haskal
/
iodine
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: haskal:xenia/toplevel
Branches Tags
haskal:xenia/toplevel
haskal:master
haskal:iodine-0.6.0
haskal:iodine-0.7
haskal:iodine-0.6
haskal:iodine-0.5
haskal:iodine-0.4
haskal:iodine-0.3
haskal:v0.7.0
haskal:v0.6.0-rc1
haskal:v0.5.2
haskal:v0.5.1
haskal:v0.5.0
haskal:v0.4.2
haskal:v0.4.1
haskal:v0.4.0
haskal:v0.3.4
haskal:v0.3.3
haskal:v0.3.2
haskal:v0.3.1
haskal:v0.3
..
compare: haskal:v0.5.1
Branches Tags
haskal:xenia/toplevel
haskal:master
haskal:iodine-0.6.0
haskal:iodine-0.7
haskal:iodine-0.6
haskal:iodine-0.5
haskal:iodine-0.4
haskal:iodine-0.3
haskal:v0.7.0
haskal:v0.6.0-rc1
haskal:v0.5.2
haskal:v0.5.1
haskal:v0.5.0
haskal:v0.4.2
haskal:v0.4.1
haskal:v0.4.0
haskal:v0.3.4
haskal:v0.3.3
haskal:v0.3.2
haskal:v0.3.1
haskal:v0.3

164 Commits
xenia/topl ... v0.5.1

Author SHA1 Message Date
Erik Ekman 6536fc7c5d Release 0.5.1 2009-03-21 13:07:49 +00:00
Erik Ekman f41c4bb9f3 Release 0.5.0 2009-01-23 18:20:27 +00:00
Erik Ekman 30a3bb9445 Release 0.5.0-rc2 2009-01-17 09:06:33 +00:00
Erik Ekman 134fa90727 updated manpage 2009-01-10 20:56:39 +00:00
Erik Ekman 46293b51b1 prepare version 0.5.0-rc1 2009-01-10 20:40:22 +00:00
Erik Ekman fa9b145af1 Branch 0.5 2009-01-10 20:36:16 +00:00
Erik Ekman 2b7bf00e1a Rename protocol to version 00000500 2009-01-10 20:32:53 +00:00
Erik Ekman 7a1733ae82 Rename protocol to version 00000500 2009-01-10 20:32:32 +00:00
Erik Ekman d7f07d2f1f Enhanced checks on incoming queries, check user exists and is active 2009-01-10 20:23:50 +00:00
Erik Ekman db13d81caf #7 finally done\! Added autoprobing of max downstream fragsize. 2009-01-10 19:30:55 +00:00
Erik Ekman 9a139b7005 #7, add probe fragsize support for server. documented 2009-01-10 16:22:51 +00:00
Erik Ekman 49e448fb19 fix warnings 2009-01-07 18:16:49 +00:00
Erik Ekman 9f3e397475 add osflags for tests 2009-01-06 22:05:15 +00:00
Erik Ekman 3ac090f847 Update readme with new url for osx tuntap driver 2009-01-06 19:58:29 +00:00
Erik Ekman ab75dae208 allow custom check path 2009-01-06 13:41:45 +00:00
Erik Ekman 168b05e3f7 Fix build on OpenBSD 2009-01-06 10:47:01 +00:00
Erik Ekman 9f2730cb9a fix label 2009-01-05 19:52:01 +00:00
Erik Ekman dfd6f9aa90 #7, set max fragsize with -m in the client 2009-01-05 19:47:59 +00:00
Erik Ekman 0ed202dd18 downstream fragsize is now per user 2009-01-05 18:50:46 +00:00
Erik Ekman 78aaf26369 #7, handle special case, remove up to 1 second pause when doing bulk download 2009-01-05 17:08:34 +00:00
Erik Ekman 20cfb002c3 Downstream fragmentation now working. Currently fragment size is hardcoded to 1200. More tweaking left, as well as fragsize auto detection. (#7) 2009-01-05 16:25:54 +00:00
Erik Ekman d5f0dac459 Discard packets which only has data header 2009-01-04 18:59:12 +00:00
Erik Ekman 55d9ddb8dd add downstream data header and basic parsing in client, for #7 2009-01-04 18:56:24 +00:00
Erik Ekman 7dd38fec17 Create send_chunk() on server 2009-01-04 13:53:32 +00:00
Erik Ekman f8eb4c952b Allow setting netmask in iodined, fixes #27. The same netmask will be given to clients as well. Updated docs. 2009-01-04 12:39:28 +00:00
Erik Ekman f5e58e6527 Assign client IPs within the network (fixes #28), also limit number of users depending on netmask (for #27) 2009-01-04 12:03:35 +00:00
Erik Ekman 3f79d948bf updated docs 2009-01-04 10:58:52 +00:00
Erik Ekman c742fe79c3 Happy new year 2009-01-03 23:39:54 +00:00
Erik Ekman 7791035364 Happy new year 2009-01-03 23:27:21 +00:00
Erik Ekman 58f789307b Updated changelog for #37 2009-01-03 23:14:02 +00:00
Erik Ekman d027a60859 Handle trans id >= 0x8000, fix bug #37 2009-01-03 20:13:31 +00:00
Erik Ekman da6eee279a make OUT debug look more like IN debug 2009-01-03 18:29:36 +00:00
Erik Ekman b66dc4ea51 update tests after inline dot function now uses 57 as distance 2008-12-27 00:40:30 +00:00
Erik Ekman 3b4cc0989c Fix for compile error on FreeBSD 2008-12-27 00:30:51 +00:00
Erik Ekman 7335940130 make iodined build on opensolaris 2008-12-25 16:56:13 +00:00
Erik Ekman 18e0042ce4 Detect duplicates in upstream data, start frag at zero 2008-12-14 17:21:27 +00:00
Erik Ekman 89fdbc104b Implemented new protocol for upstream data 2008-12-11 22:39:06 +00:00
Erik Ekman 458b5af003 Added simple 5bits to 8 and reverse encoder, with test 2008-12-11 19:26:11 +00:00
Erik Ekman 9d8e9a7d18 Removing old code 2008-12-11 19:12:51 +00:00
Erik Ekman e06ce0a213 Updated old proto, added new things to latest 2008-12-11 19:12:34 +00:00
Erik Ekman a83164fad8 Added notreached 2008-12-11 19:11:53 +00:00
Erik Ekman c7d1620cad Updated old protocol spec 2008-12-07 09:55:23 +00:00
Erik Ekman fbb874c1ab fix version number in spec 2008-12-07 09:44:55 +00:00
Erik Ekman 48df1d896a Added old protocol spec 2008-12-07 09:42:19 +00:00
Erik Ekman b639436375 updated docs 2008-12-07 09:41:06 +00:00
Erik Ekman 33b5ef9bf9 Reverted new protocol 2008-12-06 22:12:18 +00:00
Erik Ekman 5450372a75 Updated encoding tests 2008-12-06 19:08:14 +00:00
Erik Ekman 900a0e8df7 Added blocksize funcs, made funcs static 2008-12-06 15:31:28 +00:00
Erik Ekman 46f7eccf54 New protocol spec 2008-12-06 13:20:47 +00:00
Erik Ekman 3740894350 Revert client shutdown code, it seems BADIP can arrive even though everything works 2008-12-06 12:25:02 +00:00
Erik Ekman cb0fa56232 updated changelog 2008-09-14 13:37:44 +00:00
Erik Ekman 55176af538 Added -n to set NS ip, updated docs, added checks 2008-09-14 13:21:11 +00:00
Erik Ekman 2eb78f9e8c Reverted [686], [689] and [692]. SSH login now works again. Increased version. 2008-09-14 12:44:55 +00:00
Erik Ekman b4893e8a8b Rename codecs 2008-09-14 12:05:55 +00:00
Erik Ekman 4203f115f5 Use base64 is case is preserved and plus sign is allowed 2008-09-14 11:34:56 +00:00
Erik Ekman e8ee981f97 Print failed tests 2008-09-14 11:33:18 +00:00
Erik Ekman 524522d00a Base64 codec now uses + as 64th char 2008-09-14 11:32:31 +00:00
Erik Ekman de2912c089 rewrote strange message 2008-09-09 21:10:48 +00:00
Erik Ekman 6f097a4cb3 Added debugging 2008-09-09 21:09:06 +00:00
Erik Ekman 4c805fef6a Fix issue #33, respond to NS requests 2008-09-09 20:55:13 +00:00
Erik Ekman d40c464ac1 shorten some lines 2008-09-09 19:55:45 +00:00
Erik Ekman 8eccbf097a Stop client if server is restarted 2008-09-09 19:37:51 +00:00
Erik Ekman 63d65bb30e formatting 2008-09-09 19:36:51 +00:00
Erik Ekman e359f64003 Updated year 2008-09-09 19:07:09 +00:00
Erik Ekman 6ca1b992bb added include for iovec 2008-08-07 22:34:14 +00:00
Erik Ekman d4e1eef6d5 Now fetches destination address from udp packets 2008-08-07 22:12:10 +00:00
Erik Ekman c96b83e3d2 Forward non-tunnel requests to another udp port (fixes #31) 2008-08-07 21:18:15 +00:00
Erik Ekman b619662201 Patch to make it build on BeOS R5-BONE and Haiku from Francois Revol 2008-08-07 16:53:59 +00:00
Erik Ekman fb3fa24edb Implemented filtering based on topdomain 2008-08-07 16:49:22 +00:00
Erik Ekman 6531d5e72b Eliminate extra 'ping' message when server sends data to client which generates a reply 2008-08-07 15:05:51 +00:00
Erik Ekman edf7e5a565 updated documentation 2008-08-07 14:44:02 +00:00
Erik Ekman 2270063464 updated changelog 2008-08-07 14:40:39 +00:00
Erik Ekman 55a689e759 Fix #34, send pings only every 5 seconds 2008-08-07 14:39:43 +00:00
Erik Ekman 188e69aa1f Fixed segfault when sending version rejects: VNAK/VFUL 2008-08-07 14:16:12 +00:00
Erik Ekman 798bbb64db Changed texts 2008-08-07 14:13:33 +00:00
Erik Ekman 9c74eb09a7 Improved latency for traffic initiated from server 2008-08-07 13:22:30 +00:00
Erik Ekman d2b11c44b1 0.4.2 released 2008-08-06 20:51:20 +00:00
Erik Ekman ad8afce8e1 fixed osflags script, updated changelog 2008-08-06 20:02:34 +00:00
Erik Ekman 9019b0639d fix opensolaris warning 2008-08-06 18:59:22 +00:00
Erik Ekman dce8f8352b added -D to usage() and help() 2008-08-06 10:47:44 +00:00
Erik Ekman fc6106153f Named the next release 2008-08-05 22:59:31 +00:00
Erik Ekman 9fa70acc69 Added debug capability on server 2008-08-05 22:37:40 +00:00
Erik Ekman 2ab94a7991 Changes to allow handling of queries of type A, NS etc 2008-08-05 21:53:19 +00:00
Erik Ekman 468bd706cb updated changelog 2008-08-05 14:56:11 +00:00
Erik Ekman 7b90054346 Reworked fix for #21 2008-08-05 14:47:51 +00:00
Erik Ekman 4d79bf6368 Added -c flag to disable IP/port checking in each request 2008-07-12 22:39:29 +00:00
Erik Ekman e4e23275c9 Removed needless va_str() 2008-07-12 20:57:30 +00:00
Erik Ekman d6ec29be4d Remove double warnings 2008-07-12 20:30:35 +00:00
Erik Ekman 6d1a003c1e Add extra ldflags for solaris 2008-07-12 12:42:19 +00:00
Erik Ekman 30014e6433 Applied Open/Solaris patch from Albert Lee 2008-07-12 12:26:41 +00:00
Erik Ekman f2596cef24 Add include for setgroups() on Linux 2008-07-12 12:20:35 +00:00
Erik Ekman 71c5fe99ce updated changelog 2008-07-12 12:06:56 +00:00
Erik Ekman adabd28b46 applied security patch from Andrew Griffiths, limit user groups 2008-07-12 12:05:59 +00:00
Erik Ekman 3f4852edab updated changelog 2008-07-12 11:50:42 +00:00
Erik Ekman bc76b588c9 Applied patch for not configuring the tun interface, debian bug 477692 2008-07-12 11:45:22 +00:00
Erik Ekman e7de432088 reapplied maxims patches 2008-07-12 11:41:01 +00:00
Erik Ekman 321781ad85 removed empty files 2008-07-12 11:37:25 +00:00
Erik Ekman ddaebb0074 reverting the code after 0.4.1, except for some patches 2008-07-12 11:36:39 +00:00
Erik Ekman cb3115865d Fix tests, dotting does not spare a char anymore 2008-01-07 22:24:19 +00:00
Erik Ekman b121f638d0 Added port range check, based on patch from Maxim Bourmistrov 2008-01-07 22:18:27 +00:00
Erik Ekman ac46718c16 Added checks on topdomain name based on patch from Maxim Bourmistrov 2008-01-07 22:06:09 +00:00
Erik Ekman 98061ccc0e Applied patch from Maxim Bourmistrov 2008-01-02 20:40:28 +00:00
Erik Ekman 5460c8eb0a Link test with packet 2007-12-02 10:51:52 +00:00
Erik Ekman 29b2348ca6 Reset sentlen when advancing 2007-12-02 02:28:18 +00:00
Erik Ekman 6fa0d98c99 #7 Actually update server_id 2007-12-02 02:27:36 +00:00
Erik Ekman 9ca4130e9a Always send latest chunk id 2007-12-02 01:22:34 +00:00
Erik Ekman 3eb835afe7 Add two chars from client to server for verification of data delivery 2007-12-02 01:16:53 +00:00
Erik Ekman fd45a20f30 Rewrote strange warning message 2007-12-01 23:48:02 +00:00
Erik Ekman 4c6aae9e90 Use packet functions for packet handling. Prepare for sending fragmented ( #7 ) 2007-12-01 23:33:51 +00:00
Erik Ekman de4a726cb9 Remove useless success warning message 2007-12-01 23:25:44 +00:00
Erik Ekman 317e1efbd6 use packet functions for empty check and fill 2007-12-01 23:05:54 +00:00
Erik Ekman c8726f2c5d revert [607], [608] and parts of [611] 2007-12-01 23:02:06 +00:00
Erik Ekman 3b7927b2dc Fixed packet_empty() 2007-12-01 22:41:27 +00:00
Erik Ekman 9e60b36430 Renamed packet_sending to packet_empty 2007-12-01 22:19:54 +00:00
Erik Ekman fc632e6311 Speling 2007-12-01 22:11:48 +00:00
Erik Ekman d12d0fcff5 Added packet_init 2007-12-01 22:10:48 +00:00
Erik Ekman 7f48d0d99f Extract login handling to function 2007-12-01 21:55:48 +00:00
Erik Ekman 212a3b93e6 Extract version checking to function 2007-12-01 21:46:13 +00:00
Erik Ekman b55c3f432b added license 2007-12-01 21:26:51 +00:00
Erik Ekman c4a2b0c27f #7 Move packet handling out of iodine.c and into packet.c 2007-12-01 21:23:59 +00:00
Erik Ekman 2d8b2655ea packet name collided with global packet 2007-12-01 20:53:29 +00:00
Erik Ekman fe75007109 Add notreached comments 2007-12-01 19:48:17 +00:00
Erik Ekman 509f445c1e Add notreached comments 2007-12-01 19:46:22 +00:00
Erik Ekman f47c750c98 Escape dashes in man page 2007-12-01 10:16:19 +00:00
Erik Ekman f265e4637f Missed one $(MAKE) 2007-12-01 10:12:25 +00:00
Erik Ekman b6340acfb3 0.4.1 release at last 2007-11-30 22:02:21 +00:00
Erik Ekman 3b43db2529 updated changelog 2007-11-27 20:11:55 +00:00
Erik Ekman bd2ed87022 apply patch to detach before chroot/privdrop 2007-11-27 20:11:43 +00:00
Erik Ekman 5adeafddfa Use %d for size_t sprintf 2007-11-27 20:04:13 +00:00
Erik Ekman c22752d1f5 Use 2007-11-27 20:00:45 +00:00
Bjorn Andersson 488412d4e6 buffer overflow in dns.c pointed out by Matus Harvan, also strncpy cleanups 2007-08-26 15:47:32 +00:00
Erik Ekman b0c6924a8e Init variables, fix #26 2007-08-08 06:20:09 +00:00
Bjorn Andersson 32bd132d43 local stuff in iodine made static 2007-07-12 15:50:06 +00:00
Bjorn Andersson 643178b207 stdin-echo fix in server too 2007-07-12 15:48:05 +00:00
Erik Ekman e6286cc03c #21: Reverted [538], reopening 2007-07-12 15:22:32 +00:00
Bjorn Andersson e5ee739537 some cleanup 2007-07-12 15:18:34 +00:00
Bjorn Andersson 0b9a532bbe name the address of the nameserver nameserv instead of peer 2007-07-12 15:18:23 +00:00
Bjorn Andersson d9ca124e18 cleaning commandline on server too 2007-07-12 13:46:58 +00:00
Bjorn Andersson c6f46ebaf9 fixes bad printf after resolv.conf-fix 2007-07-12 13:40:52 +00:00
Bjorn Andersson e889185aca nasty hack hides password on commandline 2007-07-12 13:36:24 +00:00
Bjorn Andersson 1f9a0273db use termios to not echo password when entered on stdin 2007-07-12 13:24:55 +00:00
Erik Ekman 04487efe96 #23 updated manpage and log row 2007-07-12 13:23:44 +00:00
Bjorn Andersson f6735782b1 /etc/resolv.conf is used if no nameserver is given on commandline 2007-07-12 13:01:18 +00:00
Erik Ekman d5ffc25557 #25 Fixed crash on query with bad top domain 2007-07-12 08:38:00 +00:00
Erik Ekman aae94200a5 #16 Do case preservation check after login 2007-07-12 08:31:29 +00:00
Erik Ekman 17c41d87bc #24: Add length check on topdomain, <= 128 chars 2007-07-11 23:25:03 +00:00
Erik Ekman 4e582e98c6 use common send_query function 2007-07-11 23:10:08 +00:00
Erik Ekman 11748b2963 converted iodine.c to use packet struct 2007-07-11 22:39:56 +00:00
Erik Ekman 5f6b7131cc updated log 2007-07-11 22:16:55 +00:00
Erik Ekman ea30edd76f fixed #17: report RCODE error msgs 2007-07-11 22:10:53 +00:00
Erik Ekman a4684f5ebf add check.sf.net note in test target 2007-07-11 21:31:49 +00:00
Erik Ekman 83f2e56426 Updated changelog for #21 2007-07-11 21:19:09 +00:00
Erik Ekman 639fb5f6aa Store only in_addr, not whole sockaddr, fixes #21 2007-07-11 18:27:18 +00:00
Erik Ekman bb74190ed5 Prepare for encoding switching 2007-06-24 10:54:50 +00:00
Erik Ekman acc8b798e3 changes since 0.4.0 2007-06-24 10:34:10 +00:00
Erik Ekman d978ed47bc uninstall in destdir 2007-06-24 10:33:40 +00:00
Erik Ekman d679babb67 updated date 2007-06-24 10:23:17 +00:00
Erik Ekman 63f9098aa0 Add mtu info to manpage 2007-06-24 10:04:02 +00:00
Erik Ekman 42fcc07379 remove last warning on osx 2007-06-18 07:17:55 +00:00
Erik Ekman 9b7863a668 fix sbin dir, add permissions 2007-06-17 12:54:49 +00:00
Erik Ekman 502205f1a1 hopefully more packaging-friendly makefile 2007-06-17 12:32:16 +00:00
Erik Ekman 854c7ed1c1 add patch from decker for osx 2007-06-17 12:19:50 +00:00
Erik Ekman 4d079b95f2 Remove warning for \!LINUX 2007-06-17 12:19:23 +00:00
Erik Ekman 5c9ff9ba06 add sys/time.h for old osx 2007-06-17 11:46:05 +00:00
65 changed files with 2885 additions and 9285 deletions
Show Stats Expand all files Collapse all files

