4 |
|
|
5 |
use strict; |
use strict; |
6 |
use POSIX; |
use POSIX; |
7 |
use IO::Socket::SSL; |
use IO::Socket::SSL qw(debug3); |
8 |
use Getopt::Long; |
use Getopt::Long; |
9 |
|
use Time::HiRes qw(time); |
10 |
|
|
11 |
|
my $debug = 0; |
12 |
|
|
13 |
|
my $laddr = "127.0.0.1"; |
14 |
|
my $lport = 8080; |
15 |
|
my $raddr = "127.0.0.1"; |
16 |
|
my $rport = 80; |
17 |
|
|
18 |
|
my $logdir; |
19 |
|
|
|
my $localport; |
|
|
my $localaddr; |
|
20 |
my $help; |
my $help; |
|
my $host; |
|
|
my $port; |
|
21 |
my $daemon; |
my $daemon; |
22 |
my $buffersize = 2048; |
my $buffersize = 2048; |
23 |
my $logtype; |
my $logtype; |
|
my $logdir; |
|
24 |
my $daemon; |
my $daemon; |
25 |
my $serverkey; |
my $serverkey; |
26 |
my $servercert; |
my $servercert; |
29 |
$| = 1; |
$| = 1; |
30 |
|
|
31 |
my $goresult = GetOptions( |
my $goresult = GetOptions( |
32 |
"lport=i" => \$localport, |
"lport=i" => \$lport, |
33 |
"laddr=s" => \$localaddr, |
"laddr=s" => \$laddr, |
34 |
"rport=i" => \$port, |
"rport=i" => \$rport, |
35 |
"raddr=s" => \$host, |
"raddr=s" => \$raddr, |
36 |
"logtype=i" => \$logtype, |
"logtype=i" => \$logtype, |
37 |
"logdir=s" => \$logdir, |
"logdir=s" => \$logdir, |
38 |
"daemon" => \$daemon, |
"daemon" => \$daemon, |
39 |
"serverkey=s" => \$serverkey, |
"serverkey=s" => \$serverkey, |
40 |
"servercert=s" => \$servercert, |
"servercert=s" => \$servercert, |
41 |
"serverdh=s" => \$serverdh, |
"serverdh=s" => \$serverdh, |
42 |
"help" => \$help |
"help" => \$help, |
43 |
|
'debug!' => \$debug, |
44 |
); |
); |
45 |
|
|
46 |
if ($help) { |
if ($help) { |
65 |
exit; |
exit; |
66 |
} |
} |
67 |
|
|
68 |
# set default values |
$Net::SSLeay::trace = 4 if $debug; |
69 |
$localport = 8080 unless ($localport); |
|
70 |
$localaddr = "127.0.0.1" unless ($localaddr); |
$logdir ||= "$laddr:$lport-$raddr:$rport"; |
71 |
$port = 80 unless ($port); |
$serverkey ||= "$logdir/ssl.key"; |
72 |
$host = "127.0.0.1" unless ($host); |
$servercert ||= "$logdir/ssl.cert"; |
|
$logdir = "dump" unless ($logdir); |
|
73 |
|
|
74 |
mkdir $logdir; |
mkdir $logdir; |
75 |
|
|
76 |
my %o = ( |
system "openssl req -new -x509 -days 365 -nodes -out $servercert -keyout $serverkey" |
77 |
'dir' => $logdir, |
if ! -e $serverkey && ! -e $servercert; |
78 |
'port' => $localport, |
|
|
'toport' => $port, |
|
|
'tohost' => $host |
|
|
); |
|
79 |
|
|
80 |
if ($daemon) { |
if ($daemon) { |
81 |
my $pid = fork; |
my $pid = fork; |
85 |
} |
} |
86 |
|
|
87 |
my $ah = IO::Socket::SSL->new( |
my $ah = IO::Socket::SSL->new( |
88 |
'LocalPort' => $localport, |
'LocalPort' => $lport, |
89 |
'LocalAddr' => $localaddr, |
'LocalAddr' => $laddr, |
90 |
'Reuse' => 1, |
'Reuse' => 1, |
91 |
'Proto' => 'tcp', |
'Proto' => 'tcp', |
92 |
'SSL_verify_mode' => '0', |
'SSL_verify_mode' => '0', |
93 |
'SSLdhfile' => $serverdh, |
'SSLdhfile' => $serverdh, |
94 |
'SSL_cert_file' => $servercert, |
'SSL_cert_file' => $servercert, |
95 |
'SSL_key_file' => $serverkey, |
'SSL_key_file' => $serverkey, |
96 |
'Listen' => 10 |
'Listen' => 10, |
97 |
|
# 'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1 |
98 |
