mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2025-07-06 07:44:57 +03:00
v4.07-9448-rtm
This commit is contained in:
@ -116,7 +116,7 @@
|
||||
#define TAG_END "end"
|
||||
#define TAG_ROOT "root"
|
||||
|
||||
#define TAG_CPYRIGHT "\xef\xbb\xbf# Software Configuration File\r\n# \r\n# You can edit this file when the program is not working.\r\n# \r\n"
|
||||
#define TAG_CPYRIGHT "\xef\xbb\xbf# Software Configuration File\r\n# ---------------------------\r\n# \r\n# You may edit this file when the VPN Server / Client / Bridge program is not running.\r\n# \r\n# In prior to edit this file manually by your text editor,\r\n# shutdown the VPN Server / Client / Bridge background service.\r\n# Otherwise, all changes will be lost.\r\n# \r\n"
|
||||
#define TAG_BINARY "SEVPN_DB"
|
||||
|
||||
// Data type
|
||||
|
@ -126,6 +126,8 @@
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <Mayaqua/Mayaqua.h>
|
||||
|
||||
#ifdef USE_INTEL_AESNI_LIBRARY
|
||||
@ -1149,13 +1151,13 @@ void GetAllNameFromA(char *str, UINT size, X *x)
|
||||
// Get the all name strings from NAME
|
||||
void GetAllNameFromName(wchar_t *str, UINT size, NAME *name)
|
||||
{
|
||||
UniStrCpy(str, size, L"");
|
||||
// Validate arguments
|
||||
if (str == NULL || name == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
UniStrCpy(str, size, L"");
|
||||
if (name->CommonName != NULL)
|
||||
{
|
||||
UniFormat(str, size, L"%sCN=%s, ", str, name->CommonName);
|
||||
@ -1896,6 +1898,7 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
|
||||
UINT64 notBefore, notAfter;
|
||||
ASN1_TIME *t1, *t2;
|
||||
X509_NAME *subject_name, *issuer_name;
|
||||
X509_EXTENSION *ex = NULL;
|
||||
// Validate arguments
|
||||
if (pub == NULL || name == NULL || priv == NULL)
|
||||
{
|
||||
@ -1981,6 +1984,11 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
|
||||
s->length = serial->size;
|
||||
}
|
||||
|
||||
// Extensions
|
||||
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
|
||||
X509_add_ext(x509, ex, -1);
|
||||
X509_EXTENSION_free(ex);
|
||||
|
||||
Lock(openssl_lock);
|
||||
{
|
||||
// Set the public key
|
||||
@ -2663,6 +2671,10 @@ bool RsaGen(K **priv, K **pub, UINT bit)
|
||||
|
||||
// Confirm whether the certificate X is signed by the issuer of the certificate x_issuer
|
||||
bool CheckX(X *x, X *x_issuer)
|
||||
{
|
||||
return CheckXEx(x, x_issuer, false, false);
|
||||
}
|
||||
bool CheckXEx(X *x, X *x_issuer, bool check_name, bool check_date)
|
||||
{
|
||||
K *k;
|
||||
bool ret;
|
||||
@ -2679,6 +2691,26 @@ bool CheckX(X *x, X *x_issuer)
|
||||
}
|
||||
|
||||
ret = CheckSignature(x, k);
|
||||
|
||||
if (ret)
|
||||
{
|
||||
if (check_name)
|
||||
{
|
||||
if (CompareName(x->issuer_name, x_issuer->subject_name) == false)
|
||||
{
|
||||
ret = false;
|
||||
}
|
||||
}
|
||||
|
||||
if (check_date)
|
||||
{
|
||||
if (CheckXDateNow(x_issuer) == false)
|
||||
{
|
||||
ret = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