21
.github/workflows/macos.yml vendored
View File

@ -1,21 +0,0 @@
name: macos
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
- name: make
run: make
- name: install check
run: brew install check
- name: run tests
run: make test

33
.github/workflows/ubuntu.yml vendored
View File

@ -1,33 +0,0 @@
name: ubuntu
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: make
run: make
- name: install check
run: sudo apt install check
- name: run tests
run: make test
build-android:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: nttld/setup-ndk@v1
with:
ndk-version: r21e
- name: make
run: make cross-android

25
.github/workflows/windows.yml vendored
View File

@ -1,25 +0,0 @@
name: windows
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: windows-latest
defaults:
run:
shell: msys2 {0}
steps:
- uses: actions/checkout@v2
- uses: msys2/setup-msys2@v2
with:
msystem: MINGW64
update: false
install: git make mingw-w64-x86_64-toolchain mingw-w64-x86_64-zlib
- name: make
run: make TARGETOS=windows32

8
.gitignore vendored
View File

@ -1,8 +0,0 @@
/bin/
*.o
/src/base64u.c
/src/base64u.h
/tests/test
*.o.d
/src/obj/local/*/iodine
/src/libs/*/iodine

4
.vimrc
View File

@ -1,4 +0,0 @@
set noexpandtab
set tabstop=8
set softtabstop=8
set shiftwidth=8

78
CHANGELOG
View File

@ -1,82 +1,10 @@
iodine - https://code.kryo.se/iodine
iodine - http://code.kryo.se/iodine
***********************************
CHANGES:
master:
- Mac OS X: Support native utun VPN devices. Patch by
Peter Sagerson, ported from OpenVPN by Catalin Patulea.
- Fix compilation failure on kFreeBSD and Hurd, by Gregor Herrmann
- Patch from Ryan Welton that fixes compilation warning.
- README converted to markdown by Nicolas Braud-Santoni.
- Linux: use pkg-config for systemd support flags.
Patch by Jason A. Donenfeld.
- Add support for IPv6 in the server.
Raw mode will be with same protocol as used for login.
Traffic inside tunnel is still IPv4.
- Update android build to support 5.0 (Lollipop) and newer.
- Change external IP lookup to using myip.opendns.com via DNS.
- Add option to choose IPv4 listen address from external IP lookup.
- Add server support for handling multiple domains via wildcard.
- Recognize tap device component id 'root' prefix on Windows.
2014-06-16: 0.7.0 "Kryoptonite"
- Partial IPv6 support (#107)
Client can connect to iodined through an relaying IPv6
nameserver. Server only supports IPv4 for now.
Traffic inside tunnel is IPv4.
- Add socket activation for systemd, by Michael Scherer.
- Add automated lookup of external ip (via -n auto).
- Bugfix for OS X (Can't assign requested address)
- Fix DNS tunneling bug caused by uninitialized variable, #94
- Handle spaces when entering password interactively, fixes #93.
Patch by Hagar.
- Add -R option to set OpenBSD routing domain for the DNS socket.
Patch by laurent at gouloum fr, fixes #95.
- Add android patches and makefile, from Marcel Bokhorst, fixes #105.
- Added missing break in iodine.c, by Pavel Pergamenshchik, #108.
- A number of minor patches from Frank Denis, Gregor Herrmann and
Barak A. Pearlmutter.
- Testcase compilation fixes for OS X and FreeBSD
- Do not let sockets be inherited by sub-processes, fixes #99.
- Add unspecified RR type (called PRIVATE; id 65399, in private use
range). For servers with RFC3597 support. Fixes #97.
- Fix authentication bypass vulnerability; found by Oscar Reparaz.
2010-02-06: 0.6.0-rc1 "Hotspotify"
- Fixed tunnel not working on Windows.
- Any device name is now supported on Windows, fixes #47.
- Multiple installed TAP32 interfaces are now supported, fixes #46.
- Return nonzero if tunnel fails to open, fixes #62.
- Support for setting a SELinux context, based on patch by
Sebastien Raveau. Sample context file in doc/iodine.te
- Allow listen port and DNS forward port to be the same if listen IP
does not include localhost.
- The client will now exit if configuring IP or MTU fails.
- The starting cache miss value is randomized at startup, fixes #65.
- Raw UDP mode added. If the iodined server is reachable directly,
packets can be sent to it without DNS encoding. Fixes #36.
- Do not overwrite users CC/CFLAGS/LDFLAGS, only add to them.
- Added -F option to write pidfile, based on patch from
misc at mandriva.org. Fixes #70.
- Allow password to be set via environment variable, fixes #77.
Based on patch by logix.
- Client now prints server tunnel IP, fixes #78. Patch by logix.
- Fix build error on Mac OS X 10.6, patch by G. Rischard. #79.
- Added support for CNAME/TXT/A/MX query types, fixes #75.
Patch by Anne Bezemer, merge help by logix.
- Merged low-latency patch from Anne Bezemer, fixes #76.
- Resolve client nameserver argument if given as hostname, fixes #82.
- Open log before chroot, fixes #86: logging on FreeBSD.
- Merged big bugfix patch from Anne Bezemer, #88.
2009-06-01: 0.5.2 "WifiFree"
- Fixed client segfault on OS X, #57
- Added check that nameserver lookup was successful
- Fixed ENOTSOCK error on OS X and FreeBSD, #58.
2009-03-21: 0.5.1 "Boringo"
- Added initial Windows support, fixes #43.
- Added length check of autoprobe responses
@ -172,10 +100,10 @@ master:
- New encoding, 25% more peak upstream throughput
- New -l option to set local ip to listen to on server
2006-07-11: 0.3.1
2006-07-11: 0.3.1
- Add Mac OSX support
- Add setting device name
- Use compression of domain name in reply (should allow setting MTU
- Use compression of domain name in reply (should allow setting MTU
approx 200 bytes higher)
2006-06-24: 0.3.0

13
LICENSE
View File

@ -1,13 +0,0 @@
Copyright (c) 2006-2020 iodine authors
Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.

