Etusivu Tutki Apua
Kirjaudu sisään
cbocovic
/
slitheen
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: 8bf3af4fe0
Branchit Tagit
slitheen
/
relay_station
/
slitheen-proxy.c

slitheen-proxy.c 22 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687 
  1. /* Name: slitheen-proxy.c 
    2. 

  2.  *
    3. 

  3.  * Slitheen - a decoy routing system for censorship resistance
    4. 

  4.  * Copyright (C) 2017 Cecylia Bocovich (cbocovic@uwaterloo.ca)
    5. 

  5.  *
    6. 

  6.  * This program is free software: you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License as published by
    8. 

  8.  * the Free Software Foundation, version 3.
    9. 

  9.  *
    10. 

  10.  * This program is distributed in the hope that it will be useful,
    11. 

  11.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13.  * GNU General Public License for more details.
    14. 

  14.  * 
    15. 

  15.  * You should have received a copy of the GNU General Public License
    16. 

  16.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17.  *
    18. 

  18.  * Additional permission under GNU GPL version 3 section 7
    19. 

  19.  * 
    20. 

  20.  * If you modify this Program, or any covered work, by linking or combining
    21. 

  21.  * it with the OpenSSL library (or a modified version of that library), 
    22. 

  22.  * containing parts covered by the terms of [name of library's license],
    23. 

  23.  * the licensors of this Program grant you additional permission to convey
    24. 

  24.  * the resulting work. {Corresponding Source for a non-source form of such
    25. 

  25.  * a combination shall include the source code for the parts of the OpenSSL
    26. 

  26.  * library used as well as that of the covered work.}
    27. 

  27.  */
    28. 

  28. 

  29. #include <pcap.h>
    30. 

  30. #include <stdio.h>
    31. 

  31. #include <stdlib.h>
    32. 

  32. #include <unistd.h>
    33. 

  33. #include <string.h>
    34. 

  34. #include <pthread.h>
    35. 

  35. #include <sys/ioctl.h>
    36. 

  36. #include <net/if.h>
    37. 

  37. #include <openssl/ssl.h>
    38. 

  38. 

  39. #include "util.h"
    40. 

  40. #include "flow.h"
    41. 

  41. #include "slitheen.h"
    42. 

  42. #include "relay.h"
    43. 

  43. #include "crypto.h"
    44. 

  44. #include "cryptothread.h"
    45. 

  45. 

  46. 

  47. void save_packet(flow *f, struct packet_info *info);
    48. 

  48. void update_window_expiration(flow *f, struct packet_info *info);
    49. 

  49. void retransmit(flow *f, struct packet_info *info, uint32_t data_to_fill);
    50. 

  50. 

  51. void usage(void){
    52. 

  52. 	printf("Usage: slitheen-proxy [internal network interface] [NAT interface]\n");
    53. 

  53. }
    54. 

  54. 

  55. int main(int argc, char *argv[]){
    56. 

  56. 	pthread_t t1, t2;
    57. 

  57. 

  58. 	char *dev1 = NULL; /* Device that leads to the internal network */
    59. 

  59. 	char *dev2 = NULL; /* Device that leads out to the world */
    60. 

  60. 

  61. 	struct sniff_args outbound;
    62. 

  62. 	struct sniff_args inbound;
    63. 

  63. 

  64. 	if (argc != 3) { 
    65. 

  65. 		usage();
    66. 

  66. 		return(2);
    67. 

  67. 	}
    68. 

  68. 	dev1 = argv[1];
    69. 

  69. 	dev2 = argv[2];
    70. 

  70. 

  71. 	if(init_tables()){
    72. 

  72. 		exit(1);
    73. 

  73. 	}
    74. 

  74. 	if(init_session_cache()){
    75. 

  75. 		exit(1);
    76. 

  76. 	}
    77. 

  77. 	init_crypto_locks();
    78. 

  78. 

  79. 	/* Create threads */
    80. 

  80. 	outbound.readdev = dev1;
    81. 

  81. 	outbound.writedev = dev2;
    82. 

  82. 

  83. 	inbound.readdev = dev2;
    84. 

  84. 	inbound.writedev = dev1;
    85. 

  85. 

  86. 	pthread_create(&t1, NULL, sniff_packets, (void *) &outbound);
    87. 

  87. 	pthread_create(&t2, NULL, sniff_packets, (void *) &inbound);
    88. 

  88. 

  89. 	pthread_join(t1, NULL);
    90. 

