relay.c 39 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476
  1. /* Name: relay.c
  2. *
  3. * This file contains code that the relay station runs once the TLS handshake for
  4. * a tagged flow has been completed.
  5. *
  6. * These functions will extract covert data from the header
  7. * of HTTP GET requests and insert downstream data into leaf resources
  8. *
  9. * It is also responsible for keeping track of the HTTP state of the flow
  10. *
  11. * Slitheen - a decoy routing system for censorship resistance
  12. * Copyright (C) 2017 Cecylia Bocovich (cbocovic@uwaterloo.ca)
  13. *
  14. * This program is free software: you can redistribute it and/or modify
  15. * it under the terms of the GNU General Public License as published by
  16. * the Free Software Foundation, version 3.
  17. *
  18. * This program is distributed in the hope that it will be useful,
  19. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. * GNU General Public License for more details.
  22. *
  23. * You should have received a copy of the GNU General Public License
  24. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  25. *
  26. * Additional permission under GNU GPL version 3 section 7
  27. *
  28. * If you modify this Program, or any covered work, by linking or combining
  29. * it with the OpenSSL library (or a modified version of that library),
  30. * containing parts covered by the terms of the OpenSSL Licence and the
  31. * SSLeay license, the licensors of this Program grant you additional
  32. * permission to convey the resulting work. Corresponding Source for a
  33. * non-source form of such a combination shall include the source code
  34. * for the parts of the OpenSSL library used as well as that of the covered
  35. * work.
  36. */
  37. #include <stdio.h>
  38. #include <stdlib.h>
  39. #include <stdint.h>
  40. #include <regex.h>
  41. #include <sys/socket.h>
  42. #include <sys/types.h>
  43. #include <netinet/in.h>
  44. #include <netdb.h>
  45. #include <unistd.h>
  46. #include <pthread.h>
  47. #include <string.h>
  48. #include <openssl/bio.h>
  49. #include <openssl/evp.h>
  50. #include <openssl/rand.h>
  51. #include "relay.h"
  52. #include "slitheen.h"
  53. #include "flow.h"
  54. #include "crypto.h"
  55. #include "util.h"
  56. /** Called when a TLS application record is received for a
  57. * tagged flow. Upstream packets will be checked for covert
  58. * requests to censored sites, downstream packets will be
  59. * replaced with data from the censored queue or with garbage
  60. *
  61. * Inputs:
  62. * f: the tagged flow
  63. * info: the processed received application packet
  64. *
  65. * Output:
  66. * 0 on success, 1 on failure
  67. */
  68. int replace_packet(flow *f, struct packet_info *info){
  69. if (info == NULL || info->tcp_hdr == NULL){
  70. return 0;
  71. }
  72. #ifdef DEBUG
  73. fprintf(stdout,"Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
  74. fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
  75. fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
  76. fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
  77. fflush(stdout);
  78. #endif
  79. if(info->app_data_len <= 0){
  80. return 0;
  81. }
  82. /* if outgoing, decrypt and look at header */
  83. if(info->ip_hdr->src.s_addr == f->src_ip.s_addr){
  84. read_header(f, info);
  85. return 0;
  86. } else {
  87. #ifdef DEBUG
  88. printf("Current sequence number: %d\n", f->downstream_seq_num);
  89. printf("Received sequence number: %d\n", htonl(info->tcp_hdr->sequence_num));
  90. #endif
  91. uint32_t offset = htonl(info->tcp_hdr->sequence_num) - f->downstream_seq_num;
  92. if(offset == 0)
  93. f->downstream_seq_num += info->app_data_len;
  94. /* if incoming, replace with data from queue */
  95. process_downstream(f, offset, info);
  96. #ifdef DEBUG2
  97. uint8_t *p = (uint8_t *) info->tcp_hdr;
  98. fprintf(stdout, "ip hdr length: %d\n", htons(info->ip_hdr->len));
  99. fprintf(stdout, "Injecting the following packet:\n");
  100. for(int i=0; i< htons(info->ip_hdr->len)-1; i++){
  101. fprintf(stdout, "%02x ", p[i]);
  102. }
  103. fprintf(stdout, "\n");
  104. fflush(stdout);
  105. #endif
  106. }
  107. return 0;
  108. }
  109. /** Reads the HTTP header of upstream data and searches for
  110. * a covert request in an x-slitheen header. Sends this
  111. * request to the indicated site and saves the response to
  112. * the censored queue
  113. *
  114. * Inputs:
  115. * f: the tagged flow
  116. * info: the processed received packet
  117. *
  118. * Ouput:
  119. * 0 on success, 1 on failure
  120. */
  121. int read_header(flow *f, struct packet_info *info){
  122. uint8_t *p = info->app_data;
  123. if (info->tcp_hdr == NULL){
  124. return 0;
  125. }
  126. uint8_t *record_ptr = NULL;
  127. struct record_header *record_hdr;
  128. uint32_t record_length;
  129. if(f->upstream_remaining > 0){
  130. //check to see whether the previous record has finished
  131. if(f->upstream_remaining > info->app_data_len){
  132. //ignore entire packet for now
  133. queue_block *new_block = emalloc(sizeof(queue_block));
  134. uint8_t *block_data = emalloc(info->app_data_len);
  135. memcpy(block_data, p, info->app_data_len);
  136. new_block->len = info->app_data_len;
  137. new_block->offset = 0;
  138. new_block->data = block_data;
  139. new_block->next = NULL;
  140. //add block to upstream data chain
  141. if(f->upstream_queue == NULL){
  142. f->upstream_queue = new_block;
  143. } else {
  144. queue_block *last = f->upstream_queue;
  145. while(last->next != NULL){
  146. last = last->next;
  147. }
  148. last->next = new_block;
  149. }
  150. f->upstream_remaining -= info->app_data_len;
  151. return 0;
  152. } else {
  153. //process what we have
  154. record_hdr = (struct record_header*) f->upstream_queue->data;
  155. record_length = RECORD_LEN(record_hdr);
  156. record_ptr = emalloc(record_length+ RECORD_HEADER_LEN);
  157. queue_block *current = f->upstream_queue;
  158. int32_t offset =0;
  159. while(f->upstream_queue != NULL){
  160. memcpy(record_ptr+offset, current->data, current->len);
  161. offset += current->len;
  162. free(current->data);
  163. f->upstream_queue = current->next;
  164. free(current);
  165. current = f->upstream_queue;
