ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/vpn_dns.C
Revision: 1.57
Committed: Thu Oct 6 03:03:09 2022 UTC (19 months, 2 weeks ago) by root
Content type: text/plain
Branch: MAIN
CVS Tags: HEAD
Changes since 1.56: +3 -3 lines
Log Message: 
*** empty log message ***

File Contents

# User Rev Content
1 pcg 1.1 /*
2     vpn_dns.C -- handle the dns tunnel part of the protocol.
3 root 1.51 Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de>
4 pcg 1.1
5 pcg 1.7 This file is part of GVPE.
6    
7 pcg 1.47 GVPE is free software; you can redistribute it and/or modify it
8     under the terms of the GNU General Public License as published by the
9     Free Software Foundation; either version 3 of the License, or (at your
10     option) any later version.
11    
12     This program is distributed in the hope that it will be useful, but
13     WITHOUT ANY WARRANTY; without even the implied warranty of
14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15     Public License for more details.
16    
17     You should have received a copy of the GNU General Public License along
18     with this program; if not, see <http://www.gnu.org/licenses/>.
19    
20     Additional permission under GNU GPL version 3 section 7
21    
22     If you modify this Program, or any covered work, by linking or
23     combining it with the OpenSSL project's OpenSSL library (or a modified
24     version of that library), containing parts covered by the terms of the
25     OpenSSL or SSLeay licenses, the licensors of this Program grant you
26     additional permission to convey the resulting work. Corresponding
27     Source for a non-source form of such a combination shall include the
28     source code for the parts of OpenSSL used as well as that of the
29     covered work.
30 pcg 1.1 */
31    
32 pcg 1.38 // TODO: EDNS0 option to increase dns mtu?
33     // TODO: re-write dns packet parsing/creation using a safe mem-buffer
34     // to ensure no buffer overflows or similar problems.
35    
36 pcg 1.1 #include "config.h"
37    
38     #if ENABLE_DNS
39    
40     // dns processing is EXTREMELY ugly. For obvious(?) reasons.
41     // it's a hack, use only in emergency situations please.
42    
43     #include <cstring>
44 pcg 1.20 #include <cassert>
45 pcg 1.1
46     #include <sys/types.h>
47     #include <sys/socket.h>
48     #include <sys/wait.h>
49     #include <sys/uio.h>
50     #include <errno.h>
51     #include <time.h>
52     #include <unistd.h>
53     #include <fcntl.h>
54    
55     #include <map>
56    
57 pcg 1.44 #include <cstdio> /* bug in libgmp: gmp.h relies on cstdio being included */
58 pcg 1.8 #include <gmp.h>
59    
60 pcg 1.1 #include "netcompat.h"
61    
62     #include "vpn.h"
63    
64 root 1.52 #define MIN_POLL_INTERVAL 0.025 // poll at most this often when no data received
65 root 1.51 #define MAX_POLL_INTERVAL 1. // how often to poll minimally when the server has no data
66 pcg 1.10
67 pcg 1.17 #define INITIAL_TIMEOUT 0.1 // retry timeouts
68 pcg 1.36 #define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn
69 pcg 1.10
70 root 1.52 #define MAX_SEND_INTERVAL 5. // optimistic?
71 pcg 1.1
72 pcg 1.17 #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING, and backlog
73 pcg 1.35 #define MAX_BACKLOG (64*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE
74 pcg 1.5
75 root 1.53 #define MAX_DOMAIN_SIZE 235 // 255 is legal limit, but bind doesn't compress well
76 pcg 1.5 // 240 leaves about 4 bytes of server reply data
77 pcg 1.33 // every request byte less give room for two reply bytes
78 pcg 1.5
79 pcg 1.32 #define SEQNO_MASK 0x3fff
80 pcg 1.8 #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) )
81 pcg 1.1
82 pcg 1.8 #define MAX_LBL_SIZE 63
83     #define MAX_PKT_SIZE 512
84 pcg 1.1
85 pcg 1.10 #define RR_TYPE_A 1
86     #define RR_TYPE_NULL 10
87     #define RR_TYPE_TXT 16
88 pcg 1.48 #define RR_TYPE_AAAA 28
89 pcg 1.8 #define RR_TYPE_ANY 255
90 pcg 1.10
91     #define RR_CLASS_IN 1
92    
93     #define CMD_IP_1 207
94     #define CMD_IP_2 46
95     #define CMD_IP_3 236
96 root 1.51
97     #define CMD_IP_RST 29 // some error, reset and retry
98     #define CMD_IP_REJ 32 // do not want you
99     #define CMD_IP_SYN 113 // connection established
100     #define CMD_IP_CSE 213 // connection established, but likely case mismatch
101    
102     static bool
103     is_uc (char c)
104     {
105     return 'A' <= c && c <= 'Z';
106     }
107    
108     static bool
109     is_lc (char c)
110     {
111     return 'a' <= c && c <= 'z';
112     }
113 pcg 1.1
114 pcg 1.8 // works for cmaps up to 255 (not 256!)
115     struct charmap
116     {
117     enum { INVALID = (u8)255 };
118 pcg 1.1
119 pcg 1.8 char encode [256]; // index => char
120     u8 decode [256]; // char => index
121     unsigned int size;
122 pcg 1.2
123 pcg 1.8 charmap (const char *cmap);
124     };
125    
126     charmap::charmap (const char *cmap)
127     {
128     char *enc = encode;
129     u8 *dec = decode;
130 pcg 1.2
131 pcg 1.8 memset (enc, (char) 0, 256);
132     memset (dec, (char)INVALID, 256);
133 pcg 1.1
134 pcg 1.8 for (size = 0; cmap [size]; size++)
135     {
136 root 1.50 char c = cmap [size];
137    
138     enc [size] = c;
139     dec [(u8)c] = size;
140    
141     // allow lowercase/uppercase aliases if possible
142 root 1.51 if (is_uc (c) && dec [c + ('a' - 'A')] == INVALID) dec [c + ('a' - 'A')] = size;
143     if (is_lc (c) && dec [c - ('a' - 'A')] == INVALID) dec [c - ('a' - 'A')] = size;
144 pcg 1.8 }
145 pcg 1.1
146 pcg 1.8 assert (size < 256);
147     }
148 pcg 1.2
149 pcg 1.8 #define MAX_DEC_LEN 500
150     #define MAX_ENC_LEN (MAX_DEC_LEN * 2)
151 root 1.56 #define MAX_LIMBS ((MAX_DEC_LEN * 8 + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS + 1)
152 pcg 1.2
153 pcg 1.8 // ugly. minimum base is 16(!)
