gdr / tuntox (public) (License: GPLv3) (since 2017-01-24) (hash sha1)
Tunnel TCP connections over the Tox protocol
Clone URLs: https://rocketgit.com/user/gdr/tuntox ssh://rocketgit@ssh.rocketgit.com/user/gdr/tuntox git://git.rocketgit.com/user/gdr/tuntox
0.0.1 0.0.10 0.0.10.1 0.0.2 0.0.3 0.0.4 0.0.5 0.0.6 0.0.7 0.0.8 0.0.9 ci logging mac-build master master.sync-conflict-20170517-172752 master.sync-conflict-20171128-212400-GQ24PLD master.sync-conflict-20181117-154223-GQ24PLD new-toxcore pipe pr-18 raspbian tagtestbranch toktok-core travis
List of commits:
Subject Hash Author Date (UTC)
Added filter for hostname and port requests e5bf743ccb6f80b70a6017a39c30f7610012979b Pietro Bonfa 2016-10-05 18:10:15
Update README.md 24a0f954ce773571aff6562084553028c8352142 GDR! 2016-10-04 08:16:39
Whitelist debug statement a971c172985088d38297ed30318910144140a44b GDR! 2016-06-08 20:36:52
Coverity fix b081686b05931064b4f9a26621d77a5d43941832 GDR! 2016-06-08 15:28:41
Fixed default value for server whitelist mode e682a05cf64ea85e30cb88a089fe220c2081e5da GDR! 2016-06-08 15:16:25
Documentation for #14 e9393fb439f94461fdc665eb85af54f156e5be75 GDR! 2016-06-07 20:00:13
"Whitelist clients by pubkeys" mode, re-request friends 1013b2aaeafa9112849df4e08bcced23cbd91fdf GDR! 2016-06-07 19:52:48
Remove FDs of closed tunnels from fdset 816245f429145052b8908d500c64d372fc8c2972 GDR! 2016-06-07 18:42:45
Mention toxvpn c2a78f48bd44613162a6e3c1d02cb53266611936 GDR! 2016-05-05 17:55:59
ProxyCommand explained c17be222aa46a4cf1a9d19c0ae767697ad585fd3 GDR! 2016-05-05 17:50:05
Visible ToxID 4f38371fd72ba889e39805b76a1a2402194b5398 GDR! 2016-05-05 17:46:06
Tuntox does fork! 0d1230def56597b25bcd731346794058c66d3e7c GDR! 2016-05-05 17:45:25
Tox.chat 2 90990f49bda18d06c89fca0495b39726bd55a076 GDR! 2016-05-05 17:43:58
Tox.chat 5b921bc92cf04773f8e5b08120e5850156fbb580 GDR! 2016-05-05 17:43:11
Possible fix for Issue #16 cc633e9ad431850d298638dbcdcbf1e8a4dfdeb1 GDR! 2016-05-05 17:39:42
Fix build on non-mac platforms 981501cf1e19d07a11e28cff99b9cd7c7b1d0b1d GDR! 2015-09-17 08:30:57
* fix: Possibility to compile on Mac OS platform 199787953243d91449ac5f4a5ac16edc2497e438 Dawid 'nCore' Opis 2015-09-16 18:14:03
remove tox.im because it's evil b57ae8b86109e6fe6f626d03ddeca79539d07822 GrayHatter 2015-08-08 00:45:31
Update README.md 9226aa00b30e7af7a0122b0772cc3e20ae5b49d0 GDR! 2015-07-14 12:57:55
CID 122512 (#1 of 1): Resource leak (RESOURCE_LEAK)11. leaked_storage: 5d9e9c5d9078d8d1987375e972282220d50b9328 GDR! 2015-07-08 10:04:52
Commit e5bf743ccb6f80b70a6017a39c30f7610012979b - Added filter for hostname and port requests
Author: Pietro Bonfa
Author date (UTC): 2016-10-05 18:10
Committer name: Pietro Bonfa
Committer date (UTC): 2016-10-05 18:10
Parent(s): 24a0f954ce773571aff6562084553028c8352142
Signer:
Signing key:
Signing status: N
Tree: f3043694f401527fe28d75b323621ed11183ab54
File Lines added Lines deleted
main.c 171 1
main.h 7 0
File main.c changed (mode: 100644) (index 8faf16d..b1e89b6)
... ... char *remote_tox_id = NULL;
31 31 /* Directory with config and tox save */ /* Directory with config and tox save */
32 32 char config_path[500] = "/etc/tuntox/"; char config_path[500] = "/etc/tuntox/";
33 33
34 /* Limit hostname and port in server */
35 int nrules = 0;
36 enum rules_policy_enum rules_policy = NONE;
37 rule *rules = NULL;
38
34 39 /* Ports and hostname for port forwarding */ /* Ports and hostname for port forwarding */
35 40 int remote_port = 0; int remote_port = 0;
36 41 char *remote_host = NULL; char *remote_host = NULL;
 
