[tor-commits] [stegotorus/master] Compilation fixes after the merge

commit d9808c06258cd7f1d00172ed078c090d53375b89 Author: Zack Weinberg zackw@cmu.edu Date: Thu Dec 1 23:45:00 2011 +0000

Compilation fixes after the merge --- Makefile.am | 10 +- NOTES | 20 --- README.Linda | 69 --------- configure.ac | 10 +- doc/NOTES | 20 +++ doc/NOTES.Linda | 69 +++++++++ scripts/start-client.csh | 8 + scripts/start-obfsproxy.sh | 120 ++++++++++++++++ scripts/start-server.csh | 6 + scripts/torrc | 12 ++ src/protocol/chop.cc | 125 +++++++++--------- src/steg/http.cc | 328 ++++++++++++++++++++------------------------ src/steg/jsSteg.cc | 20 +-- src/steg/jsSteg.h | 4 +- src/steg/payloads.cc | 12 +- src/steg/pdfSteg.cc | 8 +- src/steg/pdfSteg.h | 4 +- src/steg/swfSteg.cc | 46 ++----- src/steg/swfSteg.h | 4 +- start-client.csh | 8 - start-obfsproxy.sh | 120 ---------------- start-server.csh | 6 - torrc | 12 -- 23 files changed, 487 insertions(+), 554 deletions(-)

diff --git a/Makefile.am b/Makefile.am index bbd89a6..ebe3fdd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,14 +19,14 @@ PROTOCOLS = \ src/protocol/x_null.cc

STEGANOGRAPHERS = \ - src/steg/http.cc \ - src/steg/payloads.cc \ src/steg/cookies.cc \ + src/steg/crc32.cc \ + src/steg/http.cc \ src/steg/jsSteg.cc \ + src/steg/payloads.cc \ + src/steg/pdfSteg.cc \ src/steg/swfSteg.cc \ - src/steg/zpack.cc \ - src/steg/crc32.cc \ - src/steg/pdfSteg.cc + src/steg/zpack.cc

libstegotorus_a_SOURCES = \ src/connections.cc \ diff --git a/NOTES b/NOTES deleted file mode 100644 index 5b5f23c..0000000 --- a/NOTES +++ /dev/null @@ -1,20 +0,0 @@ -To Test ObfsProxy: - -start server (start-server.csh) -start client (start-client.csh) -start Tor (copy torrc.sample to etc/tor) - - -Now test tor: -curl --socks4a 127.0.0.1:9060 -o - http://check.torproject.org - - -To add new steg modules: - -1. Add a file below src/steg which implements a steg module; note that -the STEG_DEFINE_MODULE boilerplate macro is mandatory. The name of -the file should be the same as the name of the module (as set by -STEG_DEFINE_MODULE) plus the .c extension. -2. Add the file to the STEGANOGRAPHERS list in Makefile.am. - -That should be all that is necessary. diff --git a/README.Linda b/README.Linda deleted file mode 100644 index 2ecaa3c..0000000 --- a/README.Linda +++ /dev/null @@ -1,69 +0,0 @@ -compiling obfsproxy on Mac OS X 10.6 -==================================== - -0) prelims - - a) autoconf 2.68 - -cd ~/src/autoconf-2.68 -./configure --prefix=/usr && make -make check # takes a long, long time! -sudo make install - - b) automake 1.11 - -cd ~/src/automake-1.11.1 -./configure --prefix=/usr && make -sudo make install - -1) obfsproxy - -cd ~/src/DEFIANCE/code/obfsproxy -./autogen.sh -./configure -make - - -compiling obfsproxy under Ubuntu 11.10 -====================================== - -in source directory: - -[ in file Makefile.am: add "-Wno-error=format" at the end of WARNINGS variable; remove "-Werror" & save ] - -$> ./autogen.sh -$> ./configure -[…] -configure: error: Package requirements (libcrypto >= 0.9.7) were not met: - -No package 'libcrypto' found -[…] -$> sudo find / -name openssl.pc -/usr/lib/i386-linux-gnu/pkgconfig/openssl.pc -$> echo $PKG_CONFIG_PATH - -$> export PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig -$> ./configure -$> make - - -compiling obfsproxy under Ubuntu 10.04 (DETERlab) -================================================= - -create local disk space: - -$> sudo /usr/local/etc/emulab/mkextrafs.pl /mnt - -copy source code there to compile: - -$> sudo mkdir /mnt/local/alice -$> sudo chown linda:SAF-DEFIANCE /mnt/local/alice -$> cd /mnt/local/alice -$> tar -xzvf ~/src/obfsproxy-3.2.tar.gz -$> cd obfsproxy-3.2 -$> make clean # without this it will complain about some protocols not found! -$> emacs Makefile.am -[ add "-Wno-error=format" at the end of WARNINGS variable; remove "-Werror" & save & exit ] -$> ./autogen.sh -$> ./configure -$> make diff --git a/configure.ac b/configure.ac index a0fff6f..5a7650b 100644 --- a/configure.ac +++ b/configure.ac @@ -43,12 +43,16 @@ AM_CONDITIONAL([INTEGRATION_TESTS], [test "$PYOS" = "posix"])

### Libraries ###

-PKG_CHECK_MODULES([libevent], [libevent >= 2.0]) # libcrypto++ 5.6.0 is the earliest version with GCM support. PKG_CHECK_MODULES([libcryptopp], [libcrypto++ >= 5.6.0]) +# libevent 2.0 radically changed the API +PKG_CHECK_MODULES([libevent], [libevent >= 2.0]) +# there's no good reason not to require the latest zlib, which is +# from 2009 +PKG_CHECK_MODULES([libz], [zlib >= 1.2.3.4])

-LIBS="$libevent_LIBS $libcryptopp_LIBS" -lib_CPPFLAGS="$libevent_CFLAGS $libcryptopp_CFLAGS" +LIBS="$libevent_LIBS $libcryptopp_LIBS $libz_LIBS" +lib_CPPFLAGS="$libevent_CFLAGS $libcryptopp_CFLAGS $libz_LIBS" AC_SUBST(lib_CPPFLAGS)

