Allow setting netmask in iodined, fixes #27. The same netmask will be given to clients as well. Updated docs.
This commit is contained in:
parent
c7fa4ddde2
commit
43c438971b
|
@ -17,6 +17,11 @@ CHANGES:
|
||||||
- Upstream data is now Base64 encoded if relay server preserves case and
|
- Upstream data is now Base64 encoded if relay server preserves case and
|
||||||
supports the plus (+) character in domain names, fixes #16.
|
supports the plus (+) character in domain names, fixes #16.
|
||||||
- Fixed problem in client when DNS trans. ID has highest bit set (#37)
|
- Fixed problem in client when DNS trans. ID has highest bit set (#37)
|
||||||
|
- IP addresses are now assigned within the netmask, so iodined can
|
||||||
|
use any address for itself, fixes #28.
|
||||||
|
- Netmask size is now adjustable. Setting a small net will reduce the
|
||||||
|
number of users. Use x.x.x.x/n notation on iodined tunnel ip.
|
||||||
|
This fixes #27.
|
||||||
|
|
||||||
2008-08-06: 0.4.2 "Opened Zone"
|
2008-08-06: 0.4.2 "Opened Zone"
|
||||||
- Applied a few small patches from Maxim Bourmistrov and Gregor Herrmann
|
- Applied a few small patches from Maxim Bourmistrov and Gregor Herrmann
|
||||||
|
|
|
@ -26,7 +26,7 @@ Client sends:
|
||||||
CMC
|
CMC
|
||||||
Server replies:
|
Server replies:
|
||||||
LNAK means not accepted
|
LNAK means not accepted
|
||||||
x.x.x.x-y.y.y.y-mtu means accepted (server ip, client ip, mtu)
|
x.x.x.x-y.y.y.y-mtu-netmask means accepted (server ip, client ip, mtu, netmask bits)
|
||||||
|
|
||||||
Case check:
|
Case check:
|
||||||
Client sends:
|
Client sends:
|
||||||
|
|
|
@ -45,6 +45,9 @@ iodine, iodined \- tunnel IPv4 over DNS
|
||||||
.I password
|
.I password
|
||||||
.B ]
|
.B ]
|
||||||
.I tunnel_ip
|
.I tunnel_ip
|
||||||
|
.B [
|
||||||
|
.I /netmask
|
||||||
|
.B ]
|
||||||
.I topdomain
|
.I topdomain
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
.B iodine
|
.B iodine
|
||||||
|
@ -133,10 +136,12 @@ is the iodined server, then the topdomain can be chosen freely. This argument
|
||||||
must be the same on both the client and the server.
|
must be the same on both the client and the server.
|
||||||
.SS Server Arguments:
|
.SS Server Arguments:
|
||||||
.TP
|
.TP
|
||||||
.B tunnel_ip
|
.B tunnel_ip[/netmask]
|
||||||
This is the servers ip address on the tunnel interface. The client will be
|
This is the servers ip address on the tunnel interface. The client will be
|
||||||
given the next ip number in the range. It is recommended to use the
|
given the next ip number in the range. It is recommended to use the
|
||||||
10.0.0.0/8 or 172.16.0.0/12 ranges.
|
10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overriden
|
||||||
|
by specifying it here. Using a smaller network will limit the number of
|
||||||
|
concurrent users.
|
||||||
.TP
|
.TP
|
||||||
.B topdomain
|
.B topdomain
|
||||||
The dns traffic will is expected to be sent as querys of type NULL for
|
The dns traffic will is expected to be sent as querys of type NULL for
|
||||||
|
|
|
@ -488,15 +488,16 @@ perform_login:
|
||||||
}
|
}
|
||||||
|
|
||||||
if (read > 0) {
|
if (read > 0) {
|
||||||
|
int netmask;
|
||||||
if (strncmp("LNAK", in, 4) == 0) {
|
if (strncmp("LNAK", in, 4) == 0) {
|
||||||
printf("Bad password\n");
|
printf("Bad password\n");
|
||||||
return 1;
|
return 1;
|
||||||
} else if (sscanf(in, "%64[^-]-%64[^-]-%d",
|
} else if (sscanf(in, "%64[^-]-%64[^-]-%d-%d",
|
||||||
server, client, &mtu) == 3) {
|
server, client, &mtu, &netmask) == 4) {
|
||||||
|
|
||||||
server[64] = 0;
|
server[64] = 0;
|
||||||
client[64] = 0;
|
client[64] = 0;
|
||||||
if (tun_setip(client) == 0 &&
|
if (tun_setip(client, netmask) == 0 &&
|
||||||
tun_setmtu(mtu) == 0) {
|
tun_setmtu(mtu) == 0) {
|
||||||
goto perform_case_check;
|
goto perform_case_check;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -56,10 +56,12 @@ static int running = 1;
|
||||||
