--- gvpe/src/vpn_dns.C 2005/03/14 17:40:01 1.30 +++ gvpe/src/vpn_dns.C 2005/07/09 20:29:29 1.40 @@ -16,9 +16,13 @@ You should have received a copy of the GNU General Public License along with gvpe; if not, write to the Free Software - Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +// TODO: EDNS0 option to increase dns mtu? +// TODO: re-write dns packet parsing/creation using a safe mem-buffer +// to ensure no buffer overflows or similar problems. + #include "config.h" #if ENABLE_DNS @@ -50,19 +54,16 @@ #define ACTIVITY_INTERVAL 5. #define INITIAL_TIMEOUT 0.1 // retry timeouts -#define INITIAL_SYN_TIMEOUT 10. // retry timeout for initial syn +#define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn -#define MIN_SEND_INTERVAL 0.001 // wait at least this time between sending requests #define MAX_SEND_INTERVAL 2. // optimistic? -#define LATENCY_FACTOR 0.5 // RTT * LATENCY_FACTOR == sending rate -#define MAX_OUTSTANDING 2 // max. outstanding requests #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING, and backlog -#define MAX_BACKLOG (100*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE +#define MAX_BACKLOG (64*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE #define MAX_DOMAIN_SIZE 240 // 255 is legal limit, but bind doesn't compress well // 240 leaves about 4 bytes of server reply data -// every two request bytes less give room for one reply byte +// every request byte less give room for two reply bytes #define SEQNO_MASK 0x3fff #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) ) @@ -462,6 +463,8 @@ bool dns_cfg::valid () { + // although the protocol itself allows for some configurability, + // only the following encoding/decoding settings are implemented. return id1 == 'G' && id2 == 'V' && id3 == 'P' @@ -555,7 +558,7 @@ vector rcvpq; - byte_stream rcvdq; int rcvseq; + byte_stream rcvdq; int rcvseq; int repseq; byte_stream snddq; int sndseq; void time_cb (time_watcher &w); time_watcher tw; @@ -722,14 +725,14 @@ dns_connection::dns_connection (connection *c) : c (c) , rcvdq (MAX_BACKLOG * 2) -, snddq (MAX_BACKLOG * 2) +, snddq (MAX_BACKLOG) , tw (this, &dns_connection::time_cb) { vpn = c->vpn; established = false; - rcvseq = sndseq = 0; + rcvseq = repseq = sndseq = 0; last_sent = last_received = 0; poll_interval = 0.5; // starting here @@ -793,7 +796,7 @@ while (vpn_packet *pkt = rcvdq.get ()) { sockinfo si; - si.host = 0x01010101; si.port = htons (c->conf->id); si.prot = PROT_DNSv4; + si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4; vpn->recv_vpn_packet (pkt, si); @@ -857,7 +860,6 @@ connection *c = conns [client - 1]; dns_connection *dns = c->dns; dns_rcv *rcv; - bool in_seq; if (dns) { @@ -878,8 +880,6 @@ goto duplicate_request; } - in_seq = dns->rcvseq == seqno; - // new packet, queue rcv = new dns_rcv (seqno, data, datalen); dns->receive_rep (rcv); @@ -906,22 +906,28 @@ // only put data into in-order sequence packets, if // we receive out-of-order packets we generate empty // replies - while (dlen > 1 && !dns->snddq.empty () && in_seq) + //printf ("%d - %d & %x (=%d) < %d\n", seqno, dns->repseq, SEQNO_MASK, (seqno - dns->repseq) & SEQNO_MASK, MAX_WINDOW);//D + if (((seqno - dns->repseq) & SEQNO_MASK) <= MAX_WINDOW) { - int txtlen = dlen <= 255 ? dlen - 1 : 255; - - if (txtlen > dns->snddq.size ()) - txtlen = dns->snddq.size (); + dns->repseq = seqno; - pkt[offs++] = txtlen; - memcpy (pkt.at (offs), dns->snddq.begin (), txtlen); - offs += txtlen; - dns->snddq.remove (txtlen); + while (dlen > 1 && !dns->snddq.empty ()) + { + int txtlen = dlen <= 255 ? dlen - 1 : 255; + + if (txtlen > dns->snddq.size ()) + txtlen = dns->snddq.size (); + + pkt[offs++] = txtlen; + memcpy (pkt.at (offs), dns->snddq.begin (), txtlen); + offs += txtlen; + dns->snddq.remove (txtlen); - dlen -= txtlen + 1; + dlen -= txtlen + 1; + } } - // avoid empty TXT rdata + // avoid completely empty TXT rdata if (offs == rdlen_offs) pkt[offs++] = 0; @@ -1030,11 +1036,11 @@ if (latency < dns->min_latency) dns->min_latency = latency; - if (dns->send_interval > dns->min_latency * LATENCY_FACTOR) - dns->send_interval = dns->min_latency * LATENCY_FACTOR; + if (dns->send_interval > dns->min_latency * conf.dns_overlap_factor) + dns->send_interval = dns->min_latency * conf.dns_overlap_factor; - if (dns->send_interval < MIN_SEND_INTERVAL) - dns->send_interval = MIN_SEND_INTERVAL; + if (dns->send_interval < conf.dns_send_interval) + dns->send_interval = conf.dns_send_interval; } delete *i; @@ -1177,7 +1183,7 @@ bool vpn::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) { - int client = ntohs (si.port); + int client = ntohl (si.host); assert (0 < client && client <= conns.size ()); @@ -1186,11 +1192,10 @@ if (!c->dns) c->dns = new dns_connection (c); - if (!c->dns->snddq.put (pkt)) - return false; - - c->dns->tw.trigger (); + if (c->dns->snddq.put (pkt)) + c->dns->tw.trigger (); + // always return true even if the buffer overflows return true; } @@ -1226,7 +1231,7 @@ send = r; r->retry++; - r->timeout = NOW + (r->retry * min_latency * 8.); + r->timeout = NOW + (r->retry * min_latency * conf.dns_timeout_factor); // the following code changes the query section a bit, forcing // the forwarder to generate a new request @@ -1255,7 +1260,7 @@ send->gen_syn_req (); } } - else if (vpn->dns_sndpq.size () < MAX_OUTSTANDING + else if (vpn->dns_sndpq.size () < conf.dns_max_outstanding && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1))) { if (last_sent + send_interval <= NOW) @@ -1269,7 +1274,7 @@ send = new dns_snd (this); send->gen_stream_req (sndseq, snddq); - send->timeout = NOW + min_latency * 8.; + send->timeout = NOW + min_latency * conf.dns_timeout_factor; sndseq = (sndseq + 1) & SEQNO_MASK; } @@ -1295,6 +1300,7 @@ rcvpq.size ()); // TODO: no idea when this happens, but when next < NOW, we have a problem + // doesn't seem to happen anymore if (next < NOW + 0.001) next = NOW + 0.1;