  90. 	pthread_join(t2, NULL);
    91. 

  91. 

  92. 	pthread_exit(NULL);
    93. 

  93. 

  94. 	crypto_locks_cleanup();
    95. 

  95. 

  96. 	return(0);
    97. 

  97. }
    98. 

  98. 

  99. void *sniff_packets(void *args){
    100. 

  100. 	pcap_t *rd_handle;
    101. 

  101. 	pcap_t *wr_handle;
    102. 

  102. 	char rd_errbuf[BUFSIZ];
    103. 

  103. 	char wr_errbuf[BUFSIZ];
    104. 

  104.         uint8_t MAC[ETHER_ADDR_LEN];
    105. 

  105. 	bpf_u_int32 mask;
    106. 

  106. 	bpf_u_int32 net;
    107. 

  107. 

  108. 	char *readdev, *writedev;
    109. 

  109. 	struct sniff_args *arg_st = (struct sniff_args *) args;
    110. 

  110. 	readdev = arg_st->readdev;
    111. 

  111. 	writedev = arg_st->writedev;
    112. 

  112. 

  113.         //Find MAC address of each interface
    114. 

  114.         struct ifreq ifr;
    115. 

  115.         int s = socket(AF_INET, SOCK_DGRAM, 0);
    116. 

  116.         strcpy(ifr.ifr_name, writedev);
    117. 

  117.         ioctl(s, SIOCGIFHWADDR, &ifr);
    118. 

  118.         memcpy(MAC, ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN);
    119. 

  119.         close(s);
    120. 

  120. 

  121. 	if (pcap_lookupnet(readdev, &net, &mask, rd_errbuf) == -1){
    122. 

  122. 		fprintf(stderr, "Can't get netmask for device %s\n", readdev);
    123. 

  123. 		exit(2);
    124. 

  124. 	}
    125. 

  125. 

  126. 	rd_handle = pcap_open_live(readdev, BUFSIZ, 0, 0, rd_errbuf);
    127. 

  127. 	if (rd_handle == NULL){
    128. 

  128. 		fprintf(stderr, "Couldn't open device %s: %s\n", readdev, rd_errbuf);
    129. 

  129. 	}
    130. 

  130. 

  131. 	if(pcap_datalink(rd_handle) != DLT_EN10MB) {
    132. 

  132. 		fprintf(stderr, "Device %s does not provide Ethernet headers - not supported\n", readdev);
    133. 

  133. 		exit(2);
    134. 

  134. 	}
    135. 

  135. 

  136. 	if(pcap_setdirection(rd_handle, PCAP_D_IN)){
    137. 

  137. 		fprintf(stderr, "Platform does not support write direction. Update filters with MAC address\n");
    138. 

  138. 		exit(2);
    139. 

  139. 	}
    140. 

  140. 

  141. 	wr_handle = pcap_open_live(writedev, BUFSIZ, 0, 0, wr_errbuf);
    142. 

  142. 	if (wr_handle == NULL){
    143. 

  143. 		fprintf(stderr, "Couldn't open device %s: %s\n", writedev, wr_errbuf);
    144. 

  144. 	}
    145. 

  145. 

  146.         struct inject_args iargs;
    147. 

  147.         iargs.mac_addr = MAC;
    148. 

  148.         iargs.write_dev = wr_handle;
    149. 

  149. 

  150. 

  151. 	/*callback function*/
    152. 

  152. 	pcap_loop(rd_handle, -1, got_packet, (unsigned char *) &iargs);
    153. 

  153. 

  154. 	/*Sniff a packet*/
    155. 

  155. 	pcap_close(rd_handle);
    156. 

  156. 

  157. 	return NULL;
    158. 

  158. }
    159. 

  159. 

  160. 

  161. /*
    162. 

  162.  * Injects a packet back out the opposite interface
    163. 

  163.  */
    164. 

  164. void inject_packet(struct inject_args *iargs, const struct pcap_pkthdr *header, uint8_t *packet){
    165. 

  165.     pcap_t *handle = iargs->write_dev;
    166. 

  166. 

  167.     //write back out to the MAC ADDR it came in on
    168. 

  168.     memmove(packet, packet+ETHER_ADDR_LEN, ETHER_ADDR_LEN);
    169. 

  169.     memcpy(packet+ETHER_ADDR_LEN, iargs->mac_addr, ETHER_ADDR_LEN);
    170. 

  170. 

  171.     if((pcap_inject(handle, packet, header->len)) < 0 ){
    172. 

