July 2012 - tor-commits - lists.torproject.org

[stegotorus/master] enabled pdf
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit 518fce5e1e524e2647491ca03dbf6663d0da8cb8 Author: Vinod Yegneswaran <vinod(a)csl.sri.com> Date: Tue Nov 15 07:58:08 2011 +0000 enabled pdf git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@144 a58ff0ac-194c-e011-a152-003048836090 --- src/steg/payloads.c | 3 ++- src/steg/x_http2.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/steg/payloads.c b/src/steg/payloads.c index 83487c5..2b82451 100644 --- a/src/steg/payloads.c +++ b/src/steg/payloads.c @@ -577,7 +577,8 @@ unsigned int find_client_payload(char* buf, int len, int type) { inbuf = payloads[r]; if (find_uri_type(inbuf, p->length) != HTTP_CONTENT_SWF && find_uri_type(inbuf, p->length) != HTTP_CONTENT_HTML && - find_uri_type(inbuf, p->length) != HTTP_CONTENT_JAVASCRIPT) { + find_uri_type(inbuf, p->length) != HTTP_CONTENT_JAVASCRIPT && + find_uri_type(inbuf, p->length) != HTTP_CONTENT_PDF) { goto next; } if (p->length > len) { diff --git a/src/steg/x_http2.c b/src/steg/x_http2.c index e714305..7377196 100644 --- a/src/steg/x_http2.c +++ b/src/steg/x_http2.c @@ -159,7 +159,7 @@ x_http2_new(rng_t *rng, unsigned int is_clientside) init_JS_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, JS_MIN_AVAIL_SIZE); // init_JS_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, JS_MIN_AVAIL_SIZE, HTTP_CONTENT_HTML); init_HTML_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, HTML_MIN_AVAIL_SIZE); - // init_PDF_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, PDF_MIN_AVAIL_SIZE); + init_PDF_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, PDF_MIN_AVAIL_SIZE); init_SWF_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, 0); }

1 0

[stegotorus/master] improved server response headers and cookies
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit d891d6ace21857caf8577c9a6dd0388a2c177907 Author: Vinod Yegneswaran <vinod(a)csl.sri.com> Date: Tue Nov 15 07:43:50 2011 +0000 improved server response headers and cookies git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@143 a58ff0ac-194c-e011-a152-003048836090 --- src/steg/cookies.c | 8 +++++- src/steg/jsSteg.c | 2 + src/steg/payloads.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++-- src/steg/payloads.h | 1 + 4 files changed, 63 insertions(+), 5 deletions(-) diff --git a/src/steg/cookies.c b/src/steg/cookies.c index e8d43b9..c773386 100644 --- a/src/steg/cookies.c +++ b/src/steg/cookies.c @@ -48,7 +48,8 @@ int gen_one_cookie(unsigned char* outbuf, int cookielen, unsigned char* data, in while (sofar < namelen) { c = rand() % (127 - 33) + 33; - if (c == '=' || c == ';' || c == '`' || c == '\'' || c == '%') + if (c == '=' || c == ';' || c == '`' || c == '\'' || c == '%' || c == '+' || c == '{' || c == '}' || + c == '<' || c == '>' || c == '?' || c == '#') continue; if ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') || (rand () % 4 != 0)) { @@ -65,9 +66,12 @@ int gen_one_cookie(unsigned char* outbuf, int cookielen, unsigned char* data, in while (sofar < cookielen) { c = rand() % (127 - 33) + 33; - if (c == '=' || c == ';' || c == '`' || c == '\'' || c == '%') + if (c == '=' || c == ';' || c == '`' || c == '\'' || c == '%' || c == '+' || c == '{' || c == '}' || + c == '<' || c == '>' || c == '?' || c == '#') continue; + + if ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') || (rand() % 4 != 0)) { if (data_consumed < datalen) outbuf[sofar++] = data[data_consumed++]; diff --git a/src/steg/jsSteg.c b/src/steg/jsSteg.c index 60b2d9a..1486255 100644 --- a/src/steg/jsSteg.c +++ b/src/steg/jsSteg.c @@ -998,6 +998,8 @@ x_http2_handle_client_JS_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, buf2len = gzInflate(httpBody, httpBodyLen, buf2, HTTP_MSG_BUF_SIZE); if (buf2len <= 0) { log_warn("gzInflate for httpBody fails"); + fprintf(stderr, "gzInflate for httpBody fails"); + exit(-1); return RECV_BAD; } buf2[buf2len] = 0; diff --git a/src/steg/payloads.c b/src/steg/payloads.c index 76bb213..83487c5 100644 --- a/src/steg/payloads.c +++ b/src/steg/payloads.c @@ -303,6 +303,13 @@ void gen_rfc_1123_date(char* buf, int buf_size) { +void gen_rfc_1123_expiry_date(char* buf, int buf_size) { + time_t t = time(NULL) + rand() % 10000; + struct tm *my_tm = gmtime(&t); + strftime(buf, buf_size, "Expires: %a, %d %b %Y %H:%M:%S GMT\r\n", my_tm); +} + + @@ -310,7 +317,7 @@ int gen_response_header(char* content_type, int gzip, int length, char* buf, int char* ptr; // conservative assumption here.... - if (buflen < 256) { + if (buflen < 400) { fprintf(stderr, "gen_response_header: buflen too small\n"); return -1; } @@ -320,13 +327,57 @@ int gen_response_header(char* content_type, int gzip, int length, char* buf, int gen_rfc_1123_date(ptr, buflen - (ptr - buf)); ptr = ptr + strlen(ptr); + sprintf(ptr, "Server: Apache\r\n"); + ptr = ptr + strlen(ptr); + + switch(rand() % 9) { + case 1: + sprintf(ptr, "Vary: Cookie\r\n"); + ptr = ptr + strlen(ptr); + break; + + case 2: + sprintf(ptr, "Vary: Accept-Encoding, User-Agent\r\n"); + ptr = ptr + strlen(ptr); + break; + + case 3: + sprintf(ptr, "Vary: *\r\n"); + ptr = ptr + strlen(ptr); + break; + + } + + + switch(rand() % 4) { + case 2: + gen_rfc_1123_expiry_date(ptr, buflen - (ptr - buf)); + ptr = ptr + strlen(ptr); + } + + + + if (gzip) - sprintf(ptr, "Server: Apache\r\nContent-Length: %d\r\nContent-Encoding: gzip\r\nContent-Type: %s\r\nConnection: close\r\n\r\n", length, content_type); + sprintf(ptr, "Content-Length: %d\r\nContent-Encoding: gzip\r\nContent-Type: %s\r\n", length, content_type); else - sprintf(ptr, "Server: Apache\r\nContent-Length: %d\r\nContent-Type: %s\r\nConnection: close\r\n\r\n", length, content_type); + sprintf(ptr, "Content-Length: %d\r\nContent-Type: %s\r\n", length, content_type); ptr += strlen(ptr); + switch(rand() % 4) { + case 2: + case 3: + case 4: + sprintf(ptr, "Connection: Keep-Alive\r\n\r\n"); + break; + default: + sprintf(ptr, "Connection: close\r\n\r\n"); + break; + } + + ptr += strlen(ptr); + return ptr - buf; } diff --git a/src/steg/payloads.h b/src/steg/payloads.h index 7629b14..ace7dad 100644 --- a/src/steg/payloads.h +++ b/src/steg/payloads.h @@ -138,6 +138,7 @@ int get_payload (int contentType, int cap, char** buf, int* size); int has_eligible_HTTP_content (char* buf, int len, int type); int fixContentLen (char* payload, int payloadLen, char *buf, int bufLen); void gen_rfc_1123_date(char* buf, int buf_size); +void gen_rfc_1123_expiry_date(char* buf, int buf_size); int parse_client_headers(char* inbuf, char* outbuf, int len); int skipJSPattern (char *cp, int len); int isalnum_ (char c);

1 0

[stegotorus/master] initial commit for 'embed' steg module, needs chopper changes to work
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit a43ae4dc1ce5475d6a1265af3fc318b4921bf36b Author: Jeffrey Wang <jeffreyw(a)stanford.edu> Date: Sun Dec 4 08:24:11 2011 +0000 initial commit for 'embed' steg module, needs chopper changes to work git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@169 a58ff0ac-194c-e011-a152-003048836090 --- src/steg/embed.cc | 234 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 234 insertions(+), 0 deletions(-) diff --git a/src/steg/embed.cc b/src/steg/embed.cc new file mode 100644 index 0000000..1e3c34c --- /dev/null +++ b/src/steg/embed.cc @@ -0,0 +1,234 @@ +#include "util.h" +#include "connections.h" +#include "steg.h" + +#include <event2/buffer.h> +#include <event2/event.h> +#include <stdio.h> +#include <unistd.h> +#include <time.h> + +typedef struct trace_t { + int num_pkt; // number of packets in trace + short *pkt_sizes; // packet sizes (positive = client->server) + int *pkt_times; // packet inter-arrival times +} trace_t; + +namespace { + struct embed : steg_t { + int cur_idx; // current trace index + trace_t *cur; // current trace + int cur_pkt; // current packet in the trace + struct timeval last_pkt; // time at which last packet was sent/received + + STEG_DECLARE_METHODS(embed); + }; +} + +static int embed_init = 0; // whether traces are initialized +static int embed_num_traces; // number of traces +static trace_t *embed_traces; // global array of all traces + +STEG_DEFINE_MODULE(embed, 1024, 1024, 1, 1); + +int millis_since(struct timeval *last) { + struct timeval cur; + int diff = 0; + gettimeofday(&cur, NULL); + + diff += (cur.tv_sec - last->tv_sec) * 1000; + diff += (cur.tv_usec - last->tv_usec) / 1000; + return diff; +} + +void init_embed_traces() { + // read in traces to use for connections + FILE *trace_file = fopen("traces/embed.txt", "r"); + fscanf(trace_file, "%d", &embed_num_traces); + embed_traces = (trace_t *)xmalloc(sizeof(trace_t) * embed_num_traces); + for (int i = 0; i < embed_num_traces; i++) { + int num_pkt; + fscanf(trace_file, "%d", &num_pkt); + embed_traces[i].num_pkt = num_pkt; + embed_traces[i].pkt_sizes = (short *)xmalloc(sizeof(short) * num_pkt); + embed_traces[i].pkt_times = (int *)xmalloc(sizeof(int) * num_pkt); + for (int j = 0; j < embed_traces[i].num_pkt; j++) { + fscanf(trace_file, "%hd %d", + &embed_traces[i].pkt_sizes[j], + &embed_traces[i].pkt_times[j]); + } + } + log_debug("read %d traces to use", embed_num_traces); + + srand(time(NULL)); + embed_init = 1; +} + +int get_random_trace() { + return rand() % embed_num_traces; +} + +bool advance_packet(embed *state) { + state->cur_pkt++; + return state->cur_pkt == state->cur->num_pkt; +} + +short get_pkt_size(embed *state) { + return abs(state->cur->pkt_sizes[state->cur_pkt]); +} + +bool is_outgoing(embed *state) { + return (state->cur->pkt_sizes[state->cur_pkt] < 0) ^ (state->is_clientside); +} + +int get_pkt_time(embed *state) { + return state->cur->pkt_times[state->cur_pkt]; +} + +bool is_finished(embed *state) { + if (state->cur_idx == -1) return true; + return state->cur_pkt >= state->cur->num_pkt; +} + +embed::embed() { + if (!embed_init) init_embed_traces(); + cur_idx = -1; + gettimeofday(&last_pkt, NULL); +} + +embed::~embed() { } + +bool embed::detect(conn_t * /* conn */) { + return 1; +} + +size_t embed::transmit_room(conn_t * /* conn */) { + if (cur_idx == -1 && is_clientside) { + cur_idx = get_random_trace(); + cur = &embed_traces[cur_idx]; + cur_pkt = 0; + } + + int time_diff = millis_since(&last_pkt); + size_t room; + + if (is_finished(this) || !is_outgoing(this)) return 0; + if (get_pkt_time(this) > time_diff+10) return 0; + + // 24 bytes for chop header, 2 bytes for data length + // 4 bytes for the index of a new trace + room = get_pkt_size(this) - 26; + if (cur_pkt == 0) { + room -= 4; + } + return room; +} + +int embed::transmit(struct evbuffer *source, conn_t *conn) { + struct evbuffer *dest = conn_get_outbound(conn); + short src_len = evbuffer_get_length(source); + short pkt_size = get_pkt_size(this); + short used = src_len + 2; + + // starting a new trace, send the index + if (cur_pkt == 0) { + if (evbuffer_add(dest, &cur_idx, 4) == -1) return -1; + used += 4; + log_debug("sending trace %d", cur_idx); + } + + log_debug("sending packet %d of trace %d", cur_pkt, cur_idx); + + // add the data length and data to the dest buffer + if (evbuffer_add(dest, &src_len, 2) == -1) return -1; + if (evbuffer_add_buffer(dest, source) == -1) return -1; + log_debug("sending data with length %d", src_len); + + // if there is more space in the packet, pad it + if (pkt_size > used) { + size_t padding = pkt_size - used; + unsigned char zero[padding]; + memset(zero, 0, padding); + evbuffer_add(dest, zero, padding); + } + + // check if this trace is finished and whether we need to send again + if (advance_packet(this)) { + log_debug("send finished trace"); + conn_close_after_transmit(conn); + } else if (is_outgoing(this)) { + log_debug("sending again in %d ms", get_pkt_time(this)); + conn_transmit_soon(conn, get_pkt_time(this)); + } + + // update last time + gettimeofday(&last_pkt, NULL); + return 0; +} + +int embed::receive(conn_t *conn, struct evbuffer *dest) { + struct evbuffer *source = conn_get_inbound(conn); + short src_len = evbuffer_get_length(source); + short pkt_size = 0; + + log_debug("receiving buffer of length %d", src_len); + + // if we are receiving the first packet of the trace, read the index + if (cur_idx == -1) { + if (evbuffer_remove(source, &cur_idx, 4) != 4) return -1; + cur = &embed_traces[cur_idx]; + cur_pkt = 0; + pkt_size += 4; + + log_debug("detected trace %d", cur_idx); + } + + // keep reading data and padding from the source, advancing the packet + // in the trace when we have read enough bytes + while (1) { + // the next full packet is not in the source buffer yet + int exp_pkt_size = get_pkt_size(this); + if (src_len < exp_pkt_size) break; + + // read data + short data_len; + if (evbuffer_remove(source, &data_len, 2) != 2) return -1; + if (data_len > 0) { + if (evbuffer_remove_buffer(source, dest, data_len) != data_len) { + return -1; + } + } + pkt_size += data_len + 2; + + // read padding + if (exp_pkt_size > pkt_size) { + size_t padding = exp_pkt_size - pkt_size; + if (evbuffer_drain(source, padding) == -1) return -1; + } + + src_len -= exp_pkt_size; + pkt_size = 0; + + log_debug("received packet %d of trace %d", + cur_pkt, cur_idx); + + // advance packet; if done with trace, sender should close connection + if (advance_packet(this)) { + conn_cease_transmission(conn); + conn_expect_close(conn); + log_debug("received last packet in trace"); + return 0; + } + } + + if (is_outgoing(this)) { + log_debug("preparing to send in %d ms", get_pkt_time(this)); + conn_transmit_soon(conn, get_pkt_time(this)); + } + + log_debug("remaining source length: %d", src_len); + + // update last time + gettimeofday(&last_pkt, NULL); + return 0; +}