# ntohl and a bunch of related functions require a special library on Windows. diff --git a/doc/NOTES b/doc/NOTES new file mode 100644 index 0000000..5b5f23c --- /dev/null +++ b/doc/NOTES @@ -0,0 +1,20 @@ +To Test ObfsProxy: + +start server (start-server.csh) +start client (start-client.csh) +start Tor (copy torrc.sample to etc/tor) + + +Now test tor: +curl --socks4a 127.0.0.1:9060 -o - http://check.torproject.org + + +To add new steg modules: + +1. Add a file below src/steg which implements a steg module; note that +the STEG_DEFINE_MODULE boilerplate macro is mandatory. The name of +the file should be the same as the name of the module (as set by +STEG_DEFINE_MODULE) plus the .c extension. +2. Add the file to the STEGANOGRAPHERS list in Makefile.am. + +That should be all that is necessary. diff --git a/doc/NOTES.Linda b/doc/NOTES.Linda new file mode 100644 index 0000000..2ecaa3c --- /dev/null +++ b/doc/NOTES.Linda @@ -0,0 +1,69 @@ +compiling obfsproxy on Mac OS X 10.6 +==================================== + +0) prelims + + a) autoconf 2.68 + +cd ~/src/autoconf-2.68 +./configure --prefix=/usr && make +make check # takes a long, long time! +sudo make install + + b) automake 1.11 + +cd ~/src/automake-1.11.1 +./configure --prefix=/usr && make +sudo make install + +1) obfsproxy + +cd ~/src/DEFIANCE/code/obfsproxy +./autogen.sh +./configure +make + + +compiling obfsproxy under Ubuntu 11.10 +====================================== + +in source directory: + +[ in file Makefile.am: add "-Wno-error=format" at the end of WARNINGS variable; remove "-Werror" & save ] + +$> ./autogen.sh +$> ./configure +[…] +configure: error: Package requirements (libcrypto >= 0.9.7) were not met: + +No package 'libcrypto' found +[…] +$> sudo find / -name openssl.pc +/usr/lib/i386-linux-gnu/pkgconfig/openssl.pc +$> echo $PKG_CONFIG_PATH + +$> export PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig +$> ./configure +$> make + + +compiling obfsproxy under Ubuntu 10.04 (DETERlab) +================================================= + +create local disk space: + +$> sudo /usr/local/etc/emulab/mkextrafs.pl /mnt + +copy source code there to compile: + +$> sudo mkdir /mnt/local/alice +$> sudo chown linda:SAF-DEFIANCE /mnt/local/alice +$> cd /mnt/local/alice +$> tar -xzvf ~/src/obfsproxy-3.2.tar.gz +$> cd obfsproxy-3.2 +$> make clean # without this it will complain about some protocols not found! +$> emacs Makefile.am +[ add "-Wno-error=format" at the end of WARNINGS variable; remove "-Werror" & save & exit ] +$> ./autogen.sh +$> ./configure +$> make diff --git a/scripts/start-client.csh b/scripts/start-client.csh new file mode 100644 index 0000000..6eda343 --- /dev/null +++ b/scripts/start-client.csh @@ -0,0 +1,8 @@ +#!/bin/csh +# ./obfsproxy --log-min-severity=debug x_dsteg socks 127.0.0.1:1080 x_http + +setenv EVENT_NOKQUEUE yes +#./obfsproxy --log-min-severity=debug chop socks 127.0.0.1:1080 127.0.0.1:8080 http 127.0.0.1:8081 http +# ./obfsproxy --log-min-severity=warn chop socks 127.0.0.1:1080 127.0.0.1:8080 http 127.0.0.1:8081 http +./obfsproxy --log-min-severity=error chop socks 127.0.0.1:1080 127.0.0.1:8080 http 127.0.0.1:8081 http + diff --git a/scripts/start-obfsproxy.sh b/scripts/start-obfsproxy.sh new file mode 100755 index 0000000..45c99da --- /dev/null +++ b/scripts/start-obfsproxy.sh @@ -0,0 +1,120 @@ +#!/bin/bash + +ODIR=~/src/DEFIANCE/stegotorus + +################################################################################ +# helper functions: + +usage () { +if [ $# -gt 0 ]; then + echo " *** ERROR: $1" +fi +cat << EOF + +usage: $0 <OPTIONS> [server|client] [install-dir] + +Start obfsproxy server or client with given options. If the optional install-dir +is given, override the value set in the script. + +OPTIONS: + -h Show this message + -i <addr> IP address (default: 127.0.0.1) + -p <n> port number (default: 8080) + -l <severity> Log severity: warn, error, debug (default: error) + -b <host> Host name (or IP address) of Tor Bridge + with port number attached via ':' or omitted + (default: 87.73.82.145:8080) + -n <n> Multiply the number of IP addresses on the client +EOF +} + +################################################################################ +# parse command line: + +# default values: +IP=127.0.0.1 +PORT=8080 +N=1 +LOG=error +BRIDGE_IP=87.73.82.145 +BRIDGE_PORT=8080 +while getopts "hi:p:l:b:n:" OPTION +do + case $OPTION in + h|?) + usage; exit 1 + ;; + i) + IP=$OPTARG + ;; + p) + PORT=$OPTARG + ;; + n) + N=$OPTARG + ;; + l) + LOG=`echo $OPTARG | tr '[A-Z]' '[a-z]'` # make lower case + ;; + b) + arr=(${OPTARG//:/ }) + BRIDGE_IP=${arr[0]} + if [ ${#arr[@]} -gt 1 ]; then + BRIDGE_PORT=${arr[1]} + fi + ;; + esac + shift $((OPTIND-1)); OPTIND=1 +done + +# test if $LOG is valid +case $LOG in + debug|warn|error) + ;; + *) + usage "Unknown log level given: $LOG"; exit 1 + ;; +esac + +# now $@ has remaining arguments: +if [ $# -lt 1 ]; then + usage "need 'server' or 'client' as argument"; exit 1 +fi +TYPE=`echo $1 | tr '[A-Z]' '[a-z]'` # turn argument into lower case +case $TYPE in + server|client) + ;; + *) + usage "argument $1 not recognized"; exit 1 + ;; +esac + +# check optional install location given as an argument +if [ $# -gt 1 ]; then + if [[ ! -d $2 ]]; then + usage "argument $2 is not a directory"; exit 1 + fi + if [[ ! -x $2/obfsproxy ]]; then + usage "directory $2 does not contain executable of 'obfsproxy'"; exit 1 + fi + ODIR=$2 +fi + +################################################################################ +# start obfsproxy + +echo "Using obfsproxy in "$ODIR"" +cd $ODIR +export EVENT_NOKQUEUE=yes +case $TYPE in + server) + ./obfsproxy --log-min-severity=$LOG chop server $BRIDGE_IP:$BRIDGE_PORT $IP:$PORT + ;; + client) + IPS="" + for (( c=1; c<=$N; c++)) ; do + IPS="${IPS}${IP}:${PORT} http " ; + done + ./obfsproxy --log-min-severity=$LOG chop socks 127.0.0.1:1080 $IPS + ;; +esac diff --git a/scripts/start-server.csh b/scripts/start-server.csh new file mode 100644 index 0000000..b7d61e6 --- /dev/null +++ b/scripts/start-server.csh @@ -0,0 +1,6 @@ +#!/bin/csh +setenv EVENT_NOKQUEUE yes +# ./obfsproxy --log-min-severity=debug chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 +# ./obfsproxy --log-min-severity=warn chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 +./obfsproxy --log-min-severity=error chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 + diff --git a/scripts/torrc b/scripts/torrc new file mode 100644 index 0000000..ff27e61 --- /dev/null +++ b/scripts/torrc @@ -0,0 +1,12 @@ +SocksPort 9060 # what port to open for local application connections +SocksListenAddress 127.0.0.1 # accept connections only from localhost + +SafeLogging 0 +Log info file ./info.log +Log debug file ./debug.log + +Socks4Proxy 127.0.0.1:1080 + +# Bridge 87.73.82.145:8080 +Bridge 127.0.0.1:8080 +UseBridges 1 diff --git a/src/protocol/chop.cc b/src/protocol/chop.cc index 7045ea8..3e87428 100644 --- a/src/protocol/chop.cc +++ b/src/protocol/chop.cc @@ -70,6 +70,8 @@ static const uint8_t s2c_key[] =

/* Connections and circuits */

+typedef unordered_map<uint64_t, circuit_t *> chop_circuit_table; + namespace { struct chop_conn_t : conn_t { @@ -84,7 +86,7 @@ namespace { struct chop_circuit_t : circuit_t { chop_reassembly_elt reassembly_queue; - unordered_set<chop_conn_t *> downstreams; + unordered_set<conn_t *> downstreams; encryptor *send_crypt; decryptor *recv_crypt;

@@ -100,8 +102,6 @@ namespace { CIRCUIT_DECLARE_METHODS(chop); };

- typedef unordered_map<uint64_t, chop_circuit_t *> chop_circuit_table; - struct chop_config_t : config_t { struct evutil_addrinfo *up_address; @@ -223,22 +223,22 @@ chop_decrypt_header(chop_circuit_t *ckt,

/* Transmit subroutines. */

-static chop_conn_t * +static conn_t * chop_pick_connection(chop_circuit_t *ckt, size_t desired, size_t *blocksize) { size_t maxbelow = 0; size_t minabove = SIZE_MAX; - chop_conn_t *targbelow = NULL; - chop_conn_t *targabove = NULL; + conn_t *targbelow = NULL; + conn_t *targabove = NULL;

if (desired > CHOP_MAX_DATA) desired = CHOP_MAX_DATA;

/* Find the best fit for the desired transmission from all the outbound connections' transmit rooms. */ - for (unordered_set<chop_conn_t *>::iterator i = ckt->downstreams.begin(); + for (unordered_set<conn_t *>::iterator i = ckt->downstreams.begin(); i != ckt->downstreams.end(); i++) { - chop_conn_t *conn = *i; + chop_conn_t *conn = static_cast<chop_conn_t *>(*i); /* We can only use candidates that have a steg target already. */ if (conn->steg) { /* Find the connections whose transmit rooms are closest to the @@ -282,13 +282,14 @@ chop_pick_connection(chop_circuit_t *ckt, size_t desired, size_t *blocksize) }

static int -chop_send_block(chop_conn_t *dest, +chop_send_block(conn_t *d, chop_circuit_t *ckt, struct evbuffer *source, struct evbuffer *block, uint16_t length, uint16_t flags) { + chop_conn_t *dest = static_cast<chop_conn_t *>(d); chop_header hdr; struct evbuffer_iovec v; uint8_t *p; @@ -354,17 +355,18 @@ chop_send_block(chop_conn_t *dest, }

static int -chop_send_blocks(chop_circuit_t *ckt) +chop_send_blocks(circuit_t *c) { - struct evbuffer *xmit_pending = bufferevent_get_input(ckt->up_buffer); + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); + struct evbuffer *xmit_pending = bufferevent_get_input(c->up_buffer); struct evbuffer *block; - chop_conn_t *target; + conn_t *target; size_t avail; size_t blocksize; uint16_t flags;

if (!(block = evbuffer_new())) { - log_warn(ckt, "allocation failure"); + log_warn(c, "allocation failure"); return -1; }

