ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/vpn_dns.C
Revision: 1.52
Committed: Sun Mar 6 21:01:37 2011 UTC (13 years, 2 months ago) by root
Content type: text/plain
Branch: MAIN
Changes since 1.51: +19 -45 lines
Log Message: 
*** empty log message ***

File Contents

# User Rev Content
1 pcg 1.1 /*
2     vpn_dns.C -- handle the dns tunnel part of the protocol.
3 root 1.51 Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de>
4 pcg 1.1
5 pcg 1.7 This file is part of GVPE.
6    
7 pcg 1.47 GVPE is free software; you can redistribute it and/or modify it
8     under the terms of the GNU General Public License as published by the
9     Free Software Foundation; either version 3 of the License, or (at your
10     option) any later version.
11    
12     This program is distributed in the hope that it will be useful, but
13     WITHOUT ANY WARRANTY; without even the implied warranty of
14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15     Public License for more details.
16    
17     You should have received a copy of the GNU General Public License along
18     with this program; if not, see <http://www.gnu.org/licenses/>.
19    
20     Additional permission under GNU GPL version 3 section 7
21    
22     If you modify this Program, or any covered work, by linking or
23     combining it with the OpenSSL project's OpenSSL library (or a modified
24     version of that library), containing parts covered by the terms of the
25     OpenSSL or SSLeay licenses, the licensors of this Program grant you
26     additional permission to convey the resulting work. Corresponding
27     Source for a non-source form of such a combination shall include the
28     source code for the parts of OpenSSL used as well as that of the
29     covered work.
30 pcg 1.1 */
31    
32 pcg 1.38 // TODO: EDNS0 option to increase dns mtu?
33     // TODO: re-write dns packet parsing/creation using a safe mem-buffer
34     // to ensure no buffer overflows or similar problems.
35    
36 pcg 1.1 #include "config.h"
37    
38     #if ENABLE_DNS
39    
40     // dns processing is EXTREMELY ugly. For obvious(?) reasons.
41     // it's a hack, use only in emergency situations please.
42    
43     #include <cstring>
44 pcg 1.20 #include <cassert>
45 pcg 1.1
46     #include <sys/types.h>
47     #include <sys/socket.h>
48     #include <sys/wait.h>
49     #include <sys/uio.h>
50     #include <errno.h>
51     #include <time.h>
52     #include <unistd.h>
53     #include <fcntl.h>
54    
55     #include <map>
56    
57 pcg 1.44 #include <cstdio> /* bug in libgmp: gmp.h relies on cstdio being included */
58 pcg 1.8 #include <gmp.h>
59    
60 pcg 1.1 #include "netcompat.h"
61    
62     #include "vpn.h"
63    
64 root 1.52 #define MIN_POLL_INTERVAL 0.025 // poll at most this often when no data received
65 root 1.51 #define MAX_POLL_INTERVAL 1. // how often to poll minimally when the server has no data
66 pcg 1.10
67 pcg 1.17 #define INITIAL_TIMEOUT 0.1 // retry timeouts
68 pcg 1.36 #define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn
69 pcg 1.10
70 root 1.52 #define MAX_SEND_INTERVAL 5. // optimistic?
71 pcg 1.1
72 pcg 1.17 #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING, and backlog
73 pcg 1.35 #define MAX_BACKLOG (64*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE
74 pcg 1.5
75 pcg 1.34 #define MAX_DOMAIN_SIZE 240 // 255 is legal limit, but bind doesn't compress well
76 pcg 1.5 // 240 leaves about 4 bytes of server reply data
77 pcg 1.33 // every request byte less give room for two reply bytes
78 pcg 1.5
79 pcg 1.32 #define SEQNO_MASK 0x3fff
80 pcg 1.8 #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) )
81 pcg 1.1
82 pcg 1.8 #define MAX_LBL_SIZE 63
83     #define MAX_PKT_SIZE 512
84 pcg 1.1
85 pcg 1.10 #define RR_TYPE_A 1
86     #define RR_TYPE_NULL 10
87     #define RR_TYPE_TXT 16
88 pcg 1.48 #define RR_TYPE_AAAA 28
89 pcg 1.8 #define RR_TYPE_ANY 255
90 pcg 1.10
91     #define RR_CLASS_IN 1
92    
93     #define CMD_IP_1 207
94     #define CMD_IP_2 46
95     #define CMD_IP_3 236
96 root 1.51
97     #define CMD_IP_RST 29 // some error, reset and retry
98     #define CMD_IP_REJ 32 // do not want you
99     #define CMD_IP_SYN 113 // connection established
100     #define CMD_IP_CSE 213 // connection established, but likely case mismatch
101    
102     static bool
103     is_uc (char c)
104     {
105     return 'A' <= c && c <= 'Z';
106     }
107    
108     static bool
109     is_lc (char c)
110     {
111     return 'a' <= c && c <= 'z';
112     }
113 pcg 1.1
114 pcg 1.8 // works for cmaps up to 255 (not 256!)
115     struct charmap
116     {
117     enum { INVALID = (u8)255 };
118 pcg 1.1
119 pcg 1.8 char encode [256]; // index => char
120     u8 decode [256]; // char => index
121     unsigned int size;
122 pcg 1.2
123 pcg 1.8 charmap (const char *cmap);
124     };
125    
126     charmap::charmap (const char *cmap)
127     {
128     char *enc = encode;
129     u8 *dec = decode;
130 pcg 1.2
131 pcg 1.8 memset (enc, (char) 0, 256);
132     memset (dec, (char)INVALID, 256);
133 pcg 1.1
134 pcg 1.8 for (size = 0; cmap [size]; size++)
135     {
136 root 1.50 char c = cmap [size];
137    
138     enc [size] = c;
139     dec [(u8)c] = size;
140    
141     // allow lowercase/uppercase aliases if possible
142 root 1.51 if (is_uc (c) && dec [c + ('a' - 'A')] == INVALID) dec [c + ('a' - 'A')] = size;
143     if (is_lc (c) && dec [c - ('a' - 'A')] == INVALID) dec [c - ('a' - 'A')] = size;
144 pcg 1.8 }
145 pcg 1.1
146 pcg 1.8 assert (size < 256);
147     }
148 pcg 1.2
149 pcg 1.8 #define MAX_DEC_LEN 500
150     #define MAX_ENC_LEN (MAX_DEC_LEN * 2)
151     #define MAX_LIMBS ((MAX_DEC_LEN * 8 + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
152 pcg 1.2
153 pcg 1.8 // ugly. minimum base is 16(!)