99
Makefile
View File

@ -1,8 +1,7 @@
prefix?=/usr/local
prefix=/usr/local
sbindir=$(prefix)/sbin
datadir=$(prefix)/share
mandir=$(datadir)/man
docdir=$(datadir)/doc
DESTDIR=
@ -17,8 +16,23 @@ RM_FLAGS=-f
TARGETOS = `uname`
all:
@$(MAKE) -C src TARGETOS=$(TARGETOS) all
all:
@(cd src; $(MAKE) TARGETOS=$(TARGETOS) all)
cross-mingw:
@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-mingw32-gcc all)
cross-mingw-dist: cross-mingw
@rm -rf iodine-latest-win32*
@mkdir -p iodine-latest-win32/bin
@for i in `ls bin`; do cp bin/$$i iodine-latest-win32/bin/$$i.exe; done
@cp /usr/i686-mingw32/usr/bin/zlib1.dll iodine-latest-win32/bin
@cp README* CH* TO* iodine-latest-win32
@echo "Create date: " > iodine-latest-win32/VERSION
@date >> iodine-latest-win32/VERSION
@echo "SVN version: " >> iodine-latest-win32/VERSION
@svnversion >> iodine-latest-win32/VERSION
@zip -r iodine-latest-win32.zip iodine-latest-win32
install: all
$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(sbindir)
@ -29,85 +43,20 @@ install: all
$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(mandir)/man8
$(INSTALL) $(INSTALL_FLAGS) man/iodine.8 $(DESTDIR)$(mandir)/man8/iodine.8
chmod 644 $(DESTDIR)$(mandir)/man8/iodine.8
$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(docdir)/iodine
$(INSTALL) $(INSTALL_FLAGS) README.md $(DESTDIR)$(docdir)/iodine/README.md
chmod 644 $(DESTDIR)$(docdir)/iodine/README.md
uninstall:
$(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodine
$(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodined
$(RM) $(RM_FLAGS) $(DESTDIR)$(mandir)/man8/iodine.8
test: all
@echo "!! The check library is required for compiling and running the tests"
@echo "!! Get it at https://libcheck.github.io/check/"
@$(MAKE) -C tests TARGETOS=$(TARGETOS) all
@echo "!! Get it at http://check.sf.net"
@(cd tests; $(MAKE) TARGETOS=$(TARGETOS) all)
clean:
@echo "Cleaning..."
@$(MAKE) -C src clean
@$(MAKE) -C tests clean
@rm -rf bin iodine-latest*
#Helper target for windows/android zipfiles
iodine-latest:
@rm -rf iodine-latest*
@mkdir -p iodine-latest
@echo "Create date: " > iodine-latest/VERSION.txt
@LANG=en_US date >> iodine-latest/VERSION.txt
@echo "Git version: " >> iodine-latest/VERSION.txt
@git rev-parse HEAD >> iodine-latest/VERSION.txt
@for i in README.md CHANGELOG; do cp $$i iodine-latest/$$i.txt; done
@unix2dos iodine-latest/*
#non-PIE build for old android
cross-android-old:
@$(MAKE) -C src base64u.c
@(cd src && ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk APP_PLATFORM=android-3)
#Position-indepedent build for modern android
cross-android:
@$(MAKE) -C src base64u.c
@(cd src && ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.16.mk APP_PLATFORM=android-16)
iodine-latest-android.zip: iodine-latest
@mv iodine-latest iodine-latest-android
@mkdir -p iodine-latest-android/pre-kitkat/armeabi
@mkdir -p iodine-latest-android/pre-kitkat/x86
@$(MAKE) cross-android-old TARGET_ARCH_ABI=armeabi
@cp src/libs/armeabi/* iodine-latest-android/pre-kitkat/armeabi
@$(MAKE) cross-android-old TARGET_ARCH_ABI=x86
@cp src/libs/x86/* iodine-latest-android/pre-kitkat/x86
@rm -rf src/libs src/obj
@mkdir -p iodine-latest-android/armeabi
@mkdir -p iodine-latest-android/arm64-v8a
@mkdir -p iodine-latest-android/x86
@$(MAKE) cross-android TARGET_ARCH_ABI=armeabi
@cp src/libs/armeabi/* iodine-latest-android/armeabi
@$(MAKE) cross-android TARGET_ARCH_ABI=arm64-v8a
@cp src/libs/arm64-v8a/* iodine-latest-android/arm64-v8a
@$(MAKE) cross-android TARGET_ARCH_ABI=x86
@cp src/libs/x86/* iodine-latest-android/x86
@cp README-android.txt iodine-latest-android
@zip -r iodine-latest-android.zip iodine-latest-android
cross-mingw32:
@$(MAKE) -C src TARGETOS=windows32 CC=i686-w64-mingw32-gcc all
cross-mingw64:
@$(MAKE) -C src TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc all
iodine-latest-windows.zip: iodine-latest
@mv iodine-latest iodine-latest-windows
@mkdir -p iodine-latest-windows/64bit iodine-latest-windows/32bit
@$(MAKE) -C src TARGETOS=windows32 CC=i686-w64-mingw32-gcc clean all
@i686-w64-mingw32-strip bin/iodine*
@for i in `ls bin`; do cp bin/$$i iodine-latest-windows/32bit/$$i.exe; done
@cp /usr/i686-w64-mingw32/bin/zlib1.dll iodine-latest-windows/32bit
@$(MAKE) -C src TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc clean all
@x86_64-w64-mingw32-strip bin/iodine*
@for i in `ls bin`; do cp bin/$$i iodine-latest-windows/64bit/$$i.exe; done
@cp /usr/x86_64-w64-mingw32/bin/zlib1.dll iodine-latest-windows/64bit
@cp README-win32.txt iodine-latest-windows
@zip -r iodine-latest-windows.zip iodine-latest-windows
@(cd src; $(MAKE) clean)
@(cd tests; $(MAKE) clean)
@rm -rf bin iodine-latest-win32*

132
README Normal file
View File

@ -0,0 +1,132 @@
iodine - http://code.kryo.se/iodine
***********************************
This is a piece of software that lets you tunnel IPv4 data through a DNS
server. This can be usable in different situations where internet access is
firewalled, but DNS queries are allowed.
QUICKSTART:
Try it out within your own LAN! Follow these simple steps:
- On your server, run: ./iodined -f 10.0.0.1 test.asdf
(If you already use the 10.0.0.0 network, use another internal net like
172.16.0.0)
- Enter a password
- On the client, run: ./iodine -f 192.168.0.1 test.asdf
(Replace 192.168.0.1 with the server's ip address)
- Enter the same password
- Now the client has the tunnel ip 10.0.0.2 and the server has 10.0.0.1
- Try pinging each other through the tunnel
- Done! :)
To actually use it through a relaying nameserver, see below.
HOW TO USE:
Server side:
To use this tunnel, you need control over a real domain (like mytunnel.com),
and a server with a public IP number. If the server already runs a DNS
server, change the listening port and then use the -b option to let
iodined forward the DNS requests. Then, delegate a subdomain
(say, tunnel1.mytunnel.com) to the server. If you use BIND for the domain,
add these lines to the zone file:
tunnel1host IN A 10.15.213.99
tunnel1 IN NS tunnel1host.mytunnel.com.
Do not use CNAME instead of A above.
If your server has a dynamic IP, use a dynamic dns provider:
tunnel1 IN NS tunnel1host.mydyndnsprovider.com
Now any DNS querys for domains ending with tunnel1.mytunnnel.com will be sent
to your server. Start iodined on the server. The first argument is the tunnel
IP address (like 192.168.99.1) and the second is the assigned domain (in this
case tunnel1.mytunnel.com). The -f argument will keep iodined running in the
foreground, which helps when testing. iodined will start a virtual interface,
and also start listening for DNS queries on UDP port 53. Either enter a
password on the commandline (-P pass) or after the server has started. Now
everything is ready for the client.
Client side:
All the setup is done, just start iodine. It takes up to two arguments, the
first is the local relaying DNS server (optional) and the second is the domain
used (tunnel1.mytunnnel.com). If DNS queries are allowed to any computer, you
can use the tunnel endpoint (example: 10.15.213.99 or tunnel1host.mytunnel.com)
as the first argument. The tunnel interface will get an IP close to the servers
(in this case 192.168.99.2) and a suitable MTU. Enter the same password as on
the server either by argument or after the client has started. Now you should
be able to ping the other end of the tunnel from either side.
MISC. INFO:
Try experimenting with the MTU size (-m option) to get maximum bandwidth. It is
set to 1024 by default, which seems to work with most DNS servers. If you have
problems, try setting it to 220 as this ensures all packets to be < 512 bytes.
Some DNS servers enforce a 512 byte packet limit, and this is probably the case
if you can ping through the tunnel but not login via SSH.
If you have problems, try inspecting the traffic with network monitoring tools
and make sure that the relaying DNS server has not cached the response. A
cached error message could mean that you started the client before the server.
The upstream data is sent gzipped encoded with Base32, or Base64 if the relay
server support '+' in domain names. DNS protocol allows one query per packet,
and one query can be max 256 chars. Each domain name part can be max 63 chars.
So your domain name and subdomain should be as short as possible to allow
maximum upstream throughput.
TIPS & TRICKS:
If your port 53 is taken on a specific interface by an application that does
not use it, use -p on iodined to specify an alternate port (like -p 5353) and
use for instance iptables (on Linux) to forward the traffic:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353
(Sent in by Tom Schouten)
PORTABILITY:
iodine has been tested on Linux (arm, ia64, x86, AMD64 and SPARC64), FreeBSD
(ia64, x86), OpenBSD (x86), NetBSD (x86) and MacOS X (ppc and x86, with
http://tuntaposx.sourceforge.net/). It should be easy to port to other
unix-like systems that has TUN/TAP tunneling support. Let us know if you get it
to run on other platforms.
THE NAME:
The name iodine was chosen since it starts with IOD (IP Over DNS) and since
iodine has atomic number 53, which happens to be the DNS port number.
THANKS:
- To kuxien for FreeBSD and OS X testing
- To poplix for code audit
AUTHORS & LICENSE:
Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
Permission to use, copy, modify, and distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
MD5 implementation by L. Peter Deutsch (license and source in src/md5.[ch])
Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.

