[ViewVC] Diff of: cvs/gvpe/src/vpn

Comparing gvpe/src/vpn_dns.C (file contents):
Revision 1.46 by pcg, Thu Dec 6 00:35:29 2007 UTC vs.
Revision 1.50 by root, Sun Mar 6 13:49:50 2011 UTC

…		…
1	/*	1	/*
2	vpn_dns.C -- handle the dns tunnel part of the protocol.	2	vpn_dns.C -- handle the dns tunnel part of the protocol.
3	Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de>	3	Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
4		4
5	This file is part of GVPE.	5	This file is part of GVPE.
6		6
7	GVPE is free software; you can redistribute it and/or modify	7	GVPE is free software; you can redistribute it and/or modify it
8	it under the terms of the GNU General Public License as published by	8	under the terms of the GNU General Public License as published by the
9	the Free Software Foundation; either version 2 of the License, or	9	Free Software Foundation; either version 3 of the License, or (at your
10	(at your option) any later version.	10	option) any later version.
11		11
12	This program is distributed in the hope that it will be useful,	12	This program is distributed in the hope that it will be useful, but
13	but WITHOUT ANY WARRANTY; without even the implied warranty of	13	WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15	GNU General Public License for more details.	15	Public License for more details.
16		16
17	You should have received a copy of the GNU General Public License	17	You should have received a copy of the GNU General Public License along
18	along with gvpe; if not, write to the Free Software	18	with this program; if not, see <http://www.gnu.org/licenses/>.
19	Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA	19
		20	Additional permission under GNU GPL version 3 section 7
		21
		22	If you modify this Program, or any covered work, by linking or
		23	combining it with the OpenSSL project's OpenSSL library (or a modified
		24	version of that library), containing parts covered by the terms of the
		25	OpenSSL or SSLeay licenses, the licensors of this Program grant you
		26	additional permission to convey the resulting work. Corresponding
		27	Source for a non-source form of such a combination shall include the
		28	source code for the parts of OpenSSL used as well as that of the
		29	covered work.
20	*/	30	*/
21		31
22	// TODO: EDNS0 option to increase dns mtu?	32	// TODO: EDNS0 option to increase dns mtu?
23	// TODO: re-write dns packet parsing/creation using a safe mem-buffer	33	// TODO: re-write dns packet parsing/creation using a safe mem-buffer
24	// to ensure no buffer overflows or similar problems.	34	// to ensure no buffer overflows or similar problems.
73	#define MAX_PKT_SIZE 512	83	#define MAX_PKT_SIZE 512
74		84
75	#define RR_TYPE_A 1	85	#define RR_TYPE_A 1
76	#define RR_TYPE_NULL 10	86	#define RR_TYPE_NULL 10
77	#define RR_TYPE_TXT 16	87	#define RR_TYPE_TXT 16
		88	#define RR_TYPE_AAAA 28
78	#define RR_TYPE_ANY 255	89	#define RR_TYPE_ANY 255
79		90
80	#define RR_CLASS_IN 1	91	#define RR_CLASS_IN 1
81		92
82	#define CMD_IP_1 207	93	#define CMD_IP_1 207
…		…
106	memset (enc, (char) 0, 256);	117	memset (enc, (char) 0, 256);
107	memset (dec, (char)INVALID, 256);	118	memset (dec, (char)INVALID, 256);
108		119
109	for (size = 0; cmap [size]; size++)	120	for (size = 0; cmap [size]; size++)
110	{	121	{
		122	char c = cmap [size];
		123
111	enc [size] = cmap [size];	124	enc [size] = c;
112	dec [(u8)enc [size]] = size;	125	dec [(u8)c] = size;
		126
		127	// allow lowercase/uppercase aliases if possible