  166. }
  167. memcpy(record_ptr+offset, p, f->upstream_remaining);
  168. p = record_ptr;
  169. record_hdr = (struct record_header*) p;
  170. f->upstream_remaining = 0;
  171. }
  172. } else {
  173. //check to see if the new record is too long
  174. record_hdr = (struct record_header*) p;
  175. record_length = RECORD_LEN(record_hdr);
  176. if(record_length + RECORD_HEADER_LEN > info->app_data_len){
  177. //add info to upstream queue
  178. queue_block *new_block = emalloc(sizeof(queue_block));
  179. uint8_t *block_data = emalloc(info->app_data_len);
  180. memcpy(block_data, p, info->app_data_len);
  181. new_block->len = info->app_data_len;
  182. new_block->data = block_data;
  183. new_block->next = NULL;
  184. //add block to upstream queue
  185. if(f->upstream_queue == NULL){
  186. f->upstream_queue = new_block;
  187. } else {
  188. queue_block *last = f->upstream_queue;
  189. while(last->next != NULL){
  190. last = last->next;
  191. }
  192. last->next = new_block;
  193. }
  194. f->upstream_remaining = record_length - new_block->len;
  195. return 0;
  196. }
  197. }
  198. p+= RECORD_HEADER_LEN;
  199. uint8_t *decrypted_data = emalloc(record_length);
  200. memcpy(decrypted_data, p, record_length);
  201. int32_t decrypted_len = encrypt(f, decrypted_data, decrypted_data, record_length, 0, record_hdr->type, 0, 0);
  202. if(decrypted_len<0){
  203. printf("US: decryption failed!\n");
  204. if(record_ptr != NULL)
  205. free(record_ptr);
  206. free(decrypted_data);
  207. return 0;
  208. }
  209. if(record_hdr->type == 0x15){
  210. printf("received alert\n");
  211. for(int i=0; i<record_length; i++){
  212. printf("%02x ", decrypted_data[i]);
  213. }
  214. fflush(stdout);
  215. //TODO: re-encrypt and return
  216. }
  217. #ifdef DEBUG
  218. printf("Upstream data: (%x:%d > %x:%d )\n",info->ip_hdr->src.s_addr,ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port));
  219. printf("%s\n", decrypted_data+EVP_GCM_TLS_EXPLICIT_IV_LEN);
  220. #endif
  221. /* search through decrypted data for x-ignore */
  222. char *header_ptr = strstr((const char *) decrypted_data+EVP_GCM_TLS_EXPLICIT_IV_LEN, "X-Slitheen");
  223. uint8_t *upstream_data;
  224. if(header_ptr == NULL){
  225. if(record_ptr != NULL)
  226. free(record_ptr);
  227. free(decrypted_data);
  228. return 0;
  229. }
  230. #ifdef DEBUG
  231. printf("UPSTREAM: Found x-slitheen header\n");
  232. fflush(stdout);
  233. fprintf(stdout,"UPSTREAM Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr,ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port) ,(info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
  234. fprintf(stdout, "Sequence number: %d\n", ntohs(info->tcp_hdr->sequence_num));
  235. #endif
  236. header_ptr += strlen("X-Slitheen: ");
  237. if(*header_ptr == '\r' || *header_ptr == '\0'){
  238. #ifdef DEBUG
  239. printf("No messages\n");
  240. #endif
  241. free(decrypted_data);
  242. return 0;
  243. }
  244. int32_t num_messages = 1;
  245. char *messages[50]; //TODO: grow this array
  246. messages[0] = header_ptr;
  247. char *c = header_ptr;
  248. while(*c != '\r' && *c != '\0'){
  249. if(*c == ' '){
  250. *c = '\0';
  251. messages[num_messages] = c+1;
  252. num_messages ++;
  253. }
  254. c++;
  255. }
  256. c++;
  257. *c = '\0';
  258. #ifdef DEBUG
  259. printf("UPSTREAM: Found %d messages\n", num_messages);
  260. #endif
  261. for(int i=0; i< num_messages-1; i++){
  262. char *message = messages[i];
  263. //b64 decode the data
  264. int32_t decode_len = strlen(message);
  265. if(message[decode_len-2] == '='){
  266. decode_len = decode_len*3/4 - 2;
  267. } else if(message[decode_len-1] == '='){
  268. decode_len = decode_len*3/4 - 1;
  269. } else {
  270. decode_len = decode_len*3/4;
  271. }
  272. upstream_data = emalloc(decode_len + 1);
  273. BIO *bio, *b64;
  274. bio = BIO_new_mem_buf(message, -1);
  275. b64 = BIO_new(BIO_f_base64());
  276. bio = BIO_push(b64, bio);
  277. BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
  278. int32_t output_len = BIO_read(bio, upstream_data, strlen(message));
  279. BIO_free_all(bio);
  280. #ifdef DEBUG
  281. printf("Decoded to get %d bytes:\n", output_len);
  282. for(int j=0; j< output_len; j++){
  283. printf("%02x ", upstream_data[j]);
  284. }
  285. printf("\n");
  286. fflush(stdout);
  287. #endif
  288. p = upstream_data;
  289. if(i== 0){
  290. //this is the Slitheen ID
  291. #ifdef DEBUG
  292. printf("Slitheen ID:");
  293. for(int j=0; j< output_len; j++){
  294. printf("%02x ", p[j]);
  295. }
  296. printf("\n");
  297. #endif
  298. //find stream table or create new one
  299. client *last = clients->first;
  300. while(last != NULL){
  301. if(!memcmp(last->slitheen_id, p, output_len)){
  302. f->streams = last->streams;
  303. f->downstream_queue = last->downstream_queue;
  304. f->client_ptr = last;
  305. break;
  306. #ifdef DEBUG
  307. } else {
  308. for(int j=0; j< output_len; j++){
  309. printf("%02x ", last->slitheen_id[j]);
  310. }
  311. printf(" != ");
  312. for(int j=0; j< output_len; j++){
  313. printf("%02x ", p[j]);
  314. }
  315. printf("\n");
  316. #endif
  317. }
  318. last = last->next;
  319. }
  320. if(f->streams == NULL){
  321. //create new client
  322. printf("Creating a new client\n");
  323. client *new_client = emalloc(sizeof(client));
  324. memcpy(new_client->slitheen_id, p, output_len);
  325. new_client->streams = emalloc(sizeof(stream_table));
  326. new_client->streams->first = NULL;
  327. new_client->downstream_queue = emalloc(sizeof(data_queue));
  328. sem_init(&(new_client->queue_lock), 0, 1);
  329. new_client->downstream_queue->first_block = NULL;
  330. new_client->encryption_counter = 0;
  331. new_client->next = NULL;
  332. /* Now generate super encryption keys */
  333. generate_client_super_keys(new_client->slitheen_id, new_client);
  334. //add to client table
  335. if(clients->first == NULL){
  336. clients->first = new_client;
  337. } else {
  338. client *last = clients->first;
  339. while(last->next != NULL){
  340. last = last->next;
  341. }
  342. last->next = new_client;
  343. }
  344. //set f's stream table
  345. f->client_ptr = new_client;
  346. f->streams = new_client->streams;
  347. f->downstream_queue = new_client->downstream_queue;
