--- gvpe/src/vpn_dns.C 2005/03/07 22:24:24 1.25 +++ gvpe/src/vpn_dns.C 2011/10/18 11:07:28 1.54 @@ -1,24 +1,38 @@ /* vpn_dns.C -- handle the dns tunnel part of the protocol. - Copyright (C) 2003-2005 Marc Lehmann + Copyright (C) 2003-2011 Marc Lehmann This file is part of GVPE. - GVPE is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with gvpe; if not, write to the Free Software - Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. */ +// TODO: EDNS0 option to increase dns mtu? +// TODO: re-write dns packet parsing/creation using a safe mem-buffer +// to ensure no buffer overflows or similar problems. + #include "config.h" #if ENABLE_DNS @@ -40,30 +54,27 @@ #include +#include /* bug in libgmp: gmp.h relies on cstdio being included */ #include #include "netcompat.h" #include "vpn.h" -#define MIN_POLL_INTERVAL .02 // how often to poll minimally when the server has data -#define MAX_POLL_INTERVAL 6. // how often to poll minimally when the server has no data -#define ACTIVITY_INTERVAL 5. +#define MIN_POLL_INTERVAL 0.025 // poll at most this often when no data received +#define MAX_POLL_INTERVAL 1. // how often to poll minimally when the server has no data #define INITIAL_TIMEOUT 0.1 // retry timeouts -#define INITIAL_SYN_TIMEOUT 10. // retry timeout for initial syn +#define INITIAL_SYN_TIMEOUT 2. // retry timeout for initial syn -#define MIN_SEND_INTERVAL 0.01 // wait at least this time between sending requests -#define MAX_SEND_INTERVAL 0.5 // optimistic? +#define MAX_SEND_INTERVAL 5. // optimistic? -#define LATENCY_FACTOR 0.5 // RTT * LATENCY_FACTOR == sending rate -#define MAX_OUTSTANDING 20 // max. outstanding requests #define MAX_WINDOW 1000 // max. for MAX_OUTSTANDING, and backlog -#define MAX_BACKLOG (100*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE +#define MAX_BACKLOG (64*1024) // size of gvpe protocol backlog (bytes), must be > MAXSIZE -#define MAX_DOMAIN_SIZE 200 // 255 is legal limit, but bind doesn't compress well +#define MAX_DOMAIN_SIZE 235 // 255 is legal limit, but bind doesn't compress well // 240 leaves about 4 bytes of server reply data -// every two request bytes less give room for one reply byte +// every request byte less give room for two reply bytes #define SEQNO_MASK 0x3fff #define SEQNO_EQ(a,b) ( 0 == ( ((a) ^ (b)) & SEQNO_MASK) ) @@ -74,6 +85,7 @@ #define RR_TYPE_A 1 #define RR_TYPE_NULL 10 #define RR_TYPE_TXT 16 +#define RR_TYPE_AAAA 28 #define RR_TYPE_ANY 255 #define RR_CLASS_IN 1 @@ -81,9 +93,23 @@ #define CMD_IP_1 207 #define CMD_IP_2 46 #define CMD_IP_3 236 -#define CMD_IP_RST 29 -#define CMD_IP_SYN 113 -#define CMD_IP_REJ 32 + +#define CMD_IP_RST 29 // some error, reset and retry +#define CMD_IP_REJ 32 // do not want you +#define CMD_IP_SYN 113 // connection established +#define CMD_IP_CSE 213 // connection established, but likely case mismatch + +static bool +is_uc (char c) +{ + return 'A' <= c && c <= 'Z'; +} + +static bool +is_lc (char c) +{ + return 'a' <= c && c <= 'z'; +} // works for cmaps up to 255 (not 256!) struct charmap @@ -107,8 +133,14 @@ for (size = 0; cmap [size]; size++) { - enc [size] = cmap [size]; - dec [(u8)enc [size]] = size; + char c = cmap [size]; + + enc [size] = c; + dec [(u8)c] = size; + + // allow lowercase/uppercase aliases if possible + if (is_uc (c) && dec [c + ('a' - 'A')] == INVALID) dec [c + ('a' - 'A')] = size; + if (is_lc (c) && dec [c - ('a' - 'A')] == INVALID) dec [c - ('a' - 'A')] = size; } assert (size < 256); @@ -125,11 +157,11 @@ unsigned int enc_len [MAX_DEC_LEN]; unsigned int dec_len [MAX_ENC_LEN]; - unsigned int encode_len (unsigned int len); - unsigned int decode_len (unsigned int len); + unsigned int encode_len (unsigned int len) const; + unsigned int decode_len (unsigned int len) const; - unsigned int encode (char *dst, u8 *src, unsigned int len); - unsigned int decode (u8 *dst, char *src, unsigned int len); + unsigned int encode (char *dst, u8 *src, unsigned int len) const; + unsigned int decode (u8 *dst, char *src, unsigned int len) const; basecoder (const char *cmap); }; @@ -158,12 +190,14 @@ } } -unsigned int basecoder::encode_len (unsigned int len) +unsigned int +basecoder::encode_len (unsigned int len) const { return enc_len [len]; } -unsigned int basecoder::decode_len (unsigned int len) +unsigned int +basecoder::decode_len (unsigned int len) const { while (len && !dec_len [len]) --len; @@ -171,7 +205,8 @@ return dec_len [len]; } -unsigned int basecoder::encode (char *dst, u8 *src, unsigned int len) +unsigned int +basecoder::encode (char *dst, u8 *src, unsigned int len) const { if (!len || len > MAX_DEC_LEN) return 0; @@ -200,7 +235,8 @@ return elen; } -unsigned int basecoder::decode (u8 *dst, char *src, unsigned int len) +unsigned int +basecoder::decode (u8 *dst, char *src, unsigned int len) const { if (!len || len > MAX_ENC_LEN) return 0; @@ -259,39 +295,39 @@ } #endif -//static basecoder cdc64 ("_dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI-"); -//static basecoder cdc63 ("_dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); -static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); -//static basecoder cdc36 ("dphzr06qmjkb34tsvl81xaef92wgyo57ucni"); // unused as of yet -static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyO"); +static basecoder cdc62 ("dDpPhHzZrR06QqMmjJkKBb34TtSsvVlL81xXaAeEFf92WwGgYyoO57UucCNniI"); // a-zA-Z0-9 +static basecoder cdc36 ("dPhZr06QmJkB34tSvL81xAeF92wGyO57uCnI"); // a-z0-9 for case-changers +static basecoder cdc26 ("dPhZrQmJkBtSvLxAeFwGyOuCnI"); // a-z ///////////////////////////////////////////////////////////////////////////// -#define HDRSIZE 6 +#define HDRSIZE 5 -inline void encode_header (char *data, int clientid, int seqno, int retry = 0) +inline void +encode_header (char *data, int clientid, int seqno, int retry = 0) { + assert (clientid < 256); + seqno &= SEQNO_MASK; u8 hdr[3] = { - clientid, - (seqno >> 8) | (retry << 6), seqno, + (seqno >> 8) | (retry << 6), + clientid, }; - assert (clientid < 256); - - cdc26.encode (data, hdr, 3); + cdc36.encode (data, hdr, 3); } -inline void decode_header (char *data, int &clientid, int &seqno) +inline void +decode_header (char *data, int &clientid, int &seqno) { u8 hdr[3]; - cdc26.decode (hdr, data, HDRSIZE); + cdc36.decode (hdr, data, HDRSIZE); - clientid = hdr[0]; - seqno = ((hdr[1] << 8) | hdr[2]) & SEQNO_MASK; + clientid = hdr[2]; + seqno = ((hdr[1] << 8) | hdr[0]) & SEQNO_MASK; } ///////////////////////////////////////////////////////////////////////////// @@ -327,7 +363,8 @@ delete data; } -void byte_stream::remove (int count) +void +byte_stream::remove (int count) { if (count > fill) assert (count <= fill); @@ -335,7 +372,8 @@ memmove (data, data + count, fill -= count); } -bool byte_stream::put (u8 *data, unsigned int datalen) +bool +byte_stream::put (u8 *data, unsigned int datalen) { if (maxsize - fill < datalen) return false; @@ -345,7 +383,8 @@ return true; } -bool byte_stream::put (vpn_packet *pkt) +bool +byte_stream::put (vpn_packet *pkt) { if (maxsize - fill < pkt->len + 2) return false; @@ -360,17 +399,20 @@ vpn_packet *byte_stream::get () { + if (fill < 2) + return 0; + unsigned int len; for (;;) { len = (data [0] << 8) | data [1]; - if (len <= MAXSIZE || fill < 2) + if (len <= MAXSIZE) break; // TODO: handle this better than skipping, e.g. by reset - slog (L_DEBUG, _("DNS: corrupted packet stream skipping a byte...")); + slog (L_DEBUG, _("DNS: corrupted packet (%02x %02x) stream skipping a byte..."), data [0], data [1]); remove (1); } @@ -411,65 +453,93 @@ { static int next_uid; - u8 id1, id2, id3, id4; + u8 chksum; + u8 rrtype; + u16 uid; // to make request unique u8 version; u8 flags; - u8 rrtype; - u8 def_ttl; + u16 max_size; - u16 client; - u16 uid; // to make request unique + u8 id1, id2, id3, id4; - u16 max_size; - u8 seq_cdc; - u8 req_cdc; + u16 client; + u8 def_ttl; + u8 r0; - u8 rep_cdc; - u8 r2, r3, r4; + u8 syn_cdc; // cdc en/decoder for syn (A?) requests + u8 hdr_cdc; // cdc en/decoder for regular request headers + u8 req_cdc; // cdc en/decoder for regular (ANY?) request data + u8 rep_cdc; // cdc en/decoder for regular (TXT) replies, 0 == 8 bit encoding - u8 r5, r6, r7, r8; + u8 r1, r2, r3, r4; void reset (int clientid); bool valid (); + u8 get_chksum (); }; int dns_cfg::next_uid; -void dns_cfg::reset (int clientid) +void +dns_cfg::reset (int clientid) { + // this ID must result in some mixed-case characters in cdc26-encoding id1 = 'G'; id2 = 'V'; id3 = 'P'; id4 = 'E'; - version = 1; + version = 2; rrtype = RR_TYPE_TXT; flags = 0; def_ttl = 0; - seq_cdc = 26; - req_cdc = 62; + syn_cdc = 26; + hdr_cdc = 36; + req_cdc = conf.dns_case_preserving ? 62 : 36; rep_cdc = 0; - max_size = ntohs (MAX_PKT_SIZE); - client = ntohs (clientid); - uid = next_uid++; + max_size = htons (MAX_PKT_SIZE); + client = htons (clientid); + uid = ++next_uid; + + r0 = r1 = r2 = r3 = r4 = 0; + + chksum = get_chksum (); +} - r2 = r3 = r4 = 0; - r4 = r5 = r6 = r7 = 0; +// simple but not trivial chksum +u8 +dns_cfg::get_chksum () +{ + unsigned int sum = 0xff00; // only 16 bits required + + u8 old_chksum = chksum; + chksum = 0; + + for (unsigned int i = 0; i < sizeof (*this); ++i) + sum += ((u8 *)this)[i] * (i + 1); + + chksum = old_chksum; + + return sum + (sum >> 8); } -bool dns_cfg::valid () +bool +dns_cfg::valid () { + // although the