50
README-android.txt
View File

@ -1,50 +0,0 @@
iodine - https://code.kryo.se/iodine
***********************************
Extra README file for Android
== Running iodine on Android:
1. Get root access on your android device
2. Find/build a compatible tun.ko for your specific Android kernel
3. Copy tun.ko and the iodine binary to your device:
(Almost all devices need the armeabi binary. Only Intel powered
ones need the x86 build.)
adb push tun.ko /data/local/tmp
adb push iodine /data/local/tmp
adb shell
su
cd /data/local/tmp
chmod 777 iodine
4. Run iodine (see the man page for parameters)
./iodine ...
For more information: http://blog.bokhorst.biz/5123
== Building iodine for Android:
1. Download and install the Android SDK and NDK
2. Download and unpack the iodine sources
3. Build:
cd src
make base64u.h base64u.c
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.16.mk APP_PLATFORM=android-16
or run "make cross-android" in the iodine root directory.
To build for other archs, specify TARGET_ARCH_ABI:
"make cross-android TARGET_ARCH_ABI=x86"
For older android versions (pre-kitkat), build with "make cross-android-old" in the
root directory, or manually like above but with APP_PLATFORM=android-3 and with
APP_BUILD_SCRIPT=Android.mk
The iodine binary ends up in src/libs/<arch>/iodine

30
README-win32.txt
View File

@ -1,6 +1,6 @@
iodine - https://code.kryo.se/iodine
iodine - http://code.kryo.se/iodine
***********************************
@ -8,26 +8,20 @@ Extra README file for Win32 related stuff
== Running iodine on Windows:
1. Install the TAP32 driver
http://openvpn.net/index.php/downloads.html
choose OpenVPN 2.0.9 Windows Installer, when installing you can
select to install only the TAP driver.
0. After iodine 0.6, you need Windows XP or newer to run.
2. Have one TAP32 interface installed
1. Install the TAP driver
https://openvpn.net/index.php/open-source/downloads.html
Download the OpenVPN TAP driver (under section Tap-windows)
Problems has been reported with the NDIS6 version (9.2x.y), use the
NDIS5 version for now if possible.
3. Name the interface "dns"
2. Have at least one TAP32 interface installed. There are scripts for adding
and removing in the OpenVPN bin directory. If you have more than one
installed, use -d to specify which. Use double quotes if you have spaces,
example: iodine.exe -d "Local Area Connection 4" abc.ab
4. Make sure the interface does not have a default gateway set
3. Make sure the interface you want to use does not have a default gateway set.
5. Run iodine/iodined as normal.
4. Run iodine/iodined as normal (see the main README file).
You may have to run it as administrator depending on user privileges.
5. Enjoy!
6. Enjoy!
== Building on Windows:
@ -47,13 +41,15 @@ Note that the binaries will not get a .exe suffix
== Zlib download
You can get zlib for MinGW here (both for native and crosscompile):
https://code.kryo.se/iodine/deps/zlib.zip
http://code.kryo.se/iodine/deps/zlib.zip
Unzip it in your MinGW directory on Windows or in $ROOT/usr for
cross-compile.
== Results of crappy Win32 API:
The following fixable limitations apply:
- Exactly one TAP32 interface must be installed
- The TAP32 interface must be named "dns" and be version 0801 or 0901
- Server cannot read packet destination address
The following (probably) un-fixable limitations apply:

423
README.md
View File

@ -1,423 +0,0 @@
iodine - <https://code.kryo.se/iodine>
=====================================
This is a piece of software that lets you tunnel IPv4 data through a DNS
server. This can be usable in different situations where internet access is
firewalled, but DNS queries are allowed.
COMPILING
---------
Iodine has no configure script. There are two optional features for Linux
(SELinux and systemd support) that will be enabled automatically if the
relevant header files are found in `/usr/include`.
(See script at `./src/osflags`)
Run `make` to compile the server and client binaries.
Run `make install` to copy binaries and manpage to the destination directory.
Run `make test` to compile and run the unit tests. (Requires the `check` library)
QUICKSTART
----------
Try it out within your own LAN! Follow these simple steps:
- On your server, run: `./iodined -f 10.0.0.1 test.com`.
If you already use the `10.0.0.0` network, use another internal net like
`172.16.0.0`.
- Enter a password.
- On the client, run: `./iodine -f -r 192.168.0.1 test.com`.
Replace `192.168.0.1` with your server's ip address.
- Enter the same password.
- Now the client has the tunnel ip `10.0.0.2` and the server has `10.0.0.1`.
- Try pinging each other through the tunnel.
- Done! :)
To actually use it through a relaying nameserver, see below.
HOW TO USE
----------
Note: server and client are required to speak the exact same protocol. In most
cases, this means running the same iodine version. Unfortunately, implementing
backward and forward protocol compatibility is usually not feasible.
### Server side
To use this tunnel, you need control over a real domain (like `mydomain.com`),
and a server with a public IP address to run `iodined` on. If this server
already runs a DNS program, change its listening port and then use `iodined`'s
`-b` option to let `iodined` forward the DNS requests. (Note that this procedure
is not advised in production environments, because `iodined`'s DNS forwarding
is not completely transparent, for example zone transfers will not work.)
Alternatively you can forward the subdomain from your DNS server to `iodined`
which must then run on a different port (`-p`).
Then, delegate a subdomain (say, `t1.mydomain.com`) to the iodined server.
If you use BIND for your domain, add two lines like these to the zone file:
t1 IN NS t1ns.mydomain.com. ; note the dot!
t1ns IN A 10.15.213.99
The `NS` line is all that's needed to route queries for the `t1` subdomain
to the `t1ns` server. We use a short name for the subdomain, to keep as much
space as possible available for the data traffic. At the end of the `NS` line
is the name of your `iodined` server. This can be any name, pointing anywhere,
but in this case it's easily kept in the same zone file. It must be a name
(not an IP address), and that name itself must have an `A` record
(not a `CNAME`).
If your `iodined` server has a dynamic IP, use a dynamic DNS provider. Simply
point the `NS` line to it, and leave the `A` line out:
t1 IN NS myname.mydyndnsprovider.com. ; note the dot!
Then reload or restart your nameserver program. Now any DNS queries for
domains ending in `t1.mydomain.com` will be sent to your `iodined` server.
Finally start `iodined` on your server. The first argument is the IP address
inside the tunnel, which can be from any range that you don't use yet (for
example `192.168.99.1`), and the second argument is the assigned domain (in this
case `t1.mydomain.com`). Using the `-f` option will keep iodined running in the
foreground, which helps when testing. iodined will open a virtual interface
("tun device"), and will also start listening for DNS queries on UDP port 53.
Either enter a password on the commandline (`-P pass`) or after the server has
started. Now everything is ready for the client.
If there is a chance you'll be using an iodine tunnel from unexpected
environments, start `iodined` with a `-c` option.
Resulting commandline in this example situation:
./iodined -f -c -P secretpassword 192.168.99.1 t1.mydomain.com
### Client side
All the setup is done, just start `iodine`. It takes one or two arguments, the
first is the local relaying DNS server (optional) and the second is the domain
you used (`t1.mydomain.com`). If you don't specify the first argument, the
system's current DNS setting will be consulted.
If DNS queries are allowed to any computer, you can directly give the `iodined`
server's address as first argument (in the example: `t1ns.mydomain.com` or
`10.15.213.99`). In that case, it may also happen that _any_ traffic is allowed
to the DNS port (53 UDP) of any computer. Iodine will detect this, and switch
to raw UDP tunneling if possible. To force DNS tunneling in any case, use the
`-r` option (especially useful when testing within your own network).
The client's tunnel interface will get an IP close to the server's (in this
case `192.168.99.2` or `.3` etc.) and a suitable MTU. Enter the same password as
on the server either as commandline option or after the client has started.
Using the `-f` option will keep the iodine client running in the foreground.
Resulting commandline in this example situation, adding -r forces DNS tunneling
even if raw UDP tunneling would be possible:
./iodine -f -P secretpassword t1.mydomain.com
From either side, you should now be able to ping the IP address on the other
end of the tunnel. In this case, `ping 192.168.99.1` from the iodine client, and
`192.168.99.2` from the iodine server.
### MISC. INFO
#### IPv6
The data inside the tunnel is IPv4 only.
The server listens to both IPv4 and IPv6 for incoming requests by default.
Use options `-4` or `-6` to only listen on one protocol. Raw mode will be
attempted on the same protocol as used for the login.
The client can use IPv4 or IPv6 nameservers to connect to iodined. The relay
nameservers will translate between protocols automatically if needed. Use
options `-4` or `-6` to force the client to use a specific IP version for its DNS
queries.
If your server is listening on IPv6 and is reachable, add an AAAA record for it
to your DNS setup. Extending the example above would look like this:
t1 IN NS t1ns.mydomain.com. ; note the dot!
t1ns IN A 10.15.213.99
t1ns IN AAAA 2001:db8::1001:99
#### Routing
It is possible to route all traffic through the DNS tunnel. To do this, first
add a host route to the nameserver used by iodine over the wired/wireless
interface with the default gateway as gateway. Then replace the default
gateway with the iodined server's IP address inside the DNS tunnel, and
configure the server to do NAT.
However, note that the tunneled data traffic is not encrypted at all, and can
be read and changed by external parties relatively easily. For maximum
security, run a VPN through the DNS tunnel (=double tunneling), or use secure
shell (SSH) access, possibly with port forwarding. The latter can also be used
for web browsing, when you run a web proxy (for example Privoxy) on your
server.
#### Testing
The `iodined` server replies to `NS` requests sent for subdomains of the tunnel
domain. If your iodined subdomain is `t1.mydomain.com`, send a `NS` request for
`foo123.t1.mydomain.com` to see if the delegation works.
`dig` is a good tool for this:
% dig -t NS foo123.t1.mydomain.com
ns.io.citronna.de.
Also, the iodined server will answer requests starting with 'z' for any of the
supported request types, for example:
dig -t TXT z456.t1.mydomain.com
dig -t SRV z456.t1.mydomain.com
dig -t CNAME z456.t1.mydomain.com
The reply should look like garbled text in all these cases.
#### Mac OS X
On Mac OS X 10.6 and later, iodine supports the native utun devices built into
the OS - use `-d utunX`.
Operational info
----------------
The DNS-response fragment size is normally autoprobed to get maximum bandwidth.
To force a specific value (and speed things up), use the `-m` option.
The DNS hostnames are normally used up to their maximum length, 255 characters.
Some DNS relays have been found that answer full-length queries rather
unreliably, giving widely varying (and mostly very bad) results of the
fragment size autoprobe on repeated tries. In these cases, use the `-M` switch
to reduce the DNS hostname length to, for example 200 characters, which makes
these DNS relays much more stable. This is also useful on some “de-optimizing”
DNS relays that stuff the response with two full copies of the query, leaving
very little space for downstream data (also not capable of EDNS0). The `-M`
switch can trade some upstream bandwidth for downstream bandwidth. Note that
the minimum `-M` value is about 100, since the protocol can split packets (1200
bytes max) in only 16 fragments, requiring at least 75 real data bytes per
fragment.
The upstream data is sent gzipped encoded with Base32; or Base64 if the relay
server supports mixed case and `+` in domain names; or Base64u if `_` is
supported instead; or Base128 if high-byte-value characters are supported.
This upstream encoding is autodetected. The DNS protocol allows one query per
packet, and one query can be max 256 chars. Each domain name part can be max
63 chars. So your domain name and subdomain should be as short as possible to
allow maximum upstream throughput.
Several DNS request types are supported, with the `NULL` and `PRIVATE` types
expected to provide the largest downstream bandwidth. The `PRIVATE` type uses
value 65399 in the private-use range. Other available types are `TXT`, `SRV`,
`MX`, `CNAME` and `A` (returning `CNAME`), in decreasing bandwidth order.
Normally the “best” request type is autodetected and used. However, DNS relays
may impose limits on for example NULL and TXT, making SRV or MX actually the best
choice. This is not autodetected, but can be forced using the `-T` option.
It is advisable to try various alternatives especially when the autodetected
request type provides a downstream fragment size of less than 200 bytes.
Note that `SRV`, `MX` and `A` (returning `CNAME`) queries may/will cause
additional lookups by "smart" caching nameservers to get an actual IP address,
which may either slow down or fail completely.
DNS responses for non-`NULL/PRIVATE` queries can be encoded with the same set of
codecs as upstream data. This is normally also autodetected, but no fully
exhaustive tests are done, so some problems may not be noticed when selecting
more advanced codecs. In that case, you'll see failures/corruption in the
fragment size autoprobe. In particular, several DNS relays have been found that
change replies returning hostnames (`SRV`, `MX`, `CNAME`, `A`) to lowercase only
when that hostname exceeds ca. 180 characters. In these and similar cases, use
the `-O` option to try other downstream codecs; Base32 should always work.
Normal operation now is for the server to _not_ answer a DNS request until
the next DNS request has come in, a.k.a. being “lazy”. This way, the server
will always have a DNS request handy when new downstream data has to be sent.
This greatly improves (interactive) performance and latency, and allows to
slow down the quiescent ping requests to 4 second intervals by default, and
possibly much slower. In fact, the main purpose of the pings now is to force
a reply to the previous ping, and prevent DNS server timeouts (usually at
least 5-10 seconds per RFC1035). Some DNS servers are more impatient and will
give SERVFAIL errors (timeouts) in periods without tunneled data traffic. All
data should still get through in these cases, but `iodine` will reduce the ping
interval to 1 second anyway (-I1) to reduce the number of error messages. This
may not help for very impatient DNS relays like `dnsadvantage.com` (ultradns),
which time out in 1 second or even less. Yet data will still get trough, and
you can ignore the `SERVFAIL` errors.
If you are running on a local network without any DNS server in-between, try
`-I 50` (iodine and iodined close the connection after 60 seconds of silence).
The only time you'll notice a slowdown, is when DNS reply packets go missing;
the `iodined` server then has to wait for a new ping to re-send the data. You can
speed this up by generating some upstream traffic (keypress, ping). If this
happens often, check your network for bottlenecks and/or run with `-I1`.
The delayed answering in lazy mode will cause some “carrier grade” commercial
DNS relays to repeatedly re-send the same DNS query to the iodined server.
If the DNS relay is actually implemented as a pool of parallel servers,
duplicate requests may even arrive from multiple sources. This effect will
only be visible in the network traffic at the `iodined` server, and will not
affect the client's connection. Iodined will notice these duplicates, and send
the same answer (when its time has come) to both the original query and the
latest duplicate. After that, the full answer is cached for a short while.
Delayed duplicates that arrive at the server even later, get a reply that the
iodine client will ignore (if it ever arrives there).
If you have problems, try inspecting the traffic with network monitoring tools
like tcpdump or ethereal/wireshark, and make sure that the relaying DNS server
has not cached the response. A cached error message could mean that you
started the client before the server. The `-D` (and `-DD`) option on the server
can also show received and sent queries.
TIPS & TRICKS
-------------
If your port 53 is taken on a specific interface by an application that does
not use it, use `-p` on iodined to specify an alternate port (like `-p 5353`)
and use for instance iptables (on Linux) to forward the traffic:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353
(Sent in by Tom Schouten)
Iodined will reject data from clients that have not been active (data/pings)
for more than 60 seconds. Similarly, iodine will exit when no downstream
data has been received for 60 seconds. In case of a long network outage or
similar, just restart iodine (re-login), possibly multiple times until you get
your old IP address back. Once that's done, just wait a while, and you'll
eventually see the tunneled TCP traffic continue to flow from where it left
off before the outage.
With the introduction of the downstream packet queue in the server, its memory
usage has increased with several megabytes in the default configuration.
For use in low-memory environments (e.g. running on your DSL router), you can
decrease USERS and undefine OUTPACKETQ_LEN in user.h without any ill conse-
quence, assuming at most one client will be connected at any time. A small
DNSCACHE_LEN is still advised, preferably 2 or higher, however you can also
undefine it to save a few more kilobytes.
One iodine server can handle multiple domains. Set up different NS records
on the same domain all pointing to the same host, and use a wildcard
at the start of the topdomain argument (example `*.mydomain.com`). iodine
will accept tunnel traffic for all domains matching that pattern. The wildcard
has to be at the start of the topdomain argument and be followed by a dot.
PERFORMANCE
-----------
This section tabulates some performance measurements. To view properly, use
a fixed-width font like Courier.
Measurements were done in protocol 00000502 in lazy mode; upstream encoding
always Base128; `iodine -M255`; `iodined -m1130`. Network conditions were not
extremely favorable; results are not benchmarks but a realistic indication of
real-world performance that can be expected in similar situations.
Upstream/downstream throughput was measured by `scp`'ing a file previously
read from `/dev/urandom` (i.e. incompressible), and measuring size with
`ls -l ; sleep 30 ; ls -l` on a separate non-tunneled connection. Given the
large `scp` block size of 16 kB, this gives a resolution of 4.3 kbit/s, which
explains why some values are exactly equal.
Ping round-trip times measured with `ping -c100`, presented are average rtt
and mean deviation (indicating spread around the average), in milliseconds.
### Situation 1: `Laptop -> Wifi AP -> Home server -> DSL provider -> Datacenter`
iodine DNS "relay" bind9 DNS cache iodined
downstr. upstream downstr. ping-up ping-down
fragsize kbit/s kbit/s avg +/-mdev avg +/-mdev
-----------------------------------------------------------------------------
iodine -> Wifi AP :53
-Tnull (= -Oraw) 982 43.6 131.0 28.0 4.6 26.8 3.4
iodine -> Home server :53
-Tnull (= -Oraw) 1174 48.0 305.8 26.6 5.0 26.9 8.4
iodine -> DSL provider :53
-Tnull (= -Oraw) 1174 56.7 367.0 20.6 3.1 21.2 4.4
-Ttxt -Obase32 730 56.7 174.7*
-Ttxt -Obase64 874 56.7 174.7
-Ttxt -Obase128 1018 56.7 174.7
-Ttxt -Oraw 1162 56.7 358.2
-Tsrv -Obase128 910 56.7 174.7
-Tcname -Obase32 151 56.7 43.6
-Tcname -Obase128 212 56.7 52.4
iodine -> DSL provider :53
wired (no Wifi) -Tnull 1174 74.2 585.4 20.2 5.6 19.6 3.4
[174.7* : these all have 2frag/packet]
### Situation 2: `Laptop -> Wifi+vpn / wired -> Home server`
iodine iodined
downstr. upstream downstr. ping-up ping-down
fragsize kbit/s kbit/s avg +/-mdev avg +/-mdev
-----------------------------------------------------------------------------
wifi + openvpn -Tnull 1186 166.0 1022.3 6.3 1.3 6.6 1.6
wired -Tnull 1186 677.2 2464.1 1.3 0.2 1.3 0.1
### Notes
Performance is strongly coupled to low ping times, as iodine requires
confirmation for every data fragment before moving on to the next. Allowing
multiple fragments in-flight like TCP could possibly increase performance,
but it would likely cause serious overload for the intermediary DNS servers.
The current protocol scales performance with DNS responsivity, since the
DNS servers are on average handling at most one DNS request per client.
PORTABILITY
-----------
iodine has been tested on Linux (arm, ia64, x86, AMD64 and SPARC64), FreeBSD
(ia64, x86), OpenBSD (x86), NetBSD (x86), MacOS X (ppc and x86, with
<http://tuntaposx.sourceforge.net/>). and Windows (with OpenVPN TAP32 driver, see
win32 readme file). It should be easy to port to other unix-like systems that
have TUN/TAP tunneling support. Let us know if you get it to run on other
platforms.
THE NAME
--------
The name iodine was chosen since it starts with IOD (IP Over DNS) and since
iodine has atomic number 53, which happens to be the DNS port number.
THANKS
------
- To kuxien for FreeBSD and OS X testing
- To poplix for code audit
AUTHORS & LICENSE
-----------------
Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>, 2006-2009 Bjorn
Andersson <flex@kryo.se>. Also major contributions by Anne Bezemer.
Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
MD5 implementation by L. Peter Deutsch (license and source in `src/md5.[ch]`)
Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.