1 0

[stegotorus/master] Compilation fixes after the merge
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit d9808c06258cd7f1d00172ed078c090d53375b89 Author: Zack Weinberg <zackw(a)cmu.edu> Date: Thu Dec 1 23:45:00 2011 +0000 Compilation fixes after the merge --- Makefile.am | 10 +- NOTES | 20 --- README.Linda | 69 --------- configure.ac | 10 +- doc/NOTES | 20 +++ doc/NOTES.Linda | 69 +++++++++ scripts/start-client.csh | 8 + scripts/start-obfsproxy.sh | 120 ++++++++++++++++ scripts/start-server.csh | 6 + scripts/torrc | 12 ++ src/protocol/chop.cc | 125 +++++++++--------- src/steg/http.cc | 328 ++++++++++++++++++++------------------------ src/steg/jsSteg.cc | 20 +-- src/steg/jsSteg.h | 4 +- src/steg/payloads.cc | 12 +- src/steg/pdfSteg.cc | 8 +- src/steg/pdfSteg.h | 4 +- src/steg/swfSteg.cc | 46 ++----- src/steg/swfSteg.h | 4 +- start-client.csh | 8 - start-obfsproxy.sh | 120 ---------------- start-server.csh | 6 - torrc | 12 -- 23 files changed, 487 insertions(+), 554 deletions(-) diff --git a/Makefile.am b/Makefile.am index bbd89a6..ebe3fdd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,14 +19,14 @@ PROTOCOLS = \ src/protocol/x_null.cc STEGANOGRAPHERS = \ - src/steg/http.cc \ - src/steg/payloads.cc \ src/steg/cookies.cc \ + src/steg/crc32.cc \ + src/steg/http.cc \ src/steg/jsSteg.cc \ + src/steg/payloads.cc \ + src/steg/pdfSteg.cc \ src/steg/swfSteg.cc \ - src/steg/zpack.cc \ - src/steg/crc32.cc \ - src/steg/pdfSteg.cc + src/steg/zpack.cc libstegotorus_a_SOURCES = \ src/connections.cc \ diff --git a/NOTES b/NOTES deleted file mode 100644 index 5b5f23c..0000000 --- a/NOTES +++ /dev/null @@ -1,20 +0,0 @@ -To Test ObfsProxy: - -start server (start-server.csh) -start client (start-client.csh) -start Tor (copy torrc.sample to etc/tor) - - -Now test tor: -curl --socks4a 127.0.0.1:9060 -o - http://check.torproject.org - - -To add new steg modules: - -1. Add a file below src/steg which implements a steg module; note that -the STEG_DEFINE_MODULE boilerplate macro is mandatory. The name of -the file should be the same as the name of the module (as set by -STEG_DEFINE_MODULE) plus the .c extension. -2. Add the file to the STEGANOGRAPHERS list in Makefile.am. - -That should be all that is necessary. diff --git a/README.Linda b/README.Linda deleted file mode 100644 index 2ecaa3c..0000000 --- a/README.Linda +++ /dev/null @@ -1,69 +0,0 @@ -compiling obfsproxy on Mac OS X 10.6 -==================================== - -0) prelims - - a) autoconf 2.68 - -cd ~/src/autoconf-2.68 -./configure --prefix=/usr && make -make check # takes a long, long time! -sudo make install - - b) automake 1.11 - -cd ~/src/automake-1.11.1 -./configure --prefix=/usr && make -sudo make install - -1) obfsproxy - -cd ~/src/DEFIANCE/code/obfsproxy -./autogen.sh -./configure -make - - -compiling obfsproxy under Ubuntu 11.10 -====================================== - -in source directory: - -[ in file Makefile.am: add "-Wno-error=format" at the end of WARNINGS variable; remove "-Werror" & save ] - -$> ./autogen.sh -$> ./configure -[…] -configure: error: Package requirements (libcrypto >= 0.9.7) were not met: - -No package 'libcrypto' found -[…] -$> sudo find / -name openssl.pc -/usr/lib/i386-linux-gnu/pkgconfig/openssl.pc -$> echo $PKG_CONFIG_PATH - -$> export PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig -$> ./configure -$> make - - -compiling obfsproxy under Ubuntu 10.04 (DETERlab) -================================================= - -create local disk space: - -$> sudo /usr/local/etc/emulab/mkextrafs.pl /mnt - -copy source code there to compile: - -$> sudo mkdir /mnt/local/alice -$> sudo chown linda:SAF-DEFIANCE /mnt/local/alice -$> cd /mnt/local/alice -$> tar -xzvf ~/src/obfsproxy-3.2.tar.gz -$> cd obfsproxy-3.2 -$> make clean # without this it will complain about some protocols not found! -$> emacs Makefile.am -[ add "-Wno-error=format" at the end of WARNINGS variable; remove "-Werror" & save & exit ] -$> ./autogen.sh -$> ./configure -$> make diff --git a/configure.ac b/configure.ac index a0fff6f..5a7650b 100644 --- a/configure.ac +++ b/configure.ac @@ -43,12 +43,16 @@ AM_CONDITIONAL([INTEGRATION_TESTS], [test "$PYOS" = "posix"]) ### Libraries ### -PKG_CHECK_MODULES([libevent], [libevent >= 2.0]) # libcrypto++ 5.6.0 is the earliest version with GCM support. PKG_CHECK_MODULES([libcryptopp], [libcrypto++ >= 5.6.0]) +# libevent 2.0 radically changed the API +PKG_CHECK_MODULES([libevent], [libevent >= 2.0]) +# there's no good reason not to require the latest zlib, which is +# from 2009 +PKG_CHECK_MODULES([libz], [zlib >= 1.2.3.4]) -LIBS="$libevent_LIBS $libcryptopp_LIBS" -lib_CPPFLAGS="$libevent_CFLAGS $libcryptopp_CFLAGS" +LIBS="$libevent_LIBS $libcryptopp_LIBS $libz_LIBS" +lib_CPPFLAGS="$libevent_CFLAGS $libcryptopp_CFLAGS $libz_LIBS" AC_SUBST(lib_CPPFLAGS) # ntohl and a bunch of related functions require a special library on Windows. diff --git a/doc/NOTES b/doc/NOTES new file mode 100644 index 0000000..5b5f23c --- /dev/null +++ b/doc/NOTES @@ -0,0 +1,20 @@ +To Test ObfsProxy: + +start server (start-server.csh) +start client (start-client.csh) +start Tor (copy torrc.sample to etc/tor) + + +Now test tor: +curl --socks4a 127.0.0.1:9060 -o - http://check.torproject.org + + +To add new steg modules: + +1. Add a file below src/steg which implements a steg module; note that +the STEG_DEFINE_MODULE boilerplate macro is mandatory. The name of +the file should be the same as the name of the module (as set by +STEG_DEFINE_MODULE) plus the .c extension. +2. Add the file to the STEGANOGRAPHERS list in Makefile.am. + +That should be all that is necessary. diff --git a/doc/NOTES.Linda b/doc/NOTES.Linda new file mode 100644 index 0000000..2ecaa3c --- /dev/null +++ b/doc/NOTES.Linda @@ -0,0 +1,69 @@ +compiling obfsproxy on Mac OS X 10.6 +==================================== + +0) prelims + + a) autoconf 2.68 + +cd ~/src/autoconf-2.68 +./configure --prefix=/usr && make +make check # takes a long, long time! +sudo make install + + b) automake 1.11 + +cd ~/src/automake-1.11.1 +./configure --prefix=/usr && make +sudo make install + +1) obfsproxy + +cd ~/src/DEFIANCE/code/obfsproxy +./autogen.sh +./configure +make + + +compiling obfsproxy under Ubuntu 11.10 +====================================== + +in source directory: + +[ in file Makefile.am: add "-Wno-error=format" at the end of WARNINGS variable; remove "-Werror" & save ] + +$> ./autogen.sh +$> ./configure +[…] +configure: error: Package requirements (libcrypto >= 0.9.7) were not met: + +No package 'libcrypto' found +[…] +$> sudo find / -name openssl.pc +/usr/lib/i386-linux-gnu/pkgconfig/openssl.pc +$> echo $PKG_CONFIG_PATH + +$> export PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig +$> ./configure +$> make + + +compiling obfsproxy under Ubuntu 10.04 (DETERlab) +================================================= + +create local disk space: + +$> sudo /usr/local/etc/emulab/mkextrafs.pl /mnt + +copy source code there to compile: + +$> sudo mkdir /mnt/local/alice +$> sudo chown linda:SAF-DEFIANCE /mnt/local/alice +$> cd /mnt/local/alice +$> tar -xzvf ~/src/obfsproxy-3.2.tar.gz +$> cd obfsproxy-3.2 +$> make clean # without this it will complain about some protocols not found! +$> emacs Makefile.am +[ add "-Wno-error=format" at the end of WARNINGS variable; remove "-Werror" & save & exit ] +$> ./autogen.sh +$> ./configure +$> make diff --git a/scripts/start-client.csh b/scripts/start-client.csh new file mode 100644 index 0000000..6eda343 --- /dev/null +++ b/scripts/start-client.csh @@ -0,0 +1,8 @@ +#!/bin/csh +# ./obfsproxy --log-min-severity=debug x_dsteg socks 127.0.0.1:1080 x_http + +setenv EVENT_NOKQUEUE yes +#./obfsproxy --log-min-severity=debug chop socks 127.0.0.1:1080 127.0.0.1:8080 http 127.0.0.1:8081 http +# ./obfsproxy --log-min-severity=warn chop socks 127.0.0.1:1080 127.0.0.1:8080 http 127.0.0.1:8081 http +./obfsproxy --log-min-severity=error chop socks 127.0.0.1:1080 127.0.0.1:8080 http 127.0.0.1:8081 http + diff --git a/scripts/start-obfsproxy.sh b/scripts/start-obfsproxy.sh new file mode 100755 index 0000000..45c99da --- /dev/null +++ b/scripts/start-obfsproxy.sh @@ -0,0 +1,120 @@ +#!/bin/bash + +ODIR=~/src/DEFIANCE/stegotorus + +################################################################################ +# helper functions: + +usage () { +if [ $# -gt 0 ]; then + echo " *** ERROR: $1" +fi +cat << EOF + +usage: $0 <OPTIONS> [server|client] [install-dir] + +Start obfsproxy server or client with given options. If the optional install-dir +is given, override the value set in the script. + +OPTIONS: + -h Show this message + -i <addr> IP address (default: 127.0.0.1) + -p <n> port number (default: 8080) + -l <severity> Log severity: warn, error, debug (default: error) + -b <host> Host name (or IP address) of Tor Bridge + with port number attached via ':' or omitted + (default: 87.73.82.145:8080) + -n <n> Multiply the number of IP addresses on the client +EOF +} + +################################################################################ +# parse command line: + +# default values: +IP=127.0.0.1 +PORT=8080 +N=1 +LOG=error +BRIDGE_IP=87.73.82.145 +BRIDGE_PORT=8080 +while getopts "hi:p:l:b:n:" OPTION +do + case $OPTION in + h|\?) + usage; exit 1 + ;; + i) + IP=$OPTARG + ;; + p) + PORT=$OPTARG + ;; + n) + N=$OPTARG + ;; + l) + LOG=`echo $OPTARG | tr '[A-Z]' '[a-z]'` # make lower case + ;; + b) + arr=(${OPTARG//:/ }) + BRIDGE_IP=${arr[0]} + if [ ${#arr[@]} -gt 1 ]; then + BRIDGE_PORT=${arr[1]} + fi + ;; + esac + shift $((OPTIND-1)); OPTIND=1 +done + +# test if $LOG is valid +case $LOG in + debug|warn|error) + ;; + *) + usage "Unknown log level given: $LOG"; exit 1 + ;; +esac + +# now $@ has remaining arguments: +if [ $# -lt 1 ]; then + usage "need 'server' or 'client' as argument"; exit 1 +fi +TYPE=`echo $1 | tr '[A-Z]' '[a-z]'` # turn argument into lower case +case $TYPE in + server|client) + ;; + *) + usage "argument $1 not recognized"; exit 1 + ;; +esac + +# check optional install location given as an argument +if [ $# -gt 1 ]; then + if [[ ! -d $2 ]]; then + usage "argument $2 is not a directory"; exit 1 + fi + if [[ ! -x $2/obfsproxy ]]; then + usage "directory $2 does not contain executable of 'obfsproxy'"; exit 1 + fi + ODIR=$2 +fi + +################################################################################ +# start obfsproxy + +echo "Using obfsproxy in \"$ODIR\"" +cd $ODIR +export EVENT_NOKQUEUE=yes +case $TYPE in + server) + ./obfsproxy --log-min-severity=$LOG chop server $BRIDGE_IP:$BRIDGE_PORT $IP:$PORT + ;; + client) + IPS="" + for (( c=1; c<=$N; c++)) ; do + IPS="${IPS}${IP}:${PORT} http " ; + done + ./obfsproxy --log-min-severity=$LOG chop socks 127.0.0.1:1080 $IPS + ;; +esac diff --git a/scripts/start-server.csh b/scripts/start-server.csh new file mode 100644 index 0000000..b7d61e6 --- /dev/null +++ b/scripts/start-server.csh @@ -0,0 +1,6 @@ +#!