154     struct basecoder
155 pcg 1.2 {
156 pcg 1.8 charmap cmap;
157     unsigned int enc_len [MAX_DEC_LEN];
158     unsigned int dec_len [MAX_ENC_LEN];
159 pcg 1.2
160 root 1.51 unsigned int encode_len (unsigned int len) const;
161     unsigned int decode_len (unsigned int len) const;
162 pcg 1.8
163 root 1.51 unsigned int encode (char *dst, u8 *src, unsigned int len) const;
164     unsigned int decode (u8 *dst, char *src, unsigned int len) const;
165 pcg 1.8
166     basecoder (const char *cmap);
167     };
168    
169     basecoder::basecoder (const char *cmap)
170     : cmap (cmap)
171     {
172 root 1.56 int decn = -1;
173    
174 pcg 1.8 for (unsigned int len = 0; len < MAX_DEC_LEN; ++len)
175     {
176     u8 src [MAX_DEC_LEN];
177     u8 dst [MAX_ENC_LEN];
178 pcg 1.2
179 pcg 1.8 memset (src, 255, len);
180 pcg 1.2
181 pcg 1.8 mp_limb_t m [MAX_LIMBS];
182     mp_size_t n;
183    
184     n = mpn_set_str (m, src, len, 256);
185     n = mpn_get_str (dst, this->cmap.size, m, n);
186    
187 root 1.56 for (int i = 0; n && !dst [i]; ++i, --n)
188     ;
189 pcg 1.8
190     enc_len [len] = n;
191 root 1.56 while (decn < n)
192     dec_len [++decn] = len;
193 pcg 1.8 }
194     }
195    
196 root 1.49 unsigned int
197 root 1.51 basecoder::encode_len (unsigned int len) const
198 pcg 1.8 {
199     return enc_len [len];
200     }
201 pcg 1.2
202 root 1.49 unsigned int
203 root 1.51 basecoder::decode_len (unsigned int len) const
204 pcg 1.2 {
205 pcg 1.8 return dec_len [len];
206 pcg 1.2 }
207    
208 root 1.49 unsigned int
209 root 1.51 basecoder::encode (char *dst, u8 *src, unsigned int len) const
210 pcg 1.2 {
211 pcg 1.10 if (!len || len > MAX_DEC_LEN)
212 pcg 1.8 return 0;
213    
214     int elen = encode_len (len);
215    
216     mp_limb_t m [MAX_LIMBS];
217     mp_size_t n;
218    
219     u8 dst_ [MAX_ENC_LEN];
220    
221     n = mpn_set_str (m, src, len, 256);
222     n = mpn_get_str (dst_, cmap.size, m, n);
223    
224     int plen = elen; // for padding
225 pcg 1.2
226 pcg 1.8 while (n < plen)
227 pcg 1.2 {
228 pcg 1.8 *dst++ = cmap.encode [0];
229     plen--;
230 pcg 1.2 }
231    
232 pcg 1.8 for (unsigned int i = n - plen; i < n; ++i)
233     *dst++ = cmap.encode [dst_ [i]];
234 pcg 1.4
235 pcg 1.8 return elen;
236 pcg 1.2 }
237    
238 root 1.49 unsigned int
239 root 1.51 basecoder::decode (u8 *dst, char *src, unsigned int len) const
240 pcg 1.2 {
241 pcg 1.10 if (!len || len > MAX_ENC_LEN)
242 pcg 1.8 return 0;
243    
244     u8 src_ [MAX_ENC_LEN];
245     unsigned int elen = 0;
246 pcg 1.2
247     while (len--)
248     {
249 pcg 1.8 u8 val = cmap.decode [(u8)*src++];
250 pcg 1.2
251 pcg 1.8 if (val != charmap::INVALID)
252     src_ [elen++] = val;
253     }
254    
255     int dlen = decode_len (elen);
256    
257     mp_limb_t m [MAX_LIMBS];
258     mp_size_t n;
259    
260     u8 dst_ [MAX_DEC_LEN];
261 pcg 1.2
262 pcg 1.8 n = mpn_set_str (m, src_, elen, cmap.size);
263     n = mpn_get_str (dst_, 256, m, n);
264 pcg 1.2
265 pcg 1.8 if (n < dlen)
266     {
267     memset (dst, 0, dlen - n);
268     memcpy (dst + dlen - n, dst_, n);
269 pcg 1.2 }
270 pcg 1.8 else
271     memcpy (dst, dst_ + n - dlen, dlen);
272 pcg 1.4
273 pcg 1.8 return dlen;
274     }
275    
276     #if 0
277     struct test { test (); } test;
278    
279     test::test ()
280     {
281     basecoder cdc ("0123456789abcdefghijklmnopqrstuvwxyz");
282    
283     u8 in[] = "0123456789abcdefghijklmnopqrstuvwxyz";
284     static char enc[200];
285     static u8 dec[200];
286    
287     for (int i = 1; i < 20; i++)
288     {
289     int elen = cdc.encode (enc, in, i);
290     int dlen = cdc.decode (dec, enc, elen);
291    
292     printf ("%d>%d>%d (%s>%s)\n", i, elen, dlen, enc, dec);
293     }
294     abort ();
295     }
296     #endif
297    
298 root 1.51 static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); // a-zA-Z0-9
299     static basecoder cdc36 ("dPhZr06QmJkB34tSvL81xAeF92wGyO57uCnI"); // a-z0-9 for case-changers
300     static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyOuCnI"); // a-z
301 pcg 1.8
302     /////////////////////////////////////////////////////////////////////////////
303    
304 root 1.51 #define HDRSIZE 5
305 pcg 1.24
306 root 1.49 inline void
307     encode_header (char *data, int clientid, int seqno, int retry = 0)
308 pcg 1.8 {
309 root 1.51 assert (clientid < 256);
310    
311 pcg 1.17 seqno &= SEQNO_MASK;
312    
313     u8 hdr[3] = {
314 root 1.57 u8 (seqno),
315     u8 ((seqno >> 8) | (retry << 6)),
316     u8 (clientid),
317 pcg 1.17 };
318 pcg 1.8
319 root 1.51 cdc36.encode (data, hdr, 3);
320 pcg 1.8 }
321    
322 root 1.49 inline void
323     decode_header (char *data, int &clientid, int &seqno)
324 pcg 1.8 {
325     u8 hdr[3];
326    
327 root 1.51 cdc36.decode (hdr, data, HDRSIZE);
328 pcg 1.8
329 root 1.51 clientid = hdr[2];
330     seqno = ((hdr[1] << 8) | hdr[0]) & SEQNO_MASK;
331 pcg 1.4 }
332    
333     /////////////////////////////////////////////////////////////////////////////
334    
335     struct byte_stream
336     {
337     u8 *data;
338     int maxsize;
339     int fill;
340    
341     byte_stream (int maxsize);
342     ~byte_stream ();
343    
344     bool empty () { return !fill; }
345     int size () { return fill; }
