AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-03-09 17:59:19 +03:00
Code Releases Activity

Compare commits

base: AMajor:copilot/add-ikev2-support-ipsec-vpn
Branches Tags
AMajor:master AMajor:copilot/add-ikev2-support-ipsec-vpn AMajor:copilot/fix-vpn-server-access-issue AMajor:copilot/add-windows-arm64-docs AMajor:copilot/fix-false-positive-detection AMajor:dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/js-yaml-3.14.2
AMajor:5.2.5188 AMajor:5.02.5187 AMajor:5.02.5186 AMajor:5.02.5185 AMajor:5.02.5184 AMajor:5.02.5183 AMajor:5.02.5182 AMajor:5.02.5181 AMajor:5.02.5180 AMajor:5.02.0 AMajor:5.01.9674 AMajor:5.01.9673 AMajor:5.01.9672 AMajor:5.01.9671 AMajor:5.01.9670 AMajor:5.01.9669 AMajor:5.01.9668 AMajor:5.01.9667 AMajor:5.01.9666 AMajor:5.01.9665 AMajor:5.01.9664 AMajor:5.01.9663 AMajor:5.01.9662 AMajor:5.01.9661 AMajor:5.01.9660 AMajor:5.01.9659 AMajor:5.01.9658
..
compare: AMajor:7c7933302686a4ea95cc89b2137443aedb57949a
Branches Tags
AMajor:master AMajor:copilot/add-ikev2-support-ipsec-vpn AMajor:copilot/fix-vpn-server-access-issue AMajor:copilot/add-windows-arm64-docs AMajor:copilot/fix-false-positive-detection AMajor:dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/js-yaml-3.14.2
AMajor:5.2.5188 AMajor:5.02.5187 AMajor:5.02.5186 AMajor:5.02.5185 AMajor:5.02.5184 AMajor:5.02.5183 AMajor:5.02.5182 AMajor:5.02.5181 AMajor:5.02.5180 AMajor:5.02.0 AMajor:5.01.9674 AMajor:5.01.9673 AMajor:5.01.9672 AMajor:5.01.9671 AMajor:5.01.9670 AMajor:5.01.9669 AMajor:5.01.9668 AMajor:5.01.9667 AMajor:5.01.9666 AMajor:5.01.9665 AMajor:5.01.9664 AMajor:5.01.9663 AMajor:5.01.9662 AMajor:5.01.9661 AMajor:5.01.9660 AMajor:5.01.9659 AMajor:5.01.9658

12 Commits
copilot/ad ... 7c79333026

Author SHA1 Message Date
Ilya Shipitsin
7c79333026 Merge pull request #2244 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/minimatch-3.1.5 
Build(deps-dev): Bump minimatch from 3.1.2 to 3.1.5 in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package
 2026-03-01 10:57:57 +01:00
dependabot[bot]
3f372db86d Build(deps-dev): Bump minimatch 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-01 08:53:11 +00:00
Ilya Shipitsin
068330b24b Merge pull request #2243 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/minimatch-3.1.5 
Build(deps-dev): Bump minimatch from 3.1.2 to 3.1.5 in /src/bin/hamcore/wwwroot/admin/default
 2026-02-28 08:01:29 +01:00
dependabot[bot]
a0d16dd2e8 Build(deps-dev): Bump minimatch 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-28 03:36:52 +00:00
Ilya Shipitsin
9a42563bbc Merge pull request #2211 from synqa/add-ci-for-sanitizer 
Add CI for Sanitizer
 2026-02-23 15:11:01 +01:00
synqa
7d86756e72 Add CI for Sanitizer 
Added Address/Leak/Thread/Undefined Behavior Sanitizer to the CI
workflow. Summary reports are displayed in the Job Summary, while full
logs are available via GitHub Artifacts. Initial verification is
handled by vpntools-check.sh.
 2026-02-23 21:51:08 +09:00
Ilya Shipitsin
e247cf0513 Merge pull request #2241 from synqa/suppress-tsan-accept-disconnect 
Suppress Thread Sanitizer for Accept and Disconnect
 2026-02-23 13:46:16 +01:00
synqa
a247e3ecdc Suppress Thread Sanitizer for Accept and Disconnect 
Thread Sanitizer reports two data races on CancelAccept and
CallingThread in SOCK, shared between Accept(Accept6) and Disconnect.
These are used when interrupting an Accept operation from a Disconnect.
These races are benign because they work correctly even if both fields
have old values.
 2026-02-23 21:32:26 +09:00
Ilya Shipitsin
61b920f957 Merge pull request #2239 from synqa/add-comment-unix-lock 
Add comment for UnixLock
 2026-02-21 15:36:51 +01:00
Ilya Shipitsin
290f125abc Merge pull request #2240 from synqa/suppress-tsan-threadpoolproc 
Suppress Thread Sanitizer for ThreadPoolProc
 2026-02-21 15:35:56 +01:00
synqa
93bf90ba95 Add comment for UnixLock 
The Lock/Unlock mechanism on Unix is a manual, hand-coded implementation
of PTHREAD_MUTEX_RECURSIVE. We avoid using the PTHREAD_MUTEX_RECURSIVE
directly because it exhibits critical bugs, such as deadlocks on
certain older systems(Linux, Solaris, or macOS).
followup #2219
 2026-02-21 21:15:56 +09:00
synqa
5b356616a7 Suppress Thread Sanitizer for ThreadPoolProc 
Thread Sanitizer reports data races on PoolHalting in THREAD, shared
between ThreadPoolProc and WaitThread. But if WaitThread reads false,
synchronization is ensured by Wait from the PoolWaitList. If it reads
true, WaitThread simply returns.
 2026-02-21 20:26:39 +09:00
11 changed files with 425 additions and 2776 deletions
Expand all files Collapse all files

