tcpproxy.c

Go to the documentation of this file.

/* TCP Proxy server.
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <assert.h>
#include <string.h>
#include <libgen.h>
#include <linux/netfilter.h>
#include "libipq.h"
#include <linux/ip.h>
#include <arpa/inet.h>
#include <signal.h>
#include <pthread.h>

#include "misc.h"
#include "tcp.h"
#include "scheduler.h"
#include "tcptimer.h"
#include "tcpproxy.h"

#define IPQ_BUF_SIZE 10240

/*----------------------------------------------------------------------
 * Global variables
 *----------------------------------------------------------------------
 */
static struct ipq_handle *qh;   /* IP packet queue handle. */
static __u32 mob_ip;            /* IP address of mobile host.*/
static pthread_t sched_thread;  /* Scheduler thread. */
static pthread_t timer_thread;  /* TCP timer thread. */

volatile sig_atomic_t request_exit = 0;  /* Flag to request exit. */
pthread_t main_thread;                   /* Main thread. */

/*----------------------------------------------------------------------
 * alloc_packet_data -  allocates data for a packet.
 *----------------------------------------------------------------------
 */
inline Tpacket_data *alloc_packet_data(ipq_packet_msg_t *p)
{
    Tpacket_data *pd;
    pd = (Tpacket_data*) xmalloc(sizeof(Tpacket_data));
    pd->payload = (unsigned char*) xmalloc(p->data_len);
    
    /* Copy data into packet_data structure. */
    memcpy(&pd->ipq_pm, p, sizeof(ipq_packet_msg_t));
    memcpy(pd->payload, p->payload, p->data_len);
    pd->ip = (struct iphdr*) pd->payload;
    pd->trans.hdr = (pd->payload + (pd->ip->ihl*4));

    return pd;
}

/*----------------------------------------------------------------------
 * dealloc_packet_data -  deallocates data for a packet.
 *----------------------------------------------------------------------
 */
inline void dealloc_packet_data(Tpacket_data *pd)
{
    assert(pd != NULL);
    xfree(pd->payload);
    xfree(pd);
}

/*----------------------------------------------------------------------
 * ip_chksum -  computes checksum for ip header
 *              takes ipq_packet_msg and length of header in 16 bit words
 *              when called on a packet that contains a checksum, will
 *              return zero if the checksum is valid, nonzero otherwise.
 *----------------------------------------------------------------------
 */
unsigned short ip_chksum(ipq_packet_msg_t *p, unsigned int words)
{
    unsigned short *buf = (unsigned short*)p->payload;
    unsigned long chksum;
    
    for(chksum=0; words>0; words--)
        chksum += *buf++;

    chksum = (chksum >> 16) + (chksum & 0xffff);  /* Add carry. */
    chksum += (chksum >> 16);                     /* And again. */
    chksum = ~chksum & 0xffff;  /* Take ones complement and mask off high bits. */

    return chksum;
}


/*----------------------------------------------------------------------
 * handle_icmp -  handles ICMP packets.
 *----------------------------------------------------------------------
 */
int handle_icmp(Tpacket_data *pd)
{
    queue_hipri(pd);
    return 0;
}

/*----------------------------------------------------------------------
 * handle_other -  handles packets that aren't ICMP or TCP (e.g. UDP).
 *----------------------------------------------------------------------
 */
int handle_other(Tpacket_data *pd) 
{
    queue_lowpri(pd);
    return 0;
}

/*----------------------------------------------------------------------
 * handle_packet -  handle basic (IP) packets; calls other protocol
 *                  specific handlers.
 *----------------------------------------------------------------------
 */
int handle_packet(ipq_packet_msg_t *p)
{
    Tpacket_data *pd;
    struct iphdr *ip;
    int ret;
    
    if(p->data_len == 0) {
        EPRINT("handle_packet: message does not contain any data.\n");
        return -1;
    }
    
    ip = (struct iphdr*) p->payload;
    if(p->data_len < ip->ihl*4) {
        IPRINT("handle_packet: ip hlen value too big for packet length: %d\n", ip->ihl);
        return -1;
    }

    if(p->data_len != ntohs(ip->tot_len)) {
        IPRINT("handle_packet: ip packet has incorrect length field: %d\n",
               ntohs(ip->tot_len));
        return -1;
    }