12
TODO Normal file
View File

@ -0,0 +1,12 @@
iodine - http://code.kryo.se/iodine
***********************************
The TODO list is now located at
http://dev.kryo.se/iodine/
The list is under the "View tickets" page
Feel free to add your own wishes and bug reports

11
doc/iodine-server.service
View File

@ -1,11 +0,0 @@
[Unit]
Description=Iodine Server
After=local-fs.target network.target
[Service]
EnvironmentFile=-/etc/sysconfig/iodine-server
ExecStart=/usr/local/bin/iodined -i 30 -f $OPTIONS
StandardOutput=syslog
[Install]
WantedBy=multi-user.target

10
doc/iodine-server.socket
View File

@ -1,10 +0,0 @@
[Unit]
Description=Iodine socket
[Socket]
ListenDatagram=53
ListenDatagram=0.0.0.0:53
BindIPv6Only=ipv6-only
[Install]
WantedBy=sockets.target

25
doc/iodine.te
View File

@ -1,25 +0,0 @@
# Sample post-initialization SELinux policy for Iodine
policy_module(iodine, 1.1)
require {
type init_t;
type initrc_t;
type unconfined_t;
type unlabeled_t;
class udp_socket { read write };
class rawip_socket { write read };
class association recvfrom;
class unix_dgram_socket { create connect };
}
type iodine_t;
domain_type(iodine_t)
domain_dyntrans_type(initrc_t)
allow initrc_t iodine_t:process dyntransition;
allow iodine_t unconfined_t:udp_socket { read write };
allow iodine_t unconfined_t:rawip_socket { write read };
allow iodine_t unlabeled_t:association recvfrom;
allow iodine_t self:unix_dgram_socket { create connect };
corenet_raw_receive_generic_node(iodine_t)
corenet_rw_tun_tap_dev(iodine_t)