@@ -372,14 +374,14 @@ chop_send_blocks(chop_circuit_t *ckt) avail = evbuffer_get_length(xmit_pending); flags = ckt->sent_syn ? 0 : CHOP_F_SYN;

- log_debug(ckt, "%lu bytes to send", (unsigned long)avail); + log_debug(c, "%lu bytes to send", (unsigned long)avail);

if (avail == 0) break;

target = chop_pick_connection(ckt, avail, &blocksize); if (!target) { - log_debug(ckt, "no target connection available"); + log_debug(c, "no target connection available"); /* this is not an error; it can happen e.g. when the server has something to send immediately and the client hasn't spoken yet */ break; @@ -400,14 +402,15 @@ chop_send_blocks(chop_circuit_t *ckt) evbuffer_free(block); avail = evbuffer_get_length(xmit_pending); if (avail) - log_debug(ckt, "%lu bytes still waiting to be sent", (unsigned long)avail); + log_debug(c, "%lu bytes still waiting to be sent", (unsigned long)avail); return 0; }

static int -chop_send_targeted(chop_circuit_t *ckt, chop_conn_t *target, size_t blocksize) +chop_send_targeted(circuit_t *c, conn_t *target, size_t blocksize) { - struct evbuffer *xmit_pending = bufferevent_get_input(ckt->up_buffer); + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); + struct evbuffer *xmit_pending = bufferevent_get_input(c->up_buffer); size_t avail = evbuffer_get_length(xmit_pending); struct evbuffer *block = evbuffer_new(); uint16_t flags = 0; @@ -438,8 +441,7 @@ chop_send_targeted(chop_circuit_t *ckt, chop_conn_t *target, size_t blocksize) evbuffer_free(block); avail = evbuffer_get_length(xmit_pending); if (avail) - log_debug(ckt, "%lu bytes still waiting to be sent", - (unsigned long)avail); + log_debug(c, "%lu bytes still waiting to be sent", (unsigned long)avail); return 0;

} else { @@ -482,23 +484,24 @@ chop_send_targeted(chop_circuit_t *ckt, chop_conn_t *target, size_t blocksize) }

static int -chop_send_chaff(chop_circuit_t *ckt) +chop_send_chaff(circuit_t *c) { + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); size_t room;

- chop_conn_t *target = chop_pick_connection(ckt, 1, &room); + conn_t *target = chop_pick_connection(ckt, 1, &room); if (!target) { /* If we have connections and we can't send, that means we're waiting for the server to respond. Just wait. */ return 0; } - return chop_send_targeted(ckt, target, room); + return chop_send_targeted(c, target, room); }

static void must_transmit_timer_cb(evutil_socket_t, short, void *arg) { - chop_conn_t *conn = static_cast<chop_conn_t *>(arg); + chop_conn_t *conn = static_cast<chop_conn_t*>(arg); size_t room;

if (!conn->circuit) { @@ -518,7 +521,7 @@ must_transmit_timer_cb(evutil_socket_t, short, void *arg) }

log_debug(conn, "must transmit"); - chop_send_targeted(static_cast<chop_circuit_t *>(conn->circuit), conn, room); + chop_send_targeted(conn->circuit, conn, room); }

/* Receive subroutines. */ @@ -542,9 +545,9 @@ mod32_le(uint32_t s, uint32_t t) /** Add BLOCK to the reassembly queue at the appropriate location and merge adjacent blocks to the extent possible. */ static int -chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, - chop_header *hdr) +chop_reassemble_block(circuit_t *c, struct evbuffer *block, chop_header *hdr) { + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); chop_reassembly_elt *queue = &ckt->reassembly_queue; chop_reassembly_elt *p, *q;

@@ -554,14 +557,14 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, contents. Doing all chaff-handling here simplifies the caller at the expense of slightly more buffer-management overhead. */ if (!(hdr->flags & (CHOP_F_SYN|CHOP_F_FIN))) { - log_debug(ckt, "discarding chaff with no flags"); + log_debug(c, "discarding chaff with no flags"); evbuffer_free(block); return 0; }

hdr->length = 0; evbuffer_drain(block, evbuffer_get_length(block)); - log_debug(ckt, "chaff with flags, treating length as 0"); + log_debug(c, "chaff with flags, treating length as 0"); }

/* SYN must occur at offset zero, may not be duplicated, and if we @@ -572,7 +575,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, (queue->next != queue && ((queue->next->flags & CHOP_F_SYN) || !mod32_le(hdr->offset + hdr->length, queue->next->offset))))) { - log_warn(ckt, "protocol error: inappropriate SYN block"); + log_warn(c, "protocol error: inappropriate SYN block"); return -1; }

@@ -581,7 +584,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, if ((hdr->flags & CHOP_F_FIN) && queue->prev != queue && ((queue->prev->flags & CHOP_F_FIN) || !mod32_le(queue->prev->offset + queue->prev->length, hdr->offset))) { - log_warn(ckt, "protocol error: inappropriate FIN block"); + log_warn(c, "protocol error: inappropriate FIN block"); return -1; }

@@ -592,7 +595,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, !mod32_le(queue->next->offset + queue->next->length, hdr->offset)) || ((queue->prev->flags & CHOP_F_FIN) && !mod32_le(hdr->offset + hdr->length, queue->prev->offset)))) { - log_warn(ckt, "protocol error: inappropriate normal block"); + log_warn(c, "protocol error: inappropriate normal block"); return -1; }

@@ -614,7 +617,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block,

/* protocol error: this block goes before 'p' but does not fit after 'p->prev' */ - log_warn(ckt, "protocol error: %u byte block does not fit at offset %u", + log_warn(c, "protocol error: %u byte block does not fit at offset %u", hdr->length, hdr->offset); return -1; } @@ -625,7 +628,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, that this block goes after the last block in the list (aka p->prev). */ if (!p->data && p->prev->data && !mod32_lt(p->prev->offset + p->prev->length, hdr->offset)) { - log_warn(ckt, "protocol error: %u byte block does not fit at offset %u " + log_warn(c, "protocol error: %u byte block does not fit at offset %u " "(sentinel case)", hdr->length, hdr->offset); return -1; @@ -645,7 +648,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block,

grow_back: if (evbuffer_add_buffer(p->data, block)) { - log_warn(ckt, "failed to append to existing buffer"); + log_warn(c, "failed to append to existing buffer"); return -1; } evbuffer_free(block); @@ -656,7 +659,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, while (p->next->data && p->offset + p->length == p->next->offset) { q = p->next; if (evbuffer_add_buffer(p->data, q->data)) { - log_warn(ckt, "failed to merge buffers"); + log_warn(c, "failed to merge buffers"); return -1; } p->length += q->length; @@ -671,7 +674,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block,

grow_front: if (evbuffer_prepend_buffer(p->data, block)) { - log_warn(ckt, "failed to prepend to existing buffer"); + log_warn(c, "failed to prepend to existing buffer"); return -1; } evbuffer_free(block); @@ -683,7 +686,7 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block, while (p->prev->data && p->offset == p->prev->offset + p->prev->length) { q = p->prev; if (evbuffer_prepend_buffer(p->data, q->data)) { - log_warn(ckt, "failed to merge buffers"); + log_warn(c, "failed to merge buffers"); return -1; } p->length += q->length; @@ -701,31 +704,31 @@ chop_reassemble_block(chop_circuit_t *ckt, struct evbuffer *block,

