 2016-06-08 15:16:25 |
| Documentation for #14 | e9393fb439f94461fdc665eb85af54f156e5be75 | GDR! | 2016-06-07 20:00:13 |
| "Whitelist clients by pubkeys" mode, re-request friends | 1013b2aaeafa9112849df4e08bcced23cbd91fdf | GDR! | 2016-06-07 19:52:48 |
| Remove FDs of closed tunnels from fdset | 816245f429145052b8908d500c64d372fc8c2972 | GDR! | 2016-06-07 18:42:45 |
| Mention toxvpn | c2a78f48bd44613162a6e3c1d02cb53266611936 | GDR! | 2016-05-05 17:55:59 |
| ProxyCommand explained | c17be222aa46a4cf1a9d19c0ae767697ad585fd3 | GDR! | 2016-05-05 17:50:05 |
| Visible ToxID | 4f38371fd72ba889e39805b76a1a2402194b5398 | GDR! | 2016-05-05 17:46:06 |
| Tuntox does fork! | 0d1230def56597b25bcd731346794058c66d3e7c | GDR! | 2016-05-05 17:45:25 |
| Tox.chat 2 | 90990f49bda18d06c89fca0495b39726bd55a076 | GDR! | 2016-05-05 17:43:58 |
| Tox.chat | 5b921bc92cf04773f8e5b08120e5850156fbb580 | GDR! | 2016-05-05 17:43:11 |
Commit bb08cc0ae4789084f88586460c9c617fe6cbb328
- removed enforce option
Author: Pietro Bonfa
Author date (UTC): 2016-10-09 16:31
Committer name: Pietro Bonfa
Committer date (UTC): 2016-10-09 16:31
Parent(s): fd085c2862153d16443451d96fc56d2e67873e9e
Signer:
Signing key:
Signing status: N
Tree: 87f7dbf867f3d3e61ed05621f9c2dd782dea93f0
Author: Pietro Bonfa
Author date (UTC): 2016-10-09 16:31
Committer name: Pietro Bonfa
Committer date (UTC): 2016-10-09 16:31
Parent(s): fd085c2862153d16443451d96fc56d2e67873e9e
Signer:
Signing key:
Signing status: N
Tree: 87f7dbf867f3d3e61ed05621f9c2dd782dea93f0
| File | Lines added | Lines deleted |
|---|---|---|
| main.c | 3 | 37 |
| main.h | 1 | 1 |
| File main.c changed (mode: 100644) (index 7f9380f..5a5c82b) | |||
| ... | ... | int handle_request_tunnel_frame(protocol_frame *rcvd_frame) | |
| 407 | 407 | log_printf(L_INFO, "Got a request to forward data from %s:%d\n", hostname, port); | log_printf(L_INFO, "Got a request to forward data from %s:%d\n", hostname, port); |
| 408 | 408 | ||
| 409 | 409 | // check rules | // check rules |
| 410 | if (rules_policy == ENFORCE && nrules > 0) { | ||
| 411 | // selects a random service | ||
| 412 | int r = rand() % nrules; | ||
| 413 | int i; | ||
| 414 | rule * rtmp = rules; | ||
| 415 | |||
| 416 | for (i = 0; i < r; i++) | ||
| 417 | { | ||
| 418 | if (rtmp != NULL) | ||
| 419 | rtmp = rtmp->next; | ||
| 420 | } | ||
| 421 | |||
| 422 | if (rtmp != NULL) { | ||
| 423 | port = rtmp->port; | ||
| 424 | hostname = strdup(rtmp->host); | ||
| 425 | } else { | ||
| 426 | log_printf(L_ERROR, "Could not find valid hostname/port. Dropping request.\n"); | ||
| 427 | return -1; | ||
| 428 | } | ||
| 429 | |||
| 430 | log_printf(L_INFO, "ENFORCE policy enabled, using %s:%d\n", hostname, port); | ||
| 431 | |||
| 432 | } else if (rules_policy == VALIDATE && nrules > 0 ) { | ||
| 433 | |||
| 434 | |||
| 435 | // new implementatio | ||
| 410 | if (rules_policy == VALIDATE && nrules > 0 ) { | ||
| 436 | 411 | ||
| 437 | 412 | rule rtmp, *found = NULL; | rule rtmp, *found = NULL; |
| 438 | 413 | rtmp.host = hostname; | rtmp.host = hostname; |
| ... | ... | int handle_request_tunnel_frame(protocol_frame *rcvd_frame) | |
| 444 | 419 | log_printf(L_WARNING, "Rejected, request not in rules\n"); | log_printf(L_WARNING, "Rejected, request not in rules\n"); |
| 445 | 420 | return -1; | return -1; |
| 446 | 421 | } | } |
| 447 | |||
| 448 | 422 | } else if (rules_policy != NONE) { | } else if (rules_policy != NONE) { |
| 449 | 423 | log_printf(L_WARNING, "Filter option active but no allowed host/port. All requests will be dropped.\n"); | log_printf(L_WARNING, "Filter option active but no allowed host/port. All requests will be dropped.\n"); |
| 450 | 424 | return -1; | return -1; |
| ... | ... | void load_rules() | |
| 808 | 782 | rule_obj->host = strdup(ahost); | rule_obj->host = strdup(ahost); |
| 809 | 783 | ||
| 810 | 784 | LL_APPEND(rules, rule_obj); | LL_APPEND(rules, rule_obj); |
| 811 | |||
| 812 | 785 | linen++; | linen++; |
