ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/vpn_dns.C
Revision: 1.51
Committed: Sun Mar 6 19:40:28 2011 UTC (13 years, 2 months ago) by root
Content type: text/plain
Branch: MAIN
Changes since 1.50: +174 -78 lines
Log Message: 
*** empty log message ***

File Contents

# User Rev Content
1 pcg 1.1 /*
2     vpn_dns.C -- handle the dns tunnel part of the protocol.
3 root 1.51 Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de>
4 pcg 1.1
5 pcg 1.7 This file is part of GVPE.
6    
7 pcg 1.47 GVPE is free software; you can redistribute it and/or modify it
8     under the terms of the GNU General Public License as published by the
9     Free Software Foundation; either version 3 of the License, or (at your
10     option) any later version.
11    
12     This program is distributed in the hope that it will be useful, but
13     WITHOUT ANY WARRANTY; without even the implied warranty of
14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15     Public License for more details.
16    
17     You should have received a copy of the GNU General Public License along
18     with this program; if not, see <http://www.gnu.org/licenses/>.
19    
20     Additional permission under GNU GPL version 3 section 7
21    
22     If you modify this Program, or any covered work, by linking or
23     combining it with the OpenSSL project's OpenSSL library (or a modified
24     version of that library), containing parts covered by the terms of the
25     OpenSSL or SSLeay licenses, the licensors of this Program grant you
26     additional permission to convey the resulting work. Corresponding
27     Source for a non-source form of such a combination shall include the
28     source code for the parts of OpenSSL used as well as that of the
29     covered work.
30 pcg 1.1 */
31    
32 pcg 1.38 // TODO: EDNS0 option to increase dns mtu?
33     // TODO: re-write dns packet parsing/creation using a safe mem-buffer
34     // to ensure no buffer overflows or similar problems.
35    
36 pcg 1.1 #include "config.h"
37    
38     #if ENABLE_DNS
39    
40     // dns processing is EXTREMELY ugly. For obvious(?) reasons.
41     // it's a hack, use only in emergency situations please.
42    
43     #include <cstring>
44 pcg 1.20 #include <cassert>
45 pcg 1.1
46     #include <sys/types.h>
47     #include <sys/socket.h>
48     #include <sys/wait.h>
49     #include <sys/uio.h>
50     #include <errno.h>
51     #include <time.h>
52     #include <unistd.h>
53     #include <fcntl.h>
54    
55     #include <map>
56    
57 pcg 1.44 #include <cstdio> /* bug in libgmp: gmp.h relies on cstdio being included */
58 pcg 1.8 #include <gmp.h>
59    
60 pcg 1.1 #include "netcompat.h"
61    
62     #include "vpn.h"
63    
64 root 1.51 #define MIN_POLL_INTERVAL 0.1 // poll at most this often when no data received
65     #define MAX_POLL_INTERVAL 1. // how often to poll minimally when the server has no data
66 pcg 1.10
67 pcg 1.17 #define INITIAL_TIMEOUT 0.1 // retry timeouts
68 pcg 1.36 #define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn
69 pcg 1.10
70 pcg 1.27 #define MAX_SEND_INTERVAL 2. // optimistic?
71 pcg 1.1
72 pcg 1.17 #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING, and backlog
73 pcg 1.35 #define MAX_BACKLOG (64*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE
74 pcg 1.5
75 pcg 1.34 #define MAX_DOMAIN_SIZE 240 // 255 is legal limit, but bind doesn't compress well
76 pcg 1.5 // 240 leaves about 4 bytes of server reply data
77 pcg 1.33 // every request byte less give room for two reply bytes
78 pcg 1.5
79 pcg 1.32 #define SEQNO_MASK 0x3fff
80 pcg 1.8 #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) )
81 pcg 1.1
82 pcg 1.8 #define MAX_LBL_SIZE 63
83     #define MAX_PKT_SIZE 512
84 pcg 1.1
85 pcg 1.10 #define RR_TYPE_A 1
86     #define RR_TYPE_NULL 10
87     #define RR_TYPE_TXT 16
88 pcg 1.48 #define RR_TYPE_AAAA 28
89 pcg 1.8 #define RR_TYPE_ANY 255
90 pcg 1.10
91     #define RR_CLASS_IN 1
92    
93     #define CMD_IP_1 207
94     #define CMD_IP_2 46
95     #define CMD_IP_3 236
96 root 1.51
97     #define CMD_IP_RST 29 // some error, reset and retry
98     #define CMD_IP_REJ 32 // do not want you
99     #define CMD_IP_SYN 113 // connection established
100     #define CMD_IP_CSE 213 // connection established, but likely case mismatch
101    
102     static bool
103     is_uc (char c)
104     {
105     return 'A' <= c && c <= 'Z';
106     }
107    
108     static bool
109     is_lc (char c)
110     {
111     return 'a' <= c && c <= 'z';
112     }
113 pcg 1.1
114 pcg 1.8 // works for cmaps up to 255 (not 256!)
115     struct charmap
116     {
117     enum { INVALID = (u8)255 };
118 pcg 1.1
119 pcg 1.8 char encode [256]; // index => char
120     u8 decode [256]; // char => index
121     unsigned int size;
122 pcg 1.2
123 pcg 1.8 charmap (const char *cmap);
124     };
125    
126     charmap::charmap (const char *cmap)
127     {
128     char *enc = encode;
129     u8 *dec = decode;
130 pcg 1.2
131 pcg 1.8 memset (enc, (char) 0, 256);
132     memset (dec, (char)INVALID, 256);
133 pcg 1.1
134 pcg 1.8 for (size = 0; cmap [size]; size++)
135     {
136 root 1.50 char c = cmap [size];
137    
138     enc [size] = c;
139     dec [(u8)c] = size;
140    
141     // allow lowercase/uppercase aliases if possible
142 root 1.51 if (is_uc (c) && dec [c + ('a' - 'A')] == INVALID) dec [c + ('a' - 'A')] = size;
143     if (is_lc (c) && dec [c - ('a' - 'A')] == INVALID) dec [c - ('a' - 'A')] = size;
144 pcg 1.8 }
145 pcg 1.1
146 pcg 1.8 assert (size < 256);
147     }
148 pcg 1.2
149 pcg 1.8 #define MAX_DEC_LEN 500
150     #define MAX_ENC_LEN (MAX_DEC_LEN * 2)
151     #define MAX_LIMBS ((MAX_DEC_LEN * 8 + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
152 pcg 1.2
153 pcg 1.8 // ugly. minimum base is 16(!)
