mirror/iodine
1
0
Fork 0
mirror of https://github.com/yarrick/iodine.git synced 2025-04-11 21:10:56 +00:00
Code Issues Projects Releases Wiki Activity

---

Browse source
This commit is contained in:
Julian Kranz 2012-01-01 16:00:34 +01:00 committed by Barak A. Pearlmutter
parent bcbf9cecd9
commit 64a9e55e3e
2 changed files with 105 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

183
src/iodined.c
View file

@ -78,7 +78,9 @@ static int created_users;
static int check_ip; static int check_ip;
static int my_mtu; static int my_mtu;
static in_addr_t my_ip; static in_addr_t my_ip;
static struct in6_addr my_ip6;
static int netmask; static int netmask;
static char netmask6;
static in_addr_t ns_ip; static in_addr_t ns_ip;
@ -94,7 +96,7 @@ static void write_dns(int, struct query *, char *, int, char);
static void handle_full_packet(int, int, int); static void handle_full_packet(int, int, int);
static void static void
sigint(int sig) sigint(int sig)
{ {
running = 0; running = 0;
} }
@ -124,7 +126,7 @@ check_user_and_ip(int userid, struct query *q)
/* Note: duplicate in handle_raw_login() except IP-address check */ /* Note: duplicate in handle_raw_login() except IP-address check */
if (userid < 0 || userid >= created_users ) { if (userid < 0 || userid >= created_users ) {
return 1; return 1;
} }
if (!users[userid].active || users[userid].disabled) { if (!users[userid].active || users[userid].disabled) {
return 1; return 1;
@ -161,7 +163,7 @@ send_raw(int fd, char *buf, int buflen, int user, int cmd, struct query *q)
if (debug >= 2) { if (debug >= 2) {
struct sockaddr_in *tempin; struct sockaddr_in *tempin;
tempin = (struct sockaddr_in *) &(q->from); tempin = (struct sockaddr_in *) &(q->from);
fprintf(stderr, "TX-raw: client %s, cmd %d, %d bytes\n", fprintf(stderr, "TX-raw: client %s, cmd %d, %d bytes\n",
inet_ntoa(tempin->sin_addr), cmd, len); inet_ntoa(tempin->sin_addr), cmd, len);
} }
@ -496,12 +498,12 @@ send_chunk_or_dataless(int dns_fd, int userid, struct query *q)
pkt[0] = (1<<7) | ((users[userid].inpacket.seqno & 7) << 4) | pkt[0] = (1<<7) | ((users[userid].inpacket.seqno & 7) << 4) |
(users[userid].inpacket.fragment & 15); (users[userid].inpacket.fragment & 15);
/* Second byte is 3 bits downstream seqno, 4 bits downstream fragment, 1 bit last flag */ /* Second byte is 3 bits downstream seqno, 4 bits downstream fragment, 1 bit last flag */
pkt[1] = ((users[userid].outpacket.seqno & 7) << 5) | pkt[1] = ((users[userid].outpacket.seqno & 7) << 5) |
((users[userid].outpacket.fragment & 15) << 1) | (last & 1); ((users[userid].outpacket.fragment & 15) << 1) | (last & 1);
if (debug >= 1) { if (debug >= 1) {
fprintf(stderr, "OUT pkt seq# %d, frag %d (last=%d), offset %d, fragsize %d, total %d, to user %d\n", fprintf(stderr, "OUT pkt seq# %d, frag %d (last=%d), offset %d, fragsize %d, total %d, to user %d\n",
users[userid].outpacket.seqno & 7, users[userid].outpacket.fragment & 15, users[userid].outpacket.seqno & 7, users[userid].outpacket.fragment & 15,
last, users[userid].outpacket.offset, datalen, users[userid].outpacket.len, userid); last, users[userid].outpacket.offset, datalen, users[userid].outpacket.len, userid);
} }
