1 | /* |
1 | /* |
2 | vpn_dns.C -- handle the dns tunnel part of the protocol. |
2 | vpn_dns.C -- handle the dns tunnel part of the protocol. |
3 | Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
4 | |
4 | |
5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
6 | |
6 | |
7 | GVPE is free software; you can redistribute it and/or modify |
7 | GVPE is free software; you can redistribute it and/or modify it |
8 | it under the terms of the GNU General Public License as published by |
8 | under the terms of the GNU General Public License as published by the |
9 | the Free Software Foundation; either version 2 of the License, or |
9 | Free Software Foundation; either version 3 of the License, or (at your |
10 | (at your option) any later version. |
10 | option) any later version. |
11 | |
11 | |
12 | This program is distributed in the hope that it will be useful, |
12 | This program is distributed in the hope that it will be useful, but |
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
15 | GNU General Public License for more details. |
15 | Public License for more details. |
16 | |
16 | |
17 | You should have received a copy of the GNU General Public License |
17 | You should have received a copy of the GNU General Public License along |
18 | along with gvpe; if not, write to the Free Software |
18 | with this program; if not, see <http://www.gnu.org/licenses/>. |
19 | Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
19 | |
|
|
20 | Additional permission under GNU GPL version 3 section 7 |
|
|
21 | |
|
|
22 | If you modify this Program, or any covered work, by linking or |
|
|
23 | combining it with the OpenSSL project's OpenSSL library (or a modified |
|
|
24 | version of that library), containing parts covered by the terms of the |
|
|
25 | OpenSSL or SSLeay licenses, the licensors of this Program grant you |
|
|
26 | additional permission to convey the resulting work. Corresponding |
|
|
27 | Source for a non-source form of such a combination shall include the |
|
|
28 | source code for the parts of OpenSSL used as well as that of the |
|
|
29 | covered work. |
20 | */ |
30 | */ |
|
|
31 | |
|
|
32 | // TODO: EDNS0 option to increase dns mtu? |
|
|
33 | // TODO: re-write dns packet parsing/creation using a safe mem-buffer |
|
|
34 | // to ensure no buffer overflows or similar problems. |
21 | |
35 | |
22 | #include "config.h" |
36 | #include "config.h" |
23 | |
37 | |
24 | #if ENABLE_DNS |
38 | #if ENABLE_DNS |
25 | |
39 | |
26 | // dns processing is EXTREMELY ugly. For obvious(?) reasons. |
40 | // dns processing is EXTREMELY ugly. For obvious(?) reasons. |
27 | // it's a hack, use only in emergency situations please. |
41 | // it's a hack, use only in emergency situations please. |
28 | |
42 | |
29 | #include <cstring> |
43 | #include <cstring> |
|
|
44 | #include <cassert> |
30 | |
45 | |
31 | #include <sys/types.h> |
46 | #include <sys/types.h> |
32 | #include <sys/socket.h> |
47 | #include <sys/socket.h> |
33 | #include <sys/wait.h> |
48 | #include <sys/wait.h> |
34 | #include <sys/uio.h> |
49 | #include <sys/uio.h> |
… | |
… | |
37 | #include <unistd.h> |
52 | #include <unistd.h> |
38 | #include <fcntl.h> |
53 | #include <fcntl.h> |
39 | |
54 | |
40 | #include <map> |
55 | #include <map> |
41 | |
56 | |
|
|
57 | #include <cstdio> /* bug in libgmp: gmp.h relies on cstdio being included */ |
42 | #include <gmp.h> |
58 | #include <gmp.h> |
43 | |
59 | |
44 | #include "netcompat.h" |
60 | #include "netcompat.h" |
45 | |
61 | |
46 | #include "vpn.h" |
62 | #include "vpn.h" |
47 | |
63 | |
48 | #define MIN_RETRY 1. |
64 | #define MAX_POLL_INTERVAL 5. // how often to poll minimally when the server has no data |
49 | #define MAX_RETRY 6. |
65 | #define ACTIVITY_INTERVAL 5. |
50 | |
66 | |
51 | #define MAX_OUTSTANDING 400 // max. outstanding requests |
67 | #define INITIAL_TIMEOUT 0.1 // retry timeouts |
|
|
68 | #define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn |
|
|
69 | |
|
|
70 | #define MAX_SEND_INTERVAL 2. // optimistic? |
|
|
71 | |
52 | #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING |
72 | #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING, and backlog |
53 | #define MAX_RATE 100 // requests/s |
|
|
54 | #define MAX_BACKLOG (10*1024) // size of protocol backlog, must be > MAXSIZE |
73 | #define MAX_BACKLOG (64*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE |
55 | |
74 | |
56 | #define MAX_DOMAIN_SIZE 220 // 255 is legal limit, but bind doesn't compress well |
75 | #define MAX_DOMAIN_SIZE 240 // 255 is legal limit, but bind doesn't compress well |
57 | // 240 leaves about 4 bytes of server reply data |
76 | // 240 leaves about 4 bytes of server reply data |
58 | // every two request byte sless give room for one reply byte |
77 | // every request byte less give room for two reply bytes |
59 | |
78 | |
60 | #define SEQNO_MASK 0xffff |
79 | #define SEQNO_MASK 0x3fff |
61 | #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) ) |
80 | #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) ) |
62 | |
81 | |
63 | #define MAX_LBL_SIZE 63 |
82 | #define MAX_LBL_SIZE 63 |
64 | #define MAX_PKT_SIZE 512 |
83 | #define MAX_PKT_SIZE 512 |
65 | |
84 | |
|
|
85 | #define RR_TYPE_A 1 |
|
|
86 | #define RR_TYPE_NULL 10 |
66 | #define RR_TYPE_TXT 16 |
87 | #define RR_TYPE_TXT 16 |
67 | #define RR_TYPE_ANY 255 |
88 | #define RR_TYPE_ANY 255 |
|
|
89 | |
68 | #define RR_CLASS_IN 1 |
90 | #define RR_CLASS_IN 1 |
|
|
91 | |
|
|
92 | #define CMD_IP_1 207 |
|
|
93 | #define CMD_IP_2 46 |
|
|
94 | #define CMD_IP_3 236 |
|
|
95 | #define CMD_IP_RST 29 |
|
|
96 | #define CMD_IP_SYN 113 |
|
|
97 | #define CMD_IP_REJ 32 |
69 | |
98 | |
70 | // works for cmaps up to 255 (not 256!) |
99 | // works for cmaps up to 255 (not 256!) |
71 | struct charmap |
100 | struct charmap |
72 | { |
101 | { |
73 | enum { INVALID = (u8)255 }; |
102 | enum { INVALID = (u8)255 }; |
… | |
… | |
153 | return dec_len [len]; |
182 | return dec_len [len]; |
154 | } |
183 | } |
155 | |
184 | |
156 | unsigned int basecoder::encode (char *dst, u8 *src, unsigned int len) |
185 | unsigned int basecoder::encode (char *dst, u8 *src, unsigned int len) |
157 | { |
186 | { |
158 | if (!len) |
187 | if (!len || len > MAX_DEC_LEN) |
159 | return 0; |
188 | return 0; |
160 | |
189 | |
161 | int elen = encode_len (len); |
190 | int elen = encode_len (len); |
162 | |
191 | |
163 | mp_limb_t m [MAX_LIMBS]; |
192 | mp_limb_t m [MAX_LIMBS]; |
… | |
… | |
182 | return elen; |
211 | return elen; |
183 | } |
212 | } |
184 | |
213 | |
185 | unsigned int basecoder::decode (u8 *dst, char *src, unsigned int len) |