  172.         fprintf(stderr, "Error: %s\n", pcap_geterr(handle));
    173. 

  173.         printf("Length: %d\n", header->len);
    174. 

  174.     }
    175. 

  175. 

  176. #ifdef DEBUG
    177. 

  177.     fprintf(stderr, "injected the following packet:\n");
    178. 

  178.     for(int i=0; i< header->len; i++){
    179. 

  179.         fprintf(stderr, "%02x ", packet[i]);
    180. 

  180.     }
    181. 

  181.     fprintf(stderr, "\n");
    182. 

  182. 

  183. #endif
    184. 

  184.     free(packet);
    185. 

  185. }
    186. 

  186. 

  187. /**
    188. 

  188.  * Runs when pcap_loop receives a packet from the specified interface
    189. 

  189.  * If the received packet is a tcp packet, processes it and then writes it back out
    190. 

  190.  * to the interface
    191. 

  191.  *
    192. 

  192.  */
    193. 

  193. void got_packet(uint8_t *args, const struct pcap_pkthdr *header, const uint8_t *packet){
    194. 

  194.     struct inject_args *iargs = (struct inject_args *) args;
    195. 

  195. 

  196.     uint8_t *tmp_packet = emalloc(header->len);
    197. 

  197.     memcpy(tmp_packet, packet, header->len);
    198. 

  198. 

  199.     process_packet(iargs, header, tmp_packet);
    200. 

  200. }
    201. 

  201. 

  202. /* This function receives a full ip packet and then:
    203. 

  203.  * 	1) identifies the flow
    204. 

  204.  * 	2) adds the packet to the flow's data chain
    205. 

  205.  * 	3) updates the flow's state
    206. 

  206.  */
    207. 

  207. void process_packet(struct inject_args *iargs, const struct pcap_pkthdr *header, uint8_t *packet){
    208. 

  208. 

  209.     struct packet_info *info = emalloc(sizeof(struct packet_info));
    210. 

  210.     extract_packet_headers(packet, info);
    211. 

  211. 

  212.     //Ignore non-TCP packets (shouldn't actually get any)
    213. 

  213.     if((info->ip_hdr == NULL) || (info->tcp_hdr == NULL)){
    214. 

  214.         free(info);
    215. 

  215.         free(packet);
    216. 

  216.         return;
    217. 

  217.     }
    218. 

  218. 

  219.     /* Checks to see if this is a possibly tagged hello msg */
    220. 

  220.     if ((info->record_hdr != NULL) && (info->record_hdr->type == HS)){ /* This is a TLS handshake */
    221. 

  221.         check_handshake(info);
    222. 

  222.     }
    223. 

  223. 

  224.     /* Now if flow is in table, update state */
    225. 

  225.     flow *observed;
    226. 

  226.     if((observed = check_flow(info)) != NULL){
    227. 

  227.     
    228. 

  228. #ifdef DEBUG
    229. 

  229.         /*Check sequence number and replay application data if necessary*/
    230. 

  230.         fprintf(stdout,"Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != observed->src_ip.s_addr)? "incoming":"outgoing");
    231. 

  231.         fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
    232. 

  232.         fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
    233. 

  233.         fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
    234. 

  234. #endif
    235. 

  235. 

  236.         uint8_t incoming = (info->ip_hdr->src.s_addr != observed->src_ip.s_addr)? 1 : 0;
    237. 

  237.         uint32_t seq_num = htonl(info->tcp_hdr->sequence_num);
    238. 

  238.         uint32_t expected_seq = (incoming)? observed->downstream_seq_num : observed->upstream_seq_num;
    239. 

  239. #ifdef DEBUG
    240. 

  240.         fprintf(stdout,"Expected sequence number: %u\n", expected_seq);
    241. 

  241. #endif
    242. 

  242. 

  243.         /* Remove acknowledged data from queue after TCP window is exceeded */
    244. 

  244.         update_window_expiration(observed, info);
    245. 

  245. 

  246.         /* fill with retransmit data, process new data */
    247. 

  247.         uint32_t data_to_fill;
    248. 

  248.         uint32_t data_to_process;
    249. 

  249. 

  250.         if(seq_num > expected_seq){
    251. 

  251.             data_to_process = info->app_data_len;
    252. 

  252.             data_to_fill = 0;
    253. 

  253.         } else if (seq_num + info->app_data_len > expected_seq){
    254. 