... ... int allowed_toxid_cmp(allowed_toxid *a, allowed_toxid *b)
88 93 return memcmp(a->toxid, b->toxid, TOX_PUBLIC_KEY_SIZE); return memcmp(a->toxid, b->toxid, TOX_PUBLIC_KEY_SIZE);
89 94 } }
90 95
96 /* Comparison function for rule objects */
97 int rule_cmp(rule *a, rule *b)
98 {
99 //log_printf(L_INFO, "Comparison result: %d %d\n", strcmp(a->host, b->host), (a->port == b->port));
100 if ((strcmp(a->host, b->host)==0) && (a->port == b->port))
101 return 0;
102 else
103 return -1;
104 }
105
91 106 void update_select_nfds(int fd) void update_select_nfds(int fd)
92 107 { {
93 108 /* TODO maybe replace with a scan every time to make select() more efficient in the long run? */ /* TODO maybe replace with a scan every time to make select() more efficient in the long run? */
 
... ... int handle_request_tunnel_frame(protocol_frame *rcvd_frame)
388 403 hostname[rcvd_frame->data_length] = '\0'; hostname[rcvd_frame->data_length] = '\0';
389 404
390 405 log_printf(L_INFO, "Got a request to forward data from %s:%d\n", hostname, port); log_printf(L_INFO, "Got a request to forward data from %s:%d\n", hostname, port);
406
407 // check rules
408 if (rules_policy == ENFORCE && nrules > 0) {
409 // selects a random service
410 int r = rand() % nrules;
411 int i;
412 rule * rtmp = rules;
413
414 for (i = 0; i < r; i++)
415 {
416 if (rtmp != NULL)
417 rtmp = rtmp->next;
418 }
419
420 if (rtmp != NULL) {
421 port = rtmp->port;
422 hostname = strdup(rtmp->host);
423 } else {
424 log_printf(L_ERROR, "Could not find valid hostname/port. Dropping request.\n");
425 return -1;
426 }
427
428 log_printf(L_INFO, "ENFORCE policy enabled, using %s:%d\n", hostname, port);
429
430 } else if (rules_policy == VALIDATE && nrules > 0 ) {
431
432
433 // new implementatio
434
435 rule rtmp, *found = NULL;
436 rtmp.host = hostname;
437 rtmp.port = port;
438
439 LL_SEARCH(rules, found, &rtmp, rule_cmp);
440 if(!found)
441 {
442 log_printf(L_WARNING, "Rejected, request not in rules\n");
443 return -1;
444 }
445
446 } else {
447 log_printf(L_WARNING, "Filter option active but no allowed ports!\n");
448 log_printf(L_WARNING, "All requests will be dropped.\n");
449 return -1;
450 }
451
452
391 453
392 454 tunnel_id = get_random_tunnel_id(); tunnel_id = get_random_tunnel_id();
393 455 log_printf(L_DEBUG, "Tunnel ID: %d\n", tunnel_id); log_printf(L_DEBUG, "Tunnel ID: %d\n", tunnel_id);
 
... ... static size_t load_save(uint8_t **out_data)
706 768 } }
707 769 } }
708 770
771 void load_rules()
772 {
773 char * ahost=NULL;
774 int aport=0;
775 char line[100 + 1] = "";
776 uint8_t path_tmp[512], path_real[512], *p;
777 FILE *file = NULL;
778 rule *rule_obj = NULL;
779
780
781 strncpy(path_real, config_path, sizeof(config_path));
782
783 p = path_real + strlen(path_real);
784 memcpy(p, "rules", sizeof("rules"));
785
786 unsigned int path_len = (p - path_real) + sizeof("rules");
787
788 file = fopen((char *)path_real, "r");
789
790 if (file == NULL) {
791 log_printf(L_WARNING, "Could not open rules file!\n");
792 return;
793 }
794
795 int linen = 0;
796 while (fgets(line, sizeof(line), file)) {
797 /* note that fgets don't strip the terminating \n, checking its
798 presence would allow to handle lines longer that sizeof(line) */
799 if(line)
800 {
801 // allow comments & white lines
802 if (line[0]=='#'||line[0]=='\n') {
803 continue;
804 }
805 if (parse_pipe_port_forward(line, &ahost, &aport) >= 0) {
806 if (aport > 0 && aport < 65535) {
807
808 rule_obj = (rule *)calloc(sizeof(rule), 1);
809 if(!rule_obj)
810 {
811 log_printf(L_ERROR, "Could not allocate memory for rule");
812 exit(1);
813 }
814
815 rule_obj->port = aport;
816 rule_obj->host = strdup(ahost);
817
818 LL_APPEND(rules, rule_obj);
819
820 linen++;
821 } else {
822 log_printf(L_WARNING, "Invalid port in line: %s\n", line);
823 }
824 } else {
825 log_printf(L_WARNING, "Could not parse line: %s\n", line);
826 }
827 } else {
828 break;
829 }
830 }
831 fclose(file);
832 nrules = linen;
833
834 log_printf(L_INFO, "Loaded %d rules\n", nrules);
835 if (nrules==0 &&
836 (rules_policy == ENFORCE || rules_policy == VALIDATE)){
837 log_printf(L_WARNING, "No rules loaded! NO CONNECTIONS WILL BE ALLOWED!\n");
838 }
839 }
840
841 void clear_rules()
842 {
843 int i;
844 rule * elt, *tmp;
845 /* now delete each element, use the safe iterator */
846 LL_FOREACH_SAFE(rules,elt,tmp) {
847 LL_DELETE(rules,elt);
848 free(elt->host);
849 free(elt);
850 }
851 }
852
709 853 void accept_friend_request(Tox *tox, const uint8_t *public_key, const uint8_t *message, size_t length, void *userdata) void accept_friend_request(Tox *tox, const uint8_t *public_key, const uint8_t *message, size_t length, void *userdata)
710 854 { {
711 855 unsigned char tox_printable_id[TOX_ADDRESS_SIZE * 2 + 1]; unsigned char tox_printable_id[TOX_ADDRESS_SIZE * 2 + 1];
 
