… | |
… | |
37 | #include <unistd.h> |
37 | #include <unistd.h> |
38 | #include <fcntl.h> |
38 | #include <fcntl.h> |
39 | |
39 | |
40 | #include <map> |
40 | #include <map> |
41 | |
41 | |
|
|
42 | #include <gmp.h> |
|
|
43 | |
42 | #include "netcompat.h" |
44 | #include "netcompat.h" |
43 | |
45 | |
44 | #include "vpn.h" |
46 | #include "vpn.h" |
45 | |
47 | |
46 | #define MIN_RETRY 1. |
48 | #define MIN_RETRY 1. |
47 | #define MAX_RETRY 60. |
49 | #define MAX_RETRY 6. |
48 | |
50 | |
49 | #define MAX_OUTSTANDING 40 // max. outstanding requests |
51 | #define MAX_OUTSTANDING 400 // max. outstanding requests |
50 | #define MAX_WINDOW 100 // max. for MAX_OUTSTANDING |
52 | #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING |
51 | #define MAX_RATE 1000 // requests/s |
53 | #define MAX_RATE 100 // requests/s |
52 | #define MAX_BACKLOG (10*1024) // size of protocol backlog, must be > MAXSIZE |
54 | #define MAX_BACKLOG (10*1024) // size of protocol backlog, must be > MAXSIZE |
53 | |
55 | |
54 | #define MAX_DOMAIN_SIZE 220 // 255 is legal limit, but bind doesn't compress well |
56 | #define MAX_DOMAIN_SIZE 220 // 255 is legal limit, but bind doesn't compress well |
55 | // 240 leaves about 4 bytes of server reply data |
57 | // 240 leaves about 4 bytes of server reply data |
56 | // every two request byte sless give room for one reply byte |
58 | // every two request byte sless give room for one reply byte |
57 | |
59 | |
58 | // seqno has 12 bits, but the lower bit is always left as zero |
|
|
59 | // as bind caches ttl=0 records and we have to generate |
|
|
60 | // sequence numbers that always differ case-insensitively |
|
|
61 | #define SEQNO_MASK 0x07ff |
60 | #define SEQNO_MASK 0xffff |
62 | |
61 | #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) ) |
63 | /* |
|
|
64 | |
|
|
65 | protocol, in shorthand :) |
|
|
66 | |
|
|
67 | client -> server <req> ANY? |
|
|
68 | server -> client <req> TXT <rep> |
|
|
69 | |
|
|
70 | <req> is dns64-encoded <client-id:12><recv-seqno:10>[<send-seqno:10><data>] |
|
|
71 | <rep> is dns64-encoded <0:12><recv-seqno:10>[<send-seqno:10><data>] |
|
|
72 | |
|
|
73 | if <client-id> is zero, the connection will be configured: |
|
|
74 | |
|
|
75 | <0:12><0:4>client-id:12><default-ttl:8><max-size:16><flags:16> |
|
|
76 | |
|
|
77 | */ |
|
|
78 | |
62 | |
79 | #define MAX_LBL_SIZE 63 |
63 | #define MAX_LBL_SIZE 63 |
80 | #define MAX_PKT_SIZE 512 |
64 | #define MAX_PKT_SIZE 512 |
81 | |
65 | |
82 | #define RR_TYPE_TXT 16 |
66 | #define RR_TYPE_TXT 16 |
83 | #define RR_TYPE_ANY 255 |
67 | #define RR_TYPE_ANY 255 |
84 | #define RR_CLASS_IN 1 |
68 | #define RR_CLASS_IN 1 |
85 | |
69 | |
86 | // the "_" is not valid but widely accepted (all octets should be supported, but let's be conservative) |
70 | // works for cmaps up to 255 (not 256!) |
87 | struct dns64 |
71 | struct charmap |
88 | { |
72 | { |
89 | static const char encode_chars[64 + 1]; |
73 | enum { INVALID = (u8)255 }; |
90 | static s8 decode_chars[256]; |
|
|
91 | |
74 | |
92 | static int encode_len (int bytes) { return (bytes * 8 + 5) / 6; } |
75 | char encode [256]; // index => char |
93 | static int decode_len (int bytes) { return (bytes * 6) / 8; } |
76 | u8 decode [256]; // char => index |
|
|
77 | unsigned int size; |
|
|
78 | |
|
|
79 | charmap (const char *cmap); |
|
|
80 | }; |
|
|
81 | |
|
|
82 | charmap::charmap (const char *cmap) |
|
|
83 | { |
|
|
84 | char *enc = encode; |
|
|
85 | u8 *dec = decode; |
|
|
86 | |
|
|
87 | memset (enc, (char) 0, 256); |
|
|
88 | memset (dec, (char)INVALID, 256); |
|
|
89 | |
|
|
90 | for (size = 0; cmap [size]; size++) |
|
|
91 | { |
|
|
92 | enc [size] = cmap [size]; |
|
|
93 | dec [(u8)enc [size]] = size; |
|
|
94 | } |
|
|
95 | |
|
|
96 | assert (size < 256); |
|
|
97 | } |
|
|
98 | |
|
|
99 | #define MAX_DEC_LEN 500 |
|
|
100 | #define MAX_ENC_LEN (MAX_DEC_LEN * 2) |
|
|
101 | #define MAX_LIMBS ((MAX_DEC_LEN * 8 + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS) |