  348. }
  349. free(upstream_data);
  350. continue;
  351. }
  352. while(output_len > 0){
  353. struct sl_up_hdr *sl_hdr = (struct sl_up_hdr *) p;
  354. uint16_t stream_id = sl_hdr->stream_id;
  355. uint16_t stream_len = ntohs(sl_hdr->len);
  356. p += sizeof(struct sl_up_hdr);
  357. output_len -= sizeof(struct sl_up_hdr);
  358. stream_table *streams = f->streams;
  359. //If a thread for this stream id exists, get the thread info and pipe data
  360. int32_t stream_pipe = -1;
  361. stream *last = streams->first;
  362. if(streams->first != NULL){
  363. if(last->stream_id == stream_id){
  364. stream_pipe = last->pipefd;
  365. } else {
  366. while(last->next != NULL){
  367. last = last->next;
  368. if(last->stream_id == stream_id){
  369. stream_pipe = last->pipefd;
  370. break;
  371. }
  372. }
  373. }
  374. }
  375. if(stream_pipe != -1){
  376. if(stream_len ==0){
  377. printf("Client closed. We are here\n");
  378. close(stream_pipe);
  379. break;
  380. }
  381. #ifdef DEBUG
  382. printf("Found stream id %d\n", last->stream_id);
  383. printf("Writing %d bytes to pipe\n", stream_len);
  384. #endif
  385. int32_t bytes_sent = write(stream_pipe, p, stream_len);
  386. if(bytes_sent < 0){
  387. printf("Error sending bytes to stream pipe\n");
  388. }
  389. } else if(stream_len > 0){
  390. /*Else, spawn a thread to handle the proxy to this site*/
  391. pthread_t proxy_thread;
  392. int32_t pipefd[2];
  393. if(pipe(pipefd) < 0){
  394. free(decrypted_data);
  395. if(record_ptr != NULL)
  396. free(record_ptr);
  397. return 1;
  398. }
  399. uint8_t *initial_data = emalloc(stream_len);
  400. memcpy(initial_data, p, stream_len);
  401. struct proxy_thread_data *thread_data =
  402. emalloc(sizeof(struct proxy_thread_data));
  403. thread_data->initial_data = initial_data;
  404. thread_data->initial_len = stream_len;
  405. thread_data->stream_id = stream_id;
  406. thread_data->pipefd = pipefd[0];
  407. thread_data->streams = f->streams;
  408. thread_data->downstream_queue = f->downstream_queue;
  409. thread_data->client = f->client_ptr;
  410. pthread_create(&proxy_thread, NULL, proxy_covert_site, (void *) thread_data);
  411. pthread_detach(proxy_thread);
  412. //add stream to table
  413. stream *new_stream = emalloc(sizeof(stream));
  414. new_stream->stream_id = stream_id;
  415. new_stream->pipefd = pipefd[1];
  416. new_stream->next = NULL;
  417. if(streams->first == NULL){
  418. streams->first = new_stream;
  419. } else {
  420. stream *last = streams->first;
  421. while(last->next != NULL){
  422. last = last->next;
  423. }
  424. last->next = new_stream;
  425. }
  426. } else{
  427. printf("Error, stream len 0\n");
  428. break;
  429. }
  430. output_len -= stream_len;
  431. p += stream_len;
  432. }
  433. free(upstream_data);
  434. }
  435. //save a reference to the proxy threads in a global table
  436. free(decrypted_data);
  437. if(record_ptr != NULL)
  438. free(record_ptr);
  439. return 0;
  440. }
  441. /** Called by spawned pthreads in read_header to send upstream
  442. * data to the censored site and receive responses. Downstream
  443. * data is stored in the slitheen id's downstream_queue. Function and
  444. * thread will terminate when the client closes the connection
  445. * to the covert destination
  446. *
  447. * Input:
  448. * A struct that contains the following information:
  449. * - the tagged flow
  450. * - the initial upstream data + len (including connect request)
  451. * - the read end of the pipe
  452. * - the downstream queue for the client
  453. *
  454. */
  455. void *proxy_covert_site(void *data){
  456. struct proxy_thread_data *thread_data =
  457. (struct proxy_thread_data *) data;
  458. uint8_t *p = thread_data->initial_data;
  459. uint16_t data_len = thread_data->initial_len;
  460. uint16_t stream_id = thread_data->stream_id;
  461. int32_t bytes_sent;
  462. stream_table *streams = thread_data->streams;
  463. data_queue *downstream_queue = thread_data->downstream_queue;
  464. client *clnt = thread_data->client;
  465. struct socks_req *clnt_req = (struct socks_req *) p;
  466. p += 4;
  467. data_len -= 4;
  468. int32_t handle = -1;
  469. //see if it's a connect request
  470. if(clnt_req->cmd != 0x01){
  471. goto err;
  472. }
  473. struct sockaddr_in dest;
  474. dest.sin_family = AF_INET;
  475. uint8_t domain_len;
  476. switch(clnt_req->addr_type){
  477. case 0x01:
  478. //IPv4
  479. dest.sin_addr.s_addr = *((uint32_t*) p);
  480. p += 4;
  481. data_len -= 4;
  482. break;
  483. case 0x03:
  484. //domain name
  485. domain_len = p[0];
  486. p++;
  487. data_len --;
  488. uint8_t *domain_name = emalloc(domain_len+1);
  489. memcpy(domain_name, p, domain_len);
  490. domain_name[domain_len] = '\0';
  491. struct hostent *host;
  492. host = gethostbyname((const char *) domain_name);
  493. dest.sin_addr = *((struct in_addr *) host->h_addr);
  494. p += domain_len;
  495. data_len -= domain_len;
  496. free(domain_name);
  497. break;
  498. case 0x04:
  499. //IPv6
  500. goto err;//TODO: add IPv6 functionality
  501. break;
  502. }
  503. //now set the port
  504. dest.sin_port = *((uint16_t *) p);
  505. p += 2;
  506. data_len -= 2;
  507. handle = socket(AF_INET, SOCK_STREAM, 0);
  508. if(handle < 0){
  509. goto err;
  510. }
  511. struct sockaddr_in my_addr;
  512. socklen_t my_addr_len = sizeof(my_addr);
  513. int32_t error = connect (handle, (struct sockaddr *) &dest, sizeof (struct sockaddr));
  514. if(error <0){
  515. goto err;
  516. }
  517. getsockname(handle, (struct sockaddr *) &my_addr, &my_addr_len);
  518. //see if there were extra upstream bytes
  519. if(data_len > 0){
  520. #ifdef DEBUG
  521. printf("Data len is %d\n", data_len);
  522. printf("Upstream bytes: ");
  523. for(int i=0; i< data_len; i++){
  524. printf("%02x ", p[i]);
  525. }
  526. printf("\n");
  527. #endif
  528. bytes_sent = send(handle, p,
  529. data_len, 0);
  530. if( bytes_sent <= 0){
  531. goto err;
  532. }
  533. }
  534. uint8_t *buffer = emalloc(BUFSIZ);
  535. int32_t buffer_len = BUFSIZ;
  536. //now select on reading from the pipe and from the socket
  537. for(;;){
  538. fd_set readfds;
  539. fd_set writefds;
  540. int32_t nfds = (handle > thread_data->pipefd) ?