... ... int main(int argc, char *argv[])
1080 1224
1081 1225 log_init(); log_init();
1082 1226
1083 while ((oc = getopt(argc, argv, "L:pi:C:s:P:dqhSF:DU:")) != -1)
1227 while ((oc = getopt(argc, argv, "L:pi:C:s:f:P:dqhSF:DU:")) != -1)
1084 1228 { {
1085 1229 switch(oc) switch(oc)
1086 1230 { {
 
... ... int main(int argc, char *argv[])
1153 1297 } }
1154 1298 load_saved_toxid_in_client_mode = 1; load_saved_toxid_in_client_mode = 1;
1155 1299 break; break;
1300 case 'f':
1301 switch(optarg[0])
1302 {
1303 case 'E':
1304 rules_policy = ENFORCE;
1305 log_printf(L_INFO, "Filter policy set to ENFORCE\n");
1306 break;
1307 case 'V':
1308 rules_policy = VALIDATE;
1309 log_printf(L_INFO, "Filter policy set to VALIDATE\n");
1310 break;
1311 case 'N':
1312 rules_policy = NONE;
1313 log_printf(L_INFO, "Filter policy set to NONE\n");
1314 break;
1315 default:
1316 log_printf(L_WARNING, "Invalid filter policy, reverting to ENFORCE.");
1317 rules_policy = ENFORCE;
1318 }
1319 break;
1156 1320 case 's': case 's':
1157 1321 /* Shared secret */ /* Shared secret */
1158 1322 use_shared_secret = 1; use_shared_secret = 1;
 
... ... int main(int argc, char *argv[])
1196 1360 { {
1197 1361 log_printf(L_INFO, "Server in ToxID whitelisting mode - only clients listed with -i can connect"); log_printf(L_INFO, "Server in ToxID whitelisting mode - only clients listed with -i can connect");
1198 1362 } }
1363
1364 if((!client_mode) && (rules_policy != NONE))
1365 {
1366 load_rules();
1367 }
1199 1368
1200 1369 if(daemonize) if(daemonize)
1201 1370 { {
 
... ... int main(int argc, char *argv[])
1280 1449
1281 1450 tox_callback_friend_request(tox, accept_friend_request, NULL); tox_callback_friend_request(tox, accept_friend_request, NULL);
1282 1451 do_server_loop(); do_server_loop();
1452 clear_rules();
1283 1453 } }
1284 1454
1285 1455 return 0; return 0;
File main.h changed (mode: 100644) (index 65494ef..c6579e2)
... ... typedef struct protocol_frame_t {
73 73 uint8_t *data; uint8_t *data;
74 74 } protocol_frame; } protocol_frame;
75 75
76 /* Rules policy */
77 enum rules_policy_enum { ENFORCE, VALIDATE, NONE };
78 typedef struct rule {
79 uint16_t port;
80 char * host;
81 struct rule *next;
82 } rule;
76 83
77 84 /**** GLOBAL VARIABLES ****/ /**** GLOBAL VARIABLES ****/
78 85 extern Tox *tox; extern Tox *tox;
Hints:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/gdr/tuntox

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/gdr/tuntox

Clone this repository using git:
git clone git://git.rocketgit.com/user/gdr/tuntox

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main