/* Flush as much data toward upstream as we can. */ static int -chop_push_to_upstream(chop_circuit_t *ckt) +chop_push_to_upstream(circuit_t *c) { + chop_circuit_t *ckt = static_cast<chop_circuit_t *>(c); /* Only the first reassembly queue entry, if any, can possibly be ready to flush (because chop_reassemble_block ensures that there are gaps between all queue elements). */ chop_reassembly_elt *ready = ckt->reassembly_queue.next; if (!ready->data || ckt->recv_offset != ready->offset) { - log_debug(ckt, "no data pushable to upstream yet"); + log_debug(c, "no data pushable to upstream yet"); return 0; }

if (!ckt->received_syn) { if (!(ready->flags & CHOP_F_SYN)) { - log_debug(ckt, "waiting for SYN"); + log_debug(c, "waiting for SYN"); return 0; } - log_debug(ckt, "processed SYN"); + log_debug(c, "processed SYN"); ckt->received_syn = true; }

- log_debug(ckt, "can push %lu bytes to upstream", + log_debug(c, "can push %lu bytes to upstream", (unsigned long)evbuffer_get_length(ready->data)); - if (evbuffer_add_buffer(bufferevent_get_output(ckt->up_buffer), - ready->data)) { - log_warn(ckt, "failure pushing data to upstream"); + if (evbuffer_add_buffer(bufferevent_get_output(c->up_buffer), ready->data)) { + log_warn(c, "failure pushing data to upstream"); return -1; }

@@ -735,8 +738,8 @@ chop_push_to_upstream(chop_circuit_t *ckt) log_assert(!ckt->received_fin); log_assert(ready->next == &ckt->reassembly_queue); ckt->received_fin = true; - log_debug(ckt, "processed FIN"); - circuit_recv_eof(ckt); + log_debug(c, "processed FIN"); + circuit_recv_eof(c); }

log_assert(ready->next == &ckt->reassembly_queue || @@ -752,14 +755,14 @@ chop_push_to_upstream(chop_circuit_t *ckt) /* Circuit handling */

static int -chop_find_or_make_circuit(chop_conn_t *conn, uint64_t circuit_id) +chop_find_or_make_circuit(conn_t *conn, uint64_t circuit_id) { log_assert(conn->cfg->mode == LSN_SIMPLE_SERVER);

chop_config_t *cfg = static_cast<chop_config_t *>(conn->cfg); chop_circuit_table::value_type in(circuit_id, 0); std::pair<chop_circuit_table::iterator, bool> out = cfg->circuits.insert(in); - chop_circuit_t *ck; + circuit_t *ck;

if (!out.second) { // element already exists if (!out.first->second) { @@ -769,7 +772,7 @@ chop_find_or_make_circuit(chop_conn_t *conn, uint64_t circuit_id) ck = out.first->second; log_debug(conn, "found circuit to %s", ck->up_peer); } else { - ck = static_cast<chop_circuit_t *>(circuit_create(cfg, 0)); + ck = cfg->circuit_create(0); if (!ck) { log_warn(conn, "failed to create new circuit"); return -1; @@ -780,7 +783,7 @@ chop_find_or_make_circuit(chop_conn_t *conn, uint64_t circuit_id) return -1; } log_debug(conn, "created new circuit to %s", ck->up_peer); - ck->circuit_id = circuit_id; + static_cast<chop_circuit_t *>(ck)->circuit_id = circuit_id; out.first->second = ck; }

@@ -933,9 +936,9 @@ chop_circuit_t::~chop_circuit_t() chop_reassembly_elt *p, *q, *queue; chop_circuit_table::iterator out;

- for (unordered_set<chop_conn_t *>::iterator i = this->downstreams.begin(); + for (unordered_set<conn_t *>::iterator i = this->downstreams.begin(); i != this->downstreams.end(); i++) { - chop_conn_t *conn = *i; + conn_t *conn = *i; conn->circuit = NULL; if (evbuffer_get_length(conn_get_outbound(conn)) > 0) conn_do_flush(conn); @@ -968,9 +971,8 @@ chop_circuit_t::~chop_circuit_t() }

void -chop_circuit_t::add_downstream(conn_t *cn) +chop_circuit_t::add_downstream(conn_t *conn) { - chop_conn_t *conn = static_cast<chop_conn_t *>(cn); this->downstreams.insert(conn); log_debug(this, "added connection <%d.%d> to %s, now %lu", this->serial, conn->serial, conn->peername, @@ -980,9 +982,8 @@ chop_circuit_t::add_downstream(conn_t *cn) }

void -chop_circuit_t::drop_downstream(conn_t *cn) +chop_circuit_t::drop_downstream(conn_t *conn) { - chop_conn_t *conn = static_cast<chop_conn_t *>(cn); this->downstreams.erase(conn); log_debug(this, "dropped connection <%d.%d> to %s, now %lu", this->serial, conn->serial, conn->peername, @@ -1094,9 +1095,9 @@ chop_circuit_t::send() as long as we haven't both sent and received a FIN, or we might deadlock. */ if (this->sent_fin && this->received_fin) { - for (unordered_set<chop_conn_t *>::iterator i = this->downstreams.begin(); + for (unordered_set<conn_t *>::iterator i = this->downstreams.begin(); i != this->downstreams.end(); i++) { - chop_conn_t *conn = *i; + chop_conn_t *conn = static_cast<chop_conn_t*>(*i); if (conn->must_transmit_timer && evtimer_pending(conn->must_transmit_timer, NULL)) must_transmit_timer_cb(-1, 0, conn); @@ -1233,13 +1234,13 @@ chop_conn_t::recv() return -1; }

- if (chop_reassemble_block(ckt, block, &hdr)) { + if (chop_reassemble_block(c, block, &hdr)) { evbuffer_free(block); return -1; } }

- if (chop_push_to_upstream(ckt)) + if (chop_push_to_upstream(c)) return -1;

/* It may have now become possible to send queued data. */ diff --git a/src/steg/http.cc b/src/steg/http.cc index 7377196..aed9322 100644 --- a/src/steg/http.cc +++ b/src/steg/http.cc @@ -32,8 +32,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. See LICENSE for other credits and copying information */

- - #include "util.h" #include "connections.h" #include "steg.h" @@ -46,17 +44,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include <event2/buffer.h> #include <stdio.h>

- - - - - #define MIN_COOKIE_SIZE 24 #define MAX_COOKIE_SIZE 1024

- -int -x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); +int +http_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source);

int lookup_peer_name_from_ip(char* p_ip, char* p_name); @@ -65,57 +57,52 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name); static int has_peer_name = 0; static char peername[512];

- -struct x_http2_steg_t +namespace { +struct http : steg_t { - steg_t super; - - int have_transmitted; - int have_received; + bool have_transmitted : 1; + bool have_received : 1; int type; -};

+ STEG_DECLARE_METHODS(http); +}; +}

-STEG_DEFINE_MODULE(x_http2, +STEG_DEFINE_MODULE(http, 1024, /* client-server max data rate - made up */ 10240, /* server-client max data rate - ditto */ 1, /* max concurrent connections per IP */ 1); /* max concurrent IPs */

- - - - - -int x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn); -int x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn); +int http_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn); +int http_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn);

void evbuffer_dump(struct evbuffer *buf, FILE *out); void buf_dump(unsigned char* buf, int len, FILE *out); int gen_uri_field(char* uri, unsigned int uri_sz, char* data, int datalen);

-void -evbuffer_dump(struct evbuffer *buf, FILE *out) +void +evbuffer_dump(struct evbuffer *buf, FILE *out) { int nextent = evbuffer_peek(buf, SSIZE_MAX, 0, 0, 0); struct evbuffer_iovec v[nextent]; int i; const unsigned char *p, *limit; - + if (evbuffer_peek(buf, -1, 0, v, nextent) != nextent) abort(); - + for (i = 0; i < nextent; i++) { - p = v[i].iov_base; + p = (const unsigned char *)v[i].iov_base; limit = p + v[i].iov_len; - + putc('|', out); while (p < limit) { if (*p < 0x20 || *p >= 0x7F || *p == '\' || *p == '|') - fprintf(out, "\x%02x", *p); + fprintf(out, "\x%02x", *p); else - putc(*p, out); + putc(*p, out); p++; } } @@ -126,8 +113,8 @@ evbuffer_dump(struct evbuffer *buf, FILE *out)

-void -buf_dump(unsigned char* buf, int len, FILE *out) +void +buf_dump(unsigned char* buf, int len, FILE *out) { int i=0; putc('|', out); @@ -143,15 +130,9 @@ buf_dump(unsigned char* buf, int len, FILE *out) }

