… | |
… | |
43 | |
43 | |
44 | #include "netcompat.h" |
44 | #include "netcompat.h" |
45 | |
45 | |
46 | #include "vpn.h" |
46 | #include "vpn.h" |
47 | |
47 | |
48 | #define MIN_POLL_INTERVAL .2 // how often to poll minimally when the server is having data |
48 | #define MIN_POLL_INTERVAL .02 // how often to poll minimally when the server has data |
49 | #define MAX_POLL_INTERVAL 6. // how often to poll minimally when the server has no data |
49 | #define MAX_POLL_INTERVAL 6. // how often to poll minimally when the server has no data |
50 | #define ACTIVITY_INTERVAL 5. |
50 | #define ACTIVITY_INTERVAL 5. |
51 | |
51 | |
52 | #define INITIAL_TIMEOUT 1. |
52 | #define INITIAL_TIMEOUT 1. // retry timeouts |
53 | #define INITIAL_SYN_TIMEOUT 2. |
53 | #define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn |
54 | |
54 | |
55 | #define MIN_SEND_INTERVAL 0.001 |
55 | #define MIN_SEND_INTERVAL 0.01 // wait at least this time between sending requests |
56 | #define MAX_SEND_INTERVAL 0.5 // optimistic? |
56 | #define MAX_SEND_INTERVAL 0.5 // optimistic? |
57 | |
57 | |
58 | #define MAX_OUTSTANDING 400 // max. outstanding requests |
58 | #define MAX_OUTSTANDING 40 // max. outstanding requests |
59 | #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING |
59 | #define MAX_WINDOW 100 // max. for MAX_OUTSTANDING |
60 | #define MAX_BACKLOG (100*1024) // size of protocol backlog, must be > MAXSIZE |
60 | #define MAX_BACKLOG (100*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE |
61 | |
61 | |
62 | #define MAX_DOMAIN_SIZE 220 // 255 is legal limit, but bind doesn't compress well |
62 | #define MAX_DOMAIN_SIZE 220 // 255 is legal limit, but bind doesn't compress well |
63 | // 240 leaves about 4 bytes of server reply data |
63 | // 240 leaves about 4 bytes of server reply data |
64 | // every two request byte sless give room for one reply byte |
64 | // every two request bytes less give room for one reply byte |
65 | |
65 | |
66 | #define SEQNO_MASK 0xffff |
66 | #define SEQNO_MASK 0xffff |
67 | #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) ) |
67 | #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) ) |
68 | |
68 | |
69 | #define MAX_LBL_SIZE 63 |
69 | #define MAX_LBL_SIZE 63 |
… | |
… | |
350 | return true; |
350 | return true; |
351 | } |
351 | } |
352 | |
352 | |
353 | vpn_packet *byte_stream::get () |
353 | vpn_packet *byte_stream::get () |
354 | { |
354 | { |
355 | int len = (data [0] << 8) | data [1]; |
355 | unsigned int len = (data [0] << 8) | data [1]; |
356 | |
356 | |
357 | if (len > MAXSIZE && fill >= 2) |
357 | if (len > MAXSIZE && fill >= 2) |
358 | abort (); // TODO handle this gracefully, connection reset |
358 | abort (); // TODO handle this gracefully, connection reset |
359 | |
359 | |
360 | if (fill < len + 2) |
360 | if (fill < len + 2) |
… | |
… | |
714 | if (r->datalen) |
714 | if (r->datalen) |
715 | { |
715 | { |
716 | last_received = NOW; |
716 | last_received = NOW; |
717 | tw.trigger (); |
717 | tw.trigger (); |
718 | |
718 | |
719 | poll_interval *= 0.99; |
719 | poll_interval = send_interval; |
720 | if (poll_interval > MIN_POLL_INTERVAL) |
|
|
721 | poll_interval = MIN_POLL_INTERVAL; |
|
|
722 | } |
720 | } |
723 | else |
721 | else |
724 | { |
722 | { |
725 | poll_interval *= 1.1; |
723 | poll_interval *= 1.1; |
726 | if (poll_interval > MAX_POLL_INTERVAL) |
724 | if (poll_interval > MAX_POLL_INTERVAL) |
… | |
… | |
788 | pkt.qdcount = htons (1); |
786 | pkt.qdcount = htons (1); |
