punchd/punchd.nim

import asyncdispatch, asyncnet, os, strformat, strutils
from nativesockets import Domain, SockType, Protocol
from net import IpAddress, Port, `$`
import asyncutils
import message
import tcp_syni_initiator
import tcp_syni_responder
import tcp_nutss_initiator
import tcp_nutss_responder

from strutils import format, join
from nativesockets import setSockOptInt

type
  Punchd = ref object
    unixSocket: AsyncSocket
    tcpSyniInitiator: TcpSyniInitiator
    tcpSyniResponder: TcpSyniResponder
    tcpNutssInitiator: TcpNutssInitiator
    tcpNutssResponder: TcpNutssResponder

  Sigint = object of CatchableError

  # Requests
  InitiateTcpSyni = object
    srcIp: IpAddress
    srcPorts: seq[Port]
    dstIp: IpAddress
    dstPorts: seq[Port]

  RespondTcpSyni = object
    dstIp: IpAddress
    dstPorts: seq[Port]
    srcIp: IpAddress
    srcPorts: seq[Port]
    seqNums: seq[uint32]

  InitiateTcpNutss = object
    srcIp: IpAddress
    srcPorts: seq[Port]
    dstIp: IpAddress
    dstPorts: seq[Port]

  RespondTcpNutss = object
    dstIp: IpAddress
    dstPorts: seq[Port]
    srcIp: IpAddress
    srcPorts: seq[Port]
    extraData: string

const PunchdSocket = "/tmp/punchd.socket"

proc handleSigint() {.noconv.} =
  raise newException(Sigint, "received SIGINT")

proc sendToClient(unixSock: AsyncSocket, msg: string,
                  cmsgs: seq[ControlMessage] = @[]) {.async.} =
  if not unixSock.isClosed():
    let unixFd = unixSock.getFd.AsyncFD
    await unixFd.asyncSendMsg(msg, cmsgs)

proc handleRequest(punchd: Punchd, line: string,
                   unixSock: AsyncSocket) {.async.} =
  var id: string
  var sock: AsyncSocket
  try:
    let args = line.parseArgs(4)
    id = args[1]

    case args[0]:
    of "initiate":
      case args[2]:
      of "tcp-syni":
        let req = parseMessage[InitiateTcpSyni](args[3])
        proc progress(seqNumbers: seq[uint32]) {.async.} =
          echo "progress! seqNumbers: ", seqNumbers
          let content = @["tcp-syni", $req.srcIp, req.srcPorts.join(","),
                          $req.dstIp, req.dstPorts.join(","),
                          seqNumbers.join(",")].join("|")
          await sendToClient(unixSock, &"progress|{id}|{content}\n")
        sock = await punchd.tcpSyniInitiator.initiate(req.srcPorts[0], req.dstIp,
                                                      req.dstPorts, progress)

      of "tcp-nutss":
        let req = parseMessage[InitiateTcpNutss](args[3])
        proc progress() {.async.} =
          echo "progress!"
          let content = @["tcp-nutss", $req.srcIp, req.srcPorts.join(","),
                          $req.dstIp, req.dstPorts.join(",")].join("|")
          await sendToClient(unixSock, &"progress|{id}|{content}\n")
        sock = await punchd.tcpNutssInitiator.initiate(req.srcPorts[0], req.dstIp,
                                                       req.dstPorts, progress)

      else:
        raise newException(ValueError, "invalid request")


    of "respond":
      case args[2]:
      of "tcp-syni":
        let req = parseMessage[RespondTcpSyni](args[3])
        sock = await punchd.tcpSyniResponder.respond(req.srcPorts[0], req.dstIp,
                                                     req.dstPorts, req.seqNums)

      of "tcp-nutss":
        let req = parseMessage[RespondTcpNutss](args[3])
        sock = await punchd.tcpNutssResponder.respond(req.srcPorts[0],
                                                      req.dstIp, req.dstPorts)

      else:
        raise newException(ValueError, "invalid request")

    else:
      raise newException(ValueError, "invalid request")

    await sendToClient(unixSock, &"ok|{id}\n", @[fromFd(sock.getFd.AsyncFD)])
    sock.close()

  except PunchHoleError as e:
    await sendToClient(unixSock, &"error|{id}|{e.msg}\n")
  except ValueError:
    unixSock.close