protocol itself allows for some configurability, + // only the following encoding/decoding settings are implemented. return id1 == 'G' && id2 == 'V' && id3 == 'P' && id4 == 'E' - && seq_cdc == 26 - && req_cdc == 62 + && version == 2 + && syn_cdc == 26 + && hdr_cdc == 36 + && (req_cdc == 36 || req_cdc == 62) && rep_cdc == 0 - && version == 1 - && max_size == ntohs (MAX_PKT_SIZE); + && chksum == get_chksum (); } struct dns_packet : net_packet @@ -483,7 +553,8 @@ int decode_label (char *data, int size, int &offs); }; -int dns_packet::decode_label (char *data, int size, int &offs) +int +dns_packet::decode_label (char *data, int size, int &offs) { char *orig = data; @@ -519,10 +590,12 @@ ///////////////////////////////////////////////////////////////////////////// -static u16 dns_id = 0; // TODO: should be per-vpn - -static u16 next_id () +static +u16 next_id () { + static u16 dns_id = 0; // TODO: should be per-vpn + +#if 1 if (!dns_id) dns_id = time (0); @@ -534,6 +607,11 @@ ^ (dns_id >> 15)) & 1); return dns_id; +#else + dns_id++;//D + + return htons (dns_id); +#endif } struct dns_rcv; @@ -547,6 +625,7 @@ dns_cfg cfg; bool established; + const basecoder *cdc; tstamp last_received; tstamp last_sent; @@ -555,12 +634,15 @@ vector rcvpq; - byte_stream rcvdq; int rcvseq; + byte_stream rcvdq; int rcvseq; int repseq; byte_stream snddq; int sndseq; - void time_cb (time_watcher &w); time_watcher tw; + inline void time_cb (ev::timer &w, int revents); ev::timer tw; void receive_rep (dns_rcv *r); + void reset (); // quite like tcp RST + void set_cfg (); // to be called after any cfg changes + dns_connection (connection *c); ~dns_connection (); }; @@ -587,7 +669,7 @@ timeout = 0; retry = 0; seqno = 0; - sent = NOW; + sent = ev_now (); stdhdr = false; pkt = new dns_packet; @@ -600,7 +682,8 @@ delete pkt; } -static void append_domain (dns_packet &pkt, int &offs, const char *domain) +static void +append_domain (dns_packet &pkt, int &offs, const char *domain) { // add tunnel domain for (;;) @@ -623,12 +706,13 @@ } } -void dns_snd::gen_stream_req (int seqno, byte_stream &stream) +void +dns_snd::gen_stream_req (int seqno, byte_stream &stream) { stdhdr = true; this->seqno = seqno; - timeout = NOW + INITIAL_TIMEOUT; + timeout = ev_now () + INITIAL_TIMEOUT; pkt->flags = htons (DEFAULT_CLIENT_FLAGS); pkt->qdcount = htons (1); @@ -641,12 +725,12 @@ char enc[256], *encp = enc; encode_header (enc, THISNODE->id, seqno); - int datalen = cdc62.decode_len (dlen - (dlen + MAX_LBL_SIZE - 1) / MAX_LBL_SIZE - HDRSIZE); + int datalen = dns->cdc->decode_len (dlen - (dlen + MAX_LBL_SIZE - 1) / MAX_LBL_SIZE - HDRSIZE); if (datalen > stream.size ()) datalen = stream.size (); - int enclen = cdc62.encode (enc + HDRSIZE, stream.begin (), datalen) + HDRSIZE; + int enclen = dns->cdc->encode (enc + HDRSIZE, stream.begin (), datalen) + HDRSIZE; stream.remove (datalen); while (enclen) @@ -671,9 +755,10 @@ pkt->len = offs; } -void dns_snd::gen_syn_req () +void +dns_snd::gen_syn_req () { - timeout = NOW + INITIAL_SYN_TIMEOUT; + timeout = ev_now () + INITIAL_SYN_TIMEOUT; pkt->flags = htons (DEFAULT_CLIENT_FLAGS); pkt->qdcount = htons (1); @@ -722,45 +807,59 @@ dns_connection::dns_connection (connection *c) : c (c) , rcvdq (MAX_BACKLOG * 2) -, snddq (MAX_BACKLOG * 2) -, tw (this, &dns_connection::time_cb) +, snddq (MAX_BACKLOG) { + tw.set (this); + vpn = c->vpn; + reset (); +} + +dns_connection::~dns_connection () +{ + reset (); +} + +void +dns_connection::reset () +{ + while (!rcvpq.empty ()) + { + delete rcvpq.back (); + rcvpq.pop_back (); + } + + for (int i = vpn->dns_sndpq.size (); i--; ) + if (vpn->dns_sndpq [i]->dns == this) + { + vpn->dns_sndpq [i] = vpn->dns_sndpq.back (); + vpn->dns_sndpq.pop_back (); + } + established = false; - rcvseq = sndseq = 0; + rcvseq = repseq = sndseq = 0; - last_sent = last_received = 0; - poll_interval = MIN_POLL_INTERVAL; + last_sent = 0; + poll_interval = 0.5; // starting here send_interval = 0.5; // starting rate min_latency = INITIAL_TIMEOUT; } -dns_connection::~dns_connection () +void +dns_connection::set_cfg () { - for (vector::iterator i = rcvpq.begin (); - i != rcvpq.end (); - ++i) - delete *i; + cdc = cfg.req_cdc == 36 ? &cdc36 : &cdc62; } -void dns_connection::receive_rep (dns_rcv *r) +void +dns_connection::receive_rep (dns_rcv *r) { if (r->datalen) - { - last_received = NOW; - tw.trigger (); - - poll_interval = send_interval; - } + poll_interval = max (poll_interval * (1. / 1.2), MIN_POLL_INTERVAL); else - { - poll_interval *= 1.5; - - if (poll_interval > MAX_POLL_INTERVAL) - poll_interval = MAX_POLL_INTERVAL; - } + poll_interval = min (poll_interval * 1.1, MAX_POLL_INTERVAL); rcvpq.push_back (r); @@ -770,6 +869,7 @@ for (vector::iterator i = rcvpq.end (); i-- != rcvpq.begin (); ) if (SEQNO_EQ (rcvseq, (*i)->seqno)) { + //printf ("seqno eq %x %x\n", rcvseq, (*i)->seqno);//D // enter the packet into our input stream r = *i; @@ -777,6 +877,7 @@ for (vector::iterator j = rcvpq.begin (); j != rcvpq.end (); ++j) if (SEQNO_EQ ((*j)->seqno, rcvseq - MAX_WINDOW)) { + //printf ("seqno RR %x %x\n", (*j)->seqno, rcvseq - MAX_WINDOW);//D delete *j; rcvpq.erase (j); break; @@ -786,17 +887,18 @@ if (!rcvdq.put (r->data, r->datalen)) { - slog (L_ERR, "DNS: !rcvdq.put (r->data, r->datalen)"); - abort (); // MUST never overflow, can be caused by data corruption, TODO + // MUST never overflow, can be caused by data corruption, TODO + slog (L_CRIT, "DNS: !rcvdq.put (r->data, r->datalen)"); + reset (); + return; } while (vpn_packet *pkt = rcvdq.get ()) { sockinfo si; - si.host = 0x01010101; si.port = htons (c->conf->id); si.prot = PROT_DNSv4; + si.host = htonl (c->conf->id); si.port = 0; si.prot = PROT_DNSv4; vpn->recv_vpn_packet (pkt, si); - delete pkt; } @@ -849,18 +951,17 @@ int client, seqno; decode_header (qname, client, seqno); - u8 data[MAXSIZE]; - int datalen = cdc62.decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE)); - if (0 < client && client <= conns.size ()) { connection *c = conns [client - 1]; dns_connection *dns = c->dns; dns_rcv *rcv; - bool in_seq; if (dns) { + u8 data[MAXSIZE]; + int datalen = dns->cdc->decode (data, qname + HDRSIZE, qlen - (dlen + 1 + HDRSIZE)); + for (vector::iterator i = dns->rcvpq.end (); i-- != dns->rcvpq.begin (); ) if (SEQNO_EQ ((*i)->seqno, seqno)) { @@ -878,8 +979,6 @@ goto duplicate_request; } - in_seq = dns->rcvseq == seqno; - // new packet, queue rcv = new dns_rcv (seqno, data, datalen); dns->receive_rep (rcv); @@ -896,31 +995,38 @@ int rdlen_offs = offs += 2; - int dlen = (dns ? ntohs (dns->cfg.max_size) : MAX_PKT_SIZE) - offs; - // bind doesn't compress well, so reduce further by one label length - dlen -= qlen; - if (dns) { + int dlen = ntohs (dns->cfg.max_size) - offs; + + // bind doesn't compress well, so reduce further by one label length + dlen -= qlen; + // only put data into in-order sequence packets, if // we receive out-of-order packets we generate empty // replies - while (dlen > 1 && !dns->snddq.empty () && in_seq) + //printf ("%d - %d & %x (=%d) < %d\n", seqno, dns->repseq, SEQNO_MASK, (seqno - dns->repseq) & SEQNO_MASK, MAX_WINDOW);//D + if (((seqno - dns->repseq) & SEQNO_MASK) <= MAX_WINDOW) { - int txtlen = dlen <= 255 ? dlen - 1 : 255; - - if (txtlen > dns->snddq.size ()) - txtlen = dns->snddq.size (); + dns->repseq = seqno; - pkt[offs++] = txtlen; - memcpy (pkt.at (offs), dns->snddq.begin (), txtlen); - offs += txtlen; - dns->snddq.remove (txtlen); + while (dlen > 1 && !dns->snddq.empty ()) + { + int txtlen = dlen <= 255 ? dlen - 1 : 255; + + if (txtlen > dns->snddq.size ()) + txtlen = dns->snddq.size (); + + pkt[offs++] = txtlen; + memcpy (pkt.at (offs), dns->snddq.begin (), txtlen); + offs += txtlen; + dns->snddq.remove (txtlen); - dlen -= txtlen + 1; + dlen -= txtlen + 1; + } } - // avoid empty TXT rdata + // avoid completely empty TXT rdata if (offs == rdlen_offs) pkt[offs++] = 0; @@ -966,8 +1072,6 @@ pkt [offs++] = 0; pkt [offs++] = cfg.def_ttl; // TTL pkt [offs++] = 0; pkt [offs++] = 4; // rdlength - slog (L_INFO, _("DNS: client %d connects"), client); - pkt [offs++] = CMD_IP_1; pkt [offs++] = CMD_IP_2; pkt [offs++] = CMD_IP_3; pkt [offs++] = CMD_IP_REJ; @@ -977,11 +1081,20 @@ if (cfg.valid ()) { - pkt [offs - 1] = CMD_IP_SYN; + slog (L_INFO, _("DNS: client %d connects (version %d, req_cdc %d)"), client, cfg.version, cfg.req_cdc); + + // check for any encoding mismatches - hints at a case problem + char qname2 [MAX_ENC_LEN]; + cdc26.encode (qname2, (u8 *)&cfg, sizeof (dns_cfg)); delete c->dns; + + pkt [offs - 1] = memcmp (qname, qname2, cdc26.encode_len (sizeof (dns_cfg))) + ? CMD_IP_CSE : CMD_IP_SYN; + c->dns = new dns_connection (c); c->dns->cfg = cfg; + c->dns->set_cfg (); } } } @@ -1010,6 +1123,7 @@ connection *c = dns->c; int seqno = (*i)->seqno; u8 data[MAXSIZE], *datap = data; + //printf ("rcv pkt %x\n", seqno);//D if ((*i)->retry) { @@ -1019,21 +1133,21 @@ } else { -#if 1 +#if 0 dns->send_interval *= 0.999; #endif - if (dns->send_interval < MIN_SEND_INTERVAL) - dns->send_interval = MIN_SEND_INTERVAL; - // the latency surely puts an upper bound on // the minimum send interval - double latency = NOW - (*i)->sent; + double latency = ev_now () - (*i)->sent; if (latency < dns->min_latency) dns->min_latency = latency; - if (dns->send_interval > dns->min_latency * LATENCY_FACTOR) - dns->send_interval = dns->min_latency * LATENCY_FACTOR; + if (dns->send_interval > dns->min_latency * conf.dns_overlap_factor) + dns->send_interval = dns->min_latency * conf.dns_overlap_factor; + + if (dns->send_interval < conf.dns_send_interval) + dns->send_interval = conf.dns_send_interval; } delete *i; @@ -1061,7 +1175,7 @@ ttl |= pkt [offs++]; u16 rdlen = pkt [offs++] << 8; rdlen |= pkt [offs++]; - if (qtype == RR_TYPE_NULL || qtype == RR_TYPE_TXT) + if (qtype == RR_TYPE_NULL || qtype == RR_TYPE_TXT || qtype == dns->cfg.rrtype) { if (rdlen <= MAXSIZE - offs) { @@ -1097,10 +1211,9 @@ if (ip [3] == CMD_IP_RST) { - slog (L_DEBUG, _("DNS: got tunnel RST request")); - - delete dns; c->dns = 0; + slog (L_DEBUG, _("DNS: got tunnel RST request.")); + dns->reset (); return; } else if (ip [3] == CMD_IP_SYN) @@ -1108,13 +1221,31 @@ slog (L_DEBUG, _("DNS: got tunnel SYN reply, server likes us.")); dns->established = true; } + else if (ip [3] == CMD_IP_CSE) + { + if (conf.dns_case_preserving) + { + slog (L_INFO, _("DNS: got tunnel CSE reply, globally downgrading to case-insensitive protocol.")); + conf.dns_case_preserving = false; + dns->reset (); + return; + } + else + { + slog (L_DEBUG, _("DNS: got tunnel CSE reply, server likes us.")); + dns->established = true; + } + } else if (ip [3] == CMD_IP_REJ) { - slog (L_DEBUG, _("DNS: got tunnel REJ reply, server does not like us, aborting.")); - abort (); + slog (L_ERR, _("DNS: got tunnel REJ reply, server does not like us.")); + dns->tw.start (60.); } else - slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]); + { + slog (L_INFO, _("DNS: got unknown meta command %02x"), ip [3]); + dns->tw.start (60.); + } } else slog (L_INFO, _("DNS: got spurious a record %d.%d.%d.%d"), @@ -1148,9 +1279,9 @@ } void -vpn::dnsv4_ev (io_watcher &w, short revents) +vpn::dnsv4_ev (ev::io &w, int revents) { - if (revents & EVENT_READ) + if (revents & EV_READ) { dns_packet *pkt = new dns_packet; struct sockaddr_in sa; @@ -1176,7 +1307,7 @@ bool vpn::send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) { - int client = ntohs (si.port); + int client = ntohl (si.host); assert (0 < client && client <= conns.size ()); @@ -1185,31 +1316,25 @@ if (!c->dns) c->dns = new dns_connection (c); - if (!c->dns->snddq.put (pkt)) - return false; - - c->dns->tw.trigger (); + if (c->dns->snddq.put (pkt)) + { + min_it (c->dns->poll_interval, 0.25); + c->dns->tw (); + } + // always return true even if the buffer overflows return true; } void -connection::dnsv4_reset_connection () -{ - //delete dns; dns = 0; //TODO -} - -#define NEXT(w) do { if (next > (w)) next = w; } while (0) - -void -dns_connection::time_cb (time_watcher &w) +dns_connection::time_cb (ev::timer &w, int revents) { // servers have to be polled if (THISNODE->dns_port) return; // check for timeouts and (re)transmit - tstamp next = NOW + poll_interval; + tstamp next = 86400 * 365; dns_snd *send = 0; for (vector::iterator i = vpn->dns_sndpq.begin (); @@ -1218,83 +1343,79 @@ { dns_snd *r = *i; - if (r->timeout <= NOW) + if (r->timeout <= ev_now ()) { if (!send) { send = r; r->retry++; - r->timeout = NOW + (r->retry * min_latency * 8.); + r->timeout = ev_now () + r->retry * min_latency * conf.dns_timeout_factor; + //printf ("RETRY %x (%d, %f)\n", r->seqno, r->retry, r->timeout - ev_now ());//D // the following code changes the query section a bit, forcing // the forwarder to generate a new request if (r->stdhdr) - { - //printf ("reencoded header for ID %d retry %d:%d:%d\n", htons (r->pkt->id), THISNODE->id, r->seqno, r->retry);printf ("reencoded header for ID %d retry %d:%d:%d\n", htons (r->pkt->id), THISNODE->id, r->seqno, r->retry); - //encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry); - } + encode_header ((char *)r->pkt->at (6 * 2 + 1), THISNODE->id, r->seqno, r->retry); } } else - NEXT (r->timeout); + min_it (next, r->timeout - ev_now ()); } - if (last_sent + send_interval <= NOW) + if (!send) { - if (!send) - { - // generate a new packet, if wise + // generate a new packet, if wise - if (!established) + if (!established) + { + if (vpn->dns_sndpq.empty ()) { - if (vpn->dns_sndpq.empty ()) - { - send = new dns_snd (this); + send = new dns_snd (this); - cfg.reset (THISNODE->id); - send->gen_syn_req (); - } + cfg.reset (THISNODE->id); + set_cfg (); + send->gen_syn_req (); } - else if (vpn->dns_sndpq.size () < MAX_OUTSTANDING - && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1))) + } + else if (vpn->dns_sndpq.size () < conf.dns_max_outstanding + && !SEQNO_EQ (rcvseq, sndseq - (MAX_WINDOW - 1))) + { + if (last_sent + send_interval <= ev_now ()) { //printf ("sending data request etc.\n"); //D - if (!snddq.empty () || last_received + 1. > NOW) - { - poll_interval = send_interval; - NEXT (NOW + send_interval); - } + if (!snddq.empty ()) + min_it (next, send_interval); send = new dns_snd (this); send->gen_stream_req (sndseq, snddq); - send->timeout = NOW + min_latency * 8.; + send->timeout = ev_now () + min_latency * conf.dns_timeout_factor; + //printf ("SEND %x (%f)\n", send->seqno, send->timeout - ev_now (), min_latency, conf.dns_timeout_factor);//D sndseq = (sndseq + 1) & SEQNO_MASK; } - - if (send) - vpn->dns_sndpq.push_back (send); + else + min_it (next, last_sent + send_interval - ev_now ()); } if (send) - { - last_sent = NOW; - sendto (vpn->dnsv4_fd, - send->pkt->at (0), send->pkt->len, 0, - vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ()); - } + vpn->dns_sndpq.push_back (send); } - else - NEXT (last_sent + send_interval); - slog (L_NOISE, "DNS: pi %f si %f N %f (%d:%d)", - poll_interval, send_interval, next - NOW, - vpn->dns_sndpq.size (), snddq.size ()); - - // TODO: no idea when this happens, but when next < NOW, we have a problem - if (next < NOW + 0.0001) - next = NOW + 0.1; + if (send) + { + last_sent = ev_now (); + sendto (vpn->dnsv4_fd, + send->pkt->at (0), send->pkt->len, 0, + vpn->dns_forwarder.sav4 (), vpn->dns_forwarder.salenv4 ()); + } + + min_it (next, last_sent + max (poll_interval, send_interval) - ev_now ()); + + slog (L_NOISE, "DNS: pi %f si %f N %f (%d:%d %d)", + poll_interval, send_interval, next - ev_now (), + vpn->dns_sndpq.size (), snddq.size (), + rcvpq.size ()); w.start (next); }