154     struct basecoder
155 pcg 1.2 {
156 pcg 1.8 charmap cmap;
157     unsigned int enc_len [MAX_DEC_LEN];
158     unsigned int dec_len [MAX_ENC_LEN];
159 pcg 1.2
160 root 1.51 unsigned int encode_len (unsigned int len) const;
161     unsigned int decode_len (unsigned int len) const;
162 pcg 1.8
163 root 1.51 unsigned int encode (char *dst, u8 *src, unsigned int len) const;
164     unsigned int decode (u8 *dst, char *src, unsigned int len) const;
165 pcg 1.8
166     basecoder (const char *cmap);
167     };
168    
169     basecoder::basecoder (const char *cmap)
170     : cmap (cmap)
171     {
172     for (unsigned int len = 0; len < MAX_DEC_LEN; ++len)
173     {
174     u8 src [MAX_DEC_LEN];
175     u8 dst [MAX_ENC_LEN];
176 pcg 1.2
177 pcg 1.8 memset (src, 255, len);
178 pcg 1.2
179 pcg 1.8 mp_limb_t m [MAX_LIMBS];
180     mp_size_t n;
181    
182     n = mpn_set_str (m, src, len, 256);
183     n = mpn_get_str (dst, this->cmap.size, m, n);
184    
185     for (int i = 0; !dst [i]; ++i)
186     n--;
187    
188     enc_len [len] = n;
189     dec_len [n] = len;
190     }
191     }
192    
193 root 1.49 unsigned int
194 root 1.51 basecoder::encode_len (unsigned int len) const
195 pcg 1.8 {
196     return enc_len [len];
197     }
198 pcg 1.2
199 root 1.49 unsigned int
200 root 1.51 basecoder::decode_len (unsigned int len) const
201 pcg 1.2 {
202 pcg 1.8 while (len && !dec_len [len])
203     --len;
204    
205     return dec_len [len];
206 pcg 1.2 }
207    
208 root 1.49 unsigned int
209 root 1.51 basecoder::encode (char *dst, u8 *src, unsigned int len) const
210 pcg 1.2 {
211 pcg 1.10 if (!len || len > MAX_DEC_LEN)
212 pcg 1.8 return 0;
213    
214     int elen = encode_len (len);
215    
216     mp_limb_t m [MAX_LIMBS];
217     mp_size_t n;
218    
219     u8 dst_ [MAX_ENC_LEN];
220    
221     n = mpn_set_str (m, src, len, 256);
222     n = mpn_get_str (dst_, cmap.size, m, n);
223    
224     int plen = elen; // for padding
225 pcg 1.2
226 pcg 1.8 while (n < plen)
227 pcg 1.2 {
228 pcg 1.8 *dst++ = cmap.encode [0];
229     plen--;
230 pcg 1.2 }
231    
232 pcg 1.8 for (unsigned int i = n - plen; i < n; ++i)
233     *dst++ = cmap.encode [dst_ [i]];
234 pcg 1.4
235 pcg 1.8 return elen;
236 pcg 1.2 }
237    
238 root 1.49 unsigned int
239 root 1.51 basecoder::decode (u8 *dst, char *src, unsigned int len) const
240 pcg 1.2 {
241 pcg 1.10 if (!len || len > MAX_ENC_LEN)
242 pcg 1.8 return 0;
243    
244     u8 src_ [MAX_ENC_LEN];
245     unsigned int elen = 0;
246 pcg 1.2
247     while (len--)
248     {
249 pcg 1.8 u8 val = cmap.decode [(u8)*src++];
250 pcg 1.2
251 pcg 1.8 if (val != charmap::INVALID)
252     src_ [elen++] = val;
253     }
254    
255     int dlen = decode_len (elen);
256    
257     mp_limb_t m [MAX_LIMBS];
258     mp_size_t n;
259    
260     u8 dst_ [MAX_DEC_LEN];
261 pcg 1.2
262 pcg 1.8 n = mpn_set_str (m, src_, elen, cmap.size);
263     n = mpn_get_str (dst_, 256, m, n);
264 pcg 1.2
265 pcg 1.8 if (n < dlen)
266     {
267     memset (dst, 0, dlen - n);
268     memcpy (dst + dlen - n, dst_, n);
269 pcg 1.2 }
270 pcg 1.8 else
271     memcpy (dst, dst_ + n - dlen, dlen);
272 pcg 1.4
273 pcg 1.8 return dlen;
274     }
275    
276     #if 0
277     struct test { test (); } test;
278    
279     test::test ()
280     {
281     basecoder cdc ("0123456789abcdefghijklmnopqrstuvwxyz");
282    
283     u8 in[] = "0123456789abcdefghijklmnopqrstuvwxyz";
284     static char enc[200];
285     static u8 dec[200];
286    
287     for (int i = 1; i < 20; i++)
288     {
289     int elen = cdc.encode (enc, in, i);
290     int dlen = cdc.decode (dec, enc, elen);
291    
292     printf ("%d>%d>%d (%s>%s)\n", i, elen, dlen, enc, dec);
293     }
294     abort ();
295     }
296     #endif
297    
298 root 1.51 static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); // a-zA-Z0-9
299     static basecoder cdc36 ("dPhZr06QmJkB34tSvL81xAeF92wGyO57uCnI"); // a-z0-9 for case-changers
300     static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyOuCnI"); // a-z
301 pcg 1.8
302     /////////////////////////////////////////////////////////////////////////////
303    
304 root 1.51 #define HDRSIZE 5
305 pcg 1.24
306 root 1.49 inline void
307     encode_header (char *data, int clientid, int seqno, int retry = 0)
308 pcg 1.8 {
309 root 1.51 assert (clientid < 256);
310    
311 pcg 1.17 seqno &= SEQNO_MASK;
312    
313     u8 hdr[3] = {
314 root 1.51 seqno,
315     (seqno >> 8) | (retry << 6),
316 pcg 1.17 clientid,
317     };
318 pcg 1.8
319 root 1.51 cdc36.encode (data, hdr, 3);
320 pcg 1.8 }
321    
322 root 1.49 inline void
323     decode_header (char *data, int &clientid, int &seqno)
324 pcg 1.8 {
325     u8 hdr[3];
326    
327 root 1.51 cdc36.decode (hdr, data, HDRSIZE);
328 pcg 1.8
329 root 1.51 clientid = hdr[2];
330     seqno = ((hdr[1] << 8) | hdr[0]) & SEQNO_MASK;
331 pcg 1.4 }
332    
333     /////////////////////////////////////////////////////////////////////////////
334    
335     struct byte_stream
336     {
337     u8 *data;
338     int maxsize;
339     int fill;
340    
341     byte_stream (int maxsize);
342     ~byte_stream ();
343    
344     bool empty () { return !fill; }