		128	if (c >= 'A' && c <= 'Z' && dec [c + ('a' - 'A')] == INVALID) dec [c + ('a' - 'A')] = size;
		129	if (c >= 'a' && c <= 'z' && dec [c - ('a' - 'A')] == INVALID) dec [c - ('a' - 'A')] = size;
113	}	130	}
114		131
115	assert (size < 256);	132	assert (size < 256);
116	}	133	}
117		134
…		…
157	enc_len [len] = n;	174	enc_len [len] = n;
158	dec_len [n] = len;	175	dec_len [n] = len;
159	}	176	}
160	}	177	}
161		178
		179	unsigned int
162	unsigned int basecoder::encode_len (unsigned int len)	180	basecoder::encode_len (unsigned int len)
163	{	181	{
164	return enc_len [len];	182	return enc_len [len];
165	}	183	}
166		184
		185	unsigned int
167	unsigned int basecoder::decode_len (unsigned int len)	186	basecoder::decode_len (unsigned int len)
168	{	187	{
169	while (len && !dec_len [len])	188	while (len && !dec_len [len])
170	--len;	189	--len;
171		190
172	return dec_len [len];	191	return dec_len [len];
173	}	192	}
174		193
		194	unsigned int
175	unsigned int basecoder::encode (char dst, u8 src, unsigned int len)	195	basecoder::encode (char dst, u8 src, unsigned int len)
176	{	196	{
177	if (!len \|\| len > MAX_DEC_LEN)	197	if (!len \|\| len > MAX_DEC_LEN)
178	return 0;	198	return 0;
179		199
180	int elen = encode_len (len);	200	int elen = encode_len (len);
…		…
199	*dst++ = cmap.encode [dst_ [i]];	219	*dst++ = cmap.encode [dst_ [i]];
200		220
201	return elen;	221	return elen;
202	}	222	}
203		223
		224	unsigned int
204	unsigned int basecoder::decode (u8 dst, char src, unsigned int len)	225	basecoder::decode (u8 dst, char src, unsigned int len)
205	{	226	{
206	if (!len \|\| len > MAX_ENC_LEN)	227	if (!len \|\| len > MAX_ENC_LEN)
207	return 0;	228	return 0;
208		229
209	u8 src_ [MAX_ENC_LEN];	230	u8 src_ [MAX_ENC_LEN];
…		…
268		289
269	/////////////////////////////////////////////////////////////////////////////	290	/////////////////////////////////////////////////////////////////////////////
270		291
271	#define HDRSIZE 6	292	#define HDRSIZE 6
272		293
		294	inline void
273	inline void encode_header (char *data, int clientid, int seqno, int retry = 0)	295	encode_header (char *data, int clientid, int seqno, int retry = 0)
274	{	296	{
275	seqno &= SEQNO_MASK;	297	seqno &= SEQNO_MASK;
276		298
277	u8 hdr[3] = {	299	u8 hdr[3] = {
278	clientid,	300	clientid,
…		…
283	assert (clientid < 256);	305	assert (clientid < 256);
284		306
285	cdc26.encode (data, hdr, 3);	307	cdc26.encode (data, hdr, 3);
286	}	308	}
287		309
		310	inline void
288	inline void decode_header (char *data, int &clientid, int &seqno)	311	decode_header (char *data, int &clientid, int &seqno)
289	{	312	{
290	u8 hdr[3];	313	u8 hdr[3];
291		314
292	cdc26.decode (hdr, data, HDRSIZE);	315	cdc26.decode (hdr, data, HDRSIZE);
293		316
…		…
326	byte_stream::~byte_stream ()	349	byte_stream::~byte_stream ()
327	{	350	{
328	delete data;	351	delete data;
329	}	352	}
330		353
		354	void
331	void byte_stream::remove (int count)	355	byte_stream::remove (int count)
332	{	356	{
333	if (count > fill)	357	if (count > fill)
334	assert (count <= fill);	358	assert (count <= fill);
335		359
336	memmove (data, data + count, fill -= count);	360	memmove (data, data + count, fill -= count);
337	}	361	}
338		362
		363	bool
339	bool byte_stream::put (u8 *data, unsigned int datalen)	364	byte_stream::put (u8 *data, unsigned int datalen)
340	{	365	{
341	if (maxsize - fill < datalen)	366	if (maxsize - fill < datalen)
342	return false;	367	return false;
343		368
