1 | /* |
1 | /* |
2 | vpn_dns.C -- handle the dns tunnel part of the protocol. |
2 | vpn_dns.C -- handle the dns tunnel part of the protocol. |
3 | Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
4 | |
4 | |
5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
6 | |
6 | |
7 | GVPE is free software; you can redistribute it and/or modify |
7 | GVPE is free software; you can redistribute it and/or modify it |
8 | it under the terms of the GNU General Public License as published by |
8 | under the terms of the GNU General Public License as published by the |
9 | the Free Software Foundation; either version 2 of the License, or |
9 | Free Software Foundation; either version 3 of the License, or (at your |
10 | (at your option) any later version. |
10 | option) any later version. |
11 | |
11 | |
12 | This program is distributed in the hope that it will be useful, |
12 | This program is distributed in the hope that it will be useful, but |
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
15 | GNU General Public License for more details. |
15 | Public License for more details. |
16 | |
16 | |
17 | You should have received a copy of the GNU General Public License |
17 | You should have received a copy of the GNU General Public License along |
18 | along with gvpe; if not, write to the Free Software |
18 | with this program; if not, see <http://www.gnu.org/licenses/>. |
19 | Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
19 | |
|
|
20 | Additional permission under GNU GPL version 3 section 7 |
|
|
21 | |
|
|
22 | If you modify this Program, or any covered work, by linking or |
|
|
23 | combining it with the OpenSSL project's OpenSSL library (or a modified |
|
|
24 | version of that library), containing parts covered by the terms of the |
|
|
25 | OpenSSL or SSLeay licenses, the licensors of this Program grant you |
|
|
26 | additional permission to convey the resulting work. Corresponding |
|
|
27 | Source for a non-source form of such a combination shall include the |
|
|
28 | source code for the parts of OpenSSL used as well as that of the |
|
|
29 | covered work. |
20 | */ |
30 | */ |
21 | |
31 | |
22 | // TODO: EDNS0 option to increase dns mtu? |
32 | // TODO: EDNS0 option to increase dns mtu? |
23 | // TODO: re-write dns packet parsing/creation using a safe mem-buffer |
33 | // TODO: re-write dns packet parsing/creation using a safe mem-buffer |
24 | // to ensure no buffer overflows or similar problems. |
34 | // to ensure no buffer overflows or similar problems. |
… | |
… | |
73 | #define MAX_PKT_SIZE 512 |
83 | #define MAX_PKT_SIZE 512 |
74 | |
84 | |
75 | #define RR_TYPE_A 1 |
85 | #define RR_TYPE_A 1 |
76 | #define RR_TYPE_NULL 10 |
86 | #define RR_TYPE_NULL 10 |
77 | #define RR_TYPE_TXT 16 |
87 | #define RR_TYPE_TXT 16 |
|
|
88 | #define RR_TYPE_AAAA 28 |
78 | #define RR_TYPE_ANY 255 |
89 | #define RR_TYPE_ANY 255 |
79 | |
90 | |
80 | #define RR_CLASS_IN 1 |
91 | #define RR_CLASS_IN 1 |
81 | |
92 | |
82 | #define CMD_IP_1 207 |
93 | #define CMD_IP_1 207 |
… | |
… | |
106 | memset (enc, (char) 0, 256); |
117 | memset (enc, (char) 0, 256); |