|
|
102 | |
|
|
103 | // ugly. minimum base is 16(!) |
|
|
104 | struct basecoder |
|
|
105 | { |
|
|
106 | charmap cmap; |
|
|
107 | unsigned int enc_len [MAX_DEC_LEN]; |
|
|
108 | unsigned int dec_len [MAX_ENC_LEN]; |
|
|
109 | |
|
|
110 | unsigned int encode_len (unsigned int len); |
|
|
111 | unsigned int decode_len (unsigned int len); |
|
|
112 | |
94 | static int encode (char *dst, u8 *src, int len); |
113 | unsigned int encode (char *dst, u8 *src, unsigned int len); |
95 | static int decode (u8 *dst, char *src, int len); |
114 | unsigned int decode (u8 *dst, char *src, unsigned int len); |
96 | |
115 | |
97 | dns64 (); |
116 | basecoder (const char *cmap); |
98 | } dns64; |
117 | }; |
|
|
118 | |
|
|
119 | basecoder::basecoder (const char *cmap) |
|
|
120 | : cmap (cmap) |
|
|
121 | { |
|
|
122 | for (unsigned int len = 0; len < MAX_DEC_LEN; ++len) |
|
|
123 | { |
|
|
124 | u8 src [MAX_DEC_LEN]; |
|
|
125 | u8 dst [MAX_ENC_LEN]; |
|
|
126 | |
|
|
127 | memset (src, 255, len); |
|
|
128 | |
|
|
129 | mp_limb_t m [MAX_LIMBS]; |
|
|
130 | mp_size_t n; |
|
|
131 | |
|
|
132 | n = mpn_set_str (m, src, len, 256); |
|
|
133 | n = mpn_get_str (dst, this->cmap.size, m, n); |
|
|
134 | |
|
|
135 | for (int i = 0; !dst [i]; ++i) |
|
|
136 | n--; |
|
|
137 | |
|
|
138 | enc_len [len] = n; |
|
|
139 | dec_len [n] = len; |
|
|
140 | } |
|
|
141 | } |
|
|
142 | |
|
|
143 | unsigned int basecoder::encode_len (unsigned int len) |
|
|
144 | { |
|
|
145 | return enc_len [len]; |
|
|
146 | } |
|
|
147 | |
|
|
148 | unsigned int basecoder::decode_len (unsigned int len) |
|
|
149 | { |
|
|
150 | while (len && !dec_len [len]) |
|
|
151 | --len; |
|
|
152 | |
|
|
153 | return dec_len [len]; |
|
|
154 | } |
|
|
155 | |
|
|
156 | unsigned int basecoder::encode (char *dst, u8 *src, unsigned int len) |
|
|
157 | { |
|
|
158 | if (!len) |
|
|
159 | return 0; |
|
|
160 | |
|
|
161 | int elen = encode_len (len); |
|
|
162 | |
|
|
163 | mp_limb_t m [MAX_LIMBS]; |
|
|
164 | mp_size_t n; |
|
|
165 | |
|
|
166 | u8 dst_ [MAX_ENC_LEN]; |
|
|
167 | |
|
|
168 | n = mpn_set_str (m, src, len, 256); |
|
|
169 | n = mpn_get_str (dst_, cmap.size, m, n); |
|
|
170 | |
|
|
171 | int plen = elen; // for padding |
|
|
172 | |
|
|
173 | while (n < plen) |
|
|
174 | { |
|
|
175 | *dst++ = cmap.encode [0]; |
|
|
176 | plen--; |
|
|
177 | } |
|
|
178 | |
|
|
179 | for (unsigned int i = n - plen; i < n; ++i) |
|
|
180 | *dst++ = cmap.encode [dst_ [i]]; |
|
|
181 | |
|
|
182 | return elen; |
|
|
183 | } |
|
|
184 | |
|
|
185 | unsigned int basecoder::decode (u8 *dst, char *src, unsigned int len) |
|
|
186 | { |
|
|
187 | if (!len) |
|
|
188 | return 0; |
|
|
189 | |
|
|
190 | u8 src_ [MAX_ENC_LEN]; |
|
|
191 | unsigned int elen = 0; |
|
|
192 | |
|
|
193 | while (len--) |
|
|
194 | { |
|
|
195 | u8 val = cmap.decode [(u8)*src++]; |
|
|
196 | |
|
|
197 | if (val != charmap::INVALID) |
|
|
198 | src_ [elen++] = val; |
|
|
199 | } |
|
|
200 | |
|
|
201 | int dlen = decode_len (elen); |
|
|
202 | |
|
|
203 | mp_limb_t m [MAX_LIMBS]; |
|
|
204 | mp_size_t n; |
|
|
205 | |
|
|
206 | u8 dst_ [MAX_DEC_LEN]; |
|
|
207 | |
|
|
208 | n = mpn_set_str (m, src_, elen, cmap.size); |
|
|
209 | n = mpn_get_str (dst_, 256, m, n); |
|
|
210 | |
|
|
211 | if (n < dlen) |
|
|
212 | { |
|
|
213 | memset (dst, 0, dlen - n); |
|
|
214 | memcpy (dst + dlen - n, dst_, n); |
|
|
215 | } |
|
|
216 | else |
|
|
217 | memcpy (dst, dst_ + n - dlen, dlen); |
|
|
218 | |
|
|
219 | return dlen; |
|
|
220 | } |
|
|
221 | |
|
|
222 | #if 0 |
|
|
223 | struct test { test (); } test; |
|
|
224 | |
|
|
225 | test::test () |
|
|
226 | { |
|
|
227 | basecoder cdc ("0123456789abcdefghijklmnopqrstuvwxyz"); |
|
|
228 | |
|
|
229 | u8 in[] = "0123456789abcdefghijklmnopqrstuvwxyz"; |
|
|
230 | static char enc[200]; |
|
|
231 | static u8 dec[200]; |
|
|
232 | |
|
|
233 | for (int i = 1; i < 20; i++) |
|
|
234 | { |
|
|
