tinc behind sslh
Varda Zklir
v20z at yahoo.com
Sat Nov 12 18:01:02 CET 2011
Thanks for your quick reply Guus.
> The problem is in sslh. There is a bug in the detection of
> tinc's protocol,
> which the attached patch should fix.
I've already tried something similar but less refined, simply with:
int is_tinc_protocol( const char *p, int len)
{
return !strncmp(p, "0 ", 2);
}
Which should return 1. But this has no effect because there is no "0 " from client. Below is tcpdump output between "Trying to connect" and "Closing connection". There even not present identification "0 client 17.0"
# tcpdump -Xni int0 port 443
21:33:47.406219 IP 192.168.0.2.19781 > 192.168.0.1.443: Flags [S], seq 888227560, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 615000295 ecr 0], length 0
0x0000: 4500 003c b31b 4000 4006 0554 c0a8 0001 E..<.. at .@..T....
0x0010: c0a8 00fb 4d45 007b 34f1 46e8 0000 0000 ....ME.{4.F.....
0x0020: a002 ffff ae8e 0000 0204 05b4 0103 0303 ................
0x0030: 0402 080a 24a8 28e7 0000 0000 ....$.(.....
21:33:47.406241 IP 192.168.0.1.443 > 192.168.0.2.19781: Flags [S.], seq 2941630688, ack 888227561, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 1507288258 ecr 615000295], length 0
0x0000: 4500 003c abfe 4000 4006 0c71 c0a8 00fb E..<.. at .@..q....
0x0010: c0a8 0001 007b 4d45 af55 b8e0 34f1 46e9 .....{ME.U..4.F.
0x0020: a012 ffff 827b 0000 0204 05b4 0103 0303 .....{..........
0x0030: 0402 080a 59d7 64c2 24a8 28e7 ....Y.d.$.(.
21:33:47.406314 IP 192.168.0.2.19781 > 192.168.0.1.443: Flags [.], ack 1, win 8326, options [nop,nop,TS val 615000295 ecr 1507288258], length 0
0x0000: 4500 0034 b31c 4000 4006 055b c0a8 0001 E..4.. at .@..[....
0x0010: c0a8 00fb 4d45 007b 34f1 46e9 af55 b8e1 ....ME.{4.F..U..
0x0020: 8010 2086 95ef 0000 0101 080a 24a8 28e7 ............$.(.
0x0030: 59d7 64c2 Y.d.
21:33:57.323369 IP 192.168.0.1.443 > 192.168.0.2.19781: Flags [F.], seq 1, ack 1, win 8326, options [nop,nop,TS val 1507298259 ecr 615000295], length 0
0x0000: 4500 0034 ac21 4000 4006 0c56 c0a8 00fb E..4.!@. at ..V....
0x0010: c0a8 0001 007b 4d45 af55 b8e1 34f1 46e9 .....{ME.U..4.F.
0x0020: 8011 2086 8273 0000 0101 080a 59d7 8bd3 .....s......Y...
0x0030: 24a8 28e7 $.(.
21:33:57.323425 IP 192.168.0.2.19781 > 192.168.0.1.443: Flags [.], ack 2, win 8326, options [nop,nop,TS val 615010212 ecr 1507298259], length 0
0x0000: 4500 0034 b494 4000 4006 03e3 c0a8 0001 E..4.. at .@.......
0x0010: c0a8 00fb 4d45 007b 34f1 46e9 af55 b8e2 ....ME.{4.F..U..
0x0020: 8010 2086 4820 0000 0101 080a 24a8 4fa4 ....H.......$.O.
0x0030: 59d7 8bd3 Y...
21:33:57.323511 IP 192.168.0.2.19781 > 192.168.0.1.443: Flags [F.], seq 1, ack 2, win 8326, options [nop,nop,TS val 615010212 ecr 1507298259], length 0
0x0000: 4500 0034 b495 4000 4006 03e2 c0a8 0001 E..4.. at .@.......
0x0010: c0a8 00fb 4d45 007b 34f1 46e9 af55 b8e2 ....ME.{4.F..U..
0x0020: 8011 2086 481f 0000 0101 080a 24a8 4fa4 ....H.......$.O.
0x0030: 59d7 8bd3 Y...
21:33:57.323529 IP 192.168.0.1.443 > 192.168.0.2.19781: Flags [.], ack 2, win 8325, options [nop,nop,TS val 1507298259 ecr 615010212], length 0
0x0000: 4500 0034 ac22 4000 4006 0c55 c0a8 00fb E..4."@. at ..U....
0x0010: c0a8 0001 007b 4d45 af55 b8e2 34f1 46ea .....{ME.U..4.F.
0x0020: 8010 2085 8273 0000 0101 080a 59d7 8bd3 .....s......Y...
0x0030: 24a8 4fa4 $.O.
There are FreebBSD 8.2 on both sides and I've used sslh 1.9 and 1.10-rc1 and tinc versions 1.1pre2, 1.0.16, 1.0.15. Result is the same that not client ID sent.
Also some issue with 1.1pre2. It works with -D -d5 but exits if no debug:
Nov 12 17:27:11 server tinc[45914]: tincd 1.1pre2 (Nov 12 2011 17:26:59) starting, debug level 0
Nov 12 17:27:11 server kernel: tap0: link state changed to UP
Nov 12 17:27:11 server tinc[45914]: Ready
Nov 12 17:27:11 server tinc[45914]: Error while waiting for input: Bad file descriptor
Nov 12 17:27:11 server tinc[45914]: Terminating
Nov 12 17:27:11 server kernel: tap0: link state changed to DOWN
The same with tun and tap devices.
Versions 1.0.15 and 1.0.16 works fine without debug.
Thank You.
More information about the tinc
mailing list