154     struct basecoder
155 pcg 1.2 {
156 pcg 1.8 charmap cmap;
157     unsigned int enc_len [MAX_DEC_LEN];
158     unsigned int dec_len [MAX_ENC_LEN];
159 pcg 1.2
160 root 1.51 unsigned int encode_len (unsigned int len) const;
161     unsigned int decode_len (unsigned int len) const;
162 pcg 1.8
163 root 1.51 unsigned int encode (char *dst, u8 *src, unsigned int len) const;
164     unsigned int decode (u8 *dst, char *src, unsigned int len) const;
165 pcg 1.8
166     basecoder (const char *cmap);
167     };
168    
169     basecoder::basecoder (const char *cmap)
170     : cmap (cmap)
171     {
172     for (unsigned int len = 0; len < MAX_DEC_LEN; ++len)
173     {
174     u8 src [MAX_DEC_LEN];
175     u8 dst [MAX_ENC_LEN];
176 pcg 1.2
177 pcg 1.8 memset (src, 255, len);
178 pcg 1.2
179 pcg 1.8 mp_limb_t m [MAX_LIMBS];
180     mp_size_t n;
181    
182     n = mpn_set_str (m, src, len, 256);
183     n = mpn_get_str (dst, this->cmap.size, m, n);
184    
185     for (int i = 0; !dst [i]; ++i)
186     n--;
187    
188     enc_len [len] = n;
189     dec_len [n] = len;
190     }
191     }
192    
193 root 1.49 unsigned int
194 root 1.51 basecoder::encode_len (unsigned int len) const
195 pcg 1.8 {
196     return enc_len [len];
197     }
198 pcg 1.2
199 root 1.49 unsigned int
200 root 1.51 basecoder::decode_len (unsigned int len) const
201 pcg 1.2 {
202 pcg 1.8 while (len && !dec_len [len])
203     --len;
204    
205     return dec_len [len];
206 pcg 1.2 }
207    
208 root 1.49 unsigned int
209 root 1.51 basecoder::encode (char *dst, u8 *src, unsigned int len) const
210 pcg 1.2 {
211 pcg 1.10 if (!len || len > MAX_DEC_LEN)
212 pcg 1.8 return 0;
213    
214     int elen = encode_len (len);
215    
216     mp_limb_t m [MAX_LIMBS];
217     mp_size_t n;
218    
219     u8 dst_ [MAX_ENC_LEN];
220    
221     n = mpn_set_str (m, src, len, 256);
222     n = mpn_get_str (dst_, cmap.size, m, n);
223    
224     int plen = elen; // for padding
225 pcg 1.2
226 pcg 1.8 while (n < plen)
227 pcg 1.2 {
228 pcg 1.8 *dst++ = cmap.encode [0];
229     plen--;
230 pcg 1.2 }
231    
232 pcg 1.8 for (unsigned int i = n - plen; i < n; ++i)
233     *dst++ = cmap.encode [dst_ [i]];
234 pcg 1.4
235 pcg 1.8 return elen;
236 pcg 1.2 }
237    
238 root 1.49 unsigned int
239 root 1.51 basecoder::decode (u8 *dst, char *src, unsigned int len) const
240 pcg 1.2 {
241 pcg 1.10 if (!len || len > MAX_ENC_LEN)
242 pcg 1.8 return 0;
243    
244     u8 src_ [MAX_ENC_LEN];
245     unsigned int elen = 0;
246 pcg 1.2
247     while (len--)
248     {
249 pcg 1.8 u8 val = cmap.decode [(u8)*src++];
250 pcg 1.2
251 pcg 1.8 if (val != charmap::INVALID)
252     src_ [elen++] = val;
253     }
254    
255     int dlen = decode_len (elen);
256    
257     mp_limb_t m [MAX_LIMBS];
258     mp_size_t n;
259    
260     u8 dst_ [MAX_DEC_LEN];
261 pcg 1.2
262 pcg 1.8 n = mpn_set_str (m, src_, elen, cmap.size);
263     n = mpn_get_str (dst_, 256, m, n);
264 pcg 1.2
265 pcg 1.8 if (n < dlen)
266     {
267     memset (dst, 0, dlen - n);
268     memcpy (dst + dlen - n, dst_, n);
269 pcg 1.2 }
270 pcg 1.8 else
271     memcpy (dst, dst_ + n - dlen, dlen);
272 pcg 1.4
273 pcg 1.8 return dlen;
274     }
275    
276     #if 0
277     struct test { test (); } test;
278    
279     test::test ()
280     {
281     basecoder cdc ("0123456789abcdefghijklmnopqrstuvwxyz");
282    
283     u8 in[] = "0123456789abcdefghijklmnopqrstuvwxyz";
284     static char enc[200];
285     static u8 dec[200];
286    
287     for (int i = 1; i < 20; i++)
288     {
289     int elen = cdc.encode (enc, in, i);
290     int dlen = cdc.decode (dec, enc, elen);
291    
292     printf ("%d>%d>%d (%s>%s)\n", i, elen, dlen, enc, dec);
293     }
294     abort ();
295     }
296     #endif
297    
298 root 1.51 static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); // a-zA-Z0-9
299     static basecoder cdc36 ("dPhZr06QmJkB34tSvL81xAeF92wGyO57uCnI"); // a-z0-9 for case-changers
300     static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyOuCnI"); // a-z
301 pcg 1.8
302     /////////////////////////////////////////////////////////////////////////////
303    
304 root 1.51 #define HDRSIZE 5
305 pcg 1.24
306 root 1.49 inline void
307     encode_header (char *data, int clientid, int seqno, int retry = 0)
308 pcg 1.8 {
309 root 1.51 assert (clientid < 256);
310    
311 pcg 1.17 seqno &= SEQNO_MASK;
312    
313     u8 hdr[3] = {
314 root 1.51 seqno,
315     (seqno >> 8) | (retry << 6),
316 pcg 1.17 clientid,
317     };
318 pcg 1.8
319 root 1.51 cdc36.encode (data, hdr, 3);
320 pcg 1.8 }
321    
322 root 1.49 inline void
323     decode_header (char *data, int &clientid, int &seqno)
324 pcg 1.8 {
325     u8 hdr[3];
326    
327 root 1.51 cdc36.decode (hdr, data, HDRSIZE);
328 pcg 1.8
329 root 1.51 clientid = hdr[2];
330     seqno = ((hdr[1] << 8) | hdr[0]) & SEQNO_MASK;
331 pcg 1.4 }
332    
333     /////////////////////////////////////////////////////////////////////////////
334    
335     struct byte_stream
336     {
337     u8 *data;
338     int maxsize;
339     int fill;
340    
341     byte_stream (int maxsize);
342     ~byte_stream ();
343    
344     bool empty () { return !fill; }