write_dns(dns_fd, q, pkt, datalen + 2, users[userid].downenc); write_dns(dns_fd, q, pkt, datalen + 2, users[userid].downenc);
@ -555,7 +557,7 @@ tunnel_tun(int tun_fd, int dns_fd)
if ((read = read_tun(tun_fd, in, sizeof(in))) <= 0) if ((read = read_tun(tun_fd, in, sizeof(in))) <= 0)
return 0; return 0;
/* find target ip in packet, in is padded with 4 bytes TUN header */ /* find target ip in packet, in is padded with 4 bytes TUN header */
header = (struct ip*) (in + 4); header = (struct ip*) (in + 4);
userid = find_user_by_ip(header->ip_dst.s_addr); userid = find_user_by_ip(header->ip_dst.s_addr);
@ -601,7 +603,7 @@ static void
send_version_response(int fd, version_ack_t ack, uint32_t payload, int userid, struct query *q) send_version_response(int fd, version_ack_t ack, uint32_t payload, int userid, struct query *q)
{ {
char out[9]; char out[9];
switch (ack) { switch (ack) {
case VERSION_ACK: case VERSION_ACK:
strncpy(out, "VACK", sizeof(out)); strncpy(out, "VACK", sizeof(out));
@ -613,7 +615,7 @@ send_version_response(int fd, version_ack_t ack, uint32_t payload, int userid, s
strncpy(out, "VFUL", sizeof(out)); strncpy(out, "VFUL", sizeof(out));
break; break;
} }
out[4] = ((payload >> 24) & 0xff); out[4] = ((payload >> 24) & 0xff);
out[5] = ((payload >> 16) & 0xff); out[5] = ((payload >> 16) & 0xff);
out[6] = ((payload >> 8) & 0xff); out[6] = ((payload >> 8) & 0xff);
@ -686,7 +688,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
read = unpack_data(unpacked, sizeof(unpacked), &(in[1]), domain_len - 1, b32); read = unpack_data(unpacked, sizeof(unpacked), &(in[1]), domain_len - 1, b32);
/* Version greeting, compare and send ack/nak */ /* Version greeting, compare and send ack/nak */
if (read > 4) { if (read > 4) {
/* Received V + 32bits version */ /* Received V + 32bits version */
version = (((unpacked[0] & 0xff) << 24) | version = (((unpacked[0] & 0xff) << 24) |
((unpacked[1] & 0xff) << 16) | ((unpacked[1] & 0xff) << 16) |
@ -704,7 +706,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
/* Store remote IP number */ /* Store remote IP number */
tempin = (struct sockaddr_in *) &(q->from); tempin = (struct sockaddr_in *) &(q->from);
memcpy(&(users[userid].host), &(tempin->sin_addr), sizeof(struct in_addr)); memcpy(&(users[userid].host), &(tempin->sin_addr), sizeof(struct in_addr));
memcpy(&(users[userid].q), q, sizeof(struct query)); memcpy(&(users[userid].q), q, sizeof(struct query));
users[userid].encoder = get_base32_encoder(); users[userid].encoder = get_base32_encoder();
users[userid].downenc = 'T'; users[userid].downenc = 'T';
@ -751,12 +753,12 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
} else { } else {
/* No space for another user */ /* No space for another user */
send_version_response(dns_fd, VERSION_FULL, created_users, 0, q); send_version_response(dns_fd, VERSION_FULL, created_users, 0, q);
syslog(LOG_INFO, "dropped user from %s, server full", syslog(LOG_INFO, "dropped user from %s, server full",
inet_ntoa(((struct sockaddr_in *) &q->from)->sin_addr)); inet_ntoa(((struct sockaddr_in *) &q->from)->sin_addr));
} }
} else { } else {
send_version_response(dns_fd, VERSION_NACK, VERSION, 0, q); send_version_response(dns_fd, VERSION_NACK, VERSION, 0, q);