80
.github/workflows/sanitizer.yml vendored Normal file
View File

@ -0,0 +1,80 @@
name: Sanitizer
on: [push, pull_request]
permissions:
contents: read
jobs:
run_sanitizer:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sanitizer:
- "address,leak,undefined"
- "thread,undefined"
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install dependencies
run: |
sudo apt update
sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev
- name: Build
run: |
mkdir build
cd build
cmake -G "Ninja" -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS="-O1 -fsanitize=${{ matrix.sanitizer }} -fno-omit-frame-pointer" ..
cmake --build .
- name: Test
env:
ASAN_OPTIONS: halt_on_error=0:exitcode=0
TSAN_OPTIONS: halt_on_error=0:exitcode=0:suppressions=./tsan_suppressions.txt
UBSAN_OPTIONS: halt_on_error=0:exitcode=0
LSAN_OPTIONS: exitcode=0
run: |
.ci/vpntools-check.sh 2> sanitizer.log
- name: Make job summary
run: |
echo "### Sanitizer Report (${{ matrix.sanitizer }})" >> $GITHUB_STEP_SUMMARY
REPORTS=$(grep -E "SUMMARY:|runtime error:" sanitizer.log | sort | uniq)
REPORT_COUNT=$(echo "$REPORTS" | grep -c . || true)
echo "Found $REPORT_COUNT issues" >> $GITHUB_STEP_SUMMARY
echo "<details><summary>View Summary</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "$REPORTS" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
if [ "$REPORT_COUNT" -ne 0 ]; then
echo "HAS_ISSUES=true" >> $GITHUB_ENV
echo "REPORT_COUNT=$REPORT_COUNT" >> $GITHUB_ENV
fi
- name: Upload full sanitizer log
if: env.HAS_ISSUES == 'true'
uses: actions/upload-artifact@v4
with:
name: sanitizer-logs-${{ matrix.sanitizer }}
path: |
sanitizer.log
retention-days: 30
- name: Fail on sanitizer issues
if: env.HAS_ISSUES == 'true'
run: |
echo "Found ${{ env.REPORT_COUNT }} issues."
echo "Please check the Job Summary page for a quick overview."
echo "Full logs are available in the GitHub Artifacts."
exit 1

6
.gitignore vendored
View File

@ -210,9 +210,3 @@ developer_tools/stbchecker/**/*.binlog
developer_tools/stbchecker/**/*.nvuser
developer_tools/stbchecker/**/.mfractor/
/vcpkg_installed
# Build directories
/_codeql_build_dir/
/_codeql_detected_source_root
/build/
/build_test/

370
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package-lock.json generated
View File