345     int size () { return fill; }
346    
347 pcg 1.5 bool put (u8 *data, unsigned int datalen);
348 pcg 1.4 bool put (vpn_packet *pkt);
349     vpn_packet *get ();
350    
351     u8 *begin () { return data; }
352     void remove (int count);
353     };
354    
355     byte_stream::byte_stream (int maxsize)
356     : maxsize (maxsize), fill (0)
357     {
358     data = new u8 [maxsize];
359     }
360    
361     byte_stream::~byte_stream ()
362     {
363     delete data;
364     }
365    
366 root 1.49 void
367     byte_stream::remove (int count)
368 pcg 1.4 {
369     if (count > fill)
370 pcg 1.17 assert (count <= fill);
371 pcg 1.4
372     memmove (data, data + count, fill -= count);
373     }
374    
375 root 1.49 bool
376     byte_stream::put (u8 *data, unsigned int datalen)
377 pcg 1.5 {
378     if (maxsize - fill < datalen)
379     return false;
380    
381     memcpy (this->data + fill, data, datalen); fill += datalen;
382    
383     return true;
384     }
385    
386 root 1.49 bool
387     byte_stream::put (vpn_packet *pkt)
388 pcg 1.4 {
389     if (maxsize - fill < pkt->len + 2)
390     return false;
391    
392     data [fill++] = pkt->len >> 8;
393     data [fill++] = pkt->len;
394    
395 pcg 1.10 memcpy (data + fill, pkt->at (0), pkt->len); fill += pkt->len;
396 pcg 1.4
397     return true;
398     }
399    
400     vpn_packet *byte_stream::get ()
401     {
402 pcg 1.18 unsigned int len;
403    
404     for (;;)
405     {
406     len = (data [0] << 8) | data [1];
407 pcg 1.4
408 pcg 1.18 if (len <= MAXSIZE || fill < 2)
409     break;
410 pcg 1.5
411 pcg 1.18 // TODO: handle this better than skipping, e.g. by reset
412     slog (L_DEBUG, _("DNS: corrupted packet stream skipping a byte..."));
413     remove (1);
414     }
415    
416 pcg 1.4 if (fill < len + 2)
417     return 0;
418    
419     vpn_packet *pkt = new vpn_packet;
420 pcg 1.5
421     pkt->len = len;
422 pcg 1.10 memcpy (pkt->at (0), data + 2, len);
423 pcg 1.4 remove (len + 2);
424    
425     return pkt;
426 pcg 1.2 }
427    
428 pcg 1.3 /////////////////////////////////////////////////////////////////////////////
429    
430 pcg 1.2 #define FLAG_QUERY ( 0 << 15)
431     #define FLAG_RESPONSE ( 1 << 15)
432 pcg 1.9 #define FLAG_OP_MASK (15 << 11)
433 pcg 1.2 #define FLAG_OP_QUERY ( 0 << 11)
434     #define FLAG_AA ( 1 << 10)
435     #define FLAG_TC ( 1 << 9)
436     #define FLAG_RD ( 1 << 8)
437     #define FLAG_RA ( 1 << 7)
438 pcg 1.5 #define FLAG_AUTH ( 1 << 5)
439 pcg 1.2 #define FLAG_RCODE_MASK (15 << 0)
440     #define FLAG_RCODE_OK ( 0 << 0)
441     #define FLAG_RCODE_FORMERR ( 1 << 0)
442     #define FLAG_RCODE_SERVFAIL ( 2 << 0)
443     #define FLAG_RCODE_NXDOMAIN ( 3 << 0)
444     #define FLAG_RCODE_REFUSED ( 5 << 0)
445    
446     #define DEFAULT_CLIENT_FLAGS (FLAG_QUERY | FLAG_OP_QUERY | FLAG_RD)
447 pcg 1.5 #define DEFAULT_SERVER_FLAGS (FLAG_RESPONSE | FLAG_OP_QUERY | FLAG_AA | FLAG_RD | FLAG_RA)
448 pcg 1.2
449 pcg 1.10 struct dns_cfg
450     {
451     static int next_uid;
452    
453 root 1.51 u8 chksum;
454     u8 rrtype;
455     u16 uid; // to make request unique
456 pcg 1.24
457 pcg 1.10 u8 version;
458 pcg 1.24 u8 flags;
459 root 1.51 u16 max_size;
460    
461     u8 id1, id2, id3, id4;
462 pcg 1.24
463 pcg 1.10 u16 client;
464 root 1.51 u8 def_ttl;
465     u8 r0;
466 pcg 1.10
467 root 1.51 u8 syn_cdc; // cdc en/decoder for syn (A?) requests
468     u8 hdr_cdc; // cdc en/decoder for regular request headers
469     u8 req_cdc; // cdc en/decoder for regular (ANY?) request data
470     u8 rep_cdc; // cdc en/decoder for regular (TXT) replies, 0 == 8 bit encoding
471 pcg 1.24
472 root 1.51 u8 r1, r2, r3, r4;
473 pcg 1.10
474     void reset (int clientid);
475     bool valid ();
476 root 1.51 u8 get_chksum ();
477 pcg 1.10 };
478    
479     int dns_cfg::next_uid;
480    
481 root 1.49 void
482     dns_cfg::reset (int clientid)
483 pcg 1.10 {
484 root 1.51 // this ID must result in some mixed-case characters in cdc26-encoding
485 pcg 1.10 id1 = 'G';
486     id2 = 'V';
487     id3 = 'P';
488     id4 = 'E';
489    
490 root 1.51 version = 2;
491 pcg 1.10
492     rrtype = RR_TYPE_TXT;
493     flags = 0;
494 pcg 1.24 def_ttl = 0;
495 root 1.51 syn_cdc = 26;
496     hdr_cdc = 36;
497     req_cdc = conf.dns_case_preserving ? 62 : 36;
498 pcg 1.24 rep_cdc = 0;
499 pcg 1.27 max_size = htons (MAX_PKT_SIZE);
500     client = htons (clientid);
501 root 1.51 uid = ++next_uid;
502    
503     r0 = r1 = r2 = r3 = r4 = 0;
504 pcg 1.10
505 root 1.51 chksum = get_chksum ();
506     }
507    
508     // simple but not trivial chksum
509     u8
510     dns_cfg::get_chksum ()
511     {
512     unsigned int sum = 0xff00; // only 16 bits required
513    
514     u8 old_chksum = chksum;
515     chksum = 0;
516    
517     for (unsigned int i = 0; i < sizeof (*this); ++i)
518     sum += ((u8 *)this)[i] * (i + 1);
519    
520     chksum = old_chksum;
521    
522     return sum + (sum >> 8);
523 pcg 1.10 }
524    
525 root 1.49 bool
526     dns_cfg::valid ()
527 pcg 1.10 {
528 pcg 1.40 // although the protocol itself allows for some configurability,
529     // only the following encoding/decoding settings are implemented.