345     int size () { return fill; }
346    
347 pcg 1.5 bool put (u8 *data, unsigned int datalen);
348 pcg 1.4 bool put (vpn_packet *pkt);
349     vpn_packet *get ();
350    
351     u8 *begin () { return data; }
352     void remove (int count);
353     };
354    
355     byte_stream::byte_stream (int maxsize)
356     : maxsize (maxsize), fill (0)
357     {
358     data = new u8 [maxsize];
359     }
360    
361     byte_stream::~byte_stream ()
362     {
363     delete data;
364     }
365    
366 root 1.49 void
367     byte_stream::remove (int count)
368 pcg 1.4 {
369     if (count > fill)
370 pcg 1.17 assert (count <= fill);
371 pcg 1.4
372     memmove (data, data + count, fill -= count);
373     }
374    
375 root 1.49 bool
376     byte_stream::put (u8 *data, unsigned int datalen)
377 pcg 1.5 {
378     if (maxsize - fill < datalen)
379     return false;
380    
381     memcpy (this->data + fill, data, datalen); fill += datalen;
382    
383     return true;
384     }
385    
386 root 1.49 bool
387     byte_stream::put (vpn_packet *pkt)
388 pcg 1.4 {
389     if (maxsize - fill < pkt->len + 2)
390     return false;
391    
392     data [fill++] = pkt->len >> 8;
393     data [fill++] = pkt->len;
394    
395 pcg 1.10 memcpy (data + fill, pkt->at (0), pkt->len); fill += pkt->len;
396 pcg 1.4
397     return true;
398     }
399    
400     vpn_packet *byte_stream::get ()
401     {
402 pcg 1.18 unsigned int len;
403    
404     for (;;)
405     {
406     len = (data [0] << 8) | data [1];
407 pcg 1.4
408 pcg 1.18 if (len <= MAXSIZE || fill < 2)
409     break;
410 pcg 1.5
411 pcg 1.18 // TODO: handle this better than skipping, e.g. by reset
412     slog (L_DEBUG, _("DNS: corrupted packet stream skipping a byte..."));
413     remove (1);
414     }
415    
416 pcg 1.4 if (fill < len + 2)
417     return 0;
418    
419     vpn_packet *pkt = new vpn_packet;
420 pcg 1.5
421     pkt->len = len;
422 pcg 1.10 memcpy (pkt->at (0), data + 2, len);
423 pcg 1.4 remove (len + 2);
424    
425     return pkt;
426 pcg 1.2 }
427    
428 pcg 1.3 /////////////////////////////////////////////////////////////////////////////
429    
430 pcg 1.2 #define FLAG_QUERY ( 0 << 15)
431     #define FLAG_RESPONSE ( 1 << 15)
432 pcg 1.9 #define FLAG_OP_MASK (15 << 11)
433 pcg 1.2 #define FLAG_OP_QUERY ( 0 << 11)
434     #define FLAG_AA ( 1 << 10)
435     #define FLAG_TC ( 1 << 9)
436     #define FLAG_RD ( 1 << 8)
437     #define FLAG_RA ( 1 << 7)
438 pcg 1.5 #define FLAG_AUTH ( 1 << 5)
439 pcg 1.2 #define FLAG_RCODE_MASK (15 << 0)
440     #define FLAG_RCODE_OK ( 0 << 0)
441     #define FLAG_RCODE_FORMERR ( 1 << 0)
442     #define FLAG_RCODE_SERVFAIL ( 2 << 0)
443     #define FLAG_RCODE_NXDOMAIN ( 3 << 0)
444     #define FLAG_RCODE_REFUSED ( 5 << 0)
445    
446     #define DEFAULT_CLIENT_FLAGS (FLAG_QUERY | FLAG_OP_QUERY | FLAG_RD)
447 pcg 1.5 #define DEFAULT_SERVER_FLAGS (FLAG_RESPONSE | FLAG_OP_QUERY | FLAG_AA | FLAG_RD | FLAG_RA)
448 pcg 1.2
449 pcg 1.10 struct dns_cfg
450     {
451     static int next_uid;
452    
453 root 1.51 u8 chksum;
454     u8 rrtype;
455     u16 uid; // to make request unique
456 pcg 1.24
457 pcg 1.10 u8 version;
458 pcg 1.24 u8 flags;
459 root 1.51 u16 max_size;
460    
461     u8 id1, id2, id3, id4;
462 pcg 1.24
463 pcg 1.10 u16 client;
464 root 1.51 u8 def_ttl;
465     u8 r0;
466 pcg 1.10
467 root 1.51 u8 syn_cdc; // cdc en/decoder for syn (A?) requests
468     u8 hdr_cdc; // cdc en/decoder for regular request headers
469     u8 req_cdc; // cdc en/decoder for regular (ANY?) request data
470     u8 rep_cdc; // cdc en/decoder for regular (TXT) replies, 0 == 8 bit encoding
471 pcg 1.24
472 root 1.51 u8 r1, r2, r3, r4;
473 pcg 1.10
474     void reset (int clientid);
475     bool valid ();
476 root 1.51 u8 get_chksum ();
477 pcg 1.10 };
478    
479     int dns_cfg::next_uid;
480    
481 root 1.49 void
482     dns_cfg::reset (int clientid)
483 pcg 1.10 {
484 root 1.51 // this ID must result in some mixed-case characters in cdc26-encoding
485 pcg 1.10 id1 = 'G';
486     id2 = 'V';
487     id3 = 'P';
488     id4 = 'E';
489    
490 root 1.51 version = 2;
491 pcg 1.10
492     rrtype = RR_TYPE_TXT;
493     flags = 0;
494 pcg 1.24 def_ttl = 0;
495 root 1.51 syn_cdc = 26;
496     hdr_cdc = 36;
497     req_cdc = conf.dns_case_preserving ? 62 : 36;
498 pcg 1.24 rep_cdc = 0;
499 pcg 1.27 max_size = htons (MAX_PKT_SIZE);
500     client = htons (clientid);
501 root 1.51 uid = ++next_uid;
502    
503     r0 = r1 = r2 = r3 = r4 = 0;
504 pcg 1.10
505 root 1.51 chksum = get_chksum ();
506     }
507    
508     // simple but not trivial chksum
509     u8
510     dns_cfg::get_chksum ()
511     {
512     unsigned int sum = 0xff00; // only 16 bits required
513    
514     u8 old_chksum = chksum;
515     chksum = 0;
516    
517     for (unsigned int i = 0; i < sizeof (*this); ++i)
518     sum += ((u8 *)this)[i] * (i + 1);
519    
520     chksum = old_chksum;
521    
522     return sum + (sum >> 8);
523 pcg 1.10 }
524    
525 root 1.49 bool
526     dns_cfg::valid ()
527 pcg 1.10 {
528 pcg 1.40 // although the protocol itself allows for some configurability,
529     // only the following encoding/decoding settings are implemented.