@ -1,430 +1,552 @@
{
"name": "vpnrpc",
"version": "1.0.1",
"lockfileVersion": 1,
"lockfileVersion": 3,
"requires": true,
"dependencies": {
"@babel/code-frame": {
"packages": {
"": {
"version": "1.0.1",
"license": "Apache-2.0",
"devDependencies": {
"@types/node": "^12.0.2",
"ts-loader": "^9.4.2",
"tslint": "^5.16.0",
"typescript": "^3.4.5"
}
},
"node_modules/@babel/code-frame": {
"version": "7.0.0",
"resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.0.0.tgz",
"integrity": "sha512-OfC2uemaknXr87bdLUkWog7nYuliM9Ij5HUcajsVcMCpQrcLmtxRbVFTIqmcSkSeYRBFBRxs2FiUqFJDLdiebA==",
"dev": true,
"requires": {
"dependencies": {
"@babel/highlight": "^7.0.0"
}
},
"@babel/highlight": {
"node_modules/@babel/highlight": {
"version": "7.0.0",
"resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.0.0.tgz",
"integrity": "sha512-UFMC4ZeFC48Tpvj7C8UgLvtkaUuovQX+5xNWrsIoMG8o2z+XFKjKaN9iVmS84dPwVN00W4wPmqvYoZF3EGAsfw==",
"dev": true,
"requires": {
"dependencies": {
"chalk": "^2.0.0",
"esutils": "^2.0.2",
"js-tokens": "^4.0.0"
}
},
"@types/node": {
"node_modules/@types/node": {
"version": "12.0.2",
"resolved": "https://registry.npmjs.org/@types/node/-/node-12.0.2.tgz",
"integrity": "sha512-5tabW/i+9mhrfEOUcLDu2xBPsHJ+X5Orqy9FKpale3SjDA17j5AEpYq5vfy3oAeAHGcvANRCO3NV3d2D6q3NiA==",
"dev": true
},
"ansi-styles": {
"node_modules/ansi-styles": {
"version": "3.2.1",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
"integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
"dev": true,
"requires": {
"dependencies": {
"color-convert": "^1.9.0"
},
"engines": {
"node": ">=4"
}
},
"argparse": {
"node_modules/argparse": {
"version": "1.0.10",
"resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
"integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
"dev": true,
"requires": {
"dependencies": {
"sprintf-js": "~1.0.2"
}
},
"balanced-match": {
"node_modules/balanced-match": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
"integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
"dev": true
},
"brace-expansion": {
"node_modules/brace-expansion": {
"version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
"dev": true,
"requires": {
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"braces": {
"node_modules/braces": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"requires": {
"dependencies": {
"fill-range": "^7.1.1"
},
"dependencies": {
"fill-range": {
"engines": {
"node": ">=8"
}
},
"node_modules/braces/node_modules/fill-range": {
"version": "7.1.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"requires": {
"dependencies": {
"to-regex-range": "^5.0.1"
}
}
},
"engines": {
"node": ">=8"
}
},
"builtin-modules": {
"node_modules/builtin-modules": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz",
"integrity": "sha1-Jw8HbFpywC9bZaR9+Uxf46J4iS8=",
"dev": true
"dev": true,
"engines": {
"node": ">=0.10.0"
}
},
"chalk": {
"node_modules/chalk": {
"version": "2.4.2",
"resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
"integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
"dev": true,
"requires": {
"dependencies": {
"ansi-styles": "^3.2.1",
"escape-string-regexp": "^1.0.5",
"supports-color": "^5.3.0"
},
"engines": {
"node": ">=4"
}
},
"color-convert": {
"node_modules/color-convert": {
"version": "1.9.3",
"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
"integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
"dev": true,
"requires": {
"dependencies": {
"color-name": "1.1.3"
}
},
"color-name": {
"node_modules/color-name": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
"integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
"dev": true
},
"commander": {
"node_modules/commander": {
"version": "2.20.0",
"resolved": "https://registry.npmjs.org/commander/-/commander-2.20.0.tgz",
"integrity": "sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ==",
"dev": true
},
"concat-map": {
"node_modules/concat-map": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
"integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
"dev": true
},
"diff": {
"node_modules/diff": {
"version": "3.5.0",
"resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz",
"integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==",
"dev": true
"dev": true,
"engines": {
"node": ">=0.3.1"
}
},
"enhanced-resolve": {
"node_modules/enhanced-resolve": {
"version": "5.12.0",
"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.12.0.tgz",
"integrity": "sha512-QHTXI/sZQmko1cbDoNAa3mJ5qhWUUNAq3vR0/YiD379fWQrcfuoX1+HW2S0MTt7XmoPLapdaDKUtelUSPic7hQ==",
"dev": true,
"requires": {
"dependencies": {
"graceful-fs": "^4.2.4",
"tapable": "^2.2.0"
},
"engines": {
"node": ">=10.13.0"
}
},
"escape-string-regexp": {
"node_modules/escape-string-regexp": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
"dev": true
"dev": true,
"engines": {
"node": ">=0.8.0"
}
},
"esprima": {
"node_modules/esprima": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
"integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
"dev": true
"dev": true,
"bin": {
"esparse": "bin/esparse.js",
"esvalidate": "bin/esvalidate.js"
},
"esutils": {
"engines": {
"node": ">=4"
}
},
"node_modules/esutils": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz",
"integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
"dev": true
"dev": true,
"engines": {
"node": ">=0.10.0"
}
},
"fs.realpath": {
"node_modules/fs.realpath": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
"integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
"dev": true
},
"glob": {
"node_modules/glob": {
"version": "7.1.4",
"resolved": "https://registry.npmjs.org/glob/-/glob-7.1.4.tgz",
"integrity": "sha512-hkLPepehmnKk41pUGm3sYxoFs/umurYfYJCerbXEyFIWcAzvpipAgVkBqqT9RBKMGjnq6kMuyYwha6csxbiM1A==",
"deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
"dev": true,
"requires": {
"dependencies": {
"fs.realpath": "^1.0.0",
"inflight": "^1.0.4",
"inherits": "2",
"minimatch": "^3.0.4",
"once": "^1.3.0",
"path-is-absolute": "^1.0.0"
},
"engines": {
"node": "*"
}
},
"graceful-fs": {
"node_modules/graceful-fs": {
"version": "4.2.10",
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
"integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==",
"dev": true
},
"has-flag": {
"node_modules/has-flag": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
"integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
"dev": true
"dev": true,
"engines": {
"node": ">=4"
}
},
"inflight": {
"node_modules/inflight": {
"version": "1.0.6",
"resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
"integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
"deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.",
"dev": true,
"requires": {
"dependencies": {
"once": "^1.3.0",
"wrappy": "1"
}
},
"inherits": {
"node_modules/inherits": {
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
"integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=",
"dev": true
},
"is-number": {
"node_modules/is-number": {
"version": "7.0.0",
"resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
"integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
"dev": true
"dev": true,
"engines": {
"node": ">=0.12.0"
}
},
"js-tokens": {
"node_modules/js-tokens": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
"integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
"dev": true
},
"js-yaml": {
"node_modules/js-yaml": {
"version": "3.13.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
"integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
"dev": true,
"requires": {
"dependencies": {
"argparse": "^1.0.7",
"esprima": "^4.0.0"
},
"bin": {
"js-yaml": "bin/js-yaml.js"
}
},
"lru-cache": {
"node_modules/lru-cache": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
"dev": true,
"requires": {
"dependencies": {
"yallist": "^4.0.0"
},
"engines": {
"node": ">=10"
}
},
"micromatch": {
"node_modules/micromatch": {
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dev": true,