syslog(LOG_INFO, "dropped user from %s, sent bad version %08X", syslog(LOG_INFO, "dropped user from %s, sent bad version %08X",
inet_ntoa(((struct sockaddr_in *) &q->from)->sin_addr), version); inet_ntoa(((struct sockaddr_in *) &q->from)->sin_addr), version);
} }
return; return;
@ -787,7 +789,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
tempip.s_addr = users[userid].tun_ip; tempip.s_addr = users[userid].tun_ip;
tmp[1] = strdup(inet_ntoa(tempip)); tmp[1] = strdup(inet_ntoa(tempip));
read = snprintf(out, sizeof(out), "%s-%s-%d-%d", read = snprintf(out, sizeof(out), "%s-%s-%d-%d",
tmp[0], tmp[1], my_mtu, netmask); tmp[0], tmp[1], my_mtu, netmask);
write_dns(dns_fd, q, out, read, users[userid].downenc); write_dns(dns_fd, q, out, read, users[userid].downenc);
@ -808,7 +810,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
in_addr_t replyaddr; in_addr_t replyaddr;
unsigned addr; unsigned addr;
char reply[5]; char reply[5];
userid = b32_8to5(in[1]); userid = b32_8to5(in[1]);
if (check_user_and_ip(userid, q) != 0) { if (check_user_and_ip(userid, q) != 0) {
write_dns(dns_fd, q, "BADIP", 5, 'T'); write_dns(dns_fd, q, "BADIP", 5, 'T');
@ -846,12 +848,12 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
} }
userid = b32_8to5(in[1]); userid = b32_8to5(in[1]);
if (check_user_and_ip(userid, q) != 0) { if (check_user_and_ip(userid, q) != 0) {
write_dns(dns_fd, q, "BADIP", 5, 'T'); write_dns(dns_fd, q, "BADIP", 5, 'T');
return; /* illegal id */ return; /* illegal id */
} }
codec = b32_8to5(in[2]); codec = b32_8to5(in[2]);
switch (codec) { switch (codec) {
@ -1020,9 +1022,9 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
write_dns(dns_fd, q, "BADIP", 5, 'T'); write_dns(dns_fd, q, "BADIP", 5, 'T');
return; /* illegal id */ return; /* illegal id */
} }
req_frag_size = ((b32_8to5(in[1]) & 1) << 10) | ((b32_8to5(in[2]) & 31) << 5) | (b32_8to5(in[3]) & 31); req_frag_size = ((b32_8to5(in[1]) & 1) << 10) | ((b32_8to5(in[2]) & 31) << 5) | (b32_8to5(in[3]) & 31);
if (req_frag_size < 2 || req_frag_size > 2047) { if (req_frag_size < 2 || req_frag_size > 2047) {
write_dns(dns_fd, q, "BADFRAG", 7, users[userid].downenc); write_dns(dns_fd, q, "BADFRAG", 7, users[userid].downenc);
} else { } else {
char buf[2048]; char buf[2048];
@ -1055,9 +1057,9 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
write_dns(dns_fd, q, "BADIP", 5, 'T'); write_dns(dns_fd, q, "BADIP", 5, 'T');
return; /* illegal id */ return; /* illegal id */
} }
max_frag_size = ((unpacked[1] & 0xff) << 8) | (unpacked[2] & 0xff); max_frag_size = ((unpacked[1] & 0xff) << 8) | (unpacked[2] & 0xff);
if (max_frag_size < 2) { if (max_frag_size < 2) {
write_dns(dns_fd, q, "BADFRAG", 7, users[userid].downenc); write_dns(dns_fd, q, "BADFRAG", 7, users[userid].downenc);
} else { } else {
users[userid].fragsize = max_frag_size; users[userid].fragsize = max_frag_size;
@ -1122,7 +1124,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
memcpy(&(users[userid].q.from2), &(q->from), q->fromlen); memcpy(&(users[userid].q.from2), &(q->from), q->fromlen);
return; return;
} }
if (users[userid].q_sendrealsoon.id != 0 && if (users[userid].q_sendrealsoon.id != 0 &&