530 pcg 1.10 return id1 == 'G'
531     && id2 == 'V'
532     && id3 == 'P'
533     && id4 == 'E'
534 root 1.51 && version == 2
535     && syn_cdc == 26
536     && hdr_cdc == 36
537     && (req_cdc == 36 || req_cdc == 62)
538 pcg 1.24 && rep_cdc == 0
539 root 1.51 && chksum == get_chksum ();
540 pcg 1.10 }
541    
542 pcg 1.2 struct dns_packet : net_packet
543     {
544     u16 id;
545     u16 flags; // QR:1 Opcode:4 AA:1 TC:1 RD:1 RA:1 Z:3 RCODE:4
546     u16 qdcount, ancount, nscount, arcount;
547    
548 pcg 1.24 u8 data [MAXSIZE - 6 * 2];
549 pcg 1.2
550     int decode_label (char *data, int size, int &offs);
551     };
552    
553 root 1.49 int
554     dns_packet::decode_label (char *data, int size, int &offs)
555 pcg 1.2 {
556     char *orig = data;
557    
558     memset (data, 0, size);
559    
560     while (offs < size - 1)
561     {
562     u8 len = (*this)[offs++];
563    
564     if (!len)
565     break;
566     else if (len < 64)
567     {
568     if (size < len + 1 || offs + len >= MAXSIZE - 1)
569     break;
570    
571     memcpy (data, &((*this)[offs]), len);
572    
573     data += len; size -= len; offs += len;
574     *data++ = '.'; size--;
575     }
576     else
577     {
578     int offs2 = ((len & 63) << 8) + (*this)[offs++];
579    
580     data += decode_label (data, size, offs2);
581     break;
582     }
583     }
584    
585     return data - orig;
586     }
587    
588 pcg 1.3 /////////////////////////////////////////////////////////////////////////////
589    
590 root 1.49 static
591     u16 next_id ()
592     {
593     static u16 dns_id = 0; // TODO: should be per-vpn
594 pcg 1.18
595     if (!dns_id)
596     dns_id = time (0);
597    
598     // the simplest lsfr with periodicity 65535 i could find
599     dns_id = (dns_id << 1)
600     | (((dns_id >> 1)
601     ^ (dns_id >> 2)
602     ^ (dns_id >> 4)
603     ^ (dns_id >> 15)) & 1);
604    
605     return dns_id;
606     }
607    
608     struct dns_rcv;
609     struct dns_snd;
610    
611     struct dns_connection
612     {
613     connection *c;
614     struct vpn *vpn;
615    
616     dns_cfg cfg;
617    
618     bool established;
619 root 1.51 const basecoder *cdc;
620 pcg 1.18
621     tstamp last_received;
622     tstamp last_sent;
623 pcg 1.25 double min_latency;
624 pcg 1.18 double poll_interval, send_interval;
625    
626     vector<dns_rcv *> rcvpq;
627    
628 pcg 1.31 byte_stream rcvdq; int rcvseq; int repseq;
629 pcg 1.18 byte_stream snddq; int sndseq;
630    
631 pcg 1.46 inline void time_cb (ev::timer &w, int revents); ev::timer tw;
632 pcg 1.18 void receive_rep (dns_rcv *r);
633    
634 root 1.51 void reset (); // quite like tcp RST
635     void set_cfg (); // to be called after any cfg changes
636    
637 pcg 1.18 dns_connection (connection *c);
638     ~dns_connection ();
639     };
640    
641 pcg 1.10 struct dns_snd
642 pcg 1.3 {
643     dns_packet *pkt;
644 pcg 1.10 tstamp timeout, sent;
645 pcg 1.3 int retry;
646 pcg 1.9 struct dns_connection *dns;
647 pcg 1.5 int seqno;
648 pcg 1.17 bool stdhdr;
649 pcg 1.3
650 pcg 1.9 void gen_stream_req (int seqno, byte_stream &stream);
651 pcg 1.18 void gen_syn_req ();
652 pcg 1.11
653     dns_snd (dns_connection *dns);
654     ~dns_snd ();
655 pcg 1.3 };
656    
657 pcg 1.10 dns_snd::dns_snd (dns_connection *dns)
658 pcg 1.9 : dns (dns)
659 pcg 1.3 {
660 pcg 1.10 timeout = 0;
661 pcg 1.3 retry = 0;
662 pcg 1.10 seqno = 0;
663 pcg 1.43 sent = ev_now ();
664 pcg 1.17 stdhdr = false;
665 pcg 1.3
666     pkt = new dns_packet;
667    
668 pcg 1.5 pkt->id = next_id ();
669     }
670    
671 pcg 1.11 dns_snd::~dns_snd ()
672     {
673     delete pkt;
674     }
675    
676 root 1.49 static void
677     append_domain (dns_packet &pkt, int &offs, const char *domain)
678 pcg 1.10 {
679     // add tunnel domain
680     for (;;)
681     {
682     const char *end = strchr (domain, '.');
683    
684     if (!end)
685     end = domain + strlen (domain);
686    
687     int len = end - domain;
688    
689     pkt [offs++] = len;
690     memcpy (pkt.at (offs), domain, len);
691     offs += len;
692    
693     if (!*end)
694     break;
695    
696     domain = end + 1;
697     }
698     }
699    
700 root 1.49 void
701     dns_snd::gen_stream_req (int seqno, byte_stream &stream)
702 pcg 1.5 {
703 pcg 1.17 stdhdr = true;
704 pcg 1.5 this->seqno = seqno;
705    
706 pcg 1.43 timeout = ev_now () + INITIAL_TIMEOUT;
707 pcg 1.10
708 pcg 1.5 pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
709 pcg 1.4 pkt->qdcount = htons (1);
710 pcg 1.3
711 pcg 1.4 int offs = 6*2;
712 pcg 1.19 int dlen = MAX_DOMAIN_SIZE - (strlen (dns->c->conf->domain) + 2);
713 pcg 1.5 // MAX_DOMAIN_SIZE is technically 255, but bind doesn't compress responses well,
714     // so we need to have space for 2*MAX_DOMAIN_SIZE + header + extra
715    
716 pcg 1.8 char enc[256], *encp = enc;
717     encode_header (enc, THISNODE->id, seqno);
718 pcg 1.4
719 root 1.51 int datalen = dns->cdc->decode_len (dlen - (dlen + MAX_LBL_SIZE - 1) / MAX_LBL_SIZE - HDRSIZE);
720 pcg 1.4
721 pcg 1.9 if (datalen > stream.size ())
722     datalen = stream.size ();
723 pcg 1.8
724 root 1.51 int enclen = dns->cdc->encode (enc + HDRSIZE, stream.begin (), datalen) + HDRSIZE;
725 pcg 1.9 stream.remove (datalen);
726 pcg 1.4
727 pcg 1.5 while (enclen)
728     {
729     int lbllen = enclen < MAX_LBL_SIZE ? enclen : MAX_LBL_SIZE;
730    
731     (*pkt)[offs++] = lbllen;
732     memcpy (pkt->at (offs), encp, lbllen);
733 pcg 1.4
734 pcg 1.5 offs += lbllen;
735     encp += lbllen;
736 pcg 1.4
737 pcg 1.5 enclen -= lbllen;
738 pcg 1.4 }
739    
740 pcg 1.19 append_domain (*pkt, offs, dns->c->conf->domain);
741 pcg 1.3
742 pcg 1.10 (*pkt)[offs++] = 0;
743     (*pkt)[offs++] = RR_TYPE_ANY >> 8; (*pkt)[offs++] = RR_TYPE_ANY;
744     (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN;
745    
746     pkt->len = offs;
747     }
748    
749 root 1.49 void
750     dns_snd::gen_syn_req ()
751 pcg 1.10 {
752 pcg 1.43 timeout = ev_now () + INITIAL_SYN_TIMEOUT;
753 pcg 1.4
754 pcg 1.10 pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
755     pkt->qdcount = htons (1);
756 pcg 1.4
757 pcg 1.18 int offs = 6 * 2;
758 pcg 1.4
759 pcg 1.18 int elen = cdc26.encode ((char *)pkt->at (offs + 1), (u8 *)&dns->cfg, sizeof (dns_cfg));
760 pcg 1.4
761 pcg 1.10 assert (elen <= MAX_LBL_SIZE);
762 pcg 1.4
763 pcg 1.10 (*pkt)[offs] = elen;
764     offs += elen + 1;
765 pcg 1.19 append_domain (*pkt, offs, dns->c->conf->domain);
766 pcg 1.4
767     (*pkt)[offs++] = 0;
768 pcg 1.10 (*pkt)[offs++] = RR_TYPE_A >> 8; (*pkt)[offs++] = RR_TYPE_A;
769 pcg 1.4 (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN;
770    
771     pkt->len = offs;
772 pcg 1.5 }
773    
774     struct dns_rcv
775     {
776     int seqno;
777     dns_packet *pkt; // reply packet
778     u8 data [MAXSIZE]; // actually part of the reply packet...