"requires": {
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
},
"engines": {
"node": ">=8.6"
}
},
"minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"node_modules/minimatch": {
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
"engines": {
"node": "*"
}
},
"minimist": {
"node_modules/minimist": {
"version": "1.2.7",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz",
"integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==",
"dev": true
"dev": true,
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"mkdirp": {
"node_modules/mkdirp": {
"version": "0.5.6",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
"integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
"dev": true,
"requires": {
"dependencies": {
"minimist": "^1.2.6"
},
"bin": {
"mkdirp": "bin/cmd.js"
}
},
"once": {
"node_modules/once": {
"version": "1.4.0",
"resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
"integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
"dev": true,
"requires": {
"dependencies": {
"wrappy": "1"
}
},
"path-is-absolute": {
"node_modules/path-is-absolute": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
"integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
"dev": true
"dev": true,
"engines": {
"node": ">=0.10.0"
}
},
"path-parse": {
"node_modules/path-parse": {
"version": "1.0.7",
"resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
"integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
"dev": true
},
"picomatch": {
"node_modules/picomatch": {
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
"dev": true
"dev": true,
"engines": {
"node": ">=8.6"
},
"resolve": {
"funding": {
"url": "https://github.com/sponsors/jonschlinkert"
}
},
"node_modules/resolve": {
"version": "1.11.0",
"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.11.0.tgz",
"integrity": "sha512-WL2pBDjqT6pGUNSUzMw00o4T7If+z4H2x3Gz893WoUQ5KW8Vr9txp00ykiP16VBaZF5+j/OcXJHZ9+PCvdiDKw==",
"dev": true,
"requires": {
"dependencies": {
"path-parse": "^1.0.6"
}
},
"semver": {
"node_modules/semver": {
"version": "7.3.8",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
"integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
"dev": true,
"requires": {
"dependencies": {
"lru-cache": "^6.0.0"
},
"bin": {
"semver": "bin/semver.js"
},
"engines": {
"node": ">=10"
}
},
"sprintf-js": {
"node_modules/sprintf-js": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
"integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
"dev": true
},
"supports-color": {
"node_modules/supports-color": {
"version": "5.5.0",
"resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
"integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
"dev": true,
"requires": {
"dependencies": {
"has-flag": "^3.0.0"
},
"engines": {
"node": ">=4"
}
},
"tapable": {
"node_modules/tapable": {
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
"integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==",
"dev": true
"dev": true,
"engines": {
"node": ">=6"
}
},
"to-regex-range": {
"node_modules/to-regex-range": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
"integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
"dev": true,
"requires": {
"dependencies": {
"is-number": "^7.0.0"
},
"engines": {
"node": ">=8.0"
}
},
"ts-loader": {
"node_modules/ts-loader": {
"version": "9.4.2",
"resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.4.2.tgz",
"integrity": "sha512-OmlC4WVmFv5I0PpaxYb+qGeGOdm5giHU7HwDDUjw59emP2UYMHy9fFSDcYgSNoH8sXcj4hGCSEhlDZ9ULeDraA==",
"dev": true,
"requires": {
"dependencies": {
"chalk": "^4.1.0",
"enhanced-resolve": "^5.0.0",
"micromatch": "^4.0.0",
"semver": "^7.3.4"
},
"dependencies": {
"ansi-styles": {
"engines": {
"node": ">=12.0.0"
},
"peerDependencies": {
"typescript": "*",
"webpack": "^5.0.0"
}
},
"node_modules/ts-loader/node_modules/ansi-styles": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"dev": true,
"requires": {
"dependencies": {
"color-convert": "^2.0.1"
},
"engines": {
"node": ">=8"
},
"funding": {
"url": "https://github.com/chalk/ansi-styles?sponsor=1"
}
},
"chalk": {
"node_modules/ts-loader/node_modules/chalk": {
"version": "4.1.2",
"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
"integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
"dev": true,
"requires": {
"dependencies": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
},
"engines": {
"node": ">=10"
},
"funding": {
"url": "https://github.com/chalk/chalk?sponsor=1"
}
},
"color-convert": {
"node_modules/ts-loader/node_modules/color-convert": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
"integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
"dev": true,
"requires": {
"dependencies": {
"color-name": "~1.1.4"
},
"engines": {
"node": ">=7.0.0"
}
},
"color-name": {
"node_modules/ts-loader/node_modules/color-name": {
"version": "1.1.4",
"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
"dev": true
},
"has-flag": {
"node_modules/ts-loader/node_modules/has-flag": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
"integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
"dev": true
"dev": true,
"engines": {
"node": ">=8"
}
},
"supports-color": {
"node_modules/ts-loader/node_modules/supports-color": {
"version": "7.2.0",
"resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
"integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
"dev": true,
"requires": {
"dependencies": {
"has-flag": "^4.0.0"
}
}
},
"engines": {
"node": ">=8"
}
},
"tslib": {
"node_modules/tslib": {
"version": "1.9.3",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-1.9.3.tgz",
"integrity": "sha512-4krF8scpejhaOgqzBEcGM7yDIEfi0/8+8zDRZhNZZ2kjmHJ4hv3zCbQWxoJGz1iw5U0Jl0nma13xzHXcncMavQ==",
"dev": true
},
"tslint": {
"node_modules/tslint": {
"version": "5.16.0",
"resolved": "https://registry.npmjs.org/tslint/-/tslint-5.16.0.tgz",
"integrity": "sha512-UxG2yNxJ5pgGwmMzPMYh/CCnCnh0HfPgtlVRDs1ykZklufFBL1ZoTlWFRz2NQjcoEiDoRp+JyT0lhBbbH/obyA==",
"dev": true,
"requires": {
"dependencies": {
"@babel/code-frame": "^7.0.0",
"builtin-modules": "^1.1.1",
"chalk": "^2.3.0",
@ -439,37 +561,57 @@
"tslib": "^1.8.0",
"tsutils": "^2.29.0"
},
"dependencies": {
"semver": {
"bin": {
"tslint": "bin/tslint"
},
"engines": {
"node": ">=4.8.0"
},
"peerDependencies": {
"typescript": ">=2.1.0 || >=2.1.0-dev || >=2.2.0-dev || >=2.3.0-dev || >=2.4.0-dev || >=2.5.0-dev || >=2.6.0-dev || >=2.7.0-dev || >=2.8.0-dev || >=2.9.0-dev || >=3.0.0-dev || >= 3.1.0-dev || >= 3.2.0-dev"
}
},
"node_modules/tslint/node_modules/semver": {
"version": "5.7.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-5.7.0.tgz",
"integrity": "sha512-Ya52jSX2u7QKghxeoFGpLwCtGlt7j0oY9DYb5apt9nPlJ42ID+ulTXESnt/qAQcoSERyZ5sl3LDIOw0nAn/5DA==",
"dev": true
}
"dev": true,
"bin": {
"semver": "bin/semver"
}
},
"tsutils": {
"node_modules/tsutils": {
"version": "2.29.0",
"resolved": "https://registry.npmjs.org/tsutils/-/tsutils-2.29.0.tgz",
"integrity": "sha512-g5JVHCIJwzfISaXpXE1qvNalca5Jwob6FjI4AoPlqMusJ6ftFE7IkkFoMhVLRgK+4Kx3gkzb8UZK5t5yTTvEmA==",
"dev": true,
"requires": {
"dependencies": {
"tslib": "^1.8.1"
},
"peerDependencies": {
"typescript": ">=2.1.0 || >=2.1.0-dev || >=2.2.0-dev || >=2.3.0-dev || >=2.4.0-dev || >=2.5.0-dev || >=2.6.0-dev || >=2.7.0-dev || >=2.8.0-dev || >=2.9.0-dev || >= 3.0.0-dev || >= 3.1.0-dev"
}
},
"typescript": {
"node_modules/typescript": {
"version": "3.4.5",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-3.4.5.tgz",
"integrity": "sha512-YycBxUb49UUhdNMU5aJ7z5Ej2XGmaIBL0x34vZ82fn3hGvD+bgrMrVDpatgz2f7YxUMJxMkbWxJZeAvDxVe7Vw==",
"dev": true
"dev": true,
"bin": {
"tsc": "bin/tsc",
"tsserver": "bin/tsserver"
},
"wrappy": {
"engines": {
"node": ">=4.2.0"
}
},
"node_modules/wrappy": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
"integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
"dev": true
},
"yallist": {
"node_modules/yallist": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",

