ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/vpn_dns.C
Revision: 1.53
Committed: Tue Oct 18 10:54:17 2011 UTC (12 years, 7 months ago) by root
Content type: text/plain
Branch: MAIN
Changes since 1.52: +7 -1 lines
Log Message: 
*** empty log message ***

File Contents

# User Rev Content
1 pcg 1.1 /*
2     vpn_dns.C -- handle the dns tunnel part of the protocol.
3 root 1.51 Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de>
4 pcg 1.1
5 pcg 1.7 This file is part of GVPE.
6    
7 pcg 1.47 GVPE is free software; you can redistribute it and/or modify it
8     under the terms of the GNU General Public License as published by the
9     Free Software Foundation; either version 3 of the License, or (at your
10     option) any later version.
11    
12     This program is distributed in the hope that it will be useful, but
13     WITHOUT ANY WARRANTY; without even the implied warranty of
14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15     Public License for more details.
16    
17     You should have received a copy of the GNU General Public License along
18     with this program; if not, see <http://www.gnu.org/licenses/>.
19    
20     Additional permission under GNU GPL version 3 section 7
21    
22     If you modify this Program, or any covered work, by linking or
23     combining it with the OpenSSL project's OpenSSL library (or a modified
24     version of that library), containing parts covered by the terms of the
25     OpenSSL or SSLeay licenses, the licensors of this Program grant you
26     additional permission to convey the resulting work. Corresponding
27     Source for a non-source form of such a combination shall include the
28     source code for the parts of OpenSSL used as well as that of the
29     covered work.
30 pcg 1.1 */
31    
32 pcg 1.38 // TODO: EDNS0 option to increase dns mtu?
33     // TODO: re-write dns packet parsing/creation using a safe mem-buffer
34     // to ensure no buffer overflows or similar problems.
35    
36 pcg 1.1 #include "config.h"
37    
38     #if ENABLE_DNS
39    
40     // dns processing is EXTREMELY ugly. For obvious(?) reasons.
41     // it's a hack, use only in emergency situations please.
42    
43     #include <cstring>
44 pcg 1.20 #include <cassert>
45 pcg 1.1
46     #include <sys/types.h>
47     #include <sys/socket.h>
48     #include <sys/wait.h>
49     #include <sys/uio.h>
50     #include <errno.h>
51     #include <time.h>
52     #include <unistd.h>
53     #include <fcntl.h>
54    
55     #include <map>
56    
57 pcg 1.44 #include <cstdio> /* bug in libgmp: gmp.h relies on cstdio being included */
58 pcg 1.8 #include <gmp.h>
59    
60 pcg 1.1 #include "netcompat.h"
61    
62     #include "vpn.h"
63    
64 root 1.52 #define MIN_POLL_INTERVAL 0.025 // poll at most this often when no data received
65 root 1.51 #define MAX_POLL_INTERVAL 1. // how often to poll minimally when the server has no data
66 pcg 1.10
67 pcg 1.17 #define INITIAL_TIMEOUT 0.1 // retry timeouts
68 pcg 1.36 #define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn
69 pcg 1.10
70 root 1.52 #define MAX_SEND_INTERVAL 5. // optimistic?
71 pcg 1.1
72 pcg 1.17 #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING, and backlog
73 pcg 1.35 #define MAX_BACKLOG (64*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE
74 pcg 1.5
75 root 1.53 #define MAX_DOMAIN_SIZE 235 // 255 is legal limit, but bind doesn't compress well
76 pcg 1.5 // 240 leaves about 4 bytes of server reply data
77 pcg 1.33 // every request byte less give room for two reply bytes
78 pcg 1.5
79 pcg 1.32 #define SEQNO_MASK 0x3fff
80 pcg 1.8 #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) )
81 pcg 1.1
82 pcg 1.8 #define MAX_LBL_SIZE 63
83     #define MAX_PKT_SIZE 512
84 pcg 1.1
85 pcg 1.10 #define RR_TYPE_A 1
86     #define RR_TYPE_NULL 10
87     #define RR_TYPE_TXT 16
88 pcg 1.48 #define RR_TYPE_AAAA 28
89 pcg 1.8 #define RR_TYPE_ANY 255
90 pcg 1.10
91     #define RR_CLASS_IN 1
92    
93     #define CMD_IP_1 207
94     #define CMD_IP_2 46
95     #define CMD_IP_3 236
96 root 1.51
97     #define CMD_IP_RST 29 // some error, reset and retry
98     #define CMD_IP_REJ 32 // do not want you
99     #define CMD_IP_SYN 113 // connection established
100     #define CMD_IP_CSE 213 // connection established, but likely case mismatch
101    
102     static bool
103     is_uc (char c)
104     {
105     return 'A' <= c && c <= 'Z';
106     }
107    
108     static bool
109     is_lc (char c)
110     {
111     return 'a' <= c && c <= 'z';
112     }
113 pcg 1.1
114 pcg 1.8 // works for cmaps up to 255 (not 256!)
115     struct charmap
116     {
117     enum { INVALID = (u8)255 };
118 pcg 1.1
119 pcg 1.8 char encode [256]; // index => char
120     u8 decode [256]; // char => index
121     unsigned int size;
122 pcg 1.2
123 pcg 1.8 charmap (const char *cmap);
124     };
125    
126     charmap::charmap (const char *cmap)
127     {
128     char *enc = encode;
129     u8 *dec = decode;
130 pcg 1.2
131 pcg 1.8 memset (enc, (char) 0, 256);
132     memset (dec, (char)INVALID, 256);
133 pcg 1.1
134 pcg 1.8 for (size = 0; cmap [size]; size++)
135     {
136 root 1.50 char c = cmap [size];
137    
138     enc [size] = c;
139     dec [(u8)c] = size;
140    
141     // allow lowercase/uppercase aliases if possible
142 root 1.51 if (is_uc (c) && dec [c + ('a' - 'A')] == INVALID) dec [c + ('a' - 'A')] = size;
143     if (is_lc (c) && dec [c - ('a' - 'A')] == INVALID) dec [c - ('a' - 'A')] = size;
144 pcg 1.8 }
145 pcg 1.1
146 pcg 1.8 assert (size < 256);
147     }
148 pcg 1.2
149 pcg 1.8 #define MAX_DEC_LEN 500
150     #define MAX_ENC_LEN (MAX_DEC_LEN * 2)
151     #define MAX_LIMBS ((MAX_DEC_LEN * 8 + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
152 pcg 1.2
153 pcg 1.8 // ugly. minimum base is 16(!)