235 | int elen = cdc.encode (enc, in, i); |
|
|
236 | int dlen = cdc.decode (dec, enc, elen); |
|
|
237 | |
|
|
238 | printf ("%d>%d>%d (%s>%s)\n", i, elen, dlen, enc, dec); |
|
|
239 | } |
|
|
240 | abort (); |
|
|
241 | } |
|
|
242 | #endif |
99 | |
243 | |
100 | // the following sequence has been crafted to |
244 | // the following sequence has been crafted to |
101 | // a) look somewhat random |
245 | // a) look somewhat random |
102 | // b) the even (and odd) indices never share the same character as upper/lowercase |
246 | // b) the even (and odd) indices never share the same character as upper/lowercase |
|
|
247 | // the "_" is not valid but widely accepted (all octets should be supported, but let's be conservative) |
|
|
248 | // the other sequences are obviously derived |
|
|
249 | //static basecoder cdc63 ("_dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); |
103 | const char dns64::encode_chars[64 + 1] = "_-dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"; |
250 | static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); |
104 | s8 dns64::decode_chars[256]; |
251 | //static basecoder cdc36 ("dphzr06qmjkb34tsvl81xaef92wgyo57ucni"); // unused as of yet |
|
|
252 | static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyO"); |
105 | |
253 | |
106 | dns64::dns64 () |
254 | ///////////////////////////////////////////////////////////////////////////// |
107 | { |
|
|
108 | for (int i = 0; i < 64; i++) |
|
|
109 | decode_chars [encode_chars [i]] = i + 1; |
|
|
110 | } |
|
|
111 | |
255 | |
112 | int dns64::encode (char *dst, u8 *src, int len) |
256 | #define HDRSIZE 6 |
113 | { |
|
|
114 | // slow, but easy to debug |
|
|
115 | char *beg = dst; |
|
|
116 | unsigned int accum, bits = 0; |
|
|
117 | |
257 | |
118 | while (len--) |
258 | inline void encode_header (char *data, int clientid, int seqno) |
119 | { |
|
|
120 | accum <<= 8; |
|
|
121 | accum |= *src++; |
|
|
122 | bits += 8; |
|
|
123 | |
|
|
124 | while (bits >= 6) |
|
|
125 | { |
|
|
126 | *dst++ = encode_chars [(accum >> (bits - 6)) & 63]; |
|
|
127 | bits -= 6; |
|
|
128 | } |
|
|
129 | } |
|
|
130 | |
|
|
131 | if (bits) |
|
|
132 | *dst++ = encode_chars [(accum << (6 - bits)) & 63]; |
|
|
133 | |
|
|
134 | return dst - beg; |
|
|
135 | } |
|
|
136 | |
|
|
137 | int dns64::decode (u8 *dst, char *src, int len) |
|
|
138 | { |
259 | { |
139 | // slow, but easy to debug |
260 | u8 hdr[3] = { clientid, seqno >> 8, seqno }; |
140 | u8 *beg = dst; |
|
|
141 | unsigned int accum, bits = 0; |
|
|
142 | |
261 | |
143 | while (len--) |
262 | assert (clientid < 256); |
144 | { |
|
|
145 | s8 chr = decode_chars [(u8)*src++]; |
|
|
146 | |
263 | |
147 | if (!chr) |
264 | cdc26.encode (data, hdr, 3); |
148 | continue; |
265 | } |
149 | |
266 | |
150 | accum <<= 6; |
267 | inline void decode_header (char *data, int &clientid, int &seqno) |
151 | accum |= chr - 1; |
268 | { |
152 | bits += 6; |
269 | u8 hdr[3]; |
153 | |
270 | |
154 | while (bits >= 8) |
271 | cdc26.decode (hdr, data, HDRSIZE); |
155 | { |
|
|
156 | *dst++ = accum >> (bits - 8); |
|
|
157 | bits -= 8; |
|
|
158 | } |
|
|
159 | } |
|
|
160 | |
272 | |
161 | return dst - beg; |
273 | clientid = hdr[0]; |
|
|
274 | seqno = (hdr[1] << 8) | hdr[2]; |
162 | } |
275 | } |
163 | |
276 | |
164 | ///////////////////////////////////////////////////////////////////////////// |
277 | ///////////////////////////////////////////////////////////////////////////// |
165 | |
278 | |
166 | struct byte_stream |
279 | struct byte_stream |
… | |
… | |
246 | |
359 | |
247 | ///////////////////////////////////////////////////////////////////////////// |
360 | ///////////////////////////////////////////////////////////////////////////// |
248 | |
361 | |
249 | #define FLAG_QUERY ( 0 << 15) |
362 | #define FLAG_QUERY ( 0 << 15) |
250 | #define FLAG_RESPONSE ( 1 << 15) |
363 | #define FLAG_RESPONSE ( 1 << 15) |
251 | #define FLAG_OP_MASK (15 << 14) |