|
# 'SSL_cipher_list' => 'RC4-MD5', |
99 |
) || die "$!"; |
) || die "$!"; |
100 |
|
|
101 |
$SIG{'CHLD'} = 'IGNORE'; |
$SIG{'CHLD'} = 'IGNORE'; |
114 |
if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; } |
if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; } |
115 |
elsif ( $pid == 0 ) { |
elsif ( $pid == 0 ) { |
116 |
$ah->close( SSL_no_shutdown => 1 ); |
$ah->close( SSL_no_shutdown => 1 ); |
117 |
Run( \%o, $ch, $num ); |
Run( $ch, $num ); |
118 |
} else { |
} else { |
119 |
$ch->close( SSL_no_shutdown => 1 ); |
$ch->close( SSL_no_shutdown => 1 ); |
120 |
} |
} |
121 |
} |
} |
122 |
|
|
123 |
|
sub hexdump { |
124 |
|
my $bytes = shift; |
125 |
|
my $hex = unpack('H*', $bytes); |
126 |
|
$hex =~ s/(.{8})/$1 /g; |
127 |
|
return $hex; |
128 |
|
} |
129 |
|
|
130 |
sub Run { |
sub Run { |
131 |
my ( $o, $ch, $num ) = @_; |
my ( $ch, $num ) = @_; |
132 |
my $th = IO::Socket::SSL->new( |
my $th = IO::Socket::SSL->new( |
133 |
'PeerAddr' => $o->{'tohost'}, |
'PeerAddr' => $raddr, |
134 |
'PeerPort' => $o->{'toport'}, |
'PeerPort' => $rport, |
135 |
'SSL_use_cert' => '0', |
# 'SSL_use_cert' => '0', |
136 |
'SSL_verify_mode' => '0', |
# 'SSL_verify_mode' => '0', |
137 |
|
|
|
# 'SSL_cipher_list' => 'NUL:LOW:EXP:ADH', |
|
138 |
'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1 |
'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1 |
139 |
|
'SSL_cipher_list' => 'RC4-MD5', |
140 |
'Proto' => 'tcp' |
'Proto' => 'tcp' |
141 |
); |
); |
142 |
if ( !$th ) { print "cannot connect th: $!"; exit 0; } |
if ( !$th ) { print "cannot connect $raddr:$rport th: $!"; exit 0; } |
143 |
else { print "connected!"; } |
else { print "connected to $raddr:$rport\n"; } |
144 |
my $fh; |
my $fh; |
145 |
if ( $o->{'dir'} ) { |
if ( -d $logdir ) { |
146 |
$fh = Symbol::gensym(); |
$fh = Symbol::gensym(); |
147 |
open( $fh, ">$o->{'dir'}/tunnel$num.log" ) or die "$!"; |
my $path = sprintf("%s/%15.5f", $logdir, Time::HiRes::time() ); |
148 |
|
open( $fh, '>', $path ) or die "$!"; |
149 |
} |
} |
150 |
$ch->autoflush(); |
$ch->autoflush(); |
151 |
$th->autoflush(); |
$th->autoflush(); |
183 |
if ( $result == 0 ) { exit 0; } |
if ( $result == 0 ) { exit 0; } |
184 |
} |
} |
185 |
if ( $fh && $tbuffer ) { |
if ( $fh && $tbuffer ) { |
186 |
( print $fh "[c]" . $tbuffer . "[/c]" ); |
print $fh "\n# <<< client\n$tbuffer"; |
187 |
|
warn "C>S ", hexdump($tbuffer), "\n"; |
188 |
} |
} |
189 |
while ( my $len = length($tbuffer) ) { |
while ( my $len = length($tbuffer) ) { |
190 |
my $res = syswrite( $th, $tbuffer, $len ); |
my $res = syswrite( $th, $tbuffer, $len ); |
192 |
else { print STDERR "$!\n"; } |
else { print STDERR "$!\n"; } |
193 |
} |
} |
194 |
if ( $fh && $cbuffer ) { |
if ( $fh && $cbuffer ) { |
195 |
( print $fh "[s]" . $cbuffer . "[/s]" ); |
print $fh "\n# >>> server\n$cbuffer"; |
196 |
|
warn "S>C ", hexdump($cbuffer), "\n"; |
197 |
} |
} |
198 |
while ( my $len = length($cbuffer) ) { |
while ( my $len = length($cbuffer) ) { |
199 |
my $res = syswrite( $ch, $cbuffer, $len ); |
my $res = syswrite( $ch, $cbuffer, $len ); |