q->type == users[userid].q_sendrealsoon.type && q->type == users[userid].q_sendrealsoon.type &&
!strcmp(q->name, users[userid].q_sendrealsoon.name)) { !strcmp(q->name, users[userid].q_sendrealsoon.name)) {
@ -1138,7 +1140,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
&(q->from), q->fromlen); &(q->from), q->fromlen);
return; return;
} }
dn_seq = unpacked[1] >> 4; dn_seq = unpacked[1] >> 4;
dn_frag = unpacked[1] & 15; dn_frag = unpacked[1] & 15;
@ -1233,7 +1235,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
like to re-try early and often (with _different_ .id!) */ like to re-try early and often (with _different_ .id!) */
if (users[userid].q.id != 0 && if (users[userid].q.id != 0 &&
q->type == users[userid].q.type && q->type == users[userid].q.type &&
!strcmp(q->name, users[userid].q.name) && !strcmp(q->name, users[userid].q.name) &&
users[userid].lazy) { users[userid].lazy) {
/* We have this packet already, and it's waiting to be /* We have this packet already, and it's waiting to be
answered. Always keep the last duplicate, since the answered. Always keep the last duplicate, since the
@ -1250,7 +1252,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
memcpy(&(users[userid].q.from2), &(q->from), q->fromlen); memcpy(&(users[userid].q.from2), &(q->from), q->fromlen);
return; return;
} }
if (users[userid].q_sendrealsoon.id != 0 && if (users[userid].q_sendrealsoon.id != 0 &&
q->type == users[userid].q_sendrealsoon.type && q->type == users[userid].q_sendrealsoon.type &&
!strcmp(q->name, users[userid].q_sendrealsoon.name)) { !strcmp(q->name, users[userid].q_sendrealsoon.name)) {
@ -1266,7 +1268,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
&(q->from), q->fromlen); &(q->from), q->fromlen);
return; return;
} }
/* Decode data header */ /* Decode data header */
up_seq = (b32_8to5(in[1]) >> 2) & 7; up_seq = (b32_8to5(in[1]) >> 2) & 7;
@ -1277,7 +1279,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
process_downstream_ack(userid, dn_seq, dn_frag); process_downstream_ack(userid, dn_seq, dn_frag);
if (up_seq == users[userid].inpacket.seqno && if (up_seq == users[userid].inpacket.seqno &&
up_frag <= users[userid].inpacket.fragment) { up_frag <= users[userid].inpacket.fragment) {
/* Got repeated old packet _with data_, probably /* Got repeated old packet _with data_, probably
because client didn't receive our ack. So re-send because client didn't receive our ack. So re-send
@ -1435,11 +1437,11 @@ handle_ns_request(int dns_fd, struct query *q)
warnx("dns_encode_ns_response doesn't fit"); warnx("dns_encode_ns_response doesn't fit");
return; return;
} }
if (debug >= 2) { if (debug >= 2) {
struct sockaddr_in *tempin; struct sockaddr_in *tempin;
tempin = (struct sockaddr_in *) &(q->from); tempin = (struct sockaddr_in *) &(q->from);
fprintf(stderr, "TX: client %s, type %d, name %s, %d bytes NS reply\n", fprintf(stderr, "TX: client %s, type %d, name %s, %d bytes NS reply\n",
inet_ntoa(tempin->sin_addr), q->type, q->name, len); inet_ntoa(tempin->sin_addr), q->type, q->name, len);
} }
if (sendto(dns_fd, buf, len, 0, (struct sockaddr*)&q->from, q->fromlen) <= 0) { if (sendto(dns_fd, buf, len, 0, (struct sockaddr*)&q->from, q->fromlen) <= 0) {