364 | #define FLAG_OP_MASK (15 << 11) |
252 | #define FLAG_OP_QUERY ( 0 << 11) |
365 | #define FLAG_OP_QUERY ( 0 << 11) |
253 | #define FLAG_AA ( 1 << 10) |
366 | #define FLAG_AA ( 1 << 10) |
254 | #define FLAG_TC ( 1 << 9) |
367 | #define FLAG_TC ( 1 << 9) |
255 | #define FLAG_RD ( 1 << 8) |
368 | #define FLAG_RD ( 1 << 8) |
256 | #define FLAG_RA ( 1 << 7) |
369 | #define FLAG_RA ( 1 << 7) |
… | |
… | |
315 | struct dns_req |
428 | struct dns_req |
316 | { |
429 | { |
317 | dns_packet *pkt; |
430 | dns_packet *pkt; |
318 | tstamp next; |
431 | tstamp next; |
319 | int retry; |
432 | int retry; |
320 | connection *conn; |
433 | struct dns_connection *dns; |
321 | int seqno; |
434 | int seqno; |
322 | |
435 | |
323 | dns_req (connection *c); |
436 | dns_req (dns_connection *dns); |
324 | void gen_stream_req (int seqno, byte_stream *stream); |
437 | void gen_stream_req (int seqno, byte_stream &stream); |
325 | }; |
438 | }; |
326 | |
439 | |
327 | static u16 dns_id = 12098; // TODO: should be per-vpn |
440 | static u16 dns_id = 12098; // TODO: should be per-vpn |
328 | |
441 | |
329 | static u16 next_id () |
442 | static u16 next_id () |
… | |
… | |
336 | ^ (dns_id >> 15)) & 1); |
449 | ^ (dns_id >> 15)) & 1); |
337 | |
450 | |
338 | return dns_id; |
451 | return dns_id; |
339 | } |
452 | } |
340 | |
453 | |
341 | dns_req::dns_req (connection *c) |
454 | dns_req::dns_req (dns_connection *dns) |
342 | : conn (c) |
455 | : dns (dns) |
343 | { |
456 | { |
344 | next = 0; |
457 | next = 0; |
345 | retry = 0; |
458 | retry = 0; |
346 | |
459 | |
347 | pkt = new dns_packet; |
460 | pkt = new dns_packet; |
348 | |
461 | |
349 | pkt->id = next_id (); |
462 | pkt->id = next_id (); |
350 | } |
463 | } |
351 | |
464 | |
352 | void dns_req::gen_stream_req (int seqno, byte_stream *stream) |
465 | void dns_req::gen_stream_req (int seqno, byte_stream &stream) |
353 | { |
466 | { |
354 | this->seqno = seqno; |
467 | this->seqno = seqno; |
355 | |
468 | |
356 | pkt->flags = htons (DEFAULT_CLIENT_FLAGS); |
469 | pkt->flags = htons (DEFAULT_CLIENT_FLAGS); |
357 | pkt->qdcount = htons (1); |
470 | pkt->qdcount = htons (1); |
358 | |
471 | |
359 | int offs = 6*2; |
472 | int offs = 6*2; |
360 | int dlen = MAX_DOMAIN_SIZE - strlen (THISNODE->domain) - 2; |
473 | int dlen = MAX_DOMAIN_SIZE - (strlen (THISNODE->domain) + 2); |
361 | // MAX_DOMAIN_SIZE is technically 255, but bind doesn't compress responses well, |
474 | // MAX_DOMAIN_SIZE is technically 255, but bind doesn't compress responses well, |
362 | // so we need to have space for 2*MAX_DOMAIN_SIZE + header + extra |
475 | // so we need to have space for 2*MAX_DOMAIN_SIZE + header + extra |
363 | |
476 | |
364 | u8 data[256]; //TODO |
|
|
365 | |
|
|
366 | data[0] = THISNODE->id; //TODO |
|
|
367 | data[1] = seqno >> 7; //TODO |
|
|
368 | data[2] = seqno << 1; //TODO |
|
|
369 | |
|
|
370 | int datalen = dns64::decode_len (dlen - (dlen + MAX_LBL_SIZE - 1) / MAX_LBL_SIZE) - 3; |
|
|
371 | |
|
|
372 | if (datalen > stream->size ()) |
|
|
373 | datalen = stream->size (); |
|
|
374 | |
|
|
375 | char enc[256], *encp = enc; |
477 | char enc[256], *encp = enc; |
376 | |
478 | encode_header (enc, THISNODE->id, seqno); |
377 | memcpy (data + 3, stream->begin (), datalen); |
479 | |
378 | int enclen = dns64::encode (enc, data, datalen + 3); |
480 | int datalen = cdc62.decode_len (dlen - (dlen + MAX_LBL_SIZE - 1) / MAX_LBL_SIZE - HDRSIZE); |
|
|
481 | |
|
|
482 | if (datalen > stream.size ()) |
|
|
483 | datalen = stream.size (); |
|
|
484 | |
|
|
485 | int enclen = cdc62.encode (enc + HDRSIZE, stream.begin (), datalen) + HDRSIZE; |
379 | stream->remove (datalen); |
486 | stream.remove (datalen); |
380 | |
487 | |
381 | while (enclen) |
488 | while (enclen) |
382 | { |
489 | { |
383 | int lbllen = enclen < MAX_LBL_SIZE ? enclen : MAX_LBL_SIZE; |
490 | int lbllen = enclen < MAX_LBL_SIZE ? enclen : MAX_LBL_SIZE; |
384 | |
491 | |
… | |
… | |
441 | { |
548 | { |