789 | pkt.ancount = 0; |
787 | pkt.ancount = 0; |
790 | pkt.nscount = 0; // should be self, as other nameservers reply like this |
788 | pkt.nscount = 0; // should be self, as other nameservers reply like this |
791 | pkt.arcount = 0; // a record for self, as other nameservers reply like this |
789 | pkt.arcount = 0; // a record for self, as other nameservers reply like this |
792 | |
790 | |
793 | pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_NXDOMAIN); |
791 | pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_SERVFAIL); |
794 | |
792 | |
795 | int dlen = strlen (THISNODE->domain); |
793 | int dlen = strlen (THISNODE->domain); |
796 | |
794 | |
797 | if (qclass == RR_CLASS_IN |
795 | if (qclass == RR_CLASS_IN |
798 | && qlen > dlen + 1 |
796 | && qlen > dlen + 1 |
… | |
… | |
826 | if (SEQNO_EQ ((*i)->seqno, seqno)) |
824 | if (SEQNO_EQ ((*i)->seqno, seqno)) |
827 | { |
825 | { |
828 | // already seen that request: simply reply with the cached reply |
826 | // already seen that request: simply reply with the cached reply |
829 | dns_rcv *r = *i; |
827 | dns_rcv *r = *i; |
830 | |
828 | |
831 | printf ("DUPLICATE %d\n", htons (r->pkt->id));//D |
829 | slog (L_DEBUG, "DUPLICATE %d\n", htons (r->pkt->id)); |
832 | |
830 | |
833 | memcpy (pkt.at (0), r->pkt->at (0), offs = r->pkt->len); |
831 | memcpy (pkt.at (0), r->pkt->at (0), offs = r->pkt->len); |
834 | pkt.id = r->pkt->id; |
832 | pkt.id = r->pkt->id; |
835 | goto duplicate_request; |
833 | goto duplicate_request; |
836 | } |
834 | } |
… | |
… | |
872 | } |
870 | } |
873 | |
871 | |
874 | // avoid empty TXT rdata |
872 | // avoid empty TXT rdata |
875 | if (offs == rdlen_offs) |
873 | if (offs == rdlen_offs) |
876 | pkt[offs++] = 0; |
874 | pkt[offs++] = 0; |
|
|
875 | |
|
|
876 | slog (L_NOISE, "snddq %d", dns->snddq.size ()); |
877 | } |
877 | } |
878 | else |
878 | else |
879 | { |
879 | { |
880 | // send RST |
880 | // send RST |
881 | pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3; |
881 | pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3; |
… | |
… | |
953 | i != dns_sndpq.end (); |
953 | i != dns_sndpq.end (); |
954 | ++i) |
954 | ++i) |
955 | if ((*i)->pkt->id == pkt.id) |
955 | if ((*i)->pkt->id == pkt.id) |
956 | { |
956 | { |
957 | dns_connection *dns = (*i)->dns; |
957 | dns_connection *dns = (*i)->dns; |
|
|
958 | connection *c = dns->c; |
958 | int seqno = (*i)->seqno; |
959 | int seqno = (*i)->seqno; |
959 | u8 data[MAXSIZE], *datap = data; |
960 | u8 data[MAXSIZE], *datap = data; |
960 | |
961 | |
961 | if ((*i)->retry) |
962 | if ((*i)->retry) |
962 | { |
963 | { |
963 | dns->send_interval *= 1.01; |
964 | dns->send_interval *= 1.001; |
964 | if (dns->send_interval < MAX_SEND_INTERVAL) |
965 | if (dns->send_interval > MAX_SEND_INTERVAL) |
965 | dns->send_interval = MAX_SEND_INTERVAL; |
966 | dns->send_interval = MAX_SEND_INTERVAL; |
966 | } |
967 | } |
967 | else |
968 | else |
968 | { |
969 | { |
|
|
970 | #if 1 |
969 | dns->send_interval *= 0.99; |
971 | dns->send_interval *= 0.9999; |
|
|
972 | #endif |
970 | if (dns->send_interval < MIN_SEND_INTERVAL) |
973 | if (dns->send_interval < MIN_SEND_INTERVAL) |
971 | dns->send_interval = MIN_SEND_INTERVAL; |
974 | dns->send_interval = MIN_SEND_INTERVAL; |
972 | |
975 | |
973 | // the latency surely puts an upper bound on |
976 | // the latency surely puts an upper bound on |
974 | // the minimum send interval |
977 | // the minimum send interval |
|
|