344	memcpy (this->data + fill, data, datalen); fill += datalen;	369	memcpy (this->data + fill, data, datalen); fill += datalen;
345		370
346	return true;	371	return true;
347	}	372	}
348		373
		374	bool
349	bool byte_stream::put (vpn_packet *pkt)	375	byte_stream::put (vpn_packet *pkt)
350	{	376	{
351	if (maxsize - fill < pkt->len + 2)	377	if (maxsize - fill < pkt->len + 2)
352	return false;	378	return false;
353		379
354	data [fill++] = pkt->len >> 8;	380	data [fill++] = pkt->len >> 8;
…		…
436	bool valid ();	462	bool valid ();
437	};	463	};
438		464
439	int dns_cfg::next_uid;	465	int dns_cfg::next_uid;
440		466
		467	void
441	void dns_cfg::reset (int clientid)	468	dns_cfg::reset (int clientid)
442	{	469	{
443	id1 = 'G';	470	id1 = 'G';
444	id2 = 'V';	471	id2 = 'V';
445	id3 = 'P';	472	id3 = 'P';
446	id4 = 'E';	473	id4 = 'E';
…		…
460		487
461	r3 = r4 = 0;	488	r3 = r4 = 0;
462	r4 = r5 = r6 = r7 = 0;	489	r4 = r5 = r6 = r7 = 0;
463	}	490	}
464		491
		492	bool
465	bool dns_cfg::valid ()	493	dns_cfg::valid ()
466	{	494	{
467	// although the protocol itself allows for some configurability,	495	// although the protocol itself allows for some configurability,
468	// only the following encoding/decoding settings are implemented.	496	// only the following encoding/decoding settings are implemented.
469	return id1 == 'G'	497	return id1 == 'G'
470	&& id2 == 'V'	498	&& id2 == 'V'
…		…
485	u8 data [MAXSIZE - 6 * 2];	513	u8 data [MAXSIZE - 6 * 2];
486		514
487	int decode_label (char *data, int size, int &offs);	515	int decode_label (char *data, int size, int &offs);
488	};	516	};
489		517
		518	int
490	int dns_packet::decode_label (char *data, int size, int &offs)	519	dns_packet::decode_label (char *data, int size, int &offs)
491	{	520	{
492	char *orig = data;	521	char *orig = data;
493		522
494	memset (data, 0, size);	523	memset (data, 0, size);
495		524
…		…
521	return data - orig;	550	return data - orig;
522	}	551	}
523		552
524	/////////////////////////////////////////////////////////////////////////////	553	/////////////////////////////////////////////////////////////////////////////
525		554
		555	static
		556	u16 next_id ()
		557	{
526	static u16 dns_id = 0; // TODO: should be per-vpn	558	static u16 dns_id = 0; // TODO: should be per-vpn
527		559
528	static u16 next_id ()
529	{
530	if (!dns_id)	560	if (!dns_id)
531	dns_id = time (0);	561	dns_id = time (0);
532		562
533	// the simplest lsfr with periodicity 65535 i could find	563	// the simplest lsfr with periodicity 65535 i could find
534	dns_id = (dns_id << 1)	564	dns_id = (dns_id << 1)
…		…
602	dns_snd::~dns_snd ()	632	dns_snd::~dns_snd ()
603	{	633	{
604	delete pkt;	634	delete pkt;
605	}	635	}
606		636
		637	static void
607	static void append_domain (dns_packet &pkt, int &offs, const char *domain)	638	append_domain (dns_packet &pkt, int &offs, const char *domain)
608	{	639	{
609	// add tunnel domain	640	// add tunnel domain
610	for (;;)	641	for (;;)
611	{	642	{
612	const char *end = strchr (domain, '.');	643	const char *end = strchr (domain, '.');
…		…
625		656
626	domain = end + 1;	657	domain = end + 1;
627	}	658	}
628	}	659	}
629		660
		661	void
630	void dns_snd::gen_stream_req (int seqno, byte_stream &stream)	662	dns_snd::gen_stream_req (int seqno, byte_stream &stream)
631	{	663	{
632	stdhdr = true;	664	stdhdr = true;
633	this->seqno = seqno;	665	this->seqno = seqno;
634		666
635	timeout = ev_now () + INITIAL_TIMEOUT;	667	timeout = ev_now () + INITIAL_TIMEOUT;
…		…