290
doc/proto_00000502.txt
View File

@ -1,290 +0,0 @@
Detailed specification of protocol in version 00000502
======================================================
Note: work in progress!!
======================================================
1. DNS protocol
======================================================
Quick alphabetical index / register:
0-9 Data packet
A-F Data packet
I IP address
L Login
N Downstream fragsize (NS.topdomain A-type reply)
O Options
P Ping
R Downstream fragsize probe
S Switch upstream codec
V Version
W (WWW.topdomain A-type reply)
Y Downstream codec check
Z Upstream codec check
CMC = 2 byte Cache Miss Counter, increased every time it is used
Version:
Client sends:
First byte v or V
Rest encoded with base32:
4 bytes big endian protocol version
CMC
Server replies:
4 chars:
VACK (version ok), followed by login challenge
VNAK (version differs), followed by server protocol version
VFUL (server has no free slots), followed by max users
4 byte value: means login challenge/server protocol version/max users
1 byte userid of the new user, or any byte if not VACK
Login:
Client sends:
First byte l or L
Rest encoded with base32:
1 byte userid
16 bytes MD5 hash of: (first 32 bytes of password) xor (8 repetitions of login challenge)
CMC
Server replies:
LNAK means not accepted
x.x.x.x-y.y.y.y-mtu-netmask means accepted (server ip, client ip, mtu, netmask bits)
IP Request: (for where to try raw login)
Client sends:
First byte i or I
5 bits coded as Base32 char, meaning userid
CMC as 3 Base32 chars
Server replies
BADIP if bad userid
First byte I
Then comes external IP address of iodined server
as 4 bytes (IPv4) or 16 bytes (IPv6)
Upstream codec check / bounce:
Client sends:
First byte z or Z
Lots of data that should not be decoded
Server replies:
The requested domain copied raw, in the lowest-grade downstream codec
available for the request type.
Downstream codec check:
Client sends:
First byte y or Y
1 char, meaning downstream codec to use
5 bits coded as Base32 char, meaning check variant
CMC as 3 Base32 chars
Possibly extra data, depending on check variant
Server sends:
Data encoded with requested downstream codec; data content depending
on check variant number.
BADCODEC if requested downstream codec not available.
BADLEN if check variant is not available, or problem with extra data.
Downstream codec chars are same as in 'O' Option request, below.
Check variants:
1: Send encoded DOWNCODECCHECK1 string as defined in encoding.h
(Other variants reserved; possibly variant that sends a decoded-encoded
copy of Base32-encoded extra data in the request)
Switch codec:
Client sends:
First byte s or S
5 bits coded as Base32 char, meaning userid
5 bits coded as Base32 char, representing number of raw bits per
encoded byte:
5: Base32 (a-z0-5)
6: Base64 (a-zA-Z0-9+-)
26: Base64u (a-zA-Z0-9_-)
7: Base128 (a-zA-Z0-9\274-\375)
CMC as 3 Base32 chars
Server sends:
Name of codec if accepted. After this all upstream data packets must
be encoded with the new codec.
BADCODEC if not accepted. Client must then revert to previous codec
BADLEN if length of query is too short
Options:
Client sends:
First byte o or O
5 bits coded as Base32 char, meaning userid
1 char, meaning option
CMC as 3 Base32 chars
Server sends:
Full name of option if accepted. After this, option immediately takes
effect in server.
BADCODEC if not accepted. Previous situation remains.
All options affect only the requesting client.
Option chars:
t or T: Downstream encoding Base32, for TXT/CNAME/A/MX (default)
s or S: Downstream encoding Base64, for TXT/CNAME/A/MX
u or U: Downstream encoding Base64u, for TXT/CNAME/A/MX
v or V: Downstream encoding Base128, for TXT/CNAME/A/MX
r or R: Downstream encoding Raw, for PRIVATE/TXT/NULL (default for
PRIVATE and NULL)
If codec unsupported for request type, server will use Base32; note
that server will answer any mix of request types that a client sends.
Server may disregard this option; client must always use the downstream
encoding type indicated in every downstream DNS packet.
l or L: Lazy mode, server will keep one request unanswered until the
next one comes in. Applies only to data transfer; handshake is always
answered immediately.
i or I: Immediate (non-lazy) mode, server will answer all requests
(nearly) immediately.
Probe downstream fragment size:
Client sends:
First byte r or R
15 bits coded as 3 Base32 chars: UUUUF FFFFF FFFFF
meaning 4 bits userid, 11 bits fragment size
Then follows a long random query which contents does not matter
Server sends:
Requested number of bytes as a response. The first two bytes contain
the requested length. The third byte is 107 (0x6B). The fourth byte
is a random value, and each following byte is incremented with 107.
This is checked by the client to determine corruption.
BADFRAG if requested length not accepted.
Set downstream fragment size:
Client sends:
First byte n or N
Rest encoded with base32:
1 byte userid
2 bytes new downstream fragment size
CMC
Server sends:
2 bytes new downstream fragment size. After this all downstream
payloads will be max (fragsize + 2) bytes long.
BADFRAG if not accepted.
Data:
Upstream data header:
3210 432 10 43 210 4321 0 43210
+----+---+--+--+---+----+-+-----+
|UUUU|SSS|FF|FF|DDD|GGGG|L|UDCMC|
+----+---+--+--+---+----+-+-----+
Downstream data header:
7 654 3210 765 4321 0
+-+---+----+---+----+-+
|C|SSS|FFFF|DDD|GGGG|L|
+-+---+----+---+----+-+
UUUU = Userid
L = Last fragment in packet flag
SS = Upstream packet sequence number
FFFF = Upstream fragment number
DDD = Downstream packet sequence number
GGGG = Downstream fragment number
C = Compression enabled for downstream packet
UDCMC = Upstream Data CMC, 36 steps a-z0-9, case-insensitive
Upstream data packet starts with 1 byte ASCII hex coded user byte; then 3 bytes
Base32 encoded header; then 1 char data-CMC; then comes the payload data,
encoded with the chosen upstream codec.
Downstream data starts with 2 byte header. Then payload data, which may be
compressed.
In NULL and PRIVATE responses, downstream data is always raw. In all other
response types, downstream data is encoded (see Options above).
Encoding type is indicated by 1 prefix char:
TXT:
End result is always DNS-chopped (series of len-prefixed strings
<=255 bytes)
t or T: Base32 encoded before chop, decoded after un-chop
s or S: Base64 encoded before chop, decoded after un-chop
u or U: Base64u encoded before chop, decoded after un-chop
v or V: Base128 encoded before chop, decoded after un-chop
r or R: Raw no encoding, only DNS-chop
SRV/MX/CNAME/A:
h or H: Hostname encoded with Base32
i or I: Hostname encoded with Base64
j or J: Hostname encoded with Base64u
k or K: Hostname encoded with Base128
SRV and MX may reply with multiple hostnames, each encoded separately. Each
has a 10-multiple priority, and encoding/decoding is done in strictly
increasing priority sequence 10, 20, 30, etc. without gaps. Note that some DNS
relays will shuffle the answer records in the response.
Ping:
Client sends:
First byte p or P
Rest encoded with Base32:
1 byte with 4 bits userid
1 byte with:
3 bits downstream seqno
4 bits downstream fragment
CMC
The server response to Ping and Data packets is a DNS NULL/TXT/.. type response,
always starting with the 2 bytes downstream data header as shown above.
If server has nothing to send, no data is added after the header.
If server has something to send, it will add the downstream data packet
(or some fragment of it) after the header.
"Lazy-mode" operation
=====================
Client-server DNS traffic sequence has been reordered to provide increased
(interactive) performance and greatly reduced latency.
Idea taken from Lucas Nussbaum's slides (24th IFIP International Security
Conference, 2009) at http://www.loria.fr/~lnussbau/tuns.html. Current
implementation is original to iodine, no code or documentation from any other
project was consulted during development.
Server:
Upstream data is acked immediately*, to keep the slow upstream data flowing
as fast as possible (client waits for ack to send next frag).
Upstream pings are answered _only_ when 1) downstream data arrives from tun,
OR 2) new upstream ping/data arrives from client.
In most cases, this means we answer the previous DNS query instead of the
current one. The current query is kept in queue and used as soon as
downstream data has to be sent.
*: upstream data ack is usually done as reply on the previous ping packet,
and the upstream-data packet itself is kept in queue.
Client:
Downstream data is acked immediately, to keep it flowing fast (includes a
ping after last downstream frag).
Also, after all available upstream data is sent & acked by the server (which
in some cases uses up the last query), send an additional ping to prime the
server for the next downstream data.
======================================================
2. Raw UDP protocol
======================================================
All Raw UDP protcol messages start with a 3 byte header: 0x10d19e
This is not the start of a valid DNS message so it is easy to identify.
The fourth byte contains the command and the user id.
7654 3210
+----+----+
|CCCC|UUUU|
+----+----+
Login message (command = 1):
The header is followed by a MD5 hash with the same password as in the DNS
login. The client starts the raw mode by sending this message, and uses
the login challenge +1, and the server responds using the login challenge -1.
After the login message has been exchanged, both the server and the client
switch to raw udp mode for the rest of the connection.
Data message (command = 2):
After the header comes the payload data, which may be compressed.
Ping message (command = 3):
Sent from client to server and back to keep session open. Has no payload.

