Update versions to 0.6.0

The client could bypass the password check by continuing after getting error
from the server and guessing the network parameters. The server would still
accept the rest of the setup and also network traffic.

Add checks for normal and raw mode that user has authenticated before allowing
any other communication.

Problem found by Oscar Reparaz.

Backported to iodine 0.6 branch.

.github/workflows/macos.yml

@@ -1,21 +0,0 @@
-name: macos
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  build:
-
-    runs-on: macos-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: make
-      run: make
-    - name: install check
-      run: brew install check
-    - name: run tests
-      run: make test

.github/workflows/ubuntu.yml

@@ -1,33 +0,0 @@
-name: ubuntu
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: make
-      run: make
-    - name: install check
-      run: sudo apt install check
-    - name: run tests
-      run: make test
-
-  build-android:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - uses: nttld/setup-ndk@v1
-      with:
-        ndk-version: r21e
-    - name: make
-      run: make cross-android

.github/workflows/windows.yml

@@ -1,25 +0,0 @@
-name: windows
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  build:
-
-    runs-on: windows-latest
-    defaults:
-      run:
-        shell: msys2 {0}
-
-    steps:
-    - uses: actions/checkout@v2
-    - uses: msys2/setup-msys2@v2
-      with:
-        msystem: MINGW64
-        update: false
-        install: git make mingw-w64-x86_64-toolchain mingw-w64-x86_64-zlib
-    - name: make
-      run: make TARGETOS=windows32

.gitignore

@@ -1,8 +0,0 @@
-/bin/
-*.o
-/src/base64u.c
-/src/base64u.h
-/tests/test
-*.o.d
-/src/obj/local/*/iodine
-/src/libs/*/iodine

.vimrc

@@ -1,4 +0,0 @@
-set noexpandtab
-set tabstop=8
-set softtabstop=8
-set shiftwidth=8

CHANGELOG

@@ -1,48 +1,11 @@
 
-iodine - https://code.kryo.se/iodine
+iodine - http://code.kryo.se/iodine
 
 ***********************************
 
-CHANGES:
+CHANGES FOR 0.6 BRANCH:
 
-master:
-	- Mac OS X: Support native utun VPN devices. Patch by
-		Peter Sagerson, ported from OpenVPN by Catalin Patulea.
-	- Fix compilation failure on kFreeBSD and Hurd, by Gregor Herrmann
-	- Patch from Ryan Welton that fixes compilation warning.
-	- README converted to markdown by Nicolas Braud-Santoni.
-	- Linux: use pkg-config for systemd support flags.
-		Patch by Jason A. Donenfeld.
-	- Add support for IPv6 in the server.
-	   Raw mode will be with same protocol as used for login.
-	   Traffic inside tunnel is still IPv4.
-	- Update android build to support 5.0 (Lollipop) and newer.
-	- Change external IP lookup to using myip.opendns.com via DNS.
-	- Add option to choose IPv4 listen address from external IP lookup.
-	- Add server support for handling multiple domains via wildcard.
-	- Recognize tap device component id 'root' prefix on Windows.
-
-2014-06-16: 0.7.0 "Kryoptonite"
-	- Partial IPv6 support (#107)
-	   Client can connect to iodined through an relaying IPv6
-	   nameserver. Server only supports IPv4 for now.
-	   Traffic inside tunnel is IPv4.
-	- Add socket activation for systemd, by Michael Scherer.
-	- Add automated lookup of external ip (via -n auto).
-	- Bugfix for OS X (Can't assign requested address)
-	- Fix DNS tunneling bug caused by uninitialized variable, #94
-	- Handle spaces when entering password interactively, fixes #93.
-		Patch by Hagar.
-	- Add -R option to set OpenBSD routing domain for the DNS socket.
-		Patch by laurent at gouloum fr, fixes #95.
-	- Add android patches and makefile, from Marcel Bokhorst, fixes #105.
-	- Added missing break in iodine.c, by Pavel Pergamenshchik, #108.
-	- A number of minor patches from Frank Denis, Gregor Herrmann and
-		Barak A. Pearlmutter.
-	- Testcase compilation fixes for OS X and FreeBSD
-	- Do not let sockets be inherited by sub-processes, fixes #99.
-	- Add unspecified RR type (called PRIVATE; id 65399, in private use
-		range). For servers with RFC3597 support. Fixes #97.
+2014-06-17: 0.6.0
 	- Fix authentication bypass vulnerability; found by Oscar Reparaz.
 
 2010-02-06: 0.6.0-rc1 "Hotspotify"
@@ -70,7 +33,6 @@ master:
 	- Merged low-latency patch from Anne Bezemer, fixes #76.
 	- Resolve client nameserver argument if given as hostname, fixes #82.
 	- Open log before chroot, fixes #86: logging on FreeBSD.
-	- Merged big bugfix patch from Anne Bezemer, #88.
 
 2009-06-01: 0.5.2 "WifiFree"
 	- Fixed client segfault on OS X, #57
@@ -172,10 +134,10 @@ master:
 	- New encoding, 25% more peak upstream throughput
 	- New -l option to set local ip to listen to on server
 
-2006-07-11: 0.3.1
+2006-07-11: 0.3.1 
 	- Add Mac OSX support
 	- Add setting device name
-	- Use compression of domain name in reply (should allow setting MTU
+	- Use compression of domain name in reply (should allow setting MTU 
 		approx 200 bytes higher)
 
 2006-06-24: 0.3.0

LICENSE

@@ -1,13 +0,0 @@
-Copyright (c) 2006-2020 iodine authors
-
-Permission to use, copy, modify, and/or distribute this software for any purpose
-with or without fee is hereby granted, provided that the above copyright notice
-and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.

Makefile

@@ -1,8 +1,7 @@
-prefix?=/usr/local
+prefix=/usr/local
 sbindir=$(prefix)/sbin
 datadir=$(prefix)/share
 mandir=$(datadir)/man
-docdir=$(datadir)/doc
 
 DESTDIR=
 
@@ -17,8 +16,23 @@ RM_FLAGS=-f
 
 TARGETOS = `uname`
 
-all:
-	@$(MAKE) -C src TARGETOS=$(TARGETOS) all
+all: 
+	@(cd src; $(MAKE) TARGETOS=$(TARGETOS) all)
+
+cross-mingw: 
+	@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-mingw32-gcc all)
+
+cross-mingw-dist: cross-mingw
+	@rm -rf iodine-latest-win32*
+	@mkdir -p iodine-latest-win32/bin
+	@for i in `ls bin`; do cp bin/$$i iodine-latest-win32/bin/$$i.exe; done
+	@cp /usr/i686-mingw32/usr/bin/zlib1.dll iodine-latest-win32/bin
+	@cp README* CH* TO* iodine-latest-win32
+	@echo "Create date: " > iodine-latest-win32/VERSION
+	@date >> iodine-latest-win32/VERSION
+	@echo "SVN version: " >> iodine-latest-win32/VERSION
+	@svnversion >> iodine-latest-win32/VERSION
+	@zip -r iodine-latest-win32.zip iodine-latest-win32
 
 install: all
 	$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(sbindir)
@@ -29,85 +43,20 @@ install: all
 	$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(mandir)/man8
 	$(INSTALL) $(INSTALL_FLAGS) man/iodine.8 $(DESTDIR)$(mandir)/man8/iodine.8
 	chmod 644 $(DESTDIR)$(mandir)/man8/iodine.8
-	$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(docdir)/iodine
-	$(INSTALL) $(INSTALL_FLAGS) README.md $(DESTDIR)$(docdir)/iodine/README.md
-	chmod 644 $(DESTDIR)$(docdir)/iodine/README.md
 
 uninstall:
 	$(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodine
 	$(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodined
 	$(RM) $(RM_FLAGS) $(DESTDIR)$(mandir)/man8/iodine.8
-
+	
 test: all
 	@echo "!! The check library is required for compiling and running the tests"
-	@echo "!! Get it at https://libcheck.github.io/check/"
-	@$(MAKE) -C tests TARGETOS=$(TARGETOS) all
+	@echo "!! Get it at http://check.sf.net"
+	@(cd tests; $(MAKE) TARGETOS=$(TARGETOS) all)
 
 clean:
 	@echo "Cleaning..."
-	@$(MAKE) -C src clean
-	@$(MAKE) -C tests clean
-	@rm -rf bin iodine-latest*
-
-#Helper target for windows/android zipfiles
-iodine-latest:
-	@rm -rf iodine-latest*
-	@mkdir -p iodine-latest
-	@echo "Create date: " > iodine-latest/VERSION.txt
-	@LANG=en_US date >> iodine-latest/VERSION.txt
-	@echo "Git version: " >> iodine-latest/VERSION.txt
-	@git rev-parse HEAD >> iodine-latest/VERSION.txt
-	@for i in README.md CHANGELOG; do cp $$i iodine-latest/$$i.txt; done
-	@unix2dos iodine-latest/*
-
-#non-PIE build for old android
-cross-android-old:
-	@$(MAKE) -C src base64u.c
-	@(cd src && ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk APP_PLATFORM=android-3)
-
-#Position-indepedent build for modern android
-cross-android:
-	@$(MAKE) -C src base64u.c
-	@(cd src && ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.16.mk APP_PLATFORM=android-16)
-
-iodine-latest-android.zip: iodine-latest
-	@mv iodine-latest iodine-latest-android
-	@mkdir -p iodine-latest-android/pre-kitkat/armeabi
-	@mkdir -p iodine-latest-android/pre-kitkat/x86
-	@$(MAKE) cross-android-old TARGET_ARCH_ABI=armeabi
-	@cp src/libs/armeabi/* iodine-latest-android/pre-kitkat/armeabi
-	@$(MAKE) cross-android-old TARGET_ARCH_ABI=x86
-	@cp src/libs/x86/* iodine-latest-android/pre-kitkat/x86
-	@rm -rf src/libs src/obj
-	@mkdir -p iodine-latest-android/armeabi
-	@mkdir -p iodine-latest-android/arm64-v8a
-	@mkdir -p iodine-latest-android/x86
-	@$(MAKE) cross-android TARGET_ARCH_ABI=armeabi
-	@cp src/libs/armeabi/* iodine-latest-android/armeabi
-	@$(MAKE) cross-android TARGET_ARCH_ABI=arm64-v8a
-	@cp src/libs/arm64-v8a/* iodine-latest-android/arm64-v8a
-	@$(MAKE) cross-android TARGET_ARCH_ABI=x86
-	@cp src/libs/x86/* iodine-latest-android/x86
-	@cp README-android.txt iodine-latest-android
-	@zip -r iodine-latest-android.zip iodine-latest-android
-
-cross-mingw32:
-	@$(MAKE) -C src TARGETOS=windows32 CC=i686-w64-mingw32-gcc all
-
-cross-mingw64:
-	@$(MAKE) -C src TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc all
-
-iodine-latest-windows.zip: iodine-latest
-	@mv iodine-latest iodine-latest-windows
-	@mkdir -p iodine-latest-windows/64bit iodine-latest-windows/32bit
-	@$(MAKE) -C src TARGETOS=windows32 CC=i686-w64-mingw32-gcc clean all
-	@i686-w64-mingw32-strip bin/iodine*
-	@for i in `ls bin`; do cp bin/$$i iodine-latest-windows/32bit/$$i.exe; done
-	@cp /usr/i686-w64-mingw32/bin/zlib1.dll iodine-latest-windows/32bit
-	@$(MAKE) -C src TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc clean all
-	@x86_64-w64-mingw32-strip bin/iodine*
-	@for i in `ls bin`; do cp bin/$$i iodine-latest-windows/64bit/$$i.exe; done
-	@cp /usr/x86_64-w64-mingw32/bin/zlib1.dll iodine-latest-windows/64bit
-	@cp README-win32.txt iodine-latest-windows
-	@zip -r iodine-latest-windows.zip iodine-latest-windows
+	@(cd src; $(MAKE) clean)
+	@(cd tests; $(MAKE) clean)
+	@rm -rf bin iodine-latest-win32*
 

README

@@ -0,0 +1,357 @@
+
+iodine - http://code.kryo.se/iodine
+
+***********************************
+
+This is a piece of software that lets you tunnel IPv4 data through a DNS
+server. This can be usable in different situations where internet access is
+firewalled, but DNS queries are allowed.
+
+
+QUICKSTART:
+
+Try it out within your own LAN! Follow these simple steps:
+- On your server, run: ./iodined -f 10.0.0.1 test.com
+  (If you already use the 10.0.0.0 network, use another internal net like 
+  172.16.0.0)
+- Enter a password
+- On the client, run: ./iodine -f -r 192.168.0.1 test.com
+  (Replace 192.168.0.1 with your server's ip address)
+- Enter the same password
+- Now the client has the tunnel ip 10.0.0.2 and the server has 10.0.0.1
+- Try pinging each other through the tunnel
+- Done! :)
+To actually use it through a relaying nameserver, see below.
+
+
+HOW TO USE:
+
+Note: server and client are required to speak the exact same protocol. In most
+cases, this means running the same iodine version. Unfortunately, implementing
+backward and forward protocol compatibility is usually not feasible.
+
+Server side:
+To use this tunnel, you need control over a real domain (like mydomain.com),
+and a server with a public IP address to run iodined on. If this server
+already runs a DNS program, change its listening port and then use iodined's
+-b option to let iodined forward the DNS requests. (Note that this procedure
+is not advised in production environments, because iodined's DNS forwarding
+is not completely transparent.)
+
+Then, delegate a subdomain (say, t1.mydomain.com) to the iodined server.
+If you use BIND for your domain, add two lines like these to the zone file:
+
+t1		IN	NS	t1ns.mydomain.com.		; note the dot!
+t1ns		IN	A	10.15.213.99
+
+The "NS" line is all that's needed to route queries for the "t1" subdomain
+to the "t1ns" server. We use a short name for the subdomain, to keep as much
+space as possible available for the data traffic. At the end of the "NS" line
+is the name of your iodined server. This can be any name, pointing anywhere,
+but in this case it's easily kept in the same zone file. It must be a name
+(not an IP address), and that name itself must have an A record (not a CNAME).
+
+If your iodined server has a dynamic IP, use a dynamic dns provider. Simply
+point the "NS" line to it, and leave the "A" line out:
+
+t1		IN	NS	myname.mydyndnsprovider.com.	; note the dot!
+
+Then reload or restart your nameserver program. Now any DNS queries for
+domains ending in t1.mydomain.com will be sent to your iodined server.
+
+Finally start iodined on your server. The first argument is the IP address
+inside the tunnel, which can be from any range that you don't use yet (for
+example 192.168.99.1), and the second argument is the assigned domain (in this
+case t1.mydomain.com). Using the -f option will keep iodined running in the
+foreground, which helps when testing. iodined will open a virtual interface
+("tun device"), and will also start listening for DNS queries on UDP port 53.
+Either enter a password on the commandline (-P pass) or after the server has
+started. Now everything is ready for the client.
+
+If there is a chance you'll be using an iodine tunnel from unexpected
+environments, start iodined with a -c option.
+
+Resulting commandline in this example situation:
+./iodined -f -c -P secretpassword 192.168.99.1 t1.mydomain.com
+
+Client side: 
+All the setup is done, just start iodine. It takes one or two arguments, the
+first is the local relaying DNS server (optional) and the second is the domain
+you used (t1.mydomain.com). If you don't specify the first argument, the
+system's current DNS setting will be consulted.
+
+If DNS queries are allowed to any computer, you can directly give the iodined
+server's address as first argument (in the example: t1ns.mydomain.com or
+10.15.213.99). In that case, it may also happen that _any_ traffic is allowed
+to the DNS port (53 UDP) of any computer. Iodine will detect this, and switch
+to raw UDP tunneling if possible. To force DNS tunneling in any case, use the
+-r option (especially useful when testing within your own network).
+
+The client's tunnel interface will get an IP close to the server's (in this
+case 192.168.99.2 or .3 etc.) and a suitable MTU. Enter the same password as
+on the server either as commandline option or after the client has started.
+Using the -f option will keep the iodine client running in the foreground.
+
+Resulting commandline in this example situation:
+./iodine -f -P secretpassword t1.mydomain.com
+(add -r to force DNS tunneling even if raw UDP tunneling would be possible)
+
+From either side, you should now be able to ping the IP address on the other
+end of the tunnel. In this case, ping 192.168.99.1 from the iodine client, and
+192.168.99.2 or .3 etc. from the iodine server.
+
+
+MISC. INFO:
+
+Routing:
+It is possible to route all traffic through the DNS tunnel. To do this, first
+add a host route to the nameserver used by iodine over the wired/wireless
+interface with the default gateway as gateway. Then replace the default
+gateway with the iodined server's IP address inside the DNS tunnel, and
+configure the server to do NAT.
+
+However, note that the tunneled data traffic is not encrypted at all, and can
+be read and changed by external parties relatively easily. For maximum
+security, run a VPN through the DNS tunnel (=double tunneling), or use secure
+shell (SSH) access, possibly with port forwarding. The latter can also be used
+for web browsing, when you run a web proxy (for example Privoxy) on your
+server.
+
+Testing:
+The iodined server replies to NS requests sent for subdomains of the tunnel
+domain. If your iodined subdomain is t1.mydomain.com, send a NS request for
+foo123.t1.mydomain.com to see if the delegation works. dig is a good tool
+for this:
+dig -t NS foo123.t1.mydomain.com
+
+Also, the iodined server will answer requests starting with 'z' for any of the
+supported request types, for example:
+dig -t TXT z456.t1.mydomain.com
+dig -t SRV z456.t1.mydomain.com
+dig -t CNAME z456.t1.mydomain.com
+The reply should look like garbled text in all these cases.
+
+Operational info:
+The DNS-response fragment size is normally autoprobed to get maximum bandwidth.
+To force a specific value (and speed things up), use the -m option.
+
+The DNS hostnames are normally used up to their maximum length, 255 characters.
+Some DNS relays have been found that answer full-length queries rather
+unreliably, giving widely varying (and mostly very bad) results of the
+fragment size autoprobe on repeated tries. In these cases, use the -M switch
+to reduce the DNS hostname length to for example 200 characters, which makes
+these DNS relays much more stable. This is also useful on some "de-optimizing"
+DNS relays that stuff the response with two full copies of the query, leaving
+very little space for downstream data (also not capable of EDNS0). The -M
+switch can trade some upstream bandwidth for downstream bandwidth. Note that
+the minimum -M value is about 100, since the protocol can split packets (1200
+bytes max) in only 16 fragments, requiring at least 75 real data bytes per
+fragment.
+
+The upstream data is sent gzipped encoded with Base32; or Base64 if the relay
+server supports mixed case and '+' in domain names; or Base64u if '_' is
+supported instead; or Base128 if high-byte-value characters are supported.
+This upstream encoding is autodetected. The DNS protocol allows one query per
+packet, and one query can be max 256 chars. Each domain name part can be max
+63 chars. So your domain name and subdomain should be as short as possible to
+allow maximum upstream throughput.
+
+Several DNS request types are supported, with the NULL type expected to provide
+the largest downstream bandwidth. Other available types are TXT, SRV, MX,
+CNAME and A (returning CNAME), in decreasing bandwidth order. Normally the
+"best" request type is autodetected and used. However, DNS relays may impose
+limits on for example NULL and TXT, making SRV or MX actually the best choice.
+This is not autodetected, but can be forced using the -T option. It is
+advisable to try various alternatives especially when the autodetected request
+type provides a downstream fragment size of less than 200 bytes.
+
+Note that SRV, MX and A (returning CNAME) queries may/will cause additional
+lookups by "smart" caching nameservers to get an actual IP address, which may
+either slow down or fail completely.
+
+DNS responses for non-NULL queries can be encoded with the same set of codecs
+as upstream data. This is normally also autodetected, but no fully exhaustive
+tests are done, so some problems may not be noticed when selecting more
+advanced codecs. In that case, you'll see failures/corruption in the fragment
+size autoprobe. In particular, several DNS relays have been found that change
+replies returning hostnames (SRV, MX, CNAME, A) to lowercase only when that
+hostname exceeds ca. 180 characters. In these and similar cases, use the -O
+option to try other downstream codecs; Base32 should always work.
+
+Normal operation now is for the server to _not_ answer a DNS request until
+the next DNS request has come in, a.k.a. being "lazy". This way, the server
+will always have a DNS request handy when new downstream data has to be sent.
+This greatly improves (interactive) performance and latency, and allows to
+slow down the quiescent ping requests to 4 second intervals by default, and
+possibly much slower. In fact, the main purpose of the pings now is to force
+a reply to the previous ping, and prevent DNS server timeouts (usually at
+least 5-10 seconds per RFC1035). Some DNS servers are more impatient and will
+give SERVFAIL errors (timeouts) in periods without tunneled data traffic. All
+data should still get through in these cases, but iodine will reduce the ping
+interval to 1 second anyway (-I1) to reduce the number of error messages. This
+may not help for very impatient DNS relays like dnsadvantage.com (ultradns),
+which time out in 1 second or even less. Yet data will still get trough, and
+you can ignore the SERVFAIL errors.
+
+If you are running on a local network without any DNS server in-between, try
+-I 50 (iodine and iodined close the connection after 60 seconds of silence).
+The only time you'll notice a slowdown, is when DNS reply packets go missing;
+the iodined server then has to wait for a new ping to re-send the data. You can
+speed this up by generating some upstream traffic (keypress, ping). If this
+happens often, check your network for bottlenecks and/or run with -I1.
+
+The delayed answering in lazy mode will cause some "carrier grade" commercial
+DNS relays to repeatedly re-send the same DNS query to the iodined server.
+If the DNS relay is actually implemented as a pool of parallel servers,
+duplicate requests may even arrive from multiple sources. This effect will
+only be visible in the network traffic at the iodined server, and will not
+affect the client's connection. Iodined will notice these duplicates, and send
+the same answer (when its time has come) to both the original query and the
+latest duplicate. After that, the full answer is cached for a short while.
+Delayed duplicates that arrive at the server even later, get a reply that the
+iodine client will ignore (if it ever arrives there).
+
+If you have problems, try inspecting the traffic with network monitoring tools
+like tcpdump or ethereal/wireshark, and make sure that the relaying DNS server
+has not cached the response. A cached error message could mean that you
+started the client before the server. The -D (and -DD) option on the server
+can also show received and sent queries.
+
+
+TIPS & TRICKS:
+
+If your port 53 is taken on a specific interface by an application that does 
+not use it, use -p on iodined to specify an alternate port (like -p 5353) and 
+use for instance iptables (on Linux) to forward the traffic:
+iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353
+(Sent in by Tom Schouten)
+
+Iodined will reject data from clients that have not been active (data/pings)
+for more than 60 seconds. Similarly, iodine will exit when no downstream
+data has been received for 60 seconds. In case of a long network outage or
+similar, just restart iodine (re-login), possibly multiple times until you get
+your old IP address back. Once that's done, just wait a while, and you'll
+eventually see the tunneled TCP traffic continue to flow from where it left
+off before the outage.
+
+With the introduction of the downstream packet queue in the server, its memory
+usage has increased with several megabytes in the default configuration.
+For use in low-memory environments (e.g. running on your DSL router), you can
+decrease USERS and undefine OUTPACKETQ_LEN in user.h without any ill conse-
+quence, assuming at most one client will be connected at any time. A small
+DNSCACHE_LEN is still advised, preferably 2 or higher, however you can also
+undefine it to save a few more kilobytes.
+
+
+PERFORMANCE:
+
+This section tabulates some performance measurements. To view properly, use
+a fixed-width font like Courier.
+
+Measurements were done in protocol 00000502 in lazy mode; upstream encoding
+always Base128; iodine -M255; iodined -m1130. Network conditions were not
+extremely favorable; results are not benchmarks but a realistic indication of
+real-world performance that can be expected in similar situations.
+
+Upstream/downstream throughput was measured by scp'ing a file previously
+read from /dev/urandom (i.e. incompressible), and measuring size with
+"ls -l ; sleep 30 ; ls -l" on a separate non-tunneled connection. Given the
+large scp block size of 16 kB, this gives a resolution of 4.3 kbit/s, which
+explains why some values are exactly equal.
+Ping round-trip times measured with "ping -c100", presented are average rtt
+and mean deviation (indicating spread around the average), in milliseconds.
+
+
+Situation 1:
+Laptop  ->   Wifi AP   ->  Home server  ->  DSL provider  ->  Datacenter
+ iodine    DNS "relay"        bind9           DNS cache        iodined
+
+                        downstr.  upstream downstr.  ping-up       ping-down
+                        fragsize   kbit/s   kbit/s  avg +/-mdev   avg +/-mdev
+------------------------------------------------------------------------------
+
+iodine -> Wifi AP :53
+  -Tnull (= -Oraw)           982    43.6    131.0   28.0    4.6   26.8    3.4
+
+iodine -> Home server :53
+  -Tnull (= -Oraw)          1174    48.0    305.8   26.6    5.0   26.9    8.4
+
+iodine -> DSL provider :53  
+  -Tnull (= -Oraw)          1174    56.7    367.0   20.6    3.1   21.2    4.4
+  -Ttxt -Obase32             730    56.7    174.7*
+  -Ttxt -Obase64             874    56.7    174.7
+  -Ttxt -Obase128           1018    56.7    174.7
+  -Ttxt -Oraw               1162    56.7    358.2
+  -Tsrv -Obase128            910    56.7    174.7
+  -Tcname -Obase32           151    56.7     43.6
+  -Tcname -Obase128          212    56.7     52.4
+
+iodine -> DSL provider :53  
+  wired (no Wifi) -Tnull    1174    74.2    585.4   20.2    5.6   19.6    3.4
+
+ [174.7* : these all have 2frag/packet]
+
+
+Situation 2:
+Laptop  ->  Wifi+vpn / wired  ->  Home server
+ iodine                            iodined
+
+                        downstr.  upstream downstr.  ping-up       ping-down
+                        fragsize   kbit/s   kbit/s  avg +/-mdev   avg +/-mdev
+------------------------------------------------------------------------------
+
+wifi + openvpn  -Tnull      1186   166.0   1022.3    6.3    1.3    6.6    1.6
+
+wired  -Tnull               1186   677.2   2464.1    1.3    0.2    1.3    0.1
+
+
+Performance is strongly coupled to low ping times, as iodine requires
+confirmation for every data fragment before moving on to the next. Allowing
+multiple fragments in-flight like TCP could possibly increase performance,
+but it would likely cause serious overload for the intermediary DNS servers.
+The current protocol scales performance with DNS responsivity, since the
+DNS servers are on average handling at most one DNS request per client.
+
+
+PORTABILITY:
+
+iodine has been tested on Linux (arm, ia64, x86, AMD64 and SPARC64), FreeBSD
+(ia64, x86), OpenBSD (x86), NetBSD (x86), MacOS X (ppc and x86, with
+http://tuntaposx.sourceforge.net/). and Windows (with OpenVPN TAP32 driver, see
+win32 readme file).  It should be easy to port to other unix-like systems that
+has TUN/TAP tunneling support. Let us know if you get it to run on other
+platforms. 
+
+
+THE NAME:
+
+The name iodine was chosen since it starts with IOD (IP Over DNS) and since
+iodine has atomic number 53, which happens to be the DNS port number.
+
+
+THANKS:
+
+- To kuxien for FreeBSD and OS X testing
+- To poplix for code audit
+
+
+AUTHORS & LICENSE:
+
+Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
+Also major contributions by Anne Bezemer.
+
+Permission to use, copy, modify, and distribute this software for any purpose
+with or without fee is hereby granted, provided that the above copyright notice
+and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+
+
+MD5 implementation by L. Peter Deutsch (license and source in src/md5.[ch])
+Copyright (C) 1999, 2000, 2002 Aladdin Enterprises.  All rights reserved.

README-android.txt

@@ -1,50 +0,0 @@
-
-
-iodine - https://code.kryo.se/iodine
-
-***********************************
-
-Extra README file for Android
-
-
-== Running iodine on Android:
-1. Get root access on your android device
-
-2. Find/build a compatible tun.ko for your specific Android kernel
-
-3. Copy tun.ko and the iodine binary to your device:
-   (Almost all devices need the armeabi binary. Only Intel powered
-   ones need the x86 build.)
-
-		adb push tun.ko /data/local/tmp
-		adb push iodine /data/local/tmp
-		adb shell
-		su
-		cd /data/local/tmp
-		chmod 777 iodine
-
-4. Run iodine (see the man page for parameters)
-
-		./iodine ...
-
-For more information: http://blog.bokhorst.biz/5123
-
-== Building iodine for Android:
-1. Download and install the Android SDK and NDK
-
-2. Download and unpack the iodine sources
-
-3. Build:
-	cd src
-	make base64u.h base64u.c
-	ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.16.mk APP_PLATFORM=android-16
-
-   or run "make cross-android" in the iodine root directory.
-   To build for other archs, specify TARGET_ARCH_ABI:
-		"make cross-android TARGET_ARCH_ABI=x86"
-
-   For older android versions (pre-kitkat), build with "make cross-android-old" in the
-   root directory, or manually like above but with APP_PLATFORM=android-3 and with
-   APP_BUILD_SCRIPT=Android.mk
-
-   The iodine binary ends up in src/libs/<arch>/iodine

README-win32.txt

@@ -1,6 +1,6 @@
 
 
-iodine - https://code.kryo.se/iodine
+iodine - http://code.kryo.se/iodine
 
 ***********************************
 
@@ -8,14 +8,10 @@ Extra README file for Win32 related stuff
 
 
 == Running iodine on Windows:
-
-0. After iodine 0.6, you need Windows XP or newer to run.
-
-1. Install the TAP driver 
-   https://openvpn.net/index.php/open-source/downloads.html
-   Download the OpenVPN TAP driver (under section Tap-windows)
-   Problems has been reported with the NDIS6 version (9.2x.y), use the
-   NDIS5 version for now if possible.
+1. Install the TAP32 driver 
+   http://openvpn.net/index.php/open-source/downloads.html
+   Choose OpenVPN 2.0.9 Windows Installer, when installing you can
+   select to install only the TAP driver.
 