static char *topdomain;
|
static char *topdomain;
|
||||||
static char password[33];
|
static char password[33];
|
||||||
static struct encoder *b32;
|
static struct encoder *b32;
|
||||||
|
static int created_users;
|
||||||
|
|
||||||
static int check_ip;
|
static int check_ip;
|
||||||
static int my_mtu;
|
static int my_mtu;
|
||||||
static in_addr_t my_ip;
|
static in_addr_t my_ip;
|
||||||
|
static int netmask;
|
||||||
|
|
||||||
static in_addr_t ns_ip;
|
static in_addr_t ns_ip;
|
||||||
|
|
||||||
|
@ -230,7 +232,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
|
||||||
users[userid].q.id = 0;
|
users[userid].q.id = 0;
|
||||||
} else {
|
} else {
|
||||||
/* No space for another user */
|
/* No space for another user */
|
||||||
send_version_response(dns_fd, VERSION_FULL, USERS, 0, q);
|
send_version_response(dns_fd, VERSION_FULL, created_users, 0, q);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
send_version_response(dns_fd, VERSION_NACK, VERSION, 0, q);
|
send_version_response(dns_fd, VERSION_NACK, VERSION, 0, q);
|
||||||
|
@ -251,15 +253,15 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
|
||||||
write_dns(dns_fd, q, "BADIP", 5);
|
write_dns(dns_fd, q, "BADIP", 5);
|
||||||
} else {
|
} else {
|
||||||
if (read >= 18 && (memcmp(logindata, unpacked+1, 16) == 0)) {
|
if (read >= 18 && (memcmp(logindata, unpacked+1, 16) == 0)) {
|
||||||
/* Login ok, send ip/mtu info */
|
/* Login ok, send ip/mtu/netmask info */
|
||||||
|
|
||||||
tempip.s_addr = my_ip;
|
tempip.s_addr = my_ip;
|
||||||
tmp[0] = strdup(inet_ntoa(tempip));
|
tmp[0] = strdup(inet_ntoa(tempip));
|
||||||
tempip.s_addr = users[userid].tun_ip;
|
tempip.s_addr = users[userid].tun_ip;
|
||||||
tmp[1] = strdup(inet_ntoa(tempip));
|
tmp[1] = strdup(inet_ntoa(tempip));
|
||||||
|
|
||||||
read = snprintf(out, sizeof(out), "%s-%s-%d",
|
read = snprintf(out, sizeof(out), "%s-%s-%d-%d",
|
||||||
tmp[0], tmp[1], my_mtu);
|
tmp[0], tmp[1], my_mtu, netmask);
|
||||||
|
|
||||||
write_dns(dns_fd, q, out, read);
|
write_dns(dns_fd, q, out, read);
|
||||||
q->id = 0;
|
q->id = 0;
|
||||||
|
@ -726,7 +728,7 @@ usage() {
|
||||||
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
|
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
|
||||||
"[-t chrootdir] [-d device] [-m mtu] "
|
"[-t chrootdir] [-d device] [-m mtu] "
|
||||||
"[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]"
|
"[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]"
|
||||||
" tunnel_ip topdomain\n", __progname);
|
" tunnel_ip[/netmask] topdomain\n", __progname);
|
||||||
exit(2);
|
exit(2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -738,7 +740,7 @@ help() {
|
||||||
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
|
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
|
||||||
"[-t chrootdir] [-d device] [-m mtu] "
|
"[-t chrootdir] [-d device] [-m mtu] "
|
||||||
"[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]"
|
"[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]"
|
||||||
" tunnel_ip topdomain\n", __progname);
|
" tunnel_ip[/netmask] topdomain\n", __progname);
|
||||||
printf(" -v to print version info and exit\n");
|
printf(" -v to print version info and exit\n");
|
||||||
printf(" -h to print this help and exit\n");
|
printf(" -h to print this help and exit\n");
|
||||||
printf(" -c to disable check of client IP/port on each request\n");
|
printf(" -c to disable check of client IP/port on each request\n");
|
||||||
|
@ -757,6 +759,7 @@ help() {
|
||||||
printf(" -b port to forward normal DNS queries to (on localhost)\n");
|
printf(" -b port to forward normal DNS queries to (on localhost)\n");
|
||||||
printf(" -P password used for authentication (max 32 chars will be used)\n");
|
printf(" -P password used for authentication (max 32 chars will be used)\n");
|
||||||
printf("tunnel_ip is the IP number of the local tunnel interface.\n");
|