530 pcg 1.10 return id1 == 'G'
531     && id2 == 'V'
532     && id3 == 'P'
533     && id4 == 'E'
534 root 1.51 && version == 2
535     && syn_cdc == 26
536     && hdr_cdc == 36
537     && (req_cdc == 36 || req_cdc == 62)
538 pcg 1.24 && rep_cdc == 0
539 root 1.51 && chksum == get_chksum ();
540 pcg 1.10 }
541    
542 pcg 1.2 struct dns_packet : net_packet
543     {
544     u16 id;
545     u16 flags; // QR:1 Opcode:4 AA:1 TC:1 RD:1 RA:1 Z:3 RCODE:4
546     u16 qdcount, ancount, nscount, arcount;
547    
548 pcg 1.24 u8 data [MAXSIZE - 6 * 2];
549 pcg 1.2
550     int decode_label (char *data, int size, int &offs);
551     };
552    
553 root 1.49 int
554     dns_packet::decode_label (char *data, int size, int &offs)
555 pcg 1.2 {
556     char *orig = data;
557    
558     memset (data, 0, size);
559    
560     while (offs < size - 1)
561     {
562     u8 len = (*this)[offs++];
563    
564     if (!len)
565     break;
566     else if (len < 64)
567     {
568     if (size < len + 1 || offs + len >= MAXSIZE - 1)
569     break;
570    
571     memcpy (data, &((*this)[offs]), len);
572    
573     data += len; size -= len; offs += len;
574     *data++ = '.'; size--;
575     }
576     else
577     {
578     int offs2 = ((len & 63) << 8) + (*this)[offs++];
579    
580     data += decode_label (data, size, offs2);
581     break;
582     }
583     }
584    
585     return data - orig;
586     }
587    
588 pcg 1.3 /////////////////////////////////////////////////////////////////////////////
589    
590 root 1.49 static
591     u16 next_id ()
592     {
593     static u16 dns_id = 0; // TODO: should be per-vpn
594 pcg 1.18
595     if (!dns_id)
596     dns_id = time (0);
597    
598     // the simplest lsfr with periodicity 65535 i could find
599     dns_id = (dns_id << 1)
600     | (((dns_id >> 1)
601     ^ (dns_id >> 2)
602     ^ (dns_id >> 4)
603     ^ (dns_id >> 15)) & 1);
604    
605     return dns_id;
606     }
607    
608     struct dns_rcv;
609     struct dns_snd;
610    
611     struct dns_connection
612     {
613     connection *c;
614     struct vpn *vpn;
615    
616     dns_cfg cfg;
617    
618     bool established;
619 root 1.51 const basecoder *cdc;
620 pcg 1.18
621     tstamp last_received;
622     tstamp last_sent;
623 pcg 1.25 double min_latency;
624 pcg 1.18 double poll_interval, send_interval;
625    
626     vector<dns_rcv *> rcvpq;
627    
628 pcg 1.31 byte_stream rcvdq; int rcvseq; int repseq;
629 pcg 1.18 byte_stream snddq; int sndseq;
630    
631 pcg 1.46 inline void time_cb (ev::timer &w, int revents); ev::timer tw;
632 pcg 1.18 void receive_rep (dns_rcv *r);
633    
634 root 1.51 void reset (); // quite like tcp RST
635     void set_cfg (); // to be called after any cfg changes
636    
637 pcg 1.18 dns_connection (connection *c);
638     ~dns_connection ();
639     };
640    
641 pcg 1.10 struct dns_snd
642 pcg 1.3 {
643     dns_packet *pkt;
644 pcg 1.10 tstamp timeout, sent;
645 pcg 1.3 int retry;
646 pcg 1.9 struct dns_connection *dns;
647 pcg 1.5 int seqno;
648 pcg 1.17 bool stdhdr;
649 pcg 1.3
650 pcg 1.9 void gen_stream_req (int seqno, byte_stream &stream);
651 pcg 1.18 void gen_syn_req ();
652 pcg 1.11
653     dns_snd (dns_connection *dns);
654     ~dns_snd ();
655 pcg 1.3 };
656    
657 pcg 1.10 dns_snd::dns_snd (dns_connection *dns)
658 pcg 1.9 : dns (dns)
659 pcg 1.3 {
660 pcg 1.10 timeout = 0;
661 pcg 1.3 retry = 0;
662 pcg 1.10 seqno = 0;
663 pcg 1.43 sent = ev_now ();
664 pcg 1.17 stdhdr = false;
665 pcg 1.3
666     pkt = new dns_packet;
667    
668 pcg 1.5 pkt->id = next_id ();
669     }
670    
671 pcg 1.11 dns_snd::~dns_snd ()
672     {
673     delete pkt;
674     }
675    
676 root 1.49 static void
677     append_domain (dns_packet &pkt, int &offs, const char *domain)
678 pcg 1.10 {
679     // add tunnel domain
680     for (;;)
681     {
682     const char *end = strchr (domain, '.');
683    
684     if (!end)
685     end = domain + strlen (domain);
686    
687     int len = end - domain;
688    
689     pkt [offs++] = len;
690     memcpy (pkt.at (offs), domain, len);
691     offs += len;
692    
693     if (!*end)
694     break;
695    
696     domain = end + 1;
697     }
698     }
699    
700 root 1.49 void
701     dns_snd::gen_stream_req (int seqno, byte_stream &stream)
702 pcg 1.5 {
703 pcg 1.17 stdhdr = true;
704 pcg 1.5 this->seqno = seqno;
705    
706 pcg 1.43 timeout = ev_now () + INITIAL_TIMEOUT;
707 pcg 1.10
708 pcg 1.5 pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
709 pcg 1.4 pkt->qdcount = htons (1);
710 pcg 1.3
711 pcg 1.4 int offs = 6*2;
712 pcg 1.19 int dlen = MAX_DOMAIN_SIZE - (strlen (dns->c->conf->domain) + 2);
713 pcg 1.5 // MAX_DOMAIN_SIZE is technically 255, but bind doesn't compress responses well,
714     // so we need to have space for 2*MAX_DOMAIN_SIZE + header + extra
715    
716 pcg 1.8 char enc[256], *encp = enc;
717     encode_header (enc, THISNODE->id, seqno);
718 pcg 1.4
719 root 1.51 int datalen = dns->cdc->decode_len (dlen - (dlen + MAX_LBL_SIZE - 1) / MAX_LBL_SIZE - HDRSIZE);
720 pcg 1.4
721 pcg 1.9 if (datalen > stream.size ())
722     datalen = stream.size ();
723 pcg 1.8
724 root 1.51 int enclen = dns->cdc->encode (enc + HDRSIZE, stream.begin (), datalen) + HDRSIZE;
725 pcg 1.9 stream.remove (datalen);
726 pcg 1.4
727 pcg 1.5 while (enclen)
728     {
729     int lbllen = enclen < MAX_LBL_SIZE ? enclen : MAX_LBL_SIZE;
730    
731     (*pkt)[offs++] = lbllen;
732     memcpy (pkt->at (offs), encp, lbllen);
733 pcg 1.4
734 pcg 1.5 offs += lbllen;
735     encp += lbllen;
736 pcg 1.4
737 pcg 1.5 enclen -= lbllen;
738 pcg 1.4 }
739    
740 pcg 1.19 append_domain (*pkt, offs, dns->c->conf->domain);
741 pcg 1.3
742 pcg 1.10 (*pkt)[offs++] = 0;
743     (*pkt)[offs++] = RR_TYPE_ANY >> 8; (*pkt)[offs++] = RR_TYPE_ANY;
744     (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN;
745    
746     pkt->len = offs;
747     }
748    
749 root 1.49 void
750     dns_snd::gen_syn_req ()
751 pcg 1.10 {
752 pcg 1.43 timeout = ev_now () + INITIAL_SYN_TIMEOUT;
753 pcg 1.4
754 pcg 1.10 pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
755     pkt->qdcount = htons (1);
756 pcg 1.4
757 pcg 1.18 int offs = 6 * 2;
758 pcg 1.4
759 pcg 1.18 int elen = cdc26.encode ((char *)pkt->at (offs + 1), (u8 *)&dns->cfg, sizeof (dns_cfg));
760 pcg 1.4
761 pcg 1.10 assert (elen <= MAX_LBL_SIZE);
762 pcg 1.4
763 pcg 1.10 (*pkt)[offs] = elen;
764     offs += elen + 1;
765 pcg 1.19 append_domain (*pkt, offs, dns->c->conf->domain);
766 pcg 1.4
767     (*pkt)[offs++] = 0;
768 pcg 1.10 (*pkt)[offs++] = RR_TYPE_A >> 8; (*pkt)[offs++] = RR_TYPE_A;
769 pcg 1.4 (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN;
770    
771     pkt->len = offs;
772 pcg 1.5 }
773    
774     struct dns_rcv
775     {
776     int seqno;
777     dns_packet *pkt; // reply packet
778     u8 data [MAXSIZE]; // actually part of the reply packet...