154     struct basecoder
155 pcg 1.2 {
156 pcg 1.8 charmap cmap;
157     unsigned int enc_len [MAX_DEC_LEN];
158     unsigned int dec_len [MAX_ENC_LEN];
159 pcg 1.2
160 root 1.51 unsigned int encode_len (unsigned int len) const;
161     unsigned int decode_len (unsigned int len) const;
162 pcg 1.8
163 root 1.51 unsigned int encode (char *dst, u8 *src, unsigned int len) const;
164     unsigned int decode (u8 *dst, char *src, unsigned int len) const;
165 pcg 1.8
166     basecoder (const char *cmap);
167     };
168    
169     basecoder::basecoder (const char *cmap)
170     : cmap (cmap)
171     {
172     for (unsigned int len = 0; len < MAX_DEC_LEN; ++len)
173     {
174     u8 src [MAX_DEC_LEN];
175     u8 dst [MAX_ENC_LEN];
176 pcg 1.2
177 pcg 1.8 memset (src, 255, len);
178 pcg 1.2
179 pcg 1.8 mp_limb_t m [MAX_LIMBS];
180     mp_size_t n;
181    
182     n = mpn_set_str (m, src, len, 256);
183     n = mpn_get_str (dst, this->cmap.size, m, n);
184    
185     for (int i = 0; !dst [i]; ++i)
186     n--;
187    
188     enc_len [len] = n;
189     dec_len [n] = len;
190     }
191     }
192    
193 root 1.49 unsigned int
194 root 1.51 basecoder::encode_len (unsigned int len) const
195 pcg 1.8 {
196     return enc_len [len];
197     }
198 pcg 1.2
199 root 1.49 unsigned int
200 root 1.51 basecoder::decode_len (unsigned int len) const
201 pcg 1.2 {
202 pcg 1.8 while (len && !dec_len [len])
203     --len;
204    
205     return dec_len [len];
206 pcg 1.2 }
207    
208 root 1.49 unsigned int
209 root 1.51 basecoder::encode (char *dst, u8 *src, unsigned int len) const
210 pcg 1.2 {
211 pcg 1.10 if (!len || len > MAX_DEC_LEN)
212 pcg 1.8 return 0;
213    
214     int elen = encode_len (len);
215    
216     mp_limb_t m [MAX_LIMBS];
217     mp_size_t n;
218    
219     u8 dst_ [MAX_ENC_LEN];
220    
221     n = mpn_set_str (m, src, len, 256);
222     n = mpn_get_str (dst_, cmap.size, m, n);
223    
224     int plen = elen; // for padding
225 pcg 1.2
226 pcg 1.8 while (n < plen)
227 pcg 1.2 {
228 pcg 1.8 *dst++ = cmap.encode [0];
229     plen--;
230 pcg 1.2 }
231    
232 pcg 1.8 for (unsigned int i = n - plen; i < n; ++i)
233     *dst++ = cmap.encode [dst_ [i]];
234 pcg 1.4
235 pcg 1.8 return elen;
236 pcg 1.2 }
237    
238 root 1.49 unsigned int
239 root 1.51 basecoder::decode (u8 *dst, char *src, unsigned int len) const
240 pcg 1.2 {
241 pcg 1.10 if (!len || len > MAX_ENC_LEN)
242 pcg 1.8 return 0;
243    
244     u8 src_ [MAX_ENC_LEN];
245     unsigned int elen = 0;
246 pcg 1.2
247     while (len--)
248     {
249 pcg 1.8 u8 val = cmap.decode [(u8)*src++];
250 pcg 1.2
251 pcg 1.8 if (val != charmap::INVALID)
252     src_ [elen++] = val;
253     }
254    
255     int dlen = decode_len (elen);
256    
257     mp_limb_t m [MAX_LIMBS];
258     mp_size_t n;
259    
260     u8 dst_ [MAX_DEC_LEN];
261 pcg 1.2
262 pcg 1.8 n = mpn_set_str (m, src_, elen, cmap.size);
263     n = mpn_get_str (dst_, 256, m, n);
264 pcg 1.2
265 pcg 1.8 if (n < dlen)
266     {
267     memset (dst, 0, dlen - n);
268     memcpy (dst + dlen - n, dst_, n);
269 pcg 1.2 }
270 pcg 1.8 else
271     memcpy (dst, dst_ + n - dlen, dlen);
272 pcg 1.4
273 pcg 1.8 return dlen;
274     }
275    
276     #if 0
277     struct test { test (); } test;
278    
279     test::test ()
280     {
281     basecoder cdc ("0123456789abcdefghijklmnopqrstuvwxyz");
282    
283     u8 in[] = "0123456789abcdefghijklmnopqrstuvwxyz";
284     static char enc[200];
285     static u8 dec[200];
286    
287     for (int i = 1; i < 20; i++)
288     {
289     int elen = cdc.encode (enc, in, i);
290     int dlen = cdc.decode (dec, enc, elen);
291    
292     printf ("%d>%d>%d (%s>%s)\n", i, elen, dlen, enc, dec);
293     }
294     abort ();
295     }
296     #endif
297    
298 root 1.51 static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); // a-zA-Z0-9
299     static basecoder cdc36 ("dPhZr06QmJkB34tSvL81xAeF92wGyO57uCnI"); // a-z0-9 for case-changers
300     static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyOuCnI"); // a-z
301 pcg 1.8
302     /////////////////////////////////////////////////////////////////////////////
303    
304 root 1.51 #define HDRSIZE 5
305 pcg 1.24
306 root 1.49 inline void
307     encode_header (char *data, int clientid, int seqno, int retry = 0)
308 pcg 1.8 {
309 root 1.51 assert (clientid < 256);
310    
311 pcg 1.17 seqno &= SEQNO_MASK;
312    
313     u8 hdr[3] = {
314 root 1.51 seqno,
315     (seqno >> 8) | (retry << 6),
316 pcg 1.17 clientid,
317     };
318 pcg 1.8
319 root 1.51 cdc36.encode (data, hdr, 3);
320 pcg 1.8 }
321    
322 root 1.49 inline void
323     decode_header (char *data, int &clientid, int &seqno)
324 pcg 1.8 {
325     u8 hdr[3];
326    
327 root 1.51 cdc36.decode (hdr, data, HDRSIZE);
328 pcg 1.8
329 root 1.51 clientid = hdr[2];
330     seqno = ((hdr[1] << 8) | hdr[0]) & SEQNO_MASK;
331 pcg 1.4 }
332    
333     /////////////////////////////////////////////////////////////////////////////
334    
335     struct byte_stream
336     {
337     u8 *data;
338     int maxsize;
339     int fill;
340    
341     byte_stream (int maxsize);
342     ~byte_stream ();
343    
344     bool empty () { return !fill; }