359
man/iodine.8
View File

@ -1,5 +1,5 @@
.\" groff -man -Tascii iodine.8
.TH IODINE 8 "APR 2012" "User Manuals"
.TH IODINE 8 "JUL 2008" "User Manuals"
.SH NAME
iodine, iodined \- tunnel IPv4 over DNS
.SH SYNOPSIS
@ -7,7 +7,7 @@ iodine, iodined \- tunnel IPv4 over DNS
.B iodine [-h]
.B iodine [-4] [-6] [-f] [-r] [-u
.B iodine [-f] [-u
.I user
.B ] [-P
.I password
@ -17,24 +17,6 @@ iodine, iodined \- tunnel IPv4 over DNS
.I chrootdir
.B ] [-d
.I device
.B ] [-R
.I rdomain
.B ] [-m
.I fragsize
.B ] [-M
.I namelen
.B ] [-z
.I context
.B ] [-F
.I pidfile
.B ] [-T
.I dnstype
.B ] [-O
.I downenc
.B ] [-L
.I 0|1
.B ] [-I
.I interval
.B ]
.B [
.I nameserver
@ -45,7 +27,7 @@ iodine, iodined \- tunnel IPv4 over DNS
.B iodined [-h]
.B iodined [-4] [-6] [-c] [-s] [-f] [-D] [-u
.B iodined [-c] [-s] [-f] [-D] [-u
.I user
.B ] [-t
.I chrootdir
@ -54,28 +36,16 @@ iodine, iodined \- tunnel IPv4 over DNS
.B ] [-m
.I mtu
.B ] [-l
.I listen_ip4
.B ] [-L
.I listen_ip6
.I listen_ip
.B ] [-p
.I port
.B ] [-n
(
.B auto
|
.I external_ip
)
.I external ip
.B ] [-b
.I dnsport
.B ] [-P
.I password
.B ] [-z
.I context
.B ] [-F
.I pidfile
.B ] [-i
.I max_idle_time
.B ]
.B ]
.I tunnel_ip
.B [
.I /netmask
@ -83,23 +53,14 @@ iodine, iodined \- tunnel IPv4 over DNS
.I topdomain
.SH DESCRIPTION
.B iodine
lets you tunnel IPv4 data through a DNS
lets you tunnel IPv4 data through a DNS
server. This can be useful in situations where Internet access is firewalled,
but DNS queries are allowed. It needs a TUN/TAP device to operate. The
bandwidth is asymmetrical,
with a measured maximum of 680 kbit/s upstream and 2.3 Mbit/s
downstream in a wired LAN test network.
Realistic sustained throughput on a Wifi network using a carrier-grade
DNS cache has been measured at some 50 kbit/s upstream and over 200 kbit/s
downstream.
but DNS queries are allowed. It needs a TUN/TAP device to operate. The
bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.
.B iodine
is the client application,
.B iodined
is the server.
Note: server and client are required to speak the exact same protocol. In most
cases, this means running the same iodine version. Unfortunately, implementing
backward and forward protocol compatibility is usually not feasible.
.SH OPTIONS
.SS Common Options:
.TP
@ -112,12 +73,6 @@ Print usage info and exit.
.B -f
Keep running in foreground.
.TP
.B -4
Force/allow only IPv4 DNS queries
.TP
.B -6
Force/allow only IPv6 DNS queries
.TP
.B -u user
Drop privileges and run as user 'user' after setting up tunnel.
.TP
@ -126,255 +81,149 @@ Chroot to 'chrootdir' after setting up tunnel.
.TP
.B -d device
Use the TUN device 'device' instead of the normal one, which is dnsX on Linux
and otherwise tunX. On Mac OS X 10.6, this can also be utunX, which will attempt
to use an utun device built into the OS.
and otherwise tunX.
.TP
.B -P password
Use 'password' to authenticate. If not used,
Use 'password' to authenticate. If not used,
.B stdin
will be used as input. Only the first 32 characters will be used.
.TP
.B -z context
Apply SELinux 'context' after initialization.
.TP
.B -F pidfile
Create 'pidfile' and write process id in it.
.SS Client Options:
.TP
.B -r
Skip raw UDP mode. If not used, iodine will try getting the public IP address
of the iodined host and test if it is reachable directly. If it is, traffic
will be sent to the server instead of the DNS relay.
.TP
.B -R rdomain
Use OpenBSD routing domain 'rdomain' for the DNS connection.
.TP
.B -m fragsize
Force maximum downstream fragment size. Not setting this will cause the
client to automatically probe the maximum accepted downstream fragment size.
.TP
.B -M namelen
Maximum length of upstream hostnames, default 255.
Usable range ca. 100 to 255.
Use this option to scale back upstream bandwidth in favor of downstream
bandwidth.
Also useful for DNS servers that perform unreliably when using full-length
hostnames, noticeable when fragment size autoprobe returns very
different results each time.
.TP
.B -T dnstype
DNS request type override.
By default, autodetection will probe for working DNS request types, and
will select the request type that is expected to provide the most bandwidth.
However, it may turn out that a DNS relay imposes limits that skew the
picture, which may lead to an "unexpected" DNS request type providing
more bandwidth.
In that case, use this option to override the autodetection.
In (expected) decreasing bandwidth order, the supported DNS request types are:
.IR NULL ,
.IR PRIVATE ,
.IR TXT ,
.IR SRV ,
.IR MX ,
.I CNAME
and
.I A
(returning CNAME).
Note that
.IR SRV ,
.I MX
and
.I A
may/will cause additional lookups by "smart" caching
nameservers to get an actual IP address, which may either slow down or fail
completely. The
.IR PRIVATE
type uses value 65399 (in the 'private use' range) and requires servers
implementing RFC 3597.
.TP
.B -O downenc
Force downstream encoding type for all query type responses except NULL.
Default is autodetected, but may not spot all problems for the more advanced
codecs.
Use this option to override the autodetection.
.I Base32
is the lowest-grade codec and should always work; this is used when
autodetection fails.
.I Base64
provides more bandwidth, but may not work on all nameservers.
.I Base64u
is equal to Base64 except in using underscore ('_')
instead of plus sign ('+'), possibly working where
.I Base64
does not.
.I Base128
uses high byte values (mostly accented letters in iso8859-1),
which might work with some nameservers.
For TXT queries,
.I Raw
will provide maximum performance, but this will only work if the nameserver
path is fully 8-bit-clean for responses that are assumed to be "legible text".
.TP
.B -L 0|1
Lazy-mode switch.
\-L1 (default): Use lazy mode for improved performance and decreased latency.
A very small minority of DNS relays appears to be unable to handle the
lazy mode traffic pattern, resulting in no or very little data coming through.
The iodine client will detect this and try to switch back to legacy mode,
but this may not always work.
In these situations use \-L0 to force running in legacy mode
(implies \-I1).
.TP
.B -I interval
Maximum interval between requests (pings) so that intermediate DNS
servers will not time out. Default is 4 in lazy mode, which will work
fine in most cases. When too many SERVFAIL errors occur, iodine
will automatically reduce this to 1.
To get absolute minimum DNS traffic,
increase well above 4, but not so high that SERVFAIL errors start to occur.
There are some DNS relays with very small timeouts,
notably dnsadvantage.com (ultradns), that will give
SERVFAIL errors even with \-I1; data will still get trough,
and these errors can be ignored.
Maximum useful value is 59, since iodined will close a client's
connection after 60 seconds of inactivity.
Maximum downstream fragsize. Not setting this will cause the client to probe
the maximum accepted downstream packet size.
.SS Server Options:
.TP
.B -c
Disable checking the client IP address on all incoming requests.
By default, requests originating from non-matching IP addresses will be
rejected, however this will cause problems when requests are routed
via a cluster of DNS servers.
Disable checks on client IP on all incoming requests.
.TP
.B -s
Don't try to configure IP address or MTU.
This should only be used if you have already configured the device that will be
used.
Don't try to configure IP address or MTU. This should only be used if
you have already configured the device that will be used.
.TP
.B -D
Increase debug level. Level 1 prints info about each RX/TX packet.
Implies the
.B -f
option.
On level 2 (\-DD) or higher, DNS queries will be printed literally.
When using Base128 upstream encoding, this is best viewed as
ISO Latin-1 text instead of (illegal) UTF-8.
This is easily done with : "LC_ALL=C luit iodined \-DD ..."
(see luit(1)).
.TP
.B -m mtu
Set 'mtu' as mtu size for the tun device.
This will be sent to the client on login, and the client will use the same mtu
for its tun device. Default 1130. Note that the DNS traffic will be
automatically fragmented when needed.
Set 'mtu' as mtu size for the tunnel device. This will be sent to the client
on connect, and the client will use the same mtu.
.TP
.B -l external|listen_ip4
Make the server listen only on 'listen_ip4' for incoming IPv4 requests.
By default, incoming requests are accepted from all interfaces (0.0.0.0).
A domain name can be used as argument - use one with only one A record.
If listen_ip4 is 'external', iodined will use the opendns.com DNS service to
retrieve the external IP of the host and use that as listen address.
.TP
.B -L listen_ip6
Make the server listen only on 'listen_ip6' for incoming IPv6 requests.
By default, incoming requests are accepted from all interfaces (::).
A domain name can be used as argument - use one with only one AAAA record.
.B -l listen_ip
Make the server listen only on 'listen_ip' instead of on 0.0.0.0 for incoming
connections.
.TP
.B -p port
Make the server listen on 'port' instead of 53 for traffic.
If 'listen_ip4' does not include localhost, this 'port' can be the same
as 'dnsport'.
Make the server listen on 'port' instead of 53 for traffic.
.B Note:
You must make sure the dns requests are forwarded to this port yourself.
.TP
.B -n auto|external_ip
.B -n external ip
The IP address to return in NS responses. Default is to return the address used
as destination in the query.
If external_ip is 'auto', iodined will use the opendns.com DNS service to
retrieve the external IP of the host and use that for NS responses.
.TP
.B -b dnsport
If this port is specified, all incoming requests not inside the tunnel domain
will be forwarded to this port on localhost, to be handled by a real dns.
If 'listen_ip' does not include localhost, this 'dnsport' can be the
same as 'port'.
.B Note:
The forwarding is not fully transparent, and not advised for use
in production environments.
.TP
.B -i max_idle_time
Make the server stop itself after max_idle_time seconds if no traffic have been received.
This should be combined with systemd or upstart on demand activation for being effective.
.SS Client Arguments:
.TP
.B nameserver
The nameserver to use to relay the dns traffic. This can be any relaying
nameserver or the server running iodined if reachable. This field can be
given as an IPv4/IPv6 address or as a hostname. This argument is optional,
and if not specified a nameserver will be read from the
nameserver or the ip number of the server running iodined if reachable.
This argument is optional, and if not specified a nameserver will be read
from the
.I /etc/resolv.conf
file.
.TP
.B topdomain
The dns traffic will be sent as queries for subdomains under
The dns traffic will be sent as querys of type NULL for subdomains under
\'topdomain'. This is normally a subdomain to a domain you own. Use a short
domain name to get better throughput. If
domain name to get better throughput. If
.B nameserver
is the iodined server, then the topdomain can be chosen freely. This argument
must be the same on both the client and the server.
.SS Server Arguments:
.TP
.B tunnel_ip[/netmask]
This is the server's ip address on the tun interface. The client will be
given the next ip number in the range. It is recommended to use the
10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overridden
This is the servers ip address on the tunnel interface. The client will be
given the next ip number in the range. It is recommended to use the
10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overriden
by specifying it here. Using a smaller network will limit the number of
concurrent users.
.TP
.B topdomain
The dns traffic is expected to arrive as queries for
subdomains under 'topdomain'. This is normally a subdomain to a domain you
own. Use a short domain name to get better throughput. This argument must be
the same on both the client and the server. Queries for domains other
than 'topdomain' will be forwarded when the \-b option is given, otherwise
they will be dropped. The topdomain can start with '*' which will allow all
domains ending with the same suffix.
The dns traffic will is expected to be sent as querys of type NULL for
subdomains under 'topdomain'. This is normally a subdomain to a domain you
own. Use a short domain name to get better throughput. This argument must be
the same on both the client and the server.
.SH EXAMPLES
See the README file for both a quick test scenario, and a detailed description
of real-world deployment.
.SH SECURITY
Login is a relatively secure challenge-response MD5 hash, with the
password never passing the wire.
However, all other data is
.B NOT
encrypted in any way. The DNS traffic is also vulnerable to replay,
injection and man-in-the-middle attacks, especially when iodined is used
with the \-c option. Use of ssh or vpn tunneling is strongly recommended.
On both server and client, use
.IR iptables ,
.I pf
or other firewalls to block all traffic coming in from the tun interfaces,
except to the used ssh or vpn ports.
.SH ENVIRONMENT
.SS IODINE_PASS
If the environment variable
.B IODINE_PASS
is set, iodine will use the value it is set to as password instead of asking
for one. The
.B -P
option still has precedence.
.SS IODINED_PASS
If the environment variable
.B IODINED_PASS
is set, iodined will use the value it is set to as password instead of asking
for one. The
.B -P
option still has precedence.
.SH SEE ALSO
The README file in the source distribution contains some more elaborate
information.
.SS Quickstart:
.TP
Try it out within your own LAN! Follow these simple steps:
.TP
- On your server, run: ./iodined \-f 10.0.0.1 test.asdf
(If you already use the 10.0.0.0 network, use another internal net like
172.16.0.0)
.TP
- Enter a password
.TP
- On the client, run: ./iodine \-f 192.168.0.1 test.asdf
(Replace 192.168.0.1 with the server's ip address)
.TP
- Enter the same password
.TP
- Now the client has the tunnel ip 10.0.0.2 and the server has 10.0.0.1
.TP
- Try pinging each other through the tunnel
.TP
- Done! :)
.TP
To actually use it through a relaying nameserver, see below.
.SS Full setup:
.TP
.B Server side:
To use this tunnel, you need control over a real domain (like mytunnel.com),
and a server with a public IP number. If the server already runs a DNS
server, change the listening port and then use the \-b option to let
iodined forward the DNS requests. Then, delegate a subdomain
(say, tunnel1.mytunnel.com) to the server. If you use BIND for the domain,
add these lines to the zone file (replace 10.15.213.99 with your server ip):
.nf
tunnel1host IN A 10.15.213.99
tunnel1 IN NS tunnel1host.mytunnel.com.
.fi
Now any DNS querys for domains ending with tunnel1.mytunnnel.com will be sent
to your server. Start iodined on the server. The first argument is the tunnel
IP address (like 192.168.99.1) and the second is the assigned domain (in this
case tunnel1.mytunnel.com). The \-f argument will keep iodined running in the
foreground, which helps when testing. iodined will start a virtual interface,
and also start listening for DNS queries on UDP port 53. Either enter a
password on the commandline (\-P pass) or after the server has started. Now
everything is ready for the client.
.TP
.B Client side:
All the setup is done, just start iodine. It also takes two
arguments, the first is the local relaying DNS server and the second is the
domain used (tunnel1.mytunnnel.com). If DNS queries are allowed to any
computer, you can use the tunnel endpoint (example: 10.15.213.99 or
tunnel1host.mytunnel.com) as the first argument. The tunnel interface will get
an IP close to the servers (in this case 192.168.99.2) and a suitable MTU.
Enter the same password as on the server either by argument or after the client
has started. Now you should be able to ping the other end of the tunnel from
either side.
.TP
.B Routing:
The normal case is to route all traffic through the DNS tunnel. To do this, first
add a route to the nameserver you use with the default gateway as gateway. Then
replace the default gateway with the servers IP address within the DNS tunnel,
and configure the server to do NAT.
.TP
.B MTU issues:
These issues should be solved now, with automatic fragmentation of downstream
packets. There should be no need to set the MTU explicitly on the server.
.SH BUGS
File bugs at https://github.com/yarrick/iodine
File bugs at http://dev.kryo.se/iodine/
.SH AUTHORS
Erik Ekman <yarrick@kryo.se> and Bjorn Andersson <flex@kryo.se>. Major
contributions by Anne Bezemer.
Erik Ekman <yarrick@kryo.se> and Bjorn Andersson <flex@kryo.se>

26
src/Android.16.mk
View File

@ -1,26 +0,0 @@
#
# iodine for Android
#
# by Marcel Bokhorst
# http://blog.bokhorst.biz/5123/computers-en-internet/iodine-for-android/
#
# cd iodine-0.6.0-rc1/src
# make base64u.h base64u.c
# .../ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk
#
LOCAL_PATH:= $(call my-dir)
HEAD_COMMIT = `git rev-parse --short HEAD`
include $(CLEAR_VARS)
LOCAL_MODULE := iodine
LOCAL_SRC_FILES := tun.c dns.c read.c encoding.c login.c base32.c base64.c base64u.c base128.c md5.c common.c iodine.c client.c util.c
LOCAL_CFLAGS := -c -DANDROID -DLINUX -DIFCONFIGPATH=\"/system/bin/\" -Wall -DGITREVISION=\"$(HEAD_COMMIT)\"
LOCAL_LDLIBS := -lz
LOCAL_CFLAGS += -fPIE
LOCAL_LDFLAGS += -fPIE -pie
include $(BUILD_EXECUTABLE)

24
src/Android.mk
View File

@ -1,24 +0,0 @@
#
# iodine for Android
#
# by Marcel Bokhorst
# http://blog.bokhorst.biz/5123/computers-en-internet/iodine-for-android/
#
# cd iodine-0.6.0-rc1/src
# make base64u.h base64u.c
# .../ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk
#
LOCAL_PATH:= $(call my-dir)
HEAD_COMMIT = `git rev-parse --short HEAD`
include $(CLEAR_VARS)
LOCAL_MODULE := iodine
LOCAL_SRC_FILES := tun.c dns.c read.c encoding.c login.c base32.c base64.c base64u.c base128.c md5.c common.c iodine.c client.c util.c
LOCAL_CFLAGS := -c -DANDROID -DLINUX -DIFCONFIGPATH=\"/system/bin/\" -Wall -DGITREVISION=\"$(HEAD_COMMIT)\"
LOCAL_LDLIBS := -lz
include $(BUILD_EXECUTABLE)