  254.             data_to_fill = expected_seq - seq_num;
    255. 

  255.             data_to_process = seq_num + info->app_data_len - expected_seq;
    256. 

  256.         } else {
    257. 

  257.             data_to_fill = info->app_data_len;
    258. 

  258.             data_to_process = 0;
    259. 

  259.         }
    260. 

  260. 

  261.         uint8_t *p = info->app_data;
    262. 

  262. 

  263.         if(data_to_fill){ //retransmit
    264. 

  264.             printf("Retransmiting data (%u:%u)\n", seq_num, seq_num + info->app_data_len);
    265. 

  265.             retransmit(observed, info, data_to_fill);
    266. 

  266.         }
    267. 

  267. 

  268.         p += data_to_fill;
    269. 

  269. 

  270.         if(data_to_process){
    271. 

  271. 

  272.             if(p != info->app_data){
    273. 

  273.                 printf("UH OH something weird might happen\n");
    274. 

  274.             }
    275. 

  275. 

  276.             if(observed->application){
    277. 

  277.                 if(seq_num > expected_seq){
    278. 

  278.                     //For now, enters into FORFEIT state
    279. 

  279.                     //TODO: change upstream behaviour to try to mask slitheen hdr
    280. 

  280.                     //printf("ERROR: future packet in app data, forfeiting flow\n");
    281. 

  281.                     remove_flow(observed);
    282. 

  282.                     goto err;
    283. 

  283.                 }
    284. 

  284. 

  285.                 replace_packet(observed, info);
    286. 

  286.             } else {
    287. 

  287.                 //We're still in the TLS handshake; hold packets misordered packets
    288. 

  288. 

  289.                 if(seq_num > expected_seq){
    290. 

  290.                     //Delay and process later
    291. 

  291.                     frame *new_frame = ecalloc(1, sizeof(frame));
    292. 

  292.                     new_frame->iargs = iargs;
    293. 

  293.                     new_frame->packet = packet;
    294. 

  294.                     new_frame->header = header;
    295. 

  295.                     new_frame->seq_num = seq_num;
    296. 

  296.                     new_frame->next = NULL;
    297. 

  297.                     frame_queue *queue = (incoming) ? observed->ds_frame_queue : observed->us_frame_queue;
    298. 

  298.                     printf("Delay processing of frame (seq = %u )\n", seq_num);
    299. 

  299. 

  300.                     //add to end of list
    301. 

  301.                     if(queue->first_frame == NULL){
    302. 

  302.                         queue->first_frame = new_frame;
    303. 

  303.                     } else {
    304. 

  304.                         frame *last = queue->first_frame;
    305. 

  305.                         while(last->next != NULL){
    306. 

  306.                             last = last->next;
    307. 

  307.                         }
    308. 

  308.                         last->next = new_frame;
    309. 

  309.                     }
    310. 

  310. 

  311.                     free(info);
    312. 

  312.                     observed->ref_ctr--;
    313. 

  313.                     printf("Misordered packet. %p ref_ctr %d\n", observed, observed->ref_ctr);
    314. 

  314. 

  315.                     return; //TODO: fix terrible spaghetti returns
    316. 

  316.                 }
    317. 

  317. 

  318.                 /* Pass data to packet chain */
    319. 

  319.                 if(observed->stall){
    320. 

  320. 

  321.                 }
    322. 

  322.                 if(add_packet(observed, info)){//removed_flow
    323. 

  323.                     goto err;
    324. 

  324.                 }
    325. 

  325.             }
    326. 

  326. 

  327.             /* Update TCP state */
    328. 

  328.             if(info->tcp_hdr->flags & (FIN | RST) ){
    329. 

  329.                 /* Remove flow from table, connection ended */
    330. 

  330.                 remove_flow(observed);
    331. 

  331.                 goto err;
    332. 

  332.             }
    333. 

  333. 

  334.             /* add packet to application data queue */
    335. 

  335.             save_packet(observed, info);
    336. 

  336.         }
    337. 

  337.         
    338. 

  338. 

  339.         /*process and release held frames with current sequence numbers*/
    340. 

  340.         frame_queue *queue = (incoming) ? observed->ds_frame_queue : observed->us_frame_queue;
    341. 

  341.         frame *first = queue->first_frame;
    342. 

  342.         frame *prev = queue->first_frame;
    343. 

  343.         expected_seq = (incoming)? observed->downstream_seq_num : observed->upstream_seq_num;
    344. 

  344. 