346    
347 pcg 1.5 bool put (u8 *data, unsigned int datalen);
348 pcg 1.4 bool put (vpn_packet *pkt);
349     vpn_packet *get ();
350    
351     u8 *begin () { return data; }
352     void remove (int count);
353     };
354    
355     byte_stream::byte_stream (int maxsize)
356     : maxsize (maxsize), fill (0)
357     {
358     data = new u8 [maxsize];
359     }
360    
361     byte_stream::~byte_stream ()
362     {
363     delete data;
364     }
365    
366 root 1.49 void
367     byte_stream::remove (int count)
368 pcg 1.4 {
369 root 1.56 assert (count <= fill);
370 pcg 1.4
371     memmove (data, data + count, fill -= count);
372     }
373    
374 root 1.49 bool
375     byte_stream::put (u8 *data, unsigned int datalen)
376 pcg 1.5 {
377     if (maxsize - fill < datalen)
378     return false;
379    
380     memcpy (this->data + fill, data, datalen); fill += datalen;
381    
382     return true;
383     }
384    
385 root 1.49 bool
386     byte_stream::put (vpn_packet *pkt)
387 pcg 1.4 {
388     if (maxsize - fill < pkt->len + 2)
389     return false;
390    
391     data [fill++] = pkt->len >> 8;
392     data [fill++] = pkt->len;
393    
394 pcg 1.10 memcpy (data + fill, pkt->at (0), pkt->len); fill += pkt->len;
395 pcg 1.4
396     return true;
397     }
398    
399 root 1.56 vpn_packet *
400     byte_stream::get ()
401 pcg 1.4 {
402 pcg 1.18 unsigned int len;
403    
404     for (;;)
405     {
406 root 1.55 if (fill < 2)
407     return 0;
408    
409 pcg 1.18 len = (data [0] << 8) | data [1];
410 pcg 1.4
411 root 1.54 if (len <= MAXSIZE)
412 pcg 1.18 break;
413 pcg 1.5
414 pcg 1.18 // TODO: handle this better than skipping, e.g. by reset
415 root 1.56 slog (L_DEBUG, _("DNS: corrupted packet (%02x %02x > %d) stream skipping a byte..."), data [0], data [1], MAXSIZE);
416 pcg 1.18 remove (1);
417     }
418    
419 pcg 1.4 if (fill < len + 2)
420     return 0;
421    
422     vpn_packet *pkt = new vpn_packet;
423 pcg 1.5
424     pkt->len = len;
425 pcg 1.10 memcpy (pkt->at (0), data + 2, len);
426 pcg 1.4 remove (len + 2);
427    
428     return pkt;
429 pcg 1.2 }
430    
431 pcg 1.3 /////////////////////////////////////////////////////////////////////////////
432    
433 pcg 1.2 #define FLAG_QUERY ( 0 << 15)
434     #define FLAG_RESPONSE ( 1 << 15)
435 pcg 1.9 #define FLAG_OP_MASK (15 << 11)
436 pcg 1.2 #define FLAG_OP_QUERY ( 0 << 11)
437     #define FLAG_AA ( 1 << 10)
438     #define FLAG_TC ( 1 << 9)
439     #define FLAG_RD ( 1 << 8)
440     #define FLAG_RA ( 1 << 7)
441 pcg 1.5 #define FLAG_AUTH ( 1 << 5)
442 pcg 1.2 #define FLAG_RCODE_MASK (15 << 0)
443     #define FLAG_RCODE_OK ( 0 << 0)
444     #define FLAG_RCODE_FORMERR ( 1 << 0)
445     #define FLAG_RCODE_SERVFAIL ( 2 << 0)
446     #define FLAG_RCODE_NXDOMAIN ( 3 << 0)
447     #define FLAG_RCODE_REFUSED ( 5 << 0)
448    
449     #define DEFAULT_CLIENT_FLAGS (FLAG_QUERY | FLAG_OP_QUERY | FLAG_RD)
450 pcg 1.5 #define DEFAULT_SERVER_FLAGS (FLAG_RESPONSE | FLAG_OP_QUERY | FLAG_AA | FLAG_RD | FLAG_RA)
451 pcg 1.2
452 pcg 1.10 struct dns_cfg
453     {
454     static int next_uid;
455    
456 root 1.51 u8 chksum;
457     u8 rrtype;
458     u16 uid; // to make request unique
459 pcg 1.24
460 pcg 1.10 u8 version;
461 pcg 1.24 u8 flags;
462 root 1.51 u16 max_size;
463    
464     u8 id1, id2, id3, id4;
465 pcg 1.24
466 pcg 1.10 u16 client;
467 root 1.51 u8 def_ttl;
468     u8 r0;
469 pcg 1.10
470 root 1.51 u8 syn_cdc; // cdc en/decoder for syn (A?) requests
471     u8 hdr_cdc; // cdc en/decoder for regular request headers
472     u8 req_cdc; // cdc en/decoder for regular (ANY?) request data
473     u8 rep_cdc; // cdc en/decoder for regular (TXT) replies, 0 == 8 bit encoding
474 pcg 1.24
475 root 1.51 u8 r1, r2, r3, r4;
476 pcg 1.10
477     void reset (int clientid);
478     bool valid ();
479 root 1.51 u8 get_chksum ();
480 pcg 1.10 };
481    
482     int dns_cfg::next_uid;
483    
484 root 1.49 void
485     dns_cfg::reset (int clientid)
486 pcg 1.10 {
487 root 1.51 // this ID must result in some mixed-case characters in cdc26-encoding
488 pcg 1.10 id1 = 'G';
489     id2 = 'V';
490     id3 = 'P';
491     id4 = 'E';
492    
493 root 1.51 version = 2;
494 pcg 1.10
495     rrtype = RR_TYPE_TXT;
496     flags = 0;
497 pcg 1.24 def_ttl = 0;
498 root 1.51 syn_cdc = 26;
499     hdr_cdc = 36;
500     req_cdc = conf.dns_case_preserving ? 62 : 36;
501 pcg 1.24 rep_cdc = 0;
502 pcg 1.27 max_size = htons (MAX_PKT_SIZE);
503     client = htons (clientid);
504 root 1.51 uid = ++next_uid;
505    
506     r0 = r1 = r2 = r3 = r4 = 0;
507 pcg 1.10
508 root 1.51 chksum = get_chksum ();
509     }
510    
511     // simple but not trivial chksum
512     u8
513     dns_cfg::get_chksum ()
514     {
515     unsigned int sum = 0xff00; // only 16 bits required
516    
517     u8 old_chksum = chksum;
518     chksum = 0;
519    
520     for (unsigned int i = 0; i < sizeof (*this); ++i)
521     sum += ((u8 *)this)[i] * (i + 1);
522    
523     chksum = old_chksum;
524    
525     return sum + (sum >> 8);
526 pcg 1.10 }
527    
528 root 1.49 bool
529     dns_cfg::valid ()
530 pcg 1.10 {
531 pcg 1.40 // although the protocol itself allows for some configurability,
532     // only the following encoding/decoding settings are implemented.