442 | delete pkt; |
549 | delete pkt; |
443 | } |
550 | } |
444 | |
551 | |
445 | ///////////////////////////////////////////////////////////////////////////// |
552 | ///////////////////////////////////////////////////////////////////////////// |
|
|
553 | |
|
|
554 | struct dns_connection |
|
|
555 | { |
|
|
556 | connection *c; |
|
|
557 | struct vpn *vpn; |
|
|
558 | |
|
|
559 | vector<dns_rcv *> rcvpq; |
|
|
560 | |
|
|
561 | int rcvseq; |
|
|
562 | int sndseq; |
|
|
563 | |
|
|
564 | byte_stream rcvdq; |
|
|
565 | byte_stream snddq; |
|
|
566 | |
|
|
567 | void time_cb (time_watcher &w); time_watcher tw; |
|
|
568 | void receive_rep (dns_rcv *r); |
|
|
569 | |
|
|
570 | dns_connection (connection *c); |
|
|
571 | ~dns_connection (); |
|
|
572 | }; |
|
|
573 | |
|
|
574 | dns_connection::dns_connection (connection *c) |
|
|
575 | : c (c) |
|
|
576 | , rcvdq (MAX_BACKLOG * 2) |
|
|
577 | , snddq (MAX_BACKLOG * 2) |
|
|
578 | , tw (this, &dns_connection::time_cb) |
|
|
579 | { |
|
|
580 | vpn = c->vpn; |
|
|
581 | |
|
|
582 | rcvseq = sndseq = 0; |
|
|
583 | } |
|
|
584 | |
|
|
585 | dns_connection::~dns_connection () |
|
|
586 | { |
|
|
587 | for (vector<dns_rcv *>::iterator i = rcvpq.begin (); |
|
|
588 | i != rcvpq.end (); |
|
|
589 | ++i) |
|
|
590 | delete *i; |
|
|
591 | } |
446 | |
592 | |
447 | struct dns_cfg |
593 | struct dns_cfg |
448 | { |
594 | { |
449 | u8 id1, id2, id3; |
595 | u8 id1, id2, id3; |
450 | u8 def_ttl; |
596 | u8 def_ttl; |
451 | u8 unused1; |
597 | u8 unused1; |
452 | u16 max_size; |
598 | u16 max_size; |
453 | u8 flags1, flags2; |
599 | u8 flags1, flags2; |
454 | }; |
600 | }; |
455 | |
601 | |
456 | void connection::dnsv4_receive_rep (struct dns_rcv *r) |
602 | void dns_connection::receive_rep (dns_rcv *r) |
457 | { |
603 | { |
458 | dns_rcvpq.push_back (r); |
604 | rcvpq.push_back (r); |
459 | |
605 | |
460 | redo: |
606 | redo: |
461 | |
607 | |
|
|
608 | // find next packet |
462 | for (vector<dns_rcv *>::iterator i = dns_rcvpq.begin (); |
609 | for (vector<dns_rcv *>::iterator i = rcvpq.end (); i-- != rcvpq.begin (); ) |
463 | i != dns_rcvpq.end (); |
|
|
464 | ++i) |
|
|
465 | if (dns_rcvseq == (*i)->seqno) |
610 | if (SEQNO_EQ (rcvseq, (*i)->seqno)) |
466 | { |
611 | { |
|
|
612 | // enter the packet into our input stream |
467 | dns_rcv *r = *i; |
613 | r = *i; |
468 | |
614 | |
469 | dns_rcvseq = (dns_rcvseq + 1) & SEQNO_MASK; |
615 | // remove the oldest packet, look forward, as it's oldest first |
470 | |
616 | for (vector<dns_rcv *>::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j) |
471 | if (!dns_snddq && !dns_rcvdq) |
617 | if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW)) |
472 | { |
618 | { |
473 | dns_rcvdq = new byte_stream (MAX_BACKLOG * 2); |
619 | delete *j; |
474 | dns_snddq = new byte_stream (MAX_BACKLOG); |
620 | rcvpq.erase (j); |
475 | |
621 | break; |
476 | dns_si.set (::conf.dns_forw_host, ::conf.dns_forw_port, PROT_DNSv4); |
|
|
477 | } |
622 | } |
478 | |
623 | |
|
|
624 | rcvseq = (rcvseq + 1) & SEQNO_MASK; |
|
|
625 | |
479 | if (!dns_rcvdq->put (r->data, r->datalen)) |
626 | if (!rcvdq.put (r->data, r->datalen)) |
480 | abort (); // MUST never overflow, can be caused by data corruption, TODO |
627 | abort (); // MUST never overflow, can be caused by data corruption, TODO |
481 | |
628 | |
482 | while (vpn_packet *pkt = dns_rcvdq->get ()) |
629 | while (vpn_packet *pkt = rcvdq.get ()) |
483 | { |
630 | { |
484 | sockinfo si; |
631 | sockinfo si; |
485 | si.host = 0; si.port = 0; si.prot = PROT_DNSv4; |
632 | si.host = 0; si.port = 0; si.prot = PROT_DNSv4; |
486 | |
633 | |
487 | vpn->recv_vpn_packet (pkt, si); |
634 | vpn->recv_vpn_packet (pkt, si); |
488 | } |
635 | } |
489 | } |
636 | |
490 | else if ((u32)(*i)->seqno - (u32)dns_rcvseq + MAX_WINDOW > MAX_WINDOW * 2) |
637 | // check for further packets |
491 | { |
|
|
492 | //D |
|
|
493 | //abort(); |
|
|