    /* The kernel may throw away packets with bad IP checksums before they get to us,
     * but we'll check it too, just to make sure.
     */
    if(ip_chksum(p, ip->ihl*2)) {
        DPRINT("handle_packet: bad ip checksum: %u\n", ntohs(ip->check));
        return -1;
    }

    pd = alloc_packet_data(p);
    
    if(DEBUG) {
        int frag = ntohs(pd->ip->frag_off);
        IPRINT("\n");
        /*IPRINT("id: %lu, mark: %lu, timestamp: %ld, indev: %s, datalen: %d\n",
          pd->ipq_pm.packet_id, pd->ipq_pm.mark, pd->ipq_pm.timestamp_sec,
          pd->ipq_pm.indev_name, pd->ipq_pm.data_len);*/
        IPRINT("ip ver: %u, ihl: %u, tos: %u, id: %u, ttl: %u, frag: %c%c%c %u\n",
               pd->ip->version, pd->ip->ihl, pd->ip->tos, pd->ip->id,
               pd->ip->ttl, (frag&0x80?'R':'.'), (frag&0x4000?'D':'.'),
               (frag&0x2000?'M':'.'), (frag&0x1fff));
        IPRINT("ip len: %u, proto: %u, ", ntohs(pd->ip->tot_len), pd->ip->protocol);
        IPRINT("%s->", inet_ntoa(*(struct in_addr*)&(pd->ip->saddr)));
        IPRINT("%s\n", inet_ntoa(*(struct in_addr*)&(pd->ip->daddr)));
    }

    if(pd->ip->version != 4) {
        EPRINT("handle_packet: error: packet not IPv4.\n");
        exit(EXIT_ERR_WRONG_IP_VER);
    }
    
    /* Determine direction of packet. */

    if(pd->ip->daddr == mob_ip) {
        pd->dir = PACKET_DIR_IN;
    } else if(pd->ip->saddr == mob_ip) {
        pd->dir = PACKET_DIR_OUT;
    } else {
        EPRINT("handle_packet: neither src nor dst correspond to mobile ip - allowing through.\n");
        dealloc_packet_data(pd);
        ret = ipq_set_verdict(qh, p->packet_id, NF_ACCEPT, 0, 0);
        if (ret < 0) {
            EPRINT("handle_packet: error setting ipq verdict.\n");
            ipq_perror("handle_packet");
        }    
        return -1;
    }

    switch(pd->ip->protocol)
    {
    case 1: /* ICMP */
        handle_icmp(pd);
        break;
    case 6: /* TCP */
        handle_tcp(pd);
        break;
    default: /* The rest. */
        handle_other(pd);
        break;
    }

    ret = ipq_set_verdict(qh, p->packet_id, NF_DROP, 0, 0);

    if (ret < 0) {
        EPRINT("handle_packet: error setting ipq verdict.\n");
        ipq_perror("handle_packet");
    }    
    return 0;
}

/*----------------------------------------------------------------------
 * cleanup -  stop threads, and destroy ipq handle.
 *----------------------------------------------------------------------
 */
void cleanup ()
{
    IPRINT("Quiting.\n");

    if(!request_exit)
        request_exit = 1;

    pthread_cancel(timer_thread);
    pthread_cancel(sched_thread);

    if(ipq_destroy_handle(qh) == -1) {
        EPRINT("cleanup: error destroying ipq handle.\n");
        ipq_perror("cleanup");
        exit(EXIT_ERR_IPQ_DESTROY_HANDLE);      
    }
}

/*----------------------------------------------------------------------
 * signal_handler -  signal handing function
 *----------------------------------------------------------------------
 */
void signal_handler (int signum)
{
    //DPRINT("signal_handler: entered.\n");
    
    switch(signum)
    {
    case SIGTERM:
        DPRINT("\nReceived SIGTERM\n");
        break;
    case SIGINT:
        DPRINT("\nReceived SIGINT\n");
        break;
    case SIGHUP:
        DPRINT("\nReceived SIGHUP\n");
        break;
    default:
        EPRINT("\nsignal_handler: invalid signal received");
        break;
    }