- - - -steg_t * -x_http2_new(rng_t *rng, unsigned int is_clientside) +http::http() + : have_transmitted(false), have_received(false) { - - STEG_NEW(x_http2, state, rng, is_clientside); - if (is_clientside) load_payloads("traces/client.out"); else { @@ -162,34 +143,24 @@ x_http2_new(rng_t *rng, unsigned int is_clientside) init_PDF_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, PDF_MIN_AVAIL_SIZE); init_SWF_payload_pool(HTTP_MSG_BUF_SIZE, TYPE_HTTP_RESPONSE, 0); } - - - /* if there were extra stuff to fill in, you would do it here */ - return upcast_steg(state); }

-void -x_http2_del(steg_t *s) +http::~http() { - x_http2_steg_t *state = downcast_steg(s); - - STEG_DEL(s); - - /* if there were extra stuff to deallocate, you would do it here */ - free(state); }

- -// x_http2_detect determines if a packet should be processed by the http2 steg module -unsigned int -x_http2_detect(conn_t *conn) +/** Determine whether a connection should be processed by this + steganographer. */ +bool +http::detect(conn_t *conn) { struct evbuffer *buf = conn_get_inbound(conn); unsigned char *data;

//return 0; /***** - Here is a list of HTTP response codes extracted from the server-portals.out trace + Here is a list of HTTP response codes extracted from the + server-portals.out trace

7369 HTTP/1.1 200 OK 470 HTTP/1.1 302 Found @@ -224,7 +195,7 @@ x_http2_detect(conn_t *conn)

if (evbuffer_get_length(buf) >= 12) { data = evbuffer_pullup(buf, 12); - + if (data != NULL && ((!memcmp(data, "HTTP/1.1 200", 12)) || (!memcmp(data, "HTTP/1.1 302", 12)) || @@ -235,7 +206,7 @@ x_http2_detect(conn_t *conn) (!memcmp(data, "HTTP/1.1 301", 12)) || (!memcmp(data, "HTTP/1.1 302", 12)) || (!memcmp(data, "HTTP/1.1 404", 12)))) { - log_debug("x_http2_detect: valid response"); + log_debug("http_detect: valid response"); return 1; } } @@ -258,42 +229,38 @@ x_http2_detect(conn_t *conn)

if (evbuffer_get_length(buf) >= 9) { data = evbuffer_pullup(buf, 9); - if (data != NULL && (!memcmp(data, "GET /", 5) || !memcmp(data, "POST /", 5) || !memcmp(data, "Cookie", 6))) { - log_debug("x_http2_detect: valid request"); - return 1; + if (data != NULL && (!memcmp(data, "GET /", 5) || + !memcmp(data, "POST /", 5) || + !memcmp(data, "Cookie", 6))) { + log_debug("http_detect: valid request"); + return true; } } - - log_debug("x_http2_detect: didn't find either HTTP request or response"); + + log_debug("http_detect: didn't find either HTTP request or response"); /* Didn't find either the client or the server pattern. */ - return 0; + return false; }

size_t -x_http2_transmit_room(steg_t *s, conn_t *conn) +http::transmit_room(conn_t *) { unsigned int mjc;

- if (downcast_steg(s)->have_transmitted) + if (have_transmitted) /* can't send any more on this connection */ return 0; - - - if (s->is_clientside) { - /* per http://www.boutell.com/newfaq/misc/urllength.html, - IE<9 can handle no more than 2048 characters in the path - component of a URL; we're not talking to IE, but this limit - means longer paths look fishy; we hex-encode the path, so - we have to cut the number in half. */ + + + if (is_clientside) { return (MIN_COOKIE_SIZE + rand() % (MAX_COOKIE_SIZE - MIN_COOKIE_SIZE)) / 4; - // return 1024; - } + } else {

- if (!downcast_steg(s)->have_received) + if (!have_received) return 0;

- switch(downcast_steg(s)->type) { + switch (type) {

case HTTP_CONTENT_SWF: return 1024; @@ -301,10 +268,10 @@ x_http2_transmit_room(steg_t *s, conn_t *conn) case HTTP_CONTENT_JAVASCRIPT: mjc = get_max_JS_capacity() / 2; if (mjc > 1024) { - // it should be 1024 + ...., but seems like we need to be a little bit smaller (chopper bug?) - int rval = 512 + rand()%(mjc - 1024); - // fprintf(stderr, "returning rval %d, mjc %d\n", rval, mjc); - return rval; + // it should be 1024 + ...., but seems like we need to be a little bit smaller (chopper bug?) + int rval = 512 + rand()%(mjc - 1024); + // fprintf(stderr, "returning rval %d, mjc %d\n", rval, mjc); + return rval; } log_warn("js capacity too small\n"); exit(-1); @@ -312,10 +279,10 @@ x_http2_transmit_room(steg_t *s, conn_t *conn) case HTTP_CONTENT_HTML: mjc = get_max_HTML_capacity() / 2; if (mjc > 1024) { - // it should be 1024 + ...., but seems like we need to be a little bit smaller (chopper bug?) - int rval = 512 + rand()%(mjc - 1024); - // fprintf(stderr, "returning rval %d, mjc %d\n", rval, mjc); - return rval; + // it should be 1024 + ...., but seems like we need to be a little bit smaller (chopper bug?) + int rval = 512 + rand()%(mjc - 1024); + // fprintf(stderr, "returning rval %d, mjc %d\n", rval, mjc); + return rval; } log_warn("js capacity too small\n"); exit(-1); @@ -340,7 +307,7 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name) { struct addrinfo* aip; struct addrinfo hint; char buf[128]; - + hint.ai_flags = AI_CANONNAME; hint.ai_family = 0; hint.ai_socktype = 0; @@ -349,16 +316,16 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name) { hint.ai_canonname = NULL; hint.ai_addr = NULL; hint.ai_next = NULL; - + strcpy(buf, p_ip); buf[strchr(buf, ':') - buf] = 0;

- + if (getaddrinfo(buf, NULL, &hint, &ailist)) { fprintf(stderr, "error: getaddrinfo() %s\n", p_ip); exit(1); } - + for (aip = ailist; aip != NULL; aip = aip->ai_next) { char buf[512]; if (getnameinfo(aip->ai_addr, sizeof(struct sockaddr), buf, 512, NULL, 0, 0) == 0) { @@ -366,7 +333,7 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name) { return 1; } } - + return 0; }

@@ -377,8 +344,8 @@ lookup_peer_name_from_ip(char* p_ip, char* p_name) {

-int -x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { +int +http_client_cookie_transmit (http *s, struct evbuffer *source, conn_t *conn) {

/* On the client side, we have to embed the data in a GET query somehow; the only plausible places to put it are the URL and cookies. This @@ -398,7 +365,7 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn

// size_t sofar = 0; size_t cookie_len; - +

/* Convert all the data in 'source' to hexadecimal and write it to 'scratch'. Data is padded to a multiple of four characters with @@ -410,12 +377,12 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn

- datalen = 0; + datalen = 0; cookie_len = 4 * sbuflen + rand() % 4; - +

nv = evbuffer_peek(source, sbuflen, NULL, NULL, 0); - iv = xzalloc(sizeof(struct evbuffer_iovec) * nv); + iv = (evbuffer_iovec*)xzalloc(sizeof(struct evbuffer_iovec) * nv);

if (evbuffer_peek(source, sbuflen, NULL, iv, nv) != nv) { free(iv); @@ -436,13 +403,13 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn // fprintf(stderr, "%s\n", buf); // exit(-1); // } -

- + + cnt = 0; - + for (i = 0; i < nv; i++) { - const unsigned char *p = iv[i].iov_base; + const unsigned char *p = (const unsigned char *)iv[i].iov_base; const unsigned char *limit = p + iv[i].iov_len; char c; while (p < limit && cnt < sbuflen) { @@ -453,7 +420,7 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn cnt++; } } - + free(iv);

if (cookie_len < 4) cookie_len = 4; @@ -478,20 +445,20 @@ x_http2_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn log_debug("error ***********************"); return -1; } - + // debug // log_warn("CLIENT HTTP request header:"); // buf_dump((unsigned char*)buf, len, stderr); - + // sofar += datalen/2; evbuffer_drain(source, datalen/2); - + log_debug("CLIENT TRANSMITTED payload %d\n", (int) sbuflen); - + conn_cease_transmission(conn);

- downcast_steg(s)->type = find_uri_type(buf, sizeof(buf)); - downcast_steg(s)->have_transmitted = 1; + s->type = find_uri_type(buf, sizeof(buf)); + s->have_transmitted = true; return 0; }