779     int datalen;
780    
781 pcg 1.6 dns_rcv (int seqno, u8 *data, int datalen);
782 pcg 1.5 ~dns_rcv ();
783     };
784    
785 pcg 1.6 dns_rcv::dns_rcv (int seqno, u8 *data, int datalen)
786 pcg 1.5 : seqno (seqno), pkt (new dns_packet), datalen (datalen)
787     {
788     memcpy (this->data, data, datalen);
789     }
790 pcg 1.4
791 pcg 1.5 dns_rcv::~dns_rcv ()
792     {
793     delete pkt;
794 pcg 1.3 }
795    
796     /////////////////////////////////////////////////////////////////////////////
797 pcg 1.9
798     dns_connection::dns_connection (connection *c)
799     : c (c)
800     , rcvdq (MAX_BACKLOG * 2)
801 pcg 1.31 , snddq (MAX_BACKLOG)
802 pcg 1.9 {
803 pcg 1.45 tw.set<dns_connection, &dns_connection::time_cb> (this);
804    
805 pcg 1.9 vpn = c->vpn;
806    
807 root 1.51 reset ();
808     }
809    
810     dns_connection::~dns_connection ()
811     {
812     reset ();
813     }
814    
815     void
816     dns_connection::reset ()
817     {
818     while (!rcvpq.empty ())
819     {
820     delete rcvpq.back ();
821     rcvpq.pop_back ();
822     }
823    
824     for (int i = vpn->dns_sndpq.size (); i--; )
825     if (vpn->dns_sndpq [i]->dns == this)
826     {
827     vpn->dns_sndpq [i] = vpn->dns_sndpq.back ();
828     vpn->dns_sndpq.pop_back ();
829     }
830    
831 pcg 1.10 established = false;
832    
833 pcg 1.31 rcvseq = repseq = sndseq = 0;
834 pcg 1.10
835     last_sent = last_received = 0;
836 pcg 1.30 poll_interval = 0.5; // starting here
837 pcg 1.17 send_interval = 0.5; // starting rate
838 pcg 1.25 min_latency = INITIAL_TIMEOUT;
839 pcg 1.9 }
840    
841 root 1.51 void
842     dns_connection::set_cfg ()
843 pcg 1.9 {
844 root 1.51 cdc = cfg.req_cdc == 36 ? &cdc36 : &cdc62;
845 pcg 1.9 }
846 pcg 1.3
847 root 1.49 void
848     dns_connection::receive_rep (dns_rcv *r)
849 pcg 1.2 {
850 pcg 1.10 if (r->datalen)
851     {
852 pcg 1.43 last_received = ev_now ();
853 pcg 1.42 tw ();
854 pcg 1.10
855 pcg 1.12 poll_interval = send_interval;
856 pcg 1.10 }
857     else
858     {
859 pcg 1.17 poll_interval *= 1.5;
860 pcg 1.25
861 pcg 1.10 if (poll_interval > MAX_POLL_INTERVAL)
862     poll_interval = MAX_POLL_INTERVAL;
863     }
864 pcg 1.2
865 pcg 1.9 rcvpq.push_back (r);
866 pcg 1.5
867     redo:
868    
869 pcg 1.8 // find next packet
870 pcg 1.9 for (vector<dns_rcv *>::iterator i = rcvpq.end (); i-- != rcvpq.begin (); )
871     if (SEQNO_EQ (rcvseq, (*i)->seqno))
872 pcg 1.5 {
873 pcg 1.41 //printf ("seqno eq %x %x\n", rcvseq, (*i)->seqno);//D
874 pcg 1.8 // enter the packet into our input stream
875     r = *i;
876    
877     // remove the oldest packet, look forward, as it's oldest first
878 pcg 1.9 for (vector<dns_rcv *>::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j)
879     if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW))
880 pcg 1.8 {
881 pcg 1.41 //printf ("seqno RR %x %x\n", (*j)->seqno, rcvseq - MAX_WINDOW);//D
882 pcg 1.8 delete *j;
883 pcg 1.9 rcvpq.erase (j);
884 pcg 1.8 break;
885     }
886 pcg 1.5
887 pcg 1.9 rcvseq = (rcvseq + 1) & SEQNO_MASK;
888 pcg 1.5
889 pcg 1.9 if (!rcvdq.put (r->data, r->datalen))
890 pcg 1.17 {
891 root 1.50 // MUST never overflow, can be caused by data corruption, TODO
892     slog (L_CRIT, "DNS: !rcvdq.put (r->data, r->datalen)");
893 root 1.51 reset ();
894 root 1.50 return;
895 pcg 1.17 }
896 pcg 1.5
897 pcg 1.9 while (vpn_packet *pkt = rcvdq.get ())
898 pcg 1.5 {
899     sockinfo si;
900 pcg 1.33 si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4;
901 pcg 1.5
902     vpn->recv_vpn_packet (pkt, si);
903 pcg 1.11 delete pkt;
904 pcg 1.5 }
905 pcg 1.8
906     // check for further packets
907 pcg 1.5 goto redo;
908     }
909     }
910    
911 pcg 1.10 void
912     vpn::dnsv4_server (dns_packet &pkt)
913 pcg 1.2 {
914 pcg 1.10 u16 flags = ntohs (pkt.flags);
915 pcg 1.2
916 pcg 1.4 int offs = 6 * 2; // skip header
917 pcg 1.2
918 pcg 1.10 pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR);
919 pcg 1.2
920 pcg 1.10 if (0 == (flags & (FLAG_RESPONSE | FLAG_OP_MASK))
921     && pkt.qdcount == htons (1))
922 pcg 1.4 {
923 pcg 1.24 char qname [MAXSIZE];
924 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
925 pcg 1.4
926 pcg 1.10 u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++];
927     u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++];
928 pcg 1.2
929 pcg 1.10 pkt.qdcount = htons (1);
930     pkt.ancount = 0;
931     pkt.nscount = 0; // should be self, as other nameservers reply like this
932     pkt.arcount = 0; // a record for self, as other nameservers reply like this
933 pcg 1.2
934 pcg 1.16 pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_SERVFAIL);
935 pcg 1.2
936 pcg 1.4 int dlen = strlen (THISNODE->domain);
937 pcg 1.2
938 pcg 1.4 if (qclass == RR_CLASS_IN
939 pcg 1.10 && qlen > dlen + 1
940 pcg 1.24 && !memcmp (qname + qlen - (dlen + 1), THISNODE->domain, dlen))
941 pcg 1.2 {
942 pcg 1.10 // now generate reply
943     pkt.ancount = htons (1); // one answer RR
944     pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_OK);
945    
946     if ((qtype == RR_TYPE_ANY
947     || qtype == RR_TYPE_TXT
948     || qtype == RR_TYPE_NULL)
949     && qlen > dlen + 1 + HDRSIZE)
950 pcg 1.5 {
951 pcg 1.10 // correct class, domain: parse
952     int client, seqno;
953     decode_header (qname, client, seqno);
954 pcg 1.5