107 | memset (dec, (char)INVALID, 256); |
118 | memset (dec, (char)INVALID, 256); |
108 | |
119 | |
109 | for (size = 0; cmap [size]; size++) |
120 | for (size = 0; cmap [size]; size++) |
110 | { |
121 | { |
|
|
122 | char c = cmap [size]; |
|
|
123 | |
111 | enc [size] = cmap [size]; |
124 | enc [size] = c; |
112 | dec [(u8)enc [size]] = size; |
125 | dec [(u8)c] = size; |
|
|
126 | |
|
|
127 | // allow lowercase/uppercase aliases if possible |
|
|
128 | if (c >= 'A' && c <= 'Z' && dec [c + ('a' - 'A')] == INVALID) dec [c + ('a' - 'A')] = size; |
|
|
129 | if (c >= 'a' && c <= 'z' && dec [c - ('a' - 'A')] == INVALID) dec [c - ('a' - 'A')] = size; |
113 | } |
130 | } |
114 | |
131 | |
115 | assert (size < 256); |
132 | assert (size < 256); |
116 | } |
133 | } |
117 | |
134 | |
… | |
… | |
157 | enc_len [len] = n; |
174 | enc_len [len] = n; |
158 | dec_len [n] = len; |
175 | dec_len [n] = len; |
159 | } |
176 | } |
160 | } |
177 | } |
161 | |
178 | |
|
|
179 | unsigned int |
162 | unsigned int basecoder::encode_len (unsigned int len) |
180 | basecoder::encode_len (unsigned int len) |
163 | { |
181 | { |
164 | return enc_len [len]; |
182 | return enc_len [len]; |
165 | } |
183 | } |
166 | |
184 | |
|
|
185 | unsigned int |
167 | unsigned int basecoder::decode_len (unsigned int len) |
186 | basecoder::decode_len (unsigned int len) |
168 | { |
187 | { |
169 | while (len && !dec_len [len]) |
188 | while (len && !dec_len [len]) |
170 | --len; |
189 | --len; |
171 | |
190 | |
172 | return dec_len [len]; |
191 | return dec_len [len]; |
173 | } |
192 | } |
174 | |
193 | |
|
|
194 | unsigned int |
175 | unsigned int basecoder::encode (char *dst, u8 *src, unsigned int len) |
195 | basecoder::encode (char *dst, u8 *src, unsigned int len) |
176 | { |
196 | { |
177 | if (!len || len > MAX_DEC_LEN) |
197 | if (!len || len > MAX_DEC_LEN) |
178 | return 0; |
198 | return 0; |
179 | |
199 | |
180 | int elen = encode_len (len); |
200 | int elen = encode_len (len); |
… | |
… | |
199 | *dst++ = cmap.encode [dst_ [i]]; |
219 | *dst++ = cmap.encode [dst_ [i]]; |
200 | |
220 | |
201 | return elen; |
221 | return elen; |
202 | } |
222 | } |
203 | |
223 | |
|
|
224 | unsigned int |
204 | unsigned int basecoder::decode (u8 *dst, char *src, unsigned int len) |
225 | basecoder::decode (u8 *dst, char *src, unsigned int len) |
205 | { |
226 | { |
206 | if (!len || len > MAX_ENC_LEN) |
227 | if (!len || len > MAX_ENC_LEN) |
207 | return 0; |
228 | return 0; |
208 | |
229 | |
209 | u8 src_ [MAX_ENC_LEN]; |
230 | u8 src_ [MAX_ENC_LEN]; |
… | |
… | |
268 | |
289 | |
269 | ///////////////////////////////////////////////////////////////////////////// |
290 | ///////////////////////////////////////////////////////////////////////////// |
270 | |
291 | |
271 | #define HDRSIZE 6 |
292 | #define HDRSIZE 6 |
272 | |
293 | |
|
|
294 | inline void |
273 | inline void encode_header (char *data, int clientid, int seqno, int retry = 0) |
295 | encode_header (char *data, int clientid, int seqno, int retry = 0) |
274 | { |
296 | { |
275 | seqno &= SEQNO_MASK; |
297 | seqno &= SEQNO_MASK; |
276 | |
298 | |
277 | u8 hdr[3] = { |
