add 'nullppp' protocol for testing

Use `socat` to set up a PTY connected to a TLS socket (listening only on the local interface):

    socat -s -d -d \
      PTY,raw,b9600 \
      OPENSSL-LISTEN:5556,cert=tests/certs/server-cert.pem,key=tests/certs/server-key.pem,verify=0,so-bindtodevice=lo
    [ N PTY is /dev/pts/X ]

Connect the PTY to `pppd` (requires root):

    # Add 'sync' to disable HDLC framing
    sudo pppd /dev/pts/X 10.0.0.1:10.0.0.101 noauth debug dump logfd 2 local nodetach passive persist ms-dns 1.1.1.1 ms-wins 5.5.5.5 +ipv6

Connect OpenConnect to the TLS socket, and watch it negotiate LCP/IPCP/IP6CP with its peer, and reject CCP:

    # Add noipv4,noipv6 to cookie to try those
    ./openconnect --protocol=nullppp --cookie hdlc --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --dump localhost:5556

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/Makefile.am b/Makefile.am
index fcbee7008d3b945e5fbf3404d27bdc5507b6124b..7e73364213ebae20b63c472d19c9552b9804f624 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -32,6 +32,7 @@ lib_srcs_cisco = auth.c cstp.c
 lib_srcs_juniper = oncp.c lzo.c auth-juniper.c
 lib_srcs_nx = nx.c
 lib_srcs_pulse = pulse.c
+lib_srcs_nullppp = nullppp.c
 lib_srcs_f5 = f5.c
 lib_srcs_ppp = ppp.c ppp.h
 lib_srcs_fortinet = fortinet.c
@@ -42,7 +43,7 @@ lib_srcs_oidc = oidc.c
 library_srcs += $(lib_srcs_juniper) $(lib_srcs_cisco) $(lib_srcs_oath) \
                $(lib_srcs_globalprotect) $(lib_srcs_pulse) $(lib_srcs_f5) \
                $(lib_srcs_ppp) $(lib_srcs_fortinet) $(lib_srcs_nx) \
-               $(lib_srcs_oidc)
+               $(lib_srcs_nullppp) $(lib_srcs_oidc)
 
 
 lib_srcs_gnutls = gnutls.c gnutls_tpm.c gnutls_tpm2.c

diff --git a/library.c b/library.c
index b988ad4ca5c1c399a0edb25fb3822ea359453e9c..912af639ebb5182edb736c93fc46ba149da009c9 100644 (file)
--- a/library.c
+++ b/library.c
@@ -237,6 +237,15 @@ static const struct vpn_proto openconnect_protos[] = {
                .udp_send_probes = oncp_esp_send_probes,
                .udp_catch_probe = oncp_esp_catch_probe,
 #endif
+       }, {
+               .name = "nullppp",
+               .pretty_name = N_("nullppp"),
+               .description = N_("nullppp"),
+               .flags = OC_PROTO_PROXY,
+               .tcp_connect = nullppp_connect,
+               .tcp_mainloop = ppp_mainloop,
+               .add_http_headers = http_common_headers,
+               .obtain_cookie = nullppp_obtain_cookie,
        },
 };
 

diff --git a/nullppp.c b/nullppp.c
new file mode 100644 (file)
index 0000000..bf2964b
--- /dev/null
+++ b/nullppp.c
@@ -0,0 +1,71 @@
+/*
+ * OpenConnect (SSL + DTLS) VPN client
+ *
+ * Copyright © 2020 David Woodhouse
+ *
+ * Author: David Woodhouse <dwmw2@infradead.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ */
+
+#include <config.h>
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <time.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdarg.h>
+#include <sys/types.h>
+
+#include "openconnect-internal.h"
+
+int nullppp_obtain_cookie(struct openconnect_info *vpninfo)
+{
+       if (!(vpninfo->cookie = strdup("")))
+               return -ENOMEM;
+       return 0;
+}
+
+int nullppp_connect(struct openconnect_info *vpninfo)
+{
+       int ret;
+       int ipv4, ipv6, hdlc;
+
+       /* XX: cookie hack. Use -C hdlc,noipv4,noipv6 on the
+        * command line to set options. */
+       hdlc = strstr(vpninfo->cookie, "hdlc") ? 1 : 0;
+       ipv4 = strstr(vpninfo->cookie, "noipv4") ? 0 : 1;
+       ipv6 = strstr(vpninfo->cookie, "noipv6") ? 0 : 1;
+
+       /* Now establish the actual connection */
+       ret = openconnect_open_https(vpninfo);
+       if (ret)
+               goto out;
+
+       ret = openconnect_ppp_new(vpninfo,
+                                 hdlc ? PPP_ENCAP_RFC1662_HDLC : PPP_ENCAP_RFC1661,
+                                 ipv4, ipv6);
+
+ out:
+       if (ret)
+               openconnect_close_https(vpninfo, 0);
+       else {
+               monitor_fd_new(vpninfo, ssl);
+               monitor_read_fd(vpninfo, ssl);
+               monitor_except_fd(vpninfo, ssl);
+       }
+
+       return ret;
+}

diff --git a/openconnect-internal.h b/openconnect-internal.h
index 4e88f91ca117837f88658e061fca4e9c580f2c52..0d1e8517cfc976cc93e5a8b5b272b7e26facc96a 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -951,6 +951,10 @@ int pulse_bye(struct openconnect_info *vpninfo, const char *reason);
 int pulse_eap_ttls_send(struct openconnect_info *vpninfo, const void *data, int len);
 int pulse_eap_ttls_recv(struct openconnect_info *vpninfo, void *data, int len);
 
+/* nullppp.c */
+int nullppp_obtain_cookie(struct openconnect_info *vpninfo);
+int nullppp_connect(struct openconnect_info *vpninfo);
+
 /* f5.c */
 int f5_obtain_cookie(struct openconnect_info *vpninfo);
 int f5_connect(struct openconnect_info *vpninfo);