  541. handle +1 : thread_data->pipefd + 1;
  542. FD_ZERO(&readfds);
  543. FD_ZERO(&writefds);
  544. FD_SET(thread_data->pipefd, &readfds);
  545. FD_SET(handle, &readfds);
  546. FD_SET(handle, &writefds);
  547. if (select(nfds, &readfds, &writefds, NULL, NULL) < 0){
  548. printf("select error\n");
  549. break;
  550. }
  551. if(FD_ISSET(thread_data->pipefd, &readfds) && FD_ISSET(handle, &writefds)){
  552. //we have upstream data ready for writing
  553. int32_t bytes_read = read(thread_data->pipefd, buffer, buffer_len);
  554. if(bytes_read > 0){
  555. #ifdef DEBUG
  556. printf("PROXY (id %d): read %d bytes from pipe\n", stream_id, bytes_read);
  557. for(int i=0; i< bytes_read; i++){
  558. printf("%02x ", buffer[i]);
  559. }
  560. printf("\n");
  561. printf("%s\n", buffer);
  562. #endif
  563. bytes_sent = send(handle, buffer,
  564. bytes_read, 0);
  565. if( bytes_sent <= 0){
  566. break;
  567. } else if (bytes_sent < bytes_read){
  568. break;
  569. }
  570. } else {
  571. //Client closed the connection, we can delete this stream from the downstream queue
  572. printf("Deleting stream %d from the downstream queue\n", stream_id);
  573. sem_wait(&clnt->queue_lock);
  574. queue_block *last = downstream_queue->first_block;
  575. queue_block *prev = last;
  576. while(last != NULL){
  577. if(last->stream_id == stream_id){
  578. //remove block from queue
  579. printf("removing a block!\n");
  580. fflush(stdout);
  581. if(last == downstream_queue->first_block){
  582. downstream_queue->first_block = last->next;
  583. free(last->data);
  584. free(last);
  585. last = downstream_queue->first_block;
  586. prev = last;
  587. } else {
  588. prev->next = last->next;
  589. free(last->data);
  590. free(last);
  591. last = prev->next;
  592. }
  593. } else {
  594. prev = last;
  595. last = last->next;
  596. }
  597. }
  598. sem_post(&clnt->queue_lock);
  599. printf("Finished deleting from downstream queue\n");
  600. fflush(stdout);
  601. break;
  602. }
  603. }
  604. if (FD_ISSET(handle, &readfds)){
  605. //we have downstream data read for saving
  606. int32_t bytes_read;
  607. bytes_read = recv(handle, buffer, buffer_len, 0);
  608. if(bytes_read > 0){
  609. uint8_t *new_data = emalloc(bytes_read);
  610. memcpy(new_data, buffer, bytes_read);
  611. #ifdef DEBUG
  612. printf("PROXY (id %d): read %d bytes from censored site\n",stream_id, bytes_read);
  613. for(int i=0; i< bytes_read; i++){
  614. printf("%02x ", buffer[i]);
  615. }
  616. printf("\n");
  617. #endif
  618. //make a new queue block
  619. queue_block *new_block = emalloc(sizeof(queue_block));
  620. new_block->len = bytes_read;
  621. new_block->offset = 0;
  622. new_block->data = new_data;
  623. new_block->next = NULL;
  624. new_block->stream_id = stream_id;
  625. sem_wait(&clnt->queue_lock);
  626. if(downstream_queue->first_block == NULL){
  627. downstream_queue->first_block = new_block;
  628. }
  629. else{
  630. queue_block *last = downstream_queue->first_block;
  631. while(last->next != NULL)
  632. last = last->next;
  633. last->next = new_block;
  634. }
  635. sem_post(&clnt->queue_lock);
  636. } else {
  637. printf("PROXY (id %d): read %d bytes from censored site\n",stream_id, bytes_read);
  638. break;
  639. }
  640. }
  641. }
  642. printf("Closing connection for stream %d\n", stream_id);
  643. //remove self from list
  644. stream *last = streams->first;
  645. stream *prev = last;
  646. if(streams->first != NULL){
  647. if(last->stream_id == stream_id){
  648. streams->first = last->next;
  649. printf("Freeing (2) %p\n", last);
  650. free(last);
  651. } else {
  652. while(last->next != NULL){
  653. prev = last;
  654. last = last->next;
  655. if(last->stream_id == stream_id){
  656. prev->next = last->next;
  657. printf("Freeing (2) %p\n", last);
  658. free(last);
  659. break;
  660. }
  661. }
  662. }
  663. }
  664. if(thread_data->initial_data != NULL){
  665. free(thread_data->initial_data);
  666. }
  667. free(thread_data);
  668. free(buffer);
  669. close(handle);
  670. pthread_detach(pthread_self());
  671. pthread_exit(NULL);
  672. return 0;
  673. err:
  674. //remove self from list
  675. last = streams->first;
  676. prev = last;
  677. if(streams->first != NULL){
  678. if(last->stream_id == stream_id){
  679. streams->first = last->next;
  680. free(last);
  681. } else {
  682. while(last->next != NULL){
  683. prev = last;
  684. last = last->next;
  685. if(last->stream_id == stream_id){
  686. prev->next = last->next;
  687. free(last);
  688. break;
  689. }
  690. }
  691. }
  692. }
  693. if(thread_data->initial_data != NULL){
  694. free(thread_data->initial_data);
  695. }
  696. free(thread_data);
  697. if(handle > 0){
  698. close(handle);
  699. }
  700. pthread_detach(pthread_self());
  701. pthread_exit(NULL);
  702. return 0;
  703. }
  704. /** Replaces downstream record contents with data from the
  705. * censored queue, padding with garbage bytes if no more
  706. * censored data exists.