/bin/csh +setenv EVENT_NOKQUEUE yes +# ./obfsproxy --log-min-severity=debug chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 +# ./obfsproxy --log-min-severity=warn chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 +./obfsproxy --log-min-severity=error chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 + diff --git a/scripts/torrc b/scripts/torrc new file mode 100644 index 0000000..ff27e61 --- /dev/null +++ b/scripts/torrc @@ -0,0 +1,12 @@ +SocksPort 9060 # what port to open for local application connections +SocksListenAddress 127.0.0.1 # accept connections only from localhost + +SafeLogging 0 +Log info file ./info.log +Log debug file ./debug.log + +Socks4Proxy 127.0.0.1:1080 + +# Bridge 87.73.82.145:8080 +Bridge 127.0.0.1:8080 +UseBridges 1 diff --git a/src/protocol/chop.cc b/src/protocol/chop.cc index 7045ea8..3e87428 100644 --- a/src/protocol/chop.cc +++ b/src/protocol/chop.cc @@ -70,6 +70,8 @@ static const uint8_t s2c_key[] = /* Connections and circuits */ +typedef unordered_map<uint64_t, circuit_t *> chop_circuit_table; + namespace { struct chop_conn_t : conn_t { @@ -84,7 +86,7 @@ namespace { struct chop_circuit_t : circuit_t { chop_reassembly_elt reassembly_queue; - unordered_set<chop_conn_t *> downstreams; + unordered_set<conn_t *> downstreams; encryptor *send_crypt; decryptor *recv_crypt; @@ -100,8 +102,6 @@ namespace { CIRCUIT_DECLARE_METHODS(chop); }; - typedef unordered_map<uint64_t, chop_circuit_t *> chop_circuit_table; - struct chop_config_t : config_t { struct evutil_addrinfo *up_address; @@ -223,22 +223,22 @@ chop_decrypt_header(chop_circuit_t *ckt, /* Transmit subroutines. */ -static chop_conn_t * +static conn_t * chop_pick_connection(chop_circuit_t *ckt, size_t desired, size_t *blocksize) { size_t maxbelow = 0; size_t minabove = SIZE_MAX; - chop_conn_t *targbelow = NULL; - chop_conn_t *targabove = NULL; + conn_t *targbelow = NULL; + conn_t *targabove = NULL; if (desired > CHOP_MAX_DATA) desired = CHOP_MAX_DATA; /* Find the best fit for the desired transmission from all the outbound connections' transmit rooms. */ - for (unordered_set<chop_conn_t *>::iterator i = ckt->downstreams.begin(); + for (unordered_set<conn_t *>::iterator i = ckt->downstreams.begin(); i != ckt->downstreams.end(); i++) { - chop_conn_t *conn = *i; + chop_conn_t *conn = static_cast<chop_conn_t *>(*i); /* We can only use candidates that have a steg target already. */ if (conn->steg) { /* Find the connections whose transmit rooms are closest to the @@ -282,13 +282,14 @@ chop_pick_connection(chop_circuit_t *ckt, size_t desired, size_t *blocksize) } static int -chop_send_block(chop_conn_t *dest, +chop_send_block(conn_t *d, chop_circuit_t *ckt, struct evbuffer *source, struct evbuffer *block, uint16_t length, uint16_t flags) { + chop_conn_t *dest = static_cast<chop_conn_t *>(d); chop_header hdr; struct evbuffer_iovec v; uint8_t *p; @@ -354,17 +355,18 @@ chop_send_block(chop_conn_t *dest, } static int -chop_send_blocks(chop_circuit_t *ckt) +chop_send_blocks(circuit_t *c) { - struct evbuffer *xmit_pending = bufferevent_get_input(ckt->up_buffer); + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); + struct evbuffer *xmit_pending = bufferevent_get_input(c->up_buffer); struct evbuffer *block; - chop_conn_t *target; + conn_t *target; size_t avail; size_t blocksize; uint16_t flags; if (!(block = evbuffer_new())) { - log_warn(ckt, "allocation failure"); + log_warn(c, "allocation failure"); return -1; } @@ -372,14 +374,14 @@ chop_send_blocks(chop_circuit_t *ckt) avail = evbuffer_get_length(xmit_pending); flags = ckt->sent_syn ? 0 : CHOP_F_SYN; - log_debug(ckt, "%lu bytes to send", (unsigned long)avail); + log_debug(c, "%lu bytes to send", (unsigned long)avail); if (avail == 0) break; target = chop_pick_connection(ckt, avail, &blocksize); if (!target) { - log_debug(ckt, "no target connection available"); + log_debug(c, "no target connection available"); /* this is not an error; it can happen e.g. when the server has something to send immediately and the client hasn't spoken yet */ break; @@ -400,14 +402,15 @@ chop_send_blocks(chop_circuit_t *ckt) evbuffer_free(block); avail = evbuffer_get_length(xmit_pending); if (avail) - log_debug(ckt, "%lu bytes still waiting to be sent", (unsigned long)avail); + log_debug(c, "%lu bytes still waiting to be sent", (unsigned long)avail); return 0; } static int -chop_send_targeted(chop_circuit_t *ckt, chop_conn_t *target, size_t blocksize) +chop_send_targeted(circuit_t *c, conn_t *target, size_t blocksize) { - struct evbuffer *xmit_pending = bufferevent_get_input(ckt->up_buffer); + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); + struct evbuffer *xmit_pending = bufferevent_get_input(c->up_buffer); size_t avail = evbuffer_get_length(xmit_pending); struct evbuffer *block = evbuffer_new(); uint16_t flags = 0; @@ -438,8 +441,7 @@ chop_send_targeted(chop_circuit_t *ckt, chop_conn_t *target, size_t blocksize) evbuffer_free(block); avail = evbuffer_get_length(xmit_pending); if (avail) - log_debug(ckt, "%lu bytes still waiting to be sent", - (unsigned long)avail); + log_debug(c, "%lu bytes still waiting to be sent", (unsigned long)avail); return 0; } else { @@ -482,23 +484,24 @@ chop_send_targeted(chop_circuit_t *ckt, chop_conn_t *target, size_t blocksize) } static int -chop_send_chaff(chop_circuit_t *ckt) +chop_send_chaff(circuit_t *c) { + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); size_t room; - chop_conn_t *target = chop_pick_connection(ckt, 1, &room); + conn_t *target = chop_pick_connection(ckt, 1, &room); if (!target) { /* If we have connections and we can't send, that means we're waiting for the server to respond. Just wait. */ return 0; } - return chop_send_targeted(ckt, target, room); + return chop_send_targeted(c, target, room); } static void must_transmit_timer_cb(evutil_socket_t, short, void *arg) { - chop_conn_t *conn = static_cast<chop_conn_t *>(arg); + chop_conn_t *conn = static_cast<chop_conn_t*>(arg); size_t room; if (!conn->circuit) { @@ -518,7 +521,7 @@ must_transmit_timer_cb(evutil_socket_t, short, void *arg) } log_debug(conn, "must transmit"); - chop_send_targeted(static_cast<chop_circuit_t *>(conn->circuit), conn, room); + chop_send_targeted(conn->circuit, conn, room); } /* Receive subroutines. */ @@ -542,9 +545,9 @@ mod32_le(uint32_t s, uint32_t t) /** Add BLOCK to the reassembly queue at the appropriate location and merge adjacent blocks to the extent possible. */ static int -chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, - chop_header *hdr) +chop_reassemble_block(circuit_t *c, struct evbuffer *block, chop_header *hdr) { + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); chop_reassembly_elt *queue = &ckt->reassembly_queue; chop_reassembly_elt *p, *q; @@ -554,14 +557,14 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, contents. Doing all chaff-handling here simplifies the caller at the expense of slightly more buffer-management overhead. */ if (!(hdr->flags & (CHOP_F_SYN|CHOP_F_FIN))) { - log_debug(ckt, "discarding chaff with no flags"); + log_debug(c, "discarding chaff with no flags"); evbuffer_free(block); return 0; } hdr->length = 0; evbuffer_drain(block, evbuffer_get_length(block)); - log_debug(ckt, "chaff with flags, treating length as 0"); + log_debug(c, "chaff with flags, treating length as 0"); } /* SYN must occur at offset zero, may not be duplicated, and if we @@ -572,7 +575,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, (queue->next != queue && ((queue->next->flags & CHOP_F_SYN) || !mod32_le(hdr->offset + hdr->length, queue->next->offset))))) { - log_warn(ckt, "protocol error: inappropriate SYN block"); + log_warn(c, "protocol error: inappropriate SYN block"); return -1; } @@ -581,7 +584,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, if ((hdr->flags & CHOP_F_FIN) && queue->prev != queue && ((queue->prev->flags & CHOP_F_FIN) || !mod32_le(queue->prev->offset + queue->prev->length, hdr->offset))) { - log_warn(ckt, "protocol error: inappropriate FIN block"); + log_warn(c, "protocol error: inappropriate FIN block"); return -1; } @@ -592,7 +595,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, !mod32_le(queue->next->offset + queue->next->length, hdr->offset)) || ((queue->prev->flags & CHOP_F_FIN) && !mod32_le(hdr->offset + hdr->length, queue->prev->offset)))) { - log_warn(ckt, "protocol error: inappropriate normal block"); + log_warn(c, "protocol error: inappropriate normal block"); return -1; } @@ -614,7 +617,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, /* protocol error: this block goes before 'p' but does not fit after 'p->prev' */ - log_warn(ckt, "protocol error: %u byte block does not fit at offset %u", + log_warn(c, "protocol error: %u byte block does not fit at offset %u", hdr->length, hdr->offset); return -1; } @@ -625,7 +628,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, that this block goes after the last block in the list (aka p->prev). */ if (!p->data && p->prev->data && !mod32_lt(p->prev->offset + p->prev->length, hdr->offset)) { - log_warn(ckt, "protocol error: %u byte block does not fit at offset %u " + log_warn(c, "protocol error: %u byte block does not fit at offset %u " "(sentinel case)", hdr->length, hdr->offset); return -1; @@ -645,7 +648,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, grow_back: if (evbuffer_add_buffer(p->data, block)) { - log_warn(ckt, "failed to append to existing buffer"); + log_warn(c, "failed to append to existing buffer"); return -1; } evbuffer_free(block); @@ -656,7 +659,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, while (p->next->data && p->offset + p->length == p->next->offset) { q = p->next; if (evbuffer_add_buffer(p->data, q->data)) { - log_warn(ckt, "failed to merge buffers"); + log_warn(c, "failed to merge buffers"); return -1; } p->length += q->length; @@ -671,7 +674,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, grow_front: if (evbuffer_prepend_buffer(p->data, block)) { - log_warn(ckt, "failed to prepend to existing buffer"); + log_warn(c, "failed to prepend to existing buffer"); return -1; } evbuffer_free(block); @@ -683,7 +686,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, while (p->prev->data && p->offset == p->prev->offset + p->prev->length) { q = p->prev; if (evbuffer_prepend_buffer(p->data, q->data)) { - log_warn(ckt, "failed to merge buffers"); + log_warn(c, "failed to merge buffers"); return -1; } p->length += q->length; @@ -701,31 +704,31 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, /* Flush as much data toward upstream as we can. */ static int -chop_push_to_upstream(chop_circuit_t *ckt) +chop_push_to_upstream(circuit_t *c) { + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); /* Only the first reassembly queue entry, if any, can possibly be ready to flush (because chop_reassemble_block ensures that there are gaps between all queue elements). */ chop_reassembly_elt *ready = ckt->reassembly_queue.next; if (!ready->data || ckt->recv_offset != ready->offset) { - log_debug(ckt, "no data pushable to upstream yet"); + log_debug(c, "no data pushable to upstream yet"); return 0; } if (!ckt->received_syn) { if (!