FreeK(k);
|
||||
|
||||
return ret;
|
||||
@ -3680,6 +3712,43 @@ X *X509ToX(X509 *x509)
|
||||
}
|
||||
}
|
||||
|
||||
// Check whether there is basic constraints
|
||||
if (X509_get_ext_by_NID(x509, NID_basic_constraints, -1) != -1)
|
||||
{
|
||||
x->has_basic_constraints = true;
|
||||
}
|
||||
|
||||
// Get the "Certification Authority Issuer" (1.3.6.1.5.5.7.48.2) field value
|
||||
if (x->root_cert == false)
|
||||
{
|
||||
AUTHORITY_INFO_ACCESS *ads = (AUTHORITY_INFO_ACCESS *)X509_get_ext_d2i(x509, NID_info_access, NULL, NULL);
|
||||
|
||||
if (ads != NULL)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++)
|
||||
{
|
||||
ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(ads, i);
|
||||
if (ad != NULL)
|
||||
{
|
||||
if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location->type == GEN_URI)
|
||||
{
|
||||
char *uri = (char *)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier);
|
||||
|
||||
if (IsEmptyStr(uri) == false)
|
||||
{
|
||||
StrCpy(x->issuer_url, sizeof(x->issuer_url), uri);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
AUTHORITY_INFO_ACCESS_free(ads);
|
||||
}
|
||||
}
|
||||
|
||||
// Get the Serial Number
|
||||
x->serial = NewXSerial(x509->cert_info->serialNumber->data,
|
||||
x509->cert_info->serialNumber->length);
|
||||
|
@ -197,6 +197,8 @@ struct X
|
||||
bool do_not_free;
|
||||
bool is_compatible_bit;
|
||||
UINT bits;
|
||||
bool has_basic_constraints;
|
||||
char issuer_url[256];
|
||||
};
|
||||
|
||||
// Key
|
||||
@ -339,6 +341,7 @@ K *GetKFromX(X *x);
|
||||
bool CheckSignature(X *x, K *k);
|
||||
X *X509ToX(X509 *x509);
|
||||
bool CheckX(X *x, X *x_issuer);
|
||||
bool CheckXEx(X *x, X *x_issuer, bool check_name, bool check_date);
|
||||
bool Asn1TimeToSystem(SYSTEMTIME *s, void *asn1_time);
|
||||
bool StrToSystem(SYSTEMTIME *s, char *str);
|
||||
UINT64 Asn1TimeToUINT64(void *asn1_time);
|
||||
|
@ -485,6 +485,7 @@ typedef struct ICMP_RESULT ICMP_RESULT;
|
||||
typedef struct SSL_PIPE SSL_PIPE;
|
||||
typedef struct SSL_BIO SSL_BIO;
|
||||
typedef struct RUDP_STACK RUDP_STACK;
|
||||
typedef struct RUDP_SOURCE_IP RUDP_SOURCE_IP;
|
||||
typedef struct RUDP_SESSION RUDP_SESSION;
|
||||
typedef struct RUDP_SEGMENT RUDP_SEGMENT;
|
||||
typedef struct CONNECT_TCP_RUDP_PARAM CONNECT_TCP_RUDP_PARAM;
|
||||
|
@ -2005,6 +2005,41 @@ int CompareInt64(void *p1, void *p2)
|
||||
return COMPARE_RET(*v1, *v2);
|
||||
}
|
||||
|
||||
// Randomize the contents of the list
|
||||
void RandomizeList(LIST *o)
|
||||
{
|
||||
LIST *o2;
|
||||
UINT i;
|
||||
// Validate arguments
|
||||
if (o == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
o2 = NewListFast(NULL);
|
||||
|
||||
while (LIST_NUM(o) != 0)
|
||||
{
|
||||
UINT num = LIST_NUM(o);
|
||||
UINT i = Rand32() % num;
|
||||
void *p = LIST_DATA(o, i);
|
||||
|
||||
Add(o2, p);
|
||||
Delete(o, p);
|
||||
}
|
||||
|
||||
DeleteAll(o);
|
||||
|
||||
for (i = 0;i < LIST_NUM(o2);i++)