214 | unsigned int basecoder::decode (u8 *dst, char *src, unsigned int len) |
186 | { |
215 | { |
187 | if (!len) |
216 | if (!len || len > MAX_ENC_LEN) |
188 | return 0; |
217 | return 0; |
189 | |
218 | |
190 | u8 src_ [MAX_ENC_LEN]; |
219 | u8 src_ [MAX_ENC_LEN]; |
191 | unsigned int elen = 0; |
220 | unsigned int elen = 0; |
192 | |
221 | |
… | |
… | |
239 | } |
268 | } |
240 | abort (); |
269 | abort (); |
241 | } |
270 | } |
242 | #endif |
271 | #endif |
243 | |
272 | |
244 | // the following sequence has been crafted to |
273 | //static basecoder cdc64 ("_dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI-"); |
245 | // a) look somewhat random |
|
|
246 | // b) the even (and odd) indices never share the same character as upper/lowercase |
|
|
247 | // the "_" is not valid but widely accepted (all octets should be supported, but let's be conservative) |
|
|
248 | // the other sequences are obviously derived |
|
|
249 | //static basecoder cdc63 ("_dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); |
274 | //static basecoder cdc63 ("_dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); |
250 | static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); |
275 | static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); |
251 | //static basecoder cdc36 ("dphzr06qmjkb34tsvl81xaef92wgyo57ucni"); // unused as of yet |
276 | //static basecoder cdc36 ("dphzr06qmjkb34tsvl81xaef92wgyo57ucni"); // unused as of yet |
252 | static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyO"); |
277 | static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyO"); |
253 | |
278 | |
254 | ///////////////////////////////////////////////////////////////////////////// |
279 | ///////////////////////////////////////////////////////////////////////////// |
255 | |
280 | |
256 | #define HDRSIZE 6 |
281 | #define HDRSIZE 6 |
257 | |
282 | |
258 | inline void encode_header (char *data, int clientid, int seqno) |
283 | inline void encode_header (char *data, int clientid, int seqno, int retry = 0) |
259 | { |
284 | { |
260 | u8 hdr[3] = { clientid, seqno >> 8, seqno }; |
285 | seqno &= SEQNO_MASK; |
|
|
286 | |
|
|
287 | u8 hdr[3] = { |
|
|
288 | clientid, |
|
|
289 | (seqno >> 8) | (retry << 6), |
|
|
290 | seqno, |
|
|
291 | }; |
261 | |
292 | |
262 | assert (clientid < 256); |
293 | assert (clientid < 256); |
263 | |
294 | |
264 | cdc26.encode (data, hdr, 3); |
295 | cdc26.encode (data, hdr, 3); |
265 | } |
296 | } |
… | |
… | |
269 | u8 hdr[3]; |
300 | u8 hdr[3]; |
270 | |
301 | |
271 | cdc26.decode (hdr, data, HDRSIZE); |
302 | cdc26.decode (hdr, data, HDRSIZE); |
272 | |
303 | |
273 | clientid = hdr[0]; |
304 | clientid = hdr[0]; |
274 | seqno = (hdr[1] << 8) | hdr[2]; |
305 | seqno = ((hdr[1] << 8) | hdr[2]) & SEQNO_MASK; |
275 | } |
306 | } |
276 | |
307 | |
277 | ///////////////////////////////////////////////////////////////////////////// |
308 | ///////////////////////////////////////////////////////////////////////////// |
278 | |
309 | |
279 | struct byte_stream |
310 | struct byte_stream |
… | |
… | |
308 | } |
339 | } |
309 | |
340 | |
310 | void byte_stream::remove (int count) |
341 | void byte_stream::remove (int count) |
311 | { |
342 | { |
312 | if (count > fill) |
343 | if (count > fill) |
313 | abort (); |
344 | assert (count <= fill); |
314 | |
345 | |
315 | memmove (data, data + count, fill -= count); |
346 | memmove (data, data + count, fill -= count); |
316 | } |
347 | } |
317 | |
348 | |
318 | bool byte_stream::put (u8 *data, unsigned int datalen) |
349 | bool byte_stream::put (u8 *data, unsigned int datalen) |
… | |
… | |
331 | return false; |
362 | return false; |
332 | |
363 | |
333 | data [fill++] = pkt->len >> 8; |
364 | data [fill++] = pkt->len >> 8; |
334 | data [fill++] = pkt->len; |
365 | data [fill++] = pkt->len; |
335 | |
366 | |
336 | memcpy (data + fill, &((*pkt)[0]), pkt->len); fill += pkt->len; |
367 | memcpy (data + fill, pkt->at (0), pkt->len); fill += pkt->len; |
337 | |
368 | |
338 | return true; |
369 | return true; |
339 | } |
370 | } |
340 | |
371 | |
341 | vpn_packet *byte_stream::get () |
372 | vpn_packet *byte_stream::get () |
342 | { |
373 | { |
|
|
374 | unsigned int len; |
|
|
375 | |
|
|
376 | for (;;) |
|
|
377 | { |
343 | int len = (data [0] << 8) | data [1]; |
378 | len = (data [0] << 8) | data [1]; |
344 | |
379 | |
345 | if (len > MAXSIZE && fill >= 2) |
380 | if (len <= MAXSIZE || fill < 2) |
346 | abort (); // TODO handle this gracefully, connection reset |
381 | break; |
347 | |
382 | |
|
|
383 | // TODO: handle this better than skipping, e.g. by reset |
|
|
384 | slog (L_DEBUG, _("DNS: corrupted packet stream skipping a byte...")); |
|
|
385 | remove (1); |
|
|
386 | } |
|
|
387 | |
348 | if (fill < len + 2) |
388 | if (fill < len + 2) |
349 | return 0; |
389 | return 0; |
350 | |
390 | |
351 | vpn_packet *pkt = new vpn_packet; |
391 | vpn_packet *pkt = new vpn_packet; |
352 | |
392 | |
353 | pkt->len = len; |
393 | pkt->len = len; |
354 | memcpy (&((*pkt)[0]), data + 2, len); |
394 | memcpy (pkt->at (0), data + 2, len); |
355 | remove (len + 2); |
395 | remove (len + 2); |
356 | |
396 | |
357 | return pkt; |
397 | return pkt; |
358 | } |
398 | } |
359 | |
399 | |
… | |
… | |
376 | #define FLAG_RCODE_REFUSED ( 5 << 0) |
416 | #define FLAG_RCODE_REFUSED ( 5 << 0) |
377 | |
417 | |
378 | #define DEFAULT_CLIENT_FLAGS (FLAG_QUERY | FLAG_OP_QUERY | FLAG_RD) |
418 | #define DEFAULT_CLIENT_FLAGS (FLAG_QUERY | FLAG_OP_QUERY | FLAG_RD) |
379 | #define DEFAULT_SERVER_FLAGS (FLAG_RESPONSE | FLAG_OP_QUERY | FLAG_AA | FLAG_RD | FLAG_RA) |
419 | #define DEFAULT_SERVER_FLAGS (FLAG_RESPONSE | FLAG_OP_QUERY | FLAG_AA | FLAG_RD | FLAG_RA) |
380 | |
420 | |
|
|
421 | struct dns_cfg |
|
|
422 | { |
|
|
423 | static int next_uid; |
|
|
424 | |
|
|
425 | u8 id1, id2, id3, id4; |
|
|
426 | |
|
|
427 | u8 version; |
|
|
428 | u8 flags; |
|
|
429 | u8 rrtype; |
|
|
430 | u8 def_ttl; |
|
|
431 | |
|
|
432 | u16 client; |
|
|
433 | u16 uid; // to make request unique |
|
|
434 | |
|
|
435 | u16 max_size; |
|
|
436 | u8 seq_cdc; |
|
|
437 | u8 req_cdc; |
|
|
438 | |
|
|
439 | u8 rep_cdc; |
|
|
440 | u8 delay; // time in 0.01s units that the server may delay replying packets |
|
|
441 | u8 r3, r4; |
|
|
442 | |
|
|
443 | u8 r5, r6, r7, r8; |
|
|
444 | |
|
|
445 | void reset (int clientid); |
|
|
446 | bool valid (); |
|
|
447 | }; |
|
|
448 | |
|
|
449 | int dns_cfg::next_uid; |
|
|
450 | |
|
|
451 | void dns_cfg::reset (int clientid) |
|
|
452 | { |
|
|
453 | id1 = 'G'; |
|
|
454 | id2 = 'V'; |
|
|
455 | id3 = 'P'; |