494 | printf ("%d erasing %d (%d)\n", THISNODE->id, (u32)(*i)->seqno, dns_rcvseq); |
|
|
495 | dns_rcvpq.erase (i); |
|
|
496 | goto redo; |
638 | goto redo; |
497 | } |
639 | } |
498 | } |
640 | } |
499 | |
641 | |
500 | dns_packet * |
642 | dns_packet * |
… | |
… | |
505 | //memcpy (&((*rep)[0]), &((*pkt)[0]), pkt->len); |
647 | //memcpy (&((*rep)[0]), &((*pkt)[0]), pkt->len); |
506 | int offs = 6 * 2; // skip header |
648 | int offs = 6 * 2; // skip header |
507 | |
649 | |
508 | pkt->flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR); |
650 | pkt->flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR); |
509 | |
651 | |
510 | if (!(flags & (FLAG_RESPONSE | FLAG_OP_MASK | FLAG_TC)) |
652 | if (0 == (flags & (FLAG_RESPONSE | FLAG_OP_MASK | FLAG_TC)) |
511 | && pkt->qdcount == htons (1)) |
653 | && pkt->qdcount == htons (1)) |
512 | { |
654 | { |
513 | char qname[MAXSIZE]; |
655 | char qname[MAXSIZE]; |
514 | int qlen = pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
656 | int qlen = pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
515 | |
657 | |
… | |
… | |
525 | |
667 | |
526 | int dlen = strlen (THISNODE->domain); |
668 | int dlen = strlen (THISNODE->domain); |
527 | |
669 | |
528 | if (qclass == RR_CLASS_IN |
670 | if (qclass == RR_CLASS_IN |
529 | && (qtype == RR_TYPE_ANY || qtype == RR_TYPE_TXT) |
671 | && (qtype == RR_TYPE_ANY || qtype == RR_TYPE_TXT) |
530 | && qlen > dlen + 1 |
672 | && qlen > dlen + 1 + HDRSIZE |
531 | && !memcmp (qname + qlen - dlen - 1, THISNODE->domain, dlen)) |
673 | && !memcmp (qname + qlen - dlen - 1, THISNODE->domain, dlen)) |
532 | { |
674 | { |
533 | // correct class, domain: parse |
675 | // correct class, domain: parse |
|
|
676 | int client, seqno; |
|
|
677 | decode_header (qname, client, seqno); |
|
|
678 | |
534 | u8 data[MAXSIZE]; |
679 | u8 data[MAXSIZE]; |
535 | int datalen = dns64::decode (data, qname, qlen - dlen - 1); |
680 | int datalen = cdc62.decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE)); |
536 | |
|
|
537 | int client = data[0]; |
|
|
538 | int seqno = ((data[1] << 7) | (data[2] >> 1)) & SEQNO_MASK; |
|
|
539 | |
681 | |
540 | if (0 < client && client <= conns.size ()) |
682 | if (0 < client && client <= conns.size ()) |
541 | { |
683 | { |
542 | connection *c = conns [client - 1]; |
684 | connection *c = conns [client - 1]; |
543 | |
685 | |
544 | redo: |
686 | if (!c->dns) |
|
|
687 | c->dns = new dns_connection (c); |
545 | |
688 | |
|
|
689 | dns_connection *dns = c->dns; |
|
|
690 | |
546 | for (vector<dns_rcv *>::iterator i = c->dns_rcvpq.begin (); |
691 | for (vector<dns_rcv *>::iterator i = dns->rcvpq.end (); i-- != dns->rcvpq.begin (); ) |
547 | i != c->dns_rcvpq.end (); |
|
|
548 | ++i) |
|
|
549 | if ((*i)->seqno == seqno) |
692 | if (SEQNO_EQ ((*i)->seqno, seqno)) |
550 | { |
693 | { |
551 | // already seen that request: simply reply with the cached reply |
694 | // already seen that request: simply reply with the cached reply |
552 | dns_rcv *r = *i; |
695 | dns_rcv *r = *i; |
553 | |
696 | |
554 | printf ("DUPLICATE %d\n", htons (r->pkt->id));//D |
697 | printf ("DUPLICATE %d\n", htons (r->pkt->id));//D |
555 | |
698 | |
556 | offs = r->pkt->len; |
|
|
557 | memcpy (pkt->at (0), r->pkt->at (0), offs); |
699 | memcpy (pkt->at (0), r->pkt->at (0), offs = r->pkt->len); |
|
|
700 | pkt->id = r->pkt->id; |
558 | goto duplicate_request; |
701 | goto duplicate_request; |
559 | } |
702 | } |
560 | |
703 | |
561 | // new packet, queue |
704 | // new packet, queue |
562 | dns_rcv *rcv = new dns_rcv (seqno, data + 3, datalen - 3); |
705 | dns_rcv *rcv = new dns_rcv (seqno, data, datalen); |
563 | c->dnsv4_receive_rep (rcv); |
706 | dns->receive_rep (rcv); |
564 | |
707 | |
565 | // now generate reply |
708 | // now generate reply |
566 | pkt->ancount = htons (1); // one answer RR |
709 | pkt->ancount = htons (1); // one answer RR |
567 | pkt->flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_OK); |