  345.         while (first != NULL){
    346. 

  346. 

  347.             if(first->seq_num <= expected_seq){
    348. 

  348.                 //remove from queue and process
    349. 

  349.                 if(first == queue->first_frame) {
    350. 

  350.                     queue->first_frame = first->next;
    351. 

  351.                 } else {
    352. 

  352.                     prev->next = first->next;
    353. 

  353.                 }
    354. 

  354.                 printf("Now processing frame (seq = %u )\n", first->seq_num);
    355. 

  355.                 process_packet(iargs, first->header, first->packet);
    356. 

  356.                 free(first);
    357. 

  357.                 first = queue->first_frame;
    358. 

  358.                 prev = queue->first_frame;
    359. 

  359.             } else {
    360. 

  360.                 prev = first;
    361. 

  361.                 first = first->next;
    362. 

  362.             }
    363. 

  363.         }
    364. 

  364. 

  365.         observed->ref_ctr--;
    366. 

  366.         printf("Finished processing packet. %p ref_ctr %d\n", observed, observed->ref_ctr);
    367. 

  367.     }
    368. 

  368. 

  369. err:
    370. 

  370.     free(info);//Note: don't free this while a thread is using it
    371. 

  371. 

  372.     inject_packet(iargs, header, packet);
    373. 

  373. 

  374.     return;
    375. 

  375. 

  376. 

  377. }
    378. 

  378. 

  379. //TODO: rewrite this function to remove bloat
    380. 

  380. void save_packet(flow *f, struct packet_info *info){
    381. 

  381. 

  382.     uint8_t incoming = (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? 1 : 0;
    383. 

  383.     uint32_t seq_num = htonl(info->tcp_hdr->sequence_num);
    384. 

  384. 

  385.     //add new app block
    386. 

  386.     packet *new_block = ecalloc(1, sizeof(packet));
    387. 

  387.     new_block->seq_num = htonl(info->tcp_hdr->sequence_num);
    388. 

  388.     new_block->data = ecalloc(1, info->app_data_len);
    389. 

  389.     memcpy(new_block->data, info->app_data, info->app_data_len);
    390. 

  390.     new_block->len = info->app_data_len;
    391. 

  391.     new_block->next = NULL;
    392. 

  392.     new_block->expiration = 0;
    393. 

  393. 

  394.     packet *saved_data = (incoming)? f->downstream_app_data->first_packet :
    395. 

  395.         f->upstream_app_data->first_packet;
    396. 

  396. 

  397.     //put app data block in queue
    398. 

  398.     if(saved_data == NULL){
    399. 

  399.         if(incoming){
    400. 

  400.             f->downstream_app_data->first_packet = new_block;
    401. 

  401.             if(new_block->seq_num ==
    402. 

  402.                     f->downstream_seq_num){
    403. 

  403.                 f->downstream_seq_num += new_block->len;
    404. 

  404. #ifdef DEBUG
    405. 

  405.                 printf("Updated downstream expected seqnum to %u\n",
    406. 

  406.                         f->downstream_seq_num );
    407. 

  407. #endif
    408. 

  408.             }
    409. 

  409.         } else {
    410. 

  410.             f->upstream_app_data->first_packet = new_block;
    411. 

  411.             if(new_block->seq_num ==
    412. 

  412.                     f->upstream_seq_num){
    413. 

  413.                 f->upstream_seq_num += new_block->len;
    414. 

  414. #ifdef DEBUG
    415. 

  415.                 printf("Updated upstream expected seqnum to %u\n",
    416. 

  416.                         f->upstream_seq_num );
    417. 

  417. #endif
    418. 

  418.             }
    419. 

  419.         }
    420. 

  420. 

  421.     } else {
    422. 

  422.         uint8_t saved = 0;
    423. 

  423.         while(saved_data->next != NULL){
    424. 

  424.             if(!saved && (saved_data->next->seq_num > seq_num)){
    425. 

  425.                 new_block->next = saved_data->next;
    426. 

  426.                 saved_data->next = new_block;
    427. 

  427.                 saved = 1;
    428. 

  428.             }
    429. 

  429. 

  430.             //update expected sequence number
    431. 

  431.             if(incoming){
    432. 

  432.                 if(saved_data->next->seq_num ==
    433. 

  433.                         f->downstream_seq_num){
    434. 

  434.                     f->downstream_seq_num += saved_data->next->len;
    435. 

  435. #ifdef DEBUG
    436. 