  707. *
  708. * Inputs:
  709. * f: the tagged flow
  710. * data: a pointer to the received packet's application
  711. * data
  712. * data_len: the length of the packet's application data
  713. * offset: if the packet is misordered, the number of
  714. * application-level bytes in missing packets
  715. *
  716. * Output:
  717. * Returns 0 on sucess
  718. */
  719. int process_downstream(flow *f, int32_t offset, struct packet_info *info){
  720. uint8_t changed = 0;
  721. uint8_t *p = info->app_data;
  722. uint32_t remaining_packet_len = info->app_data_len;
  723. if(f->remaining_record_len > 0){
  724. //ignore bytes until the end of the record
  725. if(f->remaining_record_len > remaining_packet_len){ //ignore entire packet
  726. if(f->outbox_len > 0){
  727. changed = 1;
  728. memcpy(p, f->outbox + f->outbox_offset, remaining_packet_len);
  729. f->outbox_len -= remaining_packet_len;
  730. f->outbox_offset += remaining_packet_len;
  731. }
  732. f->remaining_record_len -= remaining_packet_len;
  733. remaining_packet_len -= remaining_packet_len;
  734. } else {
  735. if(f->outbox_len > 0){
  736. changed = 1;
  737. memcpy(p, f->outbox + f->outbox_offset, f->remaining_record_len);
  738. f->outbox_len = 0;
  739. f->outbox_offset=0;
  740. free(f->outbox);
  741. }
  742. p += f->remaining_record_len;
  743. remaining_packet_len -= f->remaining_record_len;
  744. f->remaining_record_len = 0;
  745. }
  746. }
  747. while(remaining_packet_len > 0){ //while bytes remain in the packet
  748. if(remaining_packet_len < RECORD_HEADER_LEN){
  749. #ifdef DEBUG
  750. printf("partial record header: \n");
  751. for(int i= 0; i< remaining_packet_len; i++){
  752. printf("%02x ", p[i]);
  753. }
  754. printf("\n");
  755. fflush(stdout);
  756. #endif
  757. f->partial_record_header = emalloc(RECORD_HEADER_LEN);
  758. memcpy(f->partial_record_header, p, remaining_packet_len);
  759. f->partial_record_header_len = remaining_packet_len;
  760. remaining_packet_len -= remaining_packet_len;
  761. break;
  762. }
  763. struct record_header *record_hdr;
  764. if(f->partial_record_header_len > 0){
  765. memcpy(f->partial_record_header+ f->partial_record_header_len,
  766. p, RECORD_HEADER_LEN - f->partial_record_header_len);
  767. record_hdr = (struct record_header *) f->partial_record_header;
  768. } else {
  769. record_hdr = (struct record_header*) p;
  770. }
  771. uint32_t record_len = RECORD_LEN(record_hdr);
  772. #ifdef DEBUG
  773. fprintf(stdout,"Flow: %x > %x (%s)\n", info->ip_hdr->src.s_addr, info->ip_hdr->dst.s_addr, (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
  774. fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
  775. fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
  776. fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
  777. fprintf(stdout, "Record:\n");
  778. for(int i=0; i< RECORD_HEADER_LEN; i++){
  779. printf("%02x ", ((uint8_t *) record_hdr)[i]);
  780. }
  781. printf("\n");
  782. fflush(stdout);
  783. #endif
  784. p += (RECORD_HEADER_LEN - f->partial_record_header_len);
  785. remaining_packet_len -= (RECORD_HEADER_LEN - f->partial_record_header_len);
  786. uint8_t *record_ptr = p; //points to the beginning of record data
  787. uint32_t remaining_record_len = record_len;
  788. if(record_len > remaining_packet_len){
  789. int8_t increment_ctr = 1;
  790. f->remaining_record_len = record_len - remaining_packet_len;
  791. if(f->httpstate == PARSE_HEADER || f->httpstate == BEGIN_CHUNK || f->httpstate == END_CHUNK){
  792. f->httpstate = FORFEIT_REST;
  793. } else if( f->httpstate == MID_CONTENT || f->httpstate == MID_CHUNK){
  794. f->remaining_response_len -= record_len - 24; //len of IV and padding
  795. if(f->remaining_response_len >= 0 && f->replace_response){
  796. //make a huge record, encrypt it, and then place it in the outbox
  797. f->outbox = emalloc(record_len+1);
  798. f->outbox_len = record_len;
  799. f->outbox_offset = 0;
  800. if(!fill_with_downstream(f, f->outbox + EVP_GCM_TLS_EXPLICIT_IV_LEN , record_len - (EVP_GCM_TLS_EXPLICIT_IV_LEN+ 16))){
  801. //encrypt (not a re-encryption)
  802. int32_t n = encrypt(f, f->outbox, f->outbox,
  803. record_len - 16, 1,
  804. record_hdr->type, 1, 0);
  805. if(n < 0){
  806. fprintf(stdout,"outbox encryption failed\n");
  807. } else {
  808. memcpy(p, f->outbox, remaining_packet_len);
  809. changed = 1;
  810. increment_ctr = 0;
  811. f->outbox_len -= remaining_packet_len;
  812. f->outbox_offset += remaining_packet_len;
  813. }
  814. } else { //failed to fill with downstream data, client unknown
  815. free(f->outbox);
  816. f->outbox = NULL;