779     int datalen;
780    
781 pcg 1.6 dns_rcv (int seqno, u8 *data, int datalen);
782 pcg 1.5 ~dns_rcv ();
783     };
784    
785 pcg 1.6 dns_rcv::dns_rcv (int seqno, u8 *data, int datalen)
786 pcg 1.5 : seqno (seqno), pkt (new dns_packet), datalen (datalen)
787     {
788     memcpy (this->data, data, datalen);
789     }
790 pcg 1.4
791 pcg 1.5 dns_rcv::~dns_rcv ()
792     {
793     delete pkt;
794 pcg 1.3 }
795    
796     /////////////////////////////////////////////////////////////////////////////
797 pcg 1.9
798     dns_connection::dns_connection (connection *c)
799     : c (c)
800     , rcvdq (MAX_BACKLOG * 2)
801 pcg 1.31 , snddq (MAX_BACKLOG)
802 pcg 1.9 {
803 pcg 1.45 tw.set<dns_connection, &dns_connection::time_cb> (this);
804    
805 pcg 1.9 vpn = c->vpn;
806    
807 root 1.51 reset ();
808     }
809    
810     dns_connection::~dns_connection ()
811     {
812     reset ();
813     }
814    
815     void
816     dns_connection::reset ()
817     {
818     while (!rcvpq.empty ())
819     {
820     delete rcvpq.back ();
821     rcvpq.pop_back ();
822     }
823    
824     for (int i = vpn->dns_sndpq.size (); i--; )
825     if (vpn->dns_sndpq [i]->dns == this)
826     {
827     vpn->dns_sndpq [i] = vpn->dns_sndpq.back ();
828     vpn->dns_sndpq.pop_back ();
829     }
830    
831 pcg 1.10 established = false;
832    
833 pcg 1.31 rcvseq = repseq = sndseq = 0;
834 pcg 1.10
835 root 1.52 last_sent = 0;
836 pcg 1.30 poll_interval = 0.5; // starting here
837 pcg 1.17 send_interval = 0.5; // starting rate
838 pcg 1.25 min_latency = INITIAL_TIMEOUT;
839 pcg 1.9 }
840    
841 root 1.51 void
842     dns_connection::set_cfg ()
843 pcg 1.9 {
844 root 1.51 cdc = cfg.req_cdc == 36 ? &cdc36 : &cdc62;
845 pcg 1.9 }
846 pcg 1.3
847 root 1.49 void
848     dns_connection::receive_rep (dns_rcv *r)
849 pcg 1.2 {
850 pcg 1.10 if (r->datalen)
851 root 1.52 poll_interval = max (poll_interval * (1. / 1.2), MIN_POLL_INTERVAL);
852 pcg 1.10 else
853 root 1.52 poll_interval = min (poll_interval * 1.1, MAX_POLL_INTERVAL);
854 pcg 1.2
855 pcg 1.9 rcvpq.push_back (r);
856 pcg 1.5
857     redo:
858    
859 pcg 1.8 // find next packet
860 pcg 1.9 for (vector<dns_rcv *>::iterator i = rcvpq.end (); i-- != rcvpq.begin (); )
861     if (SEQNO_EQ (rcvseq, (*i)->seqno))
862 pcg 1.5 {
863 pcg 1.41 //printf ("seqno eq %x %x\n", rcvseq, (*i)->seqno);//D
864 pcg 1.8 // enter the packet into our input stream
865     r = *i;
866    
867     // remove the oldest packet, look forward, as it's oldest first
868 pcg 1.9 for (vector<dns_rcv *>::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j)
869     if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW))
870 pcg 1.8 {
871 pcg 1.41 //printf ("seqno RR %x %x\n", (*j)->seqno, rcvseq - MAX_WINDOW);//D
872 pcg 1.8 delete *j;
873 pcg 1.9 rcvpq.erase (j);
874 pcg 1.8 break;
875     }
876 pcg 1.5
877 pcg 1.9 rcvseq = (rcvseq + 1) & SEQNO_MASK;
878 pcg 1.5
879 pcg 1.9 if (!rcvdq.put (r->data, r->datalen))
880 pcg 1.17 {
881 root 1.50 // MUST never overflow, can be caused by data corruption, TODO
882     slog (L_CRIT, "DNS: !rcvdq.put (r->data, r->datalen)");
883 root 1.51 reset ();
884 root 1.50 return;
885 pcg 1.17 }
886 pcg 1.5
887 pcg 1.9 while (vpn_packet *pkt = rcvdq.get ())
888 pcg 1.5 {
889     sockinfo si;
890 pcg 1.33 si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4;
891 pcg 1.5
892     vpn->recv_vpn_packet (pkt, si);
893 pcg 1.11 delete pkt;
894 pcg 1.5 }
895 pcg 1.8
896     // check for further packets
897 pcg 1.5 goto redo;
898     }
899     }
900    
901 pcg 1.10 void
902     vpn::dnsv4_server (dns_packet &pkt)
903 pcg 1.2 {
904 pcg 1.10 u16 flags = ntohs (pkt.flags);
905 pcg 1.2
906 pcg 1.4 int offs = 6 * 2; // skip header
907 pcg 1.2
908 pcg 1.10 pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR);
909 pcg 1.2
910 pcg 1.10 if (0 == (flags & (FLAG_RESPONSE | FLAG_OP_MASK))
911     && pkt.qdcount == htons (1))
912 pcg 1.4 {
913 pcg 1.24 char qname [MAXSIZE];
914 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
915 pcg 1.4
916 pcg 1.10 u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++];
917     u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++];
918 pcg 1.2
919 pcg 1.10 pkt.qdcount = htons (1);
920     pkt.ancount = 0;
921     pkt.nscount = 0; // should be self, as other nameservers reply like this
922     pkt.arcount = 0; // a record for self, as other nameservers reply like this
923 pcg 1.2
924 pcg 1.16 pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_SERVFAIL);
925 pcg 1.2
926 pcg 1.4 int dlen = strlen (THISNODE->domain);
927 pcg 1.2
928 pcg 1.4 if (qclass == RR_CLASS_IN
929 pcg 1.10 && qlen > dlen + 1
930 pcg 1.24 && !memcmp (qname + qlen - (dlen + 1), THISNODE->domain, dlen))
931 pcg 1.2 {
932 pcg 1.10 // now generate reply
933     pkt.ancount = htons (1); // one answer RR
934     pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_OK);
935    
936     if ((qtype == RR_TYPE_ANY
937     || qtype == RR_TYPE_TXT
938     || qtype == RR_TYPE_NULL)
939     && qlen > dlen + 1 + HDRSIZE)
940 pcg 1.5 {
941 pcg 1.10 // correct class, domain: parse
942     int client, seqno;
