Permalink
Switch branches/tags
Nothing to show
Find file
13526bf Sep 3, 2016
258 lines (248 sloc) 7.46 KB
diff -rupN openvpn-2.3.12/src/openvpn/forward.c openvpn-2.3.12_new/src/openvpn/forward.c
--- openvpn-2.3.12/src/openvpn/forward.c 2016-08-23 07:16:28.000000000 -0700
+++ openvpn-2.3.12_new/src/openvpn/forward.c 2016-09-02 15:32:20.883848000 -0700
@@ -674,7 +674,10 @@ read_incoming_link (struct context *c)
status = link_socket_read (c->c2.link_socket,
&c->c2.buf,
- &c->c2.from);
+ &c->c2.from,
+ c->options.ce.xormethod,
+ c->options.ce.xormask,
+ c->options.ce.xormasklen);
if (socket_connection_reset (c->c2.link_socket, status))
{
@@ -1151,7 +1154,10 @@ process_outgoing_link (struct context *c
/* Send packet */
size = link_socket_write (c->c2.link_socket,
&c->c2.to_link,
- to_addr);
+ to_addr,
+ c->options.ce.xormethod,
+ c->options.ce.xormask,
+ c->options.ce.xormasklen);
#ifdef ENABLE_SOCKS
/* Undo effect of prepend */
diff -rupN openvpn-2.3.12/src/openvpn/options.c openvpn-2.3.12_new/src/openvpn/options.c
--- openvpn-2.3.12/src/openvpn/options.c 2016-08-23 07:16:22.000000000 -0700
+++ openvpn-2.3.12_new/src/openvpn/options.c 2016-09-02 15:35:10.523978000 -0700
@@ -792,6 +792,9 @@ init_options (struct options *o, const b
o->max_routes = MAX_ROUTES_DEFAULT;
o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
o->proto_force = -1;
+ o->ce.xormethod = 0;
+ o->ce.xormask ="\0";
+ o->ce.xormasklen = 1;
#ifdef ENABLE_OCC
o->occ = true;
#endif
@@ -907,6 +910,9 @@ setenv_connection_entry (struct env_set
setenv_int_i (es, "local_port", e->local_port, i);
setenv_str_i (es, "remote", e->remote, i);
setenv_int_i (es, "remote_port", e->remote_port, i);
+ setenv_int_i (es, "xormethod", e->xormethod, i);
+ setenv_str_i (es, "xormask", e->xormask, i);
+ setenv_int_i (es, "xormasklen", e->xormasklen, i);
#ifdef ENABLE_HTTP_PROXY
if (e->http_proxy_options)
@@ -1366,6 +1372,9 @@ show_connection_entry (const struct conn
SHOW_INT (connect_retry_seconds);
SHOW_INT (connect_timeout);
SHOW_INT (connect_retry_max);
+ SHOW_INT (xormethod);
+ SHOW_STR (xormask);
+ SHOW_INT (xormasklen);
#ifdef ENABLE_HTTP_PROXY
if (o->http_proxy_options)
@@ -5131,6 +5140,36 @@ add_option (struct options *options,
options->proto_force = proto_force;
options->force_connection_list = true;
}
+ else if (streq (p[0], "scramble"))
+ {
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ if (streq (p[1], "xormask"))
+ {
+ options->ce.xormethod = 1;
+ options->ce.xormask = p[2];
+ options->ce.xormasklen = strlen(options->ce.xormask);
+ }
+ else if (streq (p[1], "xorptrpos"))
+ {
+ options->ce.xormethod = 2;
+ }
+ else if (streq (p[1], "reverse"))
+ {
+ options->ce.xormethod = 3;
+ }
+ else if (streq (p[1], "obfuscate"))
+ {
+ options->ce.xormethod = 4;
+ options->ce.xormask = p[2];
+ options->ce.xormasklen = strlen(options->ce.xormask);
+ }
+ else
+ {
+ options->ce.xormethod = 1;
+ options->ce.xormask = p[1];
+ options->ce.xormasklen = strlen(options->ce.xormask);
+ }
+ }
#ifdef ENABLE_HTTP_PROXY
else if (streq (p[0], "http-proxy") && p[1])
{
diff -rupN openvpn-2.3.12/src/openvpn/options.h openvpn-2.3.12_new/src/openvpn/options.h
--- openvpn-2.3.12/src/openvpn/options.h 2016-08-23 07:16:22.000000000 -0700
+++ openvpn-2.3.12_new/src/openvpn/options.h 2016-09-02 15:36:01.021643000 -0700
@@ -100,6 +100,9 @@ struct connection_entry
int connect_retry_max;
int connect_timeout;
bool connect_timeout_defined;
+ int xormethod;
+ const char *xormask;
+ int xormasklen;