|
|
456 | id4 = 'E'; |
|
|
457 | |
|
|
458 | version = 1; |
|
|
459 | |
|
|
460 | rrtype = RR_TYPE_TXT; |
|
|
461 | flags = 0; |
|
|
462 | def_ttl = 0; |
|
|
463 | seq_cdc = 26; |
|
|
464 | req_cdc = 62; |
|
|
465 | rep_cdc = 0; |
|
|
466 | max_size = htons (MAX_PKT_SIZE); |
|
|
467 | client = htons (clientid); |
|
|
468 | uid = next_uid++; |
|
|
469 | delay = 0; |
|
|
470 | |
|
|
471 | r3 = r4 = 0; |
|
|
472 | r4 = r5 = r6 = r7 = 0; |
|
|
473 | } |
|
|
474 | |
|
|
475 | bool dns_cfg::valid () |
|
|
476 | { |
|
|
477 | // although the protocol itself allows for some configurability, |
|
|
478 | // only the following encoding/decoding settings are implemented. |
|
|
479 | return id1 == 'G' |
|
|
480 | && id2 == 'V' |
|
|
481 | && id3 == 'P' |
|
|
482 | && id4 == 'E' |
|
|
483 | && seq_cdc == 26 |
|
|
484 | && req_cdc == 62 |
|
|
485 | && rep_cdc == 0 |
|
|
486 | && version == 1; |
|
|
487 | } |
|
|
488 | |
381 | struct dns_packet : net_packet |
489 | struct dns_packet : net_packet |
382 | { |
490 | { |
383 | u16 id; |
491 | u16 id; |
384 | u16 flags; // QR:1 Opcode:4 AA:1 TC:1 RD:1 RA:1 Z:3 RCODE:4 |
492 | u16 flags; // QR:1 Opcode:4 AA:1 TC:1 RD:1 RA:1 Z:3 RCODE:4 |
385 | u16 qdcount, ancount, nscount, arcount; |
493 | u16 qdcount, ancount, nscount, arcount; |
386 | |
494 | |
387 | u8 data[MAXSIZE - 6 * 2]; |
495 | u8 data [MAXSIZE - 6 * 2]; |
388 | |
496 | |
389 | int decode_label (char *data, int size, int &offs); |
497 | int decode_label (char *data, int size, int &offs); |
390 | }; |
498 | }; |
391 | |
499 | |
392 | int dns_packet::decode_label (char *data, int size, int &offs) |
500 | int dns_packet::decode_label (char *data, int size, int &offs) |
… | |
… | |
423 | return data - orig; |
531 | return data - orig; |
424 | } |
532 | } |
425 | |
533 | |
426 | ///////////////////////////////////////////////////////////////////////////// |
534 | ///////////////////////////////////////////////////////////////////////////// |
427 | |
535 | |
428 | struct dns_req |
|
|
429 | { |
|
|
430 | dns_packet *pkt; |
|
|
431 | tstamp next; |
|
|
432 | int retry; |
|
|
433 | struct dns_connection *dns; |
|
|
434 | int seqno; |
|
|
435 | |
|
|
436 | dns_req (dns_connection *dns); |
|
|
437 | void gen_stream_req (int seqno, byte_stream &stream); |
|
|
438 | }; |
|
|
439 | |
|
|
440 | static u16 dns_id = 12098; // TODO: should be per-vpn |
536 | static u16 dns_id = 0; // TODO: should be per-vpn |
441 | |
537 | |
442 | static u16 next_id () |
538 | static u16 next_id () |
443 | { |
539 | { |
|
|
540 | if (!dns_id) |
|
|
541 | dns_id = time (0); |
|
|
542 | |
444 | // the simplest lsfr with periodicity 65535 i could find |
543 | // the simplest lsfr with periodicity 65535 i could find |
445 | dns_id = (dns_id << 1) |
544 | dns_id = (dns_id << 1) |
446 | | (((dns_id >> 1) |
545 | | (((dns_id >> 1) |
447 | ^ (dns_id >> 2) |
546 | ^ (dns_id >> 2) |
448 | ^ (dns_id >> 4) |
547 | ^ (dns_id >> 4) |
449 | ^ (dns_id >> 15)) & 1); |
548 | ^ (dns_id >> 15)) & 1); |
450 | |
549 | |
451 | return dns_id; |
550 | return dns_id; |
452 | } |
551 | } |
453 | |
552 | |
|
|
553 | struct dns_rcv; |
|
|
554 | struct dns_snd; |
|
|
555 | |
|
|
556 | struct dns_connection |
|
|
557 | { |
|
|
558 | connection *c; |
|
|
559 | struct vpn *vpn; |
|
|
560 | |
|
|
561 | dns_cfg cfg; |
|
|
562 | |
|
|
563 | bool established; |
|
|
564 | |
|
|
565 | tstamp last_received; |
|
|
566 | tstamp last_sent; |
|
|
567 | double min_latency; |
|
|
568 | double poll_interval, send_interval; |
|
|
569 | |
|
|
570 | vector<dns_rcv *> rcvpq; |
|
|
571 | |
|
|
572 | byte_stream rcvdq; int rcvseq; int repseq; |
|
|
573 | byte_stream snddq; int sndseq; |
|
|
574 | |
|
|
575 | inline void time_cb (ev::timer &w, int revents); ev::timer tw; |
|
|
576 | void receive_rep (dns_rcv *r); |
|
|
577 | |
|
|
578 | dns_connection (connection *c); |
|
|
579 | ~dns_connection (); |
|
|
580 | }; |
|
|
581 | |
|
|
582 | struct dns_snd |
|
|
583 | { |
|
|
584 | dns_packet *pkt; |
|
|
585 | tstamp timeout, sent; |
|
|
586 | int retry; |
|
|
587 | struct dns_connection *dns; |
|
|
588 | int seqno; |
|
|
589 | bool stdhdr; |
|
|
590 | |
|
|
591 | void gen_stream_req (int seqno, byte_stream &stream); |
|
|
592 | void gen_syn_req (); |
|
|
593 | |
|
|
594 | dns_snd (dns_connection *dns); |
|
|
595 | ~dns_snd (); |
|
|
596 | }; |
|
|
597 | |
454 | dns_req::dns_req (dns_connection *dns) |
598 | dns_snd::dns_snd (dns_connection *dns) |
455 | : dns (dns) |
599 | : dns (dns) |
456 | { |
600 | { |
457 | next = 0; |
601 | timeout = 0; |
458 | retry = 0; |
602 | retry = 0; |
|
|
603 | seqno = 0; |
|
|
604 | sent = ev_now (); |
|
|
605 | stdhdr = false; |
459 | |
606 | |
460 | pkt = new dns_packet; |
607 | pkt = new dns_packet; |
461 | |
608 | |
462 | pkt->id = next_id (); |
609 | pkt->id = next_id (); |
463 | } |
610 | } |
464 | |
611 | |
|
|
612 | dns_snd::~dns_snd () |
|
|
613 | { |
|
|
614 | delete pkt; |
|
|
615 | } |
|
|
616 | |
|
|
617 | static void append_domain (dns_packet &pkt, int &offs, const char *domain) |
|
|
618 | { |
|
|
619 | // add tunnel domain |
|
|
620 | for (;;) |
|
|
621 | { |
|
|
622 | const char *end = strchr (domain, '.'); |
|
|
623 | |
|
|
624 | if (!end) |
|
|
625 | end = domain + strlen (domain); |
|
|
626 | |
|
|
627 | int len = end - domain; |
|
|
628 | |
|
|
629 | pkt [offs++] = len; |
|
|
630 | memcpy (pkt.at (offs), domain, len); |
|
|
631 | offs += len; |
|
|
632 | |
|
|
633 | if (!*end) |
|
|
634 | break; |
|
|
635 | |
|
|
636 | domain = end + 1; |
|
|
637 | } |
|
|
638 | } |
|
|
639 | |
465 | void dns_req::gen_stream_req (int seqno, byte_stream &stream) |
640 | void dns_snd::gen_stream_req (int seqno, byte_stream &stream) |
466 | { |
641 | { |
|
|
642 | stdhdr = true; |
467 | this->seqno = seqno; |
643 | this->seqno = seqno; |
|
|
644 | |
|
|
645 | timeout = ev_now () + INITIAL_TIMEOUT; |
468 | |
646 | |
469 | pkt->flags = htons (DEFAULT_CLIENT_FLAGS); |
647 | pkt->flags = htons (DEFAULT_CLIENT_FLAGS); |
470 | pkt->qdcount = htons (1); |
648 | pkt->qdcount = htons (1); |
471 | |
649 | |
472 | int offs = 6*2; |
650 | int offs = 6*2; |
473 | int dlen = MAX_DOMAIN_SIZE - (strlen (THISNODE->domain) + 2); |
651 | int dlen = MAX_DOMAIN_SIZE - (strlen (dns->c->conf->domain) + 2); |
474 | // MAX_DOMAIN_SIZE is technically 255, but bind doesn't compress responses well, |
652 | // MAX_DOMAIN_SIZE is technically 255, but bind doesn't compress responses well, |
475 | // so we need to have space for 2*MAX_DOMAIN_SIZE + header + extra |
653 | // so we need to have space for 2*MAX_DOMAIN_SIZE + header + extra |
476 | |
654 | |