710 | pkt->flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_OK); |
568 | |
711 | |
… | |
… | |
580 | // bind doesn't compress well, so reduce further by one label length |
723 | // bind doesn't compress well, so reduce further by one label length |
581 | dlen -= qlen; |
724 | dlen -= qlen; |
582 | |
725 | |
583 | int rdlen_offs = offs += 2; |
726 | int rdlen_offs = offs += 2; |
584 | |
727 | |
585 | while (c->dns_snddq |
728 | while (dlen > 1 && !dns->snddq.empty ()) |
586 | && !c->dns_snddq->empty () |
|
|
587 | && dlen > 1) |
|
|
588 | { |
729 | { |
589 | int txtlen = dlen <= 255 ? dlen - 1 : 255; |
730 | int txtlen = dlen <= 255 ? dlen - 1 : 255; |
590 | |
731 | |
591 | if (txtlen > c->dns_snddq->size ()) |
732 | if (txtlen > dns->snddq.size ()) |
592 | txtlen = c->dns_snddq->size (); |
733 | txtlen = dns->snddq.size (); |
593 | |
734 | |
594 | (*pkt)[offs++] = txtlen; |
735 | (*pkt)[offs++] = txtlen; |
595 | memcpy (pkt->at (offs), c->dns_snddq->begin (), txtlen); |
736 | memcpy (pkt->at (offs), dns->snddq.begin (), txtlen); |
596 | offs += txtlen; |
737 | offs += txtlen; |
597 | c->dns_snddq->remove (txtlen); |
738 | dns->snddq.remove (txtlen); |
598 | |
739 | |
599 | dlen -= txtlen + 1; |
740 | dlen -= txtlen + 1; |
600 | } |
741 | } |
601 | |
742 | |
602 | // avoid empty TXT rdata |
743 | // avoid empty TXT rdata |
… | |
… | |
637 | for (vector<dns_req *>::iterator i = dns_sndpq.begin (); |
778 | for (vector<dns_req *>::iterator i = dns_sndpq.begin (); |
638 | i != dns_sndpq.end (); |
779 | i != dns_sndpq.end (); |
639 | ++i) |
780 | ++i) |
640 | if ((*i)->pkt->id == pkt->id) |
781 | if ((*i)->pkt->id == pkt->id) |
641 | { |
782 | { |
642 | connection *c = (*i)->conn; |
783 | dns_connection *dns = (*i)->dns; |
643 | int seqno = (*i)->seqno; |
784 | int seqno = (*i)->seqno; |
644 | u8 data[MAXSIZE], *datap = data; |
785 | u8 data[MAXSIZE], *datap = data; |
645 | |
786 | |
646 | delete *i; |
787 | delete *i; |
647 | dns_sndpq.erase (i); |
788 | dns_sndpq.erase (i); |
648 | |
789 | |
649 | if (flags & (FLAG_RESPONSE | FLAG_OP_MASK | FLAG_TC)) |
790 | if (flags & FLAG_RESPONSE && !(flags & (FLAG_OP_MASK | FLAG_TC))) |
650 | { |
791 | { |
651 | char qname[MAXSIZE]; |
792 | char qname[MAXSIZE]; |
652 | |
793 | |
653 | while (pkt->qdcount-- && offs < MAXSIZE - 4) |
794 | while (pkt->qdcount-- && offs < MAXSIZE - 4) |
654 | { |
795 | { |
655 | int qlen = pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
796 | int qlen = pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
656 | offs += 4; // skip qtype, qclass |
797 | offs += 4; // skip qtype, qclass |
657 | } |
798 | } |
658 | |
799 | |
659 | while (pkt->ancount-- && offs < MAXSIZE - 10) |
800 | while (pkt->ancount-- && offs < MAXSIZE - 10 && datap) |
660 | { |
801 | { |
661 | pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
802 | int qlen = pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
662 | |
803 | |
663 | u16 qtype = (*pkt) [offs++] << 8; qtype |= (*pkt) [offs++]; |
804 | u16 qtype = (*pkt) [offs++] << 8; qtype |= (*pkt) [offs++]; |
664 | u16 qclass = (*pkt) [offs++] << 8; qclass |= (*pkt) [offs++]; |
805 | u16 qclass = (*pkt) [offs++] << 8; qclass |= (*pkt) [offs++]; |
665 | u32 ttl = (*pkt) [offs++] << 24; |
806 | u32 ttl = (*pkt) [offs++] << 24; |
666 | ttl |= (*pkt) [offs++] << 16; |
807 | ttl |= (*pkt) [offs++] << 16; |
… | |
… | |
682 | memcpy (datap, pkt->at (offs), txtlen); |
823 | memcpy (datap, pkt->at (offs), txtlen); |
683 | datap += txtlen; offs += txtlen; |
824 | datap += txtlen; offs += txtlen; |
684 | |
825 | |
685 | rdlen -= txtlen + 1; |
826 | rdlen -= txtlen + 1; |
686 | } |
827 | } |
687 | |
|
|
688 | } |
828 | } |
689 | |
829 | |
|
|
830 | int client, rseqno; |
|
|
831 | decode_header (qname, client, rseqno); |
|
|
832 | |
|
|
833 | if (client != THISNODE->id) |
|
|
834 | { |
|
|
835 | slog (L_INFO, _("got dns tunnel response with wrong clientid, ignoring")); |
|
|