299 | u8 hdr[3] = { |
278 | clientid, |
300 | clientid, |
… | |
… | |
283 | assert (clientid < 256); |
305 | assert (clientid < 256); |
284 | |
306 | |
285 | cdc26.encode (data, hdr, 3); |
307 | cdc26.encode (data, hdr, 3); |
286 | } |
308 | } |
287 | |
309 | |
|
|
310 | inline void |
288 | inline void decode_header (char *data, int &clientid, int &seqno) |
311 | decode_header (char *data, int &clientid, int &seqno) |
289 | { |
312 | { |
290 | u8 hdr[3]; |
313 | u8 hdr[3]; |
291 | |
314 | |
292 | cdc26.decode (hdr, data, HDRSIZE); |
315 | cdc26.decode (hdr, data, HDRSIZE); |
293 | |
316 | |
… | |
… | |
326 | byte_stream::~byte_stream () |
349 | byte_stream::~byte_stream () |
327 | { |
350 | { |
328 | delete data; |
351 | delete data; |
329 | } |
352 | } |
330 | |
353 | |
|
|
354 | void |
331 | void byte_stream::remove (int count) |
355 | byte_stream::remove (int count) |
332 | { |
356 | { |
333 | if (count > fill) |
357 | if (count > fill) |
334 | assert (count <= fill); |
358 | assert (count <= fill); |
335 | |
359 | |
336 | memmove (data, data + count, fill -= count); |
360 | memmove (data, data + count, fill -= count); |
337 | } |
361 | } |
338 | |
362 | |
|
|
363 | bool |
339 | bool byte_stream::put (u8 *data, unsigned int datalen) |
364 | byte_stream::put (u8 *data, unsigned int datalen) |
340 | { |
365 | { |
341 | if (maxsize - fill < datalen) |
366 | if (maxsize - fill < datalen) |
342 | return false; |
367 | return false; |
343 | |
368 | |
344 | memcpy (this->data + fill, data, datalen); fill += datalen; |
369 | memcpy (this->data + fill, data, datalen); fill += datalen; |
345 | |
370 | |
346 | return true; |
371 | return true; |
347 | } |
372 | } |
348 | |
373 | |
|
|
374 | bool |
349 | bool byte_stream::put (vpn_packet *pkt) |
375 | byte_stream::put (vpn_packet *pkt) |
350 | { |
376 | { |
351 | if (maxsize - fill < pkt->len + 2) |
377 | if (maxsize - fill < pkt->len + 2) |
352 | return false; |
378 | return false; |
353 | |
379 | |
354 | data [fill++] = pkt->len >> 8; |
380 | data [fill++] = pkt->len >> 8; |
… | |
… | |
436 | bool valid (); |
462 | bool valid (); |
437 | }; |
463 | }; |
438 | |
464 | |
439 | int dns_cfg::next_uid; |
465 | int dns_cfg::next_uid; |
440 | |
466 | |
|
|
467 | void |
441 | void dns_cfg::reset (int clientid) |
468 | dns_cfg::reset (int clientid) |
442 | { |
469 | { |
443 | id1 = 'G'; |
470 | id1 = 'G'; |
444 | id2 = 'V'; |
471 | id2 = 'V'; |
445 | id3 = 'P'; |
472 | id3 = 'P'; |
446 | id4 = 'E'; |
473 | id4 = 'E'; |
… | |
… | |
460 | |
487 | |
461 | r3 = r4 = 0; |
488 | r3 = r4 = 0; |
462 | r4 = r5 = r6 = r7 = 0; |
489 | r4 = r5 = r6 = r7 = 0; |
463 | } |
490 | } |
464 | |
491 | |
|
|
492 | bool |
465 | bool dns_cfg::valid () |
493 | dns_cfg::valid () |
466 | { |
494 | { |
467 | // although the protocol itself allows for some configurability, |
495 | // although the protocol itself allows for some configurability, |
468 | // only the following encoding/decoding settings are implemented. |
496 | // only the following encoding/decoding settings are implemented. |
469 | return id1 == 'G' |
497 | return id1 == 'G' |