@@ -510,10 +477,10 @@ int gen_uri_field(char* uri, unsigned int uri_sz, char* data, int datalen) {

if (r == 1) { r = rand() % 46; - if (r < 20) - uri[so_far++] = 'g' + r; - else - uri[so_far++] = 'A' + r - 20; + if (r < 20) + uri[so_far++] = 'g' + r; + else + uri[so_far++] = 'A' + r - 20; } else { uri[so_far++] = data[0]; @@ -562,16 +529,16 @@ int gen_uri_field(char* uri, unsigned int uri_sz, char* data, int datalen) {

-int -x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { +int +http_client_uri_transmit (http *s, struct evbuffer *source, conn_t *conn) {

struct evbuffer *dest = conn_get_outbound(conn);

- + struct evbuffer_iovec *iv; int i, nv; - + /* Convert all the data in 'source' to hexadecimal and write it to 'scratch'. Data is padded to a multiple of four characters with equals signs. */ @@ -579,26 +546,26 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { size_t datalen = 0; int cnt = 0; char data[2*slen]; - + char outbuf[1024]; int len =0; char buf[10000]; - - + + if (has_peer_name == 0 && lookup_peer_name_from_ip((char*) conn->peername, peername)) has_peer_name = 1; - - + +

nv = evbuffer_peek(source, slen, NULL, NULL, 0); - iv = xzalloc(sizeof(struct evbuffer_iovec) * nv); + iv = (evbuffer_iovec *)xzalloc(sizeof(struct evbuffer_iovec) * nv); if (evbuffer_peek(source, slen, NULL, iv, nv) != nv) { free(iv); return -1; } - + for (i = 0; i < nv; i++) { - const unsigned char *p = iv[i].iov_base; + const unsigned char *p = (const unsigned char *)iv[i].iov_base; const unsigned char *limit = p + iv[i].iov_len; char c; while (p < limit) { @@ -608,13 +575,13 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { } } free(iv); - +

do { datalen = gen_uri_field(outbuf, sizeof(outbuf), data, datalen); } while (datalen == 0); - +

@@ -623,8 +590,8 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) { len = find_client_payload(buf, sizeof(buf), TYPE_HTTP_REQUEST); if (cnt++ == 10) return -1; } - - + + // fprintf(stderr, "outbuf = %s\n", outbuf);

if (evbuffer_add(dest, outbuf, datalen) || // add uri field @@ -640,10 +607,10 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) {

evbuffer_drain(source, slen); conn_cease_transmission(conn); - downcast_steg(s)->type = find_uri_type(outbuf, sizeof(outbuf)); - downcast_steg(s)->have_transmitted = 1; + s->type = find_uri_type(outbuf, sizeof(outbuf)); + s->have_transmitted = 1; return 0; - + }

@@ -666,45 +633,45 @@ x_http2_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn) {

int -x_http2_transmit(steg_t *s, struct evbuffer *source, conn_t *conn) +http::transmit(struct evbuffer *source, conn_t *conn) { // struct evbuffer *dest = conn_get_outbound(conn);

- // fprintf(stderr, "in x_http2_ transmit %d\n", downcast_steg(s)->type); - + // fprintf(stderr, "in http_ transmit %d\n", downcast_steg(s)->type); +

- if (s->is_clientside) { + if (is_clientside) { /* On the client side, we have to embed the data in a GET query somehow; the only plausible places to put it are the URL and cookies. This presently uses the URL. And it can't be binary. */

if (evbuffer_get_length(source) < 72) - return x_http2_client_uri_transmit(s, source, conn); //@@ - return x_http2_client_cookie_transmit(s, source, conn); //@@ - } + return http_client_uri_transmit(this, source, conn); //@@ + return http_client_cookie_transmit(this, source, conn); //@@ + } else { int rval = -1; - switch(downcast_steg(s)->type) { - - case HTTP_CONTENT_SWF: - rval = x_http2_server_SWF_transmit(s, source, conn); + switch(type) { + + case HTTP_CONTENT_SWF: + rval = http_server_SWF_transmit(this, source, conn); break;

case HTTP_CONTENT_JAVASCRIPT: - rval = x_http2_server_JS_transmit(s, source, conn, HTTP_CONTENT_JAVASCRIPT); + rval = http_server_JS_transmit(this, source, conn, HTTP_CONTENT_JAVASCRIPT); break;

case HTTP_CONTENT_HTML: - rval = x_http2_server_JS_transmit(s, source, conn, HTTP_CONTENT_HTML); + rval = http_server_JS_transmit(this, source, conn, HTTP_CONTENT_HTML); break;

case HTTP_CONTENT_PDF: - rval = x_http2_server_PDF_transmit(s, source, conn); + rval = http_server_PDF_transmit(this, source, conn); break; }

- if (rval == 0) downcast_steg(s)->have_transmitted = 1; + if (rval == 0) have_transmitted = 1; return rval; } } @@ -714,8 +681,8 @@ x_http2_transmit(steg_t *s, struct evbuffer *source, conn_t *conn)

-int -x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { +int +http_server_receive(http *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) {

int cnt = 0; unsigned char* data; @@ -760,24 +727,24 @@ x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct ev

secondhalf = 0; c = 0; - +

while (strncmp((char*) p, "\r\n", 2) != 0 && (cookie_mode != 0 || p[0] != '.')) { - if (!secondhalf) - c = 0; - if ('0' <= *p && *p <= '9') - h = *p - '0'; - else if ('a' <= *p && *p <= 'f') - h = *p - 'a' + 10; + if (!secondhalf) + c = 0; + if ('0' <= *p && *p <= '9') + h = *p - '0'; + else if ('a' <= *p && *p <= 'f') + h = *p - 'a' + 10; else { - p++; - continue; + p++; + continue; }

c = (c << 4) + h; if (secondhalf) { - outbuf[sofar++] = c; - cnt++; + outbuf[sofar++] = c; + cnt++; } secondhalf = !secondhalf; p++; @@ -795,15 +762,15 @@ x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct ev if (evbuffer_add(dest, outbuf, sofar)) { log_debug("Failed to transfer buffer"); return RECV_BAD; - } + } evbuffer_drain(source, s2.pos + sizeof("\r\n\r\n") - 1); } while (evbuffer_get_length(source)); -

- downcast_steg(s)->have_received = 1; - downcast_steg(s)->type = type; + + s->have_received = 1; + s->type = type; // fprintf(stderr, "SERVER RECEIVED payload %d %d\n", cnt, type); - + conn_transmit_soon(conn, 100); return RECV_GOOD; } @@ -818,40 +785,37 @@ x_http2_server_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct ev

-static int -x_http2_receive(steg_t *s, conn_t *conn, struct evbuffer *dest) +int +http::receive(conn_t *conn, struct evbuffer *dest) { struct evbuffer *source = conn_get_inbound(conn); // unsigned int type; int rval = RECV_BAD;

- if (s->is_clientside) { - - // fprintf(stderr, "client type = %d\n", downcast_steg(s)->type); + if (is_clientside) { + switch(type) {

- switch(downcast_steg(s)->type) { - - case HTTP_CONTENT_SWF: - rval = x_http2_handle_client_SWF_receive(s, conn, dest, source); + case HTTP_CONTENT_SWF: + rval = http_handle_client_SWF_receive(this, conn, dest, source); break;

case HTTP_CONTENT_JAVASCRIPT: case HTTP_CONTENT_HTML: - rval = x_http2_handle_client_JS_receive(s, conn, dest, source); + rval = http_handle_client_JS_receive(this, conn, dest, source); break;

case HTTP_CONTENT_PDF: - rval = x_http2_handle_client_PDF_receive(s, conn, dest, source); + rval = http_handle_client_PDF_receive(this, conn, dest, source); break; }

- if (rval == RECV_GOOD) downcast_steg(s)->have_received = 1; + if (rval == RECV_GOOD) have_received = 1; return rval;

} else { - return x_http2_server_receive(s, conn, dest, source); + return http_server_receive(this, conn, dest, source); }