proc handleRequests(punchd: Punchd, userSock: AsyncSocket) {.async.} =
  while true:
    if userSock.isClosed:
      break
    let line = await userSock.recvLine(maxLength = 400)
    if line.len == 0:
      userSock.close()
      break
    asyncCheck punchd.handleRequest(line, userSock)

proc handleUsers(punchd: Punchd) {.async.} =
  while true:
    let user = await punchd.unixSocket.accept()
    asyncCheck punchd.handleRequests(user)

proc main() =
  setControlCHook(handleSigint)
  removeFile(PunchdSocket)
  let unixSocket = newAsyncSocket(AF_UNIX, SOCK_STREAM, IPPROTO_IP)
  unixSocket.bindUnix(PunchdSocket)
  unixSocket.listen()
  setFilePermissions(PunchdSocket,
                     {fpUserRead, fpUserWrite, fpGroupRead, fpGroupWrite,
                      fpOthersRead, fpOthersWrite})
  let punchd = Punchd(unixSocket: unixSocket,
                      tcpSyniInitiator: initTcpSyniInitiator(),
                      tcpSyniResponder: initTcpSyniResponder(),
                      tcpNutssInitiator: initTcpNutssInitiator(),
                      tcpNutssResponder: initTcpNutssResponder())
  asyncCheck handleUsers(punchd)
  try:
    runForever()

  except Sigint:
    waitFor punchd.tcpSyniInitiator.cleanup()
    waitFor punchd.tcpSyniResponder.cleanup()
    waitFor punchd.tcpNutssInitiator.cleanup()
    waitFor punchd.tcpNutssResponder.cleanup()
    punchd.unixSocket.close()
    removeFile(PunchdSocket)

when isMainModule:
  main()
enter punchd 2020-07-07 19:39:28 +02:00			`import asyncdispatch, asyncnet, os, strformat, strutils`
			`from nativesockets import Domain, SockType, Protocol`
			from net import IpAddress, Port, `$`
			`import asyncutils`
			`import message`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`import tcp_syni_initiator`
			`import tcp_syni_responder`
first try implementing the NUTSS (b) approach 2020-10-14 20:52:20 +02:00			`import tcp_nutss_initiator`
			`import tcp_nutss_responder`
enter punchd 2020-07-07 19:39:28 +02:00
			`from strutils import format, join`
			`from nativesockets import setSockOptInt`

			`type`
cleanup on SIGINT 2020-08-22 12:34:12 +02:00			`Punchd = ref object`
			`unixSocket: AsyncSocket`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`tcpSyniInitiator: TcpSyniInitiator`
			`tcpSyniResponder: TcpSyniResponder`
first try implementing the NUTSS (b) approach 2020-10-14 20:52:20 +02:00			`tcpNutssInitiator: TcpNutssInitiator`
			`tcpNutssResponder: TcpNutssResponder`
cleanup on SIGINT 2020-08-22 12:34:12 +02:00
			`Sigint = object of CatchableError`

enter punchd 2020-07-07 19:39:28 +02:00			`# Requests`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`InitiateTcpSyni = object`
enter punchd 2020-07-07 19:39:28 +02:00			`srcIp: IpAddress`
don't force 3 ports / sequence numbers 2020-08-26 21:33:13 +02:00			`srcPorts: seq[Port]`
enter punchd 2020-07-07 19:39:28 +02:00			`dstIp: IpAddress`
don't force 3 ports / sequence numbers 2020-08-26 21:33:13 +02:00			`dstPorts: seq[Port]`
enter punchd 2020-07-07 19:39:28 +02:00
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`RespondTcpSyni = object`
enter punchd 2020-07-07 19:39:28 +02:00			`dstIp: IpAddress`
don't force 3 ports / sequence numbers 2020-08-26 21:33:13 +02:00			`dstPorts: seq[Port]`
enter punchd 2020-07-07 19:39:28 +02:00			`srcIp: IpAddress`
don't force 3 ports / sequence numbers 2020-08-26 21:33:13 +02:00			`srcPorts: seq[Port]`
use dynamic length of destination ports and captured sequence numbers (3 for now) 2020-07-21 11:10:56 +02:00			`seqNums: seq[uint32]`
enter punchd 2020-07-07 19:39:28 +02:00
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`InitiateTcpNutss = object`
first try implementing the NUTSS (b) approach 2020-10-14 20:52:20 +02:00			`srcIp: IpAddress`
			`srcPorts: seq[Port]`
			`dstIp: IpAddress`
			`dstPorts: seq[Port]`

adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`RespondTcpNutss = object`
first try implementing the NUTSS (b) approach 2020-10-14 20:52:20 +02:00			`dstIp: IpAddress`
			`dstPorts: seq[Port]`
			`srcIp: IpAddress`
			`srcPorts: seq[Port]`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`extraData: string`
first try implementing the NUTSS (b) approach 2020-10-14 20:52:20 +02:00
introduce generic puncher; split tcp_syni into connect and accept modules 2020-10-12 21:31:55 +02:00			`const PunchdSocket = "/tmp/punchd.socket"`

delete punchd socket on SIGINT 2020-07-28 00:17:45 +02:00			`proc handleSigint() {.noconv.} =`
			`raise newException(Sigint, "received SIGINT")`

check if the client is still there before sending a message (fix unhandled ValueError) 2020-10-16 00:18:11 +02:00			`proc sendToClient(unixSock: AsyncSocket, msg: string,`
			`cmsgs: seq[ControlMessage] = @[]) {.async.} =`
			`if not unixSock.isClosed():`
			`let unixFd = unixSock.getFd.AsyncFD`
			`await unixFd.asyncSendMsg(msg, cmsgs)`

cleanup on SIGINT 2020-08-22 12:34:12 +02:00			`proc handleRequest(punchd: Punchd, line: string,`
			`unixSock: AsyncSocket) {.async.} =`
enter punchd 2020-07-07 19:39:28 +02:00			`var id: string`
			`var sock: AsyncSocket`
			`try:`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`let args = line.parseArgs(4)`
enter punchd 2020-07-07 19:39:28 +02:00			`id = args[1]`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00
enter punchd 2020-07-07 19:39:28 +02:00			`case args[0]:`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`of "initiate":`
			`case args[2]:`
			`of "tcp-syni":`
			`let req = parseMessage[InitiateTcpSyni](args[3])`
			`proc progress(seqNumbers: seq[uint32]) {.async.} =`
			`echo "progress! seqNumbers: ", seqNumbers`
			`let content = @["tcp-syni", $req.srcIp, req.srcPorts.join(","),`
			`$req.dstIp, req.dstPorts.join(","),`
			`seqNumbers.join(",")].join("\|")`
			`await sendToClient(unixSock, &"progress\|{id}\|{content}\n")`
			`sock = await punchd.tcpSyniInitiator.initiate(req.srcPorts[0], req.dstIp,`
			`req.dstPorts, progress)`

			`of "tcp-nutss":`
			`let req = parseMessage[InitiateTcpNutss](args[3])`
			`proc progress() {.async.} =`
			`echo "progress!"`
			`let content = @["tcp-nutss", $req.srcIp, req.srcPorts.join(","),`
			`$req.dstIp, req.dstPorts.join(",")].join("\|")`
			`await sendToClient(unixSock, &"progress\|{id}\|{content}\n")`
			`sock = await punchd.tcpNutssInitiator.initiate(req.srcPorts[0], req.dstIp,`
			`req.dstPorts, progress)`

			`else:`
			`raise newException(ValueError, "invalid request")`


			`of "respond":`
			`case args[2]:`
			`of "tcp-syni":`
			`let req = parseMessage[RespondTcpSyni](args[3])`
			`sock = await punchd.tcpSyniResponder.respond(req.srcPorts[0], req.dstIp,`
			`req.dstPorts, req.seqNums)`

			`of "tcp-nutss":`
			`let req = parseMessage[RespondTcpNutss](args[3])`
			`sock = await punchd.tcpNutssResponder.respond(req.srcPorts[0],`
			`req.dstIp, req.dstPorts)`