(ready->flags & CHOP_F_SYN)) { - log_debug(ckt, "waiting for SYN"); + log_debug(c, "waiting for SYN"); return 0; } - log_debug(ckt, "processed SYN"); + log_debug(c, "processed SYN"); ckt->received_syn = true; } - log_debug(ckt, "can push %lu bytes to upstream", + log_debug(c, "can push %lu bytes to upstream", (unsigned long)evbuffer_get_length(ready->data)); - if (evbuffer_add_buffer(bufferevent_get_output(ckt->up_buffer), - ready->data)) { - log_warn(ckt, "failure pushing data to upstream"); + if (evbuffer_add_buffer(bufferevent_get_output(c->up_buffer), ready->data)) { + log_warn(c, "failure pushing data to upstream"); return -1; } @@ -735,8 +738,8 @@ chop_push_to_upstream(chop_circuit_t *ckt) log_assert(!ckt->received_fin); log_assert(ready->next == &ckt->reassembly_queue); ckt->received_fin = true; - log_debug(ckt, "processed FIN"); - circuit_recv_eof(ckt); + log_debug(c, "processed FIN"); + circuit_recv_eof(c); } log_assert(ready->next == &ckt->reassembly_queue || @@ -752,14 +755,14 @@ chop_push_to_upstream(chop_circuit_t *ckt) /* Circuit handling */ static int -chop_find_or_make_circuit(chop_conn_t *conn, uint64_t circuit_id) +chop_find_or_make_circuit(conn_t *conn, uint64_t circuit_id) { log_assert(conn->cfg->mode == LSN_SIMPLE_SERVER); chop_config_t *cfg = static_cast<chop_config_t *>(conn->cfg); chop_circuit_table::value_type in(circuit_id, 0); std::pair<chop_circuit_table::iterator, bool> out = cfg->circuits.insert(in); - chop_circuit_t *ck; + circuit_t *ck; if (!out.second) { // element already exists if (!out.first->second) { @@ -769,7 +772,7 @@ chop_find_or_make_circuit(chop_conn_t *conn, uint64_t circuit_id) ck = out.first->second; log_debug(conn, "found circuit to %s", ck->up_peer); } else { - ck = static_cast<chop_circuit_t *>(circuit_create(cfg, 0)); + ck = cfg->circuit_create(0); if (!ck) { log_warn(conn, "failed to create new circuit"); return -1; @@ -780,7 +783,7 @@ chop_find_or_make_circuit(chop_conn_t *conn, uint64_t circuit_id) return -1; } log_debug(conn, "created new circuit to %s", ck->up_peer); - ck->circuit_id = circuit_id; + static_cast<chop_circuit_t *>(ck)->circuit_id = circuit_id; out.first->second = ck; } @@ -933,9 +936,9 @@ chop_circuit_t::~chop_circuit_t() chop_reassembly_elt *p, *q, *queue; chop_circuit_table::iterator out; - for (unordered_set<chop_conn_t *>::iterator i = this->downstreams.begin(); + for (unordered_set<conn_t *>::iterator i = this->downstreams.begin(); i != this->downstreams.end(); i++) { - chop_conn_t *conn = *i; + conn_t *conn = *i; conn->circuit = NULL; if (evbuffer_get_length(conn_get_outbound(conn)) > 0) conn_do_flush(conn); @@ -968,9 +971,8 @@ chop_circuit_t::~chop_circuit_t() } void -chop_circuit_t::add_downstream(conn_t *cn) +chop_circuit_t::add_downstream(conn_t *conn) { - chop_conn_t *conn = static_cast<chop_conn_t *>(cn); this->downstreams.insert(conn); log_debug(this, "added connection <%d.%d> to %s, now %lu", this->serial, conn->serial, conn->peername, @@ -980,9 +982,8 @@ chop_circuit_t::add_downstream(conn_t *cn) } void -chop_circuit_t::drop_downstream(conn_t *cn) +chop_circuit_t::drop_downstream(conn_t *conn) { - chop_conn_t *conn = static_cast<chop_conn_t *>(cn); this->downstreams.erase(conn); log_debug(this, "dropped connection <%d.%d> to %s, now %lu", this->serial, conn->serial, conn->peername, @@ -1094,9 +1095,9 @@ chop_circuit_t::send() as long as we haven't both sent and received a FIN, or we might deadlock. */ if (this->sent_fin && this->received_fin) { - for (unordered_set<chop_conn_t *>::iterator i = this->downstreams.begin(); + for (unordered_set<conn_t *>::iterator i = this->downstreams.begin(); i != this->downstreams.end(); i++) { - chop_conn_t *conn = *i; + chop_conn_t *conn = static_cast<chop_conn_t*>(*i); if (conn->must_transmit_timer && evtimer_pending(conn->must_transmit_timer, NULL)) must_transmit_timer_cb(-1, 0, conn); @@ -1233,13 +1234,13 @@ chop_conn_t::recv() return -1; } - if (chop_reassemble_block(ckt, block, &hdr)) { + if (chop_reassemble_block(c, block, &hdr)) { evbuffer_free(block); return -1; } } - if (chop_push_to_upstream(ckt)) + if (chop_push_to_upstream(c)) return -1; /* It may have now become possible to send queued data. */ diff --git a/src/steg/http.cc b/src/steg/http.cc index 7377196..aed9322 100644 --- a/src/steg/http.cc +++ b/src/steg/http.cc @@ -32,8 +32,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. See LICENSE for other credits and copying information */ - - #include "util.h" #include "connections.h" #include "steg.h" @@ -46,17 +44,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include <event2/buffer.h> #include <stdio.h> - - - - - #define MIN_COOKIE_SIZE 24 #define MAX_COOKIE_SIZE 1024 - -int -x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); +int +http_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); int lookup_peer_name_from_ip(char* p_ip, char* p_name); @@ -65,57 +57,52 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name); static int has_peer_name = 0; static char peername[512]; - -struct x_http2_steg_t +namespace { +struct http : steg_t { - steg_t super; - - int have_transmitted; - int have_received; + bool have_transmitted : 1; + bool have_received : 1; int type; -}; + STEG_DECLARE_METHODS(http); +}; +} -STEG_DEFINE_MODULE(x_http2, +STEG_DEFINE_MODULE(http, 1024, /* client-server max data rate - made up */ 10240, /* server-client max data rate - ditto */ 1, /* max concurrent connections per IP */ 1); /* max concurrent IPs */ - - - - - -int x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn); -int x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn); +int http_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn); +int http_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn); void evbuffer_dump(struct evbuffer *buf, FILE *out); void buf_dump(unsigned char* buf, int len, FILE *out); int gen_uri_field(char* uri, unsigned int uri_sz, char* data, int datalen); -void -evbuffer_dump(struct evbuffer *buf, FILE *out) +void +evbuffer_dump(struct evbuffer *buf, FILE *out) { int nextent = evbuffer_peek(buf, SSIZE_MAX, 0, 0, 0); struct evbuffer_iovec v[nextent]; int i; const unsigned char *p, *limit; - + if (evbuffer_peek(buf, -1, 0, v, nextent) != nextent) abort(); - + for (i = 0; i < nextent; i++) { - p = v[i].iov_base; + p = (const unsigned char *)v[i].iov_base; limit = p + v[i].iov_len; - + putc('|', out); while (p < limit) { if (*p < 0x20 || *p >= 0x7F || *p == '\\' || *p == '|') - fprintf(out, "\\x%02x", *p); + fprintf(out, "\\x%02x", *p); else - putc(*p, out); + putc(*p, out); p++; } } @@ -126,8 +113,8 @@ evbuffer_dump(struct evbuffer *buf, FILE *out) -void -buf_dump(unsigned char* buf, int len, FILE *out) +void +buf_dump(unsigned char* buf, int len, FILE *out) { int i=0; putc('|', out); @@ -143,15 +130,9 @@ buf_dump(unsigned char* buf, int len, FILE *out) } - - - -steg_t * -x_http2_new(rng_t *rng, unsigned int is_clientside) +http::http() + : have_transmitted(false), have_received(false) { - - STEG_NEW(x_http2, state, rng, is_clientside); - if (is_clientside) load_payloads("traces/client.out"); else { @@ -162,34 +143,24 @@ x_http2_new(rng_t *rng, unsigned int is_clientside) init_PDF_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, PDF_MIN_AVAIL_SIZE); init_SWF_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, 0); } - - - /* if there were extra stuff to fill in, you would do it here */ - return upcast_steg(state); } -void -x_http2_del(steg_t *s) +http::~http() { - x_http2_steg_t *state = downcast_steg(s); - - STEG_DEL(s); - - /* if there were extra stuff to deallocate, you would do it here */ - free(state); } - -// x_http2_detect determines if a packet should be processed by the http2 steg module -unsigned int -x_http2_detect(conn_t *conn) +/** Determine whether a connection should be processed by this + steganographer. */ +bool +http::detect(conn_t *conn) { struct evbuffer *buf = conn_get_inbound(conn); unsigned char *data; //return 0; /***** - Here is a list of HTTP response codes extracted from the server-portals.out trace + Here is a list of HTTP response codes extracted from the + server-portals.out trace 7369 HTTP/1.1 200 OK 470 HTTP/1.1 302 Found @@ -224,7 +195,7 @@ x_http2_detect(conn_t *conn) if (evbuffer_get_length(buf) >= 12) { data = evbuffer_pullup(buf, 12); - + if (data != NULL && ((!memcmp(data, "HTTP/1.1 200", 12)) || (!memcmp(data, "HTTP/1.1 302", 12)) || @@ -235,7 +206,7 @@ x_http2_detect(conn_t *conn) (!memcmp(data, "HTTP/1.1 301", 12)) || (!memcmp(data, "HTTP/1.1 302", 12)) || (!memcmp(data, "HTTP/1.1 404", 12)))) { - log_debug("x_http2_detect: valid response"); + log_debug("http_detect: valid response"); return 1; } } @@ -258,42 +229,38 @@ x_http2_detect(conn_t *conn) if (evbuffer_get_length(buf) >= 9) { data = evbuffer_pullup(buf, 9); - if (data != NULL && (!memcmp(data, "GET /", 5) || !memcmp(data, "POST /", 5) || !memcmp(data, "Cookie", 6))) { - log_debug("x_http2_detect: valid request"); - return 1; + if (data != NULL && (!memcmp(data, "GET /", 5) || + !memcmp(data, "POST /", 5) || + !memcmp(data, "Cookie", 6))) { + log_debug("http_detect: valid request"); + return true; } } - - log_debug("x_http2_detect: didn't find either HTTP request or response"); + + log_debug("http_detect: didn't find either HTTP request or response"); /* Didn't find either the client or the server pattern. */ - return 0; + return false; } size_t -x_http2_transmit_room(steg_t *s, conn_t *conn) +http::transmit_room(conn_t *) { unsigned int mjc; - if (downcast_steg(s)->have_transmitted) + if (have_transmitted) /* can't send any more on this connection */ return 0; - - - if (s->is_clientside) { - /* per http://www.boutell.com/newfaq/misc/urllength.html, - IE<9 can handle no more than 2048 characters in the path - component of a URL; we're not talking to IE, but this limit - means longer paths look fishy; we hex-encode the path, so - we have to cut the number in half. */ + + + if (is_clientside) { return (MIN_COOKIE_SIZE + rand() % (MAX_COOKIE_SIZE - MIN_COOKIE_SIZE)) / 4; - // return 1024; - } + } else { - if (!downcast_steg(s)->have_received) + if (!have_received) return 0; - switch(downcast_steg(s)->type) { + switch (type) { case HTTP_CONTENT_SWF: return 1024; @@ -301,10 +268,10 @@ x_http2_transmit_room(steg_t *s, conn_t *conn) case HTTP_CONTENT_JAVASCRIPT: mjc = get_max_JS_capacity() / 2; if (mjc > 1024) { - // it should be 1024 + ...., but seems like we need to be a little bit smaller (chopper bug?) - int rval = 512 + rand()%(mjc - 1024); - // fprintf(stderr, "returning rval %d, mjc %d\n", rval, mjc); - return rval; + // it should be 1024 + ...., but seems like we need to be a little bit smaller (chopper bug?) + int rval = 512 + rand()%(mjc - 1024); + // fprintf(stderr, "returning rval %d, mjc %d\n", rval, mjc); + return rval; } log_warn("js capacity too small\n"); exit(-1); @@ -312,10 +279,10 @@ x_http2_transmit_room(steg_t *s, conn_t *conn) case HTTP_CONTENT_HTML: mjc = get_max_HTML_capacity() / 2; if (mjc > 1024) { - // it should be 1024 + ...., but seems like we need to be a little bit smaller (chopper bug?) - int rval = 512 + rand()%(mjc - 1024); - // fprintf(stderr, "returning rval %d, mjc %d\n", rval, mjc); - return rval; + // it should be 1024 + ...., but seems like we need to be a little bit smaller (chopper bug?) + int rval = 512 + rand()%(mjc - 1024); + // fprintf(stderr, "returning rval %d, mjc %d\n", rval, mjc); + return rval; } log_warn("js capacity too small\n"); exit(-1); @@ -340,7 +307,7 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name) { struct addrinfo* aip; struct addrinfo hint; char buf[128]; - + hint.ai_flags = AI_CANONNAME; hint.ai_family = 0; hint.ai_socktype = 0; @@ -349,16 +316,16 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name) { hint.ai_canonname = NULL; hint.ai_addr = NULL; hint.ai_next = NULL; - + strcpy(buf, p_ip); buf[strchr(buf, ':') - buf] = 0; - + if (getaddrinfo(buf, NULL, &hint, &ailist)) { fprintf(stderr, "error: getaddrinfo() %s\n", p_ip); exit(1); } - + for (aip = ailist; aip != NULL; aip = aip->ai_next) { char buf[512]; if (getnameinfo(aip->ai_addr, sizeof(struct sockaddr), buf, 512, NULL, 0, 0) == 0) { @@ -366,7 +333,7 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name) { return 1; } } - + return 0; } @@ -377,8 +344,8 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name) { -int -x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { +int +http_client_cookie_transmit (http *s, struct evbuffer *source, conn_t *conn) { /* On the client side, we have to