I am trying to achieve DTLS over SCTP using OpenSSL with c++ on Linux (Fedora21 x86_64)
Problematic Code:
BIO *sbio=BIO_new_dgram_sctp( m_sctp_socket,BIO_NOCLOSE)
Could you please let me know on why OpenSSL is asserting ?
Crashing frame:
#0 0x00007f86fbed98d7 in __GI_raise (sig=sig#entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#1 0x00007f86fbedb53a in __GI_abort () at abort.c:89
#2 0x00007f86fcf7512f in OpenSSLDie () from /lib64/libcrypto.so.1.0.0
#3 0x00007f86fd028c3a in BIO_new_dgram_sctp () from /lib64/libcrypto.so.1.0.0
Gettting the below assertion message runtime at BIO_new_dgram_sctp()
bss_dgram.c(1041): OpenSSL internal error, assertion failed: auth_data
SCTP support in kernel checked:
[blackmamba#fedora21]$ checksctp
SCTP supported
Enabled auth chunk in sysctl
net.sctp.auth_enable = 1
OpenSSL version
OpenSSL 1.0.2a 19 Mar 2015
I was facing this problem and then issue got resolved after i call an API "BIO_new_dgram_sctp" on listener socket just before accepting new connections.
try
{
ivSocket->doListen();
}
catch(SocketException& anException)
{
//Destroy this thread
_close();
}
/* If security is enabled */
if ((ivSecurity == eTLS) && (ivTransport == eSCTP))
{
/* Create DTLS/SCTP BIO and connect */
BIO *bio = BIO_new_dgram_sctp(ivSocket->getSocketId(), BIO_CLOSE);
}
/* call select on read and write FD's */
/* Accept new connection that returns new FD and then call SSL_Accept for new FD */
Related
I`m using Node.js code and trying to connect to PaloAlto Firewall device using Node-SSH exec function, through the following code, in order to execute a command on the device and using the ssh connection and get its result into stream and then read it.
const ssh = new NodeSSH();
const {host} = config;
let connection;
connection = await ssh.connect(config);
try {
ssh.exec(command.script, { stream: 'both' }).then(function(output) {
this.logger.debug(`2DevTeam stdout: ${output.stdout}`);
this.logger.debug(`2DevTeam stderr: ${output.stderr}`);
})
} catch (ex) {
this.logger.error(`[CONNECT ${executionId}]: Execution failure:
${ex.message}"`)
}
However, it seems that the function ssh.exec is not executing and I can`t see the log nor the error of the catch;
Please Help!
public class Watcher: Object
{
private int _fd;
private uint _watch;
private IOChannel _channel;
private uint8[] _buffer;
private int BUFFER_LENGTH;
public Watcher(string path, Linux.InotifyMaskFlags mask){
_buffer = new uint8[BUFFER_LENGTH];
//➔ Initialize notify subsystem
_fd = Linux.inotify_init();
if(_fd < 0){
error(#"Failed to initialize the notify subsystem: $(strerror(errno))");
}
//➔ actually adding abstraction to linux file descriptor
_channel = new IOChannel.unix_new(_fd);
//➔ watch the channel for given condition
//➔ IOCondition.IN => When the channel is ready for reading , IOCondition.HUP=>Hangup(Error)
_watch = _channel.add_watch(IOCondition.IN | IOCondition.HUP, onNotified);
if(_watch < 0){
error(#"Failed to add watch to channel");
}
//➔ Tell linux kernel to watch for any mask(for ex; access, modify) on a given filepath
var ok = Linux.inotify_add_watch(_fd, path, mask);
if(ok < 0){
error(#"Failed to add watch to path -- $path : $(strerror(errno))");
}
print(#"Watching for $(mask) on $path");
}
protected bool onNotified(IOChannel src, IOCondition condition)
{
if( (condition & IOCondition.HUP) == IOCondition.HUP){
error(#"Received hang up from inotify, can't get update");
}
if( (condition & IOCondition.IN) == IOCondition.IN){
var bytesRead = Posix.read(_fd, _buffer, BUFFER_LENGTH);
Linux.InotifyEvent *pevent = (Linux.InotifyEvent*) _buffer;
handleEvent(*pevent);
}
return true;
}
protected void handleEvent(Linux.InotifyEvent ev){
print("Access Detected!\n");
Posix.exit(0);
}
~Watcher(){
if(_watch != 0){
Source.remove(_watch);
}
if(_fd != -1){
Posix.close(_fd);
}
}
}
int main(string[] args) requires (args.length > 1)
{
var watcher = new Watcher(args[1], Linux.InotifyMaskFlags.ACCESS);
var loop = new MainLoop();
loop.run();
return 0;
}
The above code can be found on "Introducing Vala Programming - Michael Lauer"
Proof of failure:
Image displaying failure on access to the file being watched for access
Terminal 1:
./inotifyWatcher
Terminal 2:
cat
As soon as I access the file, segmentation fault occurs.
