--- gvpe/src/vpn_dns.C 2005/03/14 17:40:01 1.30 +++ gvpe/src/vpn_dns.C 2006/11/22 21:26:41 1.41 @@ -16,9 +16,13 @@ You should have received a copy of the GNU General Public License along with gvpe; if not, write to the Free Software - Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +// TODO: EDNS0 option to increase dns mtu? +// TODO: re-write dns packet parsing/creation using a safe mem-buffer +// to ensure no buffer overflows or similar problems. + #include "config.h" #if ENABLE_DNS @@ -50,19 +54,16 @@ #define ACTIVITY_INTERVAL 5. #define INITIAL_TIMEOUT 0.1 // retry timeouts -#define INITIAL_SYN_TIMEOUT 10. // retry timeout for initial syn +#define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn -#define MIN_SEND_INTERVAL 0.001 // wait at least this time between sending requests #define MAX_SEND_INTERVAL 2. // optimistic? -#define LATENCY_FACTOR 0.5 // RTT * LATENCY_FACTOR == sending rate -#define MAX_OUTSTANDING 2 // max. outstanding requests #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING, and backlog -#define MAX_BACKLOG (100*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE +#define MAX_BACKLOG (64*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE #define MAX_DOMAIN_SIZE 240 // 255 is legal limit, but bind doesn't compress well // 240 leaves about 4 bytes of server reply data -// every two request bytes less give room for one reply byte +// every request byte less give room for two reply bytes #define SEQNO_MASK 0x3fff #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) ) @@ -462,6 +463,8 @@ bool dns_cfg::valid () { + // although the protocol itself allows for some configurability, + // only the following encoding/decoding settings are implemented. return id1 == 'G' && id2 == 'V' && id3 == 'P' @@ -555,7 +558,7 @@ vector rcvpq; - byte_stream rcvdq; int rcvseq; + byte_stream rcvdq; int rcvseq; int repseq; byte_stream snddq; int sndseq; void time_cb (time_watcher &w); time_watcher tw; @@ -722,14 +725,14 @@ dns_connection::dns_connection (connection *c) : c (c) , rcvdq (MAX_BACKLOG * 2) -, snddq (MAX_BACKLOG * 2) +, snddq (MAX_BACKLOG) , tw (this, &dns_connection::time_cb) { vpn = c->vpn; established = false; - rcvseq = sndseq = 0; + rcvseq = repseq = sndseq = 0; last_sent = last_received = 0; poll_interval = 0.5; // starting here @@ -770,6 +773,7 @@ for (vector::iterator i = rcvpq.end (); i-- != rcvpq.begin (); ) if (SEQNO_EQ (rcvseq, (*i)->seqno)) { + //printf ("seqno eq %x %x\n", rcvseq, (*i)->seqno);//D // enter the packet into our input stream r = *i; @@ -777,6 +781,7 @@ for (vector::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j) if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW)) { + //printf ("seqno RR %x %x\n", (*j)->seqno, rcvseq - MAX_WINDOW);//D delete *j; rcvpq.erase (j); break; @@ -793,7 +798,7 @@ while (vpn_packet *pkt = rcvdq.get ()) { sockinfo si; - si.host = 0x01010101; si.port = htons (c->conf->id); si.prot = PROT_DNSv4; + si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4; vpn->recv_vpn_packet (pkt, si); @@ -857,7 +862,6 @@ connection *c = conns [client - 1]; dns_connection *dns = c->dns; dns_rcv *rcv; - bool in_seq; if (dns) { @@ -878,8 +882,6 @@ goto duplicate_request; } - in_seq = dns->rcvseq == seqno; - // new packet, queue rcv = new dns_rcv (seqno, data, datalen); dns->receive_rep (rcv); @@ -906,22 +908,28 @@ // only put data into in-order sequence packets, if // we receive out-of-order packets we generate empty // replies - while (dlen > 1 && !dns->snddq.empty () && in_seq) + //printf ("%d - %d & %x (=%d) < %d\n", seqno, dns->repseq, SEQNO_MASK, (seqno - dns->repseq) & SEQNO_MASK, MAX_WINDOW);//D + if (((seqno - dns->repseq) & SEQNO_MASK) <= MAX_WINDOW) { - int txtlen = dlen <= 255 ? dlen - 1 : 255; + dns->repseq = seqno; - if (txtlen > dns->snddq.size ()) - txtlen = dns->snddq.size (); + while (dlen > 1 && !dns->snddq.empty ()) + { + int txtlen = dlen <= 255 ? dlen - 1 : 255; + + if (txtlen > dns->snddq.size ()) + txtlen = dns->snddq.size (); + + pkt[offs++] = txtlen; + memcpy (pkt.at (offs), dns->snddq.begin (), txtlen); + offs += txtlen; + dns->snddq.remove (txtlen); - pkt[offs++] = txtlen; - memcpy (pkt.at (offs), dns->snddq.begin (), txtlen); - offs += txtlen; - dns->snddq.remove (txtlen); - - dlen -= txtlen + 1; + dlen -= txtlen + 1; + } } - // avoid empty TXT rdata + // avoid completely empty TXT rdata if (offs == rdlen_offs) pkt[offs++] = 0; @@ -1011,6 +1019,7 @@ connection *c = dns->c; int seqno = (*i)->seqno; u8 data[MAXSIZE], *datap = data; + //printf ("rcv pkt %x\n", seqno);//D if ((*i)->retry) { @@ -1030,11 +1039,11 @@ if (latency < dns->min_latency) dns->min_latency = latency; - if (dns->send_interval > dns->min_latency * LATENCY_FACTOR) - dns->send_interval = dns->min_latency * LATENCY_FACTOR; + if (dns->send_interval > dns->min_latency * conf.dns_overlap_factor) + dns->send_interval = dns->min_latency * conf.dns_overlap_factor; - if (dns->send_interval < MIN_SEND_INTERVAL) - dns->send_interval = MIN_SEND_INTERVAL; + if (dns->send_interval < conf.dns_send_interval) + dns->send_interval = conf.dns_send_interval; } delete *i; @@ -1177,7 +1186,7 @@ bool vpn::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) { - int client = ntohs (si.port); + int client = ntohl (si.host); assert (0 < client && client <= conns.size ()); @@ -1186,11 +1195,10 @@ if (!c->dns) c->dns = new dns_connection (c); - if (!c->dns->snddq.put (pkt)) - return false; - - c->dns->tw.trigger (); + if (c->dns->snddq.put (pkt)) + c->dns->tw.trigger (); + // always return true even if the buffer overflows return true; } @@ -1226,15 +1234,13 @@ send = r; r->retry++; - r->timeout = NOW + (r->retry * min_latency * 8.); + r->timeout = NOW + (r->retry * min_latency * conf.dns_timeout_factor); + //printf ("RETRY %x (%d, %f)\n", r->seqno, r->retry, r->timeout - NOW);//D // the following code changes the query section a bit, forcing // the forwarder to generate a new request if (r->stdhdr) - { - //printf ("reencoded header for ID %d retry %d:%d:%d (%p)\n", htons (r->pkt->id), THISNODE->id, r->seqno, r->retry); - //encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry); - } + encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry); } } else @@ -1255,7 +1261,7 @@ send->gen_syn_req (); } } - else if (vpn->dns_sndpq.size () < MAX_OUTSTANDING + else if (vpn->dns_sndpq.size () < conf.dns_max_outstanding && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1))) { if (last_sent + send_interval <= NOW) @@ -1269,7 +1275,8 @@ send = new dns_snd (this); send->gen_stream_req (sndseq, snddq); - send->timeout = NOW + min_latency * 8.; + send->timeout = NOW + min_latency * conf.dns_timeout_factor; + //printf ("SEND %x (%f)\n", send->seqno, send->timeout - NOW, min_latency, conf.dns_timeout_factor);//D sndseq = (sndseq + 1) & SEQNO_MASK; } @@ -1295,6 +1302,7 @@ rcvpq.size ()); // TODO: no idea when this happens, but when next < NOW, we have a problem + // doesn't seem to happen anymore if (next < NOW + 0.001) next = NOW + 0.1;