embed the data in a GET query somehow; the only plausible places to put it are the URL and cookies. This @@ -398,7 +365,7 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn // size_t sofar = 0; size_t cookie_len; - + /* Convert all the data in 'source' to hexadecimal and write it to 'scratch'. Data is padded to a multiple of four characters with @@ -410,12 +377,12 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn - datalen = 0; + datalen = 0; cookie_len = 4 * sbuflen + rand() % 4; - + nv = evbuffer_peek(source, sbuflen, NULL, NULL, 0); - iv = xzalloc(sizeof(struct evbuffer_iovec) * nv); + iv = (evbuffer_iovec*)xzalloc(sizeof(struct evbuffer_iovec) * nv); if (evbuffer_peek(source, sbuflen, NULL, iv, nv) != nv) { free(iv); @@ -436,13 +403,13 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn // fprintf(stderr, "%s\n", buf); // exit(-1); // } - - + + cnt = 0; - + for (i = 0; i < nv; i++) { - const unsigned char *p = iv[i].iov_base; + const unsigned char *p = (const unsigned char *)iv[i].iov_base; const unsigned char *limit = p + iv[i].iov_len; char c; while (p < limit && cnt < sbuflen) { @@ -453,7 +420,7 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn cnt++; } } - + free(iv); if (cookie_len < 4) cookie_len = 4; @@ -478,20 +445,20 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn log_debug("error ***********************"); return -1; } - + // debug // log_warn("CLIENT HTTP request header:"); // buf_dump((unsigned char*)buf, len, stderr); - + // sofar += datalen/2; evbuffer_drain(source, datalen/2); - + log_debug("CLIENT TRANSMITTED payload %d\n", (int) sbuflen); - + conn_cease_transmission(conn); - downcast_steg(s)->type = find_uri_type(buf, sizeof(buf)); - downcast_steg(s)->have_transmitted = 1; + s->type = find_uri_type(buf, sizeof(buf)); + s->have_transmitted = true; return 0; } @@ -510,10 +477,10 @@ int gen_uri_field(char* uri, unsigned int uri_sz, char* data, int datalen) { if (r == 1) { r = rand() % 46; - if (r < 20) - uri[so_far++] = 'g' + r; - else - uri[so_far++] = 'A' + r - 20; + if (r < 20) + uri[so_far++] = 'g' + r; + else + uri[so_far++] = 'A' + r - 20; } else { uri[so_far++] = data[0]; @@ -562,16 +529,16 @@ int gen_uri_field(char* uri, unsigned int uri_sz, char* data, int datalen) { -int -x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { +int +http_client_uri_transmit (http *s, struct evbuffer *source, conn_t *conn) { struct evbuffer *dest = conn_get_outbound(conn); - + struct evbuffer_iovec *iv; int i, nv; - + /* Convert all the data in 'source' to hexadecimal and write it to 'scratch'. Data is padded to a multiple of four characters with equals signs. */ @@ -579,26 +546,26 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { size_t datalen = 0; int cnt = 0; char data[2*slen]; - + char outbuf[1024]; int len =0; char buf[10000]; - - + + if (has_peer_name == 0 && lookup_peer_name_from_ip((char*) conn->peername, peername)) has_peer_name = 1; - - + + nv = evbuffer_peek(source, slen, NULL, NULL, 0); - iv = xzalloc(sizeof(struct evbuffer_iovec) * nv); + iv = (evbuffer_iovec *)xzalloc(sizeof(struct evbuffer_iovec) * nv); if (evbuffer_peek(source, slen, NULL, iv, nv) != nv) { free(iv); return -1; } - + for (i = 0; i < nv; i++) { - const unsigned char *p = iv[i].iov_base; + const unsigned char *p = (const unsigned char *)iv[i].iov_base; const unsigned char *limit = p + iv[i].iov_len; char c; while (p < limit) { @@ -608,13 +575,13 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { } } free(iv); - + do { datalen = gen_uri_field(outbuf, sizeof(outbuf), data, datalen); } while (datalen == 0); - + @@ -623,8 +590,8 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { len = find_client_payload(buf, sizeof(buf), TYPE_HTTP_REQUEST); if (cnt++ == 10) return -1; } - - + + // fprintf(stderr, "outbuf = %s\n", outbuf); if (evbuffer_add(dest, outbuf, datalen) || // add uri field @@ -640,10 +607,10 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { evbuffer_drain(source, slen); conn_cease_transmission(conn); - downcast_steg(s)->type = find_uri_type(outbuf, sizeof(outbuf)); - downcast_steg(s)->have_transmitted = 1; + s->type = find_uri_type(outbuf, sizeof(outbuf)); + s->have_transmitted = 1; return 0; - + } @@ -666,45 +633,45 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { int -x_http2_transmit(steg_t *s, struct evbuffer *source, conn_t *conn) +http::transmit(struct evbuffer *source, conn_t *conn) { // struct evbuffer *dest = conn_get_outbound(conn); - // fprintf(stderr, "in x_http2_ transmit %d\n", downcast_steg(s)->type); - + // fprintf(stderr, "in http_ transmit %d\n", downcast_steg(s)->type); + - if (s->is_clientside) { + if (is_clientside) { /* On the client side, we have to embed the data in a GET query somehow; the only plausible places to put it are the URL and cookies. This presently uses the URL. And it can't be binary. */ if (evbuffer_get_length(source) < 72) - return x_http2_client_uri_transmit(s, source, conn); //@@ - return x_http2_client_cookie_transmit(s, source, conn); //@@ - } + return http_client_uri_transmit(this, source, conn); //@@ + return http_client_cookie_transmit(this, source, conn); //@@ + } else { int rval = -1; - switch(downcast_steg(s)->type) { - - case HTTP_CONTENT_SWF: - rval = x_http2_server_SWF_transmit(s, source, conn); + switch(type) { + + case HTTP_CONTENT_SWF: + rval = http_server_SWF_transmit(this, source, conn); break; case HTTP_CONTENT_JAVASCRIPT: - rval = x_http2_server_JS_transmit(s, source, conn, HTTP_CONTENT_JAVASCRIPT); + rval = http_server_JS_transmit(this, source, conn, HTTP_CONTENT_JAVASCRIPT); break; case HTTP_CONTENT_HTML: - rval = x_http2_server_JS_transmit(s, source, conn, HTTP_CONTENT_HTML); + rval = http_server_JS_transmit(this, source, conn, HTTP_CONTENT_HTML); break; case HTTP_CONTENT_PDF: - rval = x_http2_server_PDF_transmit(s, source, conn); + rval = http_server_PDF_transmit(this, source, conn); break; } - if (rval == 0) downcast_steg(s)->have_transmitted = 1; + if (rval == 0) have_transmitted = 1; return rval; } } @@ -714,8 +681,8 @@ x_http2_transmit(steg_t *s, struct evbuffer *source, conn_t *conn) -int -x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { +int +http_server_receive(http *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { int cnt = 0; unsigned char* data; @@ -760,24 +727,24 @@ x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct ev secondhalf = 0; c = 0; - + while (strncmp((char*) p, "\r\n", 2) != 0 && (cookie_mode != 0 || p[0] != '.')) { - if (!secondhalf) - c = 0; - if ('0' <= *p && *p <= '9') - h = *p - '0'; - else if ('a' <= *p && *p <= 'f') - h = *p - 'a' + 10; + if (!secondhalf) + c = 0; + if ('0' <= *p && *p <= '9') + h = *p - '0'; + else if ('a' <= *p && *p <= 'f') + h = *p - 'a' + 10; else { - p++; - continue; + p++; + continue; } c = (c << 4) + h; if (secondhalf) { - outbuf[sofar++] = c; - cnt++; + outbuf[sofar++] = c; + cnt++; } secondhalf = !secondhalf; p++; @@ -795,15 +762,15 @@ x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct ev if (evbuffer_add(dest, outbuf, sofar)) { log_debug("Failed to transfer buffer"); return RECV_BAD; - } + } evbuffer_drain(source, s2.pos + sizeof("\r\n\r\n") - 1); } while (evbuffer_get_length(source)); - - downcast_steg(s)->have_received = 1; - downcast_steg(s)->type = type; + + s->have_received = 1; + s->type = type; // fprintf(stderr, "SERVER RECEIVED payload %d %d\n", cnt, type); - + conn_transmit_soon(conn, 100); return RECV_GOOD; } @@ -818,40 +785,37 @@ x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct ev -static int -x_http2_receive(steg_t *s, conn_t *conn, struct evbuffer *dest) +int +http::receive(conn_t *conn, struct evbuffer *dest) { struct evbuffer *source = conn_get_inbound(conn); // unsigned int type; int rval = RECV_BAD; - if (s->is_clientside) { - - // fprintf(stderr, "client type = %d\n", downcast_steg(s)->type); + if (is_clientside) { + switch(type) { - switch(downcast_steg(s)->type) { - - case HTTP_CONTENT_SWF: - rval = x_http2_handle_client_SWF_receive(s, conn, dest, source); + case HTTP_CONTENT_SWF: + rval = http_handle_client_SWF_receive(this, conn, dest, source); break; case HTTP_CONTENT_JAVASCRIPT: case HTTP_CONTENT_HTML: - rval = x_http2_handle_client_JS_receive(s, conn, dest, source); + rval = http_handle_client_JS_receive(this, conn, dest, source); break; case HTTP_CONTENT_PDF: - rval = x_http2_handle_client_PDF_receive(s, conn, dest, source); + rval = http_handle_client_PDF_receive(this, conn, dest, source); break; } - if (rval == RECV_GOOD) downcast_steg(s)->have_received = 1; + if (rval == RECV_GOOD) have_received = 1; return rval; } else { - return x_http2_server_receive(s, conn, dest, source); + return http_server_receive(this, conn, dest, source); } - + } diff --git a/src/steg/jsSteg.cc b/src/steg/jsSteg.cc index 1486255..c02a7b0 100644 --- a/src/steg/jsSteg.cc +++ b/src/steg/jsSteg.cc @@ -707,7 +707,7 @@ int testDecode2(char *inBuf, char *outBuf, int -x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, unsigned int content_type) { +http_server_JS_transmit (steg_t*, struct evbuffer *source, conn_t *conn, unsigned int content_type) { struct evbuffer_iovec *iv; int nv; @@ -734,7 +734,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un // evbuffer_dump(source, stderr); nv = evbuffer_peek(source, sbuflen, NULL, NULL, 0); - iv = xzalloc(sizeof(struct evbuffer_iovec) * nv); + iv = (evbuffer_iovec *)xzalloc(sizeof(struct evbuffer_iovec) * nv); if (evbuffer_peek(source, sbuflen, NULL, iv, nv) != nv) { free(iv); @@ -761,7 +761,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un // Convert data in 'source' to hexadecimal and write it to data cnt = 0; for (i = 0; i < nv; i++) { - const unsigned char *p = iv[i].iov_base; + const unsigned char *p = (const unsigned char *)iv[i].iov_base; const unsigned char *limit = p + iv[i].iov_len; char c; @@ -809,11 +809,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un hLen = hend+4-jsTemplate; cLen = jsLen - hLen; - outbuf = malloc(cLen); - if (outbuf == NULL) { - log_warn("malloc for outbuf fails"); - return -1; - } + outbuf = (char *)xmalloc(cLen); r = encodeHTTPBody(data, hend+4, outbuf, datalen, cLen, cLen, mode); @@ -826,11 +822,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un if (gzipMode == 1) { // conservative estimate: // sizeof outbuf2 = cLen + 10-byte for gzip header + 8-byte for crc - outbuf2 = malloc(cLen+18); - if (outbuf2 == NULL) { - log_warn("malloc for outbuf2 fails"); - return -1; - } + outbuf2 = (char *)xmalloc(cLen+18); outbuf2len = gzDeflate(outbuf, cLen, outbuf2, cLen+18, time(NULL)); @@ -893,7 +885,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un int -x_http2_handle_client_JS_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { +http_handle_client_JS_receive(steg_t *, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { struct evbuffer_ptr s2; unsigned int response_len = 0; unsigned int content_len = 0; diff --git a/src/steg/jsSteg.h b/src/steg/jsSteg.h index 949aa25..8a351cc 100644 --- a/src/steg/jsSteg.h +++ b/src/steg/jsSteg.h @@ -62,10 +62,10 @@ int testDecode2(char *inBuf, char *outBuf, int -x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, unsigned int content_type); +http_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, unsigned int content_type); int -x_http2_handle_client_JS_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); +http_handle_client_JS_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); diff --git a/src/steg/payloads.cc b/src/steg/payloads.cc index 2b82451..84bfd00 100644 --- a/src/steg/payloads.cc +++ b/src/steg/payloads.cc @@ -272,11 +272,11 @@ void load_payloads(const char* fname) { // } if (r < 0) { - payloads[payload_count] = malloc(pentry.length + 1); + payloads[payload_count] = (char *)xmalloc(pentry.length + 1); memcpy(payloads[payload_count], buf, pentry.length); } else { pentry.length = r; - payloads[payload_count] = malloc(pentry.length + 1); + payloads[payload_count] = (char *)xmalloc(pentry.length + 1); memcpy(payloads[payload_count], buf2, pentry.length); } payload_hdrs[payload_count] = pentry; @@ -443,7 +443,7 @@ find_uri_type(char* buf_orig, int buflen) { char* uri; char* ext; - char* buf = malloc(buflen+1); + char* buf = (char *)xmalloc(buflen+1); char* uri_end; @@ -524,7 +524,7 @@ find_uri_type(char* buf) { buf = strchr(buf, ' ') + 1; uri_len = strchr(buf, ' ') - buf; - uri = malloc(uri_len + 1); + uri = xmalloc(uri_len + 1); strncpy(uri, buf, uri_len); uri[uri_len] = 0; @@ -1396,7 +1396,7 @@ int init_PDF_payload_pool(int len, int type, int minCapacity) { -int init_SWF_payload_pool(int len, int type, int minCapacity) { +int init_SWF_payload_pool(int len, int type, int /*unused */) { // stat for usable payload int minPayloadSize = 0, maxPayloadSize = 0; @@ -1534,7 +1534,7 @@ int get_payload (int contentType, int cap, char** buf, int* size) { int -find_content_length (char *hdr, int hlen) { +find_content_length (char *hdr, int /*hlen*/) { char *clStart; char* clEnd; char *clValStart; diff --git a/src/steg/pdfSteg.cc b/src/steg/pdfSteg.cc index 81efdf4..d958b29 100644 --- a/src/steg/pdfSteg.cc +++ b/src/steg/pdfSteg.cc @@ -296,7 +296,7 @@ pdfUnwrap (char *data, unsigned int dlen, -int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) { +int http_server_PDF_transmit (steg_t*, struct evbuffer *source, conn_t *conn) { struct evbuffer *dest = conn_get_outbound(conn); size_t sbuflen = evbuffer_get_length(source); @@ -321,7 +321,7 @@ int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *con log_debug("Entering SERVER PDF transmit with sbuflen %d", (int)sbuflen); nv = evbuffer_peek(source, sbuflen, NULL, NULL, 0); - iv = xzalloc(sizeof(struct evbuffer_iovec) * nv); + iv = (evbuffer_iovec *)xzalloc(sizeof(struct evbuffer_iovec) * nv); if (evbuffer_peek(source, sbuflen, NULL, iv, nv) != nv) { free(iv); @@ -330,7 +330,7 @@ int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *con cnt = 0; for (i = 0; i < nv; i++) { - const unsigned char *p = iv[i].iov_base; + const unsigned char *p = (const unsigned char *)iv[i].iov_base; const unsigned char *limit = p + iv[i].iov_len; while (p < limit && cnt < (int)sbuflen) { data1[cnt++] = *p++; @@ -430,7 +430,7 @@ int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *con int -x_http2_handle_client_PDF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { +http_handle_client_PDF_receive(steg_t *, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { struct evbuffer_ptr s2; unsigned int response_len = 0, hdrLen; char outbuf[HTTP_MSG_BUF_SIZE]; diff --git a/src/steg/pdfSteg.h b/src/steg/pdfSteg.h index 7e48449..3c7a4bd 100644 --- a/src/steg/pdfSteg.h +++ b/src/steg/pdfSteg.h @@ -21,9 +21,9 @@ int pdfUnwrap (char *data, unsigned int dlen, char *outbuf, unsigned int outbufs int addDelimiter(char *inbuf, int inbuflen, char *outbuf, int outbuflen, const char delimiter1, const char delimiter2); int removeDelimiter(char *inbuf, int inbuflen, char *outbuf, int outbuflen, const char delimiter1, int* endFlag, int* escape); -int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn); +int http_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn); int -x_http2_handle_client_PDF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); +http_handle_client_PDF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); #endif diff --git a/src/steg/swfSteg.cc b/src/steg/swfSteg.cc index ad3d5c8..8c3bd2e 100644 --- a/src/steg/swfSteg.cc +++ b/src/steg/swfSteg.cc @@ -57,22 +57,8 @@ swf_wrap(char* inbuf, int in_len, char* outbuf, int out_sz) { } - tmp_buf = malloc(in_len + SWF_SAVE_HEADER_LEN + SWF_SAVE_FOOTER_LEN); - - if (tmp_buf == NULL) { - log_warn("swfsteg: malloc failed\n"); - return -1; - } - - - tmp_buf2 = malloc(in_len + SWF_SAVE_HEADER_LEN + SWF_SAVE_FOOTER_LEN + 512); - - if (tmp_buf2 == NULL) { - free(tmp_buf); - log_warn("swfsteg: malloc failed\n"); - return -1; - } - + tmp_buf = (char *)xmalloc(in_len + SWF_SAVE_HEADER_LEN + SWF_SAVE_FOOTER_LEN); + tmp_buf2 = (char *)xmalloc(in_len + SWF_SAVE_HEADER_LEN + SWF_SAVE_FOOTER_LEN + 512); memcpy(tmp_buf, swf+8, SWF_SAVE_HEADER_LEN); memcpy(tmp_buf+SWF_SAVE_HEADER_LEN, inbuf, in_len); @@ -111,7 +97,7 @@ swf_unwrap(char* inbuf, int in_len, char* outbuf, int out_sz) { char* tmp_buf; int inf_len; - tmp_buf = malloc(in_len * 8); + tmp_buf = (char *)xmalloc(in_len * 8); inf_len = inf(inbuf + 8, in_len - 8, tmp_buf, in_len * 8); @@ -137,7 +123,7 @@ swf_unwrap(char* inbuf, int in_len, char* outbuf, int out_sz) { int -x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) { +http_server_SWF_transmit (steg_t*, struct evbuffer *source, conn_t *conn) { struct evbuffer *dest = conn_get_outbound(conn); size_t sbuflen = evbuffer_get_length(source); @@ -145,29 +131,15 @@ x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) { char* outbuf; int outlen; + inbuf = (char *)xmalloc(sbuflen); - - inbuf = malloc(sbuflen); - - if (inbuf == NULL) { - log_warn("malloc inbuf failed\n"); - return -1; - } - - if (evbuffer_remove(source, inbuf, sbuflen) == -1) { - log_debug("evbuffer_remove failed in x_http2_server_SWF_transmit"); + log_debug("evbuffer_remove failed in http_server_SWF_transmit"); return -1; } - outbuf = malloc(4*sbuflen + SWF_SAVE_FOOTER_LEN + SWF_SAVE_HEADER_LEN + 512); + outbuf = (char *)xmalloc(4*sbuflen + SWF_SAVE_FOOTER_LEN + SWF_SAVE_HEADER_LEN + 512); - if (outbuf == NULL) { - free(inbuf); - log_warn("malloc outbuf failed\n"); - return -1; - } - // fprintf(stderr, "server wrapping swf len %d\n", (int) sbuflen); outlen = swf_wrap(inbuf, sbuflen, outbuf, 4*sbuflen + SWF_SAVE_FOOTER_LEN + SWF_SAVE_HEADER_LEN + 512); @@ -181,7 +153,7 @@ x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) { if (evbuffer_add(dest, outbuf, outlen)) { - log_debug("SERVER ERROR: x_http2_server_transmit: evbuffer_add() fails for jsTemplate"); + log_debug("SERVER ERROR: http_server_transmit: evbuffer_add() fails for jsTemplate"); free(inbuf); free(outbuf); return -1; @@ -201,7 +173,7 @@ x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) { int -x_http2_handle_client_SWF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { +http_handle_client_SWF_receive(steg_t *, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { struct evbuffer_ptr s2; unsigned int response_len = 0, hdrLen; char outbuf[HTTP_MSG_BUF_SIZE]; diff --git a/src/steg/swfSteg.h b/src/steg/swfSteg.h index dc6bc04..7be5207 100644 --- a/src/steg/swfSteg.h +++ b/src/steg/swfSteg.h @@ -31,11 +31,11 @@ unsigned int swf_unwrap(char* inbuf, int in_len, char* outbuf, int out_sz); int -x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn); +http_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn); int -x_http2_handle_client_SWF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); +http_handle_client_SWF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); #endif diff --git a/start-client.csh b/start-client.csh deleted file mode 100644 index 65f4465..0000000 --- a/start-client.csh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/csh -# ./obfsproxy --log-min-severity=debug x_dsteg socks 127.0.0.1:1080 x_http - -setenv EVENT_NOKQUEUE yes -#./obfsproxy --log-min-severity=debug chop socks 127.0.0.1:1080 127.0.0.1:8080 x_http2 127.0.0.1:8081 x_http2 -# ./obfsproxy --log-min-severity=warn chop socks 127.0.0.1:1080 127.0.0.1:8080 x_http2 127.0.0.1:8081 x_http2 -./obfsproxy --log-min-severity=error chop socks 127.0.0.1:1080 127.0.0.1:8080 x_http2 127.0.0.1:8081 x_http2 - diff --git a/start-obfsproxy.sh b/start-obfsproxy.sh deleted file mode 100755 index cc70c28..0000000 --- a/start-obfsproxy.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/bash - -ODIR=~/src/DEFIANCE/stegotorus - -################################################################################ -# helper functions: - -usage () { -if [ $# -gt 0 ]; then - echo " *** ERROR: $1" -fi -cat << EOF - -usage: $0 <OPTIONS> [server|client] [install-dir] - -Start obfsproxy server or client with given options. If the optional install-dir -is given, override the value set in the script. - -OPTIONS: - -h Show this message - -i <addr> IP address (default: 127.0.0.1) - -p <n> port number (default: 8080) - -l <severity> Log severity: warn, error, debug (default: error) - -b <host> Host name (or IP address) of Tor Bridge - with port number attached via ':' or omitted - (default: 87.73.82.145:8080) - -n <n> Multiply the number of IP addresses on the client -EOF -} - -################################################################################ -# parse command line: - -# default values: -IP=127.0.0.1 -PORT=8080 -N=1 -LOG=error -BRIDGE_IP=87.73.82.145 -BRIDGE_PORT=8080 -while getopts "hi:p:l:b:n:" OPTION -do - case $OPTION in - h|\?) - usage; exit 1 - ;; - i) - IP=$OPTARG - ;; - p) - PORT=$OPTARG - ;; - n) - N=$OPTARG - ;; - l) - LOG=`echo $OPTARG | tr '[A-Z]' '[a-z]'` # make lower case - ;; - b) - arr=(${OPTARG//:/ }) - BRIDGE_IP=${arr[0]} - if [ ${#arr[@]} -gt 1 ]; then - BRIDGE_PORT=${arr[1]} - fi - ;; - esac - shift $((OPTIND-1)); OPTIND=1 -done - -# test if $LOG is valid -case $LOG in - debug|warn|error) - ;; - *) - usage "Unknown log level given: $LOG"; exit 1 - ;; -esac - -# now $@ has remaining arguments: -if [ $# -lt 1 ]; then - usage "need 'server' or 'client' as argument"; exit 1 -fi -TYPE=`echo $1 | tr '[A-Z]' '[a-z]'` # turn argument into lower case -case $TYPE in - server|client) - ;; - *) - usage "argument $1 not recognized"; exit 1 - ;; -esac - -# check optional install location given as an argument -if [ $# -gt 1 ]; then - if [[ ! -d $2 ]]; then - usage "argument $2 is not a directory"; exit 1 - fi - if [[ ! -x $2/obfsproxy ]]; then - usage "directory $2 does not contain executable of 'obfsproxy'"; exit 1 - fi - ODIR=$2 -fi - -################################################################################ -# start obfsproxy - -echo "Using obfsproxy in \"$ODIR\"" -cd $ODIR -export EVENT_NOKQUEUE=yes -case $TYPE in - server) - ./obfsproxy --log-min-severity=$LOG chop server $BRIDGE_IP:$BRIDGE_PORT $IP:$PORT - ;; - client) - IPS="" - for (( c=1; c<=$N; c++)) ; do - IPS="${IPS}${IP}:${PORT} x_http2 " ; - done - ./obfsproxy --log-min-severity=$LOG chop socks 127.0.0.1:1080 $IPS - ;; -esac diff --git a/start-server.csh b/start-server.csh deleted file mode 100644 index b7d61e6..0000000 --- a/start-server.csh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/csh -setenv EVENT_NOKQUEUE yes -# ./obfsproxy --log-min-severity=debug chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 -# ./obfsproxy --log-min-severity=warn chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 -./obfsproxy --log-min-severity=error chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 - diff --git a/torrc b/torrc deleted file mode 100644 index ff27e61..0000000 --- a/torrc +++ /dev/null @@ -1,12 +0,0 @@ -SocksPort 9060 # what port to open for local application connections -SocksListenAddress 127.0.0.1 # accept connections only from localhost - -SafeLogging 0 -Log info file ./info.log -Log debug file ./debug.log - -Socks4Proxy 127.0.0.1:1080 - -# Bridge 87.73.82.145:8080 -Bridge 127.0.0.1:8080 -UseBridges 1