I have also tried using gdb for the cause of failure, but it's mostly cryptic for me. I am using parrot(debian/64-bit) on my machine. Also, I am new to this(stackoverflow, linux kernel program).
Vala source line numbers can be included in the binary when compiling with the --debug switch. The line numbers appear in the .debug_line DWARF section of an ELF binary:
valac --debug --pkg linux inotifyWatcher.vala
Run the binary using gdb in the first terminal:
gdb --args ./inotifyWatcher .
(gdb) run
The dot specifies to watch the current directory. Then when the current directory is access with a command like ls the watching program segmentation faults. The output from GDB is:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000401a86 in watcher_onNotified (self=0x412830, src=0x40e6e0, condition=G_IO_IN) at inotifyWatcher.vala:51
51 handleEvent(*pevent);
GDB includes the line number, 51, from the source file and shows the line.
So the problem is to do with reading from the file descriptor then passing the buffer to handleEvent. You probably want to check bytesRead is greater than zero and I'm not sure about the use of pointers in this example. Explicit pointers like that should rarely need to be used in Vala, it may require a change to the binding, e.g. using ref to modify the way the argument is passed.
My indent to create reverse ssh tunnel/ssh port forwarding mechanism.
Here is the actual reverse ssh command :
ssh -fN -R 101:localhost:22 computer#123.123.0.27 -p 2320
I need to run this command from my C api using popen(), i was implemented like as follows.
Note: system's public & private keys are already shared i.e, no need to give the password.
int create_tunnel (void)
{
FILE *fptr_ssh = NULL;
char sshcmd[100] = {0};
char response[100] = {0};
sprintf(sshcmd, "ssh -fN -R 101:localhost:22 computer#123.123.0.27 -p 2320");
fptr_ssh = popen(sshcmd, "r"); /* Executing ssh */
if(NULL == fptr_ssh) {
perror("popen failed");
return -1;
}
/* Getting message from fp */
if(!fgets(response, (sizeof(response)-1), fptr_ssh)) {
perror("fgets failed");
return -1;
}
printf("Msg: %s\n", response);
pclose(fptr_ssh);
return 0;
}
Success Case: if every thing fine, port forwarding will success no problem.
In Failure Case : Consider this example:
if no connectivity following message will displays in stdout (terminal).
ssh: connect to host 123.123.0.27 port 2320: Network is unreachable
but i unable to get any information from my C api /fgets() from file pointer fptr_ssh.
It return success and no message from fgets.
fgets failed: Success
I have two Arduino unos flashed with the standard StandardFirmata and i'm trying the multi board demo with a simple node project (johnny-five npm package). Both arduinos work when I try them separately. with the following code:
var five = require("johnny-five");
var boardOne = new five.Board({ id: "A", port: "/dev/cu.usbmodem1d1141" });
boardOne.on("ready", function(){
var led = new five.Led({
pin: 13,
board: this
});
led.on();
});
node index.js
1418288836782 Connected /dev/cu.usbmodem1d1141
1418288836784 Repl Initialized
>>
When trying the multi board example I get:
Device or Firmware Error A timeout occurred while connecting to the Board.
Please check that you've properly flashed the board with the correct firmware.
var five = require("johnny-five");
var ports = [
{ id: "A", port: "/dev/cu.usbmodem1d1141" },
{ id: "B", port: "/dev/cu.usbmodem1d1131" }
];
new five.Boards(ports).on("ready", function(){
var led = new five.Led({
pin: 13,
board: this[0]
});
led.on();
});
Update #1:
Out of curiosity I tried to switch around the usb cables and got some different results:
1) Only one arduino seems to connect:
1418318698635 Device(s) /dev/cu.usbmodem1a1231,/dev/cu.usbmodem1a1241
1418318698642 Device(s) /dev/cu.usbmodem1a1241
1418318701849 Connected /dev/cu.usbmodem1a1231
1418318701850 Board ID: A
or 2) I get an error:
.../johnny-five-master/node_modules/firmata/lib/firmata.js:246
board.pins[pin].analogChannel = currentValue;
^
TypeError: Cannot set property 'analogChannel' of undefined
at Object.SYSEX_RESPONSE.(anonymous function) [as 106]
(.../johnny-five-master/node_modules/firmata/lib/firmata.js:246:35)
Update #2:
I did the above test with cylon.js and got the same results. Still no clue how to fix this :(
One arduino works fine, multiple do nothing. (Maybe an osx related problem?)