533 pcg 1.10 return id1 == 'G'
534     && id2 == 'V'
535     && id3 == 'P'
536     && id4 == 'E'
537 root 1.51 && version == 2
538     && syn_cdc == 26
539     && hdr_cdc == 36
540     && (req_cdc == 36 || req_cdc == 62)
541 pcg 1.24 && rep_cdc == 0
542 root 1.51 && chksum == get_chksum ();
543 pcg 1.10 }
544    
545 pcg 1.2 struct dns_packet : net_packet
546     {
547     u16 id;
548     u16 flags; // QR:1 Opcode:4 AA:1 TC:1 RD:1 RA:1 Z:3 RCODE:4
549     u16 qdcount, ancount, nscount, arcount;
550    
551 pcg 1.24 u8 data [MAXSIZE - 6 * 2];
552 pcg 1.2
553     int decode_label (char *data, int size, int &offs);
554     };
555    
556 root 1.49 int
557     dns_packet::decode_label (char *data, int size, int &offs)
558 pcg 1.2 {
559     char *orig = data;
560    
561     memset (data, 0, size);
562    
563     while (offs < size - 1)
564     {
565     u8 len = (*this)[offs++];
566    
567     if (!len)
568     break;
569     else if (len < 64)
570     {
571     if (size < len + 1 || offs + len >= MAXSIZE - 1)
572     break;
573    
574     memcpy (data, &((*this)[offs]), len);
575    
576     data += len; size -= len; offs += len;
577     *data++ = '.'; size--;
578     }
579     else
580     {
581     int offs2 = ((len & 63) << 8) + (*this)[offs++];
582    
583     data += decode_label (data, size, offs2);
584     break;
585     }
586     }
587    
588     return data - orig;
589     }
590    
591 pcg 1.3 /////////////////////////////////////////////////////////////////////////////
592    
593 root 1.49 static
594     u16 next_id ()
595     {
596     static u16 dns_id = 0; // TODO: should be per-vpn
597 pcg 1.18
598 root 1.53 #if 1
599 pcg 1.18 if (!dns_id)
600     dns_id = time (0);
601    
602     // the simplest lsfr with periodicity 65535 i could find
603     dns_id = (dns_id << 1)
604     | (((dns_id >> 1)
605     ^ (dns_id >> 2)
606     ^ (dns_id >> 4)
607     ^ (dns_id >> 15)) & 1);
608    
609     return dns_id;
610 root 1.53 #else
611     dns_id++;//D
612    
613     return htons (dns_id);
614     #endif
615 pcg 1.18 }
616    
617     struct dns_rcv;
618     struct dns_snd;
619    
620     struct dns_connection
621     {
622     connection *c;
623     struct vpn *vpn;
624    
625     dns_cfg cfg;
626    
627     bool established;
628 root 1.51 const basecoder *cdc;
629 pcg 1.18
630     tstamp last_received;
631     tstamp last_sent;
632 pcg 1.25 double min_latency;
633 pcg 1.18 double poll_interval, send_interval;
634    
635     vector<dns_rcv *> rcvpq;
636    
637 pcg 1.31 byte_stream rcvdq; int rcvseq; int repseq;
638 pcg 1.18 byte_stream snddq; int sndseq;
639    
640 pcg 1.46 inline void time_cb (ev::timer &w, int revents); ev::timer tw;
641 pcg 1.18 void receive_rep (dns_rcv *r);
642    
643 root 1.51 void reset (); // quite like tcp RST
644     void set_cfg (); // to be called after any cfg changes
645    
646 pcg 1.18 dns_connection (connection *c);
647     ~dns_connection ();
648     };
649    
650 pcg 1.10 struct dns_snd
651 pcg 1.3 {
652     dns_packet *pkt;
653 pcg 1.10 tstamp timeout, sent;
654 pcg 1.3 int retry;
655 pcg 1.9 struct dns_connection *dns;
656 pcg 1.5 int seqno;
657 pcg 1.17 bool stdhdr;
658 pcg 1.3
659 pcg 1.9 void gen_stream_req (int seqno, byte_stream &stream);
660 pcg 1.18 void gen_syn_req ();
661 pcg 1.11
662     dns_snd (dns_connection *dns);
663     ~dns_snd ();
664 pcg 1.3 };
665    
666 pcg 1.10 dns_snd::dns_snd (dns_connection *dns)
667 pcg 1.9 : dns (dns)
668 pcg 1.3 {
669 pcg 1.10 timeout = 0;
670 pcg 1.3 retry = 0;
671 pcg 1.10 seqno = 0;
672 pcg 1.43 sent = ev_now ();
673 pcg 1.17 stdhdr = false;
674 pcg 1.3
675     pkt = new dns_packet;
676    
677 pcg 1.5 pkt->id = next_id ();
678     }
679    
680 pcg 1.11 dns_snd::~dns_snd ()
681     {
682     delete pkt;
683     }
684    
685 root 1.49 static void
686     append_domain (dns_packet &pkt, int &offs, const char *domain)
687 pcg 1.10 {
688     // add tunnel domain
689     for (;;)
690     {
691     const char *end = strchr (domain, '.');
692    
693     if (!end)
694     end = domain + strlen (domain);
695    
696     int len = end - domain;
697    
698     pkt [offs++] = len;
699     memcpy (pkt.at (offs), domain, len);
700     offs += len;
701    
702     if (!*end)
703     break;
704    
705     domain = end + 1;
706     }
707     }
708    
709 root 1.49 void
710     dns_snd::gen_stream_req (int seqno, byte_stream &stream)
711 pcg 1.5 {
712 pcg 1.17 stdhdr = true;
713 pcg 1.5 this->seqno = seqno;
714    
715 pcg 1.43 timeout = ev_now () + INITIAL_TIMEOUT;
716 pcg 1.10
717 pcg 1.5 pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
718 pcg 1.4 pkt->qdcount = htons (1);
719 pcg 1.3
720 pcg 1.4 int offs = 6*2;
721 pcg 1.19 int dlen = MAX_DOMAIN_SIZE - (strlen (dns->c->conf->domain) + 2);
722 pcg 1.5 // MAX_DOMAIN_SIZE is technically 255, but bind doesn't compress responses well,
723     // so we need to have space for 2*MAX_DOMAIN_SIZE + header + extra
724    
725 pcg 1.8 char enc[256], *encp = enc;
726     encode_header (enc, THISNODE->id, seqno);
727 pcg 1.4
728 root 1.51 int datalen = dns->cdc->decode_len (dlen - (dlen + MAX_LBL_SIZE - 1) / MAX_LBL_SIZE - HDRSIZE);
729 pcg 1.4
730 pcg 1.9 if (datalen > stream.size ())
731     datalen = stream.size ();
732 pcg 1.8
733 root 1.51 int enclen = dns->cdc->encode (enc + HDRSIZE, stream.begin (), datalen) + HDRSIZE;
734 pcg 1.9 stream.remove (datalen);
735 pcg 1.4
736 pcg 1.5 while (enclen)
737     {
738     int lbllen = enclen < MAX_LBL_SIZE ? enclen : MAX_LBL_SIZE;
739    
740     (*pkt)[offs++] = lbllen;
741     memcpy (pkt->at (offs), encp, lbllen);
742 pcg 1.4
743 pcg 1.5 offs += lbllen;
744     encp += lbllen;
745 pcg 1.4
746 pcg 1.5 enclen -= lbllen;
747 pcg 1.4 }
748    
749 pcg 1.19 append_domain (*pkt, offs, dns->c->conf->domain);
750 pcg 1.3
751 pcg 1.10 (*pkt)[offs++] = 0;
752     (*pkt)[offs++] = RR_TYPE_ANY >> 8; (*pkt)[offs++] = RR_TYPE_ANY;
753     (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN;
754    
755     pkt->len = offs;
756     }
757    
758 root 1.49 void
759     dns_snd::gen_syn_req ()
760 pcg 1.10 {
761 pcg 1.43 timeout = ev_now () + INITIAL_SYN_TIMEOUT;
762 pcg 1.4
763 pcg 1.10 pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
764     pkt->qdcount = htons (1);
765 pcg 1.4
766 pcg 1.18 int offs = 6 * 2;
767 pcg 1.4
768 pcg 1.18 int elen = cdc26.encode ((char *)pkt->at (offs + 1), (u8 *)&dns->cfg, sizeof (dns_cfg));
769 pcg 1.4
770 pcg 1.10 assert (elen <= MAX_LBL_SIZE);
771 pcg 1.4
772 pcg 1.10 (*pkt)[offs] = elen;
773     offs += elen + 1;
774 pcg 1.19 append_domain (*pkt, offs, dns->c->conf->domain);
775 pcg 1.4
776     (*pkt)[offs++] = 0;
777 pcg 1.10 (*pkt)[offs++] = RR_TYPE_A >> 8; (*pkt)[offs++] = RR_TYPE_A;
778 pcg 1.4 (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN;
779    
780     pkt->len = offs;
781 pcg 1.5 }
782    
783     struct dns_rcv
784     {
785     int seqno;
786     dns_packet *pkt; // reply packet
787     u8 data [MAXSIZE]; // actually part of the reply packet...