477 | char enc[256], *encp = enc; |
655 | char enc[256], *encp = enc; |
478 | encode_header (enc, THISNODE->id, seqno); |
656 | encode_header (enc, THISNODE->id, seqno); |
… | |
… | |
496 | encp += lbllen; |
674 | encp += lbllen; |
497 | |
675 | |
498 | enclen -= lbllen; |
676 | enclen -= lbllen; |
499 | } |
677 | } |
500 | |
678 | |
501 | const char *suffix = THISNODE->domain; |
679 | append_domain (*pkt, offs, dns->c->conf->domain); |
502 | |
|
|
503 | // add tunnel domain |
|
|
504 | for (;;) |
|
|
505 | { |
|
|
506 | const char *end = strchr (suffix, '.'); |
|
|
507 | |
|
|
508 | if (!end) |
|
|
509 | end = suffix + strlen (suffix); |
|
|
510 | |
|
|
511 | int len = end - suffix; |
|
|
512 | |
|
|
513 | (*pkt)[offs++] = len; |
|
|
514 | memcpy (&((*pkt)[offs]), suffix, len); |
|
|
515 | offs += len; |
|
|
516 | |
|
|
517 | if (!*end) |
|
|
518 | break; |
|
|
519 | |
|
|
520 | suffix = end + 1; |
|
|
521 | } |
|
|
522 | |
680 | |
523 | (*pkt)[offs++] = 0; |
681 | (*pkt)[offs++] = 0; |
524 | (*pkt)[offs++] = RR_TYPE_ANY >> 8; (*pkt)[offs++] = RR_TYPE_ANY; |
682 | (*pkt)[offs++] = RR_TYPE_ANY >> 8; (*pkt)[offs++] = RR_TYPE_ANY; |
|
|
683 | (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN; |
|
|
684 | |
|
|
685 | pkt->len = offs; |
|
|
686 | } |
|
|
687 | |
|
|
688 | void dns_snd::gen_syn_req () |
|
|
689 | { |
|
|
690 | timeout = ev_now () + INITIAL_SYN_TIMEOUT; |
|
|
691 | |
|
|
692 | pkt->flags = htons (DEFAULT_CLIENT_FLAGS); |
|
|
693 | pkt->qdcount = htons (1); |
|
|
694 | |
|
|
695 | int offs = 6 * 2; |
|
|
696 | |
|
|
697 | int elen = cdc26.encode ((char *)pkt->at (offs + 1), (u8 *)&dns->cfg, sizeof (dns_cfg)); |
|
|
698 | |
|
|
699 | assert (elen <= MAX_LBL_SIZE); |
|
|
700 | |
|
|
701 | (*pkt)[offs] = elen; |
|
|
702 | offs += elen + 1; |
|
|
703 | append_domain (*pkt, offs, dns->c->conf->domain); |
|
|
704 | |
|
|
705 | (*pkt)[offs++] = 0; |
|
|
706 | (*pkt)[offs++] = RR_TYPE_A >> 8; (*pkt)[offs++] = RR_TYPE_A; |
525 | (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN; |
707 | (*pkt)[offs++] = RR_CLASS_IN >> 8; (*pkt)[offs++] = RR_CLASS_IN; |
526 | |
708 | |
527 | pkt->len = offs; |
709 | pkt->len = offs; |
528 | } |
710 | } |
529 | |
711 | |
… | |
… | |
549 | delete pkt; |
731 | delete pkt; |
550 | } |
732 | } |
551 | |
733 | |
552 | ///////////////////////////////////////////////////////////////////////////// |
734 | ///////////////////////////////////////////////////////////////////////////// |
553 | |
735 | |
554 | struct dns_connection |
|
|
555 | { |
|
|
556 | connection *c; |
|
|
557 | struct vpn *vpn; |
|
|
558 | |
|
|
559 | vector<dns_rcv *> rcvpq; |
|
|
560 | |
|
|
561 | int rcvseq; |
|
|
562 | int sndseq; |
|
|
563 | |
|
|
564 | byte_stream rcvdq; |
|
|
565 | byte_stream snddq; |
|
|
566 | |
|
|
567 | void time_cb (time_watcher &w); time_watcher tw; |
|
|
568 | void receive_rep (dns_rcv *r); |
|
|
569 | |
|
|
570 | dns_connection (connection *c); |
|
|
571 | ~dns_connection (); |
|
|
572 | }; |
|
|
573 | |
|
|
574 | dns_connection::dns_connection (connection *c) |
736 | dns_connection::dns_connection (connection *c) |
575 | : c (c) |
737 | : c (c) |
576 | , rcvdq (MAX_BACKLOG * 2) |
738 | , rcvdq (MAX_BACKLOG * 2) |
577 | , snddq (MAX_BACKLOG * 2) |
739 | , snddq (MAX_BACKLOG) |
578 | , tw (this, &dns_connection::time_cb) |
|
|
579 | { |
740 | { |
|
|
741 | tw.set<dns_connection, &dns_connection::time_cb> (this); |
|
|
742 | |
580 | vpn = c->vpn; |
743 | vpn = c->vpn; |
581 | |
744 | |
|
|
745 | established = false; |
|
|
746 | |
582 | rcvseq = sndseq = 0; |
747 | rcvseq = repseq = sndseq = 0; |
|
|
748 | |
|
|
749 | last_sent = last_received = 0; |
|
|
750 | poll_interval = 0.5; // starting here |
|
|
751 | send_interval = 0.5; // starting rate |
|
|
752 | min_latency = INITIAL_TIMEOUT; |
583 | } |
753 | } |
584 | |
754 | |
585 | dns_connection::~dns_connection () |
755 | dns_connection::~dns_connection () |
586 | { |
756 | { |
587 | for (vector<dns_rcv *>::iterator i = rcvpq.begin (); |
757 | for (vector<dns_rcv *>::iterator i = rcvpq.begin (); |
588 | i != rcvpq.end (); |
758 | i != rcvpq.end (); |
589 | ++i) |
759 | ++i) |
590 | delete *i; |
760 | delete *i; |
591 | } |
761 | } |
592 | |
762 | |
593 | struct dns_cfg |
|
|
594 | { |
|
|
595 | u8 id1, id2, id3; |
|
|
596 | u8 def_ttl; |
|
|
597 | u8 unused1; |
|
|
598 | u16 max_size; |
|
|
599 | u8 flags1, flags2; |
|
|
600 | }; |
|
|
601 | |
|
|
602 | void dns_connection::receive_rep (dns_rcv *r) |
763 | void dns_connection::receive_rep (dns_rcv *r) |
603 | { |
764 | { |
|
|
765 | if (r->datalen) |
|
|
766 | { |
|
|
767 | last_received = ev_now (); |
|
|
768 | tw (); |
|
|
769 | |
|
|
770 | poll_interval = send_interval; |
|
|
771 | } |
|
|
772 | else |
|
|
773 | { |
|
|
774 | poll_interval *= 1.5; |
|
|
775 | |
|
|
776 | if (poll_interval > MAX_POLL_INTERVAL) |
|
|
777 | poll_interval = MAX_POLL_INTERVAL; |
|
|
778 | } |
|
|
779 | |
604 | rcvpq.push_back (r); |
780 | rcvpq.push_back (r); |
605 | |
781 | |
606 | redo: |
782 | redo: |
607 | |
783 | |
608 | // find next packet |
784 | // find next packet |
609 | for (vector<dns_rcv *>::iterator i = rcvpq.end (); i-- != rcvpq.begin (); ) |
785 | for (vector<dns_rcv *>::iterator i = rcvpq.end (); i-- != rcvpq.begin (); ) |
610 | if (SEQNO_EQ (rcvseq, (*i)->seqno)) |
786 | if (SEQNO_EQ (rcvseq, (*i)->seqno)) |
611 | { |
787 | { |
|
|
788 | //printf ("seqno eq %x %x\n", rcvseq, (*i)->seqno);//D |
612 | // enter the packet into our input stream |
789 | // enter the packet into our input stream |
613 | r = *i; |
790 | r = *i; |
614 | |
791 | |
615 | // remove the oldest packet, look forward, as it's oldest first |
792 | // remove the oldest packet, look forward, as it's oldest first |
616 | for (vector<dns_rcv *>::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j) |
793 | for (vector<dns_rcv *>::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j) |
617 | if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW)) |
794 | if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW)) |
618 | { |
795 | { |
|
|
796 | //printf ("seqno RR %x %x\n", (*j)->seqno, rcvseq - MAX_WINDOW);//D |
619 | delete *j; |
797 | delete *j; |
620 | rcvpq.erase (j); |
798 | rcvpq.erase (j); |
621 | break; |
799 | break; |
622 | } |
800 | } |
623 | |
801 | |
624 | rcvseq = (rcvseq + 1) & SEQNO_MASK; |
802 | rcvseq = (rcvseq + 1) & SEQNO_MASK; |
625 | |
803 | |
626 | if (!rcvdq.put (r->data, r->datalen)) |
804 | if (!rcvdq.put (r->data, r->datalen)) |
|
|
805 | { |
|
|
806 | slog (L_ERR, "DNS: !rcvdq.put (r->data, r->datalen)"); |
627 | abort (); // MUST never overflow, can be caused by data corruption, TODO |