| 813 | 786 | } else { | } else { |
| 814 | 787 | log_printf(L_WARNING, "Invalid port in line: %s\n", line); | log_printf(L_WARNING, "Invalid port in line: %s\n", line); |
| ... | ... | void load_rules() | |
| 824 | 797 | nrules = linen; | nrules = linen; |
| 825 | 798 | ||
| 826 | 799 | log_printf(L_INFO, "Loaded %d rules\n", nrules); | log_printf(L_INFO, "Loaded %d rules\n", nrules); |
| 827 | if (nrules==0 && | ||
| 828 | (rules_policy == ENFORCE || rules_policy == VALIDATE)){ | ||
| 800 | if (nrules==0 && rules_policy == VALIDATE){ | ||
| 829 | 801 | log_printf(L_WARNING, "No rules loaded! NO CONNECTIONS WILL BE ALLOWED!\n"); | log_printf(L_WARNING, "No rules loaded! NO CONNECTIONS WILL BE ALLOWED!\n"); |
| 830 | 802 | } | } |
| 831 | 803 | } | } |
| ... | ... | void help() | |
| 1196 | 1168 | fprintf(stderr, "-C <dir> - save private key in <dir> instead of /etc/tuntox in server mode\n"); | fprintf(stderr, "-C <dir> - save private key in <dir> instead of /etc/tuntox in server mode\n"); |
| 1197 | 1169 | fprintf(stderr, "-s <secret> - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1); | fprintf(stderr, "-s <secret> - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1); |
| 1198 | 1170 | fprintf(stderr, "-f <file> - allows only connections to hostname/port combinations contained in <file>. Rules must by entered one per line with the <hostname>:<port> format\n"); | fprintf(stderr, "-f <file> - allows only connections to hostname/port combinations contained in <file>. Rules must by entered one per line with the <hostname>:<port> format\n"); |
| 1199 | fprintf(stderr, "-e <file> - same as -f, but force the connection to a randomly selected hostname/port combination of <file>, ignoring the client's request\n"); | ||
| 1200 | 1171 | fprintf(stderr, "-d - debug mode\n"); | fprintf(stderr, "-d - debug mode\n"); |
| 1201 | 1172 | fprintf(stderr, "-q - quiet mode\n"); | fprintf(stderr, "-q - quiet mode\n"); |
| 1202 | 1173 | fprintf(stderr, "-S - send output to syslog instead of stderr\n"); | fprintf(stderr, "-S - send output to syslog instead of stderr\n"); |
| ... | ... | int main(int argc, char *argv[]) | |
| 1218 | 1189 | ||
| 1219 | 1190 | log_init(); | log_init(); |
| 1220 | 1191 | ||
| 1221 | while ((oc = getopt(argc, argv, "L:pi:C:s:f:e:P:dqhSF:DU:")) != -1) | ||
| 1192 | while ((oc = getopt(argc, argv, "L:pi:C:s:f:P:dqhSF:DU:")) != -1) | ||
| 1222 | 1193 | { | { |
| 1223 | 1194 | switch(oc) | switch(oc) |
| 1224 | 1195 | { | { |
| ... | ... | int main(int argc, char *argv[]) | |
| 1296 | 1267 | rules_policy = VALIDATE; | rules_policy = VALIDATE; |
| 1297 | 1268 | log_printf(L_INFO, "Filter policy set to VALIDATE\n"); | log_printf(L_INFO, "Filter policy set to VALIDATE\n"); |
| 1298 | 1269 | break; | break; |
| 1299 | case 'e': | ||
| 1300 | strncpy(rules_file, optarg, sizeof(rules_file) - 1); | ||
| 1301 | rules_policy = ENFORCE; | ||
| 1302 | log_printf(L_INFO, "Filter policy set to ENFORCE\n"); | ||
| 1303 | break; | ||
| 1304 | 1270 | case 's': | case 's': |
| 1305 | 1271 | /* Shared secret */ | /* Shared secret */ |
| 1306 | 1272 | use_shared_secret = 1; | use_shared_secret = 1; |
| File main.h changed (mode: 100644) (index c6579e2..329135f) | |||
| ... | ... | typedef struct protocol_frame_t { | |
| 74 | 74 | } protocol_frame; | } protocol_frame; |
| 75 | 75 | ||
| 76 | 76 | /* Rules policy */ | /* Rules policy */ |
| 77 | enum rules_policy_enum { ENFORCE, VALIDATE, NONE }; | ||
| 77 | enum rules_policy_enum { VALIDATE, NONE }; | ||
| 78 | 78 | typedef struct rule { | typedef struct rule { |
| 79 | 79 | uint16_t port; | uint16_t port; |
| 80 | 80 | char * host; | char * host; |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/gdr/tuntox
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/gdr/tuntox
Clone this repository using git:
git clone git://git.rocketgit.com/user/gdr/tuntox
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!