 2. Have at least one TAP32 interface installed. There are scripts for adding
    and removing in the OpenVPN bin directory. If you have more than one
@@ -47,7 +43,7 @@ Note that the binaries will not get a .exe suffix
 
 == Zlib download
 You can get zlib for MinGW here (both for native and crosscompile):
-https://code.kryo.se/iodine/deps/zlib.zip
+http://code.kryo.se/iodine/deps/zlib.zip
 Unzip it in your MinGW directory on Windows or in $ROOT/usr for
 cross-compile.
 

README.md

@@ -1,423 +0,0 @@
-iodine - <https://code.kryo.se/iodine>
-=====================================
-
-
-This is a piece of software that lets you tunnel IPv4 data through a DNS
-server. This can be usable in different situations where internet access is
-firewalled, but DNS queries are allowed.
-
-
-COMPILING
----------
-
-Iodine has no configure script. There are two optional features for Linux
-(SELinux and systemd support) that will be enabled automatically if the
-relevant header files are found in `/usr/include`.
-(See script at `./src/osflags`)
-
-Run `make` to compile the server and client binaries.
-Run `make install` to copy binaries and manpage to the destination directory.
-Run `make test` to compile and run the unit tests. (Requires the `check` library)
-
-
-QUICKSTART
-----------
-
-Try it out within your own LAN! Follow these simple steps:
-- On your server, run: `./iodined -f 10.0.0.1 test.com`.
-  If you already use the `10.0.0.0` network, use another internal net like
-  `172.16.0.0`.
-- Enter a password.
-- On the client, run: `./iodine -f -r 192.168.0.1 test.com`.
-  Replace `192.168.0.1` with your server's ip address.
-- Enter the same password.
-- Now the client has the tunnel ip `10.0.0.2` and the server has `10.0.0.1`.
-- Try pinging each other through the tunnel.
-- Done! :)
-
-To actually use it through a relaying nameserver, see below.
-
-
-HOW TO USE
-----------
-
-Note: server and client are required to speak the exact same protocol. In most
-cases, this means running the same iodine version. Unfortunately, implementing
-backward and forward protocol compatibility is usually not feasible.
-
-### Server side
-To use this tunnel, you need control over a real domain (like `mydomain.com`),
-and a server with a public IP address to run `iodined` on. If this server
-already runs a DNS program, change its listening port and then use `iodined`'s
-`-b` option to let `iodined` forward the DNS requests. (Note that this procedure
-is not advised in production environments, because `iodined`'s DNS forwarding
-is not completely transparent, for example zone transfers will not work.)
-Alternatively you can forward the subdomain from your DNS server to `iodined`
-which must then run on a different port (`-p`).
-
-Then, delegate a subdomain (say, `t1.mydomain.com`) to the iodined server.
-If you use BIND for your domain, add two lines like these to the zone file:
-
-	t1		IN	NS	t1ns.mydomain.com.		; note the dot!
-	t1ns		IN	A	10.15.213.99
-
-The `NS` line is all that's needed to route queries for the `t1` subdomain
-to the `t1ns` server. We use a short name for the subdomain, to keep as much
-space as possible available for the data traffic. At the end of the `NS` line
-is the name of your `iodined` server. This can be any name, pointing anywhere,
-but in this case it's easily kept in the same zone file. It must be a name
-(not an IP address), and that name itself must have an `A` record
-(not a `CNAME`).
-
-If your `iodined` server has a dynamic IP, use a dynamic DNS provider. Simply
-point the `NS` line to it, and leave the `A` line out:
-
-	t1		IN	NS	myname.mydyndnsprovider.com.	; note the dot!
-
-Then reload or restart your nameserver program. Now any DNS queries for
-domains ending in `t1.mydomain.com` will be sent to your `iodined` server.
-
-Finally start `iodined` on your server. The first argument is the IP address
-inside the tunnel, which can be from any range that you don't use yet (for
-example `192.168.99.1`), and the second argument is the assigned domain (in this
-case `t1.mydomain.com`). Using the `-f` option will keep iodined running in the
-foreground, which helps when testing. iodined will open a virtual interface
-("tun device"), and will also start listening for DNS queries on UDP port 53.
-Either enter a password on the commandline (`-P pass`) or after the server has
-started. Now everything is ready for the client.
-
-If there is a chance you'll be using an iodine tunnel from unexpected
-environments, start `iodined` with a `-c` option.
-Resulting commandline in this example situation:
-
-	./iodined -f -c -P secretpassword 192.168.99.1 t1.mydomain.com
-
-### Client side
-All the setup is done, just start `iodine`. It takes one or two arguments, the
-first is the local relaying DNS server (optional) and the second is the domain
-you used (`t1.mydomain.com`). If you don't specify the first argument, the
-system's current DNS setting will be consulted.
-
-If DNS queries are allowed to any computer, you can directly give the `iodined`
-server's address as first argument (in the example: `t1ns.mydomain.com` or
-`10.15.213.99`). In that case, it may also happen that _any_ traffic is allowed
-to the DNS port (53 UDP) of any computer. Iodine will detect this, and switch
-to raw UDP tunneling if possible. To force DNS tunneling in any case, use the
-`-r` option (especially useful when testing within your own network).
-
-The client's tunnel interface will get an IP close to the server's (in this
-case `192.168.99.2` or `.3` etc.) and a suitable MTU. Enter the same password as
-on the server either as commandline option or after the client has started.
-Using the `-f` option will keep the iodine client running in the foreground.
-
-Resulting commandline in this example situation, adding -r forces DNS tunneling
-even if raw UDP tunneling would be possible:
-
-	./iodine -f -P secretpassword t1.mydomain.com
-
-From either side, you should now be able to ping the IP address on the other
-end of the tunnel. In this case, `ping 192.168.99.1` from the iodine client, and
-`192.168.99.2` from the iodine server.
-
-
-### MISC. INFO
-
-#### IPv6
-The data inside the tunnel is IPv4 only.
-
-The server listens to both IPv4 and IPv6 for incoming requests by default.
-Use options `-4` or `-6` to only listen on one protocol. Raw mode will be
-attempted on the same protocol as used for the login.
-
-The client can use IPv4 or IPv6 nameservers to connect to iodined. The relay
-nameservers will translate between protocols automatically if needed. Use
-options `-4` or `-6` to force the client to use a specific IP version for its DNS
-queries.
-
-If your server is listening on IPv6 and is reachable, add an AAAA record for it
-to your DNS setup. Extending the example above would look like this:
-
-	t1		IN	NS	t1ns.mydomain.com.		; note the dot!
-	t1ns		IN	A	10.15.213.99
-	t1ns		IN	AAAA	2001:db8::1001:99
-
-#### Routing
-It is possible to route all traffic through the DNS tunnel. To do this, first
-add a host route to the nameserver used by iodine over the wired/wireless
-interface with the default gateway as gateway. Then replace the default
-gateway with the iodined server's IP address inside the DNS tunnel, and
-configure the server to do NAT.
-
-However, note that the tunneled data traffic is not encrypted at all, and can
-be read and changed by external parties relatively easily. For maximum
-security, run a VPN through the DNS tunnel (=double tunneling), or use secure
-shell (SSH) access, possibly with port forwarding. The latter can also be used
-for web browsing, when you run a web proxy (for example Privoxy) on your
-server.
-
-#### Testing
-The `iodined` server replies to `NS` requests sent for subdomains of the tunnel
-domain. If your iodined subdomain is `t1.mydomain.com`, send a `NS` request for
-`foo123.t1.mydomain.com` to see if the delegation works.
-`dig` is a good tool for this:
-
-	% dig -t NS foo123.t1.mydomain.com
-	ns.io.citronna.de.
-
-Also, the iodined server will answer requests starting with 'z' for any of the
-supported request types, for example:
-
-	dig -t TXT z456.t1.mydomain.com
-	dig -t SRV z456.t1.mydomain.com
-	dig -t CNAME z456.t1.mydomain.com
-
-The reply should look like garbled text in all these cases.
-
-#### Mac OS X
-On Mac OS X 10.6 and later, iodine supports the native utun devices built into
-the OS - use `-d utunX`.
-
-
-Operational info
-----------------
-
-The DNS-response fragment size is normally autoprobed to get maximum bandwidth.
-To force a specific value (and speed things up), use the `-m` option.
-
-The DNS hostnames are normally used up to their maximum length, 255 characters.
-Some DNS relays have been found that answer full-length queries rather
-unreliably, giving widely varying (and mostly very bad) results of the
-fragment size autoprobe on repeated tries. In these cases, use the `-M` switch
-to reduce the DNS hostname length to, for example 200 characters, which makes
-these DNS relays much more stable. This is also useful on some “de-optimizing”
-DNS relays that stuff the response with two full copies of the query, leaving
-very little space for downstream data (also not capable of EDNS0). The `-M`
-switch can trade some upstream bandwidth for downstream bandwidth. Note that
-the minimum `-M` value is about 100, since the protocol can split packets (1200
-bytes max) in only 16 fragments, requiring at least 75 real data bytes per
-fragment.
-
-The upstream data is sent gzipped encoded with Base32; or Base64 if the relay
-server supports mixed case and `+` in domain names; or Base64u if `_` is
-supported instead; or Base128 if high-byte-value characters are supported.
-This upstream encoding is autodetected. The DNS protocol allows one query per
-packet, and one query can be max 256 chars. Each domain name part can be max
-63 chars. So your domain name and subdomain should be as short as possible to
-allow maximum upstream throughput.
-
-Several DNS request types are supported, with the `NULL` and `PRIVATE` types
-expected to provide the largest downstream bandwidth. The `PRIVATE` type uses
-value 65399 in the private-use range. Other available types are `TXT`, `SRV`,
-`MX`, `CNAME` and `A` (returning `CNAME`), in decreasing bandwidth order.
-Normally the “best” request type is autodetected and used. However, DNS relays
-may impose limits on for example NULL and TXT, making SRV or MX actually the best
-choice. This is not autodetected, but can be forced using the `-T` option.
-It is advisable to try various alternatives especially when the autodetected
-request type provides a downstream fragment size of less than 200 bytes.
-
-Note that `SRV`, `MX` and `A` (returning `CNAME`) queries may/will cause
-additional lookups by "smart" caching nameservers to get an actual IP address,
-which may either slow down or fail completely.
-
-DNS responses for non-`NULL/PRIVATE` queries can be encoded with the same set of
-codecs as upstream data. This is normally also autodetected, but no fully
-exhaustive tests are done, so some problems may not be noticed when selecting
-more advanced codecs. In that case, you'll see failures/corruption in the
-fragment size autoprobe. In particular, several DNS relays have been found that
-change replies returning hostnames (`SRV`, `MX`, `CNAME`, `A`) to lowercase only
-when that hostname exceeds ca. 180 characters. In these and similar cases, use
-the `-O` option to try other downstream codecs; Base32 should always work.
-
-Normal operation now is for the server to _not_ answer a DNS request until
-the next DNS request has come in, a.k.a. being “lazy”. This way, the server
-will always have a DNS request handy when new downstream data has to be sent.
-This greatly improves (interactive) performance and latency, and allows to
-slow down the quiescent ping requests to 4 second intervals by default, and
-possibly much slower. In fact, the main purpose of the pings now is to force
-a reply to the previous ping, and prevent DNS server timeouts (usually at
-least 5-10 seconds per RFC1035). Some DNS servers are more impatient and will
-give SERVFAIL errors (timeouts) in periods without tunneled data traffic. All
-data should still get through in these cases, but `iodine` will reduce the ping
-interval to 1 second anyway (-I1) to reduce the number of error messages. This
-may not help for very impatient DNS relays like `dnsadvantage.com` (ultradns),
-which time out in 1 second or even less. Yet data will still get trough, and
-you can ignore the `SERVFAIL` errors.
-
-If you are running on a local network without any DNS server in-between, try
-`-I 50` (iodine and iodined close the connection after 60 seconds of silence).
-The only time you'll notice a slowdown, is when DNS reply packets go missing;
-the `iodined` server then has to wait for a new ping to re-send the data. You can
-speed this up by generating some upstream traffic (keypress, ping). If this
-happens often, check your network for bottlenecks and/or run with `-I1`.
-
-The delayed answering in lazy mode will cause some “carrier grade” commercial
-DNS relays to repeatedly re-send the same DNS query to the iodined server.
-If the DNS relay is actually implemented as a pool of parallel servers,
-duplicate requests may even arrive from multiple sources. This effect will
-only be visible in the network traffic at the `iodined` server, and will not
-affect the client's connection. Iodined will notice these duplicates, and send
-the same answer (when its time has come) to both the original query and the
-latest duplicate. After that, the full answer is cached for a short while.
-Delayed duplicates that arrive at the server even later, get a reply that the
-iodine client will ignore (if it ever arrives there).
-
-If you have problems, try inspecting the traffic with network monitoring tools
-like tcpdump or ethereal/wireshark, and make sure that the relaying DNS server
-has not cached the response. A cached error message could mean that you
-started the client before the server. The `-D` (and `-DD`) option on the server
-can also show received and sent queries.
-
-
-TIPS & TRICKS
--------------
-
-If your port 53 is taken on a specific interface by an application that does
-not use it, use `-p` on iodined to specify an alternate port (like `-p 5353`)
-and use for instance iptables (on Linux) to forward the traffic:
-
-	iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353
-
-(Sent in by Tom Schouten)
-
-Iodined will reject data from clients that have not been active (data/pings)
-for more than 60 seconds. Similarly, iodine will exit when no downstream
-data has been received for 60 seconds. In case of a long network outage or
-similar, just restart iodine (re-login), possibly multiple times until you get
-your old IP address back. Once that's done, just wait a while, and you'll
-eventually see the tunneled TCP traffic continue to flow from where it left
-off before the outage.
-
-With the introduction of the downstream packet queue in the server, its memory
-usage has increased with several megabytes in the default configuration.
-For use in low-memory environments (e.g. running on your DSL router), you can
-decrease USERS and undefine OUTPACKETQ_LEN in user.h without any ill conse-
-quence, assuming at most one client will be connected at any time. A small
-DNSCACHE_LEN is still advised, preferably 2 or higher, however you can also
-undefine it to save a few more kilobytes.
-
-One iodine server can handle multiple domains. Set up different NS records
-on the same domain all pointing to the same host, and use a wildcard
-at the start of the topdomain argument (example `*.mydomain.com`). iodine
-will accept tunnel traffic for all domains matching that pattern. The wildcard
-has to be at the start of the topdomain argument and be followed by a dot.
-
-
-PERFORMANCE
------------
-
-This section tabulates some performance measurements. To view properly, use
-a fixed-width font like Courier.
-
-Measurements were done in protocol 00000502 in lazy mode; upstream encoding
-always Base128; `iodine -M255`; `iodined -m1130`. Network conditions were not
-extremely favorable; results are not benchmarks but a realistic indication of
-real-world performance that can be expected in similar situations.
-
-Upstream/downstream throughput was measured by `scp`'ing a file previously
-read from `/dev/urandom` (i.e. incompressible), and measuring size with
-`ls -l ; sleep 30 ; ls -l` on a separate non-tunneled connection. Given the
-large `scp` block size of 16 kB, this gives a resolution of 4.3 kbit/s, which
-explains why some values are exactly equal.
-Ping round-trip times measured with `ping -c100`, presented are average rtt
-and mean deviation (indicating spread around the average), in milliseconds.
-
-
-### Situation 1: `Laptop  ->   Wifi AP   ->  Home server  ->  DSL provider  ->  Datacenter`
-
-	 iodine    DNS "relay"        bind9           DNS cache        iodined
-
-	                        downstr.  upstream downstr.  ping-up       ping-down
-	                        fragsize   kbit/s   kbit/s  avg +/-mdev   avg +/-mdev
-	-----------------------------------------------------------------------------
-
-	iodine -> Wifi AP :53
-	  -Tnull (= -Oraw)           982    43.6    131.0   28.0    4.6   26.8    3.4
-
-	iodine -> Home server :53
-	  -Tnull (= -Oraw)          1174    48.0    305.8   26.6    5.0   26.9    8.4
-
-	iodine -> DSL provider :53
-	  -Tnull (= -Oraw)          1174    56.7    367.0   20.6    3.1   21.2    4.4
-	  -Ttxt -Obase32             730    56.7    174.7*
-	  -Ttxt -Obase64             874    56.7    174.7
-	  -Ttxt -Obase128           1018    56.7    174.7
-	  -Ttxt -Oraw               1162    56.7    358.2
-	  -Tsrv -Obase128            910    56.7    174.7
-	  -Tcname -Obase32           151    56.7     43.6
-	  -Tcname -Obase128          212    56.7     52.4
-
-	iodine -> DSL provider :53
-	  wired (no Wifi) -Tnull    1174    74.2    585.4   20.2    5.6   19.6    3.4
-
-	 [174.7* : these all have 2frag/packet]
-
-
-### Situation 2: `Laptop  ->  Wifi+vpn / wired  ->  Home server`
-
-	 iodine                            iodined
-
-	                        downstr.  upstream downstr.  ping-up       ping-down
-	                        fragsize   kbit/s   kbit/s  avg +/-mdev   avg +/-mdev
-	-----------------------------------------------------------------------------
-
-	wifi + openvpn  -Tnull      1186   166.0   1022.3    6.3    1.3    6.6    1.6
-
-	wired  -Tnull               1186   677.2   2464.1    1.3    0.2    1.3    0.1
-
-
-### Notes
-
-Performance is strongly coupled to low ping times, as iodine requires
-confirmation for every data fragment before moving on to the next. Allowing
-multiple fragments in-flight like TCP could possibly increase performance,
-but it would likely cause serious overload for the intermediary DNS servers.
-The current protocol scales performance with DNS responsivity, since the
-DNS servers are on average handling at most one DNS request per client.
-
-
-PORTABILITY
------------
-
-iodine has been tested on Linux (arm, ia64, x86, AMD64 and SPARC64), FreeBSD
-(ia64, x86), OpenBSD (x86), NetBSD (x86), MacOS X (ppc and x86, with
-<http://tuntaposx.sourceforge.net/>). and Windows (with OpenVPN TAP32 driver, see
-win32 readme file).  It should be easy to port to other unix-like systems that
-have TUN/TAP tunneling support. Let us know if you get it to run on other
-platforms.
-
-
-THE NAME
---------
-
-The name iodine was chosen since it starts with IOD (IP Over DNS) and since
-iodine has atomic number 53, which happens to be the DNS port number.
-
-
-THANKS
-------
-
-- To kuxien for FreeBSD and OS X testing
-- To poplix for code audit
-
-
-AUTHORS & LICENSE
------------------
-
-Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>, 2006-2009 Bjorn
-Andersson <flex@kryo.se>. Also major contributions by Anne Bezemer.
-
-Permission to use, copy, modify, and/or distribute this software for any purpose
-with or without fee is hereby granted, provided that the above copyright notice
-and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
-
-MD5 implementation by L. Peter Deutsch (license and source in `src/md5.[ch]`)
-Copyright (C) 1999, 2000, 2002 Aladdin Enterprises.  All rights reserved.

TODO

@@ -0,0 +1,12 @@
+
+iodine - http://code.kryo.se/iodine
+
+***********************************
+
+The TODO list is now located at
+
+http://dev.kryo.se/iodine/
+
+The list is under the "View tickets" page
+
+Feel free to add your own wishes and bug reports

doc/iodine-server.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=Iodine Server
-After=local-fs.target network.target
-
-[Service]
-EnvironmentFile=-/etc/sysconfig/iodine-server
-ExecStart=/usr/local/bin/iodined -i 30 -f $OPTIONS
-StandardOutput=syslog
-
-[Install]
-WantedBy=multi-user.target

doc/iodine-server.socket

@@ -1,10 +0,0 @@
-[Unit]
-Description=Iodine socket
-
-[Socket]
-ListenDatagram=53
-ListenDatagram=0.0.0.0:53
-BindIPv6Only=ipv6-only
-
-[Install]
-WantedBy=sockets.target

doc/proto_00000502.txt

@@ -38,7 +38,7 @@ Server replies:
 		VFUL (server has no free slots), followed by max users
 	4 byte value: means login challenge/server protocol version/max users
 	1 byte userid of the new user, or any byte if not VACK
-
+	
 Login:
 Client sends:
 	First byte l or L
@@ -50,19 +50,17 @@ Server replies:
 	LNAK means not accepted
 	x.x.x.x-y.y.y.y-mtu-netmask means accepted (server ip, client ip, mtu, netmask bits)
 
-IP Request: (for where to try raw login)
+IP Request:
 Client sends:
 	First byte i or I
 	5 bits coded as Base32 char, meaning userid
 	CMC as 3 Base32 chars
 Server replies
-	BADIP if bad userid
-	First byte I
-	Then comes external IP address of iodined server
-	as 4 bytes (IPv4) or 16 bytes (IPv6)
+	BADIP if bad userid, or
+	I and then 4 bytes network order external IP address of iodined server
 
 Upstream codec check / bounce:
-Client sends:
+Client sends: 
 	First byte z or Z
 	Lots of data that should not be decoded
 Server replies:
@@ -102,7 +100,7 @@ Client sends:
 		7: Base128  (a-zA-Z0-9\274-\375)
 	CMC as 3 Base32 chars
 Server sends:
-	Name of codec if accepted. After this all upstream data packets must
+	Name of codec if accepted. After this all upstream data packets must 
 	be encoded with the new codec.
 	BADCODEC if not accepted. Client must then revert to previous codec
 	BADLEN if length of query is too short
@@ -124,8 +122,7 @@ Server sends:
 	s or S: Downstream encoding Base64, for TXT/CNAME/A/MX
 	u or U: Downstream encoding Base64u, for TXT/CNAME/A/MX
 	v or V: Downstream encoding Base128, for TXT/CNAME/A/MX
-	r or R: Downstream encoding Raw, for PRIVATE/TXT/NULL (default for
-		PRIVATE and NULL)
+	r or R: Downstream encoding Raw, for TXT/NULL (default for NULL)
 	If codec unsupported for request type, server will use Base32; note
 	that server will answer any mix of request types that a client sends.
 	Server may disregard this option; client must always use the downstream
@@ -184,15 +181,15 @@ GGGG = Downstream fragment number
 C = Compression enabled for downstream packet
 UDCMC = Upstream Data CMC, 36 steps a-z0-9, case-insensitive
 
-Upstream data packet starts with 1 byte ASCII hex coded user byte; then 3 bytes
+Upstream data packet starts with 1 byte ASCII hex coded user byte; then 3 bytes 
 Base32 encoded header; then 1 char data-CMC; then comes the payload data,
 encoded with the chosen upstream codec.
 
 Downstream data starts with 2 byte header. Then payload data, which may be
 compressed.
 
-In NULL and PRIVATE responses, downstream data is always raw. In all other
-response types, downstream data is encoded (see Options above).
+In NULL responses, downstream data is always raw. In all other response types,
+downstream data is encoded (see Options above).
 Encoding type is indicated by 1 prefix char:
 TXT:
 	End result is always DNS-chopped (series of len-prefixed strings
@@ -227,8 +224,8 @@ always starting with the 2 bytes downstream data header as shown above.
 If server has nothing to send, no data is added after the header.
 If server has something to send, it will add the downstream data packet
 (or some fragment of it) after the header.
-
-
+ 
+ 
 "Lazy-mode" operation
 =====================
 
@@ -252,7 +249,7 @@ downstream data has to be sent.
 
 *: upstream data ack is usually done as reply on the previous ping packet,
 and the upstream-data packet itself is kept in queue.
-
+ 
 Client:
 Downstream data is acked immediately, to keep it flowing fast (includes a
 ping after last downstream frag).

man/iodine.8

@@ -1,5 +1,5 @@
 .\" groff -man -Tascii iodine.8
-.TH IODINE 8 "APR 2012" "User Manuals"
+.TH IODINE 8 "DEC 2009" "User Manuals"
 .SH NAME
 iodine, iodined \- tunnel IPv4 over DNS
 .SH SYNOPSIS
@@ -7,7 +7,7 @@ iodine, iodined \- tunnel IPv4 over DNS
 
 .B iodine [-h]
 
-.B iodine [-4] [-6] [-f] [-r] [-u
+.B iodine [-f] [-r] [-u
 .I user
 .B ] [-P
 .I password
@@ -17,8 +17,6 @@ iodine, iodined \- tunnel IPv4 over DNS
 .I chrootdir
 .B ] [-d
 .I device
-.B ] [-R
-.I rdomain
 .B ] [-m
 .I fragsize
 .B ] [-M
@@ -45,7 +43,7 @@ iodine, iodined \- tunnel IPv4 over DNS
 
 .B iodined [-h]
 
-.B iodined [-4] [-6] [-c] [-s] [-f] [-D] [-u
+.B iodined [-c] [-s] [-f] [-D] [-u
 .I user
 .B ] [-t
 .I chrootdir
@@ -54,17 +52,11 @@ iodine, iodined \- tunnel IPv4 over DNS
 .B ] [-m
 .I mtu
 .B ] [-l
-.I listen_ip4
-.B ] [-L
-.I listen_ip6
+.I listen_ip
 .B ] [-p
 .I port
 .B ] [-n
-(
-.B auto
-|
 .I external_ip
-)
 .B ] [-b
 .I dnsport
 .B ] [-P
@@ -73,8 +65,6 @@ iodine, iodined \- tunnel IPv4 over DNS
 .I context
 .B ] [-F
 .I pidfile
-.B ] [-i
-.I max_idle_time
 .B ]
 .I tunnel_ip
 .B [
@@ -83,9 +73,9 @@ iodine, iodined \- tunnel IPv4 over DNS
 .I topdomain
 .SH DESCRIPTION
 .B iodine
-lets you tunnel IPv4 data through a DNS
+lets you tunnel IPv4 data through a DNS 
 server. This can be useful in situations where Internet access is firewalled,
-but DNS queries are allowed. It needs a TUN/TAP device to operate. The
+but DNS queries are allowed. It needs a TUN/TAP device to operate. The 
 bandwidth is asymmetrical,
 with a measured maximum of 680 kbit/s upstream and 2.3 Mbit/s
 downstream in a wired LAN test network.
@@ -112,12 +102,6 @@ Print usage info and exit.
 .B -f
 Keep running in foreground.
 .TP
-.B -4
-Force/allow only IPv4 DNS queries
-.TP
-.B -6
-Force/allow only IPv6 DNS queries
-.TP
 .B -u user
 Drop privileges and run as user 'user' after setting up tunnel.
 .TP
@@ -126,11 +110,10 @@ Chroot to 'chrootdir' after setting up tunnel.
 .TP
 .B -d device
 Use the TUN device 'device' instead of the normal one, which is dnsX on Linux
-and otherwise tunX. On Mac OS X 10.6, this can also be utunX, which will attempt
-to use an utun device built into the OS.
+and otherwise tunX.
 .TP
 .B -P password
-Use 'password' to authenticate. If not used,
+Use 'password' to authenticate. If not used, 
 .B stdin
 will be used as input. Only the first 32 characters will be used.
 .TP
@@ -146,9 +129,6 @@ Skip raw UDP mode. If not used, iodine will try getting the public IP address
 of the iodined host and test if it is reachable directly. If it is, traffic
 will be sent to the server instead of the DNS relay.
 .TP
-.B -R rdomain
-Use OpenBSD routing domain 'rdomain' for the DNS connection.
-.TP
 .B -m fragsize
 Force maximum downstream fragment size. Not setting this will cause the
 client to automatically probe the maximum accepted downstream fragment size.
@@ -159,7 +139,7 @@ Usable range ca. 100 to 255.
 Use this option to scale back upstream bandwidth in favor of downstream
 bandwidth.
 Also useful for DNS servers that perform unreliably when using full-length
-hostnames, noticeable when fragment size autoprobe returns very
+hostnames, noticable when fragment size autoprobe returns very
 different results each time.
 .TP
 .B -T dnstype
@@ -172,7 +152,6 @@ more bandwidth.
 In that case, use this option to override the autodetection.
 In (expected) decreasing bandwidth order, the supported DNS request types are:
 .IR NULL ,
-.IR PRIVATE ,
 .IR TXT ,
 .IR SRV ,
 .IR MX ,
@@ -187,10 +166,7 @@ and
 .I A
 may/will cause additional lookups by "smart" caching
 nameservers to get an actual IP address, which may either slow down or fail
-completely. The
-.IR PRIVATE
-type uses value 65399 (in the 'private use' range) and requires servers
-implementing RFC 3597.
+completely.
 .TP
 .B -O downenc
 Force downstream encoding type for all query type responses except NULL.
@@ -242,12 +218,12 @@ connection after 60 seconds of inactivity.
 .TP
 .B -c
 Disable checking the client IP address on all incoming requests.
-By default, requests originating from non-matching IP addresses will be
+By default, requests originating from non-matching IP adresses will be
 rejected, however this will cause problems when requests are routed
 via a cluster of DNS servers.
 .TP
 .B -s
-Don't try to configure IP address or MTU.
+Don't try to configure IP address or MTU. 
 This should only be used if you have already configured the device that will be
 used.
 .TP
@@ -256,69 +232,51 @@ Increase debug level. Level 1 prints info about each RX/TX packet.
 Implies the
 .B -f
 option.
-On level 2 (\-DD) or higher, DNS queries will be printed literally.
+On level 2 (-DD) or higher, DNS queries will be printed literally.
 When using Base128 upstream encoding, this is best viewed as
 ISO Latin-1 text instead of (illegal) UTF-8.
-This is easily done with : "LC_ALL=C luit iodined \-DD ..."
+This is easily done with : "LC_ALL=C luit iodined -DD ..."
 (see luit(1)).
 .TP
 .B -m mtu
-Set 'mtu' as mtu size for the tun device.
+Set 'mtu' as mtu size for the tun device. 
 This will be sent to the client on login, and the client will use the same mtu
 for its tun device.  Default 1130.  Note that the DNS traffic will be
 automatically fragmented when needed.
 .TP
-.B -l external|listen_ip4
-Make the server listen only on 'listen_ip4' for incoming IPv4 requests.
-By default, incoming requests are accepted from all interfaces (0.0.0.0).
-A domain name can be used as argument - use one with only one A record.
-If listen_ip4 is 'external', iodined will use the opendns.com DNS service to
-retrieve the external IP of the host and use that as listen address.
-.TP
-.B -L listen_ip6
-Make the server listen only on 'listen_ip6' for incoming IPv6 requests.
-By default, incoming requests are accepted from all interfaces (::).
-A domain name can be used as argument - use one with only one AAAA record.
+.B -l listen_ip
+Make the server listen only on 'listen_ip' for incoming requests.
+By default, incoming requests are accepted from all interfaces.
 .TP
 .B -p port
-Make the server listen on 'port' instead of 53 for traffic.
-If 'listen_ip4' does not include localhost, this 'port' can be the same
-as 'dnsport'.
+Make the server listen on 'port' instead of 53 for traffic. 
 .B Note:
 You must make sure the dns requests are forwarded to this port yourself.
 .TP
-.B -n auto|external_ip
+.B -n external_ip
 The IP address to return in NS responses. Default is to return the address used
 as destination in the query.
-If external_ip is 'auto', iodined will use the opendns.com DNS service to
-retrieve the external IP of the host and use that for NS responses.
 .TP
 .B -b dnsport
 If this port is specified, all incoming requests not inside the tunnel domain
 will be forwarded to this port on localhost, to be handled by a real dns.
-If 'listen_ip' does not include localhost, this 'dnsport' can be the
-same as 'port'.
 .B Note:
 The forwarding is not fully transparent, and not advised for use
 in production environments.
-.TP
-.B -i max_idle_time
-Make the server stop itself after max_idle_time seconds if no traffic have been received.
-This should be combined with systemd or upstart on demand activation for being effective.
 .SS Client Arguments:
 .TP
 .B nameserver
 The nameserver to use to relay the dns traffic. This can be any relaying
 nameserver or the server running iodined if reachable. This field can be
-given as an IPv4/IPv6 address or as a hostname. This argument is optional,
-and if not specified a nameserver will be read from the
+given as an IP address, or as a hostname. This argument is optional, and 
+if not specified a nameserver will be read from the
 .I /etc/resolv.conf
 file.
 .TP
 .B topdomain
 The dns traffic will be sent as queries for subdomains under
 \'topdomain'. This is normally a subdomain to a domain you own. Use a short
-domain name to get better throughput. If
+domain name to get better throughput. If 
 .B nameserver
 is the iodined server, then the topdomain can be chosen freely. This argument
 must be the same on both the client and the server.
@@ -326,19 +284,18 @@ must be the same on both the client and the server.
 .TP
 .B tunnel_ip[/netmask]
 This is the server's ip address on the tun interface. The client will be
-given the next ip number in the range. It is recommended to use the
-10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overridden
+given the next ip number in the range. It is recommended to use the 
+10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overriden
 by specifying it here. Using a smaller network will limit the number of
 concurrent users.
 .TP
 .B topdomain
 The dns traffic is expected to arrive as queries for
-subdomains under 'topdomain'. This is normally a subdomain to a domain you
-own. Use a short domain name to get better throughput. This argument must be
+subdomains under 'topdomain'. This is normally a subdomain to a domain you 
+own. Use a short domain name to get better throughput. This argument must be 
 the same on both the client and the server. Queries for domains other
 than 'topdomain' will be forwarded when the \-b option is given, otherwise
-they will be dropped. The topdomain can start with '*' which will allow all
-domains ending with the same suffix.
+they will be dropped.
 .SH EXAMPLES
 See the README file for both a quick test scenario, and a detailed description
 of real-world deployment.
@@ -360,7 +317,7 @@ except to the used ssh or vpn ports.
 If the environment variable
 .B IODINE_PASS
 is set, iodine will use the value it is set to as password instead of asking
-for one. The
+for one. The 
 .B -P
 option still has precedence.
 .SS IODINED_PASS
@@ -370,11 +327,12 @@ is set, iodined will use the value it is set to as password instead of asking
 for one. The
 .B -P
 option still has precedence.
+.El
 .SH SEE ALSO
 The README file in the source distribution contains some more elaborate
 information.
 .SH BUGS
-File bugs at https://github.com/yarrick/iodine
+File bugs at http://dev.kryo.se/iodine/
 .SH AUTHORS
 Erik Ekman <yarrick@kryo.se> and Bjorn Andersson <flex@kryo.se>. Major
 contributions by Anne Bezemer.