470 | && id2 == 'V' |
498 | && id2 == 'V' |
… | |
… | |
485 | u8 data [MAXSIZE - 6 * 2]; |
513 | u8 data [MAXSIZE - 6 * 2]; |
486 | |
514 | |
487 | int decode_label (char *data, int size, int &offs); |
515 | int decode_label (char *data, int size, int &offs); |
488 | }; |
516 | }; |
489 | |
517 | |
|
|
518 | int |
490 | int dns_packet::decode_label (char *data, int size, int &offs) |
519 | dns_packet::decode_label (char *data, int size, int &offs) |
491 | { |
520 | { |
492 | char *orig = data; |
521 | char *orig = data; |
493 | |
522 | |
494 | memset (data, 0, size); |
523 | memset (data, 0, size); |
495 | |
524 | |
… | |
… | |
521 | return data - orig; |
550 | return data - orig; |
522 | } |
551 | } |
523 | |
552 | |
524 | ///////////////////////////////////////////////////////////////////////////// |
553 | ///////////////////////////////////////////////////////////////////////////// |
525 | |
554 | |
|
|
555 | static |
|
|
556 | u16 next_id () |
|
|
557 | { |
526 | static u16 dns_id = 0; // TODO: should be per-vpn |
558 | static u16 dns_id = 0; // TODO: should be per-vpn |
527 | |
559 | |
528 | static u16 next_id () |
|
|
529 | { |
|
|
530 | if (!dns_id) |
560 | if (!dns_id) |
531 | dns_id = time (0); |
561 | dns_id = time (0); |
532 | |
562 | |
533 | // the simplest lsfr with periodicity 65535 i could find |
563 | // the simplest lsfr with periodicity 65535 i could find |
534 | dns_id = (dns_id << 1) |
564 | dns_id = (dns_id << 1) |
… | |
… | |
602 | dns_snd::~dns_snd () |
632 | dns_snd::~dns_snd () |
603 | { |
633 | { |
604 | delete pkt; |
634 | delete pkt; |
605 | } |
635 | } |
606 | |
636 | |
|
|
637 | static void |
607 | static void append_domain (dns_packet &pkt, int &offs, const char *domain) |
638 | append_domain (dns_packet &pkt, int &offs, const char *domain) |
608 | { |
639 | { |
609 | // add tunnel domain |
640 | // add tunnel domain |
610 | for (;;) |
641 | for (;;) |
611 | { |
642 | { |
612 | const char *end = strchr (domain, '.'); |
643 | const char *end = strchr (domain, '.'); |
… | |
… | |
625 | |
656 | |
626 | domain = end + 1; |
657 | domain = end + 1; |
627 | } |
658 | } |
628 | } |
659 | } |
629 | |
660 | |
|
|
661 | void |
630 | void dns_snd::gen_stream_req (int seqno, byte_stream &stream) |
662 | dns_snd::gen_stream_req (int seqno, byte_stream &stream) |
631 | { |
663 | { |
632 | stdhdr = true; |
664 | stdhdr = true; |
633 | this->seqno = seqno; |
665 | this->seqno = seqno; |
634 | |
666 | |
635 | timeout = ev_now () + INITIAL_TIMEOUT; |
667 | timeout = ev_now () + INITIAL_TIMEOUT; |
… | |
… | |
673 | (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN; |
705 | (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN; |
674 | |
706 | |
675 | pkt->len = offs; |
707 | pkt->len = offs; |
676 | } |
708 | } |
677 | |
709 | |
|
|
710 | void |
678 | void dns_snd::gen_syn_req () |
711 | dns_snd::gen_syn_req () |
679 | { |
712 | { |
680 | timeout = ev_now () + INITIAL_SYN_TIMEOUT; |
713 | timeout = ev_now () + INITIAL_SYN_TIMEOUT; |
681 | |
714 | |
682 | pkt->flags = htons (DEFAULT_CLIENT_FLAGS); |
715 | pkt->flags = htons (DEFAULT_CLIENT_FLAGS); |
