Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DTLS Protocol Support #353

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open

DTLS Protocol Support #353

wants to merge 19 commits into from

Commits on Mar 27, 2020

  1. DTLS Protocol Support 

    This adds support for processing DTLS packets, specifically to acquire the
SNI value from the ClientHello packet. DTLS and TLS packets are different
enough that a separate parser was required. However, it appears extension
processing is the same. So I've moved both parse_extensions() and
parse_server_name_extension() into new sni.[c,h] files so those functions
can be shared by both the tls and dtls processors.

Note that this code is untested at the moment.

Related to issue dlundquist#352.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Mar 27, 2020
    Configuration menu
    Copy the full SHA
    4f34b67 View commit details
    Browse the repository at this point in the history

Commits on Mar 28, 2020

  1. Add DTLS functional test 

    This adds a DTLS functional test, similar to the existing TLS functional
test. For now, this has a single known good DTLS packet which we run the
test against. More can be added as Wireshark captures allow.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Mar 28, 2020
    Configuration menu
    Copy the full SHA
    dda7740 View commit details
    Browse the repository at this point in the history

Commits on Mar 29, 2020

  1. DTLS test: Make hostname part of test struct 

    This adds the hostname from the test data into the test_packet structure,
allowing for dynamic checking of hostnames from the data rather than
hard coding "localhost".

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Mar 29, 2020
    Configuration menu
    Copy the full SHA
    83cd2c4 View commit details
    Browse the repository at this point in the history

  2. Open UDP listeners

    @dlundquist @mestery
    dlundquist authored and mestery committed Mar 29, 2020
    Configuration menu
    Copy the full SHA
    27c7975 View commit details
    Browse the repository at this point in the history

  3. poc: "accept" UDP connections

    @dlundquist @mestery
    dlundquist authored and mestery committed Mar 29, 2020
    Configuration menu
    Copy the full SHA
    fa0c373 View commit details
    Browse the repository at this point in the history

  4. Add socket type to buffer and connection structs 

    This allows us to do some more advanced buffer processing depending on if
we are buffering stream or datagram sockets.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Mar 29, 2020
    Configuration menu
    Copy the full SHA
    4d1a6b5 View commit details
    Browse the repository at this point in the history

  5. Fix dtls hostname checks for bad tests 

    Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Mar 29, 2020
    Configuration menu
    Copy the full SHA
    b3e4c2f View commit details
    Browse the repository at this point in the history

Commits on Apr 1, 2020

  1. Update .gitignore to ignore .DS_Store on a Mac 

    Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 1, 2020
    Configuration menu
    Copy the full SHA
    9058c98 View commit details
    Browse the repository at this point in the history

  2. abort_message in Protocol should be unsigned char 

    DTLS abort messages include a version of `0xfe 0xfd` which gives
warnings if abort_message is not an unsigned char.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 1, 2020
    Configuration menu
    Copy the full SHA
    6df5d51 View commit details
    Browse the repository at this point in the history

  3. Remove tests which fail from Makefile.am 

    The tests below are all failing irresective of the DTLS work, remove them for
now, they need to be fixed outside of the scope of the DTLS work:

- binder_test
- bind_source_test
- proxy_header_test
- transparent_proxy_test

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 1, 2020
    Configuration menu
    Copy the full SHA
    c29a10f View commit details
    Browse the repository at this point in the history

  4. Update buffer module to work with UDP datagrams 

    The buffer code was meant to work with stream sockets. This commits modifies it
so it works with datagram sockets as well as stream sockets.

Proxying datagram sockets requires the ability to push an exact copy of each
frame from source to destination and vice versa. Thus, we introduce the
ability for the Buffer structure to understand if it is associated with a
SOCK_STREAM or a SOCK_DGRAM. If a SOCK_DGRAM is being used, for each write
into the buffer we first reserver two bytes and we store the length. When
reading, we first read the length as well.

Tests were updated to test the new SOCK_DGRAM functionality.

Note that when testing this locally it doesn't quite work yet. I am pushing
this commit out so it can be reviewed while I debug it.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 1, 2020
    Configuration menu
    Copy the full SHA
    4b56c9f View commit details
    Browse the repository at this point in the history

Commits on Apr 2, 2020

  1. Simplify datagram processing in buffer code 

    This utilizes a new approach suggested by Dustin during review to better handle
datagram packets in the buffer code. This seems to mostly work, still testing
locally a bit.

I've updated various tests to pass with the new code as well.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 2, 2020
    Configuration menu
    Copy the full SHA
    94138dd View commit details
    Browse the repository at this point in the history

  2. buffer: rework datagram buffers 

    Implement datagram specific buffer tails using setup_write_iov(),
setup_read_iov(), advance_write_position() and advance_read_position().

Signed-off-by: Dustin Lundquist <[email protected]>
Signed-off-by: Kyle Mestery <[email protected]>
    @dlundquist @mestery
    dlundquist authored and mestery committed Apr 2, 2020
    Configuration menu
    Copy the full SHA
    80287ea View commit details
    Browse the repository at this point in the history

Commits on Apr 3, 2020

  1. buffer: Correct buffer_coalesce 

    This corrects buffer_coalesce to work with datagrams. It should not be
returning the pointer into the datagram length. This required datagram
protocols like DTLS to look past this. I've corrected this with this
commit and also fixed DTLS parsing.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 3, 2020
    Configuration menu
    Copy the full SHA
    d8b644e View commit details
    Browse the repository at this point in the history

  2. buffer: Make buffer_coalesce more intelligent 

    For the datagram case, we need to replicate the exact buffer we're
coalescing, including the individual datagram sizes. The code as it
existed before this patch was writing the entire buffer length into
the first 2 bytes of datagram size, messing it all up. This fixes
it to iterate the existing Buffer, copying by pieces into a new
buffer, and then copying the resulting buffer back over.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 3, 2020
    Configuration menu
    Copy the full SHA
    008f19e View commit details
    Browse the repository at this point in the history

  3. connection: Read data after accepting dgram socket 

    Once a datagram socket has been accepted, read any data sent on the
socket right away.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 3, 2020
    Configuration menu
    Copy the full SHA
    6c35206 View commit details
    Browse the repository at this point in the history

Commits on Apr 4, 2020

  1. Address code review comments 

    Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 4, 2020
    Configuration menu
    Copy the full SHA
    4c77d6d View commit details
    Browse the repository at this point in the history

Commits on Apr 9, 2020

  1. IPv6: Compile on macOS 

    We need to define __APPLE_USE_RFC_3542 before including <netinet/in.h> or
compile errors are observed on macOS.

Signed-off-by: Kyle Mestery <[email protected]>
    @mestery
    mestery committed Apr 9, 2020
    Configuration menu
    Copy the full SHA
    ee0660b View commit details
    Browse the repository at this point in the history

Commits on May 29, 2020

  1. Fix issue with buffer coalesse and buffer_push 

    Signed-off-by: Kyle Mestery <[email protected]>
    @aldickin @mestery
    aldickin authored and mestery committed May 29, 2020
    Configuration menu
    Copy the full SHA
    b127c72 View commit details
    Browse the repository at this point in the history