1 0

[stegotorus/master] realized that this probably breaks other steg module by returning 1 in detect
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit 4623b8e57b626b4b82cff88758018409a24512e7 Author: Jeffrey Wang <jeffreyw(a)stanford.edu> Date: Sun Dec 4 09:10:06 2011 +0000 realized that this probably breaks other steg module by returning 1 in detect git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@172 a58ff0ac-194c-e011-a152-003048836090 --- src/steg/embed.cc | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/steg/embed.cc b/src/steg/embed.cc index 3834588..9b562d9 100644 --- a/src/steg/embed.cc +++ b/src/steg/embed.cc @@ -105,7 +105,8 @@ embed::embed() { embed::~embed() { } bool embed::detect(conn_t * /* conn */) { - return 1; + // TODO: no good way to detect right now + return 0; /* change to 1 when testing */ } size_t embed::transmit_room(conn_t * /* conn */) {

1 0

[stegotorus/master] Fix a typo in configure.ac and a %d/%lu error in embed.cc.
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit 03aff0a19532893d417c6b99f6c4a7170eec6bcd Author: Zack Weinberg <zackw(a)cmu.edu> Date: Tue Dec 6 22:12:49 2011 +0000 Fix a typo in configure.ac and a %d/%lu error in embed.cc. git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@176 a58ff0ac-194c-e011-a152-003048836090 --- configure.ac | 2 +- src/steg/embed.cc | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 5a7650b..ca76a7a 100644 --- a/configure.ac +++ b/configure.ac @@ -52,7 +52,7 @@ PKG_CHECK_MODULES([libevent], [libevent >= 2.0]) PKG_CHECK_MODULES([libz], [zlib >= 1.2.3.4]) LIBS="$libevent_LIBS $libcryptopp_LIBS $libz_LIBS" -lib_CPPFLAGS="$libevent_CFLAGS $libcryptopp_CFLAGS $libz_LIBS" +lib_CPPFLAGS="$libevent_CFLAGS $libcryptopp_CFLAGS $libz_CFLAGS" AC_SUBST(lib_CPPFLAGS) # ntohl and a bunch of related functions require a special library on Windows. diff --git a/src/steg/embed.cc b/src/steg/embed.cc index 1e13851..d887ea7 100644 --- a/src/steg/embed.cc +++ b/src/steg/embed.cc @@ -109,8 +109,9 @@ bool embed::detect(conn_t *conn) { struct evbuffer *source = conn_get_inbound(conn); size_t src_len = evbuffer_get_length(source); - - log_debug("detecting buffer of length %d", src_len); + + log_debug("detecting buffer of length %lu", + (unsigned long)src_len); int cur_idx; if (evbuffer_copyout(source, &cur_idx, 4) != 4) return 0;

1 0

[stegotorus/master] making 'error' the default log level
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit 15ccb15a4aec1183e1eff6b24af7238d667e6a22 Author: Linda Briesemeister <linda.briesemeister(a)sri.com> Date: Fri Nov 18 01:00:33 2011 +0000 making 'error' the default log level git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@148 a58ff0ac-194c-e011-a152-003048836090 --- start-obfsproxy.sh | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/start-obfsproxy.sh b/start-obfsproxy.sh index 06439fe..cc70c28 100755 --- a/start-obfsproxy.sh +++ b/start-obfsproxy.sh @@ -20,7 +20,7 @@ OPTIONS: -h Show this message -i <addr> IP address (default: 127.0.0.1) -p <n> port number (default: 8080) - -l <severity> Log severity: warn, error, debug (default: debug) + -l <severity> Log severity: warn, error, debug (default: error) -b <host> Host name (or IP address) of Tor Bridge with port number attached via ':' or omitted (default: 87.73.82.145:8080) @@ -35,7 +35,7 @@ EOF IP=127.0.0.1 PORT=8080 N=1 -LOG=debug +LOG=error BRIDGE_IP=87.73.82.145 BRIDGE_PORT=8080 while getopts "hi:p:l:b:n:" OPTION