943     decode_header (qname, client, seqno);
944 pcg 1.5
945 pcg 1.10 if (0 < client && client <= conns.size ())
946     {
947     connection *c = conns [client - 1];
948     dns_connection *dns = c->dns;
949     dns_rcv *rcv;
950    
951     if (dns)
952     {
953 root 1.51 u8 data[MAXSIZE];
954     int datalen = dns->cdc->decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE));
955    
956 pcg 1.10 for (vector<dns_rcv *>::iterator i = dns->rcvpq.end (); i-- != dns->rcvpq.begin (); )
957     if (SEQNO_EQ ((*i)->seqno, seqno))
958     {
959     // already seen that request: simply reply with the cached reply
960     dns_rcv *r = *i;
961    
962 pcg 1.17 slog (L_DEBUG, "DNS: duplicate packet received ID %d, SEQ %d", htons (r->pkt->id), seqno);
963    
964     // refresh header & id, as the retry count could have changed
965     memcpy (r->pkt->at (6 * 2 + 1), pkt.at (6 * 2 + 1), HDRSIZE);
966     r->pkt->id = pkt.id;
967 pcg 1.10
968     memcpy (pkt.at (0), r->pkt->at (0), offs = r->pkt->len);
969 pcg 1.17
970 pcg 1.10 goto duplicate_request;
971     }
972    
973     // new packet, queue
974     rcv = new dns_rcv (seqno, data, datalen);
975     dns->receive_rep (rcv);
976     }
977    
978 pcg 1.21 {
979     pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section
980    
981     int rtype = dns ? dns->cfg.rrtype : RR_TYPE_A;
982     pkt [offs++] = rtype >> 8; pkt [offs++] = rtype; // type
983     pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class
984     pkt [offs++] = 0; pkt [offs++] = 0;
985     pkt [offs++] = 0; pkt [offs++] = dns ? dns->cfg.def_ttl : 0; // TTL
986    
987     int rdlen_offs = offs += 2;
988 pcg 1.10
989 pcg 1.21 if (dns)
990     {
991 pcg 1.27 int dlen = ntohs (dns->cfg.max_size) - offs;
992    
993     // bind doesn't compress well, so reduce further by one label length
994     dlen -= qlen;
995    
996 pcg 1.21 // only put data into in-order sequence packets, if
997     // we receive out-of-order packets we generate empty
998     // replies
999 pcg 1.31 //printf ("%d - %d & %x (=%d) < %d\n", seqno, dns->repseq, SEQNO_MASK, (seqno - dns->repseq) & SEQNO_MASK, MAX_WINDOW);//D
1000     if (((seqno - dns->repseq) & SEQNO_MASK) <= MAX_WINDOW)
1001 pcg 1.21 {
1002 pcg 1.31 dns->repseq = seqno;
1003 pcg 1.10
1004 pcg 1.31 while (dlen > 1 && !dns->snddq.empty ())
1005     {
1006     int txtlen = dlen <= 255 ? dlen - 1 : 255;
1007    
1008     if (txtlen > dns->snddq.size ())
1009     txtlen = dns->snddq.size ();
1010    
1011     pkt[offs++] = txtlen;
1012     memcpy (pkt.at (offs), dns->snddq.begin (), txtlen);
1013     offs += txtlen;
1014     dns->snddq.remove (txtlen);
1015 pcg 1.10
1016 pcg 1.31 dlen -= txtlen + 1;
1017     }
1018 pcg 1.21 }
1019    
1020 pcg 1.31 // avoid completely empty TXT rdata
1021 pcg 1.21 if (offs == rdlen_offs)
1022     pkt[offs++] = 0;
1023 pcg 1.15
1024 pcg 1.21 slog (L_NOISE, "DNS: snddq %d", dns->snddq.size ());
1025     }
1026     else
1027     {
1028     // send RST
1029     pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3;
1030     pkt [offs++] = CMD_IP_RST;
1031     }
1032 pcg 1.10
1033 pcg 1.21 int rdlen = offs - rdlen_offs;
1034 pcg 1.10
1035 pcg 1.21 pkt [rdlen_offs - 2] = rdlen >> 8;
1036     pkt [rdlen_offs - 1] = rdlen;
1037 pcg 1.10
1038 pcg 1.21 if (dns)
1039     {
1040     // now update dns_rcv copy
1041     rcv->pkt->len = offs;
1042     memcpy (rcv->pkt->at (0), pkt.at (0), offs);
1043     }
1044     }
1045 pcg 1.9
1046 pcg 1.10 duplicate_request: ;
1047     }
1048     else
1049     pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR);
1050     }
1051     else if (qtype == RR_TYPE_A
1052     && qlen > dlen + 1 + cdc26.encode_len (sizeof (dns_cfg)))
1053     {
1054     dns_cfg cfg;
1055     cdc26.decode ((u8 *)&cfg, qname, cdc26.encode_len (sizeof (dns_cfg)));
1056     int client = ntohs (cfg.client);
1057 pcg 1.4
1058 pcg 1.10 pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section
1059 pcg 1.2
1060 pcg 1.10 pkt [offs++] = RR_TYPE_A >> 8; pkt [offs++] = RR_TYPE_A; // type
1061     pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class
1062     pkt [offs++] = 0; pkt [offs++] = 0;
1063     pkt [offs++] = 0; pkt [offs++] = cfg.def_ttl; // TTL
1064     pkt [offs++] = 0; pkt [offs++] = 4; // rdlength
1065 pcg 1.2
1066 pcg 1.10 pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3;
1067     pkt [offs++] = CMD_IP_REJ;
1068 pcg 1.2
1069 pcg 1.10 if (0 < client && client <= conns.size ())
1070 pcg 1.5 {
1071 pcg 1.10 connection *c = conns [client - 1];
1072 pcg 1.2
1073 pcg 1.10 if (cfg.valid ())
1074     {
1075 root 1.51 slog (L_INFO, _("DNS: client %d connects (version %d, req_cdc %d)"), client, cfg.version, cfg.req_cdc);
1076    
1077     // check for any encoding mismatches - hints at a case problem
1078     char qname2 [MAX_ENC_LEN];
1079     cdc26.encode (qname2, (u8 *)&cfg, sizeof (dns_cfg));
1080 pcg 1.10
1081     delete c->dns;
1082 root 1.51
1083     pkt [offs - 1] = memcmp (qname, qname2, cdc26.encode_len (sizeof (dns_cfg)))
1084     ? CMD_IP_CSE : CMD_IP_SYN;
1085    
1086 pcg 1.10 c->dns = new dns_connection (c);
1087     c->dns->cfg = cfg;