40
src/Cedar/Proto_IKE.c
View File

@ -11,7 +11,6 @@
#include "Connection.h"
#include "Logging.h"
#include "Proto_EtherIP.h"
#include "Proto_IKEv2.h"
#include "Proto_IPsec.h"
#include "Proto_L2TP.h"
#include "Server.h"
@ -36,25 +35,7 @@ void ProcIKEPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
if (p->Type == IKE_UDP_TYPE_ISAKMP)
{
IKE_HEADER *raw_hdr;
// Check packet is large enough for the IKE header
if (p->Size < sizeof(IKE_HEADER))
{
return;
}
raw_hdr = (IKE_HEADER *)p->Data;
// Dispatch IKEv2 packets by version field
if (raw_hdr->Version == IKEv2_VERSION)
{
ProcIKEv2PacketRecv(ike, p);
return;
}
// IKEv1 / ISAKMP packet
{
// ISAKMP (IKE) packet
IKE_PACKET *header;
header = ParseIKEPacketHeader(p);
@ -63,6 +44,8 @@ void ProcIKEPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
return;
}
//Debug("InitiatorCookie: %I64u, ResponderCookie: %I64u\n", header->InitiatorCookie, header->ResponderCookie);
switch (header->ExchangeType)
{
case IKE_EXCHANGE_TYPE_MAIN: // Main mode
@ -87,7 +70,6 @@ void ProcIKEPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
IkeFree(header);
}
}
else if (p->Type == IKE_UDP_TYPE_ESP)
{
// ESP packet
@ -5663,9 +5645,6 @@ void ProcessIKEInterrupts(IKE_SERVER *ike)
}
while (ike->StateHasChanged);
// IKEv2 interrupt processing
ProcessIKEv2Interrupts(ike);
// Maintenance of the thread list
MaintainThreadList(ike->ThreadList);
/*Debug("ike->ThreadList: %u\n", LIST_NUM(ike->ThreadList));
@ -5844,17 +5823,6 @@ void FreeIKEServer(IKE_SERVER *ike)
ReleaseList(ike->ClientList);
// Free IKEv2 SAs
{
UINT j;
for (j = 0; j < LIST_NUM(ike->IKEv2SaList); j++)
{
IKEv2_SA *sa2 = LIST_DATA(ike->IKEv2SaList, j);
IKEv2FreeSA(ike, sa2);
}
}
ReleaseList(ike->IKEv2SaList);
ReleaseSockEvent(ike->SockEvent);
IPsecLog(ike, NULL, NULL, NULL, "LI_STOP");
@ -5901,8 +5869,6 @@ IKE_SERVER *NewIKEServer(CEDAR *cedar, IPSEC_SERVER *ipsec)
ike->ThreadList = NewThreadList();
ike->IKEv2SaList = NewList(CmpIKEv2SA);
IPsecLog(ike, NULL, NULL, NULL, "LI_START");
return ike;

4
src/Cedar/Proto_IKE.h
View File

@ -268,10 +268,6 @@ struct IKE_SERVER
// Setting data
char Secret[MAX_SIZE]; // Pre-shared key
// IKEv2 state
LIST *IKEv2SaList; // IKEv2 SA list
UINT CurrentIKEv2SaId; // IKEv2 SA ID counter
};