  436.                     printf("Updated downstream expected seqnum to %u\n",
    437. 

  437.                             f->downstream_seq_num );
    438. 

  438. #endif
    439. 

  439.                 }
    440. 

  440.             } else {//outgoing
    441. 

  441.                 if(saved_data->next->seq_num ==
    442. 

  442.                         f->upstream_seq_num){
    443. 

  443.                     f->upstream_seq_num += saved_data->next->len;
    444. 

  444. #ifdef DEBUG
    445. 

  445.                     printf("Updated upstream expected seqnum to %u\n",
    446. 

  446.                             f->upstream_seq_num );
    447. 

  447. #endif
    448. 

  448.                 }
    449. 

  449.             }
    450. 

  450.                 
    451. 

  451.             saved_data = saved_data->next;
    452. 

  452. 

  453.         }
    454. 

  454.         if(!saved){
    455. 

  455.             saved_data->next = new_block;
    456. 

  456.             //update expected sequence number
    457. 

  457.             if(incoming){
    458. 

  458.                 if(saved_data->next->seq_num ==
    459. 

  459.                         f->downstream_seq_num){
    460. 

  460.                     f->downstream_seq_num += saved_data->next->len;
    461. 

  461. #ifdef DEBUG
    462. 

  462.                     printf("Updated downstream expected seqnum to %u\n",
    463. 

  463.                             f->downstream_seq_num );
    464. 

  464. #endif
    465. 

  465.                 }
    466. 

  466.             } else {//outgoing
    467. 

  467.                 if(saved_data->next->seq_num ==
    468. 

  468.                         f->upstream_seq_num){
    469. 

  469.                     f->upstream_seq_num += saved_data->next->len;
    470. 

  470. #ifdef DEBUG
    471. 

  471.                     printf("Updated upstream expected seqnum to %u\n",
    472. 

  472.                             f->upstream_seq_num );
    473. 

  473. #endif
    474. 

  474.                 }
    475. 

  475.             }
    476. 

  476. 

  477.         }
    478. 

  478.     }
    479. 

  479. }
    480. 

  480. 

  481. /**
    482. 

  482.  * This function cleans up data that has been acked, after the TCP window of the recipient has been
    483. 

  483.  * exceeded. This ensures that a retransmisson of the data will no longer occur.
    484. 

  484.  *
    485. 

  485.  * Sets the expiration for recent data base on the TCP window
    486. 

  486.  */
    487. 

  487. void update_window_expiration(flow *f, struct packet_info *info){
    488. 

  488. 

  489.     uint8_t incoming = (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? 1 : 0;
    490. 

  490.     uint32_t ack_num = htonl(info->tcp_hdr->ack_num);
    491. 

  491.     uint32_t end_seq = htonl(info->tcp_hdr->sequence_num) + info->app_data_len - 1;
    492. 

  492.     uint32_t window = ack_num + htons(info->tcp_hdr->win_size);
    493. 

  493. 

  494. #ifdef DEBUG
    495. 

  495.     printf("Received sequence number %u\n", htonl(info->tcp_hdr->sequence_num));
    496. 

  496.     printf("Acknowledged up to %u with window expiring at %u\n", ack_num, window);
    497. 

  497.     printf("Removing all packets up to %u\n", end_seq);
    498. 

  498. #endif
    499. 

  499. 

  500.     packet *saved_data = (incoming)? f->downstream_app_data->first_packet :
    501. 

  501.         f->upstream_app_data->first_packet;
    502. 

  502.     while((saved_data != NULL) && (saved_data->expiration != 0) && (end_seq > saved_data->expiration)){
    503. 

  503.         //remove entire block
    504. 

  504.         if(incoming){
    505. 

  505.             f->downstream_app_data->first_packet = saved_data->next;
    506. 

  506.         } else {
    507. 

  507.             f->upstream_app_data->first_packet = saved_data->next;
    508. 

  508.         }
    509. 

  509. 

  510.         free(saved_data->data);
    511. 

  511.         free(saved_data);
    512. 

  512.         saved_data = (incoming)? f->downstream_app_data->first_packet :
    513. 

  513.             f->upstream_app_data->first_packet;
    514. 

  514. 

  515. #ifdef DEBUG
    516. 

  516.         if(saved_data != NULL){
    517. 

  517.             printf("Currently saved seq_num is now %u\n", saved_data->seq_num);
    518. 

  518.         } else {
    519. 

  519.             printf("Acked all data, queue is empty\n");
    520. 