|
||||
{
|
||||
void *p = LIST_DATA(o2, i);
|
||||
|
||||
Add(o, p);
|
||||
}
|
||||
|
||||
ReleaseList(o2);
|
||||
}
|
||||
|
||||
// Add an integer to the list
|
||||
void AddInt(LIST *o, UINT i)
|
||||
{
|
||||
|
@ -387,6 +387,7 @@ void InsertInt(LIST *o, UINT i);
|
||||
void InsertInt64(LIST *o, UINT64 i);
|
||||
void InsertIntDistinct(LIST *o, UINT i);
|
||||
void InsertInt64Distinct(LIST *o, UINT64 i);
|
||||
void RandomizeList(LIST *o);
|
||||
|
||||
void *GetNext(QUEUE *q);
|
||||
void *GetNextWithLock(QUEUE *q);
|
||||
|
@ -225,6 +225,7 @@ static UINT rand_port_numbers[256] = {0};
|
||||
|
||||
|
||||
static bool g_use_privateip_file = false;
|
||||
static bool g_source_ip_validation_force_disable = false;
|
||||
|
||||
typedef struct PRIVATE_IP_SUBNET
|
||||
{
|
||||
@ -1537,6 +1538,17 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
|
||||
// Save the IP address and port number at the time of registration
|
||||
PackGetStr(p, "your_ip_and_port", r->NatT_Registered_IPAndPort, sizeof(r->NatT_Registered_IPAndPort));
|
||||
|
||||
if (g_source_ip_validation_force_disable == false)
|
||||
{
|
||||
// Enable the source IP address validation mechanism
|
||||
r->NatT_EnableSourceIpValidation = PackGetBool(p, "enable_source_ip_validation");
|
||||
}
|
||||
else
|
||||
{
|
||||
// Force disable the source IP address validation mechanism
|
||||
r->NatT_EnableSourceIpValidation = false;
|
||||
}
|
||||
|
||||
// Global port of itself
|
||||
my_global_port = PackGetInt(p, "your_port");
|
||||
|
||||
@ -1569,6 +1581,11 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
|
||||
UCHAR *rand_data;
|
||||
UINT rand_size;
|
||||
|
||||
if (r->NatT_EnableSourceIpValidation)
|
||||
{
|
||||
RUDPAddIpToValidateList(r, &client_ip);
|
||||
}
|
||||
|
||||
rand_size = Rand32() % 19;
|
||||
rand_data = Malloc(rand_size);
|
||||
|
||||
@ -1588,6 +1605,12 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
|
||||
FreeBuf(b);
|
||||
}
|
||||
|
||||
// Set the flag of the source IP address validation function
|
||||
void RUDPSetSourceIpValidationForceDisable(bool b)
|
||||
{
|
||||
g_source_ip_validation_force_disable = b;
|
||||
}
|
||||
|
||||
// Process such as packet transmission for NAT-T server
|
||||
void RUDPDo_NatT_Interrupt(RUDP_STACK *r)
|
||||
{
|
||||
@ -1826,6 +1849,11 @@ void RUDPRecvProc(RUDP_STACK *r, UDPPACKET *p)
|
||||
// Entire number of sessions exceeds the limit
|
||||
ok = false;
|
||||
}
|
||||
else if (r->NatT_EnableSourceIpValidation && RUDPIsIpInValidateList(r, &p->SrcIP) == false)
|
||||
{
|
||||
// Invalid source IP address, which is not registered on the validated source IP address list
|
||||
ok = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
UINT i;
|
||||
@ -1942,6 +1970,138 @@ void RUDPRecvProc(RUDP_STACK *r, UDPPACKET *p)
|
||||
}
|
||||
}
|
||||
|
||||
// Check whether the specificed IP address is in the validated source IP address list
|
||||