1088 root 1.51 c->dns->set_cfg ();
1089 pcg 1.10 }
1090 pcg 1.5 }
1091     }
1092 pcg 1.2 }
1093 pcg 1.6
1094 pcg 1.10 pkt.len = offs;
1095 pcg 1.4 }
1096     }
1097    
1098     void
1099 pcg 1.10 vpn::dnsv4_client (dns_packet &pkt)
1100 pcg 1.4 {
1101 pcg 1.10 u16 flags = ntohs (pkt.flags);
1102 pcg 1.4 int offs = 6 * 2; // skip header
1103    
1104 pcg 1.10 pkt.qdcount = ntohs (pkt.qdcount);
1105     pkt.ancount = ntohs (pkt.ancount);
1106 pcg 1.4
1107 pcg 1.5 // go through our request list and find the corresponding request
1108 pcg 1.10 for (vector<dns_snd *>::iterator i = dns_sndpq.begin ();
1109 pcg 1.4 i != dns_sndpq.end ();
1110     ++i)
1111 pcg 1.10 if ((*i)->pkt->id == pkt.id)
1112 pcg 1.4 {
1113 pcg 1.9 dns_connection *dns = (*i)->dns;
1114 pcg 1.12 connection *c = dns->c;
1115 pcg 1.5 int seqno = (*i)->seqno;
1116     u8 data[MAXSIZE], *datap = data;
1117 pcg 1.41 //printf ("rcv pkt %x\n", seqno);//D
1118 pcg 1.5
1119 root 1.52 if ((*i)->retry)
1120 pcg 1.10 {
1121 pcg 1.17 dns->send_interval *= 1.01;
1122 pcg 1.12 if (dns->send_interval > MAX_SEND_INTERVAL)
1123 pcg 1.10 dns->send_interval = MAX_SEND_INTERVAL;
1124     }
1125     else
1126     {
1127 pcg 1.26 #if 0
1128 pcg 1.17 dns->send_interval *= 0.999;
1129 pcg 1.12 #endif
1130 pcg 1.10 // the latency surely puts an upper bound on
1131     // the minimum send interval
1132 pcg 1.43 double latency = ev_now () - (*i)->sent;
1133 pcg 1.12
1134 pcg 1.25 if (latency < dns->min_latency)
1135     dns->min_latency = latency;
1136    
1137 pcg 1.37 if (dns->send_interval > dns->min_latency * conf.dns_overlap_factor)
1138     dns->send_interval = dns->min_latency * conf.dns_overlap_factor;
1139 pcg 1.27
1140 pcg 1.37 if (dns->send_interval < conf.dns_send_interval)
1141     dns->send_interval = conf.dns_send_interval;
1142 pcg 1.10 }
1143    
1144 pcg 1.4 delete *i;
1145     dns_sndpq.erase (i);
1146    
1147 pcg 1.10 if (flags & FLAG_RESPONSE && !(flags & FLAG_OP_MASK))
1148 pcg 1.4 {
1149     char qname[MAXSIZE];
1150    
1151 pcg 1.10 while (pkt.qdcount-- && offs < MAXSIZE - 4)
1152 pcg 1.4 {
1153 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
1154 pcg 1.4 offs += 4; // skip qtype, qclass
1155     }
1156    
1157 pcg 1.10 while (pkt.ancount-- && offs < MAXSIZE - 10 && datap)
1158 pcg 1.4 {
1159 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
1160    
1161     u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++];
1162     u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++];
1163     u32 ttl = pkt [offs++] << 24;
1164     ttl |= pkt [offs++] << 16;
1165     ttl |= pkt [offs++] << 8;
1166     ttl |= pkt [offs++];
1167     u16 rdlen = pkt [offs++] << 8; rdlen |= pkt [offs++];
1168 pcg 1.8
1169 root 1.51 if (qtype == RR_TYPE_NULL || qtype == RR_TYPE_TXT || qtype == dns->cfg.rrtype)
1170 pcg 1.10 {
1171     if (rdlen <= MAXSIZE - offs)
1172     {
1173     // decode bytes, finally
1174    
1175     while (rdlen)
1176     {
1177     int txtlen = pkt [offs++];
1178 pcg 1.4
1179 pcg 1.10 assert (txtlen + offs < MAXSIZE - 1);
1180 pcg 1.4
1181 pcg 1.10 memcpy (datap, pkt.at (offs), txtlen);
1182     datap += txtlen; offs += txtlen;
1183    
1184     rdlen -= txtlen + 1;
1185     }
1186     }
1187     }
1188     else if (qtype == RR_TYPE_A)
1189 pcg 1.5 {
1190 pcg 1.10 u8 ip [4];
1191 pcg 1.5
1192 pcg 1.10 ip [0] = pkt [offs++];
1193     ip [1] = pkt [offs++];
1194     ip [2] = pkt [offs++];
1195     ip [3] = pkt [offs++];
1196    
1197     if (ip [0] == CMD_IP_1
1198     && ip [1] == CMD_IP_2
1199     && ip [2] == CMD_IP_3)
1200 pcg 1.5 {
1201 pcg 1.17 slog (L_TRACE, _("DNS: got tunnel meta command %02x"), ip [3]);
1202 pcg 1.5
1203 pcg 1.10 if (ip [3] == CMD_IP_RST)
1204     {
1205 root 1.51 slog (L_DEBUG, _("DNS: got tunnel RST request."));
1206 pcg 1.10
1207 root 1.51 dns->reset ();
1208     return;
1209 pcg 1.10 }
1210     else if (ip [3] == CMD_IP_SYN)
1211 pcg 1.12 {
1212 pcg 1.17 slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us."));
1213 pcg 1.12 dns->established = true;
1214     }
1215 root 1.51 else if (ip [3] == CMD_IP_CSE)
1216     {
1217     if (conf.dns_case_preserving)
1218     {
1219     slog (L_INFO, _("DNS: got tunnel CSE reply, globally downgrading to case-insensitive protocol."));
1220     conf.dns_case_preserving = false;
1221     dns->reset ();
1222     return;
1223     }
1224     else
1225     {
1226     slog (L_DEBUG, _("DNS: got tunnel CSE reply, server likes us."));
1227     dns->established = true;
1228     }
1229     }
1230 pcg 1.12 else if (ip [3] == CMD_IP_REJ)
1231 root 1.51 {
1232     slog (L_ERR, _("DNS: got tunnel REJ reply, server does not like us."));
1233     dns->tw.start (60.);
1234     }
1235 pcg 1.10 else
1236 root 1.51 {
1237     slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]);
1238     dns->tw.start (60.);
1239     }
1240 pcg 1.10 }
1241     else
1242 pcg 1.17 slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"),
1243 pcg 1.10 ip [0], ip [1], ip [2], ip [3]);
1244 pcg 1.5
1245 pcg 1.10 return;
1246 pcg 1.9 }
1247 pcg 1.4
1248 pcg 1.9 int client, rseqno;
1249     decode_header (qname, client, rseqno);
1250    
