Esempio n. 1
0
// Authenticate and then handle the client.
func handleNewClient(tt tuntap.Device, client transports.PacketClient) {
	log.Printf("Accepted new client (reliable = %t)\n", client.IsReliable())

	// Set up encryption.
	enc_client, err := transports.NewEncryptedPacketClient(client, "foobar")
	if err != nil {
		log.Printf("Could not initialize encryption: %s\n", err)
		client.Close()
		return
	}
	defer enc_client.Close()

	recv_ch := enc_client.RecvChannel()
	send_ch := enc_client.SendChannel()

	for {
		select {
		case from_client := <-recv_ch:
			log.Printf("client --> tuntap (%d bytes)\n", len(from_client))
			err = tt.Write(from_client)
			if err != nil {
				log.Printf("Error writing: %s\n", err)
			}

		case from_tuntap := <-tt.RecvChannel():
			log.Printf("tuntap --> client (%d bytes)\n", len(from_tuntap))
			send_ch <- from_tuntap

		case <-tt.EOFChannel():
			log.Println("EOF received from TUN/TAP device, exiting...")
			return
		}
	}
}
Esempio n. 2
0
func doAuth(conn transports.PacketClient) bool {
	// Authentication times out after 10 seconds.
	timeout_ch := time.After(10 * time.Second)
	send_ch := conn.SendChannel()
	recv_ch := conn.RecvChannel()

	// Receive the nonce from the server.
	var nonce []byte
	select {
	case nonce = <-recv_ch:
		// fallthrough
	case <-timeout_ch:
		log.Printf("Client authentication timed out: receiving nonce\n")
		return false
	}

	hm := hmac.New(sha256.New, []byte(password))
	_, err := hm.Write(nonce)
	if err != nil {
		log.Printf("Error computing HMAC: %s\n", err)
		return false
	}

	resp := make([]byte, 64)
	hex.Encode(resp, hm.Sum(nil))

	select {
	case send_ch <- resp:
		// fallthrough
	case <-timeout_ch:
		log.Printf("Client authentication timed out: sending respond\n")
		return false
	}

	// Wait for a response from the server.
	var serv_resp []byte
	select {
	case serv_resp = <-recv_ch:
		// fallthrough
	case <-timeout_ch:
		log.Printf("Client authentication timed out: waiting for confirmation\n")
		return false
	}

	// Check response.
	if bytes.Equal(serv_resp, []byte("success")) {
		log.Printf("Authentication success\n")
		return true
	} else {
		log.Printf("Authentication failure: %s\n", serv_resp)
		return false
	}
}
Esempio n. 3
0
func startClient(tt tuntap.Device, hpserver string) {
	defer tt.Close()
	log.Printf("Holepunching with server %s...\n", hpserver)

	methods := strings.Split(method, ",")
	if len(methods) == 1 && methods[0] == "all" {
		methods = []string{"tcp", "udp", "icmp", "dns"}
	}

	var conn transports.PacketClient
	var err error

	for _, m := range methods {
		var curr_conn transports.PacketClient

		err = nil
		switch m {
		case "tcp":
			curr_conn, err = transports.NewTCPPacketClient(hpserver)

		case "udp":
			curr_conn, err = transports.NewUDPPacketClient(hpserver)

		default:
			log.Printf("Unknown method: %s\n", m)
			continue
		}

		if err != nil {
			log.Printf("Error creating transport '%s': %s\n", m, err)
			continue
		}

		// Set up encryption.
		enc_conn, err := transports.NewEncryptedPacketClient(curr_conn, "foobar")
		if err != nil {
			log.Printf("Could not initialize encryption: %s\n", err)
			curr_conn.Close()
			continue
		}

		// Encryption is valid, which means that we're authenticated.
		conn = enc_conn
	}

	if conn == nil {
		log.Printf("Could not create connection to server, exiting...\n")
		return
	}
	log.Printf("Connected to server (reliable = %t)\n", conn.IsReliable())

	recv_ch := conn.RecvChannel()
	send_ch := conn.SendChannel()

	defer conn.Close()

	for {
		// TODO: some way of stopping this
		select {
		case from_server := <-recv_ch:
			log.Printf("server --> tuntap (%d bytes)\n", len(from_server))
			tt.Write(from_server)

		case from_tuntap := <-tt.RecvChannel():
			log.Printf("tuntap --> server (%d bytes)\n", len(from_tuntap))
			send_ch <- from_tuntap

		case <-tt.EOFChannel():
			log.Println("EOF received from TUN/TAP device, exiting...")
			return
		}
	}
}