807 | abort (); // MUST never overflow, can be caused by data corruption, TODO |
|
|
808 | } |
628 | |
809 | |
629 | while (vpn_packet *pkt = rcvdq.get ()) |
810 | while (vpn_packet *pkt = rcvdq.get ()) |
630 | { |
811 | { |
631 | sockinfo si; |
812 | sockinfo si; |
632 | si.host = 0; si.port = 0; si.prot = PROT_DNSv4; |
813 | si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4; |
633 | |
814 | |
634 | vpn->recv_vpn_packet (pkt, si); |
815 | vpn->recv_vpn_packet (pkt, si); |
|
|
816 | |
|
|
817 | delete pkt; |
635 | } |
818 | } |
636 | |
819 | |
637 | // check for further packets |
820 | // check for further packets |
638 | goto redo; |
821 | goto redo; |
639 | } |
822 | } |
640 | } |
823 | } |
641 | |
824 | |
642 | dns_packet * |
825 | void |
643 | vpn::dnsv4_server (dns_packet *pkt) |
826 | vpn::dnsv4_server (dns_packet &pkt) |
644 | { |
827 | { |
645 | u16 flags = ntohs (pkt->flags); |
828 | u16 flags = ntohs (pkt.flags); |
646 | |
829 | |
647 | //memcpy (&((*rep)[0]), &((*pkt)[0]), pkt->len); |
|
|
648 | int offs = 6 * 2; // skip header |
830 | int offs = 6 * 2; // skip header |
649 | |
831 | |
650 | pkt->flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR); |
832 | pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR); |
651 | |
833 | |
652 | if (0 == (flags & (FLAG_RESPONSE | FLAG_OP_MASK | FLAG_TC)) |
834 | if (0 == (flags & (FLAG_RESPONSE | FLAG_OP_MASK)) |
653 | && pkt->qdcount == htons (1)) |
835 | && pkt.qdcount == htons (1)) |
654 | { |
836 | { |
655 | char qname[MAXSIZE]; |
837 | char qname [MAXSIZE]; |
656 | int qlen = pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
838 | int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs); |
657 | |
839 | |
658 | u16 qtype = (*pkt) [offs++] << 8; qtype |= (*pkt) [offs++]; |
840 | u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++]; |
659 | u16 qclass = (*pkt) [offs++] << 8; qclass |= (*pkt) [offs++]; |
841 | u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++]; |
660 | |
842 | |
661 | pkt->qdcount = htons (1); |
843 | pkt.qdcount = htons (1); |
662 | pkt->ancount = 0; |
844 | pkt.ancount = 0; |
663 | pkt->nscount = 0; // should be self, as other nameservers reply like this |
845 | pkt.nscount = 0; // should be self, as other nameservers reply like this |
664 | pkt->arcount = 0; // a record for self, as other nameservers reply like this |
846 | pkt.arcount = 0; // a record for self, as other nameservers reply like this |
665 | |
847 | |
666 | pkt->flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_NXDOMAIN); |
848 | pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_SERVFAIL); |
667 | |
849 | |
668 | int dlen = strlen (THISNODE->domain); |
850 | int dlen = strlen (THISNODE->domain); |
669 | |
851 | |
670 | if (qclass == RR_CLASS_IN |
852 | if (qclass == RR_CLASS_IN |
671 | && (qtype == RR_TYPE_ANY || qtype == RR_TYPE_TXT) |
|
|
672 | && qlen > dlen + 1 + HDRSIZE |
853 | && qlen > dlen + 1 |
673 | && !memcmp (qname + qlen - dlen - 1, THISNODE->domain, dlen)) |
854 | && !memcmp (qname + qlen - (dlen + 1), THISNODE->domain, dlen)) |
674 | { |
855 | { |
675 | // correct class, domain: parse |
856 | // now generate reply |
676 | int client, seqno; |
857 | pkt.ancount = htons (1); // one answer RR |
677 | decode_header (qname, client, seqno); |
858 | pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_OK); |
678 | |
859 | |
679 | u8 data[MAXSIZE]; |
860 | if ((qtype == RR_TYPE_ANY |
680 | int datalen = cdc62.decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE)); |
861 | || qtype == RR_TYPE_TXT |
681 | |
862 | || qtype == RR_TYPE_NULL) |
682 | if (0 < client && client <= conns.size ()) |
863 | && qlen > dlen + 1 + HDRSIZE) |
683 | { |
864 | { |
|
|
865 | // correct class, domain: parse |
|
|
866 | int client, seqno; |
|
|
867 | decode_header (qname, client, seqno); |
|
|
868 | |
|
|
869 | u8 data[MAXSIZE]; |
|
|
870 | int datalen = cdc62.decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE)); |
|
|
871 | |
|
|
872 | if (0 < client && client <= conns.size ()) |
|
|
873 | { |
684 | connection *c = conns [client - 1]; |
874 | connection *c = conns [client - 1]; |
685 | |
|
|
686 | if (!c->dns) |
|
|
687 | c->dns = new dns_connection (c); |
|
|
688 | |
|
|
689 | dns_connection *dns = c->dns; |
875 | dns_connection *dns = c->dns; |
|
|
876 | dns_rcv *rcv; |
690 | |
877 | |
|
|
878 | if (dns) |
|
|
879 | { |
691 | for (vector<dns_rcv *>::iterator i = dns->rcvpq.end (); i-- != dns->rcvpq.begin (); ) |
880 | for (vector<dns_rcv *>::iterator i = dns->rcvpq.end (); i-- != dns->rcvpq.begin (); ) |
692 | if (SEQNO_EQ ((*i)->seqno, seqno)) |
881 | if (SEQNO_EQ ((*i)->seqno, seqno)) |
|
|
882 | { |
|
|
883 | // already seen that request: simply reply with the cached reply |
|
|
884 | dns_rcv *r = *i; |
|
|
885 | |
|
|
886 | slog (L_DEBUG, "DNS: duplicate packet received ID %d, SEQ %d", htons (r->pkt->id), seqno); |
|
|
887 | |
|
|
888 | // refresh header & id, as the retry count could have changed |
|
|
889 | memcpy (r->pkt->at (6 * 2 + 1), pkt.at (6 * 2 + 1), HDRSIZE); |
|
|
890 | r->pkt->id = pkt.id; |
|
|
891 | |
|
|
892 | memcpy (pkt.at (0), r->pkt->at (0), offs = r->pkt->len); |
|
|
893 | |
|
|
894 | goto duplicate_request; |
|
|
895 | } |
|
|
896 | |
|
|
897 | // new packet, queue |
|
|
898 | rcv = new dns_rcv (seqno, data, datalen); |
|
|
899 | dns->receive_rep (rcv); |
|
|
900 | } |
|
|
901 | |
693 | { |
902 | { |
694 | // already seen that request: simply reply with the cached reply |
903 | pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section |
695 | dns_rcv *r = *i; |
|
|
696 | |
904 | |
697 | printf ("DUPLICATE %d\n", htons (r->pkt->id));//D |
905 | int rtype = dns ? dns->cfg.rrtype : RR_TYPE_A; |
|
|
906 | pkt [offs++] = rtype >> 8; pkt [offs++] = rtype; // type |
|
|
907 | pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class |
|
|
908 | pkt [offs++] = 0; pkt [offs++] = 0; |
|
|
909 | pkt [offs++] = 0; pkt [offs++] = dns ? dns->cfg.def_ttl : 0; // TTL |
698 | |
910 | |
699 | memcpy (pkt->at (0), r->pkt->at (0), offs = r->pkt->len); |
911 | int rdlen_offs = offs += 2; |
700 | pkt->id = r->pkt->id; |
912 | |
701 | goto duplicate_request; |
913 | if (dns) |
|
|
914 | { |
|
|
915 | int dlen = ntohs (dns->cfg.max_size) - offs; |
|
|
916 | |
|
|
917 | // bind doesn't compress well, so reduce further by one label length |
|
|
918 | dlen -= qlen; |
|
|
919 | |
|
|
920 | // only put data into in-order sequence packets, if |
|
|
921 | // we receive out-of-order packets we generate empty |
|
|
922 | // replies |
|
|