bool RUDPIsIpInValidateList(RUDP_STACK *r, IP *ip)
|
||||
{
|
||||
UINT i;
|
||||
UINT64 now = Tick64();
|
||||
LIST *o = NULL;
|
||||
bool ret = false;
|
||||
// Validate arguments
|
||||
if (r == NULL || ip == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
|
||||
{
|
||||
RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
|
||||
|
||||
if (s->ExpiresTick <= now)
|
||||
{
|
||||
if (o == NULL)
|
||||
{
|
||||
o = NewListFast(NULL);
|
||||
}
|
||||
|
||||
Add(o, s);
|
||||
}
|
||||
}
|
||||
|
||||
if (o != NULL)
|
||||
{
|
||||
for (i = 0;i < LIST_NUM(o);i++)
|
||||
{
|
||||
RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(o, i);
|
||||
|
||||
Delete(r->NatT_SourceIpList, s);
|
||||
|
||||
Free(s);
|
||||
}
|
||||
|
||||
ReleaseList(o);
|
||||
}
|
||||
|
||||
for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
|
||||
{
|
||||
RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
|
||||
|
||||
if (CmpIpAddr(&s->ClientIP, ip) == 0)
|
||||
{
|
||||
ret = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
Debug("RUDP: NAT-T: Validate IP: %r, ret=%u (current list len = %u)\n", ip, ret, LIST_NUM(r->NatT_SourceIpList));
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Add an IP address to the validated source IP address list
|
||||
void RUDPAddIpToValidateList(RUDP_STACK *r, IP *ip)
|
||||
{
|
||||
UINT i;
|
||||
RUDP_SOURCE_IP *sip;
|
||||
UINT64 now = Tick64();
|
||||
LIST *o = NULL;
|
||||
// Validate arguments
|
||||
if (r == NULL || ip == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (LIST_NUM(r->NatT_SourceIpList) >= RUDP_MAX_VALIDATED_SOURCE_IP_ADDRESSES)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
|
||||
{
|
||||
RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
|
||||
|
||||
if (s->ExpiresTick <= now)
|
||||
{
|
||||
if (o == NULL)
|
||||
{
|
||||
o = NewListFast(NULL);
|
||||
}
|
||||
|
||||
Add(o, s);
|
||||
}
|
||||
}
|
||||
|
||||
if (o != NULL)
|
||||
{
|
||||
for (i = 0;i < LIST_NUM(o);i++)
|
||||
{
|
||||
RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(o, i);
|
||||
|
||||
Delete(r->NatT_SourceIpList, s);
|
||||
|
||||
Free(s);
|
||||
}
|
||||
|
||||
ReleaseList(o);
|
||||
}
|
||||
|
||||
sip = NULL;
|
||||
|
||||
for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
|
||||
{
|
||||
RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
|
||||
|
||||
if (CmpIpAddr(&s->ClientIP, ip) == 0)
|
||||
{
|
||||
sip = s;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (sip == NULL)
|
||||
{
|
||||
sip = ZeroMalloc(sizeof(RUDP_SOURCE_IP));
|
||||
|
||||
Copy(&sip->ClientIP, ip, sizeof(IP));
|
||||
|
||||
Add(r->NatT_SourceIpList, sip);
|
||||
}
|
||||
|
||||
sip->ExpiresTick = now + (UINT64)RUDP_VALIDATED_SOURCE_IP_ADDRESS_EXPIRES;
|
||||
|
||||
Debug("RUDP: NAT-T: Src IP added: %r (current list len = %u)\n", ip, LIST_NUM(r->NatT_SourceIpList));
|
||||
}
|
||||
|
||||
// R-UDP interrupt processing procedure
|
||||
void RUDPInterruptProc(RUDP_STACK *r)