2245
src/Cedar/Proto_IKEv2.c
View File

File diff suppressed because it is too large Load Diff

292
src/Cedar/Proto_IKEv2.h
View File

@ -1,292 +0,0 @@
// SoftEther VPN Source Code - Developer Edition Master Branch
// Cedar Communication Module
// Proto_IKEv2.h
// Header for IKEv2 (RFC 7296) implementation
#ifndef PROTO_IKEV2_H
#define PROTO_IKEV2_H
#include "Proto_IKE.h"
#include "Proto_IkePacket.h"
//// IKEv2 Header Flags (RFC 7296 Section 3.1)
#define IKEv2_FLAG_RESPONSE 0x20
#define IKEv2_FLAG_VERSION 0x10
#define IKEv2_FLAG_INITIATOR 0x08
//// IKEv2 Payload Types (RFC 7296 Section 3.3)
#define IKEv2_PAYLOAD_NONE 0
#define IKEv2_PAYLOAD_SA 33
#define IKEv2_PAYLOAD_KE 34
#define IKEv2_PAYLOAD_IDi 35
#define IKEv2_PAYLOAD_IDr 36
#define IKEv2_PAYLOAD_CERT 37
#define IKEv2_PAYLOAD_CERTREQ 38
#define IKEv2_PAYLOAD_AUTH 39
#define IKEv2_PAYLOAD_NONCE 40
#define IKEv2_PAYLOAD_NOTIFY 41
#define IKEv2_PAYLOAD_DELETE 42
#define IKEv2_PAYLOAD_VENDOR 43
#define IKEv2_PAYLOAD_TSi 44
#define IKEv2_PAYLOAD_TSr 45
#define IKEv2_PAYLOAD_SK 46
#define IKEv2_PAYLOAD_CP 47
#define IKEv2_PAYLOAD_EAP 48
//// IKEv2 Transform Types
#define IKEv2_TF_ENCR 1
#define IKEv2_TF_PRF 2
#define IKEv2_TF_INTEG 3
#define IKEv2_TF_DH 4
#define IKEv2_TF_ESN 5
//// IKEv2 Encryption Algorithm IDs
#define IKEv2_ENCR_3DES 3
#define IKEv2_ENCR_AES_CBC 12
//// IKEv2 PRF Algorithm IDs
#define IKEv2_PRF_HMAC_MD5 1
#define IKEv2_PRF_HMAC_SHA1 2
#define IKEv2_PRF_HMAC_SHA2_256 5
#define IKEv2_PRF_HMAC_SHA2_384 6
#define IKEv2_PRF_HMAC_SHA2_512 7
//// IKEv2 Integrity Algorithm IDs
#define IKEv2_INTEG_HMAC_MD5_96 1 // key=16, icv=12
#define IKEv2_INTEG_HMAC_SHA1_96 2 // key=20, icv=12
#define IKEv2_INTEG_HMAC_SHA2_256_128 12 // key=32, icv=16
#define IKEv2_INTEG_HMAC_SHA2_384_192 13 // key=48, icv=24
#define IKEv2_INTEG_HMAC_SHA2_512_256 14 // key=64, icv=32
//// IKEv2 DH Groups (same wire values as IKEv1)
#define IKEv2_DH_1024_MODP 2
#define IKEv2_DH_1536_MODP 5
#define IKEv2_DH_2048_MODP 14
#define IKEv2_DH_3072_MODP 15
#define IKEv2_DH_4096_MODP 16
//// IKEv2 ESN Values
#define IKEv2_ESN_NO_ESN 0
#define IKEv2_ESN_YES 1
//// IKEv2 Notify Message Types (error types < 16384)
#define IKEv2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD 1
#define IKEv2_NOTIFY_INVALID_IKE_SPI 4
#define IKEv2_NOTIFY_INVALID_MAJOR_VERSION 5
#define IKEv2_NOTIFY_INVALID_SYNTAX 7
#define IKEv2_NOTIFY_INVALID_MESSAGE_ID 9
#define IKEv2_NOTIFY_INVALID_SPI 11
#define IKEv2_NOTIFY_NO_PROPOSAL_CHOSEN 14
#define IKEv2_NOTIFY_INVALID_KE_PAYLOAD 17
#define IKEv2_NOTIFY_AUTHENTICATION_FAILED 24
#define IKEv2_NOTIFY_TS_UNACCEPTABLE 38
//// IKEv2 Notify status types (>= 16384)
#define IKEv2_NOTIFY_NAT_DETECTION_SOURCE_IP 16388
#define IKEv2_NOTIFY_NAT_DETECTION_DESTINATION_IP 16389
#define IKEv2_NOTIFY_USE_TRANSPORT_MODE 16391
#define IKEv2_NOTIFY_ESP_TFC_PADDING_NOT_SUPPORTED 16394
//// IKEv2 ID Types
#define IKEv2_ID_IPV4_ADDR 1
#define IKEv2_ID_FQDN 2
#define IKEv2_ID_RFC822_ADDR 3
#define IKEv2_ID_IPV6_ADDR 5
#define IKEv2_ID_KEY_ID 11
//// IKEv2 Authentication Methods
#define IKEv2_AUTH_RSA_SIGN 1
#define IKEv2_AUTH_PSK 2
//// IKEv2 Traffic Selector Types
#define IKEv2_TS_IPV4_ADDR_RANGE 7
#define IKEv2_TS_IPV6_ADDR_RANGE 8
//// IKEv2 Protocol IDs
#define IKEv2_PROTO_IKE 1
#define IKEv2_PROTO_AH 2
#define IKEv2_PROTO_ESP 3
//// SA states
#define IKEv2_SA_STATE_HALF_OPEN 0
#define IKEv2_SA_STATE_ESTABLISHED 1
//// Sizes and limits
#define IKEv2_MAX_KEYMAT_SIZE 128
#define IKEv2_NONCE_SIZE 32
#define IKEv2_NONCE_MIN_SIZE 16
#define IKEv2_NONCE_MAX_SIZE 256
#define IKEv2_PSK_PAD "Key Pad for IKEv2"
#define IKEv2_PSK_PAD_LEN 17
//// Timeouts
#define IKEv2_SA_TIMEOUT_HALF_OPEN 30000
#define IKEv2_SA_TIMEOUT_ESTABLISHED (86400ULL * 1000)
#define IKEv2_SA_RESEND_INTERVAL 2000
#define IKEv2_CHILD_SA_LIFETIME_SECS 3600
//// Structures
// Negotiated IKE SA transform parameters
struct IKEv2_IKETF
{
UINT EncrAlg; // Encryption algorithm
UINT EncrKeyLen; // Encryption key length (bytes)
UINT PrfAlg; // PRF algorithm
UINT IntegAlg; // Integrity algorithm
UINT DhGroup; // DH group number
UINT BlockSize; // Cipher block size (bytes)
UINT PrfKeyLen; // PRF key length (bytes)
UINT PrfOutLen; // PRF output length (bytes)
UINT IntegKeyLen; // Integrity key length (bytes)
UINT IntegIcvLen; // Integrity ICV length (bytes)
};
typedef struct IKEv2_IKETF IKEv2_IKETF;
// Negotiated Child SA transform parameters
struct IKEv2_CHILDTF
{
UINT EncrAlg; // Encryption algorithm
UINT EncrKeyLen; // Encryption key length (bytes)