  817. f->outbox_len = 0;
  818. f->replace_response = 0;
  819. }
  820. }
  821. if(f->remaining_response_len == 0){
  822. if(f->httpstate == MID_CHUNK)
  823. f->httpstate = END_CHUNK;
  824. else {
  825. f->httpstate = PARSE_HEADER;
  826. }
  827. }
  828. if(f->remaining_response_len < 0){
  829. f->remaining_response_len = 0;
  830. f->httpstate = FORFEIT_REST;
  831. }
  832. }
  833. if(increment_ctr){//not decrypting record, must increment GCM ctr
  834. fake_encrypt(f, 1);
  835. }
  836. remaining_packet_len -= remaining_packet_len;
  837. if(f->partial_record_header_len > 0){
  838. f->partial_record_header_len = 0;
  839. free(f->partial_record_header);
  840. }
  841. break;
  842. }
  843. //now decrypt the record
  844. int32_t n = encrypt(f, record_ptr, record_ptr, record_len, 1,
  845. record_hdr->type, 0, 0);
  846. if(n < 0){
  847. //do something smarter here
  848. printf("Decryption failed\n");
  849. if(f->partial_record_header_len > 0){
  850. f->partial_record_header_len = 0;
  851. free(f->partial_record_header);
  852. }
  853. return 0;
  854. }
  855. changed = 1;
  856. #ifdef DEBUG_DOWN
  857. printf("Decryption succeeded\n");
  858. printf("Bytes:\n");
  859. for(int i=0; i< n; i++){
  860. printf("%02x ", record_ptr[EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
  861. }
  862. printf("\n");
  863. printf("Text:\n");
  864. printf("%s\n", record_ptr+EVP_GCM_TLS_EXPLICIT_IV_LEN);
  865. fflush(stdout);
  866. #endif
  867. p += EVP_GCM_TLS_EXPLICIT_IV_LEN;
  868. char *len_ptr, *needle;
  869. remaining_record_len = n;
  870. while(remaining_record_len > 0){
  871. switch(f->httpstate){
  872. case PARSE_HEADER:
  873. //determine whether it's transfer encoded or otherwise
  874. //figure out what the content-type is
  875. len_ptr = strstr((const char *) p, "Content-Type: image");
  876. if(len_ptr != NULL){
  877. f->replace_response = 1;
  878. memcpy(len_ptr + 14, "slitheen", 8);
  879. char *c = len_ptr + 14+8;
  880. while(c[0] != '\r'){
  881. c[0] = ' ';
  882. c++;
  883. }
  884. } else {
  885. f->replace_response = 0;
  886. }
  887. //check for 200 OK message
  888. len_ptr = strstr((const char *) p, "200 OK");
  889. if(len_ptr == NULL){
  890. f->replace_response = 0;
  891. }
  892. len_ptr = strstr((const char *) p, "Transfer-Encoding");
  893. if(len_ptr != NULL){
  894. if(!memcmp(len_ptr + 19, "chunked", 7)){
  895. //now find end of header
  896. len_ptr = strstr((const char *) p, "\r\n\r\n");
  897. if(len_ptr != NULL){
  898. f->httpstate = BEGIN_CHUNK;
  899. remaining_record_len -= (((uint8_t *)len_ptr - p) + 4);
  900. p = (uint8_t *) len_ptr + 4;
  901. }
  902. }
  903. } else {
  904. len_ptr = strstr((const char *) p, "Content-Length");
  905. if(len_ptr != NULL){
  906. len_ptr += 15;
  907. f->remaining_response_len = strtol((const char *) len_ptr, NULL, 10);
  908. #ifdef RESOURCE_DEBUG
  909. printf("content-length: %d\n", f->remaining_response_len);
  910. #endif
  911. len_ptr = strstr((const char *) p, "\r\n\r\n");
  912. if(len_ptr != NULL){
  913. f->httpstate = MID_CONTENT;
  914. remaining_record_len -= (((uint8_t *)len_ptr - p) + 4);
  915. p = (uint8_t *) len_ptr + 4;
  916. #ifdef RESOURCE_DEBUG
  917. printf("Remaining record len: %d\n", remaining_record_len);
  918. #endif
  919. } else {
  920. remaining_record_len = 0;
  921. #ifdef RESOURCE_DEBUG
  922. printf("Missing end of header. Sending to FORFEIT_REST\n");
  923. #endif
  924. f->httpstate = FORFEIT_REST;
  925. }
  926. } else {
  927. #ifdef RESOURCE_DEBUG
  928. printf("No content length of transfer encoding field, sending to FORFEIT_REST\n");
  929. #endif
  930. f->httpstate = FORFEIT_REST;
  931. remaining_record_len = 0;
  932. }
  933. }
  934. break;
  935. case MID_CONTENT:
  936. //check if content is replaceable
  937. if(f->remaining_response_len > remaining_record_len){
  938. if(f->replace_response){
  939. fill_with_downstream(f, p, remaining_record_len);
  940. #ifdef DEBUG_DOWN
  941. printf("Replaced with:\n");
  942. for(int i=0; i< remaining_record_len; i++){
  943. printf("%02x ", p[i]);
  944. }
  945. printf("\n");
  946. #endif
  947. }
  948. f->remaining_response_len -= remaining_record_len;
  949. p += remaining_record_len;
  950. remaining_record_len = 0;
  951. } else {
  952. if(f->replace_response){
  953. fill_with_downstream(f, p, remaining_record_len);
  954. #ifdef DEBUG_DOWN
  955. printf("Replaced with:\n");
  956. for(int i=0; i< remaining_record_len; i++){
  957. printf("%02x ", p[i]);
  958. }
  959. printf("\n");
  960. #endif
  961. }
  962. remaining_record_len -= f->remaining_response_len;