  520.         }
    521. 

  521. #endif
    522. 

  522. 

  523.     }
    524. 

  524. 

  525.     /* Update expiration for packets based on TCP window size */
    526. 

  526.     saved_data = (incoming)? f->upstream_app_data->first_packet :
    527. 

  527.         f->downstream_app_data->first_packet;
    528. 

  528.     while((saved_data != NULL) && (ack_num > saved_data->seq_num)){
    529. 

  529.         //update window
    530. 

  530.         if(ack_num >= saved_data->seq_num + saved_data->len){
    531. 

  531.             //remove entire block
    532. 

  532.             saved_data->expiration = window;
    533. 

  533.         }
    534. 

  534.         saved_data = saved_data->next;
    535. 

  535.     }
    536. 

  536. 

  537. }
    538. 

  538. 

  539. /**
    540. 

  540.  * This function retransmits previously sent (and possibly modified) data
    541. 

  541.  *
    542. 

  542.  */
    543. 

  543. void retransmit(flow *f, struct packet_info *info, uint32_t data_to_fill){
    544. 

  544. 

  545.     uint8_t *p = info->app_data;
    546. 

  546.     uint32_t seq_num = htonl(info->tcp_hdr->sequence_num);
    547. 

  547.     uint8_t incoming = (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? 1 : 0;
    548. 

  548. 

  549.     packet *saved_data = (incoming)? f->downstream_app_data->first_packet :
    550. 

  550.         f->upstream_app_data->first_packet;
    551. 

  551. 

  552.     while(data_to_fill > 0){
    553. 

  553.         if(saved_data == NULL){
    554. 

  554.             //have already acked all data
    555. 

  555.             p += data_to_fill;
    556. 

  556.             seq_num += data_to_fill;
    557. 

  557.             data_to_fill -= data_to_fill;
    558. 

  558.             continue;
    559. 

  559.         }
    560. 

  560. 

  561.         if(seq_num < saved_data->seq_num){
    562. 

  562.             //we are missing a block. Use what was given
    563. 

  563.             if(saved_data->seq_num - seq_num > data_to_fill){
    564. 

  564.                 //skip the rest
    565. 

  565.                 p += data_to_fill;
    566. 

  566.                 seq_num += data_to_fill;
    567. 

  567.                 data_to_fill -= data_to_fill;
    568. 

  568.             } else {
    569. 

  569.                 p += saved_data->seq_num - seq_num;
    570. 

  570.                 data_to_fill -= saved_data->seq_num - seq_num;
    571. 

  571.                 seq_num += saved_data->seq_num - seq_num;
    572. 

  572.             }
    573. 

  573.         } else if ( seq_num == saved_data->seq_num) {
    574. 

  574. 

  575.             if(data_to_fill >= saved_data->len){
    576. 

  576.                 //exhaust this block and move onto next one
    577. 

  577.                 memcpy(p, saved_data->data, saved_data->len);
    578. 

  578.                 p += saved_data->len;
    579. 

  579.                 seq_num += saved_data->len;
    580. 

  580.                 data_to_fill -= saved_data->len;
    581. 

  581.                 saved_data = saved_data->next;
    582. 

  582.             } else {
    583. 

  583.                 //fill with partial block
    584. 

  584.                 memcpy(p, saved_data->data, data_to_fill);
    585. 

  585.                 p += data_to_fill;
    586. 

  586.                 seq_num += data_to_fill;
    587. 

  587.                 data_to_fill -= data_to_fill;
    588. 

  588.             }
    589. 

  589.         } else { //seq_num > saved_data->seq_num
    590. 

  590.             uint32_t offset = seq_num - saved_data->seq_num;
    591. 

  591.             
    592. 

  592.             if(offset > saved_data->len){
    593. 

  593.                 saved_data = saved_data->next;
    594. 

  594.                 offset -= saved_data->len;
    595. 

  595.             } else {
    596. 

  596.                 if(data_to_fill > saved_data->len - offset){
    597. 

  597.                     memcpy(p, saved_data->data + offset, saved_data->len - offset);
    598. 

  598.                     p += saved_data->len - offset;
    599. 

  599.                     seq_num += saved_data->len - offset;
    600. 

  600.                     data_to_fill -= saved_data->len - offset;
    601. 

  601.                     saved_data = saved_data->next;
    602. 

  602.                 } else {
    603. 

  603.                     memcpy(p, saved_data->data + offset, data_to_fill);
    604. 