345     int size () { return fill; }
346    
347 pcg 1.5 bool put (u8 *data, unsigned int datalen);
348 pcg 1.4 bool put (vpn_packet *pkt);
349     vpn_packet *get ();
350    
351     u8 *begin () { return data; }
352     void remove (int count);
353     };
354    
355     byte_stream::byte_stream (int maxsize)
356     : maxsize (maxsize), fill (0)
357     {
358     data = new u8 [maxsize];
359     }
360    
361     byte_stream::~byte_stream ()
362     {
363     delete data;
364     }
365    
366 root 1.49 void
367     byte_stream::remove (int count)
368 pcg 1.4 {
369     if (count > fill)
370 pcg 1.17 assert (count <= fill);
371 pcg 1.4
372     memmove (data, data + count, fill -= count);
373     }
374    
375 root 1.49 bool
376     byte_stream::put (u8 *data, unsigned int datalen)
377 pcg 1.5 {
378     if (maxsize - fill < datalen)
379     return false;
380    
381     memcpy (this->data + fill, data, datalen); fill += datalen;
382    
383     return true;
384     }
385    
386 root 1.49 bool
387     byte_stream::put (vpn_packet *pkt)
388 pcg 1.4 {
389     if (maxsize - fill < pkt->len + 2)
390     return false;
391    
392     data [fill++] = pkt->len >> 8;
393     data [fill++] = pkt->len;
394    
395 pcg 1.10 memcpy (data + fill, pkt->at (0), pkt->len); fill += pkt->len;
396 pcg 1.4
397     return true;
398     }
399    
400     vpn_packet *byte_stream::get ()
401     {
402 pcg 1.18 unsigned int len;
403    
404     for (;;)
405     {
406     len = (data [0] << 8) | data [1];
407 pcg 1.4
408 pcg 1.18 if (len <= MAXSIZE || fill < 2)
409     break;
410 pcg 1.5
411 pcg 1.18 // TODO: handle this better than skipping, e.g. by reset
412     slog (L_DEBUG, _("DNS: corrupted packet stream skipping a byte..."));
413     remove (1);
414     }
415    
416 pcg 1.4 if (fill < len + 2)
417     return 0;
418    
419     vpn_packet *pkt = new vpn_packet;
420 pcg 1.5
421     pkt->len = len;
422 pcg 1.10 memcpy (pkt->at (0), data + 2, len);
423 pcg 1.4 remove (len + 2);
424    
425     return pkt;
426 pcg 1.2 }
427    
428 pcg 1.3 /////////////////////////////////////////////////////////////////////////////
429    
430 pcg 1.2 #define FLAG_QUERY ( 0 << 15)
431     #define FLAG_RESPONSE ( 1 << 15)
432 pcg 1.9 #define FLAG_OP_MASK (15 << 11)
433 pcg 1.2 #define FLAG_OP_QUERY ( 0 << 11)
434     #define FLAG_AA ( 1 << 10)
435     #define FLAG_TC ( 1 << 9)
436     #define FLAG_RD ( 1 << 8)
437     #define FLAG_RA ( 1 << 7)
438 pcg 1.5 #define FLAG_AUTH ( 1 << 5)
439 pcg 1.2 #define FLAG_RCODE_MASK (15 << 0)
440     #define FLAG_RCODE_OK ( 0 << 0)
441     #define FLAG_RCODE_FORMERR ( 1 << 0)
442     #define FLAG_RCODE_SERVFAIL ( 2 << 0)
443     #define FLAG_RCODE_NXDOMAIN ( 3 << 0)
444     #define FLAG_RCODE_REFUSED ( 5 << 0)
445    
446     #define DEFAULT_CLIENT_FLAGS (FLAG_QUERY | FLAG_OP_QUERY | FLAG_RD)
447 pcg 1.5 #define DEFAULT_SERVER_FLAGS (FLAG_RESPONSE | FLAG_OP_QUERY | FLAG_AA | FLAG_RD | FLAG_RA)
448 pcg 1.2
449 pcg 1.10 struct dns_cfg
450     {
451     static int next_uid;
452    
453 root 1.51 u8 chksum;
454     u8 rrtype;
455     u16 uid; // to make request unique
456 pcg 1.24
457 pcg 1.10 u8 version;
458 pcg 1.24 u8 flags;
459 root 1.51 u16 max_size;
460    
461     u8 id1, id2, id3, id4;
462 pcg 1.24
463 pcg 1.10 u16 client;
464 root 1.51 u8 def_ttl;
465     u8 r0;
466 pcg 1.10
467 root 1.51 u8 syn_cdc; // cdc en/decoder for syn (A?) requests
468     u8 hdr_cdc; // cdc en/decoder for regular request headers
469     u8 req_cdc; // cdc en/decoder for regular (ANY?) request data
470     u8 rep_cdc; // cdc en/decoder for regular (TXT) replies, 0 == 8 bit encoding
471 pcg 1.24
472 root 1.51 u8 r1, r2, r3, r4;
473 pcg 1.10
474     void reset (int clientid);
475     bool valid ();
476 root 1.51 u8 get_chksum ();
477 pcg 1.10 };
478    
479     int dns_cfg::next_uid;
480    
481 root 1.49 void
482     dns_cfg::reset (int clientid)
483 pcg 1.10 {
484 root 1.51 // this ID must result in some mixed-case characters in cdc26-encoding
485 pcg 1.10 id1 = 'G';
486     id2 = 'V';
487     id3 = 'P';
488     id4 = 'E';
489    
490 root 1.51 version = 2;
491 pcg 1.10
492     rrtype = RR_TYPE_TXT;
493     flags = 0;
494 pcg 1.24 def_ttl = 0;
495 root 1.51 syn_cdc = 26;
496     hdr_cdc = 36;
497     req_cdc = conf.dns_case_preserving ? 62 : 36;
498 pcg 1.24 rep_cdc = 0;
499 pcg 1.27 max_size = htons (MAX_PKT_SIZE);
500     client = htons (clientid);
501 root 1.51 uid = ++next_uid;
502    
503     r0 = r1 = r2 = r3 = r4 = 0;
504 pcg 1.10
505 root 1.51 chksum = get_chksum ();
506     }
507    
508     // simple but not trivial chksum
509     u8
510     dns_cfg::get_chksum ()
511     {
512     unsigned int sum = 0xff00; // only 16 bits required
513    
514     u8 old_chksum = chksum;
515     chksum = 0;
516    
517     for (unsigned int i = 0; i < sizeof (*this); ++i)
518     sum += ((u8 *)this)[i] * (i + 1);
519    
520     chksum = old_chksum;
521    
522     return sum + (sum >> 8);
523 pcg 1.10 }
524    
525 root 1.49 bool
526     dns_cfg::valid ()
527 pcg 1.10 {
528 pcg 1.40 // although the protocol itself allows for some configurability,
529     // only the following encoding/decoding settings are implemented.