788     int datalen;
789    
790 pcg 1.6 dns_rcv (int seqno, u8 *data, int datalen);
791 pcg 1.5 ~dns_rcv ();
792     };
793    
794 pcg 1.6 dns_rcv::dns_rcv (int seqno, u8 *data, int datalen)
795 pcg 1.5 : seqno (seqno), pkt (new dns_packet), datalen (datalen)
796     {
797     memcpy (this->data, data, datalen);
798     }
799 pcg 1.4
800 pcg 1.5 dns_rcv::~dns_rcv ()
801     {
802     delete pkt;
803 pcg 1.3 }
804    
805     /////////////////////////////////////////////////////////////////////////////
806 pcg 1.9
807     dns_connection::dns_connection (connection *c)
808     : c (c)
809     , rcvdq (MAX_BACKLOG * 2)
810 pcg 1.31 , snddq (MAX_BACKLOG)
811 pcg 1.9 {
812 pcg 1.45 tw.set<dns_connection, &dns_connection::time_cb> (this);
813    
814 pcg 1.9 vpn = c->vpn;
815    
816 root 1.51 reset ();
817     }
818    
819     dns_connection::~dns_connection ()
820     {
821     reset ();
822     }
823    
824     void
825     dns_connection::reset ()
826     {
827     while (!rcvpq.empty ())
828     {
829     delete rcvpq.back ();
830     rcvpq.pop_back ();
831     }
832    
833     for (int i = vpn->dns_sndpq.size (); i--; )
834     if (vpn->dns_sndpq [i]->dns == this)
835     {
836     vpn->dns_sndpq [i] = vpn->dns_sndpq.back ();
837     vpn->dns_sndpq.pop_back ();
838     }
839    
840 pcg 1.10 established = false;
841    
842 pcg 1.31 rcvseq = repseq = sndseq = 0;
843 pcg 1.10
844 root 1.52 last_sent = 0;
845 pcg 1.30 poll_interval = 0.5; // starting here
846 pcg 1.17 send_interval = 0.5; // starting rate
847 pcg 1.25 min_latency = INITIAL_TIMEOUT;
848 pcg 1.9 }
849    
850 root 1.51 void
851     dns_connection::set_cfg ()
852 pcg 1.9 {
853 root 1.51 cdc = cfg.req_cdc == 36 ? &cdc36 : &cdc62;
854 pcg 1.9 }
855 pcg 1.3
856 root 1.49 void
857     dns_connection::receive_rep (dns_rcv *r)
858 pcg 1.2 {
859 pcg 1.10 if (r->datalen)
860 root 1.52 poll_interval = max (poll_interval * (1. / 1.2), MIN_POLL_INTERVAL);
861 pcg 1.10 else
862 root 1.52 poll_interval = min (poll_interval * 1.1, MAX_POLL_INTERVAL);
863 pcg 1.2
864 pcg 1.9 rcvpq.push_back (r);
865 pcg 1.5
866     redo:
867    
868 pcg 1.8 // find next packet
869 pcg 1.9 for (vector<dns_rcv *>::iterator i = rcvpq.end (); i-- != rcvpq.begin (); )
870     if (SEQNO_EQ (rcvseq, (*i)->seqno))
871 pcg 1.5 {
872 pcg 1.41 //printf ("seqno eq %x %x\n", rcvseq, (*i)->seqno);//D
873 pcg 1.8 // enter the packet into our input stream
874     r = *i;
875    
876     // remove the oldest packet, look forward, as it's oldest first
877 pcg 1.9 for (vector<dns_rcv *>::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j)
878     if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW))
879 pcg 1.8 {
880 pcg 1.41 //printf ("seqno RR %x %x\n", (*j)->seqno, rcvseq - MAX_WINDOW);//D
881 pcg 1.8 delete *j;
882 pcg 1.9 rcvpq.erase (j);
883 pcg 1.8 break;
884     }
885 pcg 1.5
886 pcg 1.9 rcvseq = (rcvseq + 1) & SEQNO_MASK;
887 pcg 1.5
888 pcg 1.9 if (!rcvdq.put (r->data, r->datalen))
889 pcg 1.17 {
890 root 1.50 // MUST never overflow, can be caused by data corruption, TODO
891     slog (L_CRIT, "DNS: !rcvdq.put (r->data, r->datalen)");
892 root 1.51 reset ();
893 root 1.50 return;
894 pcg 1.17 }
895 pcg 1.5
896 pcg 1.9 while (vpn_packet *pkt = rcvdq.get ())
897 pcg 1.5 {
898     sockinfo si;
899 pcg 1.33 si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4;
900 pcg 1.5
901     vpn->recv_vpn_packet (pkt, si);
902 pcg 1.11 delete pkt;
903 pcg 1.5 }
904 pcg 1.8
905     // check for further packets
906 pcg 1.5 goto redo;
907     }
908     }
909    
910 pcg 1.10 void
911     vpn::dnsv4_server (dns_packet &pkt)
912 pcg 1.2 {
913 pcg 1.10 u16 flags = ntohs (pkt.flags);
914 pcg 1.2
915 pcg 1.4 int offs = 6 * 2; // skip header
916 pcg 1.2
917 pcg 1.10 pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR);
918 pcg 1.2
919 pcg 1.10 if (0 == (flags & (FLAG_RESPONSE | FLAG_OP_MASK))
920     && pkt.qdcount == htons (1))
921 pcg 1.4 {
922 pcg 1.24 char qname [MAXSIZE];
923 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
924 pcg 1.4
925 pcg 1.10 u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++];
926     u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++];
927 pcg 1.2
928 pcg 1.10 pkt.qdcount = htons (1);
929     pkt.ancount = 0;
930     pkt.nscount = 0; // should be self, as other nameservers reply like this
931     pkt.arcount = 0; // a record for self, as other nameservers reply like this
932 pcg 1.2
933 pcg 1.16 pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_SERVFAIL);
934 pcg 1.2
935 pcg 1.4 int dlen = strlen (THISNODE->domain);
936 pcg 1.2
937 pcg 1.4 if (qclass == RR_CLASS_IN
938 pcg 1.10 && qlen > dlen + 1
939 pcg 1.24 && !memcmp (qname + qlen - (dlen + 1), THISNODE->domain, dlen))
940 pcg 1.2 {
941 pcg 1.10 // now generate reply
942     pkt.ancount = htons (1); // one answer RR
943     pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_OK);
944    
945     if ((qtype == RR_TYPE_ANY
946     || qtype == RR_TYPE_TXT
947     || qtype == RR_TYPE_NULL)
948     && qlen > dlen + 1 + HDRSIZE)
949 pcg 1.5 {
950 pcg 1.10 // correct class, domain: parse
951     int client, seqno;