@ -1469,7 +1471,7 @@ handle_a_request(int dns_fd, struct query *q, int fakeip)
warnx("dns_encode_a_response doesn't fit"); warnx("dns_encode_a_response doesn't fit");
return; return;
} }
if (debug >= 2) { if (debug >= 2) {
struct sockaddr_in *tempin; struct sockaddr_in *tempin;
tempin = (struct sockaddr_in *) &(q->from); tempin = (struct sockaddr_in *) &(q->from);
@ -1506,7 +1508,7 @@ forward_query(int bind_fd, struct query *q)
myaddr = (struct sockaddr_in *) &(q->from); myaddr = (struct sockaddr_in *) &(q->from);
memcpy(&(myaddr->sin_addr), &newaddr, sizeof(in_addr_t)); memcpy(&(myaddr->sin_addr), &newaddr, sizeof(in_addr_t));
myaddr->sin_port = htons(bind_port); myaddr->sin_port = htons(bind_port);
if (debug >= 2) { if (debug >= 2) {
fprintf(stderr, "TX: NS reply \n"); fprintf(stderr, "TX: NS reply \n");
} }
@ -1515,7 +1517,7 @@ forward_query(int bind_fd, struct query *q)
warn("forward query error"); warn("forward query error");
} }
} }
static int static int
tunnel_bind(int bind_fd, int dns_fd) tunnel_bind(int bind_fd, int dns_fd)
{ {
@ -1527,14 +1529,14 @@ tunnel_bind(int bind_fd, int dns_fd)
int r; int r;
fromlen = sizeof(struct sockaddr); fromlen = sizeof(struct sockaddr);
r = recvfrom(bind_fd, packet, sizeof(packet), 0, r = recvfrom(bind_fd, packet, sizeof(packet), 0,
(struct sockaddr*)&from, &fromlen); (struct sockaddr*)&from, &fromlen);
if (r <= 0) if (r <= 0)
return 0; return 0;
id = dns_get_id(packet, r); id = dns_get_id(packet, r);
if (debug >= 2) { if (debug >= 2) {
fprintf(stderr, "RX: Got response on query %u from DNS\n", (id & 0xFFFF)); fprintf(stderr, "RX: Got response on query %u from DNS\n", (id & 0xFFFF));
} }
@ -1552,8 +1554,8 @@ tunnel_bind(int bind_fd, int dns_fd)
fprintf(stderr, "TX: client %s id %u, %d bytes\n", fprintf(stderr, "TX: client %s id %u, %d bytes\n",
inet_ntoa(in->sin_addr), (id & 0xffff), r); inet_ntoa(in->sin_addr), (id & 0xffff), r);
} }
if (sendto(dns_fd, packet, r, 0, (const struct sockaddr *) &(query->addr), if (sendto(dns_fd, packet, r, 0, (const struct sockaddr *) &(query->addr),
query->addrlen) <= 0) { query->addrlen) <= 0) {
warn("forward reply error"); warn("forward reply error");
} }
@ -1575,7 +1577,7 @@ tunnel_dns(int tun_fd, int dns_fd, int bind_fd)
if (debug >= 2) { if (debug >= 2) {
struct sockaddr_in *tempin; struct sockaddr_in *tempin;
tempin = (struct sockaddr_in *) &(q.from); tempin = (struct sockaddr_in *) &(q.from);
fprintf(stderr, "RX: client %s, type %d, name %s\n", fprintf(stderr, "RX: client %s, type %d, name %s\n",
inet_ntoa(tempin->sin_addr), q.type, q.name); inet_ntoa(tempin->sin_addr), q.type, q.name);
} }
@ -1685,14 +1687,14 @@ tunnel(int tun_fd, int dns_fd, int bind_fd)
} }
i = select(maxfd + 1, &fds, NULL, NULL, &tv); i = select(maxfd + 1, &fds, NULL, NULL, &tv);
if(i < 0) { if(i < 0) {
if (running) if (running)
warn("select"); warn("select");
return 1; return 1;
} }
if (i==0) { if (i==0) {
/* timeout; whatever; doesn't matter anymore */ /* timeout; whatever; doesn't matter anymore */
} else { } else {
if (FD_ISSET(tun_fd, &fds)) { if (FD_ISSET(tun_fd, &fds)) {
@ -1700,7 +1702,7 @@ tunnel(int tun_fd, int dns_fd, int bind_fd)
} }
if (FD_ISSET(dns_fd, &fds)) { if (FD_ISSET(dns_fd, &fds)) {