|
||||
{
|
||||
@ -4759,6 +4919,7 @@ SOCK *NewRUDPClientNatT(char *svc_name, IP *ip, UINT *error_code, UINT timeout,
|
||||
UINT result_port;
|
||||
SOCK *ret = NULL;
|
||||
UINT num_tries = 0;
|
||||
UINT64 current_cookie = 0;
|
||||
|
||||
AddInterrupt(interrupt, giveup_tick);
|
||||
|
||||
@ -4832,6 +4993,12 @@ LABEL_TIMEOUT:
|
||||
|
||||
if (p != NULL)
|
||||
{
|
||||
UINT64 cookie = PackGetInt64(p, "cookie");
|
||||
if (cookie != 0)
|
||||
{
|
||||
current_cookie = cookie;
|
||||
}
|
||||
|
||||
// Compare tran_id
|
||||
if (PackGetInt64(p, "tran_id") == tran_id)
|
||||
{
|
||||
@ -4901,6 +5068,7 @@ LABEL_TIMEOUT:
|
||||
PackAddInt64(p, "tran_id", tran_id);
|
||||
IPToStr(ip_str, sizeof(ip_str), ip);
|
||||
PackAddStr(p, "dest_ip", ip_str);
|
||||
PackAddInt64(p, "cookie", current_cookie);
|
||||
if (IsEmptyStr(hint_str) == false)
|
||||
{
|
||||
PackAddStr(p, "hint", hint_str);
|
||||
@ -5194,6 +5362,8 @@ RUDP_STACK *NewRUDP(bool server_mode, char *svc_name, RUDP_STACK_INTERRUPTS_PROC
|
||||
r->NewSockQueue = NewQueue();
|
||||
r->NatT_TranId = Rand64();
|
||||
|
||||
r->NatT_SourceIpList = NewListFast(NULL);
|
||||
|
||||
StrCpy(tmp, sizeof(tmp), r->SvcName);
|
||||
Trim(tmp);
|
||||
StrLower(tmp);
|
||||
@ -5359,6 +5529,15 @@ void FreeRUDP(RUDP_STACK *r)
|
||||
ReleaseSock(s);
|
||||
}
|
||||
|
||||
for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
|
||||
{
|
||||
RUDP_SOURCE_IP *sip = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
|
||||
|
||||
Free(sip);
|
||||
}
|
||||
|
||||
ReleaseList(r->NatT_SourceIpList);
|
||||
|
||||
ReleaseQueue(r->NewSockQueue);
|
||||
|
||||
ReleaseList(r->SendPacketList);
|
||||
@ -5559,7 +5738,7 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
|
||||
{
|
||||
SSL_PIPE *s;
|
||||
SSL *ssl;
|
||||
SSL_CTX *ssl_ctx = NewSSLCtx();
|
||||
SSL_CTX *ssl_ctx = NewSSLCtx(server_mode);
|
||||
|
||||
Lock(openssl_lock);
|
||||
{
|
||||
@ -11473,7 +11652,7 @@ UINT RecvFrom(SOCK *sock, IP *src_addr, UINT *src_port, void *data, UINT size)
|
||||
|
||||
#ifdef OS_WIN32
|
||||
if (WSAGetLastError() == WSAECONNRESET || WSAGetLastError() == WSAENETRESET || WSAGetLastError() == WSAEMSGSIZE || WSAGetLastError() == WSAENETUNREACH ||
|
||||
WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS)
|
||||
WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEADDRNOTAVAIL || WSAGetLastError() == WSAEADDRNOTAVAIL)
|
||||
{
|
||||
sock->IgnoreRecvErr = true;
|
||||
}
|
||||
@ -11553,7 +11732,7 @@ UINT RecvFrom6(SOCK *sock, IP *src_addr, UINT *src_port, void *data, UINT size)
|
||||
|
||||
#ifdef OS_WIN32
|
||||
if (WSAGetLastError() == WSAECONNRESET || WSAGetLastError() == WSAENETRESET || WSAGetLastError() == WSAEMSGSIZE || WSAGetLastError() == WSAENETUNREACH ||
|
||||
WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS)
|
||||
WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEADDRNOTAVAIL || WSAGetLastError() == WSAEADDRNOTAVAIL)
|
||||
{
|
||||