978 | double latency = NOW - (*i)->sent; |
|
|
979 | |
975 | if (dns->send_interval > NOW - (*i)->sent) |
980 | if (dns->send_interval > latency) |
976 | dns->send_interval = NOW - (*i)->sent; |
981 | dns->send_interval = latency; |
977 | } |
982 | } |
978 | |
983 | |
979 | delete *i; |
984 | delete *i; |
980 | dns_sndpq.erase (i); |
985 | dns_sndpq.erase (i); |
981 | |
986 | |
… | |
… | |
1037 | |
1042 | |
1038 | if (ip [3] == CMD_IP_RST) |
1043 | if (ip [3] == CMD_IP_RST) |
1039 | { |
1044 | { |
1040 | slog (L_DEBUG, _("got tunnel RST request")); |
1045 | slog (L_DEBUG, _("got tunnel RST request")); |
1041 | |
1046 | |
1042 | connection *c = dns->c; |
|
|
1043 | delete c->dns; c->dns = 0; |
1047 | delete dns; c->dns = 0; |
1044 | |
1048 | |
1045 | return; |
1049 | return; |
1046 | } |
1050 | } |
1047 | else if (ip [3] == CMD_IP_SYN) |
1051 | else if (ip [3] == CMD_IP_SYN) |
|
|
1052 | { |
|
|
1053 | slog (L_DEBUG, _("got tunnel SYN reply, server likes us.")); |
1048 | dns->established = true; |
1054 | dns->established = true; |
|
|
1055 | } |
|
|
1056 | else if (ip [3] == CMD_IP_REJ) |
|
|
1057 | { |
|
|
1058 | slog (L_DEBUG, _("got tunnel REJ reply, server does not like us, aborting.")); |
|
|
1059 | abort (); |
|
|
1060 | } |
1049 | else |
1061 | else |
1050 | slog (L_INFO, _("got unknown meta command %02x"), ip [3]); |
1062 | slog (L_INFO, _("got unknown meta command %02x"), ip [3]); |
1051 | } |
1063 | } |
1052 | else |
1064 | else |
1053 | slog (L_INFO, _("got spurious a record %d.%d.%d.%d"), |
1065 | slog (L_INFO, _("got spurious a record %d.%d.%d.%d"), |
… | |
… | |
1118 | dns->tw.trigger (); |
1130 | dns->tw.trigger (); |
1119 | |
1131 | |
1120 | return true; |
1132 | return true; |
1121 | } |
1133 | } |
1122 | |
1134 | |
|
|
1135 | void |
|
|
1136 | connection::dnsv4_reset_connection () |
|
|
1137 | { |
|
|
1138 | //delete dns; dns = 0; //TODO |
|
|
1139 | } |
|
|
1140 | |
1123 | #define NEXT(w) do { if (next > (w)) next = w; } while (0) |
1141 | #define NEXT(w) do { if (next > (w)) next = w; } while (0) |
1124 | |
1142 | |
1125 | void |
1143 | void |
1126 | dns_connection::time_cb (time_watcher &w) |
1144 | dns_connection::time_cb (time_watcher &w) |
1127 | { |
1145 | { |
… | |
… | |
1182 | } |
1200 | } |
1183 | |
1201 | |
1184 | if (send) |
1202 | if (send) |
1185 | { |
1203 | { |
1186 | last_sent = NOW; |
1204 | last_sent = NOW; |
1187 | |
|
|
1188 | sendto (vpn->dnsv4_fd, |
1205 | sendto (vpn->dnsv4_fd, |
1189 | send->pkt->at (0), send->pkt->len, 0, |
1206 | send->pkt->at (0), send->pkt->len, 0, |
1190 | vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ()); |
1207 | vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ()); |
1191 | } |
1208 | } |
1192 | } |
1209 | } |
1193 | else |
1210 | else |
1194 | NEXT (last_sent + send_interval); |
1211 | NEXT (last_sent + send_interval); |
1195 | |
1212 | |
1196 | //printf ("pi %f si %f N %f (%d:%d)\n", poll_interval, send_interval, next - NOW, vpn->dns_sndpq.size (), snddq.size ()); |
1213 | slog (L_NOISE, "pi %f si %f N %f (%d:%d)", |
|
|
1214 | poll_interval, send_interval, next - NOW, |
|
|
1215 | vpn->dns_sndpq.size (), snddq.size ()); |
1197 | |
1216 | |
1198 | // TODO: no idea when this happens, but when next < NOW, we have a problem |
1217 | // TODO: no idea when this happens, but when next < NOW, we have a problem |
1199 | if (next < NOW + 0.0001) |
1218 | if (next < NOW + 0.0001) |
1200 | next = NOW + 0.1; |
1219 | next = NOW + 0.1; |
1201 | |
1220 | |