tunnel_dns(tun_fd, dns_fd, bind_fd); tunnel_dns(tun_fd, dns_fd, bind_fd);
} }
if (FD_ISSET(bind_fd, &fds)) { if (FD_ISSET(bind_fd, &fds)) {
tunnel_bind(bind_fd, dns_fd); tunnel_bind(bind_fd, dns_fd);
} }
@ -1728,7 +1730,7 @@ handle_full_packet(int tun_fd, int dns_fd, int userid)
int ret; int ret;
outlen = sizeof(out); outlen = sizeof(out);
ret = uncompress((uint8_t*)out, &outlen, ret = uncompress((uint8_t*)out, &outlen,
(uint8_t*)users[userid].inpacket.data, users[userid].inpacket.len); (uint8_t*)users[userid].inpacket.data, users[userid].inpacket.len);
if (ret == Z_OK) { if (ret == Z_OK) {
@ -1784,7 +1786,7 @@ static void
handle_raw_login(char *packet, int len, struct query *q, int fd, int userid) handle_raw_login(char *packet, int len, struct query *q, int fd, int userid)
{ {
char myhash[16]; char myhash[16];
if (len < 16) return; if (len < 16) return;
/* can't use check_user_and_ip() since IP address will be different, /* can't use check_user_and_ip() since IP address will be different,
@ -1810,7 +1812,7 @@ handle_raw_login(char *packet, int len, struct query *q, int fd, int userid)
/* Store remote IP number */ /* Store remote IP number */
tempin = (struct sockaddr_in *) &(q->from); tempin = (struct sockaddr_in *) &(q->from);
memcpy(&(users[userid].host), &(tempin->sin_addr), sizeof(struct in_addr)); memcpy(&(users[userid].host), &(tempin->sin_addr), sizeof(struct in_addr));
/* Correct hash, reply with hash of seed - 1 */ /* Correct hash, reply with hash of seed - 1 */
user_set_conn_type(userid, CONN_RAW_UDP); user_set_conn_type(userid, CONN_RAW_UDP);
login_calculate(myhash, 16, password, users[userid].seed - 1); login_calculate(myhash, 16, password, users[userid].seed - 1);
@ -1917,7 +1919,7 @@ read_dns(int fd, int tun_fd, struct query *q) /* FIXME: tun_fd is because of raw
msg.msg_control = address; msg.msg_control = address;
msg.msg_controllen = sizeof(address); msg.msg_controllen = sizeof(address);
msg.msg_flags = 0; msg.msg_flags = 0;
r = recvmsg(fd, &msg, 0); r = recvmsg(fd, &msg, 0);
#else #else
addrlen = sizeof(struct sockaddr); addrlen = sizeof(struct sockaddr);
@ -1935,22 +1937,22 @@ read_dns(int fd, int tun_fd, struct query *q) /* FIXME: tun_fd is because of raw
if (dns_decode(NULL, 0, q, QR_QUERY, packet, r) < 0) { if (dns_decode(NULL, 0, q, QR_QUERY, packet, r) < 0) {
return 0; return 0;
} }
#ifndef WINDOWS32 #ifndef WINDOWS32
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msg, cmsg)) { cmsg = CMSG_NXTHDR(&msg, cmsg)) {
if (cmsg->cmsg_level == IPPROTO_IP && if (cmsg->cmsg_level == IPPROTO_IP &&
cmsg->cmsg_type == DSTADDR_SOCKOPT) { cmsg->cmsg_type == DSTADDR_SOCKOPT) {
q->destination = *dstaddr(cmsg); q->destination = *dstaddr(cmsg);
break; break;
} }
} }
#endif #endif
return strlen(q->name); return strlen(q->name);
} else if (r < 0) { } else if (r < 0) {
/* Error */ /* Error */
warn("read dns"); warn("read dns");
} }
@ -2015,7 +2017,7 @@ write_dns_nameenc(char *buf, size_t buflen, char *data, int datalen, char downen
/* Add dot (if it wasn't there already) and topdomain */ /* Add dot (if it wasn't there already) and topdomain */
b = buf; b = buf;
b += strlen(buf) - 1; b += strlen(buf) - 1;
if (*b != '.') if (*b != '.')