530 pcg 1.10 return id1 == 'G'
531     && id2 == 'V'
532     && id3 == 'P'
533     && id4 == 'E'
534 root 1.51 && version == 2
535     && syn_cdc == 26
536     && hdr_cdc == 36
537     && (req_cdc == 36 || req_cdc == 62)
538 pcg 1.24 && rep_cdc == 0
539 root 1.51 && chksum == get_chksum ();
540 pcg 1.10 }
541    
542 pcg 1.2 struct dns_packet : net_packet
543     {
544     u16 id;
545     u16 flags; // QR:1 Opcode:4 AA:1 TC:1 RD:1 RA:1 Z:3 RCODE:4
546     u16 qdcount, ancount, nscount, arcount;
547    
548 pcg 1.24 u8 data [MAXSIZE - 6 * 2];
549 pcg 1.2
550     int decode_label (char *data, int size, int &offs);
551     };
552    
553 root 1.49 int
554     dns_packet::decode_label (char *data, int size, int &offs)
555 pcg 1.2 {
556     char *orig = data;
557    
558     memset (data, 0, size);
559    
560     while (offs < size - 1)
561     {
562     u8 len = (*this)[offs++];
563    
564     if (!len)
565     break;
566     else if (len < 64)
567     {
568     if (size < len + 1 || offs + len >= MAXSIZE - 1)
569     break;
570    
571     memcpy (data, &((*this)[offs]), len);
572    
573     data += len; size -= len; offs += len;
574     *data++ = '.'; size--;
575     }
576     else
577     {
578     int offs2 = ((len & 63) << 8) + (*this)[offs++];
579    
580     data += decode_label (data, size, offs2);
581     break;
582     }
583     }
584    
585     return data - orig;
586     }
587    
588 pcg 1.3 /////////////////////////////////////////////////////////////////////////////
589    
590 root 1.49 static
591     u16 next_id ()
592     {
593     static u16 dns_id = 0; // TODO: should be per-vpn
594 pcg 1.18
595 root 1.53 #if 1
596 pcg 1.18 if (!dns_id)
597     dns_id = time (0);
598    
599     // the simplest lsfr with periodicity 65535 i could find
600     dns_id = (dns_id << 1)
601     | (((dns_id >> 1)
602     ^ (dns_id >> 2)
603     ^ (dns_id >> 4)
604     ^ (dns_id >> 15)) & 1);
605    
606     return dns_id;
607 root 1.53 #else
608     dns_id++;//D
609    
610     return htons (dns_id);
611     #endif
612 pcg 1.18 }
613    
614     struct dns_rcv;
615     struct dns_snd;
616    
617     struct dns_connection
618     {
619     connection *c;
620     struct vpn *vpn;
621    
622     dns_cfg cfg;
623    
624     bool established;
625 root 1.51 const basecoder *cdc;
626 pcg 1.18
627     tstamp last_received;
628     tstamp last_sent;
629 pcg 1.25 double min_latency;
630 pcg 1.18 double poll_interval, send_interval;
631    
632     vector<dns_rcv *> rcvpq;
633    
634 pcg 1.31 byte_stream rcvdq; int rcvseq; int repseq;
635 pcg 1.18 byte_stream snddq; int sndseq;
636    
637 pcg 1.46 inline void time_cb (ev::timer &w, int revents); ev::timer tw;
638 pcg 1.18 void receive_rep (dns_rcv *r);
639    
640 root 1.51 void reset (); // quite like tcp RST
641     void set_cfg (); // to be called after any cfg changes
642    
643 pcg 1.18 dns_connection (connection *c);
644     ~dns_connection ();
645     };
646    
647 pcg 1.10 struct dns_snd
648 pcg 1.3 {
649     dns_packet *pkt;
650 pcg 1.10 tstamp timeout, sent;
651 pcg 1.3 int retry;
652 pcg 1.9 struct dns_connection *dns;
653 pcg 1.5 int seqno;
654 pcg 1.17 bool stdhdr;
655 pcg 1.3
656 pcg 1.9 void gen_stream_req (int seqno, byte_stream &stream);
657 pcg 1.18 void gen_syn_req ();
658 pcg 1.11
659     dns_snd (dns_connection *dns);
660     ~dns_snd ();
661 pcg 1.3 };
662    
663 pcg 1.10 dns_snd::dns_snd (dns_connection *dns)
664 pcg 1.9 : dns (dns)
665 pcg 1.3 {
666 pcg 1.10 timeout = 0;
667 pcg 1.3 retry = 0;
668 pcg 1.10 seqno = 0;
669 pcg 1.43 sent = ev_now ();
670 pcg 1.17 stdhdr = false;
671 pcg 1.3
672     pkt = new dns_packet;
673    
674 pcg 1.5 pkt->id = next_id ();
675     }
676    
677 pcg 1.11 dns_snd::~dns_snd ()
678     {
679     delete pkt;
680     }
681    
682 root 1.49 static void
683     append_domain (dns_packet &pkt, int &offs, const char *domain)
684 pcg 1.10 {
685     // add tunnel domain
686     for (;;)
687     {
688     const char *end = strchr (domain, '.');
689    
690     if (!end)
691     end = domain + strlen (domain);
692    
693     int len = end - domain;
694    
695     pkt [offs++] = len;
696     memcpy (pkt.at (offs), domain, len);
697     offs += len;
698    
699     if (!*end)
700     break;
701    
702     domain = end + 1;
703     }
704     }
705    
706 root 1.49 void
707     dns_snd::gen_stream_req (int seqno, byte_stream &stream)
708 pcg 1.5 {
709 pcg 1.17 stdhdr = true;
710 pcg 1.5 this->seqno = seqno;
711    
712 pcg 1.43 timeout = ev_now () + INITIAL_TIMEOUT;
713 pcg 1.10
714 pcg 1.5 pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
715 pcg 1.4 pkt->qdcount = htons (1);
716 pcg 1.3
717 pcg 1.4 int offs = 6*2;
718 pcg 1.19 int dlen = MAX_DOMAIN_SIZE - (strlen (dns->c->conf->domain) + 2);
719 pcg 1.5 // MAX_DOMAIN_SIZE is technically 255, but bind doesn't compress responses well,
720     // so we need to have space for 2*MAX_DOMAIN_SIZE + header + extra
721    
722 pcg 1.8 char enc[256], *encp = enc;
723     encode_header (enc, THISNODE->id, seqno);
724 pcg 1.4
725 root 1.51 int datalen = dns->cdc->decode_len (dlen - (dlen + MAX_LBL_SIZE - 1) / MAX_LBL_SIZE - HDRSIZE);
726 pcg 1.4
727 pcg 1.9 if (datalen > stream.size ())
728     datalen = stream.size ();
729 pcg 1.8
730 root 1.51 int enclen = dns->cdc->encode (enc + HDRSIZE, stream.begin (), datalen) + HDRSIZE;
731 pcg 1.9 stream.remove (datalen);
732 pcg 1.4
733 pcg 1.5 while (enclen)
734     {
735     int lbllen = enclen < MAX_LBL_SIZE ? enclen : MAX_LBL_SIZE;
736    
737     (*pkt)[offs++] = lbllen;
738     memcpy (pkt->at (offs), encp, lbllen);
739 pcg 1.4
740 pcg 1.5 offs += lbllen;
741     encp += lbllen;
742 pcg 1.4
743 pcg 1.5 enclen -= lbllen;
744 pcg 1.4 }
745    
746 pcg 1.19 append_domain (*pkt, offs, dns->c->conf->domain);
747 pcg 1.3
748 pcg 1.10 (*pkt)[offs++] = 0;
749     (*pkt)[offs++] = RR_TYPE_ANY >> 8; (*pkt)[offs++] = RR_TYPE_ANY;
750     (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN;
751    
752     pkt->len = offs;
753     }
754    
755 root 1.49 void
756     dns_snd::gen_syn_req ()
757 pcg 1.10 {
758 pcg 1.43 timeout = ev_now () + INITIAL_SYN_TIMEOUT;
759 pcg 1.4
760 pcg 1.10 pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
761     pkt->qdcount = htons (1);
762 pcg 1.4
763 pcg 1.18 int offs = 6 * 2;
764 pcg 1.4
765 pcg 1.18 int elen = cdc26.encode ((char *)pkt->at (offs + 1), (u8 *)&dns->cfg, sizeof (dns_cfg));
766 pcg 1.4
767 pcg 1.10 assert (elen <= MAX_LBL_SIZE);
768 pcg 1.4
769 pcg 1.10 (*pkt)[offs] = elen;
770     offs += elen + 1;
771 pcg 1.19 append_domain (*pkt, offs, dns->c->conf->domain);
772 pcg 1.4
773     (*pkt)[offs++] = 0;
774 pcg 1.10 (*pkt)[offs++] = RR_TYPE_A >> 8; (*pkt)[offs++] = RR_TYPE_A;
775 pcg 1.4 (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN;
776    
777     pkt->len = offs;
778 pcg 1.5 }
779    
780     struct dns_rcv
781     {
782     int seqno;
783     dns_packet *pkt; // reply packet
784     u8 data [MAXSIZE]; // actually part of the reply packet...