923 | //printf ("%d - %d & %x (=%d) < %d\n", seqno, dns->repseq, SEQNO_MASK, (seqno - dns->repseq) & SEQNO_MASK, MAX_WINDOW);//D |
|
|
924 | if (((seqno - dns->repseq) & SEQNO_MASK) <= MAX_WINDOW) |
|
|
925 | { |
|
|
926 | dns->repseq = seqno; |
|
|
927 | |
|
|
928 | while (dlen > 1 && !dns->snddq.empty ()) |
|
|
929 | { |
|
|
930 | int txtlen = dlen <= 255 ? dlen - 1 : 255; |
|
|
931 | |
|
|
932 | if (txtlen > dns->snddq.size ()) |
|
|
933 | txtlen = dns->snddq.size (); |
|
|
934 | |
|
|
935 | pkt[offs++] = txtlen; |
|
|
936 | memcpy (pkt.at (offs), dns->snddq.begin (), txtlen); |
|
|
937 | offs += txtlen; |
|
|
938 | dns->snddq.remove (txtlen); |
|
|
939 | |
|
|
940 | dlen -= txtlen + 1; |
|
|
941 | } |
|
|
942 | } |
|
|
943 | |
|
|
944 | // avoid completely empty TXT rdata |
|
|
945 | if (offs == rdlen_offs) |
|
|
946 | pkt[offs++] = 0; |
|
|
947 | |
|
|
948 | slog (L_NOISE, "DNS: snddq %d", dns->snddq.size ()); |
|
|
949 | } |
|
|
950 | else |
|
|
951 | { |
|
|
952 | // send RST |
|
|
953 | pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3; |
|
|
954 | pkt [offs++] = CMD_IP_RST; |
|
|
955 | } |
|
|
956 | |
|
|
957 | int rdlen = offs - rdlen_offs; |
|
|
958 | |
|
|
959 | pkt [rdlen_offs - 2] = rdlen >> 8; |
|
|
960 | pkt [rdlen_offs - 1] = rdlen; |
|
|
961 | |
|
|
962 | if (dns) |
|
|
963 | { |
|
|
964 | // now update dns_rcv copy |
|
|
965 | rcv->pkt->len = offs; |
|
|
966 | memcpy (rcv->pkt->at (0), pkt.at (0), offs); |
|
|
967 | } |
702 | } |
968 | } |
703 | |
969 | |
704 | // new packet, queue |
970 | duplicate_request: ; |
705 | dns_rcv *rcv = new dns_rcv (seqno, data, datalen); |
971 | } |
706 | dns->receive_rep (rcv); |
972 | else |
707 | |
|
|
708 | // now generate reply |
|
|
709 | pkt->ancount = htons (1); // one answer RR |
|
|
710 | pkt->flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_OK); |
973 | pkt.flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR); |
|
|
974 | } |
|
|
975 | else if (qtype == RR_TYPE_A |
|
|
976 | && qlen > dlen + 1 + cdc26.encode_len (sizeof (dns_cfg))) |
|
|
977 | { |
|
|
978 | dns_cfg cfg; |
|
|
979 | cdc26.decode ((u8 *)&cfg, qname, cdc26.encode_len (sizeof (dns_cfg))); |
|
|
980 | int client = ntohs (cfg.client); |
711 | |
981 | |
712 | (*pkt) [offs++] = 0xc0; |
|
|
713 | (*pkt) [offs++] = 6 * 2; // same as in query section |
982 | pkt [offs++] = 0xc0; pkt [offs++] = 6 * 2; // refer to name in query section |
714 | |
983 | |
715 | (*pkt) [offs++] = RR_TYPE_TXT >> 8; (*pkt) [offs++] = RR_TYPE_TXT; |
984 | pkt [offs++] = RR_TYPE_A >> 8; pkt [offs++] = RR_TYPE_A; // type |
716 | (*pkt) [offs++] = RR_CLASS_IN >> 8; (*pkt) [offs++] = RR_CLASS_IN; |
985 | pkt [offs++] = RR_CLASS_IN >> 8; pkt [offs++] = RR_CLASS_IN; // class |
717 | |
|
|
718 | (*pkt) [offs++] = 0; (*pkt) [offs++] = 0; |
986 | pkt [offs++] = 0; pkt [offs++] = 0; |
719 | (*pkt) [offs++] = 0; (*pkt) [offs++] = 0; // TTL |
987 | pkt [offs++] = 0; pkt [offs++] = cfg.def_ttl; // TTL |
|
|
988 | pkt [offs++] = 0; pkt [offs++] = 4; // rdlength |
720 | |
989 | |
721 | int dlen = MAX_PKT_SIZE - offs - 2; |
990 | slog (L_INFO, _("DNS: client %d connects"), client); |
722 | |
991 | |
723 | // bind doesn't compress well, so reduce further by one label length |
992 | pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3; |
724 | dlen -= qlen; |
993 | pkt [offs++] = CMD_IP_REJ; |
725 | |
994 | |
726 | int rdlen_offs = offs += 2; |
995 | if (0 < client && client <= conns.size ()) |
727 | |
|
|
728 | while (dlen > 1 && !dns->snddq.empty ()) |
|
|
729 | { |
996 | { |
730 | int txtlen = dlen <= 255 ? dlen - 1 : 255; |
997 | connection *c = conns [client - 1]; |
731 | |
998 | |
732 | if (txtlen > dns->snddq.size ()) |
999 | if (cfg.valid ()) |
733 | txtlen = dns->snddq.size (); |
1000 | { |
|
|
1001 | pkt [offs - 1] = CMD_IP_SYN; |
734 | |
1002 | |
735 | (*pkt)[offs++] = txtlen; |
1003 | delete c->dns; |
736 | memcpy (pkt->at (offs), dns->snddq.begin (), txtlen); |
1004 | c->dns = new dns_connection (c); |
737 | offs += txtlen; |
1005 | c->dns->cfg = cfg; |
738 | dns->snddq.remove (txtlen); |
1006 | } |
739 | |
|
|
740 | dlen -= txtlen + 1; |
|
|
741 | } |
1007 | } |
742 | |
|
|
743 | // avoid empty TXT rdata |
|
|
744 | if (offs == rdlen_offs) |
|
|
745 | (*pkt)[offs++] = 0; |
|
|
746 | |
|
|
747 | int rdlen = offs - rdlen_offs; |
|
|
748 | |
|
|
749 | (*pkt) [rdlen_offs - 2] = rdlen >> 8; |
|
|
750 | (*pkt) [rdlen_offs - 1] = rdlen; |
|
|
751 | |
|
|
752 | // now update dns_rcv copy |
|
|
753 | rcv->pkt->len = offs; |
|
|
754 | memcpy (rcv->pkt->at (0), pkt->at (0), offs); |
|
|
755 | |
|
|
756 | duplicate_request: ; |
|
|
757 | } |
1008 | } |
758 | else |
|
|
759 | pkt->flags = htons (DEFAULT_SERVER_FLAGS | FLAG_RCODE_FORMERR); |
|
|
760 | } |
1009 | } |
761 | |
1010 | |
762 | pkt->len = offs; |
1011 | pkt.len = offs; |
763 | } |
1012 | } |
764 | |
|
|
765 | return pkt; |
|
|
766 | } |
1013 | } |
767 | |
1014 | |
768 | void |
1015 | void |
769 | vpn::dnsv4_client (dns_packet *pkt) |
1016 | vpn::dnsv4_client (dns_packet &pkt) |
770 | { |
1017 | { |
771 | u16 flags = ntohs (pkt->flags); |
1018 | u16 flags = ntohs (pkt.flags); |
772 | int offs = 6 * 2; // skip header |
1019 | int offs = 6 * 2; // skip header |
773 | |
1020 | |
774 | pkt->qdcount = ntohs (pkt->qdcount); |
1021 | pkt.qdcount = ntohs (pkt.qdcount); |
775 | pkt->ancount = ntohs (pkt->ancount); |
1022 | pkt.ancount = ntohs (pkt.ancount); |
776 | |
1023 | |
777 | // go through our request list and find the corresponding request |
1024 | // go through our request list and find the corresponding request |
778 | for (vector<dns_req *>::iterator i = dns_sndpq.begin (); |
1025 | for (vector<dns_snd *>::iterator i = dns_sndpq.begin (); |
779 | i != dns_sndpq.end (); |
1026 | i != dns_sndpq.end (); |
780 | ++i) |
1027 | ++i) |
781 | if ((*i)->pkt->id == pkt->id) |
1028 | if ((*i)->pkt->id == pkt.id) |
782 | { |
1029 | { |
783 | dns_connection *dns = (*i)->dns; |
1030 | dns_connection *dns = (*i)->dns; |
|
|
1031 | connection *c = dns->c; |
784 | int seqno = (*i)->seqno; |
1032 | int seqno = (*i)->seqno; |
785 | u8 data[MAXSIZE], *datap = data; |
1033 | u8 data[MAXSIZE], *datap = data; |
|
|
1034 | //printf ("rcv pkt %x\n", seqno);//D |
|
|
1035 | |
|
|
1036 | if ((*i)->retry) |
|
|
1037 | { |
|
|
1038 | dns->send_interval *= 1.01; |
|
|
1039 | if (dns->send_interval > MAX_SEND_INTERVAL) |
|
|
1040 | dns->send_interval = MAX_SEND_INTERVAL; |
|
|
1041 | } |
|
|
1042 | else |
|
|
1043 | { |
|
|
1044 | #if 0 |
|
|
1045 | dns->send_interval *= 0.999; |
|
|
1046 | #endif |
|
|
1047 | // the latency surely puts an upper bound on |