955 pcg 1.10 if (0 < client && client <= conns.size ())
956     {
957     connection *c = conns [client - 1];
958     dns_connection *dns = c->dns;
959     dns_rcv *rcv;
960    
961     if (dns)
962     {
963 root 1.51 u8 data[MAXSIZE];
964     int datalen = dns->cdc->decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE));
965    
966 pcg 1.10 for (vector<dns_rcv *>::iterator i = dns->rcvpq.end (); i-- != dns->rcvpq.begin (); )
967     if (SEQNO_EQ ((*i)->seqno, seqno))
968     {
969     // already seen that request: simply reply with the cached reply
970     dns_rcv *r = *i;
971    
972 pcg 1.17 slog (L_DEBUG, "DNS: duplicate packet received ID %d, SEQ %d", htons (r->pkt->id), seqno);
973    
974     // refresh header & id, as the retry count could have changed
975     memcpy (r->pkt->at (6 * 2 + 1), pkt.at (6 * 2 + 1), HDRSIZE);
976     r->pkt->id = pkt.id;
977 pcg 1.10
978     memcpy (pkt.at (0), r->pkt->at (0), offs = r->pkt->len);
979 pcg 1.17
980 pcg 1.10 goto duplicate_request;
981     }
982    
983     // new packet, queue
984     rcv = new dns_rcv (seqno, data, datalen);
985     dns->receive_rep (rcv);
986     }
987    
988 pcg 1.21 {
989     pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section
990    
991     int rtype = dns ? dns->cfg.rrtype : RR_TYPE_A;
992     pkt [offs++] = rtype >> 8; pkt [offs++] = rtype; // type
993     pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class
994     pkt [offs++] = 0; pkt [offs++] = 0;
995     pkt [offs++] = 0; pkt [offs++] = dns ? dns->cfg.def_ttl : 0; // TTL
996    
997     int rdlen_offs = offs += 2;
998 pcg 1.10
999 pcg 1.21 if (dns)
1000     {
1001 pcg 1.27 int dlen = ntohs (dns->cfg.max_size) - offs;
1002    
1003     // bind doesn't compress well, so reduce further by one label length
1004     dlen -= qlen;
1005    
1006 pcg 1.21 // only put data into in-order sequence packets, if
1007     // we receive out-of-order packets we generate empty
1008     // replies
1009 pcg 1.31 //printf ("%d - %d & %x (=%d) < %d\n", seqno, dns->repseq, SEQNO_MASK, (seqno - dns->repseq) & SEQNO_MASK, MAX_WINDOW);//D
1010     if (((seqno - dns->repseq) & SEQNO_MASK) <= MAX_WINDOW)
1011 pcg 1.21 {
1012 pcg 1.31 dns->repseq = seqno;
1013 pcg 1.10
1014 pcg 1.31 while (dlen > 1 && !dns->snddq.empty ())
1015     {
1016     int txtlen = dlen <= 255 ? dlen - 1 : 255;
1017    
1018     if (txtlen > dns->snddq.size ())
1019     txtlen = dns->snddq.size ();
1020    
1021     pkt[offs++] = txtlen;
1022     memcpy (pkt.at (offs), dns->snddq.begin (), txtlen);
1023     offs += txtlen;
1024     dns->snddq.remove (txtlen);
1025 pcg 1.10
1026 pcg 1.31 dlen -= txtlen + 1;
1027     }
1028 pcg 1.21 }
1029    
1030 pcg 1.31 // avoid completely empty TXT rdata
1031 pcg 1.21 if (offs == rdlen_offs)
1032     pkt[offs++] = 0;
1033 pcg 1.15
1034 pcg 1.21 slog (L_NOISE, "DNS: snddq %d", dns->snddq.size ());
1035     }
1036     else
1037     {
1038     // send RST
1039     pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3;
1040     pkt [offs++] = CMD_IP_RST;
1041     }
1042 pcg 1.10
1043 pcg 1.21 int rdlen = offs - rdlen_offs;
1044 pcg 1.10
1045 pcg 1.21 pkt [rdlen_offs - 2] = rdlen >> 8;
1046     pkt [rdlen_offs - 1] = rdlen;
1047 pcg 1.10
1048 pcg 1.21 if (dns)
1049     {
1050     // now update dns_rcv copy
1051     rcv->pkt->len = offs;
1052     memcpy (rcv->pkt->at (0), pkt.at (0), offs);
1053     }
1054     }
1055 pcg 1.9
1056 pcg 1.10 duplicate_request: ;
1057     }
1058     else
1059     pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR);
1060     }
1061     else if (qtype == RR_TYPE_A
1062     && qlen > dlen + 1 + cdc26.encode_len (sizeof (dns_cfg)))
1063     {
1064     dns_cfg cfg;
1065     cdc26.decode ((u8 *)&cfg, qname, cdc26.encode_len (sizeof (dns_cfg)));
1066     int client = ntohs (cfg.client);
1067 pcg 1.4
1068 pcg 1.10 pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section
1069 pcg 1.2
1070 pcg 1.10 pkt [offs++] = RR_TYPE_A >> 8; pkt [offs++] = RR_TYPE_A; // type
1071     pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class
1072     pkt [offs++] = 0; pkt [offs++] = 0;
1073     pkt [offs++] = 0; pkt [offs++] = cfg.def_ttl; // TTL
1074     pkt [offs++] = 0; pkt [offs++] = 4; // rdlength
1075 pcg 1.2
1076 pcg 1.10 pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3;
1077     pkt [offs++] = CMD_IP_REJ;
1078 pcg 1.2
1079 pcg 1.10 if (0 < client && client <= conns.size ())
1080 pcg 1.5 {
1081 pcg 1.10 connection *c = conns [client - 1];
1082 pcg 1.2
1083 pcg 1.10 if (cfg.valid ())
1084     {
1085 root 1.51 slog (L_INFO, _("DNS: client %d connects (version %d, req_cdc %d)"), client, cfg.version, cfg.req_cdc);
1086    
1087     // check for any encoding mismatches - hints at a case problem
1088     char qname2 [MAX_ENC_LEN];
1089     cdc26.encode (qname2, (u8 *)&cfg, sizeof (dns_cfg));
1090 pcg 1.10
1091     delete c->dns;
1092 root 1.51
1093     pkt [offs - 1] = memcmp (qname, qname2, cdc26.encode_len (sizeof (dns_cfg)))
1094     ? CMD_IP_CSE : CMD_IP_SYN;
1095    
1096 pcg 1.10 c->dns = new dns_connection (c);
1097     c->dns->cfg = cfg;
1098 root 1.51 c->dns->set_cfg ();
1099 pcg 1.10 }
1100 pcg 1.5 }
1101     }
1102 pcg 1.2 }
1103 pcg 1.6
1104 pcg 1.10 pkt.len = offs;
1105 pcg 1.4 }
1106     }
1107    
1108     void
1109 pcg 1.10 vpn::dnsv4_client (dns_packet &pkt)
1110 pcg 1.4 {