785     int datalen;
786    
787 pcg 1.6 dns_rcv (int seqno, u8 *data, int datalen);
788 pcg 1.5 ~dns_rcv ();
789     };
790    
791 pcg 1.6 dns_rcv::dns_rcv (int seqno, u8 *data, int datalen)
792 pcg 1.5 : seqno (seqno), pkt (new dns_packet), datalen (datalen)
793     {
794     memcpy (this->data, data, datalen);
795     }
796 pcg 1.4
797 pcg 1.5 dns_rcv::~dns_rcv ()
798     {
799     delete pkt;
800 pcg 1.3 }
801    
802     /////////////////////////////////////////////////////////////////////////////
803 pcg 1.9
804     dns_connection::dns_connection (connection *c)
805     : c (c)
806     , rcvdq (MAX_BACKLOG * 2)
807 pcg 1.31 , snddq (MAX_BACKLOG)
808 pcg 1.9 {
809 pcg 1.45 tw.set<dns_connection, &dns_connection::time_cb> (this);
810    
811 pcg 1.9 vpn = c->vpn;
812    
813 root 1.51 reset ();
814     }
815    
816     dns_connection::~dns_connection ()
817     {
818     reset ();
819     }
820    
821     void
822     dns_connection::reset ()
823     {
824     while (!rcvpq.empty ())
825     {
826     delete rcvpq.back ();
827     rcvpq.pop_back ();
828     }
829    
830     for (int i = vpn->dns_sndpq.size (); i--; )
831     if (vpn->dns_sndpq [i]->dns == this)
832     {
833     vpn->dns_sndpq [i] = vpn->dns_sndpq.back ();
834     vpn->dns_sndpq.pop_back ();
835     }
836    
837 pcg 1.10 established = false;
838    
839 pcg 1.31 rcvseq = repseq = sndseq = 0;
840 pcg 1.10
841 root 1.52 last_sent = 0;
842 pcg 1.30 poll_interval = 0.5; // starting here
843 pcg 1.17 send_interval = 0.5; // starting rate
844 pcg 1.25 min_latency = INITIAL_TIMEOUT;
845 pcg 1.9 }
846    
847 root 1.51 void
848     dns_connection::set_cfg ()
849 pcg 1.9 {
850 root 1.51 cdc = cfg.req_cdc == 36 ? &cdc36 : &cdc62;
851 pcg 1.9 }
852 pcg 1.3
853 root 1.49 void
854     dns_connection::receive_rep (dns_rcv *r)
855 pcg 1.2 {
856 pcg 1.10 if (r->datalen)
857 root 1.52 poll_interval = max (poll_interval * (1. / 1.2), MIN_POLL_INTERVAL);
858 pcg 1.10 else
859 root 1.52 poll_interval = min (poll_interval * 1.1, MAX_POLL_INTERVAL);
860 pcg 1.2
861 pcg 1.9 rcvpq.push_back (r);
862 pcg 1.5
863     redo:
864    
865 pcg 1.8 // find next packet
866 pcg 1.9 for (vector<dns_rcv *>::iterator i = rcvpq.end (); i-- != rcvpq.begin (); )
867     if (SEQNO_EQ (rcvseq, (*i)->seqno))
868 pcg 1.5 {
869 pcg 1.41 //printf ("seqno eq %x %x\n", rcvseq, (*i)->seqno);//D
870 pcg 1.8 // enter the packet into our input stream
871     r = *i;
872    
873     // remove the oldest packet, look forward, as it's oldest first
874 pcg 1.9 for (vector<dns_rcv *>::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j)
875     if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW))
876 pcg 1.8 {
877 pcg 1.41 //printf ("seqno RR %x %x\n", (*j)->seqno, rcvseq - MAX_WINDOW);//D
878 pcg 1.8 delete *j;
879 pcg 1.9 rcvpq.erase (j);
880 pcg 1.8 break;
881     }
882 pcg 1.5
883 pcg 1.9 rcvseq = (rcvseq + 1) & SEQNO_MASK;
884 pcg 1.5
885 pcg 1.9 if (!rcvdq.put (r->data, r->datalen))
886 pcg 1.17 {
887 root 1.50 // MUST never overflow, can be caused by data corruption, TODO
888     slog (L_CRIT, "DNS: !rcvdq.put (r->data, r->datalen)");
889 root 1.51 reset ();
890 root 1.50 return;
891 pcg 1.17 }
892 pcg 1.5
893 pcg 1.9 while (vpn_packet *pkt = rcvdq.get ())
894 pcg 1.5 {
895     sockinfo si;
896 pcg 1.33 si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4;
897 pcg 1.5
898     vpn->recv_vpn_packet (pkt, si);
899 pcg 1.11 delete pkt;
900 pcg 1.5 }
901 pcg 1.8
902     // check for further packets
903 pcg 1.5 goto redo;
904     }
905     }
906    
907 pcg 1.10 void
908     vpn::dnsv4_server (dns_packet &pkt)
909 pcg 1.2 {
910 pcg 1.10 u16 flags = ntohs (pkt.flags);
911 pcg 1.2
912 pcg 1.4 int offs = 6 * 2; // skip header
913 pcg 1.2
914 pcg 1.10 pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR);
915 pcg 1.2
916 pcg 1.10 if (0 == (flags & (FLAG_RESPONSE | FLAG_OP_MASK))
917     && pkt.qdcount == htons (1))
918 pcg 1.4 {
919 pcg 1.24 char qname [MAXSIZE];
920 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
921 pcg 1.4
922 pcg 1.10 u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++];
923     u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++];
924 pcg 1.2
925 pcg 1.10 pkt.qdcount = htons (1);
926     pkt.ancount = 0;
927     pkt.nscount = 0; // should be self, as other nameservers reply like this
928     pkt.arcount = 0; // a record for self, as other nameservers reply like this
929 pcg 1.2
930 pcg 1.16 pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_SERVFAIL);
931 pcg 1.2
932 pcg 1.4 int dlen = strlen (THISNODE->domain);
933 pcg 1.2
934 pcg 1.4 if (qclass == RR_CLASS_IN
935 pcg 1.10 && qlen > dlen + 1
936 pcg 1.24 && !memcmp (qname + qlen - (dlen + 1), THISNODE->domain, dlen))
937 pcg 1.2 {
938 pcg 1.10 // now generate reply
939     pkt.ancount = htons (1); // one answer RR
940     pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_OK);
941    
942     if ((qtype == RR_TYPE_ANY
943     || qtype == RR_TYPE_TXT
944     || qtype == RR_TYPE_NULL)
945     && qlen > dlen + 1 + HDRSIZE)
946 pcg 1.5 {
947 pcg 1.10 // correct class, domain: parse
948     int client, seqno;