printf("tunnel_ip is the IP number of the local tunnel interface.\n");
|
||||||
|
printf(" /netmask sets the size of the tunnel network.\n");
|
||||||
printf("topdomain is the FQDN that is delegated to this server.\n");
|
printf("topdomain is the FQDN that is delegated to this server.\n");
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
@ -791,8 +794,7 @@ main(int argc, char **argv)
|
||||||
int port;
|
int port;
|
||||||
int mtu;
|
int mtu;
|
||||||
int skipipconfig;
|
int skipipconfig;
|
||||||
int netmask;
|
char *netsize;
|
||||||
int created_users;
|
|
||||||
|
|
||||||
username = NULL;
|
username = NULL;
|
||||||
newroot = NULL;
|
newroot = NULL;
|
||||||
|
@ -892,6 +894,13 @@ main(int argc, char **argv)
|
||||||
if (argc != 2)
|
if (argc != 2)
|
||||||
usage();
|
usage();
|
||||||
|
|
||||||
|
netsize = strchr(argv[0], '/');
|
||||||
|
if (netsize) {
|
||||||
|
*netsize = 0;
|
||||||
|
netsize++;
|
||||||
|
netmask = atoi(netsize);
|
||||||
|
}
|
||||||
|
|
||||||
my_ip = inet_addr(argv[0]);
|
my_ip = inet_addr(argv[0]);
|
||||||
|
|
||||||
if (my_ip == INADDR_NONE) {
|
if (my_ip == INADDR_NONE) {
|
||||||
|
@ -968,7 +977,7 @@ main(int argc, char **argv)
|
||||||
if ((tun_fd = open_tun(device)) == -1)
|
if ((tun_fd = open_tun(device)) == -1)
|
||||||
goto cleanup0;
|
goto cleanup0;
|
||||||
if (!skipipconfig)
|
if (!skipipconfig)
|
||||||
if (tun_setip(argv[0]) != 0 || tun_setmtu(mtu) != 0)
|
if (tun_setip(argv[0], netmask) != 0 || tun_setmtu(mtu) != 0)
|
||||||
goto cleanup1;
|
goto cleanup1;
|
||||||
if ((dnsd_fd = open_dns(port, listen_ip)) == -1)
|
if ((dnsd_fd = open_dns(port, listen_ip)) == -1)
|
||||||
goto cleanup2;
|
goto cleanup2;
|
||||||
|
|
23
src/tun.c
23
src/tun.c
|
@ -181,19 +181,30 @@ read_tun(int tun_fd, char *buf, size_t len)
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
tun_setip(const char *ip)
|
tun_setip(const char *ip, int netbits)
|
||||||
{
|
{
|
||||||
char cmdline[512];
|
char cmdline[512];
|
||||||
|
int netmask;
|
||||||
|
struct in_addr net;
|
||||||
|
int i;
|
||||||
|
|
||||||
#ifndef LINUX
|
#ifndef LINUX
|
||||||
int r;
|
int r;
|
||||||
#endif
|
#endif
|
||||||
|
netmask = 0;
|
||||||
|
for (i = 0; i < netbits; i++) {
|
||||||
|
netmask = (netmask << 1) | 1;
|
||||||
|
}
|
||||||
|
netmask <<= (32 - netbits);
|
||||||
|
net.s_addr = htonl(netmask);
|
||||||
|
|
||||||
if (inet_addr(ip) != INADDR_NONE) {
|
if (inet_addr(ip) != INADDR_NONE) {
|
||||||
snprintf(cmdline, sizeof(cmdline),
|
snprintf(cmdline, sizeof(cmdline),
|
||||||
"/sbin/ifconfig %s %s %s netmask 255.255.255.0",
|
"/sbin/ifconfig %s %s %s netmask %s",
|
||||||
if_name,
|
if_name,
|
||||||
ip,
|
ip,
|
||||||
ip);
|
ip,
|
||||||
|
inet_ntoa(net));
|
||||||
|
|
||||||
printf("Setting IP of %s to %s\n", if_name, ip);
|
printf("Setting IP of %s to %s\n", if_name, ip);
|
||||||
#ifndef LINUX
|
#ifndef LINUX
|
||||||
|
@ -202,10 +213,10 @@ tun_setip(const char *ip)
|
||||||
return r;
|
return r;
|
||||||
} else {
|
} else {
|
||||||
snprintf(cmdline, sizeof(cmdline),
|
snprintf(cmdline, sizeof(cmdline),
|
||||||
"/sbin/route add %s/24 %s",
|
"/sbin/route add %s/%d %s",
|
||||||
ip, ip);
|
ip, netbits, ip);
|
||||||
}
|
}
|
||||||
printf("Adding route %s/24 to %s\n", ip, ip);
|
printf("Adding route %s/%d to %s\n", ip, netbits, ip);
|
||||||
#endif
|
#endif
|
||||||
return system(cmdline);
|
return system(cmdline);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -21,7 +21,7 @@ int open_tun(const char *);
|
||||||
void close_tun(int);
|
void close_tun(int);
|
||||||
int write_tun(int, char *, size_t);
|
int write_tun(int, char *, size_t);
|
||||||
ssize_t read_tun(int, char *, size_t);
|
ssize_t read_tun(int, char *, size_t);
|
||||||
int tun_setip(const char *);
|
int tun_setip(const char *, int);
|
||||||
int tun_setmtu(const size_t);
|
int tun_setmtu(const size_t);
|
||||||
|
|
||||||
#endif /* _TUN_H_ */
|
#endif /* _TUN_H_ */
|
||||||
|
|
Loading…
Reference in New Issue