#ifdef ENABLE_HTTP_PROXY
struct http_proxy_options *http_proxy_options;
#endif
diff -rupN openvpn-2.3.12/src/openvpn/socket.c openvpn-2.3.12_new/src/openvpn/socket.c
--- openvpn-2.3.12/src/openvpn/socket.c 2016-08-23 07:16:22.000000000 -0700
+++ openvpn-2.3.12_new/src/openvpn/socket.c 2016-09-02 16:23:11.345871072 -0700
@@ -52,6 +52,40 @@ const int proto_overhead[] = { /* indexe
IPv6_TCP_HEADER_SIZE,
};
+int buffer_mask (struct buffer *buf, const char *mask, int xormasklen) {
+ int i;
+ uint8_t *b;
+ for (i = 0, b = BPTR (buf); i < BLEN(buf); i++, b++) {
+ *b = *b ^ mask[i % xormasklen];
+ }
+ return BLEN (buf);
+}
+
+int buffer_xorptrpos (struct buffer *buf) {
+ int i;
+ uint8_t *b;
+ for (i = 0, b = BPTR (buf); i < BLEN(buf); i++, b++) {
+ *b = *b ^ i+1;
+ }
+ return BLEN (buf);
+}
+
+int buffer_reverse (struct buffer *buf) {
+ int len = BLEN(buf);
+ if ( len > 2 ) {
+ int i;
+ uint8_t *b_start = BPTR (buf) + 1;
+ uint8_t *b_end = BPTR (buf) + (len - 1);
+ uint8_t tmp;
+ for (i = 0; i < (len-1)/2; i++, b_start++, b_end--) {
+ tmp = *b_start;
+ *b_start = *b_end;
+ *b_end = tmp;
+ }
+ }
+ return len;
+}
+
/*
* Convert sockflags/getaddr_flags into getaddr_flags
*/
diff -rupN openvpn-2.3.12/src/openvpn/socket.h openvpn-2.3.12_new/src/openvpn/socket.h
--- openvpn-2.3.12/src/openvpn/socket.h 2016-08-23 07:16:22.000000000 -0700
+++ openvpn-2.3.12_new/src/openvpn/socket.h 2016-09-02 15:44:28.297777000 -0700
@@ -245,6 +245,10 @@ struct link_socket
#endif
};
+int buffer_mask (struct buffer *buf, const char *xormask, int xormasklen);
+int buffer_xorptrpos (struct buffer *buf);
+int buffer_reverse (struct buffer *buf);
+
/*
* Some Posix/Win32 differences.
*/
@@ -873,30 +877,52 @@ int link_socket_read_udp_posix (struct l
static inline int
link_socket_read (struct link_socket *sock,
struct buffer *buf,
- struct link_socket_actual *from)
+ struct link_socket_actual *from,
+ int xormethod,
+ const char *xormask,
+ int xormasklen)
{
+ int res;
if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
{
- int res;
#ifdef WIN32
res = link_socket_read_udp_win32 (sock, buf, from);
#else
res = link_socket_read_udp_posix (sock, buf, from);
#endif
- return res;
}
else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
{
/* from address was returned by accept */
addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest);
- return link_socket_read_tcp (sock, buf);
+ res = link_socket_read_tcp (sock, buf);
}
else
{
ASSERT (0);
return -1; /* NOTREACHED */
}
+ switch(xormethod)
+ {
+ case 0:
+ break;
+ case 1:
+ buffer_mask(buf,xormask,xormasklen);
+ break;
+ case 2:
+ buffer_xorptrpos(buf);
+ break;
+ case 3:
+ buffer_reverse(buf);
+ break;
+ case 4:
+ buffer_mask(buf,xormask,xormasklen);
+ buffer_xorptrpos(buf);
+ buffer_reverse(buf);
+ buffer_xorptrpos(buf);
+ }
+ return res;
}
/*
@@ -980,8 +1006,30 @@ link_socket_write_udp (struct link_socke
static inline int
link_socket_write (struct link_socket *sock,
struct buffer *buf,
- struct link_socket_actual *to)
+ struct link_socket_actual *to,
+ int xormethod,
+ const char *xormask,
+ int xormasklen)
{
+ switch(xormethod)
+ {
+ case 0:
+ break;
+ case 1:
+ buffer_mask(buf,xormask,xormasklen);
+ break;
+ case 2:
+ buffer_xorptrpos(buf);
+ break;
+ case 3:
+ buffer_reverse(buf);
+ break;
+ case 4:
+ buffer_xorptrpos(buf);
+ buffer_reverse(buf);
+ buffer_xorptrpos(buf);
+ buffer_mask(buf,xormask,xormasklen);
+ }
if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
{
return link_socket_write_udp (sock, buf, to);