    exit(request_exit);  /* Exit with return value from request_exit. */
}

/*----------------------------------------------------------------------
 * main -  starts everything rolling.
 *----------------------------------------------------------------------
 */
int main(int argc, const char* argv[])
{
    struct sigaction sact, soldact;
    pthread_attr_t thread_attr;
    /* Array of signums, last element must be zero. */
    int sigs [] = { SIGTERM, SIGINT, SIGHUP, 0};
    int i;
    char buf[IPQ_BUF_SIZE];
    ssize_t len;
    int mtype;
    int error;
    ipq_packet_msg_t *packet;
    struct in_addr mob_addr;

    main_thread = pthread_self();

    if(argc != 2) {
        printf("Invalid number of arguments.\n");
        printf("Usage: %s mobile_ip\n", argv[0]);
        exit(EXIT_ERR_USAGE);
    }

    if(inet_aton(argv[1], &mob_addr) == 0) {
        printf("Bad mobile IP address: %s\n", argv[1]);
        exit(EXIT_ERR_BAD_MOBILE_IP);
    }
    mob_ip = mob_addr.s_addr;
    DPRINT("main: starting proxy for mobile host '%s'.\n", argv[1]);

    if(pthread_attr_init(&thread_attr) ||
       pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED)) {
        EPRINT("main: error setting pthread attr.\n");
        exit(EXIT_ERR_PTHREAD_ATTR);
    }

    if(sigemptyset(&sact.sa_mask)) {
        EPRINT("main: error calling segemptyset.\n");
    }
    for(i=0; sigs[i] != 0; i++) {
        if(sigaddset(&sact.sa_mask, sigs[i])) {
            EPRINT("main: error calling segaddset.\n");     
        }
    }

    sact.sa_handler = signal_handler;
    sact.sa_flags = 0;

    for(i=0; sigs[i]; i++) {
        if(sigaction(sigs[i], &sact, &soldact)) {
            EPRINT("main: error setting signal handler.\n");
            exit(EXIT_ERR_SET_SIG_HANDLER);
        } else if(soldact.sa_handler == SIG_IGN) {
            sigaction(sigs[i], &soldact, NULL);
        }
    }
    
    //if(fork()) exit(0);

    qh = ipq_create_handle(0, PF_INET);
    if(!qh) {
        EPRINT("main: error creating netlink handle.\n");
        ipq_perror("main");
        exit(EXIT_ERR_IPQ_CREATE_HANDLE);
    }

    if(ipq_set_mode(qh, IPQ_COPY_PACKET, IPQ_BUF_SIZE) < 0) {
        EPRINT("main: error setting netlink mode.\n");
        ipq_perror("main");
        exit(EXIT_ERR_IPQ_SET_MODE);
    }

    atexit(cleanup);

    init_sched();
    atexit(cleanup_sched);
    init_timer();
    atexit(cleanup_timer);
    init_tcp();
    atexit(cleanup_tcp);

    if(pthread_create(&sched_thread, NULL, (void*)scheduler, &sact.sa_mask)) {
        EPRINT("main: error creating scheduler thread.\n");
        perror("main");
        exit(EXIT_ERR_CREATE_THREAD);
    }

    if(pthread_create(&timer_thread, NULL, (void*)tcp_timer, &sact.sa_mask)) {
        EPRINT("main: error creating TCP timer thread.\n");
        perror("main");
        exit(EXIT_ERR_CREATE_THREAD);
    }

    DPRINT("main: ready to receive packets.\n");

    while (!request_exit) {
        /* Perform blocking read from queue. */
        len = ipq_read(qh, buf, IPQ_BUF_SIZE, 0);
        //DPRINT("ipq_read len=%d\n", len);
        
        if(len <= 0) {
            EPRINT("main: error returned from ipq_read.\n");
            ipq_perror("main");
            //exit(EXIT_ERR_IPQ_READ);
        } else {
            mtype = ipq_message_type(buf);
            switch(mtype)
            {
            case IPQM_PACKET:
                packet = ipq_get_packet(buf);
                handle_packet(packet);
                break;
            case NLMSG_ERROR:
                error = ipq_get_msgerr(buf);
                //EPRINT("main: error reading packet: %s\n",
                        //Rajiv strerror_r[error]);
                exit(EXIT_ERR_IPQ_ERR_MESSAGE);
                break;
            default:
                EPRINT("main: invalid message type received.\n");
                exit(EXIT_ERR_IPQ_MESSAGE_TYPE);
                break;
            }
        }
    }

    exit(0);
}

---