836 | datap = 0; |
|
|
837 | } |
|
|
838 | else if (rseqno != seqno) |
|
|
839 | { |
|
|
840 | slog (L_DEBUG, _("got dns tunnel response with wrong seqno, badly caching nameserver?")); |
|
|
841 | datap = 0; |
|
|
842 | } |
690 | } |
843 | } |
691 | } |
844 | } |
692 | |
845 | |
693 | // todo: pkt now used |
846 | // todo: pkt now used |
|
|
847 | if (datap) |
694 | c->dnsv4_receive_rep (new dns_rcv (seqno, data, datap - data)); |
848 | dns->receive_rep (new dns_rcv (seqno, data, datap - data)); |
695 | |
849 | |
696 | break; |
850 | break; |
697 | } |
851 | } |
698 | |
852 | |
699 | delete pkt; |
853 | delete pkt; |
… | |
… | |
730 | } |
884 | } |
731 | |
885 | |
732 | bool |
886 | bool |
733 | connection::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
887 | connection::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
734 | { |
888 | { |
735 | // never initialized |
889 | if (!dns) |
736 | if (!dns_snddq && !dns_rcvdq) |
890 | dns = new dns_connection (this); |
737 | { |
|
|
738 | dns_rcvdq = new byte_stream (MAX_BACKLOG * 2); |
|
|
739 | dns_snddq = new byte_stream (MAX_BACKLOG); |
|
|
740 | |
|
|
741 | //dns_rcvseq = dns_sndseq = 0; |
|
|
742 | |
|
|
743 | dns_si.set (::conf.dns_forw_host, ::conf.dns_forw_port, PROT_DNSv4); |
|
|
744 | } |
|
|
745 | |
891 | |
746 | if (!dns_snddq->put (pkt)) |
892 | if (!dns->snddq.put (pkt)) |
747 | return false; |
893 | return false; |
748 | |
894 | |
749 | // start timer if neccessary |
895 | // start timer if neccessary |
750 | if (!THISNODE->dns_port && !dnsv4_tw.active) |
896 | if (!THISNODE->dns_port && !dns->tw.active) |
751 | dnsv4_cb (dnsv4_tw); |
897 | dns->tw.trigger (); |
752 | |
898 | |
753 | return true; |
899 | return true; |
754 | } |
900 | } |
755 | |
901 | |
756 | void |
902 | void |
757 | connection::dnsv4_cb (time_watcher &w) |
903 | dns_connection::time_cb (time_watcher &w) |
758 | { |
904 | { |
759 | // check for timeouts and (re)transmit |
905 | // check for timeouts and (re)transmit |
760 | tstamp next = NOW + 60; |
906 | tstamp next = NOW + 60; |
761 | dns_req *send = 0; |
907 | dns_req *send = 0; |
762 | |
908 | |
… | |
… | |
771 | if (!send) |
917 | if (!send) |
772 | { |
918 | { |
773 | send = r; |
919 | send = r; |
774 | |
920 | |
775 | if (r->retry)//D |
921 | if (r->retry)//D |
776 | printf ("req %d, retry %d\n", r->pkt->id, r->retry); |
922 | printf ("req %d:%d, retry %d\n", r->seqno, r->pkt->id, r->retry); |
777 | r->retry++; |
923 | r->retry++; |
778 | r->next = NOW + r->retry; |
924 | r->next = NOW + r->retry; |
779 | } |
925 | } |
780 | } |
926 | } |
781 | |
927 | |
… | |
… | |
785 | |
931 | |
786 | if (!send |
932 | if (!send |
787 | && vpn->dns_sndpq.size () < MAX_OUTSTANDING) |
933 | && vpn->dns_sndpq.size () < MAX_OUTSTANDING) |
788 | { |
934 | { |
789 | send = new dns_req (this); |
935 | send = new dns_req (this); |
790 | send->gen_stream_req (dns_sndseq, dns_snddq); |
936 | send->gen_stream_req (sndseq, snddq); |
791 | vpn->dns_sndpq.push_back (send); |
937 | vpn->dns_sndpq.push_back (send); |
792 | |
938 | |
793 | dns_sndseq = (dns_sndseq + 1) & SEQNO_MASK; |
939 | sndseq = (sndseq + 1) & SEQNO_MASK; |
794 | } |
940 | } |
795 | |
941 | |
796 | tstamp min_next = NOW + (1. / (tstamp)MAX_RATE); |
942 | tstamp min_next = NOW + (1. / (tstamp)MAX_RATE); |
797 | |
943 | |
798 | if (send) |
944 | if (send) |
799 | { |
945 | { |
800 | dns_packet *pkt = send->pkt; |
946 | dns_packet *pkt = send->pkt; |
801 | |
947 | |
802 | next = min_next; |
948 | next = min_next; |
803 | |
949 | |
804 | sendto (vpn->dnsv4_fd, &((*pkt)[0]), pkt->len, 0, dns_si.sav4 (), dns_si.salenv4 ()); |
950 | sendto (vpn->dnsv4_fd, &((*pkt)[0]), pkt->len, 0, |
|
|
951 | vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ()); |
805 | } |
952 | } |
806 | else if (next < min_next) |
953 | else if (next < min_next) |
807 | next = min_next; |
954 | next = min_next; |
808 | |
955 | |
809 | w.start (next); |
956 | w.start (next); |