UINT IntegAlg; // Integrity algorithm
UINT IntegKeyLen; // Integrity key length (bytes)
UINT IntegIcvLen; // Integrity ICV length (bytes)
UINT DhGroup; // DH group (0 if none)
bool UseTransport; // True = transport mode
UINT BlockSize; // Cipher block size
};
typedef struct IKEv2_CHILDTF IKEv2_CHILDTF;
// IKEv2 SA (one per IKEv2 connection attempt)
struct IKEv2_SA
{
UINT Id;
UINT64 InitiatorSPI;
UINT64 ResponderSPI;
IP ClientIP;
UINT ClientPort;
IP ServerIP;
UINT ServerPort;
bool IsNatT;
UINT State;
bool Deleting;
UINT64 FirstCommTick;
UINT64 LastCommTick;
IKEv2_IKETF Transform;
// Nonces
BUF *Ni;
BUF *Nr;
// DH
DH_CTX *Dh;
BUF *GxI; // initiator KE value
BUF *GxR; // responder KE value (our public key)
// Derived IKE SA keys (max 64 bytes each)
UCHAR SK_d [IKEv2_MAX_KEYMAT_SIZE];
UCHAR SK_ai[IKEv2_MAX_KEYMAT_SIZE];
UCHAR SK_ar[IKEv2_MAX_KEYMAT_SIZE];
UCHAR SK_ei[IKEv2_MAX_KEYMAT_SIZE];
UCHAR SK_er[IKEv2_MAX_KEYMAT_SIZE];
UCHAR SK_pi[IKEv2_MAX_KEYMAT_SIZE];
UCHAR SK_pr[IKEv2_MAX_KEYMAT_SIZE];
// Crypto key objects for SK payload
IKE_CRYPTO_KEY *EncKeyI; // key for SK_ei (decrypt received)
IKE_CRYPTO_KEY *EncKeyR; // key for SK_er (encrypt sent)
// Original IKE_SA_INIT messages for AUTH
BUF *InitMsg; // IKE_SA_INIT request (from initiator)
BUF *RespMsg; // IKE_SA_INIT response (from us)
// Initiator identity from IKE_AUTH
UCHAR IDi_Type;
BUF *IDi_Data;
// Responder identity (from initiator's optional IDr payload, echoed back)
UCHAR IDr_Type;
BUF *IDr_Data;
// Message ID tracking
UINT NextExpectedMsgId;
// Retransmission: cache last response
BUF *LastResponse;
UINT LastRespMsgId;
UINT64 LastRespTick;
UINT NumResends;
// Pointer to IKEv1 IKE_CLIENT created after AUTH
IKE_CLIENT *IkeClient;
};
typedef struct IKEv2_SA IKEv2_SA;
//// Function prototypes
void ProcIKEv2PacketRecv(IKE_SERVER *ike, UDPPACKET *p);
void ProcessIKEv2Interrupts(IKE_SERVER *ike);
IKEv2_SA *IKEv2NewSA(IKE_SERVER *ike);
void IKEv2FreeSA(IKE_SERVER *ike, IKEv2_SA *sa);
void IKEv2MarkDeleting(IKE_SERVER *ike, IKEv2_SA *sa);
void IKEv2PurgeDeleting(IKE_SERVER *ike);
IKEv2_SA *IKEv2FindByInitSPI(IKE_SERVER *ike, UINT64 init_spi, IP *client_ip, UINT client_port);
IKEv2_SA *IKEv2FindBySPIPair(IKE_SERVER *ike, UINT64 init_spi, UINT64 resp_spi);
int CmpIKEv2SA(void *p1, void *p2);
void IKEv2ProcSAInit(IKE_SERVER *ike, UDPPACKET *p, IKE_HEADER *hdr);
void IKEv2ProcAuth(IKE_SERVER *ike, UDPPACKET *p, IKE_HEADER *hdr, IKEv2_SA *sa,
void *payload_data, UINT payload_size, UCHAR first_payload);
void IKEv2ProcInformational(IKE_SERVER *ike, UDPPACKET *p, IKE_HEADER *hdr, IKEv2_SA *sa,
void *payload_data, UINT payload_size);
bool IKEv2DeriveKeys(IKE_SERVER *ike, IKEv2_SA *sa);
void IKEv2PRF(UINT prf_alg, void *key, UINT key_len,
void *data, UINT data_len, void *out);
void IKEv2PRFPlus(UINT prf_alg, void *key, UINT key_len,
void *seed, UINT seed_len, void *out, UINT out_len);
bool IKEv2VerifyAuth(IKE_SERVER *ike, IKEv2_SA *sa,
UCHAR auth_method, void *auth_data, UINT auth_len);
void IKEv2ComputeOurAuth(IKE_SERVER *ike, IKEv2_SA *sa, void *out, UINT *out_len);
bool IKEv2CreateChildSAForClient(IKE_SERVER *ike, IKEv2_SA *sa,
IKEv2_CHILDTF *ctf, UINT spi_i, UINT spi_r,
BUF *ni, BUF *nr);
bool IKEv2ParseSAProposalIKE(void *data, UINT size, IKEv2_IKETF *out);
bool IKEv2ParseSAProposalChild(void *data, UINT size, IKEv2_CHILDTF *out, UINT *out_spi_i);
UINT IKEv2BuildSAProposalIKE(IKEv2_SA *sa, void *buf, UINT buf_size);
UINT IKEv2BuildSAProposalChild(IKEv2_CHILDTF *ctf, UINT spi_r, void *buf, UINT buf_size);
void IKEv2SendResponse(IKE_SERVER *ike, IKEv2_SA *sa, IKE_HEADER *req_hdr,
UCHAR exchange_type, void *payloads, UINT payloads_size,
bool encrypt);
void IKEv2SendNotifyError(IKE_SERVER *ike, UDPPACKET *p, IKE_HEADER *hdr,
UINT64 resp_spi, USHORT notify_type);
BUF *IKEv2EncryptSK(IKE_SERVER *ike, IKEv2_SA *sa, UCHAR next_payload,
void *inner, UINT inner_size);
BUF *IKEv2DecryptSK(IKE_SERVER *ike, IKEv2_SA *sa, bool is_init_sending,
void *sk_data, UINT sk_size);
UINT IKEv2PrfKeyLen(UINT prf_alg);
UINT IKEv2PrfOutLen(UINT prf_alg);
UINT IKEv2IntegKeyLen(UINT integ_alg);
UINT IKEv2IntegIcvLen(UINT integ_alg);
UINT IKEv2EncrKeyLen(UINT encr_alg, UINT requested);
UINT IKEv2EncrBlockSize(UINT encr_alg);
IKE_HASH *IKEv2GetHashForPrf(IKE_SERVER *ike, UINT prf_alg);
IKE_HASH *IKEv2GetHashForInteg(IKE_SERVER *ike, UINT integ_alg);
IKE_CRYPTO *IKEv2GetCrypto(IKE_SERVER *ike, UINT encr_alg);
IKE_DH *IKEv2GetDh(IKE_SERVER *ike, UINT dh_group);
#endif // PROTO_IKEV2_H