src/Android.16.mk

@@ -1,26 +0,0 @@
-#
-# iodine for Android
-#
-# by Marcel Bokhorst
-# http://blog.bokhorst.biz/5123/computers-en-internet/iodine-for-android/
-#
-# cd iodine-0.6.0-rc1/src
-# make base64u.h base64u.c
-# .../ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk
-#
-
-LOCAL_PATH:= $(call my-dir)
-
-HEAD_COMMIT = `git rev-parse --short HEAD`
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE    := iodine
-LOCAL_SRC_FILES := tun.c dns.c read.c encoding.c login.c base32.c base64.c base64u.c base128.c md5.c common.c iodine.c client.c util.c
-LOCAL_CFLAGS    := -c -DANDROID -DLINUX -DIFCONFIGPATH=\"/system/bin/\" -Wall -DGITREVISION=\"$(HEAD_COMMIT)\"
-LOCAL_LDLIBS    := -lz
-LOCAL_CFLAGS += -fPIE
-LOCAL_LDFLAGS += -fPIE -pie
-
-include $(BUILD_EXECUTABLE)
-

src/Android.mk

@@ -1,24 +0,0 @@
-#
-# iodine for Android
-#
-# by Marcel Bokhorst
-# http://blog.bokhorst.biz/5123/computers-en-internet/iodine-for-android/
-#
-# cd iodine-0.6.0-rc1/src
-# make base64u.h base64u.c
-# .../ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk
-#
-
-LOCAL_PATH:= $(call my-dir)
-
-HEAD_COMMIT = `git rev-parse --short HEAD`
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE    := iodine
-LOCAL_SRC_FILES := tun.c dns.c read.c encoding.c login.c base32.c base64.c base64u.c base128.c md5.c common.c iodine.c client.c util.c
-LOCAL_CFLAGS    := -c -DANDROID -DLINUX -DIFCONFIGPATH=\"/system/bin/\" -Wall -DGITREVISION=\"$(HEAD_COMMIT)\"
-LOCAL_LDLIBS    := -lz
-
-include $(BUILD_EXECUTABLE)
-

src/Makefile

@@ -6,12 +6,10 @@ SERVER = ../bin/iodined
 
 OS = `echo $(TARGETOS) | tr "a-z" "A-Z"`
 ARCH = `uname -m`
-HEAD_COMMIT = `git rev-parse --short HEAD`
 
 LIBPATH = -L.
 LDFLAGS +=  -lz `sh osflags $(TARGETOS) link` $(LIBPATH)
-CFLAGS += -std=c99 -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags` -DGITREVISION=\"$(HEAD_COMMIT)\"
-CFLAGS += -Wstrict-prototypes -Wtype-limits -Wmissing-declarations -Wmissing-prototypes
+CFLAGS += -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags`
 
 all: stateos $(CLIENT) $(SERVER)
 
@@ -28,17 +26,21 @@ $(SERVER): $(COMMONOBJS) $(SERVEROBJS)
 	@mkdir -p ../bin
 	@$(CC) $(COMMONOBJS) $(SERVEROBJS) -o $(SERVER) $(LDFLAGS)
 
-.c.o:
+.c.o: 
 	@echo CC $<
 	@$(CC) $(CFLAGS) $< -o $@
 
+base64u.o client.o iodined.o: base64u.h
 base64u.c: base64.c
 	@echo Making $@
 	@echo '/* No use in editing, produced by Makefile! */' > $@
 	@sed -e 's/\([Bb][Aa][Ss][Ee]64\)/\1u/g ; s/0123456789+/0123456789_/' < base64.c >> $@
+base64u.h: base64.h
+	@echo Making $@
+	@echo '/* No use in editing, produced by Makefile! */' > $@
+	@sed -e 's/\([Bb][Aa][Ss][Ee]64\)/\1u/g ; s/0123456789+/0123456789_/' < base64.h >> $@
 
 clean:
 	@echo "Cleaning src/"
 	@rm -f $(CLIENT){,.exe} $(SERVER){,.exe} *~ *.o *.core base64u.*
-	@rm -rf obj libs #android stuff
 

src/android_dns.h

@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2009 Marcel Bokhorst <marcel@bokhorst.biz>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef __FIX_ANDROID_H__
-#define __FIX_ANDROID_H__
-
-/* Newer android platforms can have this data already */
-#ifndef C_IN
-
-typedef struct {
-	unsigned id :16;
-	unsigned rd :1;
-	unsigned tc :1;
-	unsigned aa :1;
-	unsigned opcode :4;
-	unsigned qr :1;
-	unsigned rcode :4;
-	unsigned cd: 1;
-	unsigned ad: 1;
-	unsigned unused :1;
-	unsigned ra :1;
-	unsigned qdcount :16;
-	unsigned ancount :16;
-	unsigned nscount :16;
-	unsigned arcount :16;
-} HEADER;
-
-#define NOERROR		0
-#define FORMERR		1
-#define SERVFAIL	2
-#define NXDOMAIN	3
-#define NOTIMP		4
-#define REFUSED		5
-
-#define C_IN		1
-
-#define T_A		1
-#define T_CNAME		5
-#define T_NULL		10
-#define T_MX		15
-#define T_TXT		16
-#define T_SRV		33
-
-#endif /* !C_IN */
-
-#endif

src/base128.c

@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 J.A.Bezemer@opensourcepartners.nl
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -33,15 +33,16 @@
 #include <string.h>
 
 #include "encoding.h"
+#include "base128.h"
 
-#define BASE128_BLKSIZE_RAW 7
-#define BASE128_BLKSIZE_ENC 8
+#define BLKSIZE_RAW 7
+#define BLKSIZE_ENC 8
 
 /* Don't use '-' (restricted to middle of labels), prefer iso_8859-1
  * accent chars since they might readily be entered in normal use,
  * don't use 254-255 because of possible function overloading in DNS systems.
  */
-static const unsigned char cb128[] =
+static const unsigned char cb128[] = 
 	"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
 	"\274\275\276\277"
 	"\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317"
@@ -51,13 +52,55 @@ static const unsigned char cb128[] =
 static unsigned char rev128[256];
 static int reverse_init = 0;
 
-inline static void base128_reverse_init(void)
+static int base128_encode(char *, size_t *, const void *, size_t);
+static int base128_decode(void *, size_t *, const char *, size_t);
+static int base128_handles_dots();
+static int base128_blksize_raw();
+static int base128_blksize_enc();
+
+static struct encoder base128_encoder =
+{
+	"Base128",
+	base128_encode,
+	base128_decode,
+	base128_handles_dots,
+	base128_handles_dots,
+	base128_blksize_raw,
+	base128_blksize_enc
+};
+
+struct encoder
+*get_base128_encoder()
+{
+	return &base128_encoder;
+}
+
+static int 
+base128_handles_dots()
+{
+	return 0;
+}
+
+static int 
+base128_blksize_raw()
+{
+	return BLKSIZE_RAW;
+}
+
+static int 
+base128_blksize_enc()
+{
+	return BLKSIZE_ENC;
+}
+
+inline static void
+base128_reverse_init()
 {
 	int i;
 	unsigned char c;
 
 	if (!reverse_init) {
-		memset(rev128, 0, 256);
+		memset (rev128, 0, 256);
 		for (i = 0; i < 128; i++) {
 			c = cb128[i];
 			rev128[(int) c] = i;
@@ -66,6 +109,8 @@ inline static void base128_reverse_init(void)
 	}
 }
 
+static int 
+base128_encode(char *buf, size_t *buflen, const void *data, size_t size)
 /*
  * Fills *buf with max. *buflen characters, encoding size bytes of *data.
  *
@@ -75,8 +120,6 @@ inline static void base128_reverse_init(void)
  * return value    : #bytes filled in buf   (excluding \0)
  * sets *buflen to : #bytes encoded from data
  */
-static int base128_encode(char *buf, size_t *buflen, const void *data,
-			  size_t size)
 {
 	unsigned char *ubuf = (unsigned char *) buf;
 	unsigned char *udata = (unsigned char *) data;
@@ -160,6 +203,8 @@ static int base128_encode(char *buf, size_t *buflen, const void *data,
 
 #define REV128(x) rev128[(int) (x)]
 
+static int
+base128_decode(void *buf, size_t *buflen, const char *str, size_t slen)
 /*
  * Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
  * Decoding stops early when *str contains \0.
@@ -171,15 +216,13 @@ static int base128_encode(char *buf, size_t *buflen, const void *data,
  *
  * return value    : #bytes filled in buf   (excluding \0)
  */
-static int base128_decode(void *buf, size_t *buflen, const char *str,
-			  size_t slen)
 {
 	unsigned char *ustr = (unsigned char *) str;
 	unsigned char *ubuf = (unsigned char *) buf;
 	int iout = 0;	/* to-be-filled output byte */
 	int iin = 0;	/* next input char to use in decoding */
 
-	base128_reverse_init();
+	base128_reverse_init ();
 
 	/* Note: Don't bother to optimize manually. GCC optimizes
 	   better(!) when using simplistic array indexing. */
@@ -188,7 +231,7 @@ static int base128_decode(void *buf, size_t *buflen, const char *str,
 		if (iout >= *buflen || iin + 1 >= slen ||
 		    str[iin] == '\0' || str[iin + 1] == '\0')
 			break;
-		ubuf[iout] = ((REV128(ustr[iin]) & 0x7f) << 1) |
+		ubuf[iout] = ((REV128(ustr[iin]) & 0x7f) << 1) | 
 			     ((REV128(ustr[iin + 1]) & 0x40) >> 6);
 		iin++;  		/* 0 used up, iin=1 */
 		iout++;
@@ -246,16 +289,3 @@ static int base128_decode(void *buf, size_t *buflen, const char *str,
 
 	return iout;
 }
-
-const struct encoder base128_ops = {
-	.name = "Base128",
-
-	.encode = base128_encode,
-	.decode = base128_decode,
-
-	.places_dots = false,
-	.eats_dots = false,
-
-	.blocksize_raw = BASE128_BLKSIZE_RAW,
-	.blocksize_encoded = BASE128_BLKSIZE_ENC,
-};

src/base128.h

@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2009 J.A.Bezemer@opensourcepartners.nl
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef __BASE128_H__
+#define __BASE128_H__
+
+struct encoder *get_base128_encoder(void);
+
+#endif

src/base32.c

@@ -1,9 +1,8 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  * Mostly rewritten 2009 J.A.Bezemer@opensourcepartners.nl
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -21,24 +20,67 @@
 #include <string.h>
 
 #include "encoding.h"
+#include "base32.h"
 
-#define BASE32_BLKSIZE_RAW 5
-#define BASE32_BLKSIZE_ENC 8
+#define BLKSIZE_RAW 5
+#define BLKSIZE_ENC 8
 
-static const char cb32[] =
+static const char cb32[] = 
 	"abcdefghijklmnopqrstuvwxyz012345";
-static const char cb32_ucase[] =
+static const char cb32_ucase[] = 
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZ012345";
 static unsigned char rev32[256];
 static int reverse_init = 0;
 
-inline static void base32_reverse_init(void)
+static int base32_encode(char *, size_t *, const void *, size_t);
+static int base32_decode(void *, size_t *, const char *, size_t);
+static int base32_handles_dots();
+static int base32_blksize_raw();
+static int base32_blksize_enc();
+
+static struct encoder base32_encoder =
+{
+	"Base32",
+	base32_encode,
+	base32_decode,
+	base32_handles_dots,
+	base32_handles_dots,
+	base32_blksize_raw,
+	base32_blksize_enc
+};
+
+struct encoder
+*get_base32_encoder()
+{
+	return &base32_encoder;
+}
+
+static int 
+base32_handles_dots()
+{
+	return 0;
+}
+
+static int 
+base32_blksize_raw()
+{
+	return BLKSIZE_RAW;
+}
+
+static int 
+base32_blksize_enc()
+{
+	return BLKSIZE_ENC;
+}
+
+inline static void
+base32_reverse_init()
 {
 	int i;
 	unsigned char c;
 
 	if (!reverse_init) {
-		memset(rev32, 0, 256);
+		memset (rev32, 0, 256);
 		for (i = 0; i < 32; i++) {
 			c = cb32[i];
 			rev32[(int) c] = i;
@@ -49,17 +91,21 @@ inline static void base32_reverse_init(void)
 	}
 }
 
-int b32_5to8(int in)
+int
+b32_5to8(int in)
 {
 	return cb32[in & 31];
 }
 
-int b32_8to5(int in)
+int
+b32_8to5(int in)
 {
 	base32_reverse_init();
 	return rev32[in];
 }
 
+static int 
+base32_encode(char *buf, size_t *buflen, const void *data, size_t size)
 /*
  * Fills *buf with max. *buflen characters, encoding size bytes of *data.
  *
@@ -69,7 +115,6 @@ int b32_8to5(int in)
  * return value    : #bytes filled in buf   (excluding \0)
  * sets *buflen to : #bytes encoded from data
  */
-static int base32_encode(char *buf, size_t *buflen, const void *data, size_t size)
 {
 	unsigned char *udata = (unsigned char *) data;
 	int iout = 0;	/* to-be-filled output char */
@@ -150,6 +195,8 @@ static int base32_encode(char *buf, size_t *buflen, const void *data, size_t siz
 
 #define REV32(x) rev32[(int) (x)]
 
+static int
+base32_decode(void *buf, size_t *buflen, const char *str, size_t slen)
 /*
  * Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
  * Decoding stops early when *str contains \0.
@@ -161,14 +208,12 @@ static int base32_encode(char *buf, size_t *buflen, const void *data, size_t siz
  *
  * return value    : #bytes filled in buf   (excluding \0)
  */
-static int base32_decode(void *buf, size_t *buflen, const char *str,
-			 size_t slen)
 {
 	unsigned char *ubuf = (unsigned char *) buf;
 	int iout = 0;	/* to-be-filled output byte */
 	int iin = 0;	/* next input char to use in decoding */
 
-	base32_reverse_init();
+	base32_reverse_init ();
 
 	/* Note: Don't bother to optimize manually. GCC optimizes
 	   better(!) when using simplistic array indexing. */
@@ -177,7 +222,7 @@ static int base32_decode(void *buf, size_t *buflen, const char *str,
 		if (iout >= *buflen || iin + 1 >= slen ||
 		    str[iin] == '\0' || str[iin + 1] == '\0')
 			break;
-		ubuf[iout] = ((REV32(str[iin]) & 0x1f) << 3) |
+		ubuf[iout] = ((REV32(str[iin]) & 0x1f) << 3) | 
 			     ((REV32(str[iin + 1]) & 0x1c) >> 2);
 		iin++;  		/* 0 used up, iin=1 */
 		iout++;
@@ -186,8 +231,8 @@ static int base32_decode(void *buf, size_t *buflen, const char *str,
 		    str[iin] == '\0' || str[iin + 1] == '\0' ||
 		    str[iin + 2] == '\0')
 			break;
-		ubuf[iout] = ((REV32(str[iin]) & 0x03) << 6) |
-			     ((REV32(str[iin + 1]) & 0x1f) << 1) |
+		ubuf[iout] = ((REV32(str[iin]) & 0x03) << 6) | 
+			     ((REV32(str[iin + 1]) & 0x1f) << 1) | 
 			     ((REV32(str[iin + 2]) & 0x10) >> 4);
 		iin += 2;  		/* 1,2 used up, iin=3 */
 		iout++;
@@ -223,16 +268,3 @@ static int base32_decode(void *buf, size_t *buflen, const char *str,
 
 	return iout;
 }
-
-const struct encoder base32_ops = {
-	.name = "Base32",
-
-	.encode = base32_encode,
-	.decode = base32_decode,
-
-	.places_dots = false,
-	.eats_dots = false,
-
-	.blocksize_raw = BASE32_BLKSIZE_RAW,
-	.blocksize_encoded = BASE32_BLKSIZE_ENC,
-};

src/base32.h

@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef __BASE32_H__
+#define __BASE32_H__
+
+struct encoder *get_base32_encoder(void);
+
+int b32_5to8(int);
+int b32_8to5(int);
+#endif

src/base64.c

@@ -1,9 +1,8 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  * Mostly rewritten 2009 J.A.Bezemer@opensourcepartners.nl
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -21,24 +20,67 @@
 #include <string.h>
 
 #include "encoding.h"
+#include "base64.h"
 
-#define BASE64_BLKSIZE_RAW 3
-#define BASE64_BLKSIZE_ENC 4
+#define BLKSIZE_RAW 3
+#define BLKSIZE_ENC 4
 
 /* Note: the "unofficial" char is last here, which means that the \377 pattern
    in DOWNCODECCHECK1 ('Y' request) will properly test it. */
-static const char cb64[] =
+static const char cb64[] = 
 	"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789+";
 static unsigned char rev64[256];
 static int reverse_init = 0;
 
-inline static void base64_reverse_init(void)
+static int base64_encode(char *, size_t *, const void *, size_t);
+static int base64_decode(void *, size_t *, const char *, size_t);
+static int base64_handles_dots();
+static int base64_blksize_raw();
+static int base64_blksize_enc();
+
+static struct encoder base64_encoder =
+{
+	"Base64",
+	base64_encode,
+	base64_decode,
+	base64_handles_dots,
+	base64_handles_dots,
+	base64_blksize_raw,
+	base64_blksize_enc
+};
+
+struct encoder
+*get_base64_encoder()
+{
+	return &base64_encoder;
+}
+
+static int 
+base64_handles_dots()
+{
+	return 0;
+}
+
+static int 
+base64_blksize_raw()
+{
+	return BLKSIZE_RAW;
+}
+
+static int 
+base64_blksize_enc()
+{
+	return BLKSIZE_ENC;
+}
+
+inline static void
+base64_reverse_init()
 {
 	int i;
 	unsigned char c;
 
 	if (!reverse_init) {
-		memset(rev64, 0, 256);
+		memset (rev64, 0, 256);
 		for (i = 0; i < 64; i++) {
 			c = cb64[i];
 			rev64[(int) c] = i;
@@ -47,6 +89,8 @@ inline static void base64_reverse_init(void)
 	}
 }
 
+static int 
+base64_encode(char *buf, size_t *buflen, const void *data, size_t size)
 /*
  * Fills *buf with max. *buflen characters, encoding size bytes of *data.
  *
@@ -56,8 +100,6 @@ inline static void base64_reverse_init(void)
  * return value    : #bytes filled in buf   (excluding \0)
  * sets *buflen to : #bytes encoded from data
  */
-static int base64_encode(char *buf, size_t *buflen, const void *data,
-			 size_t size)
 {
 	unsigned char *udata = (unsigned char *) data;
 	int iout = 0;	/* to-be-filled output char */
@@ -85,7 +127,7 @@ static int base64_encode(char *buf, size_t *buflen, const void *data,
 
 		if (iout >= *buflen || iin >= size)
 			break;
-		buf[iout] = cb64[((udata[iin] & 0x0f) << 2) |
+		buf[iout] = cb64[((udata[iin] & 0x0f) << 2 ) |
 				  ((iin + 1 < size) ?
 				   ((udata[iin + 1] & 0xc0) >> 6) : 0)];
 		iin++;			/* 1 complete, iin=2 */
@@ -108,6 +150,8 @@ static int base64_encode(char *buf, size_t *buflen, const void *data,
 
 #define REV64(x) rev64[(int) (x)]
 
+static int
+base64_decode(void *buf, size_t *buflen, const char *str, size_t slen)
 /*
  * Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
  * Decoding stops early when *str contains \0.
@@ -119,14 +163,12 @@ static int base64_encode(char *buf, size_t *buflen, const void *data,
  *
  * return value    : #bytes filled in buf   (excluding \0)
  */
-static int base64_decode(void *buf, size_t *buflen, const char *str,
-			 size_t slen)
 {
 	unsigned char *ubuf = (unsigned char *) buf;
 	int iout = 0;	/* to-be-filled output byte */
 	int iin = 0;	/* next input char to use in decoding */
 
-	base64_reverse_init();
+	base64_reverse_init ();
 
 	/* Note: Don't bother to optimize manually. GCC optimizes
 	   better(!) when using simplistic array indexing. */
@@ -135,7 +177,7 @@ static int base64_decode(void *buf, size_t *buflen, const char *str,
 		if (iout >= *buflen || iin + 1 >= slen ||
 		    str[iin] == '\0' || str[iin + 1] == '\0')
 			break;
-		ubuf[iout] = ((REV64(str[iin]) & 0x3f) << 2) |
+		ubuf[iout] = ((REV64(str[iin]) & 0x3f) << 2) | 
 			     ((REV64(str[iin + 1]) & 0x30) >> 4);
 		iin++;  		/* 0 used up, iin=1 */
 		iout++;
@@ -143,7 +185,7 @@ static int base64_decode(void *buf, size_t *buflen, const char *str,
 		if (iout >= *buflen || iin + 1 >= slen ||
 		    str[iin] == '\0' || str[iin + 1] == '\0')
 			break;
-		ubuf[iout] = ((REV64(str[iin]) & 0x0f) << 4) |
+		ubuf[iout] = ((REV64(str[iin]) & 0x0f) << 4) | 
 			     ((REV64(str[iin + 1]) & 0x3c) >> 2);
 		iin++;  		/* 1 used up, iin=2 */
 		iout++;
@@ -161,16 +203,3 @@ static int base64_decode(void *buf, size_t *buflen, const char *str,
 
 	return iout;
 }
-
-const struct encoder base64_ops = {
-	.name = "Base64",
-
-	.encode = base64_encode,
-	.decode = base64_decode,
-
-	.places_dots = false,
-	.eats_dots = false,
-
-	.blocksize_raw = BASE64_BLKSIZE_RAW,
-	.blocksize_encoded = BASE64_BLKSIZE_ENC,
-};

src/base64.h

@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef __BASE64_H__
+#define __BASE64_H__
+
+struct encoder *get_base64_encoder(void);
+
+#endif

src/client.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -18,24 +17,23 @@
 #ifndef __CLIENT_H__
 #define __CLIENT_H__
 
-void client_init(void);
-void client_stop(void);
+void client_init();
+void client_stop();
 
-enum connection client_get_conn(void);
-const char *client_get_raw_addr(void);
+enum connection client_get_conn();
+const char *client_get_raw_addr();
 
-void client_set_nameserver(struct sockaddr_storage *, int);
+void client_set_nameserver(const char *cp, int port);
 void client_set_topdomain(const char *cp);
 void client_set_password(const char *cp);
-int client_set_qtype(char *qtype);
-char *client_get_qtype(void);
-void client_set_downenc(char *encoding);
+void set_qtype(char *qtype);
+char *get_qtype();
+void set_downenc(char *encoding);
 void client_set_selecttimeout(int select_timeout);
 void client_set_lazymode(int lazy_mode);
 void client_set_hostname_maxlen(int i);
 
-int client_handshake(int dns_fd, int raw_mode, int autodetect_frag_size,
-		     int fragsize);
+int client_handshake(int dns_fd, int raw_mode, int autodetect_frag_size, int fragsize);
 int client_tunnel(int tun_fd, int dns_fd);
 
 #endif

src/common.c

@@ -1,8 +1,7 @@
-/* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+/* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  * Copyright (c) 2007 Albert Lee <trisk@acm.jhu.edu>.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -40,11 +39,9 @@
 #endif
 #include <termios.h>
 #include <err.h>
-#include <netinet/in.h>
 #include <arpa/inet.h>
+#include <netinet/in.h>
 #include <syslog.h>
-#include <sys/socket.h>
-#include <netdb.h>
 #endif
 
 #ifdef HAVE_SETCON
@@ -57,11 +54,11 @@
 const unsigned char raw_header[RAW_HDR_LEN] = { 0x10, 0xd1, 0x9e, 0x00 };
 
 /* daemon(3) exists only in 4.4BSD or later, and in GNU libc */
-#if !defined(ANDROID) && !defined(WINDOWS32) && !(defined(BSD) && (BSD >= 199306)) && !defined(__GLIBC__)
+#if !defined(WINDOWS32) && !(defined(BSD) && (BSD >= 199306)) && !defined(__GLIBC__)
 static int daemon(int nochdir, int noclose)
 {
  	int fd, i;
-
+ 
  	switch (fork()) {
  		case 0:
  			break;
@@ -70,15 +67,15 @@ static int daemon(int nochdir, int noclose)
  		default:
  			_exit(0);
  	}
-
+ 
  	if (!nochdir) {
  		chdir("/");
  	}
-
+ 
  	if (setsid() < 0) {
  		return -1;
  	}
-
+ 	
  	if (!noclose) {
  		if ((fd = open("/dev/null", O_RDWR)) >= 0) {
  			for (i = 0; i < 3; i++) {
@@ -101,86 +98,34 @@ int setgroups(int count, int *groups)
 }
 #endif
 
-#ifndef WINDOWS32
+
 void
-check_superuser(void)
+check_superuser(void (*usage_fn)(void))
 {
+#ifndef WINDOWS32
 	if (geteuid() != 0) {
-		warnx("Run as root and you'll be happy.");
-		exit(-1);
+		warnx("Run as root and you'll be happy.\n");
+		usage_fn();
+		/* NOTREACHED */
 	}
-}
 #endif
-
-char *
-format_addr(struct sockaddr_storage *sockaddr, int sockaddr_len)
-{
-	static char dst[INET6_ADDRSTRLEN + 1];
-
-	memset(dst, 0, sizeof(dst));
-	if (sockaddr->ss_family == AF_INET && sockaddr_len >= sizeof(struct sockaddr_in)) {
-		getnameinfo((struct sockaddr *)sockaddr, sockaddr_len, dst, sizeof(dst) - 1, NULL, 0, NI_NUMERICHOST);
-	} else if (sockaddr->ss_family == AF_INET6 && sockaddr_len >= sizeof(struct sockaddr_in6)) {
-		struct sockaddr_in6 *addr = (struct sockaddr_in6 *) sockaddr;
-		if (IN6_IS_ADDR_V4MAPPED(&addr->sin6_addr)) {
-			struct in_addr ia;
-			/* Get mapped v4 addr from last 32bit field */
-			memcpy(&ia.s_addr, &addr->sin6_addr.s6_addr[12], sizeof(ia));
-			strcpy(dst, inet_ntoa(ia));
-		} else {
-			getnameinfo((struct sockaddr *)sockaddr, sockaddr_len, dst, sizeof(dst) - 1, NULL, 0, NI_NUMERICHOST);
-		}
-	} else {
-		dst[0] = '?';
-	}
-	return dst;
 }
 