sock->IgnoreRecvErr = true;
|
||||
}
|
||||
@ -11665,7 +11844,7 @@ UINT SendToEx(SOCK *sock, IP *dest_addr, UINT dest_port, void *data, UINT size,
|
||||
|
||||
#ifdef OS_WIN32
|
||||
if (WSAGetLastError() == WSAECONNRESET || WSAGetLastError() == WSAENETRESET || WSAGetLastError() == WSAEMSGSIZE || WSAGetLastError() == WSAENETUNREACH ||
|
||||
WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEINVAL)
|
||||
WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEINVAL || WSAGetLastError() == WSAEADDRNOTAVAIL)
|
||||
{
|
||||
sock->IgnoreSendErr = true;
|
||||
}
|
||||
@ -11768,7 +11947,7 @@ UINT SendTo6Ex(SOCK *sock, IP *dest_addr, UINT dest_port, void *data, UINT size,
|
||||
|
||||
#ifdef OS_WIN32
|
||||
if (WSAGetLastError() == WSAECONNRESET || WSAGetLastError() == WSAENETRESET || WSAGetLastError() == WSAEMSGSIZE || WSAGetLastError() == WSAENETUNREACH ||
|
||||
WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEINVAL)
|
||||
WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEINVAL || WSAGetLastError() == WSAEADDRNOTAVAIL)
|
||||
{
|
||||
sock->IgnoreSendErr = true;
|
||||
}
|
||||
@ -12354,6 +12533,7 @@ bool SendAll(SOCK *sock, void *data, UINT size, bool secure)
|
||||
// Set the cipher algorithm name to want to use
|
||||
void SetWantToUseCipher(SOCK *sock, char *name)
|
||||
{
|
||||
char tmp[254];
|
||||
// Validate arguments
|
||||
if (sock == NULL || name == NULL)
|
||||
{
|
||||
@ -12364,7 +12544,13 @@ void SetWantToUseCipher(SOCK *sock, char *name)
|
||||
{
|
||||
Free(sock->WaitToUseCipher);
|
||||
}
|
||||
sock->WaitToUseCipher = CopyStr(name);
|
||||
|
||||
Zero(tmp, sizeof(tmp));
|
||||
StrCpy(tmp, sizeof(tmp), name);
|
||||
StrCat(tmp, sizeof(tmp), " ");
|
||||
StrCat(tmp, sizeof(tmp), cipher_list);
|
||||
|
||||
sock->WaitToUseCipher = CopyStr(tmp);
|
||||
}
|
||||
|
||||
// Add all the chain certificates in the chain_certs directory
|
||||
@ -12372,7 +12558,10 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx)
|
||||
{
|
||||
wchar_t dirname[MAX_SIZE];
|
||||
wchar_t exedir[MAX_SIZE];
|
||||
wchar_t txtname[MAX_SIZE];
|
||||
DIRLIST *dir;
|
||||
LIST *o;
|
||||
UINT i;
|
||||
|
||||
// Validate arguments
|
||||
if (ctx == NULL)
|
||||
@ -12380,18 +12569,25 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx)
|
||||
return;
|
||||
}
|
||||
|
||||
o = NewListFast(NULL);
|
||||
|
||||
GetExeDirW(exedir, sizeof(exedir));
|
||||
|
||||
CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs");
|
||||
|
||||
MakeDirExW(dirname);
|
||||
|
||||
CombinePathW(txtname, sizeof(txtname), dirname, L"Readme_Chain_Certs.txt");
|
||||
|
||||
if (IsFileExistsW(txtname) == false)
|
||||
{
|
||||
FileCopyW(L"|chain_certs.txt", txtname);
|
||||
}
|
||||
|
||||
dir = EnumDirW(dirname);
|
||||
|
||||
if (dir != NULL)
|
||||
{
|
||||
UINT i;
|
||||
|
||||
for (i = 0;i < dir->NumFiles;i++)
|
||||
{
|
||||
DIRENT *e = dir->File[i];
|
||||
@ -12407,7 +12603,28 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx)