  963. p += f->remaining_response_len;
  964. f->httpstate = PARSE_HEADER;
  965. f->remaining_response_len = 0;
  966. }
  967. break;
  968. case BEGIN_CHUNK:
  969. {
  970. int32_t chunk_size = strtol((const char *) p, NULL, 16);
  971. if(chunk_size == 0){
  972. f->httpstate = END_BODY;
  973. } else {
  974. f->httpstate = MID_CHUNK;
  975. }
  976. f->remaining_response_len = chunk_size;
  977. needle = strstr((const char *) p, "\r\n");
  978. if(needle != NULL){
  979. remaining_record_len -= ((uint8_t *) needle - p + 2);
  980. p = (uint8_t *) needle + 2;
  981. } else {
  982. remaining_record_len = 0;
  983. f->httpstate = FORFEIT_REST;
  984. }
  985. }
  986. break;
  987. case MID_CHUNK:
  988. if(f->remaining_response_len > remaining_record_len){
  989. if(f->replace_response){
  990. fill_with_downstream(f, p, remaining_record_len);
  991. #ifdef DEBUG_DOWN
  992. printf("Replaced with:\n");
  993. for(int i=0; i< remaining_record_len; i++){
  994. printf("%02x ", p[i]);
  995. }
  996. printf("\n");
  997. #endif
  998. }
  999. f->remaining_response_len -= remaining_record_len;
  1000. p += remaining_record_len;
  1001. remaining_record_len = 0;
  1002. } else {
  1003. if(f->replace_response){
  1004. fill_with_downstream(f, p, f->remaining_response_len);
  1005. #ifdef DEBUG_DOWN
  1006. printf("Replaced with:\n");
  1007. for(int i=0; i< f->remaining_response_len; i++){
  1008. printf("%02x ", p[i]);
  1009. }
  1010. printf("\n");
  1011. #endif
  1012. }
  1013. remaining_record_len -= f->remaining_response_len;
  1014. p += f->remaining_response_len;
  1015. f->remaining_response_len = 0;
  1016. f->httpstate = END_CHUNK;
  1017. }
  1018. break;
  1019. case END_CHUNK:
  1020. needle = strstr((const char *) p, "\r\n");
  1021. if(needle != NULL){
  1022. f->httpstate = BEGIN_CHUNK;
  1023. p += 2;
  1024. remaining_record_len -= 2;
  1025. } else {
  1026. remaining_record_len = 0;
  1027. //printf("Couldn't find end of chunk, sending to FORFEIT_REST\n");
  1028. f->httpstate = FORFEIT_REST;
  1029. }
  1030. break;
  1031. case END_BODY:
  1032. needle = strstr((const char *) p, "\r\n");
  1033. if(needle != NULL){
  1034. f->httpstate = PARSE_HEADER;
  1035. p += 2;
  1036. remaining_record_len -= 2;
  1037. } else {
  1038. remaining_record_len = 0;
  1039. //printf("Couldn't find end of body, sending to FORFEIT_REST\n");
  1040. f->httpstate = FORFEIT_REST;
  1041. }
  1042. break;
  1043. case FORFEIT_REST:
  1044. case USE_REST:
  1045. remaining_record_len = 0;
  1046. break;
  1047. default:
  1048. break;
  1049. }
  1050. }
  1051. #ifdef DEBUG_DOWN
  1052. if(changed){
  1053. printf("Resource is now\n");
  1054. printf("Bytes:\n");
  1055. for(int i=0; i< n; i++){
  1056. printf("%02x ", record_ptr[EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
  1057. }
  1058. printf("\n");
  1059. printf("Text:\n");
  1060. printf("%s\n", record_ptr+EVP_GCM_TLS_EXPLICIT_IV_LEN);
  1061. fflush(stdout);
  1062. }
  1063. #endif
  1064. if((n = encrypt(f, record_ptr, record_ptr,
  1065. n + EVP_GCM_TLS_EXPLICIT_IV_LEN, 1, record_hdr->type,
  1066. 1, 1)) < 0){
  1067. printf("UH OH, failed to re-encrypt record\n");
  1068. if(f->partial_record_header_len > 0){
  1069. f->partial_record_header_len = 0;
  1070. free(f->partial_record_header);
  1071. }
  1072. return 0;
  1073. }
  1074. p = record_ptr + record_len;
  1075. remaining_packet_len -= record_len;
  1076. if(f->partial_record_header_len > 0){
  1077. f->partial_record_header_len = 0;
  1078. free(f->partial_record_header);
  1079. }
  1080. }
  1081. if(changed){
  1082. tcp_checksum(info);
  1083. }
  1084. return 0;
  1085. }
  1086. /** Fills a given pointer with downstream data of the specified length. If no downstream data
  1087. * exists, pads it with garbage bytes. All downstream data is accompanied by a stream id and
  1088. * lengths of both the downstream data and garbage data
  1089. *
  1090. * Inputs:
  1091. * data: a pointer to where the downstream data should be entered
  1092. * length: The length of the downstream data required
  1093. *
  1094. */
  1095. int fill_with_downstream(flow *f, uint8_t *data, int32_t length){
  1096. uint8_t *p = data;
  1097. int32_t remaining = length;
  1098. struct slitheen_header *sl_hdr;
  1099. data_queue *downstream_queue = f->downstream_queue;
  1100. client *client_ptr = f->client_ptr;
  1101. if(client_ptr == NULL) return 1;
  1102. //Fill as much as we can from the censored_queue
  1103. //Note: need enough for the header and one block of data (16 byte IV, 16 byte
  1104. // block, 16 byte MAC) = header_len + 48.