-int
-get_addr(char *host, int port, int addr_family, int flags, struct sockaddr_storage *out)
+int 
+open_dns(int localport, in_addr_t listen_ip) 
 {
-	struct addrinfo hints, *addr;
-	int res;
-	char portnum[8];
-
-	memset(portnum, 0, sizeof(portnum));
-	snprintf(portnum, sizeof(portnum) - 1, "%d", port);
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = addr_family;
-#if defined(WINDOWS32) || defined(OPENBSD)
-	/* AI_ADDRCONFIG misbehaves on windows, and does not exist in OpenBSD */
-	hints.ai_flags = flags;
-#else
-	hints.ai_flags = AI_ADDRCONFIG | flags;
-#endif
-	hints.ai_socktype = SOCK_DGRAM;
-	hints.ai_protocol = IPPROTO_UDP;
-
-	res = getaddrinfo(host, portnum, &hints, &addr);
-	if (res == 0) {
-		int addrlen = addr->ai_addrlen;
-		/* Grab first result */
-		memcpy(out, addr->ai_addr, addr->ai_addrlen);
-		freeaddrinfo(addr);
-		return addrlen;
-	}
-	return res;
-}
-
-int
-open_dns(struct sockaddr_storage *sockaddr, size_t sockaddr_len)
-{
-	return open_dns_opt(sockaddr, sockaddr_len, -1);
-}
-
-int
-open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len, int v6only)
-{
-	int flag;
+	struct sockaddr_in addr;
+	int flag = 1;
 	int fd;
 
-	if ((fd = socket(sockaddr->ss_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+	memset(&addr, 0, sizeof(addr));
+	addr.sin_family = AF_INET;
+	addr.sin_port = htons(localport);
+	/* listen_ip already in network byte order from inet_addr, or 0 */
+	addr.sin_addr.s_addr = listen_ip; 
+
+	if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+		fprintf(stderr, "got fd %d\n", fd);
 		err(1, "socket");
 	}
 
@@ -191,40 +136,24 @@ open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len, int v6only)
 	setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void*) &flag, sizeof(flag));
 
 #ifndef WINDOWS32
-	fd_set_close_on_exec(fd);
+	/* To get destination address from each UDP datagram, see iodined.c:read_dns() */
+	setsockopt(fd, IPPROTO_IP, DSTADDR_SOCKOPT, (const void*) &flag, sizeof(flag));
 #endif
 
-	if (sockaddr->ss_family == AF_INET6 && v6only >= 0) {
-		setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (const void*) &v6only, sizeof(v6only));
-	}
-
 #ifdef IP_OPT_DONT_FRAG
 	/* Set dont-fragment ip header flag */
 	flag = DONT_FRAG_VALUE;
 	setsockopt(fd, IPPROTO_IP, IP_OPT_DONT_FRAG, (const void*) &flag, sizeof(flag));
 #endif
 
-	if (bind(fd, (struct sockaddr*) sockaddr, sockaddr_len) < 0)
-		err(1, "bind() to %s", format_addr(sockaddr, sockaddr_len));
+	if(bind(fd, (struct sockaddr*)&addr, sizeof(addr)) < 0) 
+		err(1, "bind");
 
-	fprintf(stderr, "Opened IPv%d UDP socket\n", sockaddr->ss_family == AF_INET6 ? 6 : 4);
+	fprintf(stderr, "Opened UDP socket\n");
 
 	return fd;
 }
 
-int
-open_dns_from_host(char *host, int port, int addr_family, int flags)
-{
-	struct sockaddr_storage addr;
-	int addrlen;
-
-	addrlen = get_addr(host, port, addr_family, flags, &addr);
-	if (addrlen < 0)
-		return addrlen;
-
-	return open_dns(&addr, addrlen);
-}
-
 void
 close_dns(int fd)
 {
@@ -238,9 +167,8 @@ do_chroot(char *newroot)
 	if (chroot(newroot) != 0 || chdir("/") != 0)
 		err(1, "%s", newroot);
 
-	if (seteuid(geteuid()) != 0 || setuid(getuid()) != 0) {
-		err(1, "set[e]uid()");
-	}
+	seteuid(geteuid());
+	setuid(getuid());
 #else
 	warnx("chroot not available");
 #endif
@@ -291,24 +219,24 @@ do_detach()
 void
 read_password(char *buf, size_t len)
 {
-	char pwd[80] = {0};
+	char pwd[80];
 #ifndef WINDOWS32
 	struct termios old;
 	struct termios tp;
 
 	tcgetattr(0, &tp);
 	old = tp;
-
+	
 	tp.c_lflag &= (~ECHO);
 	tcsetattr(0, TCSANOW, &tp);
 #else
 	int i;
 #endif
 
-	fprintf(stderr, "Enter tunnel password: ");
+	fprintf(stderr, "Enter password: ");
 	fflush(stderr);
 #ifndef WINDOWS32
-	fscanf(stdin, "%79[^\n]", pwd);
+	scanf("%79s", pwd);
 #else
 	for (i = 0; i < sizeof(pwd); i++) {
 		pwd[i] = getch();
@@ -324,7 +252,7 @@ read_password(char *buf, size_t len)
 	fprintf(stderr, "\n");
 
 #ifndef WINDOWS32
-	tcsetattr(0, TCSANOW, &old);
+	tcsetattr(0, TCSANOW, &old);	
 #endif
 
 	strncpy(buf, pwd, len);
@@ -332,146 +260,29 @@ read_password(char *buf, size_t len)
 }
 
 int
-check_topdomain(char *str, int allow_wildcard, char **errormsg)
+check_topdomain(char *str)
 {
-	int i;
-	int dots = 0;
-	int chunklen = 0;
+       int i;
 
-	if (strlen(str) < 3) {
-		if (errormsg) *errormsg = "Too short (< 3)";
-		return 1;
-	}
-	if (strlen(str) > 128) {
-		if (errormsg) *errormsg = "Too long (> 128)";
-		return 1;
-	}
+       if(str[0] == '.') /* special case */
+               return 1;
 
-	if (str[0] == '.') {
-		if (errormsg) *errormsg = "Starts with a dot";
-		return 1;
-	}
-
-	for (i = 0; i < strlen(str); i++) {
-		if (str[i] == '.') {
-			dots++;
-			if (chunklen == 0) {
-				if (errormsg) *errormsg = "Consecutive dots";
-				return 1;
-			}
-			if (chunklen > 63) {
-				if (errormsg) *errormsg = "Too long domain part (> 63)";
-				return 1;
-			}
-			chunklen = 0;
-		} else {
-			chunklen++;
-		}
-		if ((str[i] >= 'a' && str[i] <= 'z') || (str[i] >= 'A' && str[i] <= 'Z') ||
-				isdigit(str[i]) || str[i] == '-' || str[i] == '.') {
-			continue;
-		} else if (allow_wildcard && str[i] == '*') {
-			/* First char allowed to be wildcard, if followed by dot */
-			if (i == 0) {
-				if (str[i+1] == '.') {
-					continue;
-				}
-				if (errormsg) *errormsg = "Wildcard (*) must be followed by dot";
-				return 1;
-			} else {
-				if (errormsg) *errormsg = "Wildcard (*) only allowed as first char";
-				return 1;
-			}
-		} else {
-			if (errormsg) *errormsg = "Contains illegal character (allowed: [a-zA-Z0-9-.])";
-			return 1;
-		}
-	}
-
-	if (dots == 0) {
-		if (errormsg) *errormsg = "No dots";
-		return 1;
-	}
-	if (chunklen == 0) {
-		if (errormsg) *errormsg = "Ends with a dot";
-		return 1;
-	}
-	if (chunklen > 63) {
-		if (errormsg) *errormsg = "Too long domain part (> 63)";
-		return 1;
-	}
-
-	return 0;
+       for( i = 0; i < strlen(str); i++) {
+               if( isalpha(str[i]) || isdigit(str[i]) || str[i] == '-' || str[i] == '.' )
+                       continue;
+               else 
+		       return 1;
+       }
+       return 0;
 }
 
-int
-query_datalen(const char *qname, const char *topdomain)
-{
-	/* Return number of data bytes embedded in DNS query name,
-	 * or -1 if domains do not match.
-	 */
-	int qpos = strlen(qname);
-	int tpos = strlen(topdomain);
-	if (tpos < 3 || qpos < tpos) {
-		/* Domain or query name too short */
-		return -1;
-	}
-	/* Backward string compare */
-	qpos--;
-	tpos--;
-	while (qpos >= 0) {
-		if (topdomain[tpos] == '*') {
-			/* Wild match, is first in topdomain */
-			if (qname[qpos] == '*') {
-				/* Don't match against stars in query name */
-				return -1;
-			} else if (qpos == 0 || qname[qpos-1] == '.') {
-				/* Reached start of query name or chunk separator */
-				return qpos;
-			}
-			qpos--;
-		} else if (tolower(qname[qpos]) == tolower(topdomain[tpos])) {
-			/* Matching char, exclude wildcard in query name */
-			if (tpos == 0) {
-				/* Fully matched domain */
-				if (qpos == 0 || qname[qpos-1] == '.') {
-					/* Start of name or has dot before matching topdomain */
-					return qpos;
-				}
-				/* Query name has longer chunk than topdomain */
-				return -1;
-			}
-			tpos--;
-			qpos--;
-		} else {
-			return -1;
-		}
-	}
-	return -1;
-}
-
-#if defined(WINDOWS32) || defined(ANDROID)
-#ifndef ANDROID
+#ifdef WINDOWS32
 int
 inet_aton(const char *cp, struct in_addr *inp)
 {
  inp->s_addr = inet_addr(cp);
  return inp->s_addr != INADDR_ANY;
 }
-#endif
-
-void
-vwarn(const char *fmt, va_list list)
-{
-	if (fmt) vfprintf(stderr, fmt, list);
-#ifndef ANDROID
-	if (errno == 0) {
-		fprintf(stderr, ": WSA error %d\n", WSAGetLastError());
-	} else {
-		fprintf(stderr, ": %s\n", strerror(errno));
-	}
-#endif
-}
 
 void
 warn(const char *fmt, ...)
@@ -479,7 +290,23 @@ warn(const char *fmt, ...)
 	va_list list;
 
 	va_start(list, fmt);
-	vwarn(fmt, list);
+	if (fmt) fprintf(stderr, fmt, list);
+	if (errno == 0) {
+		fprintf(stderr, ": WSA error %d\n", WSAGetLastError()); 
+	} else {
+		fprintf(stderr, ": %s\n", strerror(errno));
+	}
+	va_end(list);
+}
+
+void
+warnx(const char *fmt, ...)
+{
+	va_list list;
+
+	va_start(list, fmt);
+	if (fmt) fprintf(stderr, fmt, list);
+	fprintf(stderr, "\n");
 	va_end(list);
 }
 
@@ -489,35 +316,18 @@ err(int eval, const char *fmt, ...)
 	va_list list;
 
 	va_start(list, fmt);
-	vwarn(fmt, list);
+	warn(fmt, list);
 	va_end(list);
 	exit(eval);
 }
 
-void
-vwarnx(const char *fmt, va_list list)
-{
-	if (fmt) vfprintf(stderr, fmt, list);
-	fprintf(stderr, "\n");
-}
-
-void
-warnx(const char *fmt, ...)
-{
-	va_list list;
-
-	va_start(list, fmt);
-	vwarnx(fmt, list);
-	va_end(list);
-}
-
 void
 errx(int eval, const char *fmt, ...)
 {
 	va_list list;
 
 	va_start(list, fmt);
-	vwarnx(fmt, list);
+	warnx(fmt, list);
 	va_end(list);
 	exit(eval);
 }
@@ -538,22 +348,3 @@ int recent_seqno(int ourseqno, int gotseqno)
 	}
 	return 0;
 }
-
-#ifndef WINDOWS32
-/* Set FD_CLOEXEC flag on file descriptor.
- * This stops it from being inherited by system() calls.
- */
-void
-fd_set_close_on_exec(int fd)
-{
-	int flags;
-
-	flags = fcntl(fd, F_GETFD);
-	if (flags == -1)
-		err(4, "Failed to get fd flags");
-	flags |= FD_CLOEXEC;
-	if (fcntl(fd, F_SETFD, flags) == -1)
-		err(4, "Failed to set fd flags");
-}
-#endif
-

src/common.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2015 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -32,15 +31,14 @@
 #define RAW_HDR_GET_USR(x) ((x)[RAW_HDR_CMD] & RAW_HDR_USR_MASK)
 extern const unsigned char raw_header[RAW_HDR_LEN];
 
-#include <stdarg.h>
 #ifdef WINDOWS32
 #include "windows.h"
 #else
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <err.h>
-#include <netinet/in.h>
 #include <arpa/inet.h>
+#include <netinet/in.h>
 #endif
 
 #define DNS_PORT 53
@@ -54,6 +52,14 @@ extern const unsigned char raw_header[RAW_HDR_LEN];
 
 #define QUERY_NAME_SIZE 256
 
+#if defined IP_RECVDSTADDR 
+# define DSTADDR_SOCKOPT IP_RECVDSTADDR 
+# define dstaddr(x) ((struct in_addr *) CMSG_DATA(x)) 
+#elif defined IP_PKTINFO 
+# define DSTADDR_SOCKOPT IP_PKTINFO 
+# define dstaddr(x) (&(((struct in_pktinfo *)(CMSG_DATA(x)))->ipi_addr)) 
+#endif
+
 #if defined IP_MTU_DISCOVER
   /* Linux */
 # define IP_OPT_DONT_FRAG IP_MTU_DISCOVER
@@ -68,13 +74,10 @@ extern const unsigned char raw_header[RAW_HDR_LEN];
 # define DONT_FRAG_VALUE 1
 #endif
 
-#define T_PRIVATE 65399
-/* Undefined RR type; "private use" range, see
- * http://www.bind9.net/dns-parameters */
 #define T_UNSET 65432
-/* Unused RR type, never actually sent */
+/* Unused RR type; "private use" range, see http://www.bind9.net/dns-parameters */
 
-struct packet
+struct packet 
 {
 	int len;		/* Total packet length */
 	int sentlen;		/* Length of chunk currently transmitted */
@@ -89,64 +92,42 @@ struct query {
 	unsigned short type;
 	unsigned short rcode;
 	unsigned short id;
-	struct sockaddr_storage destination;
-	socklen_t dest_len;
-	struct sockaddr_storage from;
-	socklen_t fromlen;
+	struct in_addr destination;
+	struct sockaddr from;
+	int fromlen;
 	unsigned short id2;
-	struct sockaddr_storage from2;
-	socklen_t fromlen2;
+	struct sockaddr from2;
+	int fromlen2;
 };
 
 enum connection {
-	CONN_RAW_UDP = 0,
+	CONN_RAW_UDP,
 	CONN_DNS_NULL,
 	CONN_MAX
 };
 
-#ifdef WINDOWS32
-static inline void check_superuser(void)
-{
-}
-#else
-void check_superuser(void);
-#endif
-char *format_addr(struct sockaddr_storage *sockaddr, int sockaddr_len);
-int get_addr(char *, int, int, int, struct sockaddr_storage *);
-int open_dns(struct sockaddr_storage *, size_t);
-int open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len,
-		 int v6only);
-int open_dns_from_host(char *host, int port, int addr_family, int flags);
+void check_superuser(void (*usage_fn)(void));
+int open_dns(int, in_addr_t);
 void close_dns(int);
 
 void do_chroot(char *);
 void do_setcon(char *);
-void do_detach(void);
+void do_detach();
 void do_pidfile(char *);
 
 void read_password(char*, size_t);
 
-int check_topdomain(char *, int, char **);
+int check_topdomain(char *);
 
-int query_datalen(const char *qname, const char *topdomain);
-
-#if defined(WINDOWS32) || defined(ANDROID)
-#ifndef ANDROID
+#ifdef WINDOWS32
 int inet_aton(const char *cp, struct in_addr *inp);
-#endif
 
-void vwarn(const char *fmt, va_list list);
-void warn(const char *fmt, ...);
 void err(int eval, const char *fmt, ...);
-void vwarnx(const char *fmt, va_list list);
-void warnx(const char *fmt, ...);
+void warn(const char *fmt, ...);
 void errx(int eval, const char *fmt, ...);
+void warnx(const char *fmt, ...);
 #endif
 
 int recent_seqno(int , int);
 
-#ifndef WINDOWS32
-void fd_set_close_on_exec(int fd);
-#endif
-
 #endif

src/dns.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -21,7 +20,6 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <string.h>
-#include <strings.h>
 #include <ctype.h>
 
 #ifdef WINDOWS32
@@ -32,12 +30,8 @@
 #define BIND_8_COMPAT
 #include <arpa/nameser_compat.h>
 #endif
-#include <netinet/in.h>
 #include <arpa/inet.h>
 #include <err.h>
-#ifdef ANDROID
-#include "android_dns.h"
-#endif
 #endif
 
 
@@ -47,10 +41,10 @@
 
 int dnsc_use_edns0 = 1;
 
-#define CHECKLEN(x) if (buflen < (x) + (unsigned)(p-buf))  return 0
+#define CHECKLEN(x) if (buflen - (p-buf) < (x))  return 0
 
-int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
-	       const char *data, size_t datalen)
+int
+dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr, char *data, size_t datalen)
 {
 	HEADER *header;
 	short name;
@@ -62,9 +56,9 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
 		return 0;
 
 	memset(buf, 0, buflen);
-
+	
 	header = (HEADER*)buf;
-
+	
 	header->id = htons(q->id);
 	header->qr = (qr == QR_ANSWER);
 	header->opcode = 0;
@@ -78,7 +72,7 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
 	switch (qr) {
 	case QR_ANSWER:
 		header->qdcount = htons(1);
-
+	
 		name = 0xc000 | ((p - buf) & 0x3fff);
 
 		/* Question section */
@@ -91,14 +85,13 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
 		/* Answer section */
 
 		if (q->type == T_CNAME || q->type == T_A) {
-			/* data is expected to be like
-			 * "Hblabla.host.name.com\0" */
+			/* data is expected to be like "Hblabla.host.name.com\0" */
 
 			char *startp;
 			int namelen;
 
 			CHECKLEN(10);
-			putshort(&p, name);
+			putshort(&p, name);	
 			if (q->type == T_A)
 				/* answer CNAME to A question */
 				putshort(&p, T_CNAME);
@@ -121,22 +114,22 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
 			   For SRV, see RFC2782.
 			 */
 
-			const char *mxdata = data;
+			char *mxdata = data;
 			char *startp;
 			int namelen;
 
 			ancnt = 1;
 			while (1) {
 				CHECKLEN(10);
-				putshort(&p, name);
+				putshort(&p, name);	
 				putshort(&p, q->type);
 				putshort(&p, C_IN);
-				putlong(&p, 0);	/* TTL */
+				putlong(&p, 0);		/* TTL */
 
 				startp = p;
-				p += 2; /* skip 2 bytes length */
+				p += 2;			/* skip 2 bytes length */
 				CHECKLEN(2);
-				putshort(&p, 10 * ancnt); /* preference */
+				putshort(&p, 10 * ancnt);	/* preference */
 
 				if (q->type == T_SRV) {
 					/* weight, port (5060 = SIP) */
@@ -163,13 +156,13 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
 			int txtlen;
 
 			CHECKLEN(10);
-			putshort(&p, name);
+			putshort(&p, name);	
 			putshort(&p, q->type);
 			putshort(&p, C_IN);
-			putlong(&p, 0); /* TTL */
+			putlong(&p, 0);		/* TTL */
 
 			startp = p;
-			p += 2; /* skip 2 bytes length */
+			p += 2;			/* skip 2 bytes length */
 			puttxtbin(&p, buflen - (p - buf), data, datalen);
 			CHECKLEN(0);
 			txtlen = p - startp;
@@ -178,11 +171,12 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
 			ancnt = 1;
 		} else {
 			/* NULL has raw binary data */
+
 			CHECKLEN(10);
-			putshort(&p, name);
+			putshort(&p, name);	
 			putshort(&p, q->type);
 			putshort(&p, C_IN);
-			putlong(&p, 0);	/* TTL */
+			putlong(&p, 0);		/* TTL */
 
 			datalen = MIN(datalen, buflen - (p - buf));
 			CHECKLEN(2);
@@ -198,7 +192,7 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
 		/* Note that iodined also uses this for forward queries */
 
 		header->qdcount = htons(1);
-
+	
 		datalen = MIN(datalen, buflen - (p - buf));
 		putname(&p, datalen, data);
 
@@ -210,140 +204,29 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
 		   (even CNAME/A/MX, 255+255+header would be >512) */
 		if (dnsc_use_edns0) {
 			header->arcount = htons(1);
-			CHECKLEN(11);
-			putbyte(&p, 0x00);    /* Root */
-			putshort(&p, 0x0029); /* OPT */
-			putshort(&p, 0x1000); /* Payload size: 4096 */
-			putshort(&p, 0x0000); /* Higher bits/edns version */
-			putshort(&p, 0x8000); /* Z */
-			putshort(&p, 0x0000); /* Data length */
+			/*XXX START adjust indent 1 tab forward*/
+		CHECKLEN(11);
+		putbyte(&p, 0x00);    /* Root */
+		putshort(&p, 0x0029); /* OPT */
+		putshort(&p, 0x1000); /* Payload size: 4096 */
+		putshort(&p, 0x0000); /* Higher bits/edns version */
+		putshort(&p, 0x8000); /* Z */
+		putshort(&p, 0x0000); /* Data length */
+			/*XXX END adjust indent 1 tab forward*/
 		}
 
 		break;
 	}
-
+	
 	len = p - buf;
 
 	return len;
 }
 
-/* Only used when iodined gets a AAAA type query */
-/* Mostly same as dns_encode_caa_response() below */
-int dns_encode_aaaa_response(char *buf, size_t buflen, struct query *q,
-			   char *topdomain)
-{
-	HEADER *header;
-	int len;
-	int domain_len;
-	char *p;
-
-	if (buflen < sizeof(HEADER))
-		return 0;
-
-	memset(buf, 0, buflen);
-
-	header = (HEADER*)buf;
-
-	header->id = htons(q->id);
-	header->qr = 1;
-	header->opcode = 0;
-	header->aa = 1;
-	header->tc = 0;
-	header->rd = 0;
-	header->ra = 0;
-
-	p = buf + sizeof(HEADER);
-
-	header->qdcount = htons(1);
-	header->ancount = htons(0);
-
-	domain_len = strlen(q->name) - strlen(topdomain);
-	if (domain_len < 0 || domain_len == 1)
-		return -1;
-	if (strcasecmp(q->name + domain_len, topdomain))
-		return -1;
-	if (domain_len >= 1 && q->name[domain_len - 1] != '.')
-		return -1;
-
-	/* Query section */
-	putname(&p, buflen - (p - buf), q->name);	/* Name */
-	CHECKLEN(4);
-	putshort(&p, q->type);			/* Type */
-	putshort(&p, C_IN);			/* Class */
-
-	len = p - buf;
-	return len;
-}
-/* Only used when iodined gets a CAA type query */
-/* Mostly same as dns_encode_ns_response() below */
-int dns_encode_caa_response(char *buf, size_t buflen, struct query *q,
-			   char *topdomain)
-{
-	HEADER *header;
-	int len;
-	short name;
-	int domain_len;
-	char *p;
-
-	if (buflen < sizeof(HEADER))
-		return 0;
-
-	memset(buf, 0, buflen);
-
-	header = (HEADER*)buf;
-
-	header->id = htons(q->id);
-	header->qr = 1;
-	header->opcode = 0;
-	header->aa = 1;
-	header->tc = 0;
-	header->rd = 0;
-	header->ra = 0;
-
-	p = buf + sizeof(HEADER);
-
-	header->qdcount = htons(1);
-	header->ancount = htons(1);
-
-	/* pointer to start of name */
-	name = 0xc000 | ((p - buf) & 0x3fff);
-
-	domain_len = strlen(q->name) - strlen(topdomain);
-	if (domain_len < 0 || domain_len == 1)
-		return -1;
-	if (strcasecmp(q->name + domain_len, topdomain))
-		return -1;
-	if (domain_len >= 1 && q->name[domain_len - 1] != '.')
-		return -1;
-
-	/* Query section */
-	putname(&p, buflen - (p - buf), q->name);	/* Name */
-	CHECKLEN(4);
-	putshort(&p, q->type);			/* Type */
-	putshort(&p, C_IN);			/* Class */
-
-	/* Answer section */
-	CHECKLEN(12);
-	putshort(&p, name);			/* Name */
-	putshort(&p, q->type);			/* Type */
-	putshort(&p, C_IN);			/* Class */
-	putlong(&p, 3600);			/* TTL */
-	putshort(&p, 22);			/* Data length */
-
-	/* caa record */
-	CHECKLEN(22);
-	memcpy(p, "\x00\x05\x69\x73\x73\x75\x65\x6c\x65\x74\x73\x65\x6e\x63\x72\x79\x70" \
-			"\x74\x2e\x6f\x72\x67", 22);
-	p += 22;
-
-	len = p - buf;
-	return len;
-}
-
+int
+dns_encode_ns_response(char *buf, size_t buflen, struct query *q, char *topdomain)
 /* Only used when iodined gets an NS type query */
 /* Mostly same as dns_encode_a_response() below */
-int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
-			   char *topdomain)
 {
 	HEADER *header;
 	int len;
@@ -358,9 +241,9 @@ int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
 		return 0;
 
 	memset(buf, 0, buflen);
-
+	
 	header = (HEADER*)buf;
-
+	
 	header->id = htons(q->id);
 	header->qr = 1;
 	header->opcode = 0;
@@ -373,6 +256,7 @@ int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
 
 	header->qdcount = htons(1);
 	header->ancount = htons(1);
+	header->arcount = htons(1);
 
 	/* pointer to start of name */
 	name = 0xc000 | ((p - buf) & 0x3fff);
@@ -411,56 +295,44 @@ int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
 	putbyte(&p, 's');
 	putshort(&p, topname);			/* Name Server */
 
-	/* Do we have an IPv4 address to send? */
-	if (q->destination.ss_family == AF_INET) {
-		struct sockaddr_in *dest = (struct sockaddr_in *) &q->destination;
+	/* Additional data (A-record of NS server) */
+	CHECKLEN(12);
+	putshort(&p, nsname);			/* Name Server */
+	putshort(&p, T_A);			/* Type */
+	putshort(&p, C_IN);			/* Class */
+	putlong(&p, 3600);			/* TTL */
+	putshort(&p, 4);			/* Data length */
 
-		/* One additional record coming */
-		header->arcount = htons(1);
-
-		/* Additional data (A-record of NS server) */
-		CHECKLEN(12);
-		putshort(&p, nsname);		/* Name Server */
-		putshort(&p, T_A);		/* Type */
-		putshort(&p, C_IN);		/* Class */
-		putlong(&p, 3600);		/* TTL */
-		putshort(&p, 4);		/* Data length */
-
-		/* ugly hack to output IP address */
-		ipp = (char *) &dest->sin_addr.s_addr;
-		CHECKLEN(4);
-		putbyte(&p, *(ipp++));
-		putbyte(&p, *(ipp++));
-		putbyte(&p, *(ipp++));
-		putbyte(&p, *ipp);
-	}
+	/* ugly hack to output IP address */
+	ipp = (char *) &q->destination;
+	CHECKLEN(4);
+	putbyte(&p, *(ipp++));
+	putbyte(&p, *(ipp++));
+	putbyte(&p, *(ipp++));
+	putbyte(&p, *ipp);
 
 	len = p - buf;
 	return len;
 }
 
-/* Only used when iodined gets an A type query for ns.topdomain or
- * www.topdomain . Mostly same as dns_encode_ns_response() above */
-int dns_encode_a_response(char *buf, size_t buflen, struct query *q)
+int
+dns_encode_a_response(char *buf, size_t buflen, struct query *q)
+/* Only used when iodined gets an A type query for ns.topdomain or www.topdomain */
+/* Mostly same as dns_encode_ns_response() above */
 {
-	struct sockaddr_in *dest = (struct sockaddr_in *) &q->destination;
 	HEADER *header;
 	int len;
 	short name;
 	char *ipp;
 	char *p;
 
-	/* Check if we have an IPv4 address to send */
-	if (q->destination.ss_family != AF_INET)
-		return -1;
-
 	if (buflen < sizeof(HEADER))
 		return 0;
 
 	memset(buf, 0, buflen);
-
+	
 	header = (HEADER*)buf;
-
+	
 	header->id = htons(q->id);
 	header->qr = 1;
 	header->opcode = 0;
@@ -478,21 +350,21 @@ int dns_encode_a_response(char *buf, size_t buflen, struct query *q)
 	name = 0xc000 | ((p - buf) & 0x3fff);
 
 	/* Query section */
-	putname(&p, buflen - (p - buf), q->name); /* Name */
+	putname(&p, buflen - (p - buf), q->name);	/* Name */
 	CHECKLEN(4);
-	putshort(&p, q->type);	/* Type */
-	putshort(&p, C_IN);	/* Class */
+	putshort(&p, q->type);			/* Type */
+	putshort(&p, C_IN);			/* Class */
 
