stun

simple point to point tunnel
git clone git://git.2f30.org/stun
Log | Files | Refs | README

commit 388b556835c09605cdbaff557ebb6a5efc19fb0c
parent 05f43f4c98279058f35a7753ab7e03d57fae5b0f
Author: sin <sin@2f30.org>
Date:   Tue, 21 Mar 2017 23:36:56 +0000

Revamp logging

Diffstat:
Mauth.c | 8++++----
Mclient.c | 6+++---
Mcrypto.c | 6+++---
Mdev_bsd.c | 8++++----
Mdev_linux.c | 8++++----
Mlog.c | 71+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
Mnetpkt.c | 12++++++------
Mserver.c | 8++++----
Mstun.c | 17++++++++---------
Mstun.h | 8++++++++
Mtunnel.c | 2+-
Mutil.c | 12++++++------
12 files changed, 118 insertions(+), 48 deletions(-)

diff --git a/auth.c b/auth.c @@ -27,10 +27,10 @@ challenge(int netfd) for (;;) { ret = poll(pfd, 1, AUTHTIMEO * 1000); if (ret < 0) { - logwarn("poll failed"); + logwarn("poll"); return -1; } else if (ret == 0) { - logwarn("challenge-response timed out"); + logwarnx("challenge-response timed out"); return -1; } @@ -64,10 +64,10 @@ response(int netfd) for (;;) { ret = poll(pfd, 1, AUTHTIMEO * 1000); if (ret < 0) { - logwarn("poll failed"); + logwarn("poll"); return -1; } else if (ret == 0) { - logwarn("challenge-response timed out"); + logwarnx("challenge-response timed out"); return -1; } diff --git a/client.c b/client.c @@ -21,7 +21,7 @@ clientconnect(char *host, char *port) hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if ((ret = getaddrinfo(host, port, &hints, &ai))) { - logwarn("getaddrinfo: %s", gai_strerror(ret)); + logwarnx("getaddrinfo: %s", gai_strerror(ret)); return -1; } @@ -39,7 +39,7 @@ clientconnect(char *host, char *port) } freeaddrinfo(ai); if (!p) { - logwarn("failed to connect to %s:%s", host, port); + logwarnx("failed to connect to %s:%s", host, port); return -1; } @@ -49,7 +49,7 @@ clientconnect(char *host, char *port) if (response(netfd) < 0 || challenge(netfd) < 0) { close(netfd); - logwarn("challenge-response failed"); + logwarnx("challenge-response failed"); return -1; } return netfd; diff --git a/crypto.c b/crypto.c @@ -38,7 +38,7 @@ setcipher(char *name) return; } } - logerr("unknown cipher: %s", name); + fatalx("unknown cipher: %s", name); } void @@ -46,7 +46,7 @@ derivekey(char *pw) { if (!PKCS5_PBKDF2_HMAC_SHA1(pw, strlen(pw), NULL, 0, NROUNDS, EVP_AEAD_key_length(aead), key)) - logerr("PKCS5_PBKDF2_HMAC_SHA1 failed"); + fatalx("PKCS5_PBKDF2_HMAC_SHA1 failed"); } void @@ -56,7 +56,7 @@ cryptoinit(void) EVP_AEAD_DEFAULT_TAG_LENGTH, NULL) || !EVP_AEAD_CTX_init(&dctx, aead, key, EVP_AEAD_key_length(aead), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) - logerr("EVP_AEAD_CTX_init failed"); + fatalx("EVP_AEAD_CTX_init failed"); } size_t diff --git a/dev_bsd.c b/dev_bsd.c @@ -28,20 +28,20 @@ devopen(char *ifname) snprintf(dev, sizeof(dev), "/dev/%s", basename(ifname)); if ((fd = open(dev, O_RDWR)) < 0) - logerr("failed to open %s", dev); + fatal("open %s", dev); if (ioctl(fd, TUNGIFINFO, &ti) < 0) - logerr("failed to set TUNGIFINFO on %s", dev); + fatal("TUNGIFINFO %s", dev); if (devtype == TUNDEV) ti.mtu = MAXPAYLOADLEN; else ti.mtu = MAXPAYLOADLEN - 14; /* make room for ethernet header */ if (ioctl(fd, TUNSIFINFO, &ti) < 0) - logerr("failed to set TUNSIFINFO on %s", dev); + fatal("TUNSIFINFO %s", dev); if (devtype == TUNDEV) { #if defined(TUNSIFHEAD) int one = 1; if (ioctl(fd, TUNSIFHEAD, &one) < 0) - logerr("failed to set TUNSIFHEAD on %s", dev); + fatal("TUNSIFHEAD %s", dev); #endif } return fd; diff --git a/dev_linux.c b/dev_linux.c @@ -18,24 +18,24 @@ devopen(char *ifname) int fd, s; if ((fd = open("/dev/net/tun", O_RDWR)) < 0) - logerr("failed to open %s", "/dev/net/tun"); + fatal("open %s", "/dev/net/tun"); memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = (devtype == TUNDEV ? IFF_TUN : IFF_TAP) | IFF_NO_PI; strncpy(ifr.ifr_name, ifname, IF_NAMESIZE); ifr.ifr_name[IF_NAMESIZE - 1] = '\0'; if (ioctl(fd, TUNSETIFF, &ifr) < 0) - logerr("failed to set TUNSETIFF on %s", ifname); + fatal("TUNSETIFF %s", ifname); /* dummy socket so we can manipulate the params */ if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) - logerr("failed to create socket"); + fatal("socket"); if (devtype == TUNDEV) ifr.ifr_mtu = MAXPAYLOADLEN; else ifr.ifr_mtu = MAXPAYLOADLEN - 14; /* make room for ethernet header */ if (ioctl(s, SIOCSIFMTU, &ifr) < 0) - logerr("failed to set MTU on %s", ifname); + fatal("SIOCSIFMTU %s", ifname); close(s); return fd; diff --git a/log.c b/log.c @@ -1,14 +1,18 @@ +#include <errno.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <syslog.h> #include "stun.h" +int debug; + static char *progname; static void -logmsg(int priority, char *msg, va_list ap) +vlog(int priority, char *msg, va_list ap) { if (debug) { fprintf(stderr, "%s: ", progname); @@ -30,30 +34,89 @@ loginit(char *prog) void logdbg(char *msg, ...) { + char buf[512]; va_list ap; va_start(ap, msg); - logmsg(LOG_DAEMON | LOG_DEBUG, msg, ap); + snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); + vlog(LOG_DAEMON | LOG_DEBUG, buf, ap); + va_end(ap); +} + +void +logdbgx(char *msg, ...) +{ + va_list ap; + + va_start(ap, msg); + vlog(LOG_DAEMON | LOG_DEBUG, msg, ap); va_end(ap); } void logwarn(char *msg, ...) { + char buf[512]; va_list ap; va_start(ap, msg); - logmsg(LOG_DAEMON | LOG_WARNING, msg, ap); + snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); + vlog(LOG_DAEMON | LOG_WARNING, buf, ap); + va_end(ap); +} + +void +logwarnx(char *msg, ...) +{ + va_list ap; + + va_start(ap, msg); + vlog(LOG_DAEMON | LOG_WARNING, msg, ap); va_end(ap); } void logerr(char *msg, ...) { + char buf[512]; + va_list ap; + + va_start(ap, msg); + snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); + vlog(LOG_DAEMON | LOG_ERR, buf, ap); + va_end(ap); +} + +void +logerrx(char *msg, ...) +{ + va_list ap; + + va_start(ap, msg); + vlog(LOG_DAEMON | LOG_ERR, msg, ap); + va_end(ap); +} + +void +fatal(char *msg, ...) +{ + char buf[512]; + va_list ap; + + va_start(ap, msg); + snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); + vlog(LOG_DAEMON | LOG_ERR, buf, ap); + va_end(ap); + exit(1); +} + +void +fatalx(char *msg, ...) +{ va_list ap; va_start(ap, msg); - logmsg(LOG_DAEMON | LOG_ERR, msg, ap); + vlog(LOG_DAEMON | LOG_ERR, msg, ap); va_end(ap); exit(1); } diff --git a/netpkt.c b/netpkt.c @@ -49,7 +49,7 @@ netwrite(int fd, unsigned char *pt, size_t ptlen, size_t *outlen) int n, total = 0; if (buflen > maxbuflen) { - logerr("packet is too large"); + logerrx("packet is too large"); return PKTFAILED; } @@ -58,7 +58,7 @@ netwrite(int fd, unsigned char *pt, size_t ptlen, size_t *outlen) if (!cryptoseal(&wbuf[noncelen + HDRLEN], outlen, ptlen + taglen, wbuf, noncelen, pt, ptlen, &wbuf[noncelen], HDRLEN)) { - logwarn("cryptoseal failed"); + logwarnx("cryptoseal failed"); return -1; } *outlen = ptlen; @@ -86,7 +86,7 @@ netread(int fd, unsigned char *pt, size_t ptlen, size_t *outlen) int n, ctlen; if (buflen > maxbuflen) { - logerr("packet is too large"); + logerrx("packet is too large"); return PKTFAILED; } @@ -146,7 +146,7 @@ netread(int fd, unsigned char *pt, size_t ptlen, size_t *outlen) &rbuf[noncelen + HDRLEN], rbuftotal - noncelen - HDRLEN, &rbuf[noncelen], HDRLEN)) { - logwarn("cryptoopen failed"); + logwarnx("cryptoopen failed"); return PKTPARTIAL; } return PKTCOMPLETE; @@ -178,8 +178,8 @@ netinit(void) taglen = cryptotaglen(); maxbuflen = noncelen + HDRLEN + MAXPAYLOADLEN + taglen; if (!(wbuf = malloc(maxbuflen))) - logerr("oom"); + fatal("malloc"); if (!(rbuf = malloc(maxbuflen))) - logerr("oom"); + fatal("malloc"); netreset(); } diff --git a/server.c b/server.c @@ -25,7 +25,7 @@ serverinit(char *host, char *port) hints.ai_flags = AI_PASSIVE; if ((ret = getaddrinfo(host, port, &hints, &ai))) { - logwarn("getaddrinfo: %s", gai_strerror(ret)); + logwarnx("getaddrinfo: %s", gai_strerror(ret)); return -1; } @@ -48,7 +48,7 @@ serverinit(char *host, char *port) break; } if (!p) - logerr("failed to bind socket"); + logerrx("failed to bind socket"); freeaddrinfo(ai); return listenfd; } @@ -63,7 +63,7 @@ serveraccept(int listenfd) (socklen_t []){sizeof(remote)}); if (netfd < 0) { if (errno != ECONNABORTED) - logwarn("accept failed"); + logwarn("accept"); return -1; } @@ -73,7 +73,7 @@ serveraccept(int listenfd) if (challenge(netfd) < 0 || response(netfd) < 0) { close(netfd); - logwarn("challenge-response failed"); + logwarnx("challenge-response failed"); return -1; } return netfd; diff --git a/stun.c b/stun.c @@ -57,7 +57,6 @@ char *port = DEFPORT; char *cipher = DEFCIPHER; int devtype = TUNDEV; int aftype = AF_INET; -int debug; int sflag; void @@ -129,7 +128,7 @@ main(int argc, char *argv[]) /* disable core dumps as memory contains the pre-shared key */ rlim.rlim_cur = rlim.rlim_max = 0; if (setrlimit(RLIMIT_CORE, &rlim) < 0) - logerr("failed to disable core dumps"); + fatalx("failed to disable core dumps"); signal(SIGPIPE, SIG_IGN); if (!debug) @@ -140,7 +139,7 @@ main(int argc, char *argv[]) /* initialize crypto engine */ if (!