--- gvpe/src/vpn_dns.C 2007/12/04 17:17:20 1.45 +++ gvpe/src/vpn_dns.C 2011/03/06 13:49:50 1.50 @@ -1,22 +1,32 @@ /* vpn_dns.C -- handle the dns tunnel part of the protocol. - Copyright (C) 2003-2005 Marc Lehmann + Copyright (C) 2003-2008 Marc Lehmann This file is part of GVPE. - GVPE is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with gvpe; if not, write to the Free Software - Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. */ // TODO: EDNS0 option to increase dns mtu? @@ -75,6 +85,7 @@ #define RR_TYPE_A 1 #define RR_TYPE_NULL 10 #define RR_TYPE_TXT 16 +#define RR_TYPE_AAAA 28 #define RR_TYPE_ANY 255 #define RR_CLASS_IN 1 @@ -108,8 +119,14 @@ for (size = 0; cmap [size]; size++) { - enc [size] = cmap [size]; - dec [(u8)enc [size]] = size; + char c = cmap [size]; + + enc [size] = c; + dec [(u8)c] = size; + + // allow lowercase/uppercase aliases if possible + if (c >= 'A' && c <= 'Z' && dec [c + ('a' - 'A')] == INVALID) dec [c + ('a' - 'A')] = size; + if (c >= 'a' && c <= 'z' && dec [c - ('a' - 'A')] == INVALID) dec [c - ('a' - 'A')] = size; } assert (size < 256); @@ -159,12 +176,14 @@ } } -unsigned int basecoder::encode_len (unsigned int len) +unsigned int +basecoder::encode_len (unsigned int len) { return enc_len [len]; } -unsigned int basecoder::decode_len (unsigned int len) +unsigned int +basecoder::decode_len (unsigned int len) { while (len && !dec_len [len]) --len; @@ -172,7 +191,8 @@ return dec_len [len]; } -unsigned int basecoder::encode (char *dst, u8 *src, unsigned int len) +unsigned int +basecoder::encode (char *dst, u8 *src, unsigned int len) { if (!len || len > MAX_DEC_LEN) return 0; @@ -201,7 +221,8 @@ return elen; } -unsigned int basecoder::decode (u8 *dst, char *src, unsigned int len) +unsigned int +basecoder::decode (u8 *dst, char *src, unsigned int len) { if (!len || len > MAX_ENC_LEN) return 0; @@ -270,7 +291,8 @@ #define HDRSIZE 6 -inline void encode_header (char *data, int clientid, int seqno, int retry = 0) +inline void +encode_header (char *data, int clientid, int seqno, int retry = 0) { seqno &= SEQNO_MASK; @@ -285,7 +307,8 @@ cdc26.encode (data, hdr, 3); } -inline void decode_header (char *data, int &clientid, int &seqno) +inline void +decode_header (char *data, int &clientid, int &seqno) { u8 hdr[3]; @@ -328,7 +351,8 @@ delete data; } -void byte_stream::remove (int count) +void +byte_stream::remove (int count) { if (count > fill) assert (count <= fill); @@ -336,7 +360,8 @@ memmove (data, data + count, fill -= count); } -bool byte_stream::put (u8 *data, unsigned int datalen) +bool +byte_stream::put (u8 *data, unsigned int datalen) { if (maxsize - fill < datalen) return false; @@ -346,7 +371,8 @@ return true; } -bool byte_stream::put (vpn_packet *pkt) +bool +byte_stream::put (vpn_packet *pkt) { if (maxsize - fill < pkt->len + 2) return false; @@ -438,7 +464,8 @@ int dns_cfg::next_uid; -void dns_cfg::reset (int clientid) +void +dns_cfg::reset (int clientid) { id1 = 'G'; id2 = 'V'; @@ -462,7 +489,8 @@ r4 = r5 = r6 = r7 = 0; } -bool dns_cfg::valid () +bool +dns_cfg::valid () { // although the protocol itself allows for some configurability, // only the following encoding/decoding settings are implemented. @@ -487,7 +515,8 @@ int decode_label (char *data, int size, int &offs); }; -int dns_packet::decode_label (char *data, int size, int &offs) +int +dns_packet::decode_label (char *data, int size, int &offs) { char *orig = data; @@ -523,10 +552,11 @@ ///////////////////////////////////////////////////////////////////////////// -static u16 dns_id = 0; // TODO: should be per-vpn - -static u16 next_id () +static +u16 next_id () { + static u16 dns_id = 0; // TODO: should be per-vpn + if (!dns_id) dns_id = time (0); @@ -562,7 +592,7 @@ byte_stream rcvdq; int rcvseq; int repseq; byte_stream snddq; int sndseq; - void time_cb (ev::timer &w, int revents); ev::timer tw; + inline void time_cb (ev::timer &w, int revents); ev::timer tw; void receive_rep (dns_rcv *r); dns_connection (connection *c); @@ -604,7 +634,8 @@ delete pkt; } -static void append_domain (dns_packet &pkt, int &offs, const char *domain) +static void +append_domain (dns_packet &pkt, int &offs, const char *domain) { // add tunnel domain for (;;) @@ -627,7 +658,8 @@ } } -void dns_snd::gen_stream_req (int seqno, byte_stream &stream) +void +dns_snd::gen_stream_req (int seqno, byte_stream &stream) { stdhdr = true; this->seqno = seqno; @@ -675,7 +707,8 @@ pkt->len = offs; } -void dns_snd::gen_syn_req () +void +dns_snd::gen_syn_req () { timeout = ev_now () + INITIAL_SYN_TIMEOUT; @@ -750,7 +783,8 @@ delete *i; } -void dns_connection::receive_rep (dns_rcv *r) +void +dns_connection::receive_rep (dns_rcv *r) { if (r->datalen) { @@ -793,8 +827,10 @@ if (!rcvdq.put (r->data, r->datalen)) { - slog (L_ERR, "DNS: !rcvdq.put (r->data, r->datalen)"); - abort (); // MUST never overflow, can be caused by data corruption, TODO + // MUST never overflow, can be caused by data corruption, TODO + slog (L_CRIT, "DNS: !rcvdq.put (r->data, r->datalen)"); + c->dnsv4_reset_connection (); + return; } while (vpn_packet *pkt = rcvdq.get ()) @@ -803,7 +839,6 @@ si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4; vpn->recv_vpn_packet (pkt, si); - delete pkt; } @@ -1111,9 +1146,7 @@ { slog (L_DEBUG, _("DNS: got tunnel RST request")); - delete dns; c->dns = 0; - - return; + c->dnsv4_reset_connection (); } else if (ip [3] == CMD_IP_SYN) { @@ -1121,10 +1154,7 @@ dns->established = true; } else if (ip [3] == CMD_IP_REJ) - { - slog (L_DEBUG, _("DNS: got tunnel REJ reply, server does not like us, aborting.")); - abort (); - } + slog (L_ERR, _("DNS: got tunnel REJ reply, server does not like us.")); else slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]); }