 	/* Answer section */
 	CHECKLEN(12);
-	putshort(&p, name);	/* Name */
-	putshort(&p, q->type);	/* Type */
-	putshort(&p, C_IN);	/* Class */
-	putlong(&p, 3600);	/* TTL */
-	putshort(&p, 4);	/* Data length */
+	putshort(&p, name);			/* Name */
+	putshort(&p, q->type);			/* Type */
+	putshort(&p, C_IN);			/* Class */
+	putlong(&p, 3600);			/* TTL */
+	putshort(&p, 4);			/* Data length */
 
 	/* ugly hack to output IP address */
-	ipp = (char *) &dest->sin_addr.s_addr;
+	ipp = (char *) &q->destination;
 	CHECKLEN(4);
 	putbyte(&p, *(ipp++));
 	putbyte(&p, *(ipp++));
@@ -505,7 +377,8 @@ int dns_encode_a_response(char *buf, size_t buflen, struct query *q)
 
 #undef CHECKLEN
 
-unsigned short dns_get_id(char *packet, size_t packetlen)
+unsigned short
+dns_get_id(char *packet, size_t packetlen)
 {
 	HEADER *header;
 	header = (HEADER*)packet;
@@ -516,10 +389,10 @@ unsigned short dns_get_id(char *packet, size_t packetlen)
 	return ntohs(header->id);
 }
 
-#define CHECKLEN(x) if (packetlen < (x) + (unsigned)(data-packet))  return 0
+#define CHECKLEN(x) if (packetlen - (data-packet) < (x))  return 0
 
-int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
-	       size_t packetlen)
+int
+dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, size_t packetlen)
 {
 	char name[QUERY_NAME_SIZE];
 	char rdata[4*1024];
@@ -527,11 +400,11 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 	short qdcount;
 	short ancount;
 	uint32_t ttl;
-	unsigned short class;
-	unsigned short type;
+	short class;
+	short type;
 	char *data;
-	unsigned short rlen;
-	int id;
+	short rlen;
+	int id; 
 	int rv;
 
 	q->id2 = 0;
@@ -539,9 +412,9 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 	header = (HEADER*)packet;
 
 	/* Reject short packets */
-	if (packetlen < sizeof(HEADER))
+	if (packetlen < sizeof(HEADER)) 
 		return 0;
-
+	
 	if (header->qr != qr) {
 		warnx("header->qr does not match the requested qr");
 		return -1;
@@ -550,23 +423,23 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 	data = packet + sizeof(HEADER);
 	qdcount = ntohs(header->qdcount);
 	ancount = ntohs(header->ancount);
-
+	
 	id = ntohs(header->id);
 	id = id & 0xFFFF; /* Kill any sign extension */
-
+		
 	rlen = 0;
 
-	if (q != NULL)
+	if (q != NULL) 
 		q->rcode = header->rcode;
 
 	switch (qr) {
 	case QR_ANSWER:
-		if (qdcount < 1) {
+		if(qdcount < 1) {
 			/* We need a question */
 			return -1;
 		}
 
-		if (q != NULL)
+		if (q != NULL) 
 			q->id = id;
 
 		/* Read name even if no answer, to give better error message */
@@ -574,14 +447,14 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 		CHECKLEN(4);
 		readshort(packet, &data, &type);
 		readshort(packet, &data, &class);
-
+		
 		/* if CHECKLEN okay, then we're sure to have a proper name */
 		if (q != NULL) {
 			/* We only need the first char to check it */
 			q->name[0] = name[0];
 			q->name[1] = '\0';
-		}
-
+		} 
+		
 		if (ancount < 1) {
 			/* DNS errors like NXDOMAIN have ancount=0 and
 			   stop here. CNAME may also have A; MX/SRV may have
@@ -590,7 +463,7 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 		}
 
 		/* Here type is still the question type */
-		if (type == T_NULL || type == T_PRIVATE) {
+		if (type == T_NULL) {
 			/* Assume that first answer is what we wanted */
 			readname(packet, packetlen, &data, name, sizeof(name));
 			CHECKLEN(10);
@@ -617,27 +490,12 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 			readlong(packet, &data, &ttl);
 			readshort(packet, &data, &rlen);
 
-			if (type == T_CNAME) {
-				/* For tunnels, query type A has CNAME type answer */
-				memset(name, 0, sizeof(name));
-				readname(packet, packetlen, &data, name, sizeof(name) - 1);
-				name[sizeof(name)-1] = '\0';
-				strncpy(buf, name, buflen);
-				buf[buflen - 1] = '\0';
-				rv = strlen(buf);
-			}
-			if (type == T_A) {
-				/* Answer type A includes only 4 bytes.
-				   Not used for tunneling. */
-				rv = MIN(rlen, sizeof(rdata));
-				rv = readdata(packet, &data, rdata, rv);
-				if (rv >= 2 && buf) {
-					rv = MIN(rv, buflen);
-					memcpy(buf, rdata, rv);
-				} else {
-					rv = 0;
-				}
-			}
+			memset(name, 0, sizeof(name));
+			readname(packet, packetlen, &data, name, sizeof(name) - 1);
+			name[sizeof(name)-1] = '\0';
+			strncpy(buf, name, buflen);
+			buf[buflen - 1] = '\0';
+			rv = strlen(buf);
 		}
 		else if ((type == T_MX || type == T_SRV) && buf) {
 			/* We support 250 records, 250*(255+header) ~= 64kB.
@@ -647,13 +505,13 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 			 */
 			char names[250][QUERY_NAME_SIZE];
 			char *rdatastart;
-			unsigned short pref;
+			short pref;
 			int i;
 			int offset;
 
 			memset(names, 0, sizeof(names));
 
-			for (i = 0; i < ancount; i++) {
+			for (i=0; i < ancount; i++) {
 				readname(packet, packetlen, &data, name, sizeof(name));
 				CHECKLEN(12);
 				readshort(packet, &data, &type);
@@ -674,11 +532,10 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 					readname(packet, packetlen, &data,
 						 names[pref / 10 - 1],
 						 QUERY_NAME_SIZE - 1);
-					names[pref / 10 - 1]
-						[QUERY_NAME_SIZE-1] = '\0';
+					names[pref / 10 - 1][QUERY_NAME_SIZE-1] = '\0';
 				}
 
-				/* always trust rlen, not name encoding */
+				/* always trust rlen, not name encoding */ 
 				data = rdatastart + rlen;
 				CHECKLEN(0);
 			}
@@ -708,8 +565,7 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
 			readlong(packet, &data, &ttl);
 			readshort(packet, &data, &rlen);
 
-			rv = readtxtbin(packet, &data, rlen, rdata,
-				        sizeof(rdata));
+			rv = readtxtbin(packet, &data, rlen, rdata, sizeof(rdata));
 			if (rv >= 1) {
 				rv = MIN(rv, buflen);
 				memcpy(buf, rdata, rv);

src/dns.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -27,13 +26,8 @@ typedef enum {
 
 extern int dnsc_use_edns0;
 
-int dns_encode(char *, size_t, struct query *, qr_t, const char *, size_t);
-int dns_encode_aaaa_response(char *buf, size_t buflen, struct query *q,
-			   char *topdomain);
-int dns_encode_caa_response(char *buf, size_t buflen, struct query *q,
-			   char *topdomain);
-int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
-			   char *topdomain);
+int dns_encode(char *, size_t, struct query *, qr_t, char *, size_t);
+int dns_encode_ns_response(char *buf, size_t buflen, struct query *q, char *topdomain);
 int dns_encode_a_response(char *buf, size_t buflen, struct query *q);
 unsigned short dns_get_id(char *packet, size_t packetlen);
 int dns_decode(char *, size_t, struct query *, qr_t, char *, size_t);

src/encoding.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -19,24 +18,26 @@
 #include "common.h"
 #include "encoding.h"
 
-int build_hostname(char *buf, size_t buflen, const char *data,
-		   const size_t datalen, const char *topdomain,
-		   const struct encoder *encoder, int maxlen)
+int
+build_hostname(char *buf, size_t buflen, 
+		const char *data, const size_t datalen, 
+		const char *topdomain, struct encoder *encoder, int maxlen)
 {
+	int encsize;
 	size_t space;
 	char *b;
 
-	space = MIN((size_t)maxlen, buflen) - strlen(topdomain) - 8;
+	space = MIN(maxlen, buflen) - strlen(topdomain) - 8;
 	/* 8 = 5 max header length + 1 dot before topdomain + 2 safety */
 
-	if (!encoder->places_dots)
+	if (!encoder->places_dots())
 		space -= (space / 57); /* space for dots */
 
 	memset(buf, 0, buflen);
+	
+	encsize = encoder->encode(buf, &space, data, datalen);
 
-	encoder->encode(buf, &space, data, datalen);
-
-	if (!encoder->places_dots)
+	if (!encoder->places_dots())
 		inline_dotify(buf, buflen);
 
 	b = buf;
@@ -44,7 +45,7 @@ int build_hostname(char *buf, size_t buflen, const char *data,
 
 	/* move b back one step to see if the dot is there */
 	b--;
-	if (*b != '.')
+	if (*b != '.') 
 		*++b = '.';
 	b++;
 	/* move b ahead of the string so we can copy to it */
@@ -54,15 +55,16 @@ int build_hostname(char *buf, size_t buflen, const char *data,
 	return space;
 }
 
-int unpack_data(char *buf, size_t buflen, char *data, size_t datalen,
-		const struct encoder *enc)
+int
+unpack_data(char *buf, size_t buflen, char *data, size_t datalen, struct encoder *enc)
 {
-	if (!enc->eats_dots)
+	if (!enc->eats_dots())
 		datalen = inline_undotify(data, datalen);
 	return enc->decode(buf, &buflen, data, datalen);
 }
 
-int inline_dotify(char *buf, size_t buflen)
+int 
+inline_dotify(char *buf, size_t buflen)
 {
 	unsigned dots;
 	unsigned pos;
@@ -99,7 +101,8 @@ int inline_dotify(char *buf, size_t buflen)
 	return total;
 }
 
-int inline_undotify(char *buf, size_t len)
+int 
+inline_undotify(char *buf, size_t len)
 {
 	unsigned pos;
 	unsigned dots;
@@ -121,7 +124,7 @@ int inline_undotify(char *buf, size_t len)
 		*writer++ = *reader++;
 		pos++;
 	}
-
+	
 	/* return new length of string */
 	return len - dots;
 }

src/encoding.h

@@ -1,14 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman
- * 2006-2009 Bjorn Andersson
- * Copyright (c) 2017 Ralf Ramsauer
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Authors:
- *   Bjorn Andersson <flex@kryo.se>
- *   Erok Ekman <yarrick@kryo.se>,
- *   Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -24,42 +17,27 @@
 #ifndef _ENCODING_H_
 #define _ENCODING_H_
 
-#include <stdbool.h>
-
 /* All-0, all-1, 01010101, 10101010: each 4 times to make sure the pattern
    spreads across multiple encoded chars -> 16 bytes total.
    Followed by 32 bytes from my /dev/random; should be enough.
  */
-#define DOWNCODECCHECK1 \
-	"\000\000\000\000\377\377\377\377\125\125\125\125\252\252\252\252" \
-	"\201\143\310\322\307\174\262\027\137\117\316\311\111\055\122\041" \
-	"\141\251\161\040\045\263\006\163\346\330\104\060\171\120\127\277"
+#define DOWNCODECCHECK1      "\000\000\000\000\377\377\377\377\125\125\125\125\252\252\252\252\201\143\310\322\307\174\262\027\137\117\316\311\111\055\122\041\141\251\161\040\045\263\006\163\346\330\104\060\171\120\127\277"
 #define DOWNCODECCHECK1_LEN  48
 
 struct encoder {
-	const char name[8];
-	int (*encode)(char *dst, size_t *dstlen, const void *src, size_t srclen);
-	int (*decode)(void *dst, size_t *dstlen, const char *src, size_t srclen);
-
-	const bool places_dots;
-	const bool eats_dots;
-
-	const int blocksize_raw;
-	const int blocksize_encoded;
+	char name[8];
+	int (*encode) (char *, size_t *, const void *, size_t);
+	int (*decode) (void *, size_t *, const char *, size_t);
+	int (*places_dots) (void);
+	int (*eats_dots) (void);
+	int (*blocksize_raw)(void);
+	int (*blocksize_encoded)(void);
 };
 
-int build_hostname(char *, size_t, const char *, const size_t, const char *,
-		   const struct encoder *, int);
-int unpack_data(char *, size_t, char *, size_t, const struct encoder *);
+int build_hostname(char *, size_t, const char *, const size_t, const char *, struct encoder *, int);
+int unpack_data(char *, size_t, char *, size_t, struct encoder *);
 int inline_dotify(char *, size_t);
 int inline_undotify(char *, size_t);
 
-extern const struct encoder base32_ops;
-extern const struct encoder base64_ops;
-extern const struct encoder base64u_ops;
-extern const struct encoder base128_ops;
 
-int b32_5to8(int);
-int b32_8to5(int);
-
-#endif
+#endif /* _ENCODING_H_ */

src/fw_query.c

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2008-2014 Erik Ekman <yarrick@kryo.se>
+ * Copyright (c) 2008 Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -29,9 +29,9 @@ void fw_query_init()
 void fw_query_put(struct fw_query *fw_query)
 {
 	memcpy(&(fwq[fwq_ix]), fw_query, sizeof(struct fw_query));
-
+	
 	++fwq_ix;
-	if (fwq_ix >= FW_QUERY_CACHE_SIZE)
+	if (fwq_ix >= FW_QUERY_CACHE_SIZE) 
 		fwq_ix = 0;
 }
 

src/fw_query.h

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2008-2014 Erik Ekman <yarrick@kryo.se>
+ * Copyright (c) 2008 Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -28,12 +28,12 @@
 #define FW_QUERY_CACHE_SIZE 16
 
 struct fw_query {
-	struct sockaddr_storage addr;
+	struct sockaddr addr;
 	int addrlen;
 	unsigned short id;
 };
 
-void fw_query_init(void);
+void fw_query_init();
 void fw_query_put(struct fw_query *fw_query);
 void fw_query_get(unsigned short query_id, struct fw_query **fw_query);
 

src/iodine.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +14,6 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#include <stdbool.h>
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -34,7 +32,6 @@
 #else
 #include <grp.h>
 #include <pwd.h>
-#include <netdb.h>
 #endif
 
 #include "common.h"
@@ -49,83 +46,72 @@ WSADATA wsa_data;
 
 #if !defined(BSD) && !defined(__GLIBC__)
 static char *__progname;
-#else
-extern char *__progname;
 #endif
 
 #define PASSWORD_ENV_VAR "IODINE_PASS"
 
 static void
-sighandler(int sig)
+sighandler(int sig) 
 {
 	client_stop();
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-/* mark as no return to help some compilers to avoid warnings
- * about use of uninitialized variables */
-static inline void usage(void) __attribute__((noreturn));
-static inline void help(FILE * stream, bool verbose) __attribute__((noreturn));
-#endif
+static void
+usage() {
+	extern char *__progname;
 
-static void help(FILE *stream, bool verbose)
-{
-	fprintf(stream,
-		"iodine IP over DNS tunneling client\n\n"
-		"Usage: %s [-46fhrv] [-u user] [-t chrootdir] [-d device] [-P password]\n"
-		"              [-m maxfragsize] [-M maxlen] [-T type] [-O enc] [-L 0|1] [-I sec]\n"
-		"              [-z context] [-F pidfile] [nameserver] topdomain\n", __progname);
+	fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-r] [-u user] [-t chrootdir] [-d device] "
+			"[-P password] [-m maxfragsize] [-M maxlen] [-T type] [-O enc] [-L 0|1] [-I sec] "
+			"[-z context] [-F pidfile] [nameserver] topdomain\n", __progname);
+	exit(2);
+}
 
-	if (!verbose)
-		exit(2);
+static void
+help() {
+	extern char *__progname;
 
-	fprintf(stream,
-		"\nOptions to try if connection doesn't work:\n"
-		"  -4 to connect only to IPv4\n"
-		"  -6 to connect only to IPv6\n"
-		"  -T force dns type: NULL, PRIVATE, TXT, SRV, MX, CNAME, A (default: autodetect)\n"
-		"  -O force downstream encoding for -T other than NULL: Base32, Base64, Base64u,\n"
-		"     Base128, or (only for TXT:) Raw  (default: autodetect)\n"
-		"  -I max interval between requests (default 4 sec) to prevent DNS timeouts\n"
-		"  -L 1: use lazy mode for low-latency (default). 0: don't (implies -I1)\n"
-		"  -m max size of downstream fragments (default: autodetect)\n"
-		"  -M max size of upstream hostnames (~100-255, default: 255)\n"
-		"  -r to skip raw UDP mode attempt\n"
-		"  -P password used for authentication (max 32 chars will be used)\n\n"
-		"Other options:\n"
-		"  -v to print version info and exit\n"
-		"  -h to print this help and exit\n"
-		"  -f to keep running in foreground\n"
-		"  -u name to drop privileges and run as user 'name'\n"
-		"  -t dir to chroot to directory dir\n"
-		"  -d device to set tunnel device name\n"
-		"  -z context, to apply specified SELinux context after initialization\n"
-		"  -F pidfile to write pid to a file\n\n"
-		"nameserver is the IP number/hostname of the relaying nameserver. If absent,\n"
-		"           /etc/resolv.conf is used\n"
-		"topdomain is the FQDN that is delegated to the tunnel endpoint.\n");
+	fprintf(stderr, "iodine IP over DNS tunneling client\n");
+	fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-r] [-u user] [-t chrootdir] [-d device] "
+			"[-P password] [-m maxfragsize] [-M maxlen] [-T type] [-O enc] [-L 0|1] [-I sec] "
+			"[-z context] [-F pidfile] [nameserver] topdomain\n", __progname);
+	fprintf(stderr, "Options to try if connection doesn't work:\n");
+	fprintf(stderr, "  -T force dns type: NULL, TXT, SRV, MX, CNAME, A (default: autodetect)\n");
+	fprintf(stderr, "  -O force downstream encoding for -T other than NULL: Base32, Base64, Base64u,\n");
+	fprintf(stderr, "     Base128, or (only for TXT:) Raw  (default: autodetect)\n");
+	fprintf(stderr, "  -I max interval between requests (default 4 sec) to prevent DNS timeouts\n");
+	fprintf(stderr, "  -L 1: use lazy mode for low-latency (default). 0: don't (implies -I1)\n");
+	fprintf(stderr, "  -m max size of downstream fragments (default: autodetect)\n");
+	fprintf(stderr, "  -M max size of upstream hostnames (~100-255, default: 255)\n");
+	fprintf(stderr, "  -r to skip raw UDP mode attempt\n");
+	fprintf(stderr, "  -P password used for authentication (max 32 chars will be used)\n");
+	fprintf(stderr, "Other options:\n");
+	fprintf(stderr, "  -v to print version info and exit\n");
+	fprintf(stderr, "  -h to print this help and exit\n");
+	fprintf(stderr, "  -f to keep running in foreground\n");
+	fprintf(stderr, "  -u name to drop privileges and run as user 'name'\n");
+	fprintf(stderr, "  -t dir to chroot to directory dir\n");
+	fprintf(stderr, "  -d device to set tunnel device name\n");
+	fprintf(stderr, "  -z context, to apply specified SELinux context after initialization\n");
+	fprintf(stderr, "  -F pidfile to write pid to a file\n");
+	fprintf(stderr, "nameserver is the IP number/hostname of the relaying nameserver. if absent, /etc/resolv.conf is used\n");
+	fprintf(stderr, "topdomain is the FQDN that is delegated to the tunnel endpoint.\n");
 
 	exit(0);
 }
 
-static inline void usage(void)
-{
-	help(stderr, false);
-}
-
-static void version(void)
-{
-	fprintf(stderr, "iodine IP over DNS tunneling client\n"
-			"Git version: %s\n", GITREVISION);
+static void
+version() {
+	fprintf(stderr, "iodine IP over DNS tunneling client\n");
+	fprintf(stderr, "version: 0.6.0 from 2014-06-17\n");
 
 	exit(0);
 }
 
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
 {
-	char *nameserv_host;
+	char *nameserv_addr;
 	char *topdomain;
-	char *errormsg;
 #ifndef WINDOWS32
 	struct passwd *pw;
 #endif
@@ -146,16 +132,9 @@ int main(int argc, char **argv)
 	int lazymode;
 	int selecttimeout;
 	int hostname_maxlen;
-#ifdef OPENBSD
-	int rtable = 0;
-#endif
-	struct sockaddr_storage nameservaddr;
-	int nameservaddr_len;
-	int nameserv_family;
 
-	nameserv_host = NULL;
+	nameserv_addr = NULL;
 	topdomain = NULL;
-	errormsg = NULL;
 #ifndef WINDOWS32
 	pw = NULL;
 #endif
@@ -175,7 +154,6 @@ int main(int argc, char **argv)
 	lazymode = 1;
 	selecttimeout = 4;
 	hostname_maxlen = 0xFF;
-	nameserv_family = AF_UNSPEC;
 
 #ifdef WINDOWS32
 	WSAStartup(req_version, &wsa_data);
@@ -183,7 +161,7 @@ int main(int argc, char **argv)
 
 	srand((unsigned) time(NULL));
 	client_init();
-
+	
 #if !defined(BSD) && !defined(__GLIBC__)
 	__progname = strrchr(argv[0], '/');
 	if (__progname == NULL)
@@ -192,14 +170,8 @@ int main(int argc, char **argv)
 		__progname++;
 #endif
 
-	while ((choice = getopt(argc, argv, "46vfhru:t:d:R:P:m:M:F:T:O:L:I:")) != -1) {
+	while ((choice = getopt(argc, argv, "vfhru:t:d:P:m:M:F:T:O:L:I:")) != -1) {
 		switch(choice) {
-		case '4':
-			nameserv_family = AF_INET;
-			break;
-		case '6':
-			nameserv_family = AF_INET6;
-			break;
 		case 'v':
 			version();
 			/* NOTREACHED */
@@ -208,12 +180,11 @@ int main(int argc, char **argv)
 			foreground = 1;
 			break;
 		case 'h':
-			help(stdout, true);
+			help();
 			/* NOTREACHED */
 			break;
 		case 'r':
 			raw_mode = 0;
-			break;
 		case 'u':
 			username = optarg;
 			break;
@@ -223,17 +194,12 @@ int main(int argc, char **argv)
 		case 'd':
 			device = optarg;
 			break;
-#ifdef OPENBSD
-		case 'R':
-			rtable = atoi(optarg);
-			break;
-#endif
 		case 'P':
 			strncpy(password, optarg, sizeof(password));
 			password[sizeof(password)-1] = 0;
-
+			
 			/* XXX: find better way of cleaning up ps(1) */
-			memset(optarg, 0, strlen(optarg));
+			memset(optarg, 0, strlen(optarg)); 
 			break;
 		case 'm':
 			autodetect_frag_size = 0;
@@ -251,13 +217,12 @@ int main(int argc, char **argv)
 			break;
 		case 'F':
 			pidfile = optarg;
-			break;
+			break;    
 		case 'T':
-			if (client_set_qtype(optarg))
-				errx(5, "Invalid query type '%s'", optarg);
+			set_qtype(optarg);
 			break;
 		case 'O':       /* not -D, is Debug in server */
-			client_set_downenc(optarg);
+			set_downenc(optarg);
 			break;
 		case 'L':
 			lazymode = atoi(optarg);
@@ -278,19 +243,19 @@ int main(int argc, char **argv)
 			/* NOTREACHED */
 		}
 	}
-
-	check_superuser();
+	
+	check_superuser(usage);
 
 	argc -= optind;
 	argv += optind;
 
 	switch (argc) {
 	case 1:
-		nameserv_host = get_resolvconf_addr();
+		nameserv_addr = get_resolvconf_addr();
 		topdomain = strdup(argv[0]);
 		break;
 	case 2:
-		nameserv_host = argv[0];
+		nameserv_addr = argv[0];
 		topdomain = strdup(argv[1]);
 		break;
 	default:
@@ -304,21 +269,22 @@ int main(int argc, char **argv)
 		/* NOTREACHED */
 	}
 
-	if (nameserv_host) {
-		nameservaddr_len = get_addr(nameserv_host, DNS_PORT, nameserv_family, 0, &nameservaddr);
-		if (nameservaddr_len < 0) {
-			errx(1, "Cannot lookup nameserver '%s': %s ",
-				nameserv_host, gai_strerror(nameservaddr_len));
-		}
-		client_set_nameserver(&nameservaddr, nameservaddr_len);
+	if (nameserv_addr) {
+		client_set_nameserver(nameserv_addr, DNS_PORT);
 	} else {
 		warnx("No nameserver found - not connected to any network?\n");
 		usage();
 		/* NOTREACHED */
-	}
+	}	
 
-	if (check_topdomain(topdomain, 0, &errormsg)) {
-		warnx("Invalid topdomain: %s", errormsg);
+	if (strlen(topdomain) <= 128) {
+		if(check_topdomain(topdomain)) {
+			warnx("Topdomain contains invalid characters.\n");
+			usage();
+			/* NOTREACHED */
+		}
+	} else {
+		warnx("Use a topdomain max 128 chars long.\n");
 		usage();
 		/* NOTREACHED */
 	}
@@ -327,7 +293,7 @@ int main(int argc, char **argv)
 	client_set_lazymode(lazymode);
 	client_set_topdomain(topdomain);
 	client_set_hostname_maxlen(hostname_maxlen);
-
+	
 	if (username != NULL) {
 #ifndef WINDOWS32
 		if ((pw = getpwnam(username)) == NULL) {
@@ -337,55 +303,51 @@ int main(int argc, char **argv)
 		}
 #endif
 	}
-
+	
 	if (strlen(password) == 0) {
 		if (NULL != getenv(PASSWORD_ENV_VAR))
 			snprintf(password, sizeof(password), "%s", getenv(PASSWORD_ENV_VAR));
 		else
 			read_password(password, sizeof(password));
 	}
-
+	
 	client_set_password(password);
 
 	if ((tun_fd = open_tun(device)) == -1) {
 		retval = 1;
 		goto cleanup1;
 	}
-	if ((dns_fd = open_dns_from_host(NULL, 0, nameservaddr.ss_family, AI_PASSIVE)) < 0) {
+	if ((dns_fd = open_dns(0, INADDR_ANY)) == -1) {
 		retval = 1;
 		goto cleanup2;
 	}
-#ifdef OPENBSD
-	if (rtable > 0)
-		socket_setrtable(dns_fd, rtable);
-#endif
 
 	signal(SIGINT, sighandler);
 	signal(SIGTERM, sighandler);
 
 	fprintf(stderr, "Sending DNS queries for %s to %s\n",
-		topdomain, format_addr(&nameservaddr, nameservaddr_len));
+		topdomain, nameserv_addr);
 
 	if (client_handshake(dns_fd, raw_mode, autodetect_frag_size, max_downstream_frag_size)) {
 		retval = 1;
 		goto cleanup2;
 	}
-
+	
 	if (client_get_conn() == CONN_RAW_UDP) {
 		fprintf(stderr, "Sending raw traffic directly to %s\n", client_get_raw_addr());
 	}
 
 	fprintf(stderr, "Connection setup complete, transmitting data.\n");
 
-	if (foreground == 0)
+	if (foreground == 0) 
 		do_detach();
-
+	
 	if (pidfile != NULL)
 		do_pidfile(pidfile);
 
 	if (newroot != NULL)
 		do_chroot(newroot);
-
+	
 	if (username != NULL) {
 #ifndef WINDOWS32
 		gid_t gids[1];

src/login.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -21,18 +20,16 @@
 #ifdef WINDOWS32
 #include "windows.h"
 #else
-#include <netinet/in.h>
 #include <arpa/inet.h>
 #endif
 
-#include "login.h"
 #include "md5.h"
 
-/*
- * Needs a 16byte array for output, and 32 bytes password
+/* 
+ * Needs a 16byte array for output, and 32 bytes password 
  */
-void
-login_calculate(char *buf, int buflen, const char *pass, int seed)
+void 
+login_calculate(char *buf, int buflen, const char *pass, int seed) 
 {
 	unsigned char temp[32];
 	md5_state_t ctx;
@@ -40,7 +37,7 @@ login_calculate(char *buf, int buflen, const char *pass, int seed)
 	int i;
 	int k;
 
-	if (buflen < 16)
+	if (buflen < 16) 
 		return;
 
 	memcpy(temp, pass, 32);

src/login.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *

src/md5.c

@@ -157,18 +157,18 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 #endif
 #if BYTE_ORDER <= 0		/* little-endian */
 	{
-		/*
-		 * On little-endian machines, we can process properly aligned
-		 * data without copying it.
-		 */
-		if (!((data - (const md5_byte_t *)0) & 3)) {
-			/* data are properly aligned */
-			X = (const md5_word_t *)data;
-		} else {
-			/* not aligned */
-			memcpy(xbuf, data, 64);
-			X = xbuf;
-		}
+	    /*
+	     * On little-endian machines, we can process properly aligned
+	     * data without copying it.
+	     */
+	    if (!((data - (const md5_byte_t *)0) & 3)) {
+		/* data are properly aligned */
+		X = (const md5_word_t *)data;
+	    } else {
+		/* not aligned */
+		memcpy(xbuf, data, 64);
+		X = xbuf;
+	    }
 	}
 #endif
 #if BYTE_ORDER == 0
@@ -176,20 +176,20 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 #endif
 #if BYTE_ORDER >= 0		/* big-endian */
 	{
-		/*
-		 * On big-endian machines, we must arrange the bytes in the
-		 * right order.
-		 */
-		const md5_byte_t *xp = data;
-		int i;
+	    /*
+	     * On big-endian machines, we must arrange the bytes in the
+	     * right order.
+	     */
+	    const md5_byte_t *xp = data;
+	    int i;
 