Update #3:
I added some logs in the johnny-five code and it's definitely a connection problem(I think!?). The second Arduino never responds. I switched the order of the arduinos and get the same result (first one connects, the other fails to respond). The connection is asynchronous, so maybe it gets blocked somewhere. The lights on both arduinos definitely show some action is going on.
node index.js
err: undefined --- type: connect --- io: /dev/tty.usbmodem1d1111
err: undefined --- type: connect --- io: /dev/tty.usbmodem1d1121
err: undefined --- type: ready --- io: /dev/tty.usbmodem1d1111
1418467187527 Connected /dev/tty.usbmodem1d1111
1418467187527 Board ID: A
1418467284327 Device or Firmware Error A timeout occurred while connecting to the Board.
Please check that you've properly flashed the board with the correct firmware.
Thanks to #izar for posting this and then bringing the question to us in the Johnny-Five gitter channel. From there, Divan Visagie (from Johnny-Five core team) worked to triage the bug and was able to confirm via reproduction. This revealed a bug in Firmata.js, where the options passed to Serialport were being extended by that class. Since the defaults object was reused and Object.assign is not a "deep" operation, the changes were being made to a reference, not a copy. The result was that the second initialization was getting a set of "defaults" that were loaded up with the first instance's own data. The issue was fixed by changing Firmata to use fresh defaults for every instance. Here's the patch
I am trying build a VPN client mobile for Android based applications that connect to virtual infrastructure over VPN tunnel. I have a similar application for Linux/Windows and I know how to open a tun/tap device (open /dev/net/tun). How do we do the same for Android using C ?
Also what does the class VpnService in the android.net API do exactly ?
If you still wants to open a tunnel on android - native C, I suggest to take a look how android itself open it (from file: services/jni/com_android_server_connectivity_Vpn.cpp)
static int create_interface(int mtu)
{
int tun = open("/dev/tun", O_RDWR | O_NONBLOCK);
ifreq ifr4;
memset(&ifr4, 0, sizeof(ifr4));
// Allocate interface.
ifr4.ifr_flags = IFF_TUN | IFF_NO_PI;
if (ioctl(tun, TUNSETIFF, &ifr4)) {
ALOGE("Cannot allocate TUN: %s", strerror(errno));
goto error;
}
// Activate interface.
ifr4.ifr_flags = IFF_UP;
if (ioctl(inet4, SIOCSIFFLAGS, &ifr4)) {
ALOGE("Cannot activate %s: %s", ifr4.ifr_name, strerror(errno));
goto error;
}
// Set MTU if it is specified.
ifr4.ifr_mtu = mtu;
if (mtu > 0 && ioctl(inet4, SIOCSIFMTU, &ifr4)) {
ALOGE("Cannot set MTU on %s: %s", ifr4.ifr_name, strerror(errno));
goto error;
}
return tun;
error:
close(tun);
return SYSTEM_ERROR;
}
The VpnService class does exactly what you need. It provides an access to the tun device. You cannot directly open /dev/net/tun without having root rights. See the ToyVPN example project or an open source VPN project like OpenVPN for Android.
You need to be root to open tuntap on Android.
this->_handle = open("/dev/tun", O_RDWR | O_NONBLOCK | O_CLOEXEC);
if (this->_handle < 0) {
this->_handle = open("/dev/net/tun", O_RDWR | O_NONBLOCK | O_CLOEXEC);
}
For details:
https://android.googlesource.com/platform/frameworks/base.git/+/android-4.3_r2.1/services/jni/com_android_server_connectivity_Vpn.cpp
Supplement:
/dev/tun and /dev/net/tun both require an attempt to open the device. There are too many distributions of Android, each with individual changes, and tuntap devices are also slightly different.
Native-code may not be a good idea to open a tuntap!