def InputHandler(self, saddr, daddr, protocol, payload):
try:
try:
handler = ESP.SPI.findHandler(payload)
#print "InputHandler", repr(handler)
R, L = handler.libnetLSIs
except KeyError:
#print 'IOHandler: KeyError finding ESP handler'
#print repr(ESP.SPI.SPItable)
#print hexlify(payload)
#maybe someone else can deal with it
return None, ipqueue.NF_ACCEPT
except AttributeError:
#print '! no cached names'
R = libnet.name_resolve(
IPAddress.IPv6_ntoa(
struct.pack('!L', handler.machine.remoteLSI)), 0)
L = libnet.name_resolve(
IPAddress.IPv6_ntoa(
struct.pack('!L', handler.machine.localLSI)), 0)
handler.libnetLSIs = (R, L)
(rSPI, rSN, rdata, nextheader) = handler.unpack(payload)
#print "------>", time.time() - c, 'for ESP find and unpack'
#print 'ESP:', rSPI, rSN, hexlify(rdata), nextheader
if self.IPv6inside:
stack = 6
#print 'unpacking IPv6 packet'
# IPv6, has to be
header = struct.pack(IPAddress.IP6Header, 0x60000000,
len(rdata), nextheader, 63,
handler.machine.remoteHIT,
handler.machine.localHIT)
pkt2 = ''.join([header, rdata])
daddr = handler.machine.localHIT
else:
# IPv4
#c = time.time()
stack = 4
p = libnet.packet()
p.payload = rdata
p.build_ip(len(p), 0, 1, 0, 255, nextheader, R, L)
p.do_checksum(libnet.IPPROTO_IP, libnet.IP_H)
#print "delivering", hexlify(p.getvalue())
pkt2 = repr(p)
if nextheader in [6, 17]: # need to fix the checksum
pkt2 = fixULPChecksum(pkt2)
daddr = struct.pack('!L', handler.machine.localLSI)
#print "--->", time.time() - c, 'for ESP deliver construction'
#print "InputHandler delivering", hexlify(pkt2)
self.sendHandler.OutQueue.put((stack, pkt2, nextheader, daddr))
#return pkt2, ipqueue.NF_REPEAT
return None, ipqueue.NF_DROP
except ESP.ESPUnpackError, x:
print 'Unpack error:', x
return None, ipqueue.NF_DROP
def deliverESP(cls, Socket, OutQueue):
try:
pkt = os.read(Socket, 70000)
except OSError:
return
try:
#c = time.time()
try:
handler = SPI.findHandler(payload)
R, L = handler.libnetLSIs
except KeyError:
#print 'KeyError finding ESP handler'
#print hexlify(payload)
return
except AttributeError:
#print '! no cached names'
R = libnet.name_resolve(
socket.inet_ntoa(
struct.pack('!L', handler.machine.remoteLSI)), 0)
L = libnet.name_resolve(
socket.inet_ntoa(
struct.pack('!L', handler.machine.localLSI)), 0)
handler.libnetLSIs = (R, L)
#print repr(map(curryl(getattr, handler), ['SPI', 'alg', 'key', 'authkey', 'iv']))
(rSPI, rSN, rdata, nextheader) = handler.unpack(payload)
#print "------>", time.time() - c, 'for ESP find and unpack'
#print 'ESP:', rSPI, rSN, hexlify(rdata), nextheader
if nextheader == 60:
#print 'unpacking IPv6 packet'
# IPv6, has to be
# remove the padding destopt we put in
if rdata[2] == '\x01':
nextheader = ord(rdata[0])
optlen = (ord(rdata[1]) + 1) * 8
rdata = rdata[optlen:]
header = struct.pack(IP6Header, 0x60000000, len(rdata),
nextheader, 63, handler.remoteIPv6addr,
handler.localIPv6addr)
pkt2 = ''.join([header, rdata])
else:
# IPv4
#c = time.time()
p = libnet.packet()
p.payload = rdata
p.build_ip(len(p), 0, 1, 0, 255, nextheader, R, L)
p.do_checksum(libnet.IPPROTO_IP, libnet.IP_H)
#print "delivering", hexlify(p.getvalue())
pkt2 = repr(p)
if nextheader in [6, 17]: # need to fix the checksum
pkt2 = HIPUtils.fixULPChecksum(pkt2)
#print "--->", time.time() - c, 'for ESP deliver construction'
#print "delivering", hexlify(pkt2)
OutQueue.put(pkt2)
except ESP.ESPUnpackError, x:
print 'Unpack error:', x
def Writer(self):
s = self.Socket
p = libnet.packet()
q = self.OutQueue
while 1:
#print self.__class__, 'Writer'
payload, r, l = q.get()
R = libnet.name_resolve(r[0], 0)
L = libnet.name_resolve(l[0], 0)
p.payload = payload
p.build_ip(len(p), 0, 1, 0, 255, l[1], L, R)
# needn't bother, stack will do it for us
#p.do_checksum(libnet.IPPROTO_IP, libnet.IP_H)
#print self.__class__, "delivering", hexlify(repr(p))
#print 'SocketOut', d.getsockname()
#if d.getsockname()[1] == HIP_PROTO_NO: print HIPOptMessage.packetDump(p)
s.sendto(repr(p), r)
def OutputHandler(self, saddr, daddr, protocol, payload):
# We want to be fast
try:
#pkt, addr = r
#print "Filter gave:", hexlify(payload)
#print "tunnel:", hexlify(saddr), hexlify(daddr)
if payload == None:
return None, ipqueue.NF_ACCEPT
try:
# IPv4
machine = self.LSItable[daddr]
except KeyError:
try:
#print "HITtable has keys", self.HITtable.keys()
machine = self.HITtable[daddr]
except KeyError:
#print "Dropping it on the floor"
return None, ipqueue.NF_DROP
try:
#print "Machine is:", machine
machine.lastused = time.time()
except:
#print 'Giving up, see if stack can do something.'
return None, ipqueue.NF_ACCEPT
if hasattr(machine, 'piggyback') and machine.piggyback:
machine.send(HIPOptMessage.PAYLOAD,
piggy=machine.localESP.pack(protocol, payload),
piggybackProtocol=ESP_PROTO_NO)
return None, ipqueue.NF_DROP
else:
#print machine.__dict__.keys()
payload, r, l = (machine.localESP.pack(protocol, payload),
machine.remoteIPCurrent,
(machine.localIPCurrent, ESP_PROTO_NO))
if not self.outside:
# IPv4
stack = 4
R = libnet.name_resolve(r[0], 0)
L = libnet.name_resolve(l[0], 0)
p = libnet.packet()
p.payload = payload
p.build_ip(len(p), 0, 1, 0, 255, l[1], L, R)
p.do_checksum(libnet.IPPROTO_IP, libnet.IP_H)
pkt = repr(p)
else:
# IPv6
stack = 6
nextheader = ESP_PROTO_NO
#print "Sending ESP with this:", repr(machine.__dict__)
header = struct.pack(IPAddress.IP6Header, 0x60000000,
len(payload), nextheader, 63,
machine.localIPCurrent6_n,
machine.remoteIPCurrent_n)
pkt = ''.join([header, payload])
#print "OutputHandler delivering", stack, hexlify(pkt)
#self.tunhandler.OutQueue.put(pkt)
self.sendHandler.OutQueue.put(
(stack, pkt, ESP_PROTO_NO, machine.remoteIPCurrent_n))
#return pkt, ipqueue.NF_REPEAT
return None, ipqueue.NF_DROP
except (KeyError, ESP.ESPHeld):
print 'Error'
return None, ipqueue.NF_ACCEPT