952     decode_header (qname, client, seqno);
953 pcg 1.5
954 pcg 1.10 if (0 < client && client <= conns.size ())
955     {
956     connection *c = conns [client - 1];
957     dns_connection *dns = c->dns;
958     dns_rcv *rcv;
959    
960     if (dns)
961     {
962 root 1.51 u8 data[MAXSIZE];
963     int datalen = dns->cdc->decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE));
964    
965 pcg 1.10 for (vector<dns_rcv *>::iterator i = dns->rcvpq.end (); i-- != dns->rcvpq.begin (); )
966     if (SEQNO_EQ ((*i)->seqno, seqno))
967     {
968     // already seen that request: simply reply with the cached reply
969     dns_rcv *r = *i;
970    
971 pcg 1.17 slog (L_DEBUG, "DNS: duplicate packet received ID %d, SEQ %d", htons (r->pkt->id), seqno);
972    
973     // refresh header & id, as the retry count could have changed
974     memcpy (r->pkt->at (6 * 2 + 1), pkt.at (6 * 2 + 1), HDRSIZE);
975     r->pkt->id = pkt.id;
976 pcg 1.10
977     memcpy (pkt.at (0), r->pkt->at (0), offs = r->pkt->len);
978 pcg 1.17
979 pcg 1.10 goto duplicate_request;
980     }
981    
982     // new packet, queue
983     rcv = new dns_rcv (seqno, data, datalen);
984     dns->receive_rep (rcv);
985     }
986    
987 pcg 1.21 {
988     pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section
989    
990     int rtype = dns ? dns->cfg.rrtype : RR_TYPE_A;
991     pkt [offs++] = rtype >> 8; pkt [offs++] = rtype; // type
992     pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class
993     pkt [offs++] = 0; pkt [offs++] = 0;
994     pkt [offs++] = 0; pkt [offs++] = dns ? dns->cfg.def_ttl : 0; // TTL
995    
996     int rdlen_offs = offs += 2;
997 pcg 1.10
998 pcg 1.21 if (dns)
999     {
1000 pcg 1.27 int dlen = ntohs (dns->cfg.max_size) - offs;
1001    
1002     // bind doesn't compress well, so reduce further by one label length
1003     dlen -= qlen;
1004    
1005 pcg 1.21 // only put data into in-order sequence packets, if
1006     // we receive out-of-order packets we generate empty
1007     // replies
1008 pcg 1.31 //printf ("%d - %d & %x (=%d) < %d\n", seqno, dns->repseq, SEQNO_MASK, (seqno - dns->repseq) & SEQNO_MASK, MAX_WINDOW);//D
1009     if (((seqno - dns->repseq) & SEQNO_MASK) <= MAX_WINDOW)
1010 pcg 1.21 {
1011 pcg 1.31 dns->repseq = seqno;
1012 pcg 1.10
1013 pcg 1.31 while (dlen > 1 && !dns->snddq.empty ())
1014     {
1015     int txtlen = dlen <= 255 ? dlen - 1 : 255;
1016    
1017     if (txtlen > dns->snddq.size ())
1018     txtlen = dns->snddq.size ();
1019    
1020     pkt[offs++] = txtlen;
1021     memcpy (pkt.at (offs), dns->snddq.begin (), txtlen);
1022     offs += txtlen;
1023     dns->snddq.remove (txtlen);
1024 pcg 1.10
1025 pcg 1.31 dlen -= txtlen + 1;
1026     }
1027 pcg 1.21 }
1028    
1029 pcg 1.31 // avoid completely empty TXT rdata
1030 pcg 1.21 if (offs == rdlen_offs)
1031     pkt[offs++] = 0;
1032 pcg 1.15
1033 pcg 1.21 slog (L_NOISE, "DNS: snddq %d", dns->snddq.size ());
1034     }
1035     else
1036     {
1037     // send RST
1038     pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3;
1039     pkt [offs++] = CMD_IP_RST;
1040     }
1041 pcg 1.10
1042 pcg 1.21 int rdlen = offs - rdlen_offs;
1043 pcg 1.10
1044 pcg 1.21 pkt [rdlen_offs - 2] = rdlen >> 8;
1045     pkt [rdlen_offs - 1] = rdlen;
1046 pcg 1.10
1047 pcg 1.21 if (dns)
1048     {
1049     // now update dns_rcv copy
1050     rcv->pkt->len = offs;
1051     memcpy (rcv->pkt->at (0), pkt.at (0), offs);
1052     }
1053     }
1054 pcg 1.9
1055 pcg 1.10 duplicate_request: ;
1056     }
1057     else
1058     pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR);
1059     }
1060     else if (qtype == RR_TYPE_A
1061     && qlen > dlen + 1 + cdc26.encode_len (sizeof (dns_cfg)))
1062     {
1063     dns_cfg cfg;
1064     cdc26.decode ((u8 *)&cfg, qname, cdc26.encode_len (sizeof (dns_cfg)));
1065     int client = ntohs (cfg.client);
1066 pcg 1.4
1067 pcg 1.10 pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section
1068 pcg 1.2
1069 pcg 1.10 pkt [offs++] = RR_TYPE_A >> 8; pkt [offs++] = RR_TYPE_A; // type
1070     pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class
1071     pkt [offs++] = 0; pkt [offs++] = 0;
1072     pkt [offs++] = 0; pkt [offs++] = cfg.def_ttl; // TTL
1073     pkt [offs++] = 0; pkt [offs++] = 4; // rdlength
1074 pcg 1.2
1075 pcg 1.10 pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3;
1076     pkt [offs++] = CMD_IP_REJ;
1077 pcg 1.2
1078 pcg 1.10 if (0 < client && client <= conns.size ())
1079 pcg 1.5 {
1080 pcg 1.10 connection *c = conns [client - 1];
1081 pcg 1.2
1082 pcg 1.10 if (cfg.valid ())
1083     {
1084 root 1.51 slog (L_INFO, _("DNS: client %d connects (version %d, req_cdc %d)"), client, cfg.version, cfg.req_cdc);
1085    
1086     // check for any encoding mismatches - hints at a case problem
1087     char qname2 [MAX_ENC_LEN];
1088     cdc26.encode (qname2, (u8 *)&cfg, sizeof (dns_cfg));
1089 pcg 1.10
1090     delete c->dns;
1091 root 1.51
1092     pkt [offs - 1] = memcmp (qname, qname2, cdc26.encode_len (sizeof (dns_cfg)))
1093     ? CMD_IP_CSE : CMD_IP_SYN;
1094    
1095 pcg 1.10 c->dns = new dns_connection (c);
1096     c->dns->cfg = cfg;