(pw = getenv("STUNPW"))) - logerr("STUNPW is not set"); + fatalx("STUNPW is not set"); setcipher(cipher); derivekey(pw); cryptoinit(); @@ -154,15 +153,15 @@ main(int argc, char *argv[]) listenfd = serverinit(bindaddr, port); revokeprivs(user); if (mypledge("stdio inet", NULL) < 0) - logerr("pledge failed"); + fatal("pledge"); for (;;) { if ((netfd = serveraccept(listenfd)) < 0) { netreset(); continue; } - logdbg("client %s is ready", peer_ntop(netfd)); + logdbgx("client %s is ready", peer_ntop(netfd)); tunnel(netfd, devfd); - logdbg("client %s disconnected", peer_ntop(netfd)); + logdbgx("client %s disconnected", peer_ntop(netfd)); close(netfd); netreset(); } @@ -170,16 +169,16 @@ main(int argc, char *argv[]) /* invoked as client */ revokeprivs(user); if (mypledge("stdio dns inet", NULL) < 0) - logerr("pledge failed"); + fatal("pledge"); for (;;) { if ((netfd = clientconnect(host, port)) < 0) { netreset(); sleep(RECONNECTTIMEO); continue; } - logdbg("connected to %s", peer_ntop(netfd)); + logdbgx("connected to %s", peer_ntop(netfd)); tunnel(netfd, devfd); - logdbg("disconnected from %s", peer_ntop(netfd)); + logdbgx("disconnected from %s", peer_ntop(netfd)); close(netfd); netreset(); sleep(RECONNECTTIMEO); diff --git a/stun.h b/stun.h @@ -23,6 +23,9 @@ enum { TAPDEV }; +/* log.c */ +extern int debug; + /* stun.c */ extern int devtype; extern int aftype; @@ -57,8 +60,13 @@ int devread(int, unsigned char *, int); /* log.c */ void loginit(char *); void logdbg(char *, ...); +void logdbgx(char *, ...); void logwarn(char *, ...); +void logwarnx(char *, ...); void logerr(char *, ...); +void logerrx(char *, ...); +void fatal(char *, ...); +void fatalx(char *, ...); /* netpkt.c */ int netwrite(int, unsigned char *, size_t, size_t *); diff --git a/tunnel.c b/tunnel.c @@ -16,7 +16,7 @@ tunnel(int netfd, int devfd) pfd[1].events = POLLIN; for (;;) { if (poll(pfd, 2, -1) < 0) { - logwarn("poll failed"); + logwarn("poll"); return -1; } diff --git a/util.c b/util.c @@ -58,11 +58,11 @@ revokeprivs(char *user) struct passwd *pw; if (!(pw = getpwnam(user))) - logerr("no %s user", user); + fatalx("no %s user", user); if (setgroups(1, &pw->pw_gid) < 0 || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0 || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) - logerr("failed to revoke privs"); + fatalx("failed to revoke privs"); } int @@ -89,10 +89,10 @@ saddr_ntop(struct sockaddr *sa, socklen_t salen) port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV))) { if (ret == EAI_SYSTEM) { - logwarn("getnameinfo failed"); + logwarnx("getnameinfo failed"); return NULL; } else { - logwarn("getnameinfo: %s", gai_strerror(ret)); + logwarnx("getnameinfo: %s", gai_strerror(ret)); return NULL; } } @@ -107,7 +107,7 @@ peer_ntop(int fd) socklen_t sslen = sizeof(ss); if (getpeername(fd, (struct sockaddr *)&ss, &sslen) < 0) { - logwarn("getpeername failed"); + logwarn("getpeername"); return NULL; } return saddr_ntop((struct sockaddr *)&ss, sslen); @@ -124,7 +124,7 @@ ipversion(unsigned char *pkt) case 6: return AF_INET6; default: - logwarn("unknown protocol version: %d", (int)ip->ip_v); + logwarnx("unknown protocol version: %d", (int)ip->ip_v); break; } return -1;