|
||||
|
||||
if (x != NULL)
|
||||
{
|
||||
AddChainSslCert(ctx, x);
|
||||
UINT j;
|
||||
bool exists = false;
|
||||
UCHAR hash[SHA1_SIZE];
|
||||
|
||||
GetXDigest(x, hash, true);
|
||||
|
||||
for (j = 0;j < LIST_NUM(o);j++)
|
||||
{
|
||||
UCHAR *hash2 = LIST_DATA(o, j);
|
||||
|
||||
if (Cmp(hash, hash2, SHA1_SIZE) == 0)
|
||||
{
|
||||
exists = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (exists == false)
|
||||
{
|
||||
AddChainSslCert(ctx, x);
|
||||
|
||||
Add(o, Clone(hash, SHA1_SIZE));
|
||||
}
|
||||
|
||||
FreeX(x);
|
||||
}
|
||||
@ -12416,6 +12633,15 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx)
|
||||
|
||||
FreeDir(dir);
|
||||
}
|
||||
|
||||
for (i = 0;i < LIST_NUM(o);i++)
|
||||
{
|
||||
UCHAR *hash = LIST_DATA(o, i);
|
||||
|
||||
Free(hash);
|
||||
}
|
||||
|
||||
ReleaseList(o);
|
||||
}
|
||||
|
||||
// Add the chain certificate
|
||||
@ -12503,7 +12729,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
||||
return true;
|
||||
}
|
||||
|
||||
ssl_ctx = NewSSLCtx();
|
||||
ssl_ctx = NewSSLCtx(sock->ServerMode);
|
||||
|
||||
Lock(openssl_lock);
|
||||
{
|
||||
@ -16964,7 +17190,7 @@ void UnlockDnsCache()
|
||||
}
|
||||
|
||||
// Create the SSL_CTX
|
||||
struct ssl_ctx_st *NewSSLCtx()
|
||||
struct ssl_ctx_st *NewSSLCtx(bool server_mode)
|
||||
{
|
||||
struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
|
||||
|
||||
@ -16972,6 +17198,13 @@ struct ssl_ctx_st *NewSSLCtx()
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
|
||||
#endif // SSL_OP_NO_TICKET
|
||||
|
||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
||||
if (server_mode)
|
||||
{
|
||||
SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
}
|
||||
#endif // SSL_OP_CIPHER_SERVER_PREFERENCE
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
|
@ -780,6 +780,16 @@ typedef bool (RUDP_STACK_RPC_RECV_PROC)(RUDP_STACK *r, UDPPACKET *p);
|
||||
// Minimum time to wait for a trial to connect by ICMP and DNS in case failing to connect by TCP
|
||||
#define SOCK_CONNECT_WAIT_FOR_ICMP_AND_DNS_AT_LEAST 5000
|
||||
|
||||
#define RUDP_MAX_VALIDATED_SOURCE_IP_ADDRESSES 512
|
||||
#define RUDP_VALIDATED_SOURCE_IP_ADDRESS_EXPIRES (RUDP_TIMEOUT * 2)
|
||||
|
||||
// Validated Source IP Addresses for R-UDP
|
||||
struct RUDP_SOURCE_IP
|
||||
{
|
||||
UINT64 ExpiresTick; // Expires
|
||||
IP ClientIP; // Client IP address
|
||||
};
|
||||
|
||||
// R-UDP stack
|
||||
struct RUDP_STACK
|
||||
{
|
||||
@ -832,6 +842,8 @@ struct RUDP_STACK
|
||||
UINT LastDDnsFqdnHash; // DNS FQDN hash value when last checked
|
||||
volatile UINT *NatTGlobalUdpPort; // NAT-T global UDP port
|
||||
UCHAR RandPortId; // Random UDP port ID
|
||||
bool NatT_EnableSourceIpValidation; // Enable the source IP address validation mechanism
|
||||
LIST *NatT_SourceIpList; // Authenticated source IP adddress list
|
||||
|
||||
// For Client
|
||||
bool TargetIpAndPortInited; // The target IP address and the port number are initialized
