version 1.133, 2015/09/11 21:07:01 |
version 1.134, 2015/09/11 21:22:54 |
|
|
int map_tos(char *, int *); |
int map_tos(char *, int *); |
int map_tls(char *, int *); |
int map_tls(char *, int *); |
void report_connect(const struct sockaddr *, socklen_t); |
void report_connect(const struct sockaddr *, socklen_t); |
void report_tls(struct tls * tls_ctx, char * host, char *tls_expectname); |
void report_tls(struct tls *tls_ctx, char * host, char *tls_expectname); |
void usage(int); |
void usage(int); |
ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *); |
ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *); |
ssize_t fillbuf(int, unsigned char *, size_t *, struct tls *); |
ssize_t fillbuf(int, unsigned char *, size_t *, struct tls *); |
void tls_setup_client(struct tls *, int, char *); |
void tls_setup_client(struct tls *, int, char *); |
struct tls * tls_setup_server(struct tls *, int, char *); |
struct tls *tls_setup_server(struct tls *, int, char *); |
|
|
int |
int |
main(int argc, char *argv[]) |
main(int argc, char *argv[]) |
|
|
if (vflag) |
if (vflag) |
report_connect((struct sockaddr *)&cliaddr, len); |
report_connect((struct sockaddr *)&cliaddr, len); |
if ((usetls) && |
if ((usetls) && |
(tls_cctx = tls_setup_server(tls_ctx, connfd, |
(tls_cctx = tls_setup_server(tls_ctx, connfd, host))) |
host))) |
|
readwrite(connfd, tls_cctx); |
readwrite(connfd, tls_cctx); |
if (!usetls) |
if (!usetls) |
readwrite(connfd, NULL); |
readwrite(connfd, NULL); |
|
|
strcmp(tls_expecthash, tls_peerhash) != 0) |
strcmp(tls_expecthash, tls_peerhash) != 0) |
warnx("peer certificate is not %s", tls_expecthash); |
warnx("peer certificate is not %s", tls_expecthash); |
else if (gotcert && tls_expectname && |
else if (gotcert && tls_expectname && |
(! tls_peer_cert_contains_name(tls_cctx, tls_expectname))) |
(!tls_peer_cert_contains_name(tls_cctx, tls_expectname))) |
warnx("name (%s) not found in client cert", |
warnx("name (%s) not found in client cert", |
tls_expectname); |
tls_expectname); |
else { |
else { |
|
|
|
|
while (1) { |
while (1) { |
/* both inputs are gone, buffers are empty, we are done */ |
/* both inputs are gone, buffers are empty, we are done */ |
if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 |
if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 && |
&& stdinbufpos == 0 && netinbufpos == 0) { |
stdinbufpos == 0 && netinbufpos == 0) { |
close(net_fd); |
close(net_fd); |
return; |
return; |
} |
} |
|
|
return; |
return; |
} |
} |
/* listen and net in gone, queues empty, done */ |
/* listen and net in gone, queues empty, done */ |
if (lflag && pfd[POLL_NETIN].fd == -1 |
if (lflag && pfd[POLL_NETIN].fd == -1 && |
&& stdinbufpos == 0 && netinbufpos == 0) { |
stdinbufpos == 0 && netinbufpos == 0) { |
close(net_fd); |
close(net_fd); |
return; |
return; |
} |
} |
|
|
/* reading is possible after HUP */ |
/* reading is possible after HUP */ |
if (pfd[POLL_STDIN].events & POLLIN && |
if (pfd[POLL_STDIN].events & POLLIN && |
pfd[POLL_STDIN].revents & POLLHUP && |
pfd[POLL_STDIN].revents & POLLHUP && |
! (pfd[POLL_STDIN].revents & POLLIN)) |
!(pfd[POLL_STDIN].revents & POLLIN)) |
pfd[POLL_STDIN].fd = -1; |
pfd[POLL_STDIN].fd = -1; |
|
|
if (pfd[POLL_NETIN].events & POLLIN && |
if (pfd[POLL_NETIN].events & POLLIN && |
pfd[POLL_NETIN].revents & POLLHUP && |
pfd[POLL_NETIN].revents & POLLHUP && |
! (pfd[POLL_NETIN].revents & POLLIN)) |
!(pfd[POLL_NETIN].revents & POLLIN)) |
pfd[POLL_NETIN].fd = -1; |
pfd[POLL_NETIN].fd = -1; |
|
|
if (pfd[POLL_NETOUT].revents & POLLHUP) { |
if (pfd[POLL_NETOUT].revents & POLLHUP) { |
if (Nflag) |
if (Nflag) |
|
|
{ "netcontrol", IPTOS_PREC_NETCONTROL }, |
{ "netcontrol", IPTOS_PREC_NETCONTROL }, |
{ "reliability", IPTOS_RELIABILITY }, |
{ "reliability", IPTOS_RELIABILITY }, |
{ "throughput", IPTOS_THROUGHPUT }, |
{ "throughput", IPTOS_THROUGHPUT }, |
{ NULL, -1 }, |
{ NULL, -1 }, |
}; |
}; |
|
|
for (t = toskeywords; t->keyword != NULL; t++) { |
for (t = toskeywords; t->keyword != NULL; t++) { |
|
|
{ "noverify", TLS_NOVERIFY }, |
{ "noverify", TLS_NOVERIFY }, |
{ "noname", TLS_NONAME }, |
{ "noname", TLS_NONAME }, |
{ "clientcert", TLS_CCERT}, |
{ "clientcert", TLS_CCERT}, |
{ NULL, -1 }, |
{ NULL, -1 }, |
}; |
}; |
|
|
for (t = tlskeywords; t->keyword != NULL; t++) { |
for (t = tlskeywords; t->keyword != NULL; t++) { |
|
|
char remote_port[NI_MAXSERV]; |
char remote_port[NI_MAXSERV]; |
int herr; |
int herr; |
int flags = NI_NUMERICSERV; |
int flags = NI_NUMERICSERV; |
|
|
if (nflag) |
if (nflag) |
flags |= NI_NUMERICHOST; |
flags |= NI_NUMERICHOST; |
|
|
if ((herr = getnameinfo(sa, salen, |
if ((herr = getnameinfo(sa, salen, |
remote_host, sizeof(remote_host), |
remote_host, sizeof(remote_host), |
remote_port, sizeof(remote_port), |
remote_port, sizeof(remote_port), |
|
|
else |
else |
errx(1, "getnameinfo: %s", gai_strerror(herr)); |
errx(1, "getnameinfo: %s", gai_strerror(herr)); |
} |
} |
|
|
fprintf(stderr, |
fprintf(stderr, |
"Connection from %s %s " |
"Connection from %s %s " |
"received!\n", remote_host, remote_port); |
"received!\n", remote_host, remote_port); |