949     decode_header (qname, client, seqno);
950 pcg 1.5
951 pcg 1.10 if (0 < client && client <= conns.size ())
952     {
953     connection *c = conns [client - 1];
954     dns_connection *dns = c->dns;
955     dns_rcv *rcv;
956    
957     if (dns)
958     {
959 root 1.51 u8 data[MAXSIZE];
960     int datalen = dns->cdc->decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE));
961    
962 pcg 1.10 for (vector<dns_rcv *>::iterator i = dns->rcvpq.end (); i-- != dns->rcvpq.begin (); )
963     if (SEQNO_EQ ((*i)->seqno, seqno))
964     {
965     // already seen that request: simply reply with the cached reply
966     dns_rcv *r = *i;
967    
968 pcg 1.17 slog (L_DEBUG, "DNS: duplicate packet received ID %d, SEQ %d", htons (r->pkt->id), seqno);
969    
970     // refresh header & id, as the retry count could have changed
971     memcpy (r->pkt->at (6 * 2 + 1), pkt.at (6 * 2 + 1), HDRSIZE);
972     r->pkt->id = pkt.id;
973 pcg 1.10
974     memcpy (pkt.at (0), r->pkt->at (0), offs = r->pkt->len);
975 pcg 1.17
976 pcg 1.10 goto duplicate_request;
977     }
978    
979     // new packet, queue
980     rcv = new dns_rcv (seqno, data, datalen);
981     dns->receive_rep (rcv);
982     }
983    
984 pcg 1.21 {
985     pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section
986    
987     int rtype = dns ? dns->cfg.rrtype : RR_TYPE_A;
988     pkt [offs++] = rtype >> 8; pkt [offs++] = rtype; // type
989     pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class
990     pkt [offs++] = 0; pkt [offs++] = 0;
991     pkt [offs++] = 0; pkt [offs++] = dns ? dns->cfg.def_ttl : 0; // TTL
992    
993     int rdlen_offs = offs += 2;
994 pcg 1.10
995 pcg 1.21 if (dns)
996     {
997 pcg 1.27 int dlen = ntohs (dns->cfg.max_size) - offs;
998    
999     // bind doesn't compress well, so reduce further by one label length
1000     dlen -= qlen;
1001    
1002 pcg 1.21 // only put data into in-order sequence packets, if
1003     // we receive out-of-order packets we generate empty
1004     // replies
1005 pcg 1.31 //printf ("%d - %d & %x (=%d) < %d\n", seqno, dns->repseq, SEQNO_MASK, (seqno - dns->repseq) & SEQNO_MASK, MAX_WINDOW);//D
1006     if (((seqno - dns->repseq) & SEQNO_MASK) <= MAX_WINDOW)
1007 pcg 1.21 {
1008 pcg 1.31 dns->repseq = seqno;
1009 pcg 1.10
1010 pcg 1.31 while (dlen > 1 && !dns->snddq.empty ())
1011     {
1012     int txtlen = dlen <= 255 ? dlen - 1 : 255;
1013    
1014     if (txtlen > dns->snddq.size ())
1015     txtlen = dns->snddq.size ();
1016    
1017     pkt[offs++] = txtlen;
1018     memcpy (pkt.at (offs), dns->snddq.begin (), txtlen);
1019     offs += txtlen;
1020     dns->snddq.remove (txtlen);
1021 pcg 1.10
1022 pcg 1.31 dlen -= txtlen + 1;
1023     }
1024 pcg 1.21 }
1025    
1026 pcg 1.31 // avoid completely empty TXT rdata
1027 pcg 1.21 if (offs == rdlen_offs)
1028     pkt[offs++] = 0;
1029 pcg 1.15
1030 pcg 1.21 slog (L_NOISE, "DNS: snddq %d", dns->snddq.size ());
1031     }
1032     else
1033     {
1034     // send RST
1035     pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3;
1036     pkt [offs++] = CMD_IP_RST;
1037     }
1038 pcg 1.10
1039 pcg 1.21 int rdlen = offs - rdlen_offs;
1040 pcg 1.10
1041 pcg 1.21 pkt [rdlen_offs - 2] = rdlen >> 8;
1042     pkt [rdlen_offs - 1] = rdlen;
1043 pcg 1.10
1044 pcg 1.21 if (dns)
1045     {
1046     // now update dns_rcv copy
1047     rcv->pkt->len = offs;
1048     memcpy (rcv->pkt->at (0), pkt.at (0), offs);
1049     }
1050     }
1051 pcg 1.9
1052 pcg 1.10 duplicate_request: ;
1053     }
1054     else
1055     pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR);
1056     }
1057     else if (qtype == RR_TYPE_A
1058     && qlen > dlen + 1 + cdc26.encode_len (sizeof (dns_cfg)))
1059     {
1060     dns_cfg cfg;
1061     cdc26.decode ((u8 *)&cfg, qname, cdc26.encode_len (sizeof (dns_cfg)));
1062     int client = ntohs (cfg.client);
1063 pcg 1.4
1064 pcg 1.10 pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section
1065 pcg 1.2
1066 pcg 1.10 pkt [offs++] = RR_TYPE_A >> 8; pkt [offs++] = RR_TYPE_A; // type
1067     pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class
1068     pkt [offs++] = 0; pkt [offs++] = 0;
1069     pkt [offs++] = 0; pkt [offs++] = cfg.def_ttl; // TTL
1070     pkt [offs++] = 0; pkt [offs++] = 4; // rdlength
1071 pcg 1.2
1072 pcg 1.10 pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3;
1073     pkt [offs++] = CMD_IP_REJ;
1074 pcg 1.2
1075 pcg 1.10 if (0 < client && client <= conns.size ())
1076 pcg 1.5 {
1077 pcg 1.10 connection *c = conns [client - 1];
1078 pcg 1.2
1079 pcg 1.10 if (cfg.valid ())
1080     {
1081 root 1.51 slog (L_INFO, _("DNS: client %d connects (version %d, req_cdc %d)"), client, cfg.version, cfg.req_cdc);
1082    
1083     // check for any encoding mismatches - hints at a case problem
1084     char qname2 [MAX_ENC_LEN];
1085     cdc26.encode (qname2, (u8 *)&cfg, sizeof (dns_cfg));
1086 pcg 1.10
1087     delete c->dns;
1088 root 1.51
1089     pkt [offs - 1] = memcmp (qname, qname2, cdc26.encode_len (sizeof (dns_cfg)))
1090     ? CMD_IP_CSE : CMD_IP_SYN;
1091    
1092 pcg 1.10 c->dns = new dns_connection (c);
1093     c->dns->cfg = cfg;