 #  if BYTE_ORDER == 0
-		X = xbuf;		/* (dynamic only) */
+	    X = xbuf;		/* (dynamic only) */
 #  else
 #    define xbuf X		/* (static only) */
 #  endif
-		for (i = 0; i < 16; ++i, xp += 4)
-			xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
+	    for (i = 0; i < 16; ++i, xp += 4)
+		xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
 	}
 #endif
     }
@@ -342,7 +342,7 @@ md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes)
 
 	memcpy(pms->buf + offset, p, copy);
 	if (offset + copy < 64)
-		return;
+	    return;
 	p += copy;
 	left -= copy;
 	md5_process(pms, pms->buf);

src/md5.h

@@ -71,7 +71,7 @@ typedef struct md5_state_s {
 } md5_state_t;
 
 #ifdef __cplusplus
-extern "C"
+extern "C" 
 {
 #endif
 

src/osflags

@@ -1,7 +1,5 @@
 #!/bin/sh
 
-: "${PKG_CONFIG:=pkg-config}"
-
 case $2 in
 link)
 
@@ -19,34 +17,17 @@ link)
 			echo '-lws2_32 -liphlpapi';
 		;;
 		Linux)
-			FLAGS="";
-			[ -e /usr/include/selinux/selinux.h ] && FLAGS="$FLAGS -lselinux";
-			"$PKG_CONFIG" --exists libsystemd-daemon && FLAGS="$FLAGS $($PKG_CONFIG --libs libsystemd-daemon)";
-			"$PKG_CONFIG" --exists libsystemd && FLAGS="$FLAGS $($PKG_CONFIG --libs libsystemd)";
-			echo $FLAGS;
+			[ -e /usr/include/selinux/selinux.h ] && echo '-lselinux';
 		;;
 	esac
 	;;
 cflags)
 	case $1 in
-		windows32)
-			echo '-DWINVER=0x0501';
-		;;
 		BeOS)
 			echo '-Dsocklen_t=int';
 		;;
-		Darwin)
-			echo '-D__APPLE_USE_RFC_3542';
-		;;
 		Linux)
-			FLAGS="-D_GNU_SOURCE"
-			[ -e /usr/include/selinux/selinux.h ] && FLAGS="$FLAGS -DHAVE_SETCON";
-			"$PKG_CONFIG" --exists libsystemd-daemon && FLAGS="$FLAGS -DHAVE_SYSTEMD";
-			"$PKG_CONFIG" --exists libsystemd && FLAGS="$FLAGS -DHAVE_SYSTEMD";
-			echo $FLAGS;
-		;;
-		GNU/kFreeBSD|GNU)
-			echo '-D_GNU_SOURCE'
+			[ -e /usr/include/selinux/selinux.h ] && echo '-DHAVE_SETCON';
 		;;
 	esac
 ;;

src/read.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -19,8 +18,6 @@
 #include <stdint.h>
 #include <stdlib.h>
 
-#include "read.h"
-
 static int
 readname_loop(char *packet, int packetlen, char **src, char *dst, size_t length, size_t loop)
 {
@@ -41,7 +38,7 @@ readname_loop(char *packet, int packetlen, char **src, char *dst, size_t length,
 		c = *s++;
 
 		/* is this a compressed label? */
-		if ((c & 0xc0) == 0xc0) {
+		if((c & 0xc0) == 0xc0) {
 			offset = (((s[-1] & 0x3f) << 8) | (s[0] & 0xff));
 			if (offset > packetlen) {
 				if (len == 0) {
@@ -63,7 +60,7 @@ readname_loop(char *packet, int packetlen, char **src, char *dst, size_t length,
 
 			c--;
 		}
-
+		
 		if (len >= length - 1) {
 			break; /* We used up all space */
 		}
@@ -87,15 +84,15 @@ readname(char *packet, int packetlen, char **src, char *dst, size_t length)
 }
 
 int
-readshort(char *packet, char **src, unsigned short *dst)
+readshort(char *packet, char **src, short *dst)
 {
 	unsigned char *p;
 
 	p = (unsigned char *) *src;
 	*dst = (p[0] << 8) | p[1];
 
-	(*src) += sizeof(unsigned short);
-	return sizeof(unsigned short);
+	(*src) += sizeof(short);
+	return sizeof(short);
 }
 
 int
@@ -106,8 +103,8 @@ readlong(char *packet, char **src, uint32_t *dst)
 
 	p = (unsigned char *) *src;
 
-	*dst = ((uint32_t)p[0] << 24)
-		 | ((uint32_t)p[1] << 16)
+	*dst = ((uint32_t)p[0] << 24) 
+		 | ((uint32_t)p[1] << 16) 
 		 | ((uint32_t)p[2] << 8)
 		 | ((uint32_t)p[3]);
 
@@ -118,6 +115,9 @@ readlong(char *packet, char **src, uint32_t *dst)
 int
 readdata(char *packet, char **src, char *dst, size_t len)
 {
+	if (len < 0)
+		return 0;
+
 	memcpy(dst, *src, len);
 
 	(*src) += len;
@@ -165,7 +165,7 @@ putname(char **buf, size_t buflen, const char *host)
 	h = strdup(host);
 	left = buflen;
 	p = *buf;
-
+	
 	word = strtok(h, ".");
 	while(word) {
 		if (strlen(word) > 63 || strlen(word) > left) {
@@ -230,16 +230,19 @@ putlong(char **dst, uint32_t value)
 }
 
 int
-putdata(char **dst, const char *data, size_t len)
+putdata(char **dst, char *data, size_t len)
 {
-	memcpy(*dst, data, len);
+	if (len < 0)
+		return 0;
 
+	memcpy(*dst, data, len);
+	
 	(*dst) += len;
 	return len;
 }
 
 int
-puttxtbin(char **buf, size_t bufremain, const char *from, size_t fromremain)
+puttxtbin(char **buf, size_t bufremain, char *from, size_t fromremain)
 {
 	unsigned char uc;
 	unsigned char *ucp = &uc;

src/read.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -19,7 +18,7 @@
 #define _READ_H_
 
 int readname(char *, int, char **, char *, size_t);
-int readshort(char *, char **, unsigned short *);
+int readshort(char *, char **, short *);
 int readlong(char *, char **, uint32_t *);
 int readdata(char *, char **, char *, size_t);
 int readtxtbin(char *, char **, size_t, char *, size_t);
@@ -28,7 +27,7 @@ int putname(char **, size_t, const char *);
 int putbyte(char **, unsigned char);
 int putshort(char **, unsigned short);
 int putlong(char **, uint32_t);
-int putdata(char **, const char *, size_t);
-int puttxtbin(char **, size_t, const char *, size_t);
+int putdata(char **, char *, size_t);
+int puttxtbin(char **, size_t, char *, size_t);
 
 #endif

src/tun.c

@@ -1,9 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
- * 2013 Peter Sagerson <psagers.github@ignorare.net>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -26,29 +24,13 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
-#ifdef DARWIN
-#include <ctype.h>
-#include <sys/kern_control.h>
-#include <sys/sys_domain.h>
-#include <sys/ioctl.h>
-#include <net/if_utun.h>
-#include <netinet/ip.h>
-#endif
-
-#ifndef IFCONFIGPATH
-#define IFCONFIGPATH "PATH=/sbin:/bin "
-#endif
-
-#ifndef ROUTEPATH
-#define ROUTEPATH "PATH=/sbin:/bin "
-#endif
-
 #ifdef WINDOWS32
-#include "windows.h"
+#include <winsock2.h>
 #include <winioctl.h>
+#include "windows.h"
 
-static HANDLE dev_handle;
-static struct tun_data data;
+HANDLE dev_handle;
+struct tun_data data;
 
 static void get_name(char *ifname, int namelen, char *dev_name);
 
@@ -61,13 +43,12 @@ static void get_name(char *ifname, int namelen, char *dev_name);
 #define TAP_DEVICE_SPACE "\\\\.\\Global\\"
 #define TAP_VERSION_ID_0801 "tap0801"
 #define TAP_VERSION_ID_0901 "tap0901"
-#define TAP_VERSION_ID_0901_ROOT "root\\tap0901"
 #define KEY_COMPONENT_ID "ComponentId"
 #define NET_CFG_INST_ID "NetCfgInstanceId"
 #else
 #include <err.h>
-#include <netinet/in.h>
 #include <arpa/inet.h>
+#include <netinet/in.h>
 
 #define TUN_MAX_TRY 50
 #endif
@@ -75,34 +56,31 @@ static void get_name(char *ifname, int namelen, char *dev_name);
 #include "tun.h"
 #include "common.h"
 
-static char if_name[250];
+char if_name[250];
 
+#ifndef WINDOWS32
 #ifdef LINUX
 
 #include <sys/ioctl.h>
 #include <net/if.h>
 #include <linux/if_tun.h>
 
-int
-open_tun(const char *tun_device)
+int 
+open_tun(const char *tun_device) 
 {
 	int i;
 	int tun_fd;
 	struct ifreq ifreq;
-#ifdef ANDROID
-	char *tunnel = "/dev/tun";
-#else
 	char *tunnel = "/dev/net/tun";
-#endif
 
 	if ((tun_fd = open(tunnel, O_RDWR)) < 0) {
-		warn("open_tun: %s", tunnel);
+		warn("open_tun: %s: %s", tunnel, strerror(errno));
 		return -1;
 	}
 
 	memset(&ifreq, 0, sizeof(ifreq));
 
-	ifreq.ifr_flags = IFF_TUN;
+	ifreq.ifr_flags = IFF_TUN; 
 
 	if (tun_device != NULL) {
 		strncpy(ifreq.ifr_name, tun_device, IFNAMSIZ);
@@ -112,12 +90,11 @@ open_tun(const char *tun_device)
 
 		if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
 			fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
-			fd_set_close_on_exec(tun_fd);
 			return tun_fd;
 		}
 
 		if (errno != EBUSY) {
-			warn("open_tun: ioctl[TUNSETIFF]");
+			warn("open_tun: ioctl[TUNSETIFF]: %s", strerror(errno));
 			return -1;
 		}
 	} else {
@@ -127,12 +104,11 @@ open_tun(const char *tun_device)
 			if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
 				fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
 				snprintf(if_name, sizeof(if_name), "dns%d", i);
-				fd_set_close_on_exec(tun_fd);
 				return tun_fd;
 			}
 
 			if (errno != EBUSY) {
-				warn("open_tun: ioctl[TUNSETIFF]");
+				warn("open_tun: ioctl[TUNSETIFF]: %s", strerror(errno));
 				return -1;
 			}
 		}
@@ -143,8 +119,49 @@ open_tun(const char *tun_device)
 	return -1;
 }
 
-#elif WINDOWS32
+#else /* BSD */
 
+int 
+open_tun(const char *tun_device) 
+{
+	int i;
+	int tun_fd;
+	char tun_name[50];
+
+	if (tun_device != NULL) {
+		snprintf(tun_name, sizeof(tun_name), "/dev/%s", tun_device);
+		strncpy(if_name, tun_device, sizeof(if_name));
+		if_name[sizeof(if_name)-1] = '\0';
+
+		if ((tun_fd = open(tun_name, O_RDWR)) < 0) {
+			warn("open_tun: %s: %s", tun_name, strerror(errno));
+			return -1;
+		}
+
+		fprintf(stderr, "Opened %s\n", tun_name);
+		return tun_fd;
+	} else {
+		for (i = 0; i < TUN_MAX_TRY; i++) {
+			snprintf(tun_name, sizeof(tun_name), "/dev/tun%d", i);
+
+			if ((tun_fd = open(tun_name, O_RDWR)) >= 0) {
+				fprintf(stderr, "Opened %s\n", tun_name);
+				snprintf(if_name, sizeof(if_name), "tun%d", i);
+				return tun_fd;
+			}
+
+			if (errno == ENOENT)
+				break;
+		}
+
+		warn("open_tun: Failed to open tunneling device");
+	}
+
+	return -1;
+}
+
+#endif /* !LINUX */
+#else /* WINDOWS32 */
 static void
 get_device(char *device, int device_len, const char *wanted_dev)
 {
@@ -156,10 +173,10 @@ get_device(char *device, int device_len, const char *wanted_dev)
 	status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, TAP_ADAPTER_KEY, 0, KEY_READ, &adapter_key);
 
 	if (status != ERROR_SUCCESS) {
-		warnx("Error opening registry key " TAP_ADAPTER_KEY);
+		warnx("Error opening registry key " TAP_ADAPTER_KEY );
 		return;
 	}
-
+	
 	while (TRUE) {
 		char name[256];
 		char unit[256];
@@ -176,7 +193,7 @@ get_device(char *device, int device_len, const char *wanted_dev)
 		if (status == ERROR_NO_MORE_ITEMS) {
 			break;
 		} else if (status != ERROR_SUCCESS) {
-			warnx("Error enumerating subkeys of registry key " TAP_ADAPTER_KEY);
+			warnx("Error enumerating subkeys of registry key " TAP_ADAPTER_KEY );
 			break;
 		}
 
@@ -194,11 +211,10 @@ get_device(char *device, int device_len, const char *wanted_dev)
 			goto next;
 		}
 		if (strncmp(TAP_VERSION_ID_0801, component, strlen(TAP_VERSION_ID_0801)) == 0 ||
-			strncmp(TAP_VERSION_ID_0901, component, strlen(TAP_VERSION_ID_0901)) == 0 ||
-			strncmp(TAP_VERSION_ID_0901_ROOT, component, strlen(TAP_VERSION_ID_0901_ROOT)) == 0) {
+			strncmp(TAP_VERSION_ID_0901, component, strlen(TAP_VERSION_ID_0901)) == 0) {
 			/* We found a TAP32 device, get its NetCfgInstanceId */
 			char iid_string[256] = NET_CFG_INST_ID;
-
+			
 			status = RegQueryValueEx(device_key, iid_string, NULL, &datatype, (LPBYTE) device, (DWORD *) &device_len);
 			if (status != ERROR_SUCCESS || datatype != REG_SZ) {
 				warnx("Error reading registry key %s\\%s on TAP device", unit, iid_string);
@@ -264,7 +280,7 @@ DWORD WINAPI tun_reader(LPVOID arg)
 	OVERLAPPED olpd;
 	int sock;
 
-	sock = open_dns_from_host("127.0.0.1", 0, AF_INET, 0);
+	sock = open_dns(0, INADDR_ANY);
 
 	olpd.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
 
@@ -275,22 +291,21 @@ DWORD WINAPI tun_reader(LPVOID arg)
 		if (!res) {
 			WaitForSingleObject(olpd.hEvent, INFINITE);
 			res = GetOverlappedResult(dev_handle, &olpd, (LPDWORD) &len, FALSE);
-			res = sendto(sock, buf, len, 0, (struct sockaddr*) &(tun->addr),
-				tun->addrlen);
+			res = sendto(sock, buf, len, 0, (struct sockaddr*) &(tun->addr), 
+				sizeof(struct sockaddr_in));
 		}
 	}
 
 	return 0;
 }
 
-int
-open_tun(const char *tun_device)
+int 
+open_tun(const char *tun_device) 
 {
 	char adapter[256];
 	char tapfile[512];
 	int tunfd;
-	struct sockaddr_storage localsock;
-	int localsock_len;
+	in_addr_t local;
 
 	memset(adapter, 0, sizeof(adapter));
 	memset(if_name, 0, sizeof(if_name));
@@ -304,7 +319,7 @@ open_tun(const char *tun_device)
 		}
 		return -1;
 	}
-
+	
 	fprintf(stderr, "Opening device %s\n", if_name);
 	snprintf(tapfile, sizeof(tapfile), "%s%s.tap", TAP_DEVICE_SPACE, adapter);
 	dev_handle = CreateFile(tapfile, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, NULL);
@@ -315,286 +330,103 @@ open_tun(const char *tun_device)
 
 	/* Use a UDP connection to forward packets from tun,
 	 * so we can still use select() in main code.
-	 * A thread does blocking reads on tun device and
+	 * A thread does blocking reads on tun device and 
 	 * sends data as udp to this socket */
-
-	localsock_len = get_addr("127.0.0.1", 55353, AF_INET, 0, &localsock);
-	tunfd = open_dns(&localsock, localsock_len);
+	
+	local = htonl(0x7f000001); /* 127.0.0.1 */
+	tunfd = open_dns(55353, local);
 
 	data.tun = dev_handle;
-	memcpy(&(data.addr), &localsock, localsock_len);
-	data.addrlen = localsock_len;
+	memset(&(data.addr), 0, sizeof(data.addr));
+	data.addr.sin_family = AF_INET;
+	data.addr.sin_port = htons(55353);
+	data.addr.sin_addr.s_addr = local;
 	CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)tun_reader, &data, 0, NULL);
-
+	
 	return tunfd;
 }
+#endif 
 
-#else /* BSD and friends */
-
-#ifdef DARWIN
-
-/* Extract the device number from the name, if given. The value returned will
- * be suitable for sockaddr_ctl.sc_unit, which means 0 for auto-assign, or
- * (n + 1) for manual.
- */
-static int
-utun_unit(const char *dev)
-{
-	const char *unit_str = dev;
-	int unit = 0;
-
-	if (!dev)
-		return -1;
-
-	while (*unit_str != '\0' && !isdigit(*unit_str))
-		unit_str++;
-
-	if (isdigit(*unit_str))
-		unit = strtol(unit_str, NULL, 10) + 1;
-
-	return unit;
-}
-
-static int
-open_utun(const char *dev)
-{
-	struct sockaddr_ctl addr;
-	struct ctl_info info;
-	char ifname[10];
-	socklen_t ifname_len = sizeof(ifname);
-	int unit;
-	int fd = -1;
-	int err = 0;
-
-	fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
-	if (fd < 0) {
-		warn("open_utun: socket(PF_SYSTEM)");
-		return -1;
-	}
-
-	/* Look up the kernel controller ID for utun devices. */
-	bzero(&info, sizeof(info));
-	strncpy(info.ctl_name, UTUN_CONTROL_NAME, MAX_KCTL_NAME);
-
-	err = ioctl(fd, CTLIOCGINFO, &info);
-	if (err != 0) {
-		warn("open_utun: ioctl(CTLIOCGINFO)");
-		close(fd);
-		return -1;
-	}
-
-	/* Connecting to the socket creates the utun device. */
-	addr.sc_len = sizeof(addr);
-	addr.sc_family = AF_SYSTEM;
-	addr.ss_sysaddr = AF_SYS_CONTROL;
-	addr.sc_id = info.ctl_id;
-	unit = utun_unit(dev);
-	if (unit < 0) {
-		close(fd);
-		return -1;
-	}
-	addr.sc_unit = unit;
-
-	err = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
-	if (err != 0) {
-		warn("open_utun: connect");
-		close(fd);
-		return -1;
-	}
-
-	/* Retrieve the assigned interface name. */
-	err = getsockopt(fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, ifname, &ifname_len);
-	if (err != 0) {
-		warn("open_utun: getsockopt(UTUN_OPT_IFNAME)");
-		close(fd);
-		return -1;
-	}
-
-	strncpy(if_name, ifname, sizeof(if_name));
-
-	fprintf(stderr, "Opened %s\n", ifname);
-	fd_set_close_on_exec(fd);
-
-	return fd;
-}
-
-#endif
-
-int
-open_tun(const char *tun_device)
-{
-	int i;
-	int tun_fd;
-	char tun_name[50];
-
-	if (tun_device != NULL) {
-#ifdef DARWIN
-		if (!strncmp(tun_device, "utun", 4)) {
-			tun_fd = open_utun(tun_device);
-			if (tun_fd >= 0) {
-				return tun_fd;
-			}
-		}
-#endif
-
-		snprintf(tun_name, sizeof(tun_name), "/dev/%s", tun_device);
-		strncpy(if_name, tun_device, sizeof(if_name));
-		if_name[sizeof(if_name)-1] = '\0';
-
-		if ((tun_fd = open(tun_name, O_RDWR)) < 0) {
-			warn("open_tun: %s", tun_name);
-			return -1;
-		}
-
-		fprintf(stderr, "Opened %s\n", tun_name);
-		fd_set_close_on_exec(tun_fd);
-		return tun_fd;
-	} else {
-		for (i = 0; i < TUN_MAX_TRY; i++) {
-			snprintf(tun_name, sizeof(tun_name), "/dev/tun%d", i);
-
-			if ((tun_fd = open(tun_name, O_RDWR)) >= 0) {
-				fprintf(stderr, "Opened %s\n", tun_name);
-				snprintf(if_name, sizeof(if_name), "tun%d", i);
-				fd_set_close_on_exec(tun_fd);
-				return tun_fd;
-			}
-
-			if (errno == ENOENT)
-				break;
-		}
-
-#ifdef DARWIN
-		fprintf(stderr, "No tun devices found, trying utun\n");
-		for (i = 0; i < TUN_MAX_TRY; i++) {
-			snprintf(tun_name, sizeof(tun_name), "utun%d", i);
-			tun_fd = open_utun(tun_name);
-			if (tun_fd >= 0) {
-				return tun_fd;
-			}
-		}
-#endif
-
-		warn("open_tun: Failed to open tunneling device");
-	}
-
-	return -1;
-}
-
-#endif
-
-void
-close_tun(int tun_fd)
+void 
+close_tun(int tun_fd) 
 {
 	if (tun_fd >= 0)
 		close(tun_fd);
 }
 
-#ifdef WINDOWS32
-int
-write_tun(int tun_fd, char *data, size_t len)
+int 
+write_tun(int tun_fd, char *data, size_t len) 
 {
-	DWORD written;
-	DWORD res;
-	OVERLAPPED olpd;
-
+#if defined (FREEBSD) || defined (DARWIN) || defined(NETBSD) || defined(WINDOWS32)
 	data += 4;
 	len -= 4;
+#else /* !FREEBSD/DARWIN */
+#ifdef LINUX
+	data[0] = 0x00;
+	data[1] = 0x00;
+	data[2] = 0x08;
+	data[3] = 0x00;
+#else /* OPENBSD */
+	data[0] = 0x00;
+	data[1] = 0x00;
+	data[2] = 0x00;
+	data[3] = 0x02;
+#endif /* !LINUX */
+#endif /* FREEBSD */
 
-	olpd.Offset = 0;
-	olpd.OffsetHigh = 0;
-	olpd.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
-	res = WriteFile(dev_handle, data, len, &written, &olpd);
-	if (!res && GetLastError() == ERROR_IO_PENDING) {
-		WaitForSingleObject(olpd.hEvent, INFINITE);
-		res = GetOverlappedResult(dev_handle, &olpd, &written, FALSE);
-		if (written != len) {
-			return -1;
+#ifndef WINDOWS32
+	if (write(tun_fd, data, len) != len) {
+		warn("write_tun");
+		return 1;
+	}
+#else /* WINDOWS32 */
+	{
+		DWORD written;
+		DWORD res;
+		OVERLAPPED olpd;
+
+		olpd.Offset = 0;
+		olpd.OffsetHigh = 0;
+		olpd.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
+		res = WriteFile(dev_handle, data, len, &written, &olpd);
+		if (!res && GetLastError() == ERROR_IO_PENDING) {
+			WaitForSingleObject(olpd.hEvent, INFINITE);
+			res = GetOverlappedResult(dev_handle, &olpd, &written, FALSE);
+			if (written != len) {
+				return -1;
+			}
 		}
 	}
+#endif
 	return 0;
 }
 
 ssize_t
-read_tun(int tun_fd, char *buf, size_t len)
+read_tun(int tun_fd, char *buf, size_t len) 
 {
+#if defined (FREEBSD) || defined (DARWIN) || defined(NETBSD) || defined(WINDOWS32)
+	/* FreeBSD/Darwin/NetBSD has no header */
 	int bytes;
 	memset(buf, 0, 4);
-
+#ifdef WINDOWS32
+	/* Windows needs recv() since it is local UDP socket */
 	bytes = recv(tun_fd, buf + 4, len - 4, 0);
+#else
+	/* The other need read() because fd is not a socket */
+	bytes = read(tun_fd, buf + 4, len - 4);
+#endif /*WINDOWS32*/
 	if (bytes < 0) {
 		return bytes;
 	} else {
 		return bytes + 4;
 	}
-}
-#else
-static int
-tun_uses_header(void)
-{
-#if defined (FREEBSD) || defined (NETBSD)
-	/* FreeBSD/NetBSD has no header */
-	return 0;
-#elif defined (DARWIN)
-	/* Darwin tun has no header, Darwin utun does */
-	return !strncmp(if_name, "utun", 4);
-#else  /* LINUX/OPENBSD */
-	return 1;
-#endif
+#else /* !FREEBSD */
+	return read(tun_fd, buf, len);
+#endif /* !FREEBSD */
 }
 
 int
-write_tun(int tun_fd, char *data, size_t len)
-{
-	if (!tun_uses_header()) {
-		data += 4;
-		len -= 4;
-	} else {
-#ifdef LINUX
-		// Linux prefixes with 32 bits ethertype
-		// 0x0800 for IPv4, 0x86DD for IPv6
-		data[0] = 0x00;
-		data[1] = 0x00;
-		data[2] = 0x08;
-		data[3] = 0x00;
-#else /* OPENBSD and DARWIN(utun) */
-		// BSDs prefix with 32 bits address family
-		// AF_INET for IPv4, AF_INET6 for IPv6
-		data[0] = 0x00;
-		data[1] = 0x00;
-		data[2] = 0x00;
-		data[3] = 0x02;
-#endif
-	}
-
-	if (write(tun_fd, data, len) != len) {
-		warn("write_tun");
-		return 1;
-	}
-	return 0;
-}
-
-ssize_t
-read_tun(int tun_fd, char *buf, size_t len)
-{
-	if (!tun_uses_header()) {
-		int bytes;
-		memset(buf, 0, 4);
-
-		bytes = read(tun_fd, buf + 4, len - 4);
-		if (bytes < 0) {
-			return bytes;
-		} else {
-			return bytes + 4;
-		}
-	} else {
-		return read(tun_fd, buf, len);
-	}
-}
-#endif
-
-int
-tun_setip(const char *ip, const char *other_ip, int netbits)
+tun_setip(const char *ip, const char *remoteip, int netbits)
 {
 	char cmdline[512];
 	int netmask;
@@ -608,11 +440,6 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 	DWORD ipdata[3];
 	struct in_addr addr;
 	DWORD len;
-#else
-	const char *display_ip;
-#ifndef LINUX
-	struct in_addr netip;
-#endif
 #endif
 
 	netmask = 0;
@@ -627,32 +454,28 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 		return 1;
 	}
 #ifndef WINDOWS32
-# ifdef FREEBSD
-	display_ip = other_ip; /* FreeBSD wants other IP as second IP */
-# else
-	display_ip = ip;
-# endif
-	snprintf(cmdline, sizeof(cmdline),
-			IFCONFIGPATH "ifconfig %s %s %s netmask %s",
+	snprintf(cmdline, sizeof(cmdline), 
+			"/sbin/ifconfig %s %s %s netmask %s",
 			if_name,
 			ip,
-			display_ip,
+#ifdef FREEBSD
+			remoteip, /* FreeBSD wants other IP as second IP */
+#else
+			ip,
+#endif
 			inet_ntoa(net));
-
+	
 	fprintf(stderr, "Setting IP of %s to %s\n", if_name, ip);
 #ifndef LINUX
-	netip.s_addr = inet_addr(ip);
-	netip.s_addr = netip.s_addr & net.s_addr;
 	r = system(cmdline);
-	if (r != 0) {
+	if(r != 0) {
 		return r;
 	} else {
-
 		snprintf(cmdline, sizeof(cmdline),
-				ROUTEPATH "route add %s/%d %s",
-				inet_ntoa(netip), netbits, ip);
+				"/sbin/route add %s/%d %s",
+				ip, netbits, ip);
 	}
-	fprintf(stderr, "Adding route %s/%d to %s\n", inet_ntoa(netip), netbits, ip);
+	fprintf(stderr, "Adding route %s/%d to %s\n", ip, netbits, ip);
 #endif
 	return system(cmdline);
 #else /* WINDOWS32 */
@@ -660,13 +483,13 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 	/* Set device as connected */
 	fprintf(stderr, "Enabling interface '%s'\n", if_name);
 	status = 1;
-	r = DeviceIoControl(dev_handle, TAP_IOCTL_SET_MEDIA_STATUS, &status,
+	r = DeviceIoControl(dev_handle, TAP_IOCTL_SET_MEDIA_STATUS, &status, 
 		sizeof(status), &status, sizeof(status), &len, NULL);
 	if (!r) {
 		fprintf(stderr, "Failed to enable interface\n");
 		return -1;
 	}
-
+	
 	if (inet_aton(ip, &addr)) {
 		ipdata[0] = (DWORD) addr.s_addr;   /* local ip addr */
 		ipdata[1] = net.s_addr & ipdata[0]; /* network addr */
@@ -676,7 +499,7 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 	}
 
 	/* Tell ip/networkaddr/netmask to device for arp use */
-	r = DeviceIoControl(dev_handle, TAP_IOCTL_CONFIG_TUN, &ipdata,
+	r = DeviceIoControl(dev_handle, TAP_IOCTL_CONFIG_TUN, &ipdata, 
 		sizeof(ipdata), &ipdata, sizeof(ipdata), &len, NULL);
 	if (!r) {
 		fprintf(stderr, "Failed to set interface in TUN mode\n");
@@ -691,18 +514,18 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 #endif
 }
 
-int
+int 
 tun_setmtu(const unsigned mtu)
 {
 #ifndef WINDOWS32
 	char cmdline[512];
 
 	if (mtu > 200 && mtu <= 1500) {
-		snprintf(cmdline, sizeof(cmdline),
-				IFCONFIGPATH "ifconfig %s mtu %u",
+		snprintf(cmdline, sizeof(cmdline), 
+				"/sbin/ifconfig %s mtu %u",
 				if_name,
 				mtu);
-
+		
 		fprintf(stderr, "Setting MTU of %s to %u\n", if_name, mtu);
 		return system(cmdline);
 	} else {

src/tun.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *

src/user.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -34,14 +33,15 @@
 #include "encoding.h"
 #include "user.h"
 