1111 pcg 1.10 u16 flags = ntohs (pkt.flags);
1112 pcg 1.4 int offs = 6 * 2; // skip header
1113    
1114 pcg 1.10 pkt.qdcount = ntohs (pkt.qdcount);
1115     pkt.ancount = ntohs (pkt.ancount);
1116 pcg 1.4
1117 pcg 1.5 // go through our request list and find the corresponding request
1118 pcg 1.10 for (vector<dns_snd *>::iterator i = dns_sndpq.begin ();
1119 pcg 1.4 i != dns_sndpq.end ();
1120     ++i)
1121 pcg 1.10 if ((*i)->pkt->id == pkt.id)
1122 pcg 1.4 {
1123 pcg 1.9 dns_connection *dns = (*i)->dns;
1124 pcg 1.12 connection *c = dns->c;
1125 pcg 1.5 int seqno = (*i)->seqno;
1126     u8 data[MAXSIZE], *datap = data;
1127 pcg 1.41 //printf ("rcv pkt %x\n", seqno);//D
1128 root 1.51 bool back_off = (*i)->retry;
1129 pcg 1.5
1130 root 1.51 if (back_off)
1131 pcg 1.10 {
1132 pcg 1.17 dns->send_interval *= 1.01;
1133 pcg 1.12 if (dns->send_interval > MAX_SEND_INTERVAL)
1134 pcg 1.10 dns->send_interval = MAX_SEND_INTERVAL;
1135     }
1136     else
1137     {
1138 pcg 1.26 #if 0
1139 pcg 1.17 dns->send_interval *= 0.999;
1140 pcg 1.12 #endif
1141 pcg 1.10 // the latency surely puts an upper bound on
1142     // the minimum send interval
1143 pcg 1.43 double latency = ev_now () - (*i)->sent;
1144 pcg 1.12
1145 pcg 1.25 if (latency < dns->min_latency)
1146     dns->min_latency = latency;
1147    
1148 pcg 1.37 if (dns->send_interval > dns->min_latency * conf.dns_overlap_factor)
1149     dns->send_interval = dns->min_latency * conf.dns_overlap_factor;
1150 pcg 1.27
1151 pcg 1.37 if (dns->send_interval < conf.dns_send_interval)
1152     dns->send_interval = conf.dns_send_interval;
1153 pcg 1.10 }
1154    
1155 pcg 1.4 delete *i;
1156     dns_sndpq.erase (i);
1157    
1158 pcg 1.10 if (flags & FLAG_RESPONSE && !(flags & FLAG_OP_MASK))
1159 pcg 1.4 {
1160     char qname[MAXSIZE];
1161    
1162 pcg 1.10 while (pkt.qdcount-- && offs < MAXSIZE - 4)
1163 pcg 1.4 {
1164 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
1165 pcg 1.4 offs += 4; // skip qtype, qclass
1166     }
1167    
1168 pcg 1.10 while (pkt.ancount-- && offs < MAXSIZE - 10 && datap)
1169 pcg 1.4 {
1170 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
1171    
1172     u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++];
1173     u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++];
1174     u32 ttl = pkt [offs++] << 24;
1175     ttl |= pkt [offs++] << 16;
1176     ttl |= pkt [offs++] << 8;
1177     ttl |= pkt [offs++];
1178     u16 rdlen = pkt [offs++] << 8; rdlen |= pkt [offs++];
1179 pcg 1.8
1180 root 1.51 if (qtype == RR_TYPE_NULL || qtype == RR_TYPE_TXT || qtype == dns->cfg.rrtype)
1181 pcg 1.10 {
1182     if (rdlen <= MAXSIZE - offs)
1183     {
1184     // decode bytes, finally
1185    
1186     while (rdlen)
1187     {
1188     int txtlen = pkt [offs++];
1189 pcg 1.4
1190 pcg 1.10 assert (txtlen + offs < MAXSIZE - 1);
1191 pcg 1.4
1192 pcg 1.10 memcpy (datap, pkt.at (offs), txtlen);
1193     datap += txtlen; offs += txtlen;
1194    
1195     rdlen -= txtlen + 1;
1196     }
1197     }
1198     }
1199     else if (qtype == RR_TYPE_A)
1200 pcg 1.5 {
1201 pcg 1.10 u8 ip [4];
1202 pcg 1.5
1203 pcg 1.10 ip [0] = pkt [offs++];
1204     ip [1] = pkt [offs++];
1205     ip [2] = pkt [offs++];
1206     ip [3] = pkt [offs++];
1207    
1208     if (ip [0] == CMD_IP_1
1209     && ip [1] == CMD_IP_2
1210     && ip [2] == CMD_IP_3)
1211 pcg 1.5 {
1212 pcg 1.17 slog (L_TRACE, _("DNS: got tunnel meta command %02x"), ip [3]);
1213 pcg 1.5
1214 pcg 1.10 if (ip [3] == CMD_IP_RST)
1215     {
1216 root 1.51 slog (L_DEBUG, _("DNS: got tunnel RST request."));
1217 pcg 1.10
1218 root 1.51 dns->reset ();
1219     return;
1220 pcg 1.10 }
1221     else if (ip [3] == CMD_IP_SYN)
1222 pcg 1.12 {
1223 pcg 1.17 slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us."));
1224 pcg 1.12 dns->established = true;
1225     }
1226 root 1.51 else if (ip [3] == CMD_IP_CSE)
1227     {
1228     if (conf.dns_case_preserving)
1229     {
1230     slog (L_INFO, _("DNS: got tunnel CSE reply, globally downgrading to case-insensitive protocol."));
1231     conf.dns_case_preserving = false;
1232     dns->reset ();
1233     return;
1234     }
1235     else
1236     {
1237     slog (L_DEBUG, _("DNS: got tunnel CSE reply, server likes us."));
1238     dns->established = true;
1239     }
1240     }
1241 pcg 1.12 else if (ip [3] == CMD_IP_REJ)
1242 root 1.51 {
1243     slog (L_ERR, _("DNS: got tunnel REJ reply, server does not like us."));
1244     dns->tw.start (60.);
1245     }
1246 pcg 1.10 else
1247 root 1.51 {
1248     slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]);
1249     dns->tw.start (60.);
1250     }
1251 pcg 1.10 }
1252     else
1253 pcg 1.17 slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"),
1254 pcg 1.10 ip [0], ip [1], ip [2], ip [3]);
1255 pcg 1.5
1256 pcg 1.10 return;
1257 pcg 1.9 }
1258 pcg 1.4
1259 pcg 1.9 int client, rseqno;
1260     decode_header (qname, client, rseqno);
1261    
1262     if (client != THISNODE->id)
1263     {
1264 pcg 1.17 slog (L_INFO, _("DNS: got dns tunnel response with wrong clientid, ignoring"));
1265 pcg 1.9 datap = 0;
1266     }
1267     else if (rseqno != seqno)
1268     {
1269 pcg 1.17 slog (L_DEBUG, _("DNS: got dns tunnel response with wrong seqno, badly caching nameserver?"));
1270 pcg 1.9 datap = 0;
1271 pcg 1.4 }
1272     }
1273     }
1274    
1275 pcg 1.6 // todo: pkt now used