1094 root 1.51 c->dns->set_cfg ();
1095 pcg 1.10 }
1096 pcg 1.5 }
1097     }
1098 pcg 1.2 }
1099 pcg 1.6
1100 pcg 1.10 pkt.len = offs;
1101 pcg 1.4 }
1102     }
1103    
1104     void
1105 pcg 1.10 vpn::dnsv4_client (dns_packet &pkt)
1106 pcg 1.4 {
1107 pcg 1.10 u16 flags = ntohs (pkt.flags);
1108 pcg 1.4 int offs = 6 * 2; // skip header
1109    
1110 pcg 1.10 pkt.qdcount = ntohs (pkt.qdcount);
1111     pkt.ancount = ntohs (pkt.ancount);
1112 pcg 1.4
1113 pcg 1.5 // go through our request list and find the corresponding request
1114 pcg 1.10 for (vector<dns_snd *>::iterator i = dns_sndpq.begin ();
1115 pcg 1.4 i != dns_sndpq.end ();
1116     ++i)
1117 pcg 1.10 if ((*i)->pkt->id == pkt.id)
1118 pcg 1.4 {
1119 pcg 1.9 dns_connection *dns = (*i)->dns;
1120 pcg 1.12 connection *c = dns->c;
1121 pcg 1.5 int seqno = (*i)->seqno;
1122     u8 data[MAXSIZE], *datap = data;
1123 pcg 1.41 //printf ("rcv pkt %x\n", seqno);//D
1124 pcg 1.5
1125 root 1.52 if ((*i)->retry)
1126 pcg 1.10 {
1127 pcg 1.17 dns->send_interval *= 1.01;
1128 pcg 1.12 if (dns->send_interval > MAX_SEND_INTERVAL)
1129 pcg 1.10 dns->send_interval = MAX_SEND_INTERVAL;
1130     }
1131     else
1132     {
1133 pcg 1.26 #if 0
1134 pcg 1.17 dns->send_interval *= 0.999;
1135 pcg 1.12 #endif
1136 pcg 1.10 // the latency surely puts an upper bound on
1137     // the minimum send interval
1138 pcg 1.43 double latency = ev_now () - (*i)->sent;
1139 pcg 1.12
1140 pcg 1.25 if (latency < dns->min_latency)
1141     dns->min_latency = latency;
1142    
1143 pcg 1.37 if (dns->send_interval > dns->min_latency * conf.dns_overlap_factor)
1144     dns->send_interval = dns->min_latency * conf.dns_overlap_factor;
1145 pcg 1.27
1146 pcg 1.37 if (dns->send_interval < conf.dns_send_interval)
1147     dns->send_interval = conf.dns_send_interval;
1148 pcg 1.10 }
1149    
1150 pcg 1.4 delete *i;
1151     dns_sndpq.erase (i);
1152    
1153 pcg 1.10 if (flags & FLAG_RESPONSE && !(flags & FLAG_OP_MASK))
1154 pcg 1.4 {
1155     char qname[MAXSIZE];
1156    
1157 pcg 1.10 while (pkt.qdcount-- && offs < MAXSIZE - 4)
1158 pcg 1.4 {
1159 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
1160 pcg 1.4 offs += 4; // skip qtype, qclass
1161     }
1162    
1163 pcg 1.10 while (pkt.ancount-- && offs < MAXSIZE - 10 && datap)
1164 pcg 1.4 {
1165 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
1166    
1167     u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++];
1168     u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++];
1169     u32 ttl = pkt [offs++] << 24;
1170     ttl |= pkt [offs++] << 16;
1171     ttl |= pkt [offs++] << 8;
1172     ttl |= pkt [offs++];
1173     u16 rdlen = pkt [offs++] << 8; rdlen |= pkt [offs++];
1174 pcg 1.8
1175 root 1.51 if (qtype == RR_TYPE_NULL || qtype == RR_TYPE_TXT || qtype == dns->cfg.rrtype)
1176 pcg 1.10 {
1177     if (rdlen <= MAXSIZE - offs)
1178     {
1179     // decode bytes, finally
1180    
1181     while (rdlen)
1182     {
1183     int txtlen = pkt [offs++];
1184 pcg 1.4
1185 pcg 1.10 assert (txtlen + offs < MAXSIZE - 1);
1186 pcg 1.4
1187 pcg 1.10 memcpy (datap, pkt.at (offs), txtlen);
1188     datap += txtlen; offs += txtlen;
1189    
1190     rdlen -= txtlen + 1;
1191     }
1192     }
1193     }
1194     else if (qtype == RR_TYPE_A)
1195 pcg 1.5 {
1196 pcg 1.10 u8 ip [4];
1197 pcg 1.5
1198 pcg 1.10 ip [0] = pkt [offs++];
1199     ip [1] = pkt [offs++];
1200     ip [2] = pkt [offs++];
1201     ip [3] = pkt [offs++];
1202    
1203     if (ip [0] == CMD_IP_1
1204     && ip [1] == CMD_IP_2
1205     && ip [2] == CMD_IP_3)
1206 pcg 1.5 {
1207 pcg 1.17 slog (L_TRACE, _("DNS: got tunnel meta command %02x"), ip [3]);
1208 pcg 1.5
1209 pcg 1.10 if (ip [3] == CMD_IP_RST)
1210     {
1211 root 1.51 slog (L_DEBUG, _("DNS: got tunnel RST request."));
1212 pcg 1.10
1213 root 1.51 dns->reset ();
1214     return;
1215 pcg 1.10 }
1216     else if (ip [3] == CMD_IP_SYN)
1217 pcg 1.12 {
1218 pcg 1.17 slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us."));
1219 pcg 1.12 dns->established = true;
1220     }
1221 root 1.51 else if (ip [3] == CMD_IP_CSE)
1222     {
1223     if (conf.dns_case_preserving)
1224     {
1225     slog (L_INFO, _("DNS: got tunnel CSE reply, globally downgrading to case-insensitive protocol."));
1226     conf.dns_case_preserving = false;
1227     dns->reset ();
1228     return;
1229     }
1230     else
1231     {
1232     slog (L_DEBUG, _("DNS: got tunnel CSE reply, server likes us."));
1233     dns->established = true;
1234     }
1235     }
1236 pcg 1.12 else if (ip [3] == CMD_IP_REJ)
1237 root 1.51 {
1238     slog (L_ERR, _("DNS: got tunnel REJ reply, server does not like us."));
1239     dns->tw.start (60.);
1240     }
1241 pcg 1.10 else
1242 root 1.51 {
1243     slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]);
1244     dns->tw.start (60.);
1245     }
1246 pcg 1.10 }
1247     else
1248 pcg 1.17 slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"),
1249 pcg 1.10 ip [0], ip [1], ip [2], ip [3]);
1250 pcg 1.5
1251 pcg 1.10 return;
1252 pcg 1.9 }
1253 pcg 1.4
1254 pcg 1.9 int client, rseqno;
1255     decode_header (qname, client, rseqno);
1256    