|
|
1048 | // the minimum send interval |
|
|
1049 | double latency = ev_now () - (*i)->sent; |
|
|
1050 | |
|
|
1051 | if (latency < dns->min_latency) |
|
|
1052 | dns->min_latency = latency; |
|
|
1053 | |
|
|
1054 | if (dns->send_interval > dns->min_latency * conf.dns_overlap_factor) |
|
|
1055 | dns->send_interval = dns->min_latency * conf.dns_overlap_factor; |
|
|
1056 | |
|
|
1057 | if (dns->send_interval < conf.dns_send_interval) |
|
|
1058 | dns->send_interval = conf.dns_send_interval; |
|
|
1059 | } |
786 | |
1060 | |
787 | delete *i; |
1061 | delete *i; |
788 | dns_sndpq.erase (i); |
1062 | dns_sndpq.erase (i); |
789 | |
1063 | |
790 | if (flags & FLAG_RESPONSE && !(flags & (FLAG_OP_MASK | FLAG_TC))) |
1064 | if (flags & FLAG_RESPONSE && !(flags & FLAG_OP_MASK)) |
791 | { |
1065 | { |
792 | char qname[MAXSIZE]; |
1066 | char qname[MAXSIZE]; |
793 | |
1067 | |
794 | while (pkt->qdcount-- && offs < MAXSIZE - 4) |
1068 | while (pkt.qdcount-- && offs < MAXSIZE - 4) |
795 | { |
1069 | { |
796 | int qlen = pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
1070 | int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs); |
797 | offs += 4; // skip qtype, qclass |
1071 | offs += 4; // skip qtype, qclass |
798 | } |
1072 | } |
799 | |
1073 | |
800 | while (pkt->ancount-- && offs < MAXSIZE - 10 && datap) |
1074 | while (pkt.ancount-- && offs < MAXSIZE - 10 && datap) |
801 | { |
1075 | { |
802 | int qlen = pkt->decode_label ((char *)qname, MAXSIZE - offs, offs); |
1076 | int qlen = pkt.decode_label ((char *)qname, MAXSIZE - offs, offs); |
803 | |
1077 | |
804 | u16 qtype = (*pkt) [offs++] << 8; qtype |= (*pkt) [offs++]; |
1078 | u16 qtype = pkt [offs++] << 8; qtype |= pkt [offs++]; |
805 | u16 qclass = (*pkt) [offs++] << 8; qclass |= (*pkt) [offs++]; |
1079 | u16 qclass = pkt [offs++] << 8; qclass |= pkt [offs++]; |
806 | u32 ttl = (*pkt) [offs++] << 24; |
1080 | u32 ttl = pkt [offs++] << 24; |
807 | ttl |= (*pkt) [offs++] << 16; |
1081 | ttl |= pkt [offs++] << 16; |
808 | ttl |= (*pkt) [offs++] << 8; |
1082 | ttl |= pkt [offs++] << 8; |
809 | ttl |= (*pkt) [offs++]; |
1083 | ttl |= pkt [offs++]; |
810 | |
|
|
811 | u16 rdlen = (*pkt) [offs++] << 8; rdlen |= (*pkt) [offs++]; |
1084 | u16 rdlen = pkt [offs++] << 8; rdlen |= pkt [offs++]; |
812 | |
1085 | |
813 | if (rdlen <= MAXSIZE - offs) |
1086 | if (qtype == RR_TYPE_NULL || qtype == RR_TYPE_TXT) |
814 | { |
1087 | { |
815 | // decode bytes, finally |
1088 | if (rdlen <= MAXSIZE - offs) |
816 | |
|
|
817 | while (rdlen) |
|
|
818 | { |
1089 | { |
|
|
1090 | // decode bytes, finally |
|
|
1091 | |
|
|
1092 | while (rdlen) |
|
|
1093 | { |
819 | int txtlen = (*pkt) [offs++]; |
1094 | int txtlen = pkt [offs++]; |
820 | |
1095 | |
821 | assert (txtlen + offs < MAXSIZE - 1); |
1096 | assert (txtlen + offs < MAXSIZE - 1); |
822 | |
1097 | |
823 | memcpy (datap, pkt->at (offs), txtlen); |
1098 | memcpy (datap, pkt.at (offs), txtlen); |
824 | datap += txtlen; offs += txtlen; |
1099 | datap += txtlen; offs += txtlen; |
825 | |
1100 | |
826 | rdlen -= txtlen + 1; |
1101 | rdlen -= txtlen + 1; |
|
|
1102 | } |
827 | } |
1103 | } |
828 | } |
1104 | } |
|
|
1105 | else if (qtype == RR_TYPE_A) |
|
|
1106 | { |
|
|
1107 | u8 ip [4]; |
|
|
1108 | |
|
|
1109 | ip [0] = pkt [offs++]; |
|
|
1110 | ip [1] = pkt [offs++]; |
|
|
1111 | ip [2] = pkt [offs++]; |
|
|
1112 | ip [3] = pkt [offs++]; |
|
|
1113 | |
|
|
1114 | if (ip [0] == CMD_IP_1 |
|
|
1115 | && ip [1] == CMD_IP_2 |
|
|
1116 | && ip [2] == CMD_IP_3) |
|
|
1117 | { |
|
|
1118 | slog (L_TRACE, _("DNS: got tunnel meta command %02x"), ip [3]); |
|
|
1119 | |
|
|
1120 | if (ip [3] == CMD_IP_RST) |
|
|
1121 | { |
|
|
1122 | slog (L_DEBUG, _("DNS: got tunnel RST request")); |
|
|
1123 | |
|
|
1124 | delete dns; c->dns = 0; |
|
|
1125 | |
|
|
1126 | return; |
|
|
1127 | } |
|
|
1128 | else if (ip [3] == CMD_IP_SYN) |
|
|
1129 | { |
|
|
1130 | slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us.")); |
|
|
1131 | dns->established = true; |
|
|
1132 | } |
|
|
1133 | else if (ip [3] == CMD_IP_REJ) |
|
|
1134 | { |
|
|
1135 | slog (L_DEBUG, _("DNS: got tunnel REJ reply, server does not like us, aborting.")); |
|
|
1136 | abort (); |
|
|
1137 | } |
|
|
1138 | else |
|
|
1139 | slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]); |
|
|
1140 | } |
|
|
1141 | else |
|
|
1142 | slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"), |
|
|
1143 | ip [0], ip [1], ip [2], ip [3]); |
|
|
1144 | |
|
|
1145 | return; |
|
|
1146 | } |
829 | |
1147 | |
830 | int client, rseqno; |
1148 | int client, rseqno; |
831 | decode_header (qname, client, rseqno); |
1149 | decode_header (qname, client, rseqno); |
832 | |
1150 | |
833 | if (client != THISNODE->id) |
1151 | if (client != THISNODE->id) |
834 | { |
1152 | { |
835 | slog (L_INFO, _("got dns tunnel response with wrong clientid, ignoring")); |
1153 | slog (L_INFO, _("DNS: got dns tunnel response with wrong clientid, ignoring")); |
836 | datap = 0; |
1154 | datap = 0; |
837 | } |
1155 | } |
838 | else if (rseqno != seqno) |
1156 | else if (rseqno != seqno) |
839 | { |
1157 | { |
840 | slog (L_DEBUG, _("got dns tunnel response with wrong seqno, badly caching nameserver?")); |
1158 | slog (L_DEBUG, _("DNS: got dns tunnel response with wrong seqno, badly caching nameserver?")); |
841 | datap = 0; |
1159 | datap = 0; |
842 | } |
1160 | } |
843 | } |
1161 | } |
844 | } |
1162 | } |
845 | |
1163 | |
… | |
… | |
847 | if (datap) |
1165 | if (datap) |
848 | dns->receive_rep (new dns_rcv (seqno, data, datap - data)); |
1166 | dns->receive_rep (new dns_rcv (seqno, data, datap - data)); |
849 | |
1167 | |
850 | break; |
1168 | break; |
851 | } |
1169 | } |
852 | |
|
|
853 | delete pkt; |
|
|
854 | } |
1170 | } |
855 | |
1171 | |
856 | void |
1172 | void |
857 | vpn::dnsv4_ev (io_watcher &w, short revents) |
1173 | vpn::dnsv4_ev (ev::io &w, int revents) |
858 | { |
1174 | { |
859 | if (revents & EVENT_READ) |
1175 | if (revents & EV_READ) |
860 | { |
1176 | { |
861 | dns_packet *pkt = new dns_packet; |
1177 | dns_packet *pkt = new dns_packet; |
862 | struct sockaddr_in sa; |
1178 | struct sockaddr_in sa; |
863 | socklen_t sa_len = sizeof (sa); |
1179 | socklen_t sa_len = sizeof (sa); |
864 | |
1180 | |
865 | pkt->len = recvfrom (w.fd, &((*pkt)[0]), MAXSIZE, 0, (sockaddr *)&sa, &sa_len); |
1181 | pkt->len = recvfrom (w.fd, pkt->at (0), MAXSIZE, 0, (sockaddr *)&sa, &sa_len); |
866 | |
1182 | |
867 | if (pkt->len > 0) |
1183 | if (pkt->len > 0) |
868 | { |
1184 | { |
869 | if (pkt->flags & htons (FLAG_TC)) |
1185 | if (ntohs (pkt->flags) & FLAG_RESPONSE) |