-struct tun_user *users;
-unsigned usercount;
+struct user users[USERS];
 
-int init_users(in_addr_t my_ip, int netbits)
+int
+init_users(in_addr_t my_ip, int netbits)
 {
 	int i;
 	int skip = 0;
-	char newip[32];
+	char newip[16];
+	int created_users = 0;
 
 	int maxusers;
 
@@ -57,10 +57,9 @@ int init_users(in_addr_t my_ip, int netbits)
 	ipstart.s_addr = my_ip & net.s_addr;
 
 	maxusers = (1 << (32-netbits)) - 3; /* 3: Net addr, broadcast addr, iodined addr */
-	usercount = MIN(maxusers, USERS);
-
-	users = calloc(usercount, sizeof(struct tun_user));
-	for (i = 0; i < usercount; i++) {
+	
+	memset(users, 0, USERS * sizeof(struct user));
+	for (i = 0; i < USERS; i++) {
 		in_addr_t ip;
 		users[i].id = i;
 		snprintf(newip, sizeof(newip), "0.0.0.%d", i + skip + 1);
@@ -73,31 +72,55 @@ int init_users(in_addr_t my_ip, int netbits)
 		}
 		users[i].tun_ip = ip;
 		net.s_addr = ip;
-		users[i].disabled = 0;
+		if (maxusers--  < 1) {
+			users[i].disabled = 1;
+		} else {
+			users[i].disabled = 0;
+			created_users++;
+		}
 		users[i].authenticated = 0;
 		users[i].authenticated_raw = 0;
-		users[i].options_locked = 0;
 		users[i].active = 0;
  		/* Rest is reset on login ('V' packet) */
 	}
 
-	return usercount;
+	return created_users;
 }
 
-const char *users_get_first_ip(void)
+const char*
+users_get_first_ip()
 {
 	struct in_addr ip;
 	ip.s_addr = users[0].tun_ip;
-	return strdup(inet_ntoa(ip));
+	return inet_ntoa(ip);
 }
 
-int find_user_by_ip(uint32_t ip)
+int
+users_waiting_on_reply()
+{
+	int ret;
+	int i;
+
+	ret = 0;
+	for (i = 0; i < USERS; i++) {
+		if (users[i].active && !users[i].disabled && 
+			users[i].last_pkt + 60 > time(NULL) &&
+			users[i].q.id != 0 && users[i].conn == CONN_DNS_NULL) {
+			ret++;
+		}
+	}
+	
+	return ret;
+}
+
+int
+find_user_by_ip(uint32_t ip)
 {
 	int ret;
 	int i;
 
 	ret = -1;
-	for (i = 0; i < usercount; i++) {
+	for (i = 0; i < USERS; i++) {
 		if (users[i].active &&
 			users[i].authenticated &&
 			!users[i].disabled &&
@@ -110,12 +133,13 @@ int find_user_by_ip(uint32_t ip)
 	return ret;
 }
 
+int
+all_users_waiting_to_send()
 /* If this returns true, then reading from tun device is blocked.
    So only return true when all clients have at least one packet in
    the outpacket-queue, so that sending back-to-back is possible
    without going through another select loop.
 */
-int all_users_waiting_to_send(void)
 {
 	time_t now;
 	int ret;
@@ -123,11 +147,11 @@ int all_users_waiting_to_send(void)
 
 	ret = 1;
 	now = time(NULL);
-	for (i = 0; i < usercount; i++) {
+	for (i = 0; i < USERS; i++) {
 		if (users[i].active && !users[i].disabled &&
 			users[i].last_pkt + 60 > now &&
-			((users[i].conn == CONN_RAW_UDP) ||
-			((users[i].conn == CONN_DNS_NULL)
+			((users[i].conn == CONN_RAW_UDP) || 
+			((users[i].conn == CONN_DNS_NULL) 
 #ifdef OUTPACKETQ_LEN
 				&& users[i].outpacketq_filled < 1
 #else
@@ -142,17 +166,17 @@ int all_users_waiting_to_send(void)
 	return ret;
 }
 
-int find_available_user(void)
+int
+find_available_user()
 {
 	int ret = -1;
 	int i;
-	for (i = 0; i < usercount; i++) {
+	for (i = 0; i < USERS; i++) {
 		/* Not used at all or not used in one minute */
 		if ((!users[i].active || users[i].last_pkt + 60 < time(NULL)) && !users[i].disabled) {
 			users[i].active = 1;
 			users[i].authenticated = 0;
 			users[i].authenticated_raw = 0;
-			users[i].options_locked = 0;
 			users[i].last_pkt = time(NULL);
 			users[i].fragsize = 4096;
 			users[i].conn = CONN_DNS_NULL;
@@ -163,22 +187,24 @@ int find_available_user(void)
 	return ret;
 }
 
-void user_switch_codec(int userid, const struct encoder *enc)
+void
+user_switch_codec(int userid, struct encoder *enc)
 {
-	if (userid < 0 || userid >= usercount)
+	if (userid < 0 || userid >= USERS)
 		return;
-
+	
 	users[userid].encoder = enc;
 }
 
-void user_set_conn_type(int userid, enum connection c)
+void
+user_set_conn_type(int userid, enum connection c)
 {
-	if (userid < 0 || userid >= usercount)
+	if (userid < 0 || userid >= USERS)
 		return;
 
-	if (c < CONN_RAW_UDP || c >= CONN_MAX)
+	if (c < 0 || c >= CONN_MAX)
 		return;
-
+	
 	users[userid].conn = c;
 }
-
+	

src/user.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -34,25 +33,23 @@
 #define QMEMDATA_LEN 15
 /* Max advisable: 36/2 = 18. Total mem usage: QMEMDATA_LEN * USERS * 6 bytes */
 
-struct tun_user {
+struct user {
 	char id;
 	int active;
 	int authenticated;
 	int authenticated_raw;
-	int options_locked;
 	int disabled;
 	time_t last_pkt;
 	int seed;
 	in_addr_t tun_ip;
-	struct sockaddr_storage host;
-	socklen_t hostlen;
+	struct in_addr host;
 	struct query q;
 	struct query q_sendrealsoon;
 	int q_sendrealsoon_new;
 	struct packet inpacket;
 	struct packet outpacket;
 	int outfragresent;
-	const struct encoder *encoder;
+	struct encoder *encoder;
 	char downenc;
 	int out_acked_seqno;
 	int out_acked_fragment;
@@ -78,14 +75,15 @@ struct tun_user {
 #endif
 };
 
-extern struct tun_user *users;
+extern struct user users[USERS];
 
 int init_users(in_addr_t, int);
-const char* users_get_first_ip(void);
+const char* users_get_first_ip();
+int users_waiting_on_reply();
 int find_user_by_ip(uint32_t);
-int all_users_waiting_to_send(void);
-int find_available_user(void);
-void user_switch_codec(int userid, const struct encoder *enc);
+int all_users_waiting_to_send();
+int find_available_user();
+void user_switch_codec(int userid, struct encoder *enc);
 void user_set_conn_type(int userid, enum connection c);
 
 #endif

src/util.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -17,28 +16,21 @@
 
 #include <stdio.h>
 #include "common.h"
-#include "util.h"
 
-char *get_resolvconf_addr(void)
+char *
+get_resolvconf_addr()
 {
 	static char addr[16];
-	char *rv = NULL;
+	char *rv;
 #ifndef WINDOWS32
 	char buf[80];
 	FILE *fp;
-#ifdef ANDROID
-	fp = popen("getprop net.dns1", "r");
-	if (fp == NULL)
-		err(1, "getprop net.dns1 failed");
-	if (fgets(buf, sizeof(buf), fp) == NULL)
-		err(1, "read getprop net.dns1 failed");
-	if (sscanf(buf, "%15s", addr) == 1)
-		rv = addr;
-	pclose(fp);
-#else
-	if ((fp = fopen("/etc/resolv.conf", "r")) == NULL)
-		err(1, "/etc/resolv.conf");
+	
+	rv = NULL;
 
+	if ((fp = fopen("/etc/resolv.conf", "r")) == NULL) 
+		err(1, "/etc/resolv.conf");
+	
 	while (feof(fp) == 0) {
 		fgets(buf, sizeof(buf), fp);
 
@@ -47,14 +39,14 @@ char *get_resolvconf_addr(void)
 			break;
 		}
 	}
-
+	
 	fclose(fp);
-#endif
 #else /* !WINDOWS32 */
 	FIXED_INFO  *fixed_info;
 	ULONG       buflen;
 	DWORD       ret;
 
+	rv = NULL;
 	fixed_info = malloc(sizeof(FIXED_INFO));
 	buflen = sizeof(FIXED_INFO);
 
@@ -75,15 +67,3 @@ char *get_resolvconf_addr(void)
 	return rv;
 }
 
-#ifdef OPENBSD
-void
-socket_setrtable(int fd, int rtable)
-{
-#ifdef SO_RTABLE
-	if (setsockopt (fd, IPPROTO_IP, SO_RTABLE, &rtable, sizeof(rtable)) == -1)
-		err(1, "Failed to set routing table %d", rtable);
-#else
-	fprintf(stderr, "Routing domain support was not available at compile time.\n");
-#endif
-}
-#endif

src/util.h

@@ -1,24 +1,6 @@
-/*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
 #ifndef __UTIL_H__
 #define __UTIL_H__
 
-char *get_resolvconf_addr(void);
-void socket_setrtable(int fd, int rtable);
+char *get_resolvconf_addr();
 
 #endif

src/version.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -20,7 +19,7 @@
 
 /* This is the version of the network protocol
    It is usually equal to the latest iodine version number */
-#define PROTOCOL_VERSION 0x00000502
+#define VERSION 0x00000502
 
 #endif /* _VERSION_H_ */
 

src/windows.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -20,9 +19,9 @@
 
 typedef unsigned int in_addr_t;
 
-#include <winsock2.h>
 #include <windows.h>
 #include <windns.h>
+#include <winsock2.h>
 #include <ws2tcpip.h>
 #include <iphlpapi.h>
 
@@ -53,52 +52,49 @@ typedef unsigned int in_addr_t;
 #define sleep(seconds) Sleep((seconds)*1000)
 
 typedef struct {
-	unsigned id :16;	/* query identification number */
-				/* fields in third byte */
-	unsigned rd :1;		/* recursion desired */
-	unsigned tc :1;		/* truncated message */
-	unsigned aa :1;		/* authoritive answer */
-	unsigned opcode :4;	/* purpose of message */
-	unsigned qr :1;		/* response flag */
-				/* fields in fourth byte */
-	unsigned rcode :4;	/* response code */
-	unsigned cd: 1;		/* checking disabled by resolver */
-	unsigned ad: 1;		/* authentic data from named */
-	unsigned unused :1;	/* unused bits (MBZ as of 4.9.3a3) */
-	unsigned ra :1;		/* recursion available */
-				/* remaining bytes */
-	unsigned qdcount :16;	/* number of question entries */
-	unsigned ancount :16;	/* number of answer entries */
-	unsigned nscount :16;	/* number of authority entries */
-	unsigned arcount :16;	/* number of resource entries */
+        unsigned        id :16;         /* query identification number */
+                        /* fields in third byte */
+        unsigned        rd :1;          /* recursion desired */
+        unsigned        tc :1;          /* truncated message */
+        unsigned        aa :1;          /* authoritive answer */
+        unsigned        opcode :4;      /* purpose of message */
+        unsigned        qr :1;          /* response flag */
+                        /* fields in fourth byte */
+        unsigned        rcode :4;       /* response code */
+        unsigned        cd: 1;          /* checking disabled by resolver */
+        unsigned        ad: 1;          /* authentic data from named */
+        unsigned        unused :1;      /* unused bits (MBZ as of 4.9.3a3) */
+        unsigned        ra :1;          /* recursion available */
+                        /* remaining bytes */
+        unsigned        qdcount :16;    /* number of question entries */
+        unsigned        ancount :16;    /* number of answer entries */
+        unsigned        nscount :16;    /* number of authority entries */
+        unsigned        arcount :16;    /* number of resource entries */
 } HEADER;
 
-struct ip {
-	unsigned int ip_hl:4;	/* header length */
-	unsigned int ip_v:4;	/* version */
-	u_char ip_tos;		/* type of service */
-	u_short ip_len;		/* total length */
-	u_short ip_id;		/* identification */
-	u_short ip_off;		/* fragment offset field */
-#define IP_RF 0x8000		/* reserved fragment flag */
-#define IP_DF 0x4000		/* dont fragment flag */
-#define IP_MF 0x2000		/* more fragments flag */
-#define IP_OFFMASK 0x1fff	/* mask for fragmenting bits */
-	u_char ip_ttl;		/* time to live */
-	u_char ip_p;		/* protocol */
-	u_short ip_sum;		/* checksum */
-	struct in_addr ip_src, ip_dst; /* source and dest address */
-};
+struct ip
+  {
+    unsigned int ip_hl:4;               /* header length */
+    unsigned int ip_v:4;                /* version */
+    u_char ip_tos;                      /* type of service */
+    u_short ip_len;                     /* total length */
+    u_short ip_id;                      /* identification */
+    u_short ip_off;                     /* fragment offset field */
+#define IP_RF 0x8000                    /* reserved fragment flag */
+#define IP_DF 0x4000                    /* dont fragment flag */
+#define IP_MF 0x2000                    /* more fragments flag */
+#define IP_OFFMASK 0x1fff               /* mask for fragmenting bits */
+    u_char ip_ttl;                      /* time to live */
+    u_char ip_p;                        /* protocol */
+    u_short ip_sum;                     /* checksum */
+    struct in_addr ip_src, ip_dst;      /* source and dest address */
+  };
 
 DWORD WINAPI tun_reader(LPVOID arg);
 struct tun_data {
 	HANDLE tun;
 	int sock;
-	struct sockaddr_storage addr;
-	int addrlen;
+	struct sockaddr_in addr;
 };
 
-/* No-op for now. */
-#define syslog(...)
-
 #endif

tests/Makefile

@@ -1,24 +1,26 @@
+CC = gcc
 TEST = test
-OBJS = test.o base32.o base64.o common.o read.o dns.o encoding.o login.o user.o fw_query.o
-SRCOBJS = ../src/base32.o  ../src/base64.o ../src/common.o ../src/read.o ../src/dns.o ../src/encoding.o ../src/login.o ../src/md5.o ../src/user.o ../src/fw_query.o
+OBJS = test.o base32.o base64.o read.o dns.o encoding.o login.o user.o fw_query.o
+SRCOBJS = ../src/base32.o  ../src/base64.o ../src/read.o ../src/dns.o ../src/encoding.o ../src/login.o ../src/md5.o ../src/user.o ../src/fw_query.o
 
 OS = `uname | tr "a-z" "A-Z"`
 
 CHECK_PATH = /usr/local
-LDFLAGS = -L$(CHECK_PATH)/lib `pkg-config check --libs` -lpthread `sh ../src/osflags $(TARGETOS) link`
-CFLAGS = -std=c99 -g -Wall -D$(OS) `pkg-config check --cflags` -I../src -I$(CHECK_PATH)/include -pedantic `sh ../src/osflags $(TARGETOS) cflags`
+LDFLAGS = -L$(CHECK_PATH)/lib -lcheck `../src/osflags link`
+CFLAGS = -g -Wall -D$(OS) -I../src -I$(CHECK_PATH)/include -pedantic `../src/osflags cflags`
 
 all: $(TEST)
 	@LD_LIBRARY_PATH=${CHECK_PATH}/lib ./$(TEST)
 
 $(TEST): $(OBJS) $(SRCOBJS)
 	@echo LD $(TEST)
-	@$(CC) -o $@ $(SRCOBJS) $(OBJS) $(LDFLAGS)
+	@$(CC) -o $@ $(SRCOBJS) $(OBJS) $(LDFLAGS) 
 
-.c.o:
+.c.o: 
 	@echo CC $<
 	@$(CC) $(CFLAGS) -c $<
 
+
 clean:
 	@echo "Cleaning tests/"
 	@rm -f *~ *.core $(TEST) $(OBJS)

tests/base32.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -22,6 +21,7 @@
 #include <errno.h>
 
 #include "encoding.h"
+#include "base32.h"
 #include "test.h"
 
 #define TUPLES 5
@@ -42,14 +42,16 @@ START_TEST(test_base32_encode)
 {
 	size_t len;
 	char buf[4096];
+	struct encoder *b32;
 	int val;
 
+	b32 = get_base32_encoder();
 
 	len = sizeof(buf);
-	val = base32_ops.encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
+	val = b32->encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
 
-	ck_assert(val == strlen(testpairs[_i].b));
-	ck_assert_str_eq(buf, testpairs[_i].b);
+	fail_unless(strcmp(buf, testpairs[_i].b) == 0,
+			"'%s' != '%s'", buf, testpairs[_i].b);
 }
 END_TEST
 
@@ -57,13 +59,17 @@ START_TEST(test_base32_decode)
 {
 	size_t len;
 	char buf[4096];
+	struct encoder *b32;
 	int val;
+	
+	b32 = get_base32_encoder();
 
 	len = sizeof(buf);
-	val = base32_ops.decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
+	val = b32->decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
 
-	ck_assert(val == strlen(testpairs[_i].a));
-	ck_assert_str_eq(buf, testpairs[_i].a);
+	fail_unless(buf != NULL, "buf == NULL");
+	fail_unless(strcmp(buf, testpairs[_i].a) == 0,
+			"'%s' != '%s'", buf, testpairs[_i].a);
 }
 END_TEST
 
@@ -73,8 +79,8 @@ START_TEST(test_base32_5to8_8to5)
 	int c;
 
 	for (i = 0; i < 32; i++) {
-		c = b32_5to8(i);
-		ck_assert(b32_8to5(c) == i);
+		c = b32_5to8(i);	
+		fail_unless(b32_8to5(c) == i);
 	}
 }
 END_TEST
@@ -85,11 +91,14 @@ START_TEST(test_base32_blksize)
 	size_t enclen;
 	char *rawbuf;
 	char *encbuf;
+	struct encoder *b32;
 	int i;
 	int val;
 
-	rawlen = base32_ops.blocksize_raw;
-	enclen = base32_ops.blocksize_encoded;
+	b32 = get_base32_encoder();
+
+	rawlen = b32->blocksize_raw();
+	enclen = b32->blocksize_encoded();
 
 	rawbuf = malloc(rawlen + 16);
 	encbuf = malloc(enclen + 16);
@@ -99,21 +108,21 @@ START_TEST(test_base32_blksize)
 	}
 	rawbuf[i] = 0;
 
-	val = base32_ops.encode(encbuf, &enclen, rawbuf, rawlen);
+	val = b32->encode(encbuf, &enclen, rawbuf, rawlen);
 
-	ck_assert_msg(rawlen == 5, "raw length was %zu not 5", rawlen);
-	ck_assert_msg(enclen == 5, "encoded %zu bytes, not 5", enclen);
-	ck_assert_msg(val == 8, "encoded string %s was length %d", encbuf, val);
+	fail_unless(rawlen == 5, "raw length was %d not 5", rawlen);
+	fail_unless(enclen == 5, "encoded %d bytes, not 5", enclen);
+	fail_unless(val == 8, "encoded string %s was length %d", encbuf, val);
 
 	memset(rawbuf, 0, rawlen + 16);
 
 	enclen = val;
-	val = base32_ops.decode(rawbuf, &rawlen, encbuf, enclen);
+	val = b32->decode(rawbuf, &rawlen, encbuf, enclen);
 
-	ck_assert_msg(rawlen == 5, "raw length was %zu not 5", rawlen);
-	ck_assert_msg(val == 5, "val was not 5 but %d", val);
+	fail_unless(rawlen == 5, "raw length was %d not 5", rawlen);
+	fail_unless(val == 5, "val was not 5 but %d", val);
 	for (i = 0; i < rawlen; i++) {
-		ck_assert(rawbuf[i] == 'A');
+		fail_unless(rawbuf[i] == 'A');
 	}
 }
 END_TEST

tests/base64.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -22,6 +21,7 @@
 #include <errno.h>
 
 #include "encoding.h"
+#include "base64.h"
 #include "test.h"
 
 #define TUPLES 5
@@ -68,13 +68,16 @@ START_TEST(test_base64_encode)
 {
 	size_t len;
 	char buf[4096];
+	struct encoder *b64;
 	int val;
 
-	len = sizeof(buf);
-	val = base64_ops.encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
+	b64 = get_base64_encoder();
 
-	ck_assert(val == strlen(testpairs[_i].b));
-	ck_assert_str_eq(buf, testpairs[_i].b);
+	len = sizeof(buf);
+	val = b64->encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
+
+	fail_unless(strcmp(buf, testpairs[_i].b) == 0,
+			"'%s' != '%s'", buf, testpairs[_i].b);
 }
 END_TEST
 
@@ -82,13 +85,17 @@ START_TEST(test_base64_decode)
 {
 	size_t len;
 	char buf[4096];
+	struct encoder *b64;
 	int val;
 
-	len = sizeof(buf);
-	val = base64_ops.decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
+	b64 = get_base64_encoder();
 
-	ck_assert(val == strlen(testpairs[_i].a));
-	ck_assert_str_eq(buf, testpairs[_i].a);
+	len = sizeof(buf);
+	val = b64->decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
+
+	fail_unless(buf != NULL, "buf == NULL");
+	fail_unless(strcmp(buf, testpairs[_i].a) == 0,
+			"'%s' != '%s'", buf, testpairs[_i].a);
 }
 END_TEST
 
@@ -98,11 +105,14 @@ START_TEST(test_base64_blksize)
 	size_t enclen;
 	char *rawbuf;
 	char *encbuf;
+	struct encoder *b64;
 	int i;
 	int val;
 
-	rawlen = base64_ops.blocksize_raw;
-	enclen = base64_ops.blocksize_encoded;
+	b64 = get_base64_encoder();
+
+	rawlen = b64->blocksize_raw();
+	enclen = b64->blocksize_encoded();
 
 	rawbuf = malloc(rawlen + 16);
 	encbuf = malloc(enclen + 16);
@@ -112,21 +122,21 @@ START_TEST(test_base64_blksize)
 	}
 	rawbuf[i] = 0;
 
-	val = base64_ops.encode(encbuf, &enclen, rawbuf, rawlen);
+	val = b64->encode(encbuf, &enclen, rawbuf, rawlen);
 
-	ck_assert_msg(rawlen == 3, "raw length was %zu not 3", rawlen);
-	ck_assert_msg(enclen == 3, "encoded %zu bytes, not 3", enclen);
-	ck_assert_msg(val == 4, "encoded string %s was length %d", encbuf, val);
+	fail_unless(rawlen == 3, "raw length was %d not 3", rawlen);
+	fail_unless(enclen == 3, "encoded %d bytes, not 3", enclen);
+	fail_unless(val == 4, "encoded string %s was length %d", encbuf, val);
 
 	memset(rawbuf, 0, rawlen + 16);
 
 	enclen = val;
-	val = base64_ops.decode(rawbuf, &rawlen, encbuf, enclen);
+	val = b64->decode(rawbuf, &rawlen, encbuf, enclen);
 
-	ck_assert_msg(rawlen == 3, "raw length was %zu not 3", rawlen);
-	ck_assert(val == 3);
+	fail_unless(rawlen == 3, "raw length was %d not 3", rawlen);
+	fail_unless(val == 3);
 	for (i = 0; i < rawlen; i++) {
-		ck_assert(rawbuf[i] == 'A');
+		fail_unless(rawbuf[i] == 'A');
 	}
 }
 END_TEST

tests/common.c

@@ -1,307 +0,0 @@
-/*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <check.h>
-#include <common.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-START_TEST(test_topdomain_ok)
-{
-	char *error = NULL;
-
-	ck_assert(check_topdomain("foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 0, &error) == 0);
-	ck_assert(error == NULL);
-	/* Allowing wildcard */
-	ck_assert(check_topdomain("foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 1, &error) == 0);
-	ck_assert(error == NULL);
-
-	/* Not allowed to start with dot */
-	ck_assert(check_topdomain(".foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 0, &error));
-	ck_assert_str_eq("Starts with a dot", error);
-
-	/* Test missing error msg ptr */
-	ck_assert(check_topdomain(".foo", 0, NULL));
-}
-END_TEST
-
-START_TEST(test_topdomain_length)
-{
-	char *error;
-
-	/* Test empty and too short */
-	ck_assert(check_topdomain("", 0, &error));
-	ck_assert_str_eq("Too short (< 3)", error);
-	error = NULL;
-	ck_assert(check_topdomain("a", 0, &error));
-	ck_assert_str_eq("Too short (< 3)", error);
-	error = NULL;
-	ck_assert(check_topdomain(".a", 0, &error));
-	ck_assert_str_eq("Too short (< 3)", error);
-	error = NULL;
-	ck_assert(check_topdomain("a.", 0, &error));
-	ck_assert_str_eq("Too short (< 3)", error);
-	error = NULL;
-	ck_assert(check_topdomain("ab", 0, &error));
-	ck_assert_str_eq("Too short (< 3)", error);
-	error = NULL;
-	ck_assert(check_topdomain("a.b", 0, &error) == 0);
-
-	/* Test too long (over 128, need rest of space for data) */
-	ck_assert(check_topdomain(
-		"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
-		"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
-		"abcd12345.abcd12345.foo129xxx", 0, &error));
-	ck_assert_str_eq("Too long (> 128)", error);
-	ck_assert(check_topdomain(
-		"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
-		"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
-		"abcd12345.abcd12345.foo128xx", 0, &error) == 0);
-}
-END_TEST
-
-START_TEST(test_topdomain_chunks)
-{
-	char *error;
-
-	/* Must have at least one dot */
-	ck_assert(check_topdomain("abcde.gh", 0, &error) == 0);
-	ck_assert(check_topdomain("abcdefgh", 0, &error));
-	ck_assert_str_eq("No dots", error);
-
-	/* Not two consecutive dots */
-	ck_assert(check_topdomain("abc..defgh", 0, &error));
-	ck_assert_str_eq("Consecutive dots", error);
-
-	/* Not end with a dots */
-	ck_assert(check_topdomain("abc.defgh.", 0, &error));
-	ck_assert_str_eq("Ends with a dot", error);
-
-	/* No chunk longer than 63 chars */
-	ck_assert(check_topdomain("123456789012345678901234567890"
-		"123456789012345678901234567890333.com", 0, &error) == 0);
-	ck_assert(check_topdomain("123456789012345678901234567890"
-		"1234567890123456789012345678904444.com", 0, &error));
-	ck_assert_str_eq("Too long domain part (> 63)", error);
-
-	ck_assert(check_topdomain("abc.123456789012345678901234567890"
-		"123456789012345678901234567890333.com", 0, &error) == 0);
-	ck_assert(check_topdomain("abc.123456789012345678901234567890"
-		"1234567890123456789012345678904444.com", 0, &error));
-	ck_assert_str_eq("Too long domain part (> 63)", error);
-
-	ck_assert(check_topdomain("abc.123456789012345678901234567890"
-		"123456789012345678901234567890333", 0, &error) == 0);
-	ck_assert(check_topdomain("abc.123456789012345678901234567890"
-		"1234567890123456789012345678904444", 0, &error));
-	ck_assert_str_eq("Too long domain part (> 63)", error);
-}
-END_TEST
-
-START_TEST(test_topdomain_wild)
-{
-	char *error = NULL;
-
-	ck_assert(check_topdomain("*.a", 0, &error) == 1);
-	ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
-	error = NULL;
-	ck_assert(check_topdomain("*.a", 1, &error) == 0);
-	ck_assert(error == NULL);
-
-	ck_assert(check_topdomain("b*.a", 0, &error) == 1);
-	ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
-	error = NULL;
-	ck_assert(check_topdomain("b*.a", 1, &error) == 1);
-	ck_assert_str_eq("Wildcard (*) only allowed as first char", error);
-
-	ck_assert(check_topdomain("*b.a", 0, &error) == 1);
-	ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
-	error = NULL;
-	ck_assert(check_topdomain("*b.a", 1, &error) == 1);
-	ck_assert_str_eq("Wildcard (*) must be followed by dot", error);
-
-	ck_assert(check_topdomain("*.*.a", 0, &error) == 1);
-	ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
-	error = NULL;
-	ck_assert(check_topdomain("*.*.a", 1, &error) == 1);
-	ck_assert_str_eq("Wildcard (*) only allowed as first char", error);
-}
-END_TEST
-
-START_TEST(test_query_datalen)
-{
-	char *topdomain = "r.foo.com";
-	/* With data */
-	ck_assert(query_datalen("foobar.r.foo.com", topdomain) == 7);
-	ck_assert(query_datalen("foobar.r.FoO.Com", topdomain) == 7);
-	ck_assert(query_datalen("foo.bar.r.FoO.Com", topdomain) == 8);
-	ck_assert(query_datalen(".r.foo.com", topdomain) == 1);
-	/* Without data */
-	ck_assert(query_datalen("r.foo.com", topdomain) == 0);
-	ck_assert(query_datalen("R.foo.com", topdomain) == 0);
-	/* Shorter query name */
-	ck_assert(query_datalen("foo.com", topdomain) == -1);
-	/* Mismatched query name */
-	ck_assert(query_datalen("b.foo.com", topdomain) == -1);
-	ck_assert(query_datalen("*.foo.com", topdomain) == -1);
-	/* Query name overlaps topdomain, but is longer */
-	ck_assert(query_datalen("bar.foo.com", topdomain) == -1);
-}
-END_TEST
-
-START_TEST(test_query_datalen_wild)
-{
-	char *topdomain = "*.foo.com";
-	/* With data */
-	ck_assert(query_datalen("foobar.a.foo.com", topdomain) == 7);
-	ck_assert(query_datalen("foobar.r.FoO.Com", topdomain) == 7);
-	ck_assert(query_datalen("foo.bar.r.FoO.Com", topdomain) == 8);
-	ck_assert(query_datalen("foo.Ab.foo.cOm", topdomain) == 4);
-	ck_assert(query_datalen("foo.Abcd.Foo.com", topdomain) == 4);
-	ck_assert(query_datalen("***.STARs.foo.com", topdomain) == 4);
-	ck_assert(query_datalen(".a.foo.com", topdomain) == 1);
-	ck_assert(query_datalen(".ab.foo.com", topdomain) == 1);
-	/* Without data */
-	ck_assert(query_datalen("rr.foo.com", topdomain) == 0);
-	ck_assert(query_datalen("b.foo.com", topdomain) == 0);
-	ck_assert(query_datalen("B.foo.com", topdomain) == 0);
-	/* Shorter query name */
-	ck_assert(query_datalen("foo.com", topdomain) == -1);
-	/* Wildcard part of query name matching topdomain */
-	ck_assert(query_datalen("aa.*.foo.com", topdomain) == -1);
-	/* Mismatched query name */
-	ck_assert(query_datalen("bar.r.boo.com", topdomain) == -1);
-}
-END_TEST
-
-START_TEST(test_parse_format_ipv4)
-{
-	char *host = "192.168.2.10";
-	char *formatted;
-	struct sockaddr_storage addr;
-	struct sockaddr_in *v4addr;
-	int addr_len;
-
-	addr_len = get_addr(host, 53, AF_INET, 0, &addr);
-	ck_assert(addr_len == sizeof(struct sockaddr_in));
-
-	v4addr = (struct sockaddr_in *) &addr;
-	ck_assert(v4addr->sin_addr.s_addr == htonl(0xc0a8020a));
-	ck_assert(v4addr->sin_port == htons(53));
-
-	formatted = format_addr(&addr, addr_len);
-	ck_assert_str_eq(host, formatted);
-}
-END_TEST
-
-START_TEST(test_parse_format_ipv4_listen_all)
-{
-	char *host = "0.0.0.0";
-	char *formatted;
-	struct sockaddr_storage addr;
-	struct sockaddr_in *v4addr;
-	int addr_len;
-
-	addr_len = get_addr(NULL, 53, AF_INET, AI_PASSIVE, &addr);
-	ck_assert(addr_len == sizeof(struct sockaddr_in));
-
-	v4addr = (struct sockaddr_in *) &addr;
-	ck_assert(v4addr->sin_addr.s_addr == htonl(0x00000000));
-	ck_assert(v4addr->sin_port == htons(53));
-
-	formatted = format_addr(&addr, addr_len);
-	ck_assert_str_eq(host, formatted);
-}
-END_TEST
-
-START_TEST(test_parse_format_ipv6)
-{
-	char *host = "2001:0db8:0505:0::123:0abc";
-	char *compact = "2001:db8:505::123:abc";
-	unsigned char v6_bits[] = {
-		0x20, 0x01, 0x0d, 0xb8, 0x05, 0x05, 0x00, 0x00,
-		0x00, 0x00, 0x00, 0x00, 0x01, 0x23, 0x0a, 0xbc,
-	};
-	char *formatted;
-	struct sockaddr_storage addr;
-	struct sockaddr_in6 *v6addr;
-	int addr_len;
-
-	addr_len = get_addr(host, 53, AF_UNSPEC, 0, &addr);
-	ck_assert(addr_len == sizeof(struct sockaddr_in6));
-
-	v6addr = (struct sockaddr_in6 *) &addr;
-	ck_assert(memcmp(&v6addr->sin6_addr, v6_bits, sizeof(v6_bits)) == 0);
-	ck_assert(v6addr->sin6_port == htons(53));
-
-	formatted = format_addr(&addr, addr_len);
-	ck_assert_str_eq(compact, formatted);
-}
-END_TEST
-
-START_TEST(test_parse_format_ipv4_mapped_ipv6)
-{
-	char *v4mapped = "::FFFF:192.168.2.10";
-	char *host = "192.168.2.10";
-	unsigned char v6_bits[] = {
-		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x00, 0x00, 0xff, 0xff, 0xc0, 0xa8, 0x02, 0x0a,
-	};
-	char *formatted;
-	struct sockaddr_storage addr;
-	struct sockaddr_in6 *v6addr;
-	int addr_len;
-
-	addr_len = get_addr(v4mapped, 53, AF_INET6, 0, &addr);
-	ck_assert(addr_len == sizeof(struct sockaddr_in6));
-
-	v6addr = (struct sockaddr_in6 *) &addr;
-	ck_assert(memcmp(&v6addr->sin6_addr, v6_bits, sizeof(v6_bits)) == 0);
-	ck_assert(v6addr->sin6_port == htons(53));
-
-	/* Format as IPv4 address */
-	formatted = format_addr(&addr, addr_len);
-	ck_assert_str_eq(host, formatted);
-}
-END_TEST
-
-TCase *
-test_common_create_tests()
-{
-	TCase *tc;
-	int sock;
-
-	tc = tcase_create("Common");
-	tcase_add_test(tc, test_topdomain_ok);
-	tcase_add_test(tc, test_topdomain_length);
-	tcase_add_test(tc, test_topdomain_chunks);
-	tcase_add_test(tc, test_topdomain_wild);
-	tcase_add_test(tc, test_query_datalen);
-	tcase_add_test(tc, test_query_datalen_wild);
-	tcase_add_test(tc, test_parse_format_ipv4);
-	tcase_add_test(tc, test_parse_format_ipv4_listen_all);
-
-	/* Tests require IPv6 support */
-	sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
-	if (sock >= 0) {
-		close(sock);
-		tcase_add_test(tc, test_parse_format_ipv6);
-		tcase_add_test(tc, test_parse_format_ipv4_mapped_ipv6);
-	}
-	return tc;
-}