1257     if (client != THISNODE->id)
1258     {
1259 pcg 1.17 slog (L_INFO, _("DNS: got dns tunnel response with wrong clientid, ignoring"));
1260 pcg 1.9 datap = 0;
1261     }
1262     else if (rseqno != seqno)
1263     {
1264 pcg 1.17 slog (L_DEBUG, _("DNS: got dns tunnel response with wrong seqno, badly caching nameserver?"));
1265 pcg 1.9 datap = 0;
1266 pcg 1.4 }
1267     }
1268     }
1269    
1270 pcg 1.6 // todo: pkt now used
1271 pcg 1.9 if (datap)
1272     dns->receive_rep (new dns_rcv (seqno, data, datap - data));
1273 pcg 1.5
1274 pcg 1.4 break;
1275     }
1276     }
1277    
1278     void
1279 pcg 1.42 vpn::dnsv4_ev (ev::io &w, int revents)
1280 pcg 1.4 {
1281 pcg 1.42 if (revents & EV_READ)
1282 pcg 1.4 {
1283     dns_packet *pkt = new dns_packet;
1284     struct sockaddr_in sa;
1285     socklen_t sa_len = sizeof (sa);
1286    
1287 pcg 1.10 pkt->len = recvfrom (w.fd, pkt->at (0), MAXSIZE, 0, (sockaddr *)&sa, &sa_len);
1288 pcg 1.4
1289     if (pkt->len > 0)
1290 pcg 1.5 {
1291 pcg 1.24 if (ntohs (pkt->flags) & FLAG_RESPONSE)
1292     dnsv4_client (*pkt);
1293     else
1294 pcg 1.5 {
1295 pcg 1.10 dnsv4_server (*pkt);
1296     sendto (w.fd, pkt->at (0), pkt->len, 0, (sockaddr *)&sa, sa_len);
1297 pcg 1.5 }
1298 pcg 1.10
1299     delete pkt;
1300 pcg 1.5 }
1301 pcg 1.1 }
1302     }
1303    
1304     bool
1305 pcg 1.18 vpn::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos)
1306 pcg 1.3 {
1307 pcg 1.33 int client = ntohl (si.host);
1308 pcg 1.18
1309     assert (0 < client && client <= conns.size ());
1310    
1311     connection *c = conns [client - 1];
1312    
1313     if (!c->dns)
1314     c->dns = new dns_connection (c);
1315 pcg 1.4
1316 pcg 1.31 if (c->dns->snddq.put (pkt))
1317 root 1.52 {
1318     min_it (c->dns->poll_interval, 0.25);
1319     c->dns->tw ();
1320     }
1321 pcg 1.3
1322 pcg 1.31 // always return true even if the buffer overflows
1323 pcg 1.3 return true;
1324     }
1325    
1326     void
1327 pcg 1.42 dns_connection::time_cb (ev::timer &w, int revents)
1328 pcg 1.1 {
1329 pcg 1.10 // servers have to be polled
1330     if (THISNODE->dns_port)
1331     return;
1332    
1333 pcg 1.3 // check for timeouts and (re)transmit
1334 root 1.52 tstamp next = 86400 * 365;
1335 pcg 1.10 dns_snd *send = 0;
1336 pcg 1.3
1337 pcg 1.10 for (vector<dns_snd *>::iterator i = vpn->dns_sndpq.begin ();
1338 pcg 1.4 i != vpn->dns_sndpq.end ();
1339 pcg 1.3 ++i)
1340     {
1341 pcg 1.10 dns_snd *r = *i;
1342 pcg 1.3
1343 pcg 1.43 if (r->timeout <= ev_now ())
1344 pcg 1.3 {
1345 pcg 1.4 if (!send)
1346     {
1347     send = r;
1348    
1349     r->retry++;
1350 root 1.52 r->timeout = ev_now () + r->retry * min_latency * conf.dns_timeout_factor;
1351 pcg 1.43 //printf ("RETRY %x (%d, %f)\n", r->seqno, r->retry, r->timeout - ev_now ());//D
1352 pcg 1.17
1353     // the following code changes the query section a bit, forcing
1354     // the forwarder to generate a new request
1355     if (r->stdhdr)
1356 pcg 1.41 encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry);
1357 pcg 1.4 }
1358 pcg 1.3 }
1359 pcg 1.11 else
1360 root 1.52 min_it (next, r->timeout - ev_now ());
1361 pcg 1.3 }
1362    
1363 pcg 1.28 if (!send)
1364 pcg 1.5 {
1365 pcg 1.29 // generate a new packet, if wise
1366    
1367     if (!established)
1368 pcg 1.10 {
1369 pcg 1.29 if (vpn->dns_sndpq.empty ())
1370 pcg 1.10 {
1371 pcg 1.29 send = new dns_snd (this);
1372 pcg 1.10
1373 pcg 1.29 cfg.reset (THISNODE->id);
1374 root 1.51 set_cfg ();
1375 pcg 1.29 send->gen_syn_req ();
1376 pcg 1.10 }
1377 pcg 1.29 }
1378 pcg 1.37 else if (vpn->dns_sndpq.size () < conf.dns_max_outstanding
1379 pcg 1.29 && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1)))
1380     {
1381 pcg 1.43 if (last_sent + send_interval <= ev_now ())
1382 pcg 1.10 {
1383 pcg 1.18 //printf ("sending data request etc.\n"); //D
1384 root 1.52 if (!snddq.empty ())
1385     min_it (next, send_interval);
1386 pcg 1.17
1387 pcg 1.10 send = new dns_snd (this);
1388     send->gen_stream_req (sndseq, snddq);
1389 pcg 1.43 send->timeout = ev_now () + min_latency * conf.dns_timeout_factor;
1390     //printf ("SEND %x (%f)\n", send->seqno, send->timeout - ev_now (), min_latency, conf.dns_timeout_factor);//D
1391 pcg 1.5
1392 pcg 1.10 sndseq = (sndseq + 1) & SEQNO_MASK;
1393     }
1394 pcg 1.29 else
1395 root 1.52 min_it (next, last_sent + send_interval - ev_now ());
1396 pcg 1.29 }
1397 pcg 1.4
1398 pcg 1.29 if (send)
1399     vpn->dns_sndpq.push_back (send);
1400 pcg 1.28 }
1401 pcg 1.4
1402 pcg 1.28 if (send)
1403     {
1404 pcg 1.43 last_sent = ev_now ();
1405 pcg 1.28 sendto (vpn->dnsv4_fd,
1406     send->pkt->at (0), send->pkt->len, 0,
1407     vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ());
1408 pcg 1.4 }
1409 pcg 1.10
1410 root 1.52 min_it (next, last_sent + max (poll_interval, send_interval) - ev_now ());
1411    
1412 pcg 1.27 slog (L_NOISE, "DNS: pi %f si %f N %f (%d:%d %d)",
1413 pcg 1.43 poll_interval, send_interval, next - ev_now (),
1414 pcg 1.27 vpn->dns_sndpq.size (), snddq.size (),
1415     rcvpq.size ());
1416 pcg 1.11
1417 root 1.52 w.start (next);
1418 pcg 1.1 }
1419    
1420     #endif
1421