- + } diff --git a/src/steg/jsSteg.cc b/src/steg/jsSteg.cc index 1486255..c02a7b0 100644 --- a/src/steg/jsSteg.cc +++ b/src/steg/jsSteg.cc @@ -707,7 +707,7 @@ int testDecode2(char *inBuf, char *outBuf,

int -x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, unsigned int content_type) { +http_server_JS_transmit (steg_t*, struct evbuffer *source, conn_t *conn, unsigned int content_type) {

struct evbuffer_iovec *iv; int nv; @@ -734,7 +734,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un // evbuffer_dump(source, stderr);

nv = evbuffer_peek(source, sbuflen, NULL, NULL, 0); - iv = xzalloc(sizeof(struct evbuffer_iovec) * nv); + iv = (evbuffer_iovec *)xzalloc(sizeof(struct evbuffer_iovec) * nv);

if (evbuffer_peek(source, sbuflen, NULL, iv, nv) != nv) { free(iv); @@ -761,7 +761,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un // Convert data in 'source' to hexadecimal and write it to data cnt = 0; for (i = 0; i < nv; i++) { - const unsigned char *p = iv[i].iov_base; + const unsigned char *p = (const unsigned char *)iv[i].iov_base; const unsigned char *limit = p + iv[i].iov_len; char c;

@@ -809,11 +809,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un

hLen = hend+4-jsTemplate; cLen = jsLen - hLen; - outbuf = malloc(cLen); - if (outbuf == NULL) { - log_warn("malloc for outbuf fails"); - return -1; - } + outbuf = (char *)xmalloc(cLen);

r = encodeHTTPBody(data, hend+4, outbuf, datalen, cLen, cLen, mode);

@@ -826,11 +822,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un if (gzipMode == 1) { // conservative estimate: // sizeof outbuf2 = cLen + 10-byte for gzip header + 8-byte for crc - outbuf2 = malloc(cLen+18); - if (outbuf2 == NULL) { - log_warn("malloc for outbuf2 fails"); - return -1; - } + outbuf2 = (char *)xmalloc(cLen+18);

outbuf2len = gzDeflate(outbuf, cLen, outbuf2, cLen+18, time(NULL));

@@ -893,7 +885,7 @@ x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, un

int -x_http2_handle_client_JS_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { +http_handle_client_JS_receive(steg_t *, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { struct evbuffer_ptr s2; unsigned int response_len = 0; unsigned int content_len = 0; diff --git a/src/steg/jsSteg.h b/src/steg/jsSteg.h index 949aa25..8a351cc 100644 --- a/src/steg/jsSteg.h +++ b/src/steg/jsSteg.h @@ -62,10 +62,10 @@ int testDecode2(char *inBuf, char *outBuf,

int -x_http2_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, unsigned int content_type); +http_server_JS_transmit (steg_t* s, struct evbuffer *source, conn_t *conn, unsigned int content_type);

int -x_http2_handle_client_JS_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); +http_handle_client_JS_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source);

diff --git a/src/steg/payloads.cc b/src/steg/payloads.cc index 2b82451..84bfd00 100644 --- a/src/steg/payloads.cc +++ b/src/steg/payloads.cc @@ -272,11 +272,11 @@ void load_payloads(const char* fname) { // }

if (r < 0) { - payloads[payload_count] = malloc(pentry.length + 1); + payloads[payload_count] = (char *)xmalloc(pentry.length + 1); memcpy(payloads[payload_count], buf, pentry.length); } else { pentry.length = r; - payloads[payload_count] = malloc(pentry.length + 1); + payloads[payload_count] = (char *)xmalloc(pentry.length + 1); memcpy(payloads[payload_count], buf2, pentry.length); } payload_hdrs[payload_count] = pentry; @@ -443,7 +443,7 @@ find_uri_type(char* buf_orig, int buflen) { char* uri; char* ext;

- char* buf = malloc(buflen+1); + char* buf = (char *)xmalloc(buflen+1); char* uri_end;

@@ -524,7 +524,7 @@ find_uri_type(char* buf) {

buf = strchr(buf, ' ') + 1; uri_len = strchr(buf, ' ') - buf; - uri = malloc(uri_len + 1); + uri = xmalloc(uri_len + 1);

strncpy(uri, buf, uri_len); uri[uri_len] = 0; @@ -1396,7 +1396,7 @@ int init_PDF_payload_pool(int len, int type, int minCapacity) {

-int init_SWF_payload_pool(int len, int type, int minCapacity) { +int init_SWF_payload_pool(int len, int type, int /*unused */) {

// stat for usable payload int minPayloadSize = 0, maxPayloadSize = 0; @@ -1534,7 +1534,7 @@ int get_payload (int contentType, int cap, char** buf, int* size) {

int -find_content_length (char *hdr, int hlen) { +find_content_length (char *hdr, int /*hlen*/) { char *clStart; char* clEnd; char *clValStart; diff --git a/src/steg/pdfSteg.cc b/src/steg/pdfSteg.cc index 81efdf4..d958b29 100644 --- a/src/steg/pdfSteg.cc +++ b/src/steg/pdfSteg.cc @@ -296,7 +296,7 @@ pdfUnwrap (char *data, unsigned int dlen,

-int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) { +int http_server_PDF_transmit (steg_t*, struct evbuffer *source, conn_t *conn) {

struct evbuffer *dest = conn_get_outbound(conn); size_t sbuflen = evbuffer_get_length(source); @@ -321,7 +321,7 @@ int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *con log_debug("Entering SERVER PDF transmit with sbuflen %d", (int)sbuflen);

nv = evbuffer_peek(source, sbuflen, NULL, NULL, 0); - iv = xzalloc(sizeof(struct evbuffer_iovec) * nv); + iv = (evbuffer_iovec *)xzalloc(sizeof(struct evbuffer_iovec) * nv);

if (evbuffer_peek(source, sbuflen, NULL, iv, nv) != nv) { free(iv); @@ -330,7 +330,7 @@ int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *con

cnt = 0; for (i = 0; i < nv; i++) { - const unsigned char *p = iv[i].iov_base; + const unsigned char *p = (const unsigned char *)iv[i].iov_base; const unsigned char *limit = p + iv[i].iov_len; while (p < limit && cnt < (int)sbuflen) { data1[cnt++] = *p++; @@ -430,7 +430,7 @@ int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *con

int -x_http2_handle_client_PDF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { +http_handle_client_PDF_receive(steg_t *, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { struct evbuffer_ptr s2; unsigned int response_len = 0, hdrLen; char outbuf[HTTP_MSG_BUF_SIZE]; diff --git a/src/steg/pdfSteg.h b/src/steg/pdfSteg.h index 7e48449..3c7a4bd 100644 --- a/src/steg/pdfSteg.h +++ b/src/steg/pdfSteg.h @@ -21,9 +21,9 @@ int pdfUnwrap (char *data, unsigned int dlen, char *outbuf, unsigned int outbufs int addDelimiter(char *inbuf, int inbuflen, char *outbuf, int outbuflen, const char delimiter1, const char delimiter2); int removeDelimiter(char *inbuf, int inbuflen, char *outbuf, int outbuflen, const char delimiter1, int* endFlag, int* escape);

-int x_http2_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn); +int http_server_PDF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn); int -x_http2_handle_client_PDF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); +http_handle_client_PDF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source);

#endif

diff --git a/src/steg/swfSteg.cc b/src/steg/swfSteg.cc index ad3d5c8..8c3bd2e 100644 --- a/src/steg/swfSteg.cc +++ b/src/steg/swfSteg.cc @@ -57,22 +57,8 @@ swf_wrap(char* inbuf, int in_len, char* outbuf, int out_sz) { }

- tmp_buf = malloc(in_len + SWF_SAVE_HEADER_LEN + SWF_SAVE_FOOTER_LEN); - - if (tmp_buf == NULL) { - log_warn("swfsteg: malloc failed\n"); - return -1; - } - - - tmp_buf2 = malloc(in_len + SWF_SAVE_HEADER_LEN + SWF_SAVE_FOOTER_LEN + 512); - - if (tmp_buf2 == NULL) { - free(tmp_buf); - log_warn("swfsteg: malloc failed\n"); - return -1; - } - + tmp_buf = (char *)xmalloc(in_len + SWF_SAVE_HEADER_LEN + SWF_SAVE_FOOTER_LEN); + tmp_buf2 = (char *)xmalloc(in_len + SWF_SAVE_HEADER_LEN + SWF_SAVE_FOOTER_LEN + 512);

memcpy(tmp_buf, swf+8, SWF_SAVE_HEADER_LEN); memcpy(tmp_buf+SWF_SAVE_HEADER_LEN, inbuf, in_len); @@ -111,7 +97,7 @@ swf_unwrap(char* inbuf, int in_len, char* outbuf, int out_sz) { char* tmp_buf; int inf_len;