1251     if (client != THISNODE->id)
1252     {
1253 pcg 1.17 slog (L_INFO, _("DNS: got dns tunnel response with wrong clientid, ignoring"));
1254 pcg 1.9 datap = 0;
1255     }
1256     else if (rseqno != seqno)
1257     {
1258 pcg 1.17 slog (L_DEBUG, _("DNS: got dns tunnel response with wrong seqno, badly caching nameserver?"));
1259 pcg 1.9 datap = 0;
1260 pcg 1.4 }
1261     }
1262     }
1263    
1264 pcg 1.6 // todo: pkt now used
1265 pcg 1.9 if (datap)
1266     dns->receive_rep (new dns_rcv (seqno, data, datap - data));
1267 pcg 1.5
1268 pcg 1.4 break;
1269     }
1270     }
1271    
1272     void
1273 pcg 1.42 vpn::dnsv4_ev (ev::io &w, int revents)
1274 pcg 1.4 {
1275 pcg 1.42 if (revents & EV_READ)
1276 pcg 1.4 {
1277     dns_packet *pkt = new dns_packet;
1278     struct sockaddr_in sa;
1279     socklen_t sa_len = sizeof (sa);
1280    
1281 pcg 1.10 pkt->len = recvfrom (w.fd, pkt->at (0), MAXSIZE, 0, (sockaddr *)&sa, &sa_len);
1282 pcg 1.4
1283     if (pkt->len > 0)
1284 pcg 1.5 {
1285 pcg 1.24 if (ntohs (pkt->flags) & FLAG_RESPONSE)
1286     dnsv4_client (*pkt);
1287     else
1288 pcg 1.5 {
1289 pcg 1.10 dnsv4_server (*pkt);
1290     sendto (w.fd, pkt->at (0), pkt->len, 0, (sockaddr *)&sa, sa_len);
1291 pcg 1.5 }
1292 pcg 1.10
1293     delete pkt;
1294 pcg 1.5 }
1295 pcg 1.1 }
1296     }
1297    
1298     bool
1299 pcg 1.18 vpn::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos)
1300 pcg 1.3 {
1301 pcg 1.33 int client = ntohl (si.host);
1302 pcg 1.18
1303     assert (0 < client && client <= conns.size ());
1304    
1305     connection *c = conns [client - 1];
1306    
1307     if (!c->dns)
1308     c->dns = new dns_connection (c);
1309 pcg 1.4
1310 pcg 1.31 if (c->dns->snddq.put (pkt))
1311 root 1.52 {
1312     min_it (c->dns->poll_interval, 0.25);
1313     c->dns->tw ();
1314     }
1315 pcg 1.3
1316 pcg 1.31 // always return true even if the buffer overflows
1317 pcg 1.3 return true;
1318     }
1319    
1320     void
1321 pcg 1.42 dns_connection::time_cb (ev::timer &w, int revents)
1322 pcg 1.1 {
1323 pcg 1.10 // servers have to be polled
1324     if (THISNODE->dns_port)
1325     return;
1326    
1327 pcg 1.3 // check for timeouts and (re)transmit
1328 root 1.52 tstamp next = 86400 * 365;
1329 pcg 1.10 dns_snd *send = 0;
1330 pcg 1.3
1331 pcg 1.10 for (vector<dns_snd *>::iterator i = vpn->dns_sndpq.begin ();
1332 pcg 1.4 i != vpn->dns_sndpq.end ();
1333 pcg 1.3 ++i)
1334     {
1335 pcg 1.10 dns_snd *r = *i;
1336 pcg 1.3
1337 pcg 1.43 if (r->timeout <= ev_now ())
1338 pcg 1.3 {
1339 pcg 1.4 if (!send)
1340     {
1341     send = r;
1342    
1343     r->retry++;
1344 root 1.52 r->timeout = ev_now () + r->retry * min_latency * conf.dns_timeout_factor;
1345 pcg 1.43 //printf ("RETRY %x (%d, %f)\n", r->seqno, r->retry, r->timeout - ev_now ());//D
1346 pcg 1.17
1347     // the following code changes the query section a bit, forcing
1348     // the forwarder to generate a new request
1349     if (r->stdhdr)
1350 pcg 1.41 encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry);
1351 pcg 1.4 }
1352 pcg 1.3 }
1353 pcg 1.11 else
1354 root 1.52 min_it (next, r->timeout - ev_now ());
1355 pcg 1.3 }
1356    
1357 pcg 1.28 if (!send)
1358 pcg 1.5 {
1359 pcg 1.29 // generate a new packet, if wise
1360    
1361     if (!established)
1362 pcg 1.10 {
1363 pcg 1.29 if (vpn->dns_sndpq.empty ())
1364 pcg 1.10 {
1365 pcg 1.29 send = new dns_snd (this);
1366 pcg 1.10
1367 pcg 1.29 cfg.reset (THISNODE->id);
1368 root 1.51 set_cfg ();
1369 pcg 1.29 send->gen_syn_req ();
1370 pcg 1.10 }
1371 pcg 1.29 }
1372 pcg 1.37 else if (vpn->dns_sndpq.size () < conf.dns_max_outstanding
1373 pcg 1.29 && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1)))
1374     {
1375 pcg 1.43 if (last_sent + send_interval <= ev_now ())
1376 pcg 1.10 {
1377 pcg 1.18 //printf ("sending data request etc.\n"); //D
1378 root 1.52 if (!snddq.empty ())
1379     min_it (next, send_interval);
1380 pcg 1.17
1381 pcg 1.10 send = new dns_snd (this);
1382     send->gen_stream_req (sndseq, snddq);
1383 pcg 1.43 send->timeout = ev_now () + min_latency * conf.dns_timeout_factor;
1384     //printf ("SEND %x (%f)\n", send->seqno, send->timeout - ev_now (), min_latency, conf.dns_timeout_factor);//D
1385 pcg 1.5
1386 pcg 1.10 sndseq = (sndseq + 1) & SEQNO_MASK;
1387     }
1388 pcg 1.29 else
1389 root 1.52 min_it (next, last_sent + send_interval - ev_now ());
1390 pcg 1.29 }
1391 pcg 1.4
1392 pcg 1.29 if (send)
1393     vpn->dns_sndpq.push_back (send);
1394 pcg 1.28 }
1395 pcg 1.4
1396 pcg 1.28 if (send)
1397     {
1398 pcg 1.43 last_sent = ev_now ();
1399 pcg 1.28 sendto (vpn->dnsv4_fd,
1400     send->pkt->at (0), send->pkt->len, 0,
1401     vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ());
1402 pcg 1.4 }
1403 pcg 1.10
1404 root 1.52 min_it (next, last_sent + max (poll_interval, send_interval) - ev_now ());
1405    
1406 pcg 1.27 slog (L_NOISE, "DNS: pi %f si %f N %f (%d:%d %d)",
1407 pcg 1.43 poll_interval, send_interval, next - ev_now (),
1408 pcg 1.27 vpn->dns_sndpq.size (), snddq.size (),
1409     rcvpq.size ());
1410 pcg 1.11
1411 root 1.52 w.start (next);
1412 pcg 1.1 }
1413    
1414     #endif
1415