1 0

[stegotorus/master] making old functions into methods on struct
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit be8f128184567bc5e300b349d2d86b1393275843 Author: Jeffrey Wang <jeffreyw(a)stanford.edu> Date: Sun Dec 4 08:37:35 2011 +0000 making old functions into methods on struct git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@171 a58ff0ac-194c-e011-a152-003048836090 --- src/steg/embed.cc | 56 +++++++++++++++++++++++++++++----------------------- 1 files changed, 31 insertions(+), 25 deletions(-) diff --git a/src/steg/embed.cc b/src/steg/embed.cc index 1e3c34c..3834588 100644 --- a/src/steg/embed.cc +++ b/src/steg/embed.cc @@ -22,6 +22,12 @@ namespace { struct timeval last_pkt; // time at which last packet was sent/received STEG_DECLARE_METHODS(embed); + + bool advance_packet(); + short get_pkt_size(); + bool is_outgoing(); + int get_pkt_time(); + bool is_finished(); }; } @@ -68,26 +74,26 @@ int get_random_trace() { return rand() % embed_num_traces; } -bool advance_packet(embed *state) { - state->cur_pkt++; - return state->cur_pkt == state->cur->num_pkt; +bool embed::advance_packet() { + cur_pkt++; + return cur_pkt == cur->num_pkt; } -short get_pkt_size(embed *state) { - return abs(state->cur->pkt_sizes[state->cur_pkt]); +short embed::get_pkt_size() { + return abs(cur->pkt_sizes[cur_pkt]); } -bool is_outgoing(embed *state) { - return (state->cur->pkt_sizes[state->cur_pkt] < 0) ^ (state->is_clientside); +bool embed::is_outgoing() { + return (cur->pkt_sizes[cur_pkt] < 0) ^ is_clientside; } -int get_pkt_time(embed *state) { - return state->cur->pkt_times[state->cur_pkt]; +int embed::get_pkt_time() { + return cur->pkt_times[cur_pkt]; } -bool is_finished(embed *state) { - if (state->cur_idx == -1) return true; - return state->cur_pkt >= state->cur->num_pkt; +bool embed::is_finished() { + if (cur_idx == -1) return true; + return cur_pkt >= cur->num_pkt; } embed::embed() { @@ -112,12 +118,12 @@ size_t embed::transmit_room(conn_t * /* conn */) { int time_diff = millis_since(&last_pkt); size_t room; - if (is_finished(this) || !is_outgoing(this)) return 0; - if (get_pkt_time(this) > time_diff+10) return 0; + if (is_finished() || !is_outgoing()) return 0; + if (get_pkt_time() > time_diff+10) return 0; // 24 bytes for chop header, 2 bytes for data length // 4 bytes for the index of a new trace - room = get_pkt_size(this) - 26; + room = get_pkt_size() - 26; if (cur_pkt == 0) { room -= 4; } @@ -127,7 +133,7 @@ size_t embed::transmit_room(conn_t * /* conn */) { int embed::transmit(struct evbuffer *source, conn_t *conn) { struct evbuffer *dest = conn_get_outbound(conn); short src_len = evbuffer_get_length(source); - short pkt_size = get_pkt_size(this); + short pkt_size = get_pkt_size(); short used = src_len + 2; // starting a new trace, send the index @@ -153,12 +159,12 @@ int embed::transmit(struct evbuffer *source, conn_t *conn) { } // check if this trace is finished and whether we need to send again - if (advance_packet(this)) { + if (advance_packet()) { log_debug("send finished trace"); conn_close_after_transmit(conn); - } else if (is_outgoing(this)) { - log_debug("sending again in %d ms", get_pkt_time(this)); - conn_transmit_soon(conn, get_pkt_time(this)); + } else if (is_outgoing()) { + log_debug("sending again in %d ms", get_pkt_time()); + conn_transmit_soon(conn, get_pkt_time()); } // update last time @@ -187,7 +193,7 @@ int embed::receive(conn_t *conn, struct evbuffer *dest) { // in the trace when we have read enough bytes while (1) { // the next full packet is not in the source buffer yet - int exp_pkt_size = get_pkt_size(this); + int exp_pkt_size = get_pkt_size(); if (src_len < exp_pkt_size) break; // read data @@ -213,7 +219,7 @@ int embed::receive(conn_t *conn, struct evbuffer *dest) { cur_pkt, cur_idx); // advance packet; if done with trace, sender should close connection - if (advance_packet(this)) { + if (advance_packet()) { conn_cease_transmission(conn); conn_expect_close(conn); log_debug("received last packet in trace"); @@ -221,9 +227,9 @@ int embed::receive(conn_t *conn, struct evbuffer *dest) { } } - if (is_outgoing(this)) { - log_debug("preparing to send in %d ms", get_pkt_time(this)); - conn_transmit_soon(conn, get_pkt_time(this)); + if (is_outgoing()) { + log_debug("preparing to send in %d ms", get_pkt_time()); + conn_transmit_soon(conn, get_pkt_time()); } log_debug("remaining source length: %d", src_len);

1 0

[stegotorus/master] a reasonable implementation of embed::detect()
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit 9fae0496723181c1da06ff856ff951d768371a87 Author: Jeffrey Wang <jeffreyw(a)stanford.edu> Date: Tue Dec 6 07:34:48 2011 +0000 a reasonable implementation of embed::detect() git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@175 a58ff0ac-194c-e011-a152-003048836090 --- src/steg/embed.cc | 32 ++++++++++++++++++++++++++------ 1 files changed, 26 insertions(+), 6 deletions(-) diff --git a/src/steg/embed.cc b/src/steg/embed.cc index 9b562d9..1e13851 100644 --- a/src/steg/embed.cc +++ b/src/steg/embed.cc @@ -104,9 +104,29 @@ embed::embed() { embed::~embed() { } -bool embed::detect(conn_t * /* conn */) { - // TODO: no good way to detect right now - return 0; /* change to 1 when testing */ +bool embed::detect(conn_t *conn) { + if (!embed_init) init_embed_traces(); + + struct evbuffer *source = conn_get_inbound(conn); + size_t src_len = evbuffer_get_length(source); + + log_debug("detecting buffer of length %d", src_len); + + int cur_idx; + if (evbuffer_copyout(source, &cur_idx, 4) != 4) return 0; + if (cur_idx < 0 || cur_idx >= embed_num_traces) return 0; + + trace_t *cur = &embed_traces[cur_idx]; + size_t tot_len = 0; + int idx = 0; + while (idx < cur->num_pkt && cur->pkt_sizes[idx] >= 0) { + tot_len += cur->pkt_sizes[idx++]; + if (src_len == tot_len) { + log_debug("detected embed trace %d", cur_idx); + return 1; + } + } + return 0; } size_t embed::transmit_room(conn_t * /* conn */) { @@ -122,9 +142,9 @@ size_t embed::transmit_room(conn_t * /* conn */) { if (is_finished() || !is_outgoing()) return 0; if (get_pkt_time() > time_diff+10) return 0; - // 24 bytes for chop header, 2 bytes for data length + // 24 bytes for chop header, 16 bytes for GCM tag, 2 bytes for data length // 4 bytes for the index of a new trace - room = get_pkt_size() - 26; + room = get_pkt_size() - 42; if (cur_pkt == 0) { room -= 4; } @@ -187,7 +207,7 @@ int embed::receive(conn_t *conn, struct evbuffer *dest) { cur_pkt = 0; pkt_size += 4; - log_debug("detected trace %d", cur_idx); + log_debug("received first packet of trace %d", cur_idx); } // keep reading data and padding from the source, advancing the packet

1 0

[stegotorus/master] Making code compile under Ubuntu 11.10 by casting insigned integers and using fscanf return values
by zwol＠torproject.org 20 Jul '12

20 Jul '12

commit 6dad11131b4d4dfbfe06f14ea2c235d80c403123 Author: Linda Briesemeister <linda.briesemeister(a)sri.com> Date: Fri Dec 16 20:31:43 2011 +0000 Making code compile under Ubuntu 11.10 by casting insigned integers and using fscanf return values git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@183 a58ff0ac-194c-e011-a152-003048836090 --- src/steg/cookies.cc | 3 +-- src/steg/embed.cc | 19 ++++++++++++++----- src/steg/jsSteg.cc | 6 +++--- src/steg/payloads.cc | 6 +++--- 4 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/steg/cookies.cc b/src/steg/cookies.cc index c773386..aa2d108 100644 --- a/src/steg/cookies.cc +++ b/src/steg/cookies.cc @@ -29,7 +29,7 @@ int unwrap_cookie(unsigned char* inbuf, unsigned char* outbuf, int buflen) { int gen_one_cookie(unsigned char* outbuf, int cookielen, unsigned char* data, int datalen) { int sofar = 0; unsigned char c; - int namelen, vlen; + int namelen; int data_consumed = 0; if (cookielen < 4) @@ -42,7 +42,6 @@ int gen_one_cookie(unsigned char* outbuf, int cookielen, unsigned char* data, in else namelen = rand() % (cookielen - 3) + 1; - vlen = cookielen - namelen; diff --git a/src/steg/embed.cc b/src/steg/embed.cc index 75562bc..447d4cf 100644 --- a/src/steg/embed.cc +++ b/src/steg/embed.cc @@ -51,18 +51,27 @@ int millis_since(struct timeval *last) { void init_embed_traces() { // read in traces to use for connections FILE *trace_file = fopen("traces/embed.txt", "r"); - fscanf(trace_file, "%d", &embed_num_traces); + if (fscanf(trace_file, "%d", &embed_num_traces) < 1) { + log_abort("couldn't read number of traces to use -- exiting"); + exit(1); + } embed_traces = (trace_t *)xmalloc(sizeof(trace_t) * embed_num_traces); for (int i = 0; i < embed_num_traces; i++) { int num_pkt; - fscanf(trace_file, "%d", &num_pkt); + if (fscanf(trace_file, "%d", &num_pkt) < 1) { + log_abort("couldn't read number of packets to use -- exiting"); + exit(1); + } embed_traces[i].num_pkt = num_pkt; embed_traces[i].pkt_sizes = (short *)xmalloc(sizeof(short) * num_pkt); embed_traces[i].pkt_times = (int *)xmalloc(sizeof(int) * num_pkt); for (int j = 0; j < embed_traces[i].num_pkt; j++) { - fscanf(trace_file, "%hd %d", - &embed_traces[i].pkt_sizes[j], - &embed_traces[i].pkt_times[j]); + if (fscanf(trace_file, "%hd %d", + &embed_traces[i].pkt_sizes[j], + &embed_traces[i].pkt_times[j]) < 1) { + log_abort("couldn't read numbers of packet size and times to use -- exiting"); + exit(1); + } } } log_debug("read %d traces to use", embed_num_traces); diff --git a/src/steg/jsSteg.cc b/src/steg/jsSteg.cc index c02a7b0..8cbff87 100644 --- a/src/steg/jsSteg.cc +++ b/src/steg/jsSteg.cc @@ -887,7 +887,7 @@ http_server_JS_transmit (steg_t*, struct evbuffer *source, conn_t *conn, unsigne int http_handle_client_JS_receive(steg_t *, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { struct evbuffer_ptr s2; - unsigned int response_len = 0; + int response_len = 0; unsigned int content_len = 0; unsigned int hdrLen; char buf[10]; @@ -949,7 +949,7 @@ http_handle_client_JS_receive(steg_t *, conn_t *conn, struct evbuffer *dest, str response_len += content_len; - if (response_len > evbuffer_get_length(source)) + if (response_len > (int) evbuffer_get_length(source)) return RECV_INCOMPLETE; // read the entire HTTP resp @@ -1060,7 +1060,7 @@ http_handle_client_JS_receive(steg_t *, conn_t *conn, struct evbuffer *dest, str evbuffer_free(scratch); - if (response_len <= evbuffer_get_length(source)) { + if (response_len <= (int) evbuffer_get_length(source)) { if (evbuffer_drain(source, response_len) == -1) { log_warn("CLIENT ERROR: Failed to drain source"); return RECV_BAD; diff --git a/src/steg/payloads.cc b/src/steg/payloads.cc index 84bfd00..34c2963 100644 --- a/src/steg/payloads.cc +++ b/src/steg/payloads.cc @@ -916,7 +916,7 @@ strInBinary (const char *pattern, unsigned int patternLen, char *cp = (char *)blob; while (1) { - if (blob+blobLen-cp < patternLen) break; + if (blob+blobLen-cp < (int) patternLen) break; if (*cp == pattern[0]) { if (memcmp(cp, pattern, patternLen) == 0) { found = 1; @@ -955,7 +955,7 @@ strInBinary (const char *pattern, unsigned int patternLen, int has_eligible_HTTP_content (char* buf, int len, int type) { char* ptr = buf; char* matchptr; - int tjFlag=0, thFlag=0, ceFlag=0, teFlag=0, http304Flag=0, clZeroFlag=0, pdfFlag=0, swfFlag=0, gzipFlag=0; + int tjFlag=0, thFlag=0, ceFlag=0, teFlag=0, http304Flag=0, clZeroFlag=0, pdfFlag=0, swfFlag=0; //, gzipFlag=0; // compiler under Ubuntu complains about unused vars, so commenting out until we need it char* end, *cp; #ifdef DEBUG @@ -997,7 +997,7 @@ int has_eligible_HTTP_content (char* buf, int len, int type) { } } else if (!strncmp(ptr, "Content-Encoding: gzip", 22)) { - gzipFlag = 1; + // gzipFlag = 1; // commented out as variable is set but never read and Ubuntu compiler complains } else if (!strncmp(ptr, "Content-Encoding:", 17)) { // Content-Encoding that is not gzip ceFlag = 1; } else if (!strncmp(ptr, "Transfer-Encoding:", 18)) {

1 0