1097 root 1.51 c->dns->set_cfg ();
1098 pcg 1.10 }
1099 pcg 1.5 }
1100     }
1101 pcg 1.2 }
1102 pcg 1.6
1103 pcg 1.10 pkt.len = offs;
1104 pcg 1.4 }
1105     }
1106    
1107     void
1108 pcg 1.10 vpn::dnsv4_client (dns_packet &pkt)
1109 pcg 1.4 {
1110 pcg 1.10 u16 flags = ntohs (pkt.flags);
1111 pcg 1.4 int offs = 6 * 2; // skip header
1112    
1113 pcg 1.10 pkt.qdcount = ntohs (pkt.qdcount);
1114     pkt.ancount = ntohs (pkt.ancount);
1115 pcg 1.4
1116 pcg 1.5 // go through our request list and find the corresponding request
1117 pcg 1.10 for (vector<dns_snd *>::iterator i = dns_sndpq.begin ();
1118 pcg 1.4 i != dns_sndpq.end ();
1119     ++i)
1120 pcg 1.10 if ((*i)->pkt->id == pkt.id)
1121 pcg 1.4 {
1122 pcg 1.9 dns_connection *dns = (*i)->dns;
1123 pcg 1.12 connection *c = dns->c;
1124 pcg 1.5 int seqno = (*i)->seqno;
1125     u8 data[MAXSIZE], *datap = data;
1126 pcg 1.41 //printf ("rcv pkt %x\n", seqno);//D
1127 pcg 1.5
1128 root 1.52 if ((*i)->retry)
1129 pcg 1.10 {
1130 pcg 1.17 dns->send_interval *= 1.01;
1131 pcg 1.12 if (dns->send_interval > MAX_SEND_INTERVAL)
1132 pcg 1.10 dns->send_interval = MAX_SEND_INTERVAL;
1133     }
1134     else
1135     {
1136 pcg 1.26 #if 0
1137 pcg 1.17 dns->send_interval *= 0.999;
1138 pcg 1.12 #endif
1139 pcg 1.10 // the latency surely puts an upper bound on
1140     // the minimum send interval
1141 pcg 1.43 double latency = ev_now () - (*i)->sent;
1142 pcg 1.12
1143 pcg 1.25 if (latency < dns->min_latency)
1144     dns->min_latency = latency;
1145    
1146 pcg 1.37 if (dns->send_interval > dns->min_latency * conf.dns_overlap_factor)
1147     dns->send_interval = dns->min_latency * conf.dns_overlap_factor;
1148 pcg 1.27
1149 pcg 1.37 if (dns->send_interval < conf.dns_send_interval)
1150     dns->send_interval = conf.dns_send_interval;
1151 pcg 1.10 }
1152    
1153 pcg 1.4 delete *i;
1154     dns_sndpq.erase (i);
1155    
1156 pcg 1.10 if (flags & FLAG_RESPONSE && !(flags & FLAG_OP_MASK))
1157 pcg 1.4 {
1158     char qname[MAXSIZE];
1159    
1160 pcg 1.10 while (pkt.qdcount-- && offs < MAXSIZE - 4)
1161 pcg 1.4 {
1162 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
1163 pcg 1.4 offs += 4; // skip qtype, qclass
1164     }
1165    
1166 pcg 1.10 while (pkt.ancount-- && offs < MAXSIZE - 10 && datap)
1167 pcg 1.4 {
1168 pcg 1.10 int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs);
1169    
1170     u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++];
1171     u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++];
1172     u32 ttl = pkt [offs++] << 24;
1173     ttl |= pkt [offs++] << 16;
1174     ttl |= pkt [offs++] << 8;
1175     ttl |= pkt [offs++];
1176     u16 rdlen = pkt [offs++] << 8; rdlen |= pkt [offs++];
1177 pcg 1.8
1178 root 1.51 if (qtype == RR_TYPE_NULL || qtype == RR_TYPE_TXT || qtype == dns->cfg.rrtype)
1179 pcg 1.10 {
1180     if (rdlen <= MAXSIZE - offs)
1181     {
1182     // decode bytes, finally
1183    
1184     while (rdlen)
1185     {
1186     int txtlen = pkt [offs++];
1187 pcg 1.4
1188 pcg 1.10 assert (txtlen + offs < MAXSIZE - 1);
1189 pcg 1.4
1190 pcg 1.10 memcpy (datap, pkt.at (offs), txtlen);
1191     datap += txtlen; offs += txtlen;
1192    
1193     rdlen -= txtlen + 1;
1194     }
1195     }
1196     }
1197     else if (qtype == RR_TYPE_A)
1198 pcg 1.5 {
1199 pcg 1.10 u8 ip [4];
1200 pcg 1.5
1201 pcg 1.10 ip [0] = pkt [offs++];
1202     ip [1] = pkt [offs++];
1203     ip [2] = pkt [offs++];
1204     ip [3] = pkt [offs++];
1205    
1206     if (ip [0] == CMD_IP_1
1207     && ip [1] == CMD_IP_2
1208     && ip [2] == CMD_IP_3)
1209 pcg 1.5 {
1210 pcg 1.17 slog (L_TRACE, _("DNS: got tunnel meta command %02x"), ip [3]);
1211 pcg 1.5
1212 pcg 1.10 if (ip [3] == CMD_IP_RST)
1213     {
1214 root 1.51 slog (L_DEBUG, _("DNS: got tunnel RST request."));
1215 pcg 1.10
1216 root 1.51 dns->reset ();
1217     return;
1218 pcg 1.10 }
1219     else if (ip [3] == CMD_IP_SYN)
1220 pcg 1.12 {
1221 pcg 1.17 slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us."));
1222 pcg 1.12 dns->established = true;
1223     }
1224 root 1.51 else if (ip [3] == CMD_IP_CSE)
1225     {
1226     if (conf.dns_case_preserving)
1227     {
1228     slog (L_INFO, _("DNS: got tunnel CSE reply, globally downgrading to case-insensitive protocol."));
1229     conf.dns_case_preserving = false;
1230     dns->reset ();
1231     return;
1232     }
1233     else
1234     {
1235     slog (L_DEBUG, _("DNS: got tunnel CSE reply, server likes us."));
1236     dns->established = true;
1237     }
1238     }
1239 pcg 1.12 else if (ip [3] == CMD_IP_REJ)
1240 root 1.51 {
1241     slog (L_ERR, _("DNS: got tunnel REJ reply, server does not like us."));
1242     dns->tw.start (60.);
1243     }
1244 pcg 1.10 else
1245 root 1.51 {
1246     slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]);
1247     dns->tw.start (60.);
1248     }
1249 pcg 1.10 }
1250     else
1251 pcg 1.17 slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"),
1252 pcg 1.10 ip [0], ip [1], ip [2], ip [3]);
1253 pcg 1.5
1254 pcg 1.10 return;
1255 pcg 1.9 }
1256 pcg 1.4
1257 pcg 1.9 int client, rseqno;
1258     decode_header (qname, client, rseqno);
1259    