- tmp_buf = malloc(in_len * 8); + tmp_buf = (char *)xmalloc(in_len * 8);

inf_len = inf(inbuf + 8, in_len - 8, tmp_buf, in_len * 8);

@@ -137,7 +123,7 @@ swf_unwrap(char* inbuf, int in_len, char* outbuf, int out_sz) {

int -x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) { +http_server_SWF_transmit (steg_t*, struct evbuffer *source, conn_t *conn) {

struct evbuffer *dest = conn_get_outbound(conn); size_t sbuflen = evbuffer_get_length(source); @@ -145,29 +131,15 @@ x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) { char* outbuf; int outlen;

+ inbuf = (char *)xmalloc(sbuflen);

- - inbuf = malloc(sbuflen); - - if (inbuf == NULL) { - log_warn("malloc inbuf failed\n"); - return -1; - } - - if (evbuffer_remove(source, inbuf, sbuflen) == -1) { - log_debug("evbuffer_remove failed in x_http2_server_SWF_transmit"); + log_debug("evbuffer_remove failed in http_server_SWF_transmit"); return -1; }

- outbuf = malloc(4*sbuflen + SWF_SAVE_FOOTER_LEN + SWF_SAVE_HEADER_LEN + 512); + outbuf = (char *)xmalloc(4*sbuflen + SWF_SAVE_FOOTER_LEN + SWF_SAVE_HEADER_LEN + 512);

- if (outbuf == NULL) { - free(inbuf); - log_warn("malloc outbuf failed\n"); - return -1; - } - // fprintf(stderr, "server wrapping swf len %d\n", (int) sbuflen); outlen = swf_wrap(inbuf, sbuflen, outbuf, 4*sbuflen + SWF_SAVE_FOOTER_LEN + SWF_SAVE_HEADER_LEN + 512);

@@ -181,7 +153,7 @@ x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) {

if (evbuffer_add(dest, outbuf, outlen)) { - log_debug("SERVER ERROR: x_http2_server_transmit: evbuffer_add() fails for jsTemplate"); + log_debug("SERVER ERROR: http_server_transmit: evbuffer_add() fails for jsTemplate"); free(inbuf); free(outbuf); return -1; @@ -201,7 +173,7 @@ x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn) {

int -x_http2_handle_client_SWF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { +http_handle_client_SWF_receive(steg_t *, conn_t *conn, struct evbuffer *dest, struct evbuffer* source) { struct evbuffer_ptr s2; unsigned int response_len = 0, hdrLen; char outbuf[HTTP_MSG_BUF_SIZE]; diff --git a/src/steg/swfSteg.h b/src/steg/swfSteg.h index dc6bc04..7be5207 100644 --- a/src/steg/swfSteg.h +++ b/src/steg/swfSteg.h @@ -31,11 +31,11 @@ unsigned int swf_unwrap(char* inbuf, int in_len, char* outbuf, int out_sz);

int -x_http2_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn); +http_server_SWF_transmit (steg_t* s, struct evbuffer *source, conn_t *conn);

int -x_http2_handle_client_SWF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source); +http_handle_client_SWF_receive(steg_t *s, conn_t *conn, struct evbuffer *dest, struct evbuffer* source);

#endif

diff --git a/start-client.csh b/start-client.csh deleted file mode 100644 index 65f4465..0000000 --- a/start-client.csh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/csh -# ./obfsproxy --log-min-severity=debug x_dsteg socks 127.0.0.1:1080 x_http - -setenv EVENT_NOKQUEUE yes -#./obfsproxy --log-min-severity=debug chop socks 127.0.0.1:1080 127.0.0.1:8080 x_http2 127.0.0.1:8081 x_http2 -# ./obfsproxy --log-min-severity=warn chop socks 127.0.0.1:1080 127.0.0.1:8080 x_http2 127.0.0.1:8081 x_http2 -./obfsproxy --log-min-severity=error chop socks 127.0.0.1:1080 127.0.0.1:8080 x_http2 127.0.0.1:8081 x_http2 - diff --git a/start-obfsproxy.sh b/start-obfsproxy.sh deleted file mode 100755 index cc70c28..0000000 --- a/start-obfsproxy.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/bash - -ODIR=~/src/DEFIANCE/stegotorus - -################################################################################ -# helper functions: - -usage () { -if [ $# -gt 0 ]; then - echo " *** ERROR: $1" -fi -cat << EOF - -usage: $0 <OPTIONS> [server|client] [install-dir] - -Start obfsproxy server or client with given options. If the optional install-dir -is given, override the value set in the script. - -OPTIONS: - -h Show this message - -i <addr> IP address (default: 127.0.0.1) - -p <n> port number (default: 8080) - -l <severity> Log severity: warn, error, debug (default: error) - -b <host> Host name (or IP address) of Tor Bridge - with port number attached via ':' or omitted - (default: 87.73.82.145:8080) - -n <n> Multiply the number of IP addresses on the client -EOF -} - -################################################################################ -# parse command line: - -# default values: -IP=127.0.0.1 -PORT=8080 -N=1 -LOG=error -BRIDGE_IP=87.73.82.145 -BRIDGE_PORT=8080 -while getopts "hi:p:l:b:n:" OPTION -do - case $OPTION in - h|?) - usage; exit 1 - ;; - i) - IP=$OPTARG - ;; - p) - PORT=$OPTARG - ;; - n) - N=$OPTARG - ;; - l) - LOG=`echo $OPTARG | tr '[A-Z]' '[a-z]'` # make lower case - ;; - b) - arr=(${OPTARG//:/ }) - BRIDGE_IP=${arr[0]} - if [ ${#arr[@]} -gt 1 ]; then - BRIDGE_PORT=${arr[1]} - fi - ;; - esac - shift $((OPTIND-1)); OPTIND=1 -done - -# test if $LOG is valid -case $LOG in - debug|warn|error) - ;; - *) - usage "Unknown log level given: $LOG"; exit 1 - ;; -esac - -# now $@ has remaining arguments: -if [ $# -lt 1 ]; then - usage "need 'server' or 'client' as argument"; exit 1 -fi -TYPE=`echo $1 | tr '[A-Z]' '[a-z]'` # turn argument into lower case -case $TYPE in - server|client) - ;; - *) - usage "argument $1 not recognized"; exit 1 - ;; -esac - -# check optional install location given as an argument -if [ $# -gt 1 ]; then - if [[ ! -d $2 ]]; then - usage "argument $2 is not a directory"; exit 1 - fi - if [[ ! -x $2/obfsproxy ]]; then - usage "directory $2 does not contain executable of 'obfsproxy'"; exit 1 - fi - ODIR=$2 -fi - -################################################################################ -# start obfsproxy - -echo "Using obfsproxy in "$ODIR"" -cd $ODIR -export EVENT_NOKQUEUE=yes -case $TYPE in - server) - ./obfsproxy --log-min-severity=$LOG chop server $BRIDGE_IP:$BRIDGE_PORT $IP:$PORT - ;; - client) - IPS="" - for (( c=1; c<=$N; c++)) ; do - IPS="${IPS}${IP}:${PORT} x_http2 " ; - done - ./obfsproxy --log-min-severity=$LOG chop socks 127.0.0.1:1080 $IPS - ;; -esac diff --git a/start-server.csh b/start-server.csh deleted file mode 100644 index b7d61e6..0000000 --- a/start-server.csh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/csh -setenv EVENT_NOKQUEUE yes -# ./obfsproxy --log-min-severity=debug chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 -# ./obfsproxy --log-min-severity=warn chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 -./obfsproxy --log-min-severity=error chop server 87.73.82.145:8080 127.0.0.1:8080 127.0.0.1:8081 - diff --git a/torrc b/torrc deleted file mode 100644 index ff27e61..0000000 --- a/torrc +++ /dev/null @@ -1,12 +0,0 @@ -SocksPort 9060 # what port to open for local application connections -SocksListenAddress 127.0.0.1 # accept connections only from localhost - -SafeLogging 0 -Log info file ./info.log -Log debug file ./debug.log - -Socks4Proxy 127.0.0.1:1080 - -# Bridge 87.73.82.145:8080 -Bridge 127.0.0.1:8080 -UseBridges 1