1276 pcg 1.9 if (datap)
1277     dns->receive_rep (new dns_rcv (seqno, data, datap - data));
1278 root 1.51 else if (dns_sndpq.empty ()) // no data received, and nothing to send - idle
1279     {
1280     dns->send_interval *= 1.1;
1281    
1282     if (dns->send_interval < MIN_POLL_INTERVAL)
1283     dns->send_interval = MIN_POLL_INTERVAL;
1284    
1285     if (dns->send_interval > MAX_POLL_INTERVAL && !back_off)
1286     dns->send_interval = MAX_POLL_INTERVAL;
1287     }
1288 pcg 1.5
1289 pcg 1.4 break;
1290     }
1291     }
1292    
1293     void
1294 pcg 1.42 vpn::dnsv4_ev (ev::io &w, int revents)
1295 pcg 1.4 {
1296 pcg 1.42 if (revents & EV_READ)
1297 pcg 1.4 {
1298     dns_packet *pkt = new dns_packet;
1299     struct sockaddr_in sa;
1300     socklen_t sa_len = sizeof (sa);
1301    
1302 pcg 1.10 pkt->len = recvfrom (w.fd, pkt->at (0), MAXSIZE, 0, (sockaddr *)&sa, &sa_len);
1303 pcg 1.4
1304     if (pkt->len > 0)
1305 pcg 1.5 {
1306 pcg 1.24 if (ntohs (pkt->flags) & FLAG_RESPONSE)
1307     dnsv4_client (*pkt);
1308     else
1309 pcg 1.5 {
1310 pcg 1.10 dnsv4_server (*pkt);
1311     sendto (w.fd, pkt->at (0), pkt->len, 0, (sockaddr *)&sa, sa_len);
1312 pcg 1.5 }
1313 pcg 1.10
1314     delete pkt;
1315 pcg 1.5 }
1316 pcg 1.1 }
1317     }
1318    
1319     bool
1320 pcg 1.18 vpn::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos)
1321 pcg 1.3 {
1322 pcg 1.33 int client = ntohl (si.host);
1323 pcg 1.18
1324     assert (0 < client && client <= conns.size ());
1325    
1326     connection *c = conns [client - 1];
1327    
1328     if (!c->dns)
1329     c->dns = new dns_connection (c);
1330 pcg 1.4
1331 pcg 1.31 if (c->dns->snddq.put (pkt))
1332 pcg 1.42 c->dns->tw ();
1333 pcg 1.3
1334 pcg 1.31 // always return true even if the buffer overflows
1335 pcg 1.3 return true;
1336     }
1337    
1338 pcg 1.10 #define NEXT(w) do { if (next > (w)) next = w; } while (0)
1339    
1340 pcg 1.3 void
1341 pcg 1.42 dns_connection::time_cb (ev::timer &w, int revents)
1342 pcg 1.1 {
1343 pcg 1.10 // servers have to be polled
1344     if (THISNODE->dns_port)
1345     return;
1346    
1347 pcg 1.3 // check for timeouts and (re)transmit
1348 pcg 1.42 tstamp next = ev::now () + poll_interval;
1349 pcg 1.10 dns_snd *send = 0;
1350 pcg 1.3
1351 pcg 1.10 for (vector<dns_snd *>::iterator i = vpn->dns_sndpq.begin ();
1352 pcg 1.4 i != vpn->dns_sndpq.end ();
1353 pcg 1.3 ++i)
1354     {
1355 pcg 1.10 dns_snd *r = *i;
1356 pcg 1.3
1357 pcg 1.43 if (r->timeout <= ev_now ())
1358 pcg 1.3 {
1359 pcg 1.4 if (!send)
1360     {
1361     send = r;
1362    
1363     r->retry++;
1364 pcg 1.43 r->timeout = ev_now () + (r->retry * min_latency * conf.dns_timeout_factor);
1365     //printf ("RETRY %x (%d, %f)\n", r->seqno, r->retry, r->timeout - ev_now ());//D
1366 pcg 1.17
1367     // the following code changes the query section a bit, forcing
1368     // the forwarder to generate a new request
1369     if (r->stdhdr)
1370 pcg 1.41 encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry);
1371 pcg 1.4 }
1372 pcg 1.3 }
1373 pcg 1.11 else
1374 pcg 1.10 NEXT (r->timeout);
1375 pcg 1.3 }
1376    
1377 pcg 1.28 if (!send)
1378 pcg 1.5 {
1379 pcg 1.29 // generate a new packet, if wise
1380    
1381     if (!established)
1382 pcg 1.10 {
1383 pcg 1.29 if (vpn->dns_sndpq.empty ())
1384 pcg 1.10 {
1385 pcg 1.29 send = new dns_snd (this);
1386 pcg 1.10
1387 pcg 1.29 cfg.reset (THISNODE->id);
1388 root 1.51 set_cfg ();
1389 pcg 1.29 send->gen_syn_req ();
1390 pcg 1.10 }
1391 pcg 1.29 }
1392 pcg 1.37 else if (vpn->dns_sndpq.size () < conf.dns_max_outstanding
1393 pcg 1.29 && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1)))
1394     {
1395 pcg 1.43 if (last_sent + send_interval <= ev_now ())
1396 pcg 1.10 {
1397 pcg 1.18 //printf ("sending data request etc.\n"); //D
1398 pcg 1.43 if (!snddq.empty () || last_received + 1. > ev_now ())
1399 pcg 1.17 {
1400     poll_interval = send_interval;
1401 pcg 1.43 NEXT (ev_now () + send_interval);
1402 pcg 1.17 }
1403    
1404 pcg 1.10 send = new dns_snd (this);
1405     send->gen_stream_req (sndseq, snddq);
1406 pcg 1.43 send->timeout = ev_now () + min_latency * conf.dns_timeout_factor;
1407     //printf ("SEND %x (%f)\n", send->seqno, send->timeout - ev_now (), min_latency, conf.dns_timeout_factor);//D
1408 pcg 1.5
1409 pcg 1.10 sndseq = (sndseq + 1) & SEQNO_MASK;
1410     }
1411 pcg 1.29 else
1412     NEXT (last_sent + send_interval);
1413     }
1414 pcg 1.4
1415 pcg 1.29 if (send)
1416     vpn->dns_sndpq.push_back (send);
1417 pcg 1.28 }
1418 pcg 1.4
1419 pcg 1.28 if (send)
1420     {
1421 pcg 1.43 last_sent = ev_now ();
1422 pcg 1.28 sendto (vpn->dnsv4_fd,
1423     send->pkt->at (0), send->pkt->len, 0,
1424     vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ());
1425 pcg 1.4 }
1426 pcg 1.10
1427 pcg 1.27 slog (L_NOISE, "DNS: pi %f si %f N %f (%d:%d %d)",
1428 pcg 1.43 poll_interval, send_interval, next - ev_now (),
1429 pcg 1.27 vpn->dns_sndpq.size (), snddq.size (),
1430     rcvpq.size ());
1431 pcg 1.11
1432 pcg 1.43 // TODO: no idea when this happens, but when next < ev_now (), we have a problem
1433 pcg 1.37 // doesn't seem to happen anymore
1434 pcg 1.43 if (next < ev_now () + 0.001)
1435     next = ev_now () + 0.1;
1436 pcg 1.4
1437 pcg 1.43 w.start (next - ev_now ());
1438 pcg 1.1 }
1439    
1440     #endif
1441