			`else:`
			`raise newException(ValueError, "invalid request")`

enter punchd 2020-07-07 19:39:28 +02:00			`else:`
			`raise newException(ValueError, "invalid request")`
try to implement clean firewall rule creation / destruction 2020-08-21 23:12:45 +02:00
check if the client is still there before sending a message (fix unhandled ValueError) 2020-10-16 00:18:11 +02:00			`await sendToClient(unixSock, &"ok\|{id}\n", @[fromFd(sock.getFd.AsyncFD)])`
close sock after sending to client 2020-10-07 00:31:04 +02:00			`sock.close()`
enter punchd 2020-07-07 19:39:28 +02:00
			`except PunchHoleError as e:`
check if the client is still there before sending a message (fix unhandled ValueError) 2020-10-16 00:18:11 +02:00			`await sendToClient(unixSock, &"error\|{id}\|{e.msg}\n")`
enter punchd 2020-07-07 19:39:28 +02:00			`except ValueError:`
			`unixSock.close`

cleanup on SIGINT 2020-08-22 12:34:12 +02:00			`proc handleRequests(punchd: Punchd, userSock: AsyncSocket) {.async.} =`
enter punchd 2020-07-07 19:39:28 +02:00			`while true:`
userSock may be closed in handleRequest, so check before recvLine 2020-07-27 23:51:16 +02:00			`if userSock.isClosed:`
			`break`
enter punchd 2020-07-07 19:39:28 +02:00			`let line = await userSock.recvLine(maxLength = 400)`
			`if line.len == 0:`
close socket if client has hung up 2020-10-10 11:14:31 +02:00			`userSock.close()`
enter punchd 2020-07-07 19:39:28 +02:00			`break`
cleanup on SIGINT 2020-08-22 12:34:12 +02:00			`asyncCheck punchd.handleRequest(line, userSock)`
enter punchd 2020-07-07 19:39:28 +02:00
cleanup on SIGINT 2020-08-22 12:34:12 +02:00			`proc handleUsers(punchd: Punchd) {.async.} =`
enter punchd 2020-07-07 19:39:28 +02:00			`while true:`
cleanup on SIGINT 2020-08-22 12:34:12 +02:00			`let user = await punchd.unixSocket.accept()`
			`asyncCheck punchd.handleRequests(user)`
enter punchd 2020-07-07 19:39:28 +02:00
			`proc main() =`
delete punchd socket on SIGINT 2020-07-28 00:17:45 +02:00			`setControlCHook(handleSigint)`
			`removeFile(PunchdSocket)`
change puncher interface to allow accepting multiple connections 2020-10-02 17:12:29 +02:00			`let unixSocket = newAsyncSocket(AF_UNIX, SOCK_STREAM, IPPROTO_IP)`
			`unixSocket.bindUnix(PunchdSocket)`
			`unixSocket.listen()`
set punchd socket file permissions to 0666 2020-07-28 00:18:27 +02:00			`setFilePermissions(PunchdSocket,`
			`{fpUserRead, fpUserWrite, fpGroupRead, fpGroupWrite,`
			`fpOthersRead, fpOthersWrite})`
introduce generic puncher; split tcp_syni into connect and accept modules 2020-10-12 21:31:55 +02:00			`let punchd = Punchd(unixSocket: unixSocket,`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`tcpSyniInitiator: initTcpSyniInitiator(),`
			`tcpSyniResponder: initTcpSyniResponder(),`
first try implementing the NUTSS (b) approach 2020-10-14 20:52:20 +02:00			`tcpNutssInitiator: initTcpNutssInitiator(),`
			`tcpNutssResponder: initTcpNutssResponder())`
cleanup on SIGINT 2020-08-22 12:34:12 +02:00			`asyncCheck handleUsers(punchd)`
delete punchd socket on SIGINT 2020-07-28 00:17:45 +02:00			`try:`
			`runForever()`

			`except Sigint:`
adapt punchd messages to README 2020-10-22 00:22:11 +02:00			`waitFor punchd.tcpSyniInitiator.cleanup()`
			`waitFor punchd.tcpSyniResponder.cleanup()`
first try implementing the NUTSS (b) approach 2020-10-14 20:52:20 +02:00			`waitFor punchd.tcpNutssInitiator.cleanup()`
			`waitFor punchd.tcpNutssResponder.cleanup()`
workaround segfault (need to investigate later) 2020-08-22 13:11:55 +02:00			`punchd.unixSocket.close()`
delete punchd socket on SIGINT 2020-07-28 00:17:45 +02:00			`removeFile(PunchdSocket)`
enter punchd 2020-07-07 19:39:28 +02:00
			`when isMainModule:`
			`main()`