tests/dns.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -25,14 +24,11 @@
 #include <netinet/in.h>
 #include <sys/stat.h>
 #include <arpa/nameser.h>
-#ifdef DARWIN
-#define BIND_8_COMPAT
-#include <arpa/nameser_compat.h>
-#endif
 
 #include "common.h"
 #include "dns.h"
 #include "encoding.h"
+#include "base32.h"
 #include "test.h"
 
 static void dump_packet(char *, size_t);
@@ -69,7 +65,7 @@ START_TEST(test_encode_query)
 	char buf[512];
 	char resolv[512];
 	struct query q;
-	const struct encoder *enc;
+	struct encoder *enc;
 	char *d;
 	size_t len;
 	size_t enclen;
@@ -82,7 +78,7 @@ START_TEST(test_encode_query)
 	q.type = T_NULL;
 	q.id = 1337;
 	d = resolv;
-	enc = &base32_ops;
+	enc = get_base32_encoder();
 
 	*d++ = 'A';
 	enc->encode(d, &enclen, innerData, strlen(innerData));
@@ -100,10 +96,8 @@ START_TEST(test_encode_query)
 		dump_packet(query_packet, len);
 		dump_packet(buf, ret);
 	}
-	ck_assert_msg(strncmp(query_packet, buf, sizeof(query_packet)) == 0,
-		"Did not compile expected packet");
-	ck_assert_msg(ret == len,
-		"Bad packet length: %d, expected %zu", ret, len);
+	fail_unless(strncmp(query_packet, buf, sizeof(query_packet)) == 0, "Did not compile expected packet");
+	fail_unless(ret == len, "Bad packet length: %d, expected %d", ret, len);
 }
 END_TEST
 
@@ -112,25 +106,22 @@ START_TEST(test_decode_query)
 	char buf[512];
 	char *domain;
 	struct query q;
-	const struct encoder *enc;
+	struct encoder *enc;
 	size_t len;
 
 	memset(&q, 0, sizeof(struct query));
 	memset(&buf, 0, sizeof(buf));
 	q.id = 0;
 	len = sizeof(query_packet) - 1;
-	enc = &base32_ops;
+	enc = get_base32_encoder();
 
 	dns_decode(buf, sizeof(buf), &q, QR_QUERY, query_packet, len);
 	domain = strstr(q.name, topdomain);
 	len = sizeof(buf);
 	unpack_data(buf, len, &(q.name[1]), (int) (domain - q.name) - 1, enc);
 
-	ck_assert_msg(strncmp(buf, innerData, strlen(innerData)) == 0,
-		"Did not extract expected host: '%s'", buf);
-	ck_assert_msg(strlen(buf) == strlen(innerData),
-		"Bad host length: %zu, expected %zu: '%s'",
-		strlen(buf), strlen(innerData), buf);
+	fail_unless(strncmp(buf, innerData, strlen(innerData)) == 0, "Did not extract expected host: '%s'", buf);
+	fail_unless(strlen(buf) == strlen(innerData), "Bad host length: %d, expected %d: '%s'", strlen(buf), strlen(innerData), buf);
 }
 END_TEST
 
@@ -152,10 +143,8 @@ START_TEST(test_encode_response)
 	ret = dns_encode(buf, len, &q, QR_ANSWER, msgData, strlen(msgData));
 	len = sizeof(answer_packet) - 1; /* Skip extra null character */
 
-	ck_assert_msg(strncmp(answer_packet, buf, sizeof(answer_packet)) == 0,
-		"Did not compile expected packet");
-	ck_assert_msg(ret == len,
-		"Bad packet length: %d, expected %d", ret, len);
+	fail_unless(strncmp(answer_packet, buf, sizeof(answer_packet)) == 0, "Did not compile expected packet");
+	fail_unless(ret == len, "Bad packet length: %d, expected %d", ret, len);
 }
 END_TEST
 
@@ -170,11 +159,9 @@ START_TEST(test_decode_response)
 	memset(&buf, 0, sizeof(buf));
 
 	ret = dns_decode(buf, len, &q, QR_ANSWER, answer_packet, sizeof(answer_packet)-1);
-	ck_assert_msg(ret == strlen(msgData),
-		"Bad data length: %d, expected %zu", ret, strlen(msgData));
-	ck_assert_msg(strncmp(msgData, buf, strlen(msgData)) == 0,
-		"Did not extract expected data");
-	ck_assert(q.id == 0x0539);
+	fail_unless(strncmp(msgData, buf, sizeof(msgData)) == 0, "Did not extract expected data");
+	fail_unless(ret == strlen(msgData), "Bad data length: %d, expected %d", ret, strlen(msgData));
+	fail_unless(q.id == 0x0539);
 }
 END_TEST
 
@@ -189,12 +176,9 @@ START_TEST(test_decode_response_with_high_trans_id)
 	memset(&buf, 0, sizeof(buf));
 
 	ret = dns_decode(buf, len, &q, QR_ANSWER, answer_packet_high_trans_id, sizeof(answer_packet_high_trans_id)-1);
-	ck_assert_msg(ret == strlen(msgData),
-		"Bad data length: %d, expected %zu", ret, strlen(msgData));
-	ck_assert_msg(strncmp(msgData, buf, strlen(msgData)) == 0,
-		"Did not extract expected data");
-	ck_assert_msg(q.id == 0x8539,
-		"q.id was %08X instead of %08X!", q.id, 0x8539);
+	fail_unless(strncmp(msgData, buf, sizeof(msgData)) == 0, "Did not extract expected data");
+	fail_unless(ret == strlen(msgData), "Bad data length: %d, expected %d", ret, strlen(msgData));
+	fail_unless(q.id == 0x8539, "q.id was %08X instead of %08X!", q.id, 0x8539);
 }
 END_TEST
 
@@ -208,7 +192,7 @@ START_TEST(test_get_id_short_packet)
 	memset(&buf, 5, sizeof(buf));
 
 	id = dns_get_id(buf, len);
-	ck_assert(id == 0);
+	fail_unless(id == 0);
 }
 END_TEST
 
@@ -217,7 +201,7 @@ START_TEST(test_get_id_low)
 	unsigned short id;
 
 	id = dns_get_id(answer_packet, sizeof(answer_packet));
-	ck_assert(id == 1337);
+	fail_unless(id == 1337);
 }
 END_TEST
 
@@ -226,7 +210,7 @@ START_TEST(test_get_id_high)
 	unsigned short id;
 
 	id = dns_get_id(answer_packet_high_trans_id, sizeof(answer_packet_high_trans_id));
-	ck_assert(id == 0x8539);
+	fail_unless(id == 0x8539);
 }
 END_TEST
 

tests/encoding.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -22,6 +21,8 @@
 
 #include "encoding.h"
 #include "test.h"
+#include "base32.h"
+#include "base64.h"
 
 #define TUPLES 4
 
@@ -50,7 +51,8 @@ START_TEST(test_inline_dotify)
 	b = temp;
 	inline_dotify(b, sizeof(temp));
 
-	ck_assert_str_eq(dottests[_i].b, temp);
+	fail_unless(strcmp(dottests[_i].b, temp) == 0,
+			"'%s' != '%s'", temp, dottests[_i].b);
 }
 END_TEST
 
@@ -64,7 +66,8 @@ START_TEST(test_inline_undotify)
 	b = temp;
 	inline_undotify(b, sizeof(temp));
 
-	ck_assert_str_eq(dottests[_i].a, temp);
+	fail_unless(strcmp(dottests[_i].a, temp) == 0,
+			"'%s' != '%s'", temp, dottests[_i].a);
 }
 END_TEST
 
@@ -81,13 +84,12 @@ START_TEST(test_build_hostname)
 	}
 
 	buflen = sizeof(buf);
-
+	
 	for (i = 1; i < sizeof(data); i++) {
-		int len = build_hostname(buf, buflen, data, i, topdomain, &base32_ops, sizeof(buf));
+		int len = build_hostname(buf, buflen, data, i, topdomain, get_base32_encoder(), sizeof(buf));
 
-		ck_assert(len <= i);
-		ck_assert_msg(strstr(buf, "..") == NULL,
-			"Found double dots when encoding data len %d! buf: %s", i, buf);
+		fail_if(len > i);
+		fail_if(strstr(buf, ".."), "Found double dots when encoding data len %d! buf: %s", i, buf);
 	}
 }
 END_TEST

tests/fw_query.c

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2009-2014 Erik Ekman <yarrick@kryo.se>
+ * Copyright (c) 2006-2009 Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -28,17 +28,17 @@ START_TEST(test_fw_query_simple)
 	q.id = 0x848A;
 
 	fw_query_init();
-
+	
 	/* Test empty cache */
 	fw_query_get(0x848A, &qp);
-	ck_assert(qp == NULL);
+	fail_unless(qp == NULL);
 
 	fw_query_put(&q);
 
 	/* Test cache with one entry */
 	fw_query_get(0x848A, &qp);
-	ck_assert(qp->addrlen == q.addrlen);
-	ck_assert(qp->id == q.id);
+	fail_unless(qp->addrlen == q.addrlen);
+	fail_unless(qp->id == q.id);
 }
 END_TEST
 
@@ -49,7 +49,7 @@ START_TEST(test_fw_query_edge)
 	int i;
 
 	fw_query_init();
-
+	
 	q.addrlen = 33;
 	q.id = 0x848A;
 	fw_query_put(&q);
@@ -62,16 +62,16 @@ START_TEST(test_fw_query_edge)
 
 	/* The query should still be cached */
 	fw_query_get(0x848A, &qp);
-	ck_assert(qp->addrlen == 33);
-	ck_assert(qp->id == 0x848A);
-
+	fail_unless(qp->addrlen == 33);
+	fail_unless(qp->id == 0x848A);
+		
 	q.addrlen++;
 	q.id++;
 	fw_query_put(&q);
 
 	/* but now it is overwritten */
 	fw_query_get(0x848A, &qp);
-	ck_assert(qp == NULL);
+	fail_unless(qp == NULL);
 }
 END_TEST
 

tests/login.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -34,7 +33,7 @@ START_TEST(test_login_hash)
 
 	memset(ans, 0, sizeof(ans));
 	login_calculate(ans, len, pass, seed);
-	ck_assert(strncmp(ans, good, len) == 0);
+	fail_unless(strncmp(ans, good, len) == 0, NULL);
 }
 END_TEST
 
@@ -54,7 +53,7 @@ START_TEST(test_login_hash_short)
 
 	/* If len < 16, it should do nothing */
 	login_calculate(ans, len, pass, seed);
-	ck_assert(memcmp(ans, check, sizeof(ans)) == 0);
+	fail_if(memcmp(ans, check, sizeof(ans)));
 }
 END_TEST
 

tests/read.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -21,8 +20,7 @@
 #include <sys/stat.h>
 #include <arpa/nameser.h>
 #ifdef DARWIN
-#define BIND_8_COMPAT
-#include <arpa/nameser_compat.h>
+#include <arpa/nameser8_compat.h>
 #endif
 #include <stdio.h>
 #include <stdint.h>
@@ -46,13 +44,13 @@ START_TEST(test_read_putshort)
 	for (i = 0; i < 65536; i++) {
 		p = (char*)&k;
 		putshort(&p, i);
-		ck_assert_msg(ntohs(k) == i,
+		fail_unless(ntohs(k) == i,
 				"Bad value on putshort for %d: %d != %d",
 					i, ntohs(k), i);
 
 		p = (char*)&k;
-		readshort(NULL, &p, &l);
-		ck_assert_msg(l == i,
+		readshort(NULL, &p, (short *) &l);
+		fail_unless(l == i,
 				"Bad value on readshort for %d: %d != %d",
 					i, l, i);
 	}
@@ -73,13 +71,13 @@ START_TEST(test_read_putlong)
 
 		putlong(&p, j);
 
-		ck_assert_msg(ntohl(k) == j,
+		fail_unless(ntohl(k) == j,
 				"Bad value on putlong for %d: %d != %d", i, ntohl(j), j);
 
 		p = (char*)&k;
 		readlong(NULL, &p, &l);
 
-		ck_assert_msg(l == j,
+		fail_unless(l == j,
 				"Bad value on readlong for %d: %d != %d", i, l, j);
 	}
 }
@@ -98,8 +96,7 @@ START_TEST(test_read_name_empty_loop)
 	data = (char*) emptyloop + sizeof(HEADER);
 	buf[1023] = 'A';
 	rv = readname((char *) emptyloop, sizeof(emptyloop), &data, buf, 1023);
-	ck_assert(rv == 0);
-	ck_assert(buf[1023] == 'A');
+	fail_unless(buf[1023] == 'A');
 }
 END_TEST
 
@@ -116,8 +113,7 @@ START_TEST(test_read_name_inf_loop)
 	data = (char*) infloop + sizeof(HEADER);
 	buf[4] = '\a';
 	rv = readname((char*) infloop, sizeof(infloop), &data, buf, 4);
-	ck_assert(rv == 3);
-	ck_assert(buf[4] == '\a');
+	fail_unless(buf[4] == '\a');
 }
 END_TEST
 
@@ -140,8 +136,7 @@ START_TEST(test_read_name_longname)
 	data = (char*) longname + sizeof(HEADER);
 	buf[256] = '\a';
 	rv = readname((char*) longname, sizeof(longname), &data, buf, 256);
-	ck_assert(rv == 256);
-	ck_assert(buf[256] == '\a');
+	fail_unless(buf[256] == '\a');
 }
 END_TEST
 
@@ -157,7 +152,7 @@ START_TEST(test_read_name_onejump)
 	memset(buf, 0, sizeof(buf));
 	data = (char*) onejump + sizeof(HEADER);
 	rv = readname((char*) onejump, sizeof(onejump), &data, buf, 256);
-	ck_assert(rv == 9);
+	fail_unless(rv == 9);
 }
 END_TEST
 
@@ -179,8 +174,8 @@ START_TEST(test_read_name_badjump_start)
 		data = (char*) jumper + sizeof(HEADER);
 		rv = readname((char*) jumper, sizeof(badjump), &data, buf, 256);
 
-		ck_assert(rv == 0);
-		ck_assert(buf[0] == 0);
+		fail_unless(rv == 0);
+		fail_unless(buf[0] == 0);
 	}
 	free(jumper);
 }
@@ -204,8 +199,9 @@ START_TEST(test_read_name_badjump_second)
 		data = (char*) jumper + sizeof(HEADER);
 		rv = readname((char*) jumper, sizeof(badjump2), &data, buf, 256);
 
-		ck_assert(rv == 4);
-		ck_assert_str_eq("BA.", buf);
+		fail_unless(rv == 4);
+		fail_unless(strcmp("BA.", buf) == 0,
+				"buf is not BA: %s", buf);
 	}
 	free(jumper);
 }
@@ -217,14 +213,17 @@ START_TEST(test_putname)
 	char buf[256];
 	char *domain = "BADGER.BADGER.KRYO.SE";
 	char *b;
+	int len;
 	int ret;
 
+	len = 256;
+
 	memset(buf, 0, 256);
 	b = buf;
 	ret = putname(&b, 256, domain);
 
-	ck_assert(ret == strlen(domain) + 1);
-	ck_assert_msg(strncmp(buf, out, ret) == 0, "Happy flow failed");
+	fail_unless(ret == strlen(domain) + 1);
+	fail_unless(strncmp(buf, out, ret) == 0, "Happy flow failed");
 }
 END_TEST
 
@@ -235,14 +234,17 @@ START_TEST(test_putname_nodot)
 		"ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
 		"ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ";
 	char *b;
+	int len;
 	int ret;
 
+	len = 256;
+
 	memset(buf, 0, 256);
 	b = buf;
 	ret = putname(&b, 256, nodot);
 
-	ck_assert(ret == -1);
-	ck_assert(b == buf);
+	fail_unless(ret == -1);
+	fail_unless(b == buf);
 }
 END_TEST
 
@@ -257,14 +259,17 @@ START_TEST(test_putname_toolong)
 		"ABCDEFGHIJKLMNOPQRSTUVWXYZ.ABCDEFGHIJKLMNOPQRSTUVWXYZ."
 		"ABCDEFGHIJKLMNOPQRSTUVWXYZ.ABCDEFGHIJKLMNOPQRSTUVWXYZ.";
 	char *b;
+	int len;
 	int ret;
 
+	len = 256;
+
 	memset(buf, 0, 256);
 	b = buf;
 	ret = putname(&b, 256, toolong);
 
-	ck_assert(ret == -1);
-	ck_assert(b == buf);
+	fail_unless(ret == -1);
+	fail_unless(b == buf);
 }
 END_TEST
 

tests/test.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -39,9 +38,6 @@ main()
 	test = test_base64_create_tests();
 	suite_add_tcase(iodine, test);
 
-	test = test_common_create_tests();
-	suite_add_tcase(iodine, test);
-
 	test = test_dns_create_tests();
 	suite_add_tcase(iodine, test);
 

tests/test.h

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -20,7 +19,6 @@
 
 TCase *test_base32_create_tests();
 TCase *test_base64_create_tests();
-TCase *test_common_create_tests();
 TCase *test_dns_create_tests();
 TCase *test_encoding_create_tests();
 TCase *test_read_create_tests();
@@ -29,11 +27,11 @@ TCase *test_user_create_tests();
 TCase *test_fw_query_create_tests();
 
 char *va_str(const char *, ...);
-
+	
 #if (CHECK_MAJOR_VERSION == 0 && \
 	((CHECK_MINOR_VERSION == 9 && CHECK_MICRO_VERSION < 2) || \
 	 (CHECK_MINOR_VERSION < 9)))
-#define tcase_set_timeout(...)
+#define tcase_set_timeout(...) 
 #endif
 
 #endif

tests/user.c

@@ -1,8 +1,7 @@
 /*
- * Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
- * 2006-2009 Bjorn Andersson <flex@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -20,8 +19,8 @@
 #include <string.h>
 #include <time.h>
 #include <sys/socket.h>
-#include <netinet/in.h>
 #include <arpa/inet.h>
+#include <netinet/in.h>
 
 #include "common.h"
 #include "encoding.h"
@@ -33,21 +32,44 @@ START_TEST(test_init_users)
 	in_addr_t ip;
 	char givenip[16];
 	int i;
-	int count;
 
 	ip = inet_addr("127.0.0.1");
-	count = init_users(ip, 27);
-	for (i = 0; i < count; i++) {
-		ck_assert(users[i].id == i);
-		ck_assert(users[i].q.id == 0);
-		ck_assert(users[i].inpacket.len == 0);
-		ck_assert(users[i].outpacket.len == 0);
+	init_users(ip, 27);
+	for (i = 0; i < USERS; i++) {
+		fail_unless(users[i].id == i);
+		fail_unless(users[i].q.id == 0);
+		fail_unless(users[i].inpacket.len == 0);
+		fail_unless(users[i].outpacket.len == 0);
 		snprintf(givenip, sizeof(givenip), "127.0.0.%d", i + 2);
-		ck_assert(users[i].tun_ip == inet_addr(givenip));
+		fail_unless(users[i].tun_ip == inet_addr(givenip));
 	}
 }
 END_TEST
 
+START_TEST(test_users_waiting)
+{
+	in_addr_t ip;
+
+	ip = inet_addr("127.0.0.1");
+	init_users(ip, 27);
+
+	fail_unless(users_waiting_on_reply() == 0);
+
+	users[3].active = 1;
+
+	fail_unless(users_waiting_on_reply() == 0);
+
+	users[3].last_pkt = time(NULL);
+	
+	fail_unless(users_waiting_on_reply() == 0);
+	
+	users[3].conn = CONN_DNS_NULL;
+	users[3].q.id = 1;
+	
+	fail_unless(users_waiting_on_reply() == 1);
+}
+END_TEST
+
 START_TEST(test_find_user_by_ip)
 {
 	in_addr_t ip;
@@ -58,25 +80,25 @@ START_TEST(test_find_user_by_ip)
 	users[0].conn = CONN_DNS_NULL;
 
 	testip = (unsigned int) inet_addr("10.0.0.1");
-	ck_assert(find_user_by_ip(testip) == -1);
-
+	fail_unless(find_user_by_ip(testip) == -1);
+	
 	testip = (unsigned int) inet_addr("127.0.0.2");
-	ck_assert(find_user_by_ip(testip) == -1);
-
+	fail_unless(find_user_by_ip(testip) == -1);
+	
 	users[0].active = 1;
-
+	
 	testip = (unsigned int) inet_addr("127.0.0.2");
-	ck_assert(find_user_by_ip(testip) == -1);
-
+	fail_unless(find_user_by_ip(testip) == -1);
+	
 	users[0].last_pkt = time(NULL);
-
+	
 	testip = (unsigned int) inet_addr("127.0.0.2");
-	ck_assert(find_user_by_ip(testip) == -1);
+	fail_unless(find_user_by_ip(testip) == -1);
 
 	users[0].authenticated = 1;
 
 	testip = (unsigned int) inet_addr("127.0.0.2");
-	ck_assert(find_user_by_ip(testip) == 0);
+	fail_unless(find_user_by_ip(testip) == 0);
 }
 END_TEST
 
@@ -87,25 +109,25 @@ START_TEST(test_all_users_waiting_to_send)
 	ip = inet_addr("127.0.0.1");
 	init_users(ip, 27);
 
-	ck_assert(all_users_waiting_to_send() == 1);
-
+	fail_unless(all_users_waiting_to_send() == 1);
+	
 	users[0].conn = CONN_DNS_NULL;
 	users[0].active = 1;
-
-	ck_assert(all_users_waiting_to_send() == 1);
-
+	
+	fail_unless(all_users_waiting_to_send() == 1);
+	
 	users[0].last_pkt = time(NULL);
 	users[0].outpacket.len = 0;
-
-	ck_assert(all_users_waiting_to_send() == 0);
+	
+	fail_unless(all_users_waiting_to_send() == 0);
 
 #ifdef OUTPACKETQ_LEN
 	users[0].outpacketq_filled = 1;
 #else
 	users[0].outpacket.len = 44;
 #endif
-
-	ck_assert(all_users_waiting_to_send() == 1);
+	
+	fail_unless(all_users_waiting_to_send() == 1);
 }
 END_TEST
 
@@ -120,24 +142,24 @@ START_TEST(test_find_available_user)
 	for (i = 0; i < USERS; i++) {
 		users[i].authenticated = 1;
 		users[i].authenticated_raw = 1;
-		ck_assert(find_available_user() == i);
-		ck_assert(users[i].authenticated == 0);
-		ck_assert(users[i].authenticated_raw == 0);
+		fail_unless(find_available_user() == i);
+		fail_if(users[i].authenticated);
+		fail_if(users[i].authenticated_raw);
 	}
 
 	for (i = 0; i < USERS; i++) {
-		ck_assert(find_available_user() == -1);
+		fail_unless(find_available_user() == -1);
 	}
 
 	users[3].active = 0;
 
-	ck_assert(find_available_user() == 3);
-	ck_assert(find_available_user() == -1);
+	fail_unless(find_available_user() == 3);
+	fail_unless(find_available_user() == -1);
 
 	users[3].last_pkt = 55;
-
-	ck_assert(find_available_user() == 3);
-	ck_assert(find_available_user() == -1);
+	
+	fail_unless(find_available_user() == 3);
+	fail_unless(find_available_user() == -1);
 }
 END_TEST
 
@@ -150,22 +172,22 @@ START_TEST(test_find_available_user_small_net)
 	init_users(ip, 29); /* this should result in 5 enabled users */
 
 	for (i = 0; i < 5; i++) {
-		ck_assert(find_available_user() == i);
+		fail_unless(find_available_user() == i);
 	}
 
 	for (i = 0; i < USERS; i++) {
-		ck_assert(find_available_user() == -1);
+		fail_unless(find_available_user() == -1);
 	}
 
 	users[3].active = 0;
 
-	ck_assert(find_available_user() == 3);
-	ck_assert(find_available_user() == -1);
+	fail_unless(find_available_user() == 3);
+	fail_unless(find_available_user() == -1);
 
 	users[3].last_pkt = 55;
-
-	ck_assert(find_available_user() == 3);
-	ck_assert(find_available_user() == -1);
+	
+	fail_unless(find_available_user() == 3);
+	fail_unless(find_available_user() == -1);
 }
 END_TEST
 
@@ -176,6 +198,7 @@ test_user_create_tests()
 
 	tc = tcase_create("User");
 	tcase_add_test(tc, test_init_users);
+	tcase_add_test(tc, test_users_waiting);
 	tcase_add_test(tc, test_find_user_by_ip);
 	tcase_add_test(tc, test_all_users_waiting_to_send);
 	tcase_add_test(tc, test_find_available_user);