  604.                     p += data_to_fill;
    605. 

  605.                     seq_num += data_to_fill;
    606. 

  606.                     data_to_fill -= data_to_fill;
    607. 

  607.                 }
    608. 

  608.             }
    609. 

  609.         }
    610. 

  610.     }
    611. 

  611.     tcp_checksum(info);//update checksum
    612. 

  612. }
    613. 

  613. 

  614. /** This function extracts the ip, tcp, and tls record headers
    615. 

  615.  * 	from a received packet (if they exist), and put them in 
    616. 

  616.  * 	a packet_info struct
    617. 

  617.  * 	
    618. 

  618.  */
    619. 

  619. void extract_packet_headers(uint8_t *packet, struct packet_info *info){
    620. 

  620. 

  621. 	/* First fill in IP header */
    622. 

  622. 	uint8_t *p = packet;
    623. 

  623. 	p += ETHER_HEADER_LEN; //skip ethernet header
    624. 

  624. 	info->ip_hdr = (struct ip_header*) p;
    625. 

  625. 	info->size_ip_hdr = IP_HEADER_LEN(info->ip_hdr);
    626. 

  626. 	
    627. 

  627. 	/* Verify this is an IP packet */
    628. 

  628. 	if( (info->ip_hdr->versionihl >>4) != 4){
    629. 

  629. 		info->ip_hdr = NULL;
    630. 

  630. 		info->size_ip_hdr = 0;
    631. 

  631. 		info->tcp_hdr = NULL;
    632. 

  632. 		info->size_tcp_hdr = 0;
    633. 

  633. 		info->record_hdr = NULL;
    634. 

  634. 		return;
    635. 

  635. 	}
    636. 

  636. 

  637. 	/* If this is a TCP segment, fill in TCP header */
    638. 

  638. 	if (info->ip_hdr->proto == IPPROTO_TCP){
    639. 

  639. 		p += info->size_ip_hdr;	//skip IP header
    640. 

  640. 

  641. 		info->tcp_hdr = (struct tcp_header*) p;
    642. 

  642. 		info->size_tcp_hdr = TCP_HEADER_LEN(info->tcp_hdr);
    643. 

  643. 		p += info->size_tcp_hdr;
    644. 

  644. 	} else {
    645. 

  645. 		info->tcp_hdr = NULL;
    646. 

  646. 		info->size_tcp_hdr = 0;
    647. 

  647. 		info->record_hdr = NULL;
    648. 

  648. 		return;
    649. 

  649. 	}
    650. 

  650. 

  651. 

  652. 	/* If the application data contains a TLS record, fill in hdr */
    653. 

  653. 	info->app_data_len = htons(info->ip_hdr->len) - (info->size_ip_hdr + info->size_tcp_hdr);
    654. 

  654. 	if(info->app_data_len > 0){
    655. 

  655. 		info->app_data = p;
    656. 

  656. 		info->record_hdr = (struct tls_header*) p;
    657. 

  657. 		
    658. 

  658. 		//check to see if this is a valid record
    659. 

  659. 		if((info->record_hdr->type < 0x14) || (info->record_hdr->type > 0x18)){
    660. 

  660. 			info->record_hdr = NULL;
    661. 

  661. 		}
    662. 

  662. 

  663. 	} else {
    664. 

  664. 		info->record_hdr = NULL;
    665. 

  665. 		info->app_data = NULL;
    666. 

  666. 	}
    667. 

  667. 

  668. 	return;
    669. 

  669. 

  670. }
    671. 

  671. 

  672. /** Copies a packet_info structure and returns a pointer to the duplicate.
    673. 

  673.  */
    674. 

  674. struct packet_info *copy_packet_info(struct packet_info *src_info){
    675. 

  675. 	struct packet_info *dst_info = emalloc(sizeof(struct packet_info));
    676. 

  676. 

  677. 	dst_info->ip_hdr = src_info->ip_hdr;
    678. 

  678. 	dst_info->tcp_hdr = src_info->tcp_hdr;
    679. 

  679. 

  680. 	dst_info->size_tcp_hdr = src_info->size_tcp_hdr;
    681. 

  681. 	dst_info->size_ip_hdr = src_info->size_ip_hdr;
    682. 

  682. 

  683. 	dst_info->app_data = src_info->app_data;
    684. 

  684. 	dst_info->app_data_len = src_info->app_data_len;
    685. 

  685. 

  686. 	return dst_info;
    687. 

  687. }
    688.