*++b = '.'; *++b = '.';
b++; b++;
@ -2107,11 +2109,11 @@ write_dns(int fd, struct query *q, char *data, int datalen, char downenc)
warnx("dns_encode doesn't fit"); warnx("dns_encode doesn't fit");
return; return;
} }
if (debug >= 2) { if (debug >= 2) {
struct sockaddr_in *tempin; struct sockaddr_in *tempin;
tempin = (struct sockaddr_in *) &(q->from); tempin = (struct sockaddr_in *) &(q->from);
fprintf(stderr, "TX: client %s, type %d, name %s, %d bytes data\n", fprintf(stderr, "TX: client %s, type %d, name %s, %d bytes data\n",
inet_ntoa(tempin->sin_addr), q->type, q->name, datalen); inet_ntoa(tempin->sin_addr), q->type, q->name, datalen);
} }
@ -2195,7 +2197,7 @@ main(int argc, char **argv)
* local real DNS server */ * local real DNS server */
int bind_fd; int bind_fd;
int bind_enable; int bind_enable;
int choice; int choice;
int port; int port;
int mtu; int mtu;
@ -2203,6 +2205,11 @@ main(int argc, char **argv)
char *netsize; char *netsize;
int retval; int retval;
/**
* Todo: fix
*/
char v6 = 1;
#ifndef WINDOWS32 #ifndef WINDOWS32
pw = NULL; pw = NULL;
#endif #endif
@ -2228,7 +2235,7 @@ main(int argc, char **argv)
b64 = get_base64_encoder(); b64 = get_base64_encoder();
b64u = get_base64u_encoder(); b64u = get_base64u_encoder();
b128 = get_base128_encoder(); b128 = get_base128_encoder();
retval = 0; retval = 0;
#ifdef WINDOWS32 #ifdef WINDOWS32
@ -2246,7 +2253,7 @@ main(int argc, char **argv)
memset(password, 0, sizeof(password)); memset(password, 0, sizeof(password));
srand(time(NULL)); srand(time(NULL));
fw_query_init(); fw_query_init();
while ((choice = getopt(argc, argv, "vcsfhDu:t:d:m:l:p:n:b:P:z:F:")) != -1) { while ((choice = getopt(argc, argv, "vcsfhDu:t:d:m:l:p:n:b:P:z:F:")) != -1) {
switch(choice) { switch(choice) {
case 'v': case 'v':
@ -2294,13 +2301,13 @@ main(int argc, char **argv)
break; break;
case 'F': case 'F':
pidfile = optarg; pidfile = optarg;
break; break;
case 'P': case 'P':
strncpy(password, optarg, sizeof(password)); strncpy(password, optarg, sizeof(password));
password[sizeof(password)-1] = 0; password[sizeof(password)-1] = 0;
/* XXX: find better way of cleaning up ps(1) */ /* XXX: find better way of cleaning up ps(1) */
memset(optarg, 0, strlen(optarg)); memset(optarg, 0, strlen(optarg));
break; break;
case 'z': case 'z':
context = optarg; context = optarg;
@ -2316,9 +2323,9 @@ main(int argc, char **argv)
check_superuser(usage); check_superuser(usage);
if (argc != 2) if (argc != 2)
usage(); usage();
netsize = strchr(argv[0], '/'); netsize = strchr(argv[0], '/');
if (netsize) { if (netsize) {
*netsize = 0; *netsize = 0;
@ -2327,10 +2334,28 @@ main(int argc, char **argv)
} }
my_ip = inet_addr(argv[0]); my_ip = inet_addr(argv[0]);
if (my_ip == INADDR_NONE) { /**
warnx("Bad IP address to use inside tunnel."); * Todo: Fix ;-)
usage(); */
if (v6) {
if (inet_pton(AF_INET6, "2001:4242:4242:4242:4242:4242:4242:1", &my_ip6)
!= 1) {
warnx("Bad IPv6 address to use inside tunnel.");
usage();
}
printf("IPv6 address: ");
char i;
for (i = 0; i < 8; ++i)
printf("%04x%s", ntohs(my_ip6.__in6_u.__u6_addr16[i]), i < 7 ? ":"
: "\n");
if (my_ip == INADDR_NONE) {
warnx("Bad IP address to use inside tunnel.");
usage();
}
netmask6 = 112;
} }
topdomain = strdup(argv[1]); topdomain = strdup(argv[1]);
@ -2357,12 +2382,12 @@ main(int argc, char **argv)