|
||||
@ -926,7 +938,7 @@ struct HTTP_HEADER
|
||||
};
|
||||
|
||||
// HTTPS server / client related string constant
|
||||
#define DEFAULT_USER_AGENT "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
|
||||
#define DEFAULT_USER_AGENT "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0"
|
||||
#define DEFAULT_ACCEPT "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-powerpoint, application/vnd.ms-excel, */*"
|
||||
#define DEFAULT_ENCODING "gzip, deflate"
|
||||
#define HTTP_CONTENT_TYPE "text/html; charset=iso-8859-1"
|
||||
@ -1061,6 +1073,9 @@ bool RUDPProcessBulkRecvPacket(RUDP_STACK *r, RUDP_SESSION *se, void *recv_data,
|
||||
UINT RUDPCalcBestMssForBulk(RUDP_STACK *r, RUDP_SESSION *se);
|
||||
bool IsIPLocalHostOrMySelf(IP *ip);
|
||||
UINT RUDPGetRandPortNumber(UCHAR rand_port_id);
|
||||
void RUDPSetSourceIpValidationForceDisable(bool b);
|
||||
bool RUDPIsIpInValidateList(RUDP_STACK *r, IP *ip);
|
||||
void RUDPAddIpToValidateList(RUDP_STACK *r, IP *ip);
|
||||
|
||||
bool GetBestLocalIpForTarget(IP *local_ip, IP *target_ip);
|
||||
SOCK *NewUDP4ForSpecificIp(IP *target_ip, UINT port);
|
||||
@ -1558,7 +1573,7 @@ bool IsMacAddressLocalInner(LIST *o, void *addr);
|
||||
bool IsMacAddressLocalFast(void *addr);
|
||||
void RefreshLocalMacAddressList();
|
||||
|
||||
struct ssl_ctx_st *NewSSLCtx();
|
||||
struct ssl_ctx_st *NewSSLCtx(bool server_mode);
|
||||
void FreeSSLCtx(struct ssl_ctx_st *ctx);
|
||||
|
||||
void SetCurrentDDnsFqdn(char *name);
|
||||
|
@ -1409,11 +1409,11 @@ bool LoadTableMain(wchar_t *filename)
|
||||
|
||||
SaveUnicodeCache(filename, b->Size, hash);
|
||||
|
||||
Debug("Unicode Source: strtable.stb\n");
|
||||
//Debug("Unicode Source: strtable.stb\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
Debug("Unicode Source: unicode_cache\n");
|
||||
//Debug("Unicode Source: unicode_cache\n");
|
||||
}
|
||||
|
||||
FreeBuf(b);
|
||||
@ -1434,7 +1434,7 @@ bool LoadTableMain(wchar_t *filename)
|
||||
return false;
|
||||
}
|
||||
|
||||
Debug("Unicode File Read Cost: %u (%u Lines)\n", (UINT)(t2 - t1), LIST_NUM(TableList));
|
||||
//Debug("Unicode File Read Cost: %u (%u Lines)\n", (UINT)(t2 - t1), LIST_NUM(TableList));
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -1813,12 +1813,13 @@ PKT *ParsePacketEx4(UCHAR *buf, UINT size, bool no_l3, UINT vlan_type_id, bool b
|
||||
if (no_http == false)
|
||||
{
|
||||
USHORT port_raw = Endian16(80);
|
||||
USHORT port_raw2 = Endian16(8080);
|
||||
|
||||
// Analyze if the packet is a part of HTTP
|
||||
if ((p->TypeL3 == L3_IPV4 || p->TypeL3 == L3_IPV6) && p->TypeL4 == L4_TCP)
|
||||
{
|
||||
TCP_HEADER *tcp = p->L4.TCPHeader;
|
||||
if (tcp->DstPort == port_raw)
|
||||
if (tcp->DstPort == port_raw || tcp->DstPort == port_raw2)
|
||||
{
|
||||
if (tcp != NULL && (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
|
||||
{
|
||||
|
Reference in New Issue
Block a user