9
src/Mayaqua/TcpIp.h
View File

@ -651,15 +651,6 @@ struct IKE_HEADER
#define IKE_EXCHANGE_TYPE_INFORMATION 5 // Information exchange
#define IKE_EXCHANGE_TYPE_QUICK 32 // Quick mode
// IKEv2 version identifier (in the Version field of IKE_HEADER)
#define IKEv2_VERSION 0x20 // 2.0
// IKEv2 exchange types (RFC 7296)
#define IKEv2_EXCHANGE_IKE_SA_INIT 34
#define IKEv2_EXCHANGE_IKE_AUTH 35
#define IKEv2_EXCHANGE_CREATE_CHILD_SA 36
#define IKEv2_EXCHANGE_INFORMATIONAL 37
// DHCPv4 data
struct DHCPV4_DATA
{

2
src/Mayaqua/Unix.c
View File

@ -1849,6 +1849,8 @@ void UnixUnlockEx(LOCK *lock, bool inner)
}
// Lock
// Recursive locking is implemented manually instead of using PTHREAD_MUTEX_RECURSIVE.
// See: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2219
bool UnixLock(LOCK *lock)
{
pthread_mutex_t *mutex;

7
src/bin/hamcore/wwwroot/admin/default/package-lock.json generated
View File

@ -1203,10 +1203,11 @@
}
},
"node_modules/minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},

14
tsan_suppressions.txt
View File

@ -17,6 +17,20 @@ race_top:BindConnectThreadForIPv4
race_top:BindConnectThreadForIPv6
race_top:BindConnectEx5
# Thread Sanitizer reports data races on PoolHalting in THREAD, shared between ThreadPoolProc and WaitThread.
# But if WaitThread reads false, synchronization is ensured by Wait from the PoolWaitList. If it reads true,
# WaitThread simply returns.
race_top:ThreadPoolProc
## Accept/Disconnect cancellation
# Thread Sanitizer reports two data races on CancelAccept and CallingThread in SOCK, shared between
# Accept(Accept6) and Disconnect. These are used when interrupting an Accept operation from a Disconnect.
# They are race-safe because they work correctly even if both fields have old values.
race_top:^Accept$
race_top:^Accept6$
race_top:^Disconnect$
## Manual PTHREAD_MUTEX_RECURSIVE
# The Lock/Unlock mechanism on Unix is a manual, hand-coded implementation of PTHREAD_MUTEX_RECURSIVE.