warnx("Bad MTU given."); warnx("Bad MTU given.");
usage(); usage();
} }
if(port < 1 || port > 65535) { if(port < 1 || port > 65535) {
warnx("Bad port number given."); warnx("Bad port number given.");
usage(); usage();
} }
if(bind_enable) { if(bind_enable) {
if (bind_port < 1 || bind_port > 65535) { if (bind_port < 1 || bind_port > 65535) {
warnx("Bad DNS server port number given."); warnx("Bad DNS server port number given.");
@ -2379,7 +2404,7 @@ main(int argc, char **argv)
fprintf(stderr, "Requests for domains outside of %s will be forwarded to port %d\n", fprintf(stderr, "Requests for domains outside of %s will be forwarded to port %d\n",
topdomain, bind_port); topdomain, bind_port);
} }
if (port != 53) { if (port != 53) {
fprintf(stderr, "ALERT! Other dns servers expect you to run on port 53.\n"); fprintf(stderr, "ALERT! Other dns servers expect you to run on port 53.\n");
fprintf(stderr, "You must manually forward port 53 to port %d for things to work.\n", port); fprintf(stderr, "You must manually forward port 53 to port %d for things to work.\n", port);
@ -2395,7 +2420,7 @@ main(int argc, char **argv)
warnx("Bad IP address to listen on."); warnx("Bad IP address to listen on.");
usage(); usage();
} }
if (ns_ip == INADDR_NONE) { if (ns_ip == INADDR_NONE) {
warnx("Bad IP address to return as nameserver."); warnx("Bad IP address to return as nameserver.");
usage(); usage();
@ -2404,7 +2429,7 @@ main(int argc, char **argv)
warnx("Bad netmask (%d bits). Use 8-30 bits.", netmask); warnx("Bad netmask (%d bits). Use 8-30 bits.", netmask);
usage(); usage();
} }
if (strlen(password) == 0) { if (strlen(password) == 0) {
if (NULL != getenv(PASSWORD_ENV_VAR)) if (NULL != getenv(PASSWORD_ENV_VAR))
snprintf(password, sizeof(password), "%s", getenv(PASSWORD_ENV_VAR)); snprintf(password, sizeof(password), "%s", getenv(PASSWORD_ENV_VAR));
@ -2439,16 +2464,16 @@ main(int argc, char **argv)
} }
my_mtu = mtu; my_mtu = mtu;
if (created_users < USERS) { if (created_users < USERS) {
fprintf(stderr, "Limiting to %d simultaneous users because of netmask /%d\n", fprintf(stderr, "Limiting to %d simultaneous users because of netmask /%d\n",
created_users, netmask); created_users, netmask);
} }
fprintf(stderr, "Listening to dns for domain %s\n", topdomain); fprintf(stderr, "Listening to dns for domain %s\n", topdomain);
if (foreground == 0) if (foreground == 0)
do_detach(); do_detach();
if (pidfile != NULL) if (pidfile != NULL)
do_pidfile(pidfile); do_pidfile(pidfile);
@ -2478,7 +2503,7 @@ main(int argc, char **argv)
do_setcon(context); do_setcon(context);
syslog(LOG_INFO, "started, listening on port %d", port); syslog(LOG_INFO, "started, listening on port %d", port);
tunnel(tun_fd, dnsd_fd, bind_fd); tunnel(tun_fd, dnsd_fd, bind_fd);
syslog(LOG_INFO, "stopping"); syslog(LOG_INFO, "stopping");
@ -2487,7 +2512,7 @@ cleanup3:
cleanup2: cleanup2:
close_dns(dnsd_fd); close_dns(dnsd_fd);
cleanup1: cleanup1:
close_tun(tun_fd); close_tun(tun_fd);
cleanup0: cleanup0:
return retval; return retval;

1
src/user.h
View file

@ -40,6 +40,7 @@ struct user {
time_t last_pkt; time_t last_pkt;
int seed; int seed;
in_addr_t tun_ip; in_addr_t tun_ip;
struct in6_addr tun_ip6;
struct in_addr host; struct in_addr host;
struct query q; struct query q;
struct query q_sendrealsoon; struct query q_sendrealsoon;