673	(pkt)[offs++] = RR_CLASS_IN >> 8; (pkt)[offs++] = RR_CLASS_IN;	705	(pkt)[offs++] = RR_CLASS_IN >> 8; (pkt)[offs++] = RR_CLASS_IN;
674		706
675	pkt->len = offs;	707	pkt->len = offs;
676	}	708	}
677		709
		710	void
678	void dns_snd::gen_syn_req ()	711	dns_snd::gen_syn_req ()
679	{	712	{
680	timeout = ev_now () + INITIAL_SYN_TIMEOUT;	713	timeout = ev_now () + INITIAL_SYN_TIMEOUT;
681		714
682	pkt->flags = htons (DEFAULT_CLIENT_FLAGS);	715	pkt->flags = htons (DEFAULT_CLIENT_FLAGS);
683	pkt->qdcount = htons (1);	716	pkt->qdcount = htons (1);
…		…
748	i != rcvpq.end ();	781	i != rcvpq.end ();
749	++i)	782	++i)
750	delete *i;	783	delete *i;
751	}	784	}
752		785
		786	void
753	void dns_connection::receive_rep (dns_rcv *r)	787	dns_connection::receive_rep (dns_rcv *r)
754	{	788	{
755	if (r->datalen)	789	if (r->datalen)
756	{	790	{
757	last_received = ev_now ();	791	last_received = ev_now ();
758	tw ();	792	tw ();
…		…
791		825
792	rcvseq = (rcvseq + 1) & SEQNO_MASK;	826	rcvseq = (rcvseq + 1) & SEQNO_MASK;
793		827
794	if (!rcvdq.put (r->data, r->datalen))	828	if (!rcvdq.put (r->data, r->datalen))
795	{	829	{
		830	// MUST never overflow, can be caused by data corruption, TODO
796	slog (L_ERR, "DNS: !rcvdq.put (r->data, r->datalen)");	831	slog (L_CRIT, "DNS: !rcvdq.put (r->data, r->datalen)");
797	abort (); // MUST never overflow, can be caused by data corruption, TODO	832	c->dnsv4_reset_connection ();
		833	return;
798	}	834	}
799		835
800	while (vpn_packet *pkt = rcvdq.get ())	836	while (vpn_packet *pkt = rcvdq.get ())
801	{	837	{
802	sockinfo si;	838	sockinfo si;
803	si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4;	839	si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4;
804		840
805	vpn->recv_vpn_packet (pkt, si);	841	vpn->recv_vpn_packet (pkt, si);
806
807	delete pkt;	842	delete pkt;
808	}	843	}
809		844
810	// check for further packets	845	// check for further packets
811	goto redo;	846	goto redo;
…		…
1109		1144
1110	if (ip [3] == CMD_IP_RST)	1145	if (ip [3] == CMD_IP_RST)
1111	{	1146	{
1112	slog (L_DEBUG, _("DNS: got tunnel RST request"));	1147	slog (L_DEBUG, _("DNS: got tunnel RST request"));
1113		1148
1114	delete dns; c->dns = 0;	1149	c->dnsv4_reset_connection ();
1115
1116	return;
1117	}	1150	}
1118	else if (ip [3] == CMD_IP_SYN)	1151	else if (ip [3] == CMD_IP_SYN)
1119	{	1152	{
1120	slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us."));	1153	slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us."));
1121	dns->established = true;	1154	dns->established = true;
1122	}	1155	}
1123	else if (ip [3] == CMD_IP_REJ)	1156	else if (ip [3] == CMD_IP_REJ)
1124	{
1125	slog (L_DEBUG, _("DNS: got tunnel REJ reply, server does not like us, aborting."));	1157	slog (L_ERR, _("DNS: got tunnel REJ reply, server does not like us."));
1126	abort ();
1127	}
1128	else	1158	else
1129	slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]);	1159	slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]);
1130	}	1160	}
1131	else	1161	else
1132	slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"),	1162	slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"),

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/vpn_dns.C (file contents): Revision 1.46 by pcg, Thu Dec 6 00:35:29 2007 UTC vs. Revision 1.50 by root, Sun Mar 6 13:49:50 2011 UTC

Diff Legend

Comparing gvpe/src/vpn_dns.C (file contents):
Revision 1.46 by pcg, Thu Dec 6 00:35:29 2007 UTC vs.
Revision 1.50 by root, Sun Mar 6 13:49:50 2011 UTC