683 | pkt->qdcount = htons (1); |
716 | pkt->qdcount = htons (1); |
… | |
… | |
748 | i != rcvpq.end (); |
781 | i != rcvpq.end (); |
749 | ++i) |
782 | ++i) |
750 | delete *i; |
783 | delete *i; |
751 | } |
784 | } |
752 | |
785 | |
|
|
786 | void |
753 | void dns_connection::receive_rep (dns_rcv *r) |
787 | dns_connection::receive_rep (dns_rcv *r) |
754 | { |
788 | { |
755 | if (r->datalen) |
789 | if (r->datalen) |
756 | { |
790 | { |
757 | last_received = ev_now (); |
791 | last_received = ev_now (); |
758 | tw (); |
792 | tw (); |
… | |
… | |
791 | |
825 | |
792 | rcvseq = (rcvseq + 1) & SEQNO_MASK; |
826 | rcvseq = (rcvseq + 1) & SEQNO_MASK; |
793 | |
827 | |
794 | if (!rcvdq.put (r->data, r->datalen)) |
828 | if (!rcvdq.put (r->data, r->datalen)) |
795 | { |
829 | { |
|
|
830 | // MUST never overflow, can be caused by data corruption, TODO |
796 | slog (L_ERR, "DNS: !rcvdq.put (r->data, r->datalen)"); |
831 | slog (L_CRIT, "DNS: !rcvdq.put (r->data, r->datalen)"); |
797 | abort (); // MUST never overflow, can be caused by data corruption, TODO |
832 | c->dnsv4_reset_connection (); |
|
|
833 | return; |
798 | } |
834 | } |
799 | |
835 | |
800 | while (vpn_packet *pkt = rcvdq.get ()) |
836 | while (vpn_packet *pkt = rcvdq.get ()) |
801 | { |
837 | { |
802 | sockinfo si; |
838 | sockinfo si; |
803 | si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4; |
839 | si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4; |
804 | |
840 | |
805 | vpn->recv_vpn_packet (pkt, si); |
841 | vpn->recv_vpn_packet (pkt, si); |
806 | |
|
|
807 | delete pkt; |
842 | delete pkt; |
808 | } |
843 | } |
809 | |
844 | |
810 | // check for further packets |
845 | // check for further packets |
811 | goto redo; |
846 | goto redo; |
… | |
… | |
1109 | |
1144 | |
1110 | if (ip [3] == CMD_IP_RST) |
1145 | if (ip [3] == CMD_IP_RST) |
1111 | { |
1146 | { |
1112 | slog (L_DEBUG, _("DNS: got tunnel RST request")); |
1147 | slog (L_DEBUG, _("DNS: got tunnel RST request")); |
1113 | |
1148 | |
1114 | delete dns; c->dns = 0; |
1149 | c->dnsv4_reset_connection (); |
1115 | |
|
|
1116 | return; |
|
|
1117 | } |
1150 | } |
1118 | else if (ip [3] == CMD_IP_SYN) |
1151 | else if (ip [3] == CMD_IP_SYN) |
1119 | { |
1152 | { |
1120 | slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us.")); |
1153 | slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us.")); |
1121 | dns->established = true; |
1154 | dns->established = true; |
1122 | } |
1155 | } |
1123 | else if (ip [3] == CMD_IP_REJ) |
1156 | else if (ip [3] == CMD_IP_REJ) |
1124 | { |
|
|
1125 | slog (L_DEBUG, _("DNS: got tunnel REJ reply, server does not like us, aborting.")); |
1157 | slog (L_ERR, _("DNS: got tunnel REJ reply, server does not like us.")); |
1126 | abort (); |
|
|
1127 | } |
|
|
1128 | else |
1158 | else |
1129 | slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]); |
1159 | slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]); |
1130 | } |
1160 | } |
1131 | else |
1161 | else |
1132 | slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"), |
1162 | slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"), |