|
|
1186 | dnsv4_client (*pkt); |
|
|
1187 | else |
870 | { |
1188 | { |
871 | slog (L_WARN, _("DNS request/response truncated, check protocol settings.")); |
1189 | dnsv4_server (*pkt); |
872 | //TODO connection reset |
1190 | sendto (w.fd, pkt->at (0), pkt->len, 0, (sockaddr *)&sa, sa_len); |
873 | } |
1191 | } |
874 | |
1192 | |
875 | if (THISNODE->dns_port) |
1193 | delete pkt; |
876 | { |
|
|
877 | pkt = dnsv4_server (pkt); |
|
|
878 | sendto (w.fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)&sa, sa_len); |
|
|
879 | } |
|
|
880 | else |
|
|
881 | dnsv4_client (pkt); |
|
|
882 | } |
1194 | } |
883 | } |
1195 | } |
884 | } |
1196 | } |
885 | |
1197 | |
886 | bool |
1198 | bool |
887 | connection::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
1199 | vpn::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
888 | { |
1200 | { |
|
|
1201 | int client = ntohl (si.host); |
|
|
1202 | |
|
|
1203 | assert (0 < client && client <= conns.size ()); |
|
|
1204 | |
|
|
1205 | connection *c = conns [client - 1]; |
|
|
1206 | |
889 | if (!dns) |
1207 | if (!c->dns) |
890 | dns = new dns_connection (this); |
1208 | c->dns = new dns_connection (c); |
891 | |
1209 | |
892 | if (!dns->snddq.put (pkt)) |
1210 | if (c->dns->snddq.put (pkt)) |
893 | return false; |
1211 | c->dns->tw (); |
894 | |
1212 | |
895 | // start timer if neccessary |
1213 | // always return true even if the buffer overflows |
896 | if (!THISNODE->dns_port && !dns->tw.active) |
|
|
897 | dns->tw.trigger (); |
|
|
898 | |
|
|
899 | return true; |
1214 | return true; |
900 | } |
1215 | } |
901 | |
1216 | |
902 | void |
1217 | void |
903 | dns_connection::time_cb (time_watcher &w) |
1218 | connection::dnsv4_reset_connection () |
904 | { |
1219 | { |
|
|
1220 | //delete dns; dns = 0; //TODO |
|
|
1221 | } |
|
|
1222 | |
|
|
1223 | #define NEXT(w) do { if (next > (w)) next = w; } while (0) |
|
|
1224 | |
|
|
1225 | void |
|
|
1226 | dns_connection::time_cb (ev::timer &w, int revents) |
|
|
1227 | { |
|
|
1228 | // servers have to be polled |
|
|
1229 | if (THISNODE->dns_port) |
|
|
1230 | return; |
|
|
1231 | |
905 | // check for timeouts and (re)transmit |
1232 | // check for timeouts and (re)transmit |
906 | tstamp next = NOW + 60; |
1233 | tstamp next = ev::now () + poll_interval; |
907 | dns_req *send = 0; |
1234 | dns_snd *send = 0; |
908 | |
1235 | |
909 | for (vector<dns_req *>::iterator i = vpn->dns_sndpq.begin (); |
1236 | for (vector<dns_snd *>::iterator i = vpn->dns_sndpq.begin (); |
910 | i != vpn->dns_sndpq.end (); |
1237 | i != vpn->dns_sndpq.end (); |
911 | ++i) |
1238 | ++i) |
912 | { |
1239 | { |
913 | dns_req *r = *i; |
1240 | dns_snd *r = *i; |
914 | |
1241 | |
915 | if (r->next <= NOW) |
1242 | if (r->timeout <= ev_now ()) |
916 | { |
1243 | { |
917 | if (!send) |
1244 | if (!send) |
918 | { |
1245 | { |
919 | send = r; |
1246 | send = r; |
920 | |
1247 | |
921 | if (r->retry)//D |
|
|
922 | printf ("req %d:%d, retry %d\n", r->seqno, r->pkt->id, r->retry); |
|
|
923 | r->retry++; |
1248 | r->retry++; |
924 | r->next = NOW + r->retry; |
1249 | r->timeout = ev_now () + (r->retry * min_latency * conf.dns_timeout_factor); |
|
|
1250 | //printf ("RETRY %x (%d, %f)\n", r->seqno, r->retry, r->timeout - ev_now ());//D |
|
|
1251 | |
|
|
1252 | // the following code changes the query section a bit, forcing |
|
|
1253 | // the forwarder to generate a new request |
|
|
1254 | if (r->stdhdr) |
|
|
1255 | encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry); |
925 | } |
1256 | } |
926 | } |
1257 | } |
927 | |
1258 | else |
928 | if (r->next < next) |
1259 | NEXT (r->timeout); |
929 | next = r->next; |
|
|
930 | } |
1260 | } |
931 | |
1261 | |
932 | if (!send |
1262 | if (!send) |
933 | && vpn->dns_sndpq.size () < MAX_OUTSTANDING) |
|
|
934 | { |
1263 | { |
|
|
1264 | // generate a new packet, if wise |
|
|
1265 | |
|
|
1266 | if (!established) |
|
|
1267 | { |
|
|
1268 | if (vpn->dns_sndpq.empty ()) |
|
|
1269 | { |
935 | send = new dns_req (this); |
1270 | send = new dns_snd (this); |
|
|
1271 | |
|
|
1272 | cfg.reset (THISNODE->id); |
|
|
1273 | send->gen_syn_req (); |
|
|
1274 | } |
|
|
1275 | } |
|
|
1276 | else if (vpn->dns_sndpq.size () < conf.dns_max_outstanding |
|
|
1277 | && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1))) |
|
|
1278 | { |
|
|
1279 | if (last_sent + send_interval <= ev_now ()) |
|
|
1280 | { |
|
|
1281 | //printf ("sending data request etc.\n"); //D |
|
|
1282 | if (!snddq.empty () || last_received + 1. > ev_now ()) |
|
|
1283 | { |
|
|
1284 | poll_interval = send_interval; |
|
|
1285 | NEXT (ev_now () + send_interval); |
|
|
1286 | } |
|
|
1287 | |
|
|
1288 | send = new dns_snd (this); |
936 | send->gen_stream_req (sndseq, snddq); |
1289 | send->gen_stream_req (sndseq, snddq); |
|
|
1290 | send->timeout = ev_now () + min_latency * conf.dns_timeout_factor; |
|
|
1291 | //printf ("SEND %x (%f)\n", send->seqno, send->timeout - ev_now (), min_latency, conf.dns_timeout_factor);//D |
|
|
1292 | |
|
|
1293 | sndseq = (sndseq + 1) & SEQNO_MASK; |
|
|
1294 | } |
|
|
1295 | else |
|
|
1296 | NEXT (last_sent + send_interval); |
|
|
1297 | } |
|
|
1298 | |
|
|
1299 | if (send) |
937 | vpn->dns_sndpq.push_back (send); |
1300 | vpn->dns_sndpq.push_back (send); |
938 | |
|
|
939 | sndseq = (sndseq + 1) & SEQNO_MASK; |
|
|
940 | } |
1301 | } |
941 | |
|
|
942 | tstamp min_next = NOW + (1. / (tstamp)MAX_RATE); |
|
|
943 | |
1302 | |
944 | if (send) |
1303 | if (send) |
945 | { |
1304 | { |
946 | dns_packet *pkt = send->pkt; |
1305 | last_sent = ev_now (); |
947 | |
1306 | sendto (vpn->dnsv4_fd, |
948 | next = min_next; |
1307 | send->pkt->at (0), send->pkt->len, 0, |
949 | |
|
|
950 | sendto (vpn->dnsv4_fd, &((*pkt)[0]), pkt->len, 0, |
|
|
951 | vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ()); |
1308 | vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ()); |
952 | } |
1309 | } |
953 | else if (next < min_next) |
|
|
954 | next = min_next; |
|
|
955 | |
1310 | |
956 | w.start (next); |
1311 | slog (L_NOISE, "DNS: pi %f si %f N %f (%d:%d %d)", |
|
|
1312 | poll_interval, send_interval, next - ev_now (), |
|
|
1313 | vpn->dns_sndpq.size (), snddq.size (), |
|
|
1314 | rcvpq.size ()); |
|
|
1315 | |
|
|
1316 | // TODO: no idea when this happens, but when next < ev_now (), we have a problem |
|
|
1317 | // doesn't seem to happen anymore |
|
|
1318 | if (next < ev_now () + 0.001) |
|
|
1319 | next = ev_now () + 0.1; |
|
|
1320 | |
|
|
1321 | w.start (next - ev_now ()); |
957 | } |
1322 | } |
958 | |
1323 | |
959 | #endif |
1324 | #endif |
960 | |
1325 | |