  1105. while((remaining > (SLITHEEN_HEADER_LEN + 48)) && downstream_queue != NULL && downstream_queue->first_block != NULL){
  1106. //amount of data we'll actualy fill with (16 byte IV and 16 byte MAC)
  1107. int32_t fill_amount = remaining - SLITHEEN_HEADER_LEN - 32;
  1108. fill_amount -= fill_amount % 16; //rounded down to nearest block size
  1109. sem_wait(&client_ptr->queue_lock);
  1110. queue_block *first_block = downstream_queue->first_block;
  1111. int32_t block_length = first_block->len;
  1112. int32_t offset = first_block->offset;
  1113. #ifdef DEBUG
  1114. printf("Censored queue is at %p.\n", first_block);
  1115. printf("This block has %d bytes left\n", block_length - offset);
  1116. printf("We need %d bytes\n", remaining - SLITHEEN_HEADER_LEN);
  1117. #endif
  1118. uint8_t *encrypted_data = p;
  1119. sl_hdr = (struct slitheen_header *) p;
  1120. sl_hdr->counter = ++(client_ptr->encryption_counter);
  1121. sl_hdr->stream_id = first_block->stream_id;
  1122. sl_hdr->len = 0x0000;
  1123. sl_hdr->garbage = 0x0000;
  1124. sl_hdr->zeros = 0x0000;
  1125. p += SLITHEEN_HEADER_LEN;
  1126. remaining -= SLITHEEN_HEADER_LEN;
  1127. p += 16; //iv length
  1128. remaining -= 16;
  1129. if(block_length > offset + fill_amount){
  1130. //use part of the block, update offset
  1131. memcpy(p, first_block->data+offset, fill_amount);
  1132. first_block->offset += fill_amount;
  1133. p += fill_amount;
  1134. sl_hdr->len = fill_amount;
  1135. remaining -= fill_amount;
  1136. } else {
  1137. //use all of the block and free it
  1138. memcpy(p, first_block->data+offset, block_length - offset);
  1139. free(first_block->data);
  1140. downstream_queue->first_block = first_block->next;
  1141. free(first_block);
  1142. p += (block_length - offset);
  1143. sl_hdr->len = (block_length - offset);
  1144. remaining -= (block_length - offset);
  1145. }
  1146. sem_post(&client_ptr->queue_lock);
  1147. //pad to 16 bytes if necessary
  1148. uint8_t padding = 0;
  1149. if(sl_hdr->len %16){
  1150. padding = 16 - (sl_hdr->len)%16;
  1151. memset(p, padding, padding);
  1152. remaining -= padding;
  1153. p += padding;
  1154. }
  1155. p += 16;
  1156. remaining -= 16;
  1157. //fill rest of packet with padding, if needed
  1158. if(remaining < SLITHEEN_HEADER_LEN){
  1159. RAND_bytes(p, remaining);
  1160. sl_hdr->garbage = htons(remaining);
  1161. p += remaining;
  1162. remaining -= remaining;
  1163. }
  1164. int16_t data_len = sl_hdr->len;
  1165. sl_hdr->len = htons(sl_hdr->len);
  1166. //now encrypt
  1167. super_encrypt(client_ptr, encrypted_data, data_len + padding);
  1168. #ifdef DEBUG_DOWN
  1169. printf("DWNSTRM: slitheen header: ");
  1170. for(int i=0; i< SLITHEEN_HEADER_LEN; i++){
  1171. printf("%02x ",((uint8_t *) sl_hdr)[i]);
  1172. }
  1173. printf("\n");
  1174. printf("Sending %d downstream bytes:", data_len);
  1175. for(int i=0; i< data_len+16+16; i++){
  1176. printf("%02x ", ((uint8_t *) sl_hdr)[i+SLITHEEN_HEADER_LEN]);
  1177. }
  1178. printf("\n");
  1179. #endif
  1180. }
  1181. //now, if we need more data, fill with garbage
  1182. if(remaining >= SLITHEEN_HEADER_LEN ){
  1183. sl_hdr = (struct slitheen_header *) p;
  1184. sl_hdr->counter = 0x00;
  1185. sl_hdr->stream_id = 0x00;
  1186. remaining -= SLITHEEN_HEADER_LEN;
  1187. sl_hdr->len = 0x00;
  1188. sl_hdr->garbage = htons(remaining);
  1189. sl_hdr->zeros = 0x0000;
  1190. #ifdef DEBUG_DOWN
  1191. printf("DWNSTRM: slitheen header: ");
  1192. for(int i=0; i< SLITHEEN_HEADER_LEN; i++){
  1193. printf("%02x ", p[i]);
  1194. }
  1195. printf("\n");
  1196. #endif
  1197. //encrypt slitheen header
  1198. super_encrypt(client_ptr, p, 0);
  1199. p += SLITHEEN_HEADER_LEN;
  1200. RAND_bytes(p, remaining);
  1201. } else if(remaining > 0){
  1202. //fill with random data
  1203. RAND_bytes(p, remaining);
  1204. }
  1205. return 0;
  1206. }
  1207. /** Computes the TCP checksum of the data according to RFC 793
  1208. * sum all 16-bit words in the segment, pad the last word if
  1209. * needed
  1210. *
  1211. * there is a pseudo-header prefixed to the segment and
  1212. * included in the checksum:
  1213. *
  1214. * +--------+--------+--------+--------+
  1215. * | Source Address |
  1216. * +--------+--------+--------+--------+
  1217. * | Destination Address |
  1218. * +--------+--------+--------+--------+
  1219. * | zero | PTCL | TCP Length |
  1220. * +--------+--------+--------+--------+
  1221. */
  1222. uint16_t tcp_checksum(struct packet_info *info){
  1223. uint16_t tcp_length = info->app_data_len + info->size_tcp_hdr;
  1224. struct in_addr src = info->ip_hdr->src;
  1225. struct in_addr dst = info->ip_hdr->dst;
  1226. uint8_t proto = IPPROTO_TCP;
  1227. //set the checksum to zero
  1228. info->tcp_hdr->chksum = 0;
  1229. //sum pseudoheader
  1230. uint32_t sum = (ntohl(src.s_addr)) >> 16;
  1231. sum += (ntohl(src.s_addr)) &0xFFFF;
  1232. sum += (ntohl(dst.s_addr)) >> 16;
  1233. sum += (ntohl(dst.s_addr)) & 0xFFFF;
  1234. sum += proto;
  1235. sum += tcp_length;
  1236. //sum tcp header (with zero-d checksum)
  1237. uint8_t *p = (uint8_t *) info->tcp_hdr;
  1238. for(int i=0; i < info->size_tcp_hdr; i+=2){
  1239. sum += (uint16_t) ((p[i] << 8) + p[i+1]);
  1240. }
  1241. //now sum the application data
  1242. p = info->app_data;
  1243. for(int i=0; i< info->app_data_len-1; i+=2){
  1244. sum += (uint16_t) ((p[i] << 8) + p[i+1]);
  1245. }
  1246. if(info->app_data_len %2 != 0){
  1247. sum += (uint16_t) (p[info->app_data_len - 1]) << 8;
  1248. }
  1249. //now add most significant to last significant bits
  1250. sum = (sum >> 16) + (sum & 0xFFFF);
  1251. sum += sum >>16;
  1252. //now subtract from 0xFF
  1253. sum = 0xFFFF - sum;
  1254. //set chksum to calculated value
  1255. info->tcp_hdr->chksum = ntohs(sum);
  1256. return (uint16_t) sum;
  1257. }