1260     if (client != THISNODE->id)
1261     {
1262 pcg 1.17 slog (L_INFO, _("DNS: got dns tunnel response with wrong clientid, ignoring"));
1263 pcg 1.9 datap = 0;
1264     }
1265     else if (rseqno != seqno)
1266     {
1267 pcg 1.17 slog (L_DEBUG, _("DNS: got dns tunnel response with wrong seqno, badly caching nameserver?"));
1268 pcg 1.9 datap = 0;
1269 pcg 1.4 }
1270     }
1271     }
1272    
1273 pcg 1.6 // todo: pkt now used
1274 pcg 1.9 if (datap)
1275     dns->receive_rep (new dns_rcv (seqno, data, datap - data));
1276 pcg 1.5
1277 pcg 1.4 break;
1278     }
1279     }
1280    
1281     void
1282 pcg 1.42 vpn::dnsv4_ev (ev::io &w, int revents)
1283 pcg 1.4 {
1284 pcg 1.42 if (revents & EV_READ)
1285 pcg 1.4 {
1286     dns_packet *pkt = new dns_packet;
1287     struct sockaddr_in sa;
1288     socklen_t sa_len = sizeof (sa);
1289    
1290 pcg 1.10 pkt->len = recvfrom (w.fd, pkt->at (0), MAXSIZE, 0, (sockaddr *)&sa, &sa_len);
1291 pcg 1.4
1292     if (pkt->len > 0)
1293 pcg 1.5 {
1294 pcg 1.24 if (ntohs (pkt->flags) & FLAG_RESPONSE)
1295     dnsv4_client (*pkt);
1296     else
1297 pcg 1.5 {
1298 pcg 1.10 dnsv4_server (*pkt);
1299     sendto (w.fd, pkt->at (0), pkt->len, 0, (sockaddr *)&sa, sa_len);
1300 pcg 1.5 }
1301 pcg 1.10
1302     delete pkt;
1303 pcg 1.5 }
1304 pcg 1.1 }
1305     }
1306    
1307     bool
1308 pcg 1.18 vpn::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos)
1309 pcg 1.3 {
1310 pcg 1.33 int client = ntohl (si.host);
1311 pcg 1.18
1312     assert (0 < client && client <= conns.size ());
1313    
1314     connection *c = conns [client - 1];
1315    
1316     if (!c->dns)
1317     c->dns = new dns_connection (c);
1318 pcg 1.4
1319 pcg 1.31 if (c->dns->snddq.put (pkt))
1320 root 1.52 {
1321     min_it (c->dns->poll_interval, 0.25);
1322     c->dns->tw ();
1323     }
1324 pcg 1.3
1325 pcg 1.31 // always return true even if the buffer overflows
1326 pcg 1.3 return true;
1327     }
1328    
1329     void
1330 pcg 1.42 dns_connection::time_cb (ev::timer &w, int revents)
1331 pcg 1.1 {
1332 pcg 1.10 // servers have to be polled
1333     if (THISNODE->dns_port)
1334     return;
1335    
1336 pcg 1.3 // check for timeouts and (re)transmit
1337 root 1.52 tstamp next = 86400 * 365;
1338 pcg 1.10 dns_snd *send = 0;
1339 pcg 1.3
1340 pcg 1.10 for (vector<dns_snd *>::iterator i = vpn->dns_sndpq.begin ();
1341 pcg 1.4 i != vpn->dns_sndpq.end ();
1342 pcg 1.3 ++i)
1343     {
1344 pcg 1.10 dns_snd *r = *i;
1345 pcg 1.3
1346 pcg 1.43 if (r->timeout <= ev_now ())
1347 pcg 1.3 {
1348 pcg 1.4 if (!send)
1349     {
1350     send = r;
1351    
1352     r->retry++;
1353 root 1.52 r->timeout = ev_now () + r->retry * min_latency * conf.dns_timeout_factor;
1354 pcg 1.43 //printf ("RETRY %x (%d, %f)\n", r->seqno, r->retry, r->timeout - ev_now ());//D
1355 pcg 1.17
1356     // the following code changes the query section a bit, forcing
1357     // the forwarder to generate a new request
1358     if (r->stdhdr)
1359 pcg 1.41 encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry);
1360 pcg 1.4 }
1361 pcg 1.3 }
1362 pcg 1.11 else
1363 root 1.52 min_it (next, r->timeout - ev_now ());
1364 pcg 1.3 }
1365    
1366 pcg 1.28 if (!send)
1367 pcg 1.5 {
1368 pcg 1.29 // generate a new packet, if wise
1369    
1370     if (!established)
1371 pcg 1.10 {
1372 pcg 1.29 if (vpn->dns_sndpq.empty ())
1373 pcg 1.10 {
1374 pcg 1.29 send = new dns_snd (this);
1375 pcg 1.10
1376 pcg 1.29 cfg.reset (THISNODE->id);
1377 root 1.51 set_cfg ();
1378 pcg 1.29 send->gen_syn_req ();
1379 pcg 1.10 }
1380 pcg 1.29 }
1381 pcg 1.37 else if (vpn->dns_sndpq.size () < conf.dns_max_outstanding
1382 pcg 1.29 && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1)))
1383     {
1384 pcg 1.43 if (last_sent + send_interval <= ev_now ())
1385 pcg 1.10 {
1386 pcg 1.18 //printf ("sending data request etc.\n"); //D
1387 root 1.52 if (!snddq.empty ())
1388     min_it (next, send_interval);
1389 pcg 1.17
1390 pcg 1.10 send = new dns_snd (this);
1391     send->gen_stream_req (sndseq, snddq);
1392 pcg 1.43 send->timeout = ev_now () + min_latency * conf.dns_timeout_factor;
1393     //printf ("SEND %x (%f)\n", send->seqno, send->timeout - ev_now (), min_latency, conf.dns_timeout_factor);//D
1394 pcg 1.5
1395 pcg 1.10 sndseq = (sndseq + 1) & SEQNO_MASK;
1396     }
1397 pcg 1.29 else
1398 root 1.52 min_it (next, last_sent + send_interval - ev_now ());
1399 pcg 1.29 }
1400 pcg 1.4
1401 pcg 1.29 if (send)
1402     vpn->dns_sndpq.push_back (send);
1403 pcg 1.28 }
1404 pcg 1.4
1405 pcg 1.28 if (send)
1406     {
1407 pcg 1.43 last_sent = ev_now ();
1408 pcg 1.28 sendto (vpn->dnsv4_fd,
1409     send->pkt->at (0), send->pkt->len, 0,
1410     vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ());
1411 pcg 1.4 }
1412 pcg 1.10
1413 root 1.52 min_it (next, last_sent + max (poll_interval, send_interval) - ev_now ());
1414    
1415 pcg 1.27 slog (L_NOISE, "DNS: pi %f si %f N %f (%d:%d %d)",
1416 pcg 1.43 poll_interval, send_interval, next - ev_now (),
1417 pcg 1.27 vpn->dns_sndpq.size (), snddq.size (),
1418     rcvpq.size ());
1419 pcg 1.11
1420 root 1.52 w.start (next);
1421 pcg 1.1 }
1422    
1423     #endif
1424