21
src/Makefile
View File

@ -1,17 +1,16 @@
COMMONOBJS = tun.o dns.o read.o encoding.o login.o base32.o base64.o base64u.o base128.o md5.o common.o
CLIENTOBJS = iodine.o client.o util.o
CC = gcc
COMMONOBJS = tun.o dns.o read.o encoding.o login.o base32.o base64.o md5.o common.o
CLIENTOBJS = iodine.o
CLIENT = ../bin/iodine
SERVEROBJS = iodined.o user.o fw_query.o
SERVER = ../bin/iodined
OS = `echo $(TARGETOS) | tr "a-z" "A-Z"`
ARCH = `uname -m`
HEAD_COMMIT = `git rev-parse --short HEAD`
LIBPATH = -L.
LDFLAGS += -lz `sh osflags $(TARGETOS) link` $(LIBPATH)
CFLAGS += -std=c99 -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags` -DGITREVISION=\"$(HEAD_COMMIT)\"
CFLAGS += -Wstrict-prototypes -Wtype-limits -Wmissing-declarations -Wmissing-prototypes
LDFLAGS = -lz `sh osflags $(TARGETOS) link` $(LIBPATH)
CFLAGS = -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags`
all: stateos $(CLIENT) $(SERVER)
@ -28,17 +27,11 @@ $(SERVER): $(COMMONOBJS) $(SERVEROBJS)
@mkdir -p ../bin
@$(CC) $(COMMONOBJS) $(SERVEROBJS) -o $(SERVER) $(LDFLAGS)
.c.o:
.c.o:
@echo CC $<
@$(CC) $(CFLAGS) $< -o $@
base64u.c: base64.c
@echo Making $@
@echo '/* No use in editing, produced by Makefile! */' > $@
@sed -e 's/\([Bb][Aa][Ss][Ee]64\)/\1u/g ; s/0123456789+/0123456789_/' < base64.c >> $@
clean:
@echo "Cleaning src/"
@rm -f $(CLIENT){,.exe} $(SERVER){,.exe} *~ *.o *.core base64u.*
@rm -rf obj libs #android stuff
@rm -f $(CLIENT){,.exe} $(SERVER){,.exe} *~ *.o *.core

59
src/android_dns.h
View File

@ -1,59 +0,0 @@
/*
* Copyright (c) 2009 Marcel Bokhorst <marcel@bokhorst.biz>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __FIX_ANDROID_H__
#define __FIX_ANDROID_H__
/* Newer android platforms can have this data already */
#ifndef C_IN
typedef struct {
unsigned id :16;
unsigned rd :1;
unsigned tc :1;
unsigned aa :1;
unsigned opcode :4;
unsigned qr :1;
unsigned rcode :4;
unsigned cd: 1;
unsigned ad: 1;
unsigned unused :1;
unsigned ra :1;
unsigned qdcount :16;
unsigned ancount :16;
unsigned nscount :16;
unsigned arcount :16;
} HEADER;
#define NOERROR 0
#define FORMERR 1
#define SERVFAIL 2
#define NXDOMAIN 3
#define NOTIMP 4
#define REFUSED 5
#define C_IN 1
#define T_A 1
#define T_CNAME 5
#define T_NULL 10
#define T_MX 15
#define T_TXT 16
#define T_SRV 33
#endif /* !C_IN */
#endif

261
src/base128.c
View File

@ -1,261 +0,0 @@
/*
* Copyright (C) 2009 J.A.Bezemer@opensourcepartners.nl
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* raw 76543210 76543210 76543210 76543210 76543210 76543210 76543210
* enc 65432106 54321065 43210654 32106543 21065432 10654321 06543210
* ^ ^ ^ ^ ^ ^ ^ ^
*
* 0001 1 0001 1
* 0011 3 0011 3
* 0111 7 0111 7
* 1111 f 0110 6
* 1110 e 0100 4
* 1100 c
* 1000 8
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "encoding.h"
#define BASE128_BLKSIZE_RAW 7
#define BASE128_BLKSIZE_ENC 8
/* Don't use '-' (restricted to middle of labels), prefer iso_8859-1
* accent chars since they might readily be entered in normal use,
* don't use 254-255 because of possible function overloading in DNS systems.
*/
static const unsigned char cb128[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
"\274\275\276\277"
"\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317"
"\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337"
"\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357"
"\360\361\362\363\364\365\366\367\370\371\372\373\374\375";
static unsigned char rev128[256];
static int reverse_init = 0;
inline static void base128_reverse_init(void)
{
int i;
unsigned char c;
if (!reverse_init) {
memset(rev128, 0, 256);
for (i = 0; i < 128; i++) {
c = cb128[i];
rev128[(int) c] = i;
}
reverse_init = 1;
}
}
/*
* Fills *buf with max. *buflen characters, encoding size bytes of *data.
*
* NOTE: *buf space should be at least 1 byte _more_ than *buflen
* to hold the trailing '\0'.
*
* return value : #bytes filled in buf (excluding \0)
* sets *buflen to : #bytes encoded from data
*/
static int base128_encode(char *buf, size_t *buflen, const void *data,
size_t size)
{
unsigned char *ubuf = (unsigned char *) buf;
unsigned char *udata = (unsigned char *) data;
int iout = 0; /* to-be-filled output char */
int iin = 0; /* one more than last input byte that can be
successfully decoded */
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
while (1) {
if (iout >= *buflen || iin >= size)
break;
ubuf[iout] = cb128[((udata[iin] & 0xfe) >> 1)];
iout++;
if (iout >= *buflen || iin >= size) {
iout--; /* previous char is useless */
break;
}
ubuf[iout] = cb128[((udata[iin] & 0x01) << 6) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xfc) >> 2) : 0)];
iin++; /* 0 complete, iin=1 */
iout++;
if (iout >= *buflen || iin >= size)
break;
ubuf[iout] = cb128[((udata[iin] & 0x03) << 5) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xf8) >> 3) : 0)];
iin++; /* 1 complete, iin=2 */
iout++;
if (iout >= *buflen || iin >= size)
break;
ubuf[iout] = cb128[((udata[iin] & 0x07) << 4) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xf0) >> 4) : 0)];
iin++; /* 2 complete, iin=3 */
iout++;
if (iout >= *buflen || iin >= size)
break;
ubuf[iout] = cb128[((udata[iin] & 0x0f) << 3) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xe0) >> 5) : 0)];
iin++; /* 3 complete, iin=4 */
iout++;
if (iout >= *buflen || iin >= size)
break;
ubuf[iout] = cb128[((udata[iin] & 0x1f) << 2) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xc0) >> 6) : 0)];
iin++; /* 4 complete, iin=5 */
iout++;
if (iout >= *buflen || iin >= size)
break;
ubuf[iout] = cb128[((udata[iin] & 0x3f) << 1) |
((iin + 1 < size) ?
((udata[iin + 1] & 0x80) >> 7) : 0)];
iin++; /* 5 complete, iin=6 */
iout++;
if (iout >= *buflen || iin >= size)
break;
ubuf[iout] = cb128[(udata[iin] & 0x7f)];
iin++; /* 6 complete, iin=7 */
iout++;
}
ubuf[iout] = '\0';
/* store number of bytes from data that was used */
*buflen = iin;
return iout;
}
#define REV128(x) rev128[(int) (x)]
/*
* Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
* Decoding stops early when *str contains \0.
* Illegal encoded chars are assumed to decode to zero.
*
* NOTE: *buf space should be at least 1 byte _more_ than *buflen
* to hold a trailing '\0' that is added (though *buf will usually
* contain full-binary data).
*
* return value : #bytes filled in buf (excluding \0)
*/
static int base128_decode(void *buf, size_t *buflen, const char *str,
size_t slen)
{
unsigned char *ustr = (unsigned char *) str;
unsigned char *ubuf = (unsigned char *) buf;
int iout = 0; /* to-be-filled output byte */
int iin = 0; /* next input char to use in decoding */
base128_reverse_init();
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
while (1) {
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV128(ustr[iin]) & 0x7f) << 1) |
((REV128(ustr[iin + 1]) & 0x40) >> 6);
iin++; /* 0 used up, iin=1 */
iout++;
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV128(ustr[iin]) & 0x3f) << 2) |
((REV128(ustr[iin + 1]) & 0x60) >> 5);
iin++; /* 1 used up, iin=2 */
iout++;
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV128(ustr[iin]) & 0x1f) << 3) |
((REV128(ustr[iin + 1]) & 0x70) >> 4);
iin++; /* 2 used up, iin=3 */
iout++;
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV128(ustr[iin]) & 0x0f) << 4) |
((REV128(ustr[iin + 1]) & 0x78) >> 3);
iin++; /* 3 used up, iin=4 */
iout++;
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV128(ustr[iin]) & 0x07) << 5) |
((REV128(ustr[iin + 1]) & 0x7c) >> 2);
iin++; /* 4 used up, iin=5 */
iout++;
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV128(ustr[iin]) & 0x03) << 6) |
((REV128(ustr[iin + 1]) & 0x7e) >> 1);
iin++; /* 5 used up, iin=6 */
iout++;
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV128(ustr[iin]) & 0x01) << 7) |
((REV128(ustr[iin + 1]) & 0x7f));
iin += 2; /* 6,7 used up, iin=8 */
iout++;
}
ubuf[iout] = '\0';
return iout;
}
const struct encoder base128_ops = {
.name = "Base128",
.encode = base128_encode,
.decode = base128_decode,
.places_dots = false,
.eats_dots = false,
.blocksize_raw = BASE128_BLKSIZE_RAW,
.blocksize_encoded = BASE128_BLKSIZE_ENC,
};

316
src/base32.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Mostly rewritten 2009 J.A.Bezemer@opensourcepartners.nl
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -21,218 +19,204 @@
#include <string.h>
#include "encoding.h"
#include "base32.h"
#define BASE32_BLKSIZE_RAW 5
#define BASE32_BLKSIZE_ENC 8
#define BLKSIZE_RAW 5
#define BLKSIZE_ENC 8
static const char cb32[] =
static const char cb32[] =
"abcdefghijklmnopqrstuvwxyz012345";
static const char cb32_ucase[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ012345";
static unsigned char rev32[256];
static int reverse_init = 0;
static unsigned char rev32[128];
inline static void base32_reverse_init(void)
static int base32_decode(void *, size_t *, const char *, size_t);
static int base32_encode(char *, size_t *, const void *, size_t);
static int base32_handles_dots();
static int base32_blksize_raw();
static int base32_blksize_enc();
static struct encoder base32_encoder =
{
"Base32",
base32_encode,
base32_decode,
base32_handles_dots,
base32_handles_dots,
base32_blksize_raw,
base32_blksize_enc
};
struct encoder
*get_base32_encoder()
{
return &base32_encoder;
}
static int
base32_handles_dots()
{
return 0;
}
static int
base32_blksize_raw()
{
return BLKSIZE_RAW;
}
static int
base32_blksize_enc()
{
return BLKSIZE_ENC;
}
static void
base32_reverse_init()
{
int i;
unsigned char c;
static int reverse_init = 0;
if (!reverse_init) {
memset(rev32, 0, 256);
for (i = 0; i < 32; i++) {
c = cb32[i];
rev32[(int) c] = i;
c = cb32_ucase[i];
rev32[(int) c] = i;
}
reverse_init = 1;
}
}
int b32_5to8(int in)
int
b32_5to8(int in)
{
return cb32[in & 31];
}
int b32_8to5(int in)
int
b32_8to5(int in)
{
base32_reverse_init();
return rev32[in];
}
/*
* Fills *buf with max. *buflen characters, encoding size bytes of *data.
*
* NOTE: *buf space should be at least 1 byte _more_ than *buflen
* to hold the trailing '\0'.
*
* return value : #bytes filled in buf (excluding \0)
* sets *buflen to : #bytes encoded from data
*/
static int base32_encode(char *buf, size_t *buflen, const void *data, size_t size)
static int
base32_encode(char *buf, size_t *buflen, const void *data, size_t size)
{
unsigned char *udata = (unsigned char *) data;
int iout = 0; /* to-be-filled output char */
int iin = 0; /* one more than last input byte that can be
successfully decoded */
size_t newsize;
size_t maxsize;
unsigned char *p;
unsigned char *q;
int i;
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
memset(buf, 0, *buflen);
while (1) {
if (iout >= *buflen || iin >= size)
break;
buf[iout] = cb32[((udata[iin] & 0xf8) >> 3)];
iout++;
if (iout >= *buflen || iin >= size) {
iout--; /* previous char is useless */
break;
}
buf[iout] = cb32[((udata[iin] & 0x07) << 2) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xc0) >> 6) : 0)];
iin++; /* 0 complete, iin=1 */
iout++;
if (iout >= *buflen || iin >= size)
break;
buf[iout] = cb32[((udata[iin] & 0x3e) >> 1)];
iout++;
if (iout >= *buflen || iin >= size) {
iout--; /* previous char is useless */
break;
}
buf[iout] = cb32[((udata[iin] & 0x01) << 4) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xf0) >> 4) : 0)];
iin++; /* 1 complete, iin=2 */
iout++;
if (iout >= *buflen || iin >= size)
break;
buf[iout] = cb32[((udata[iin] & 0x0f) << 1) |
((iin + 1 < size) ?
((udata[iin + 1] & 0x80) >> 7) : 0)];
iin++; /* 2 complete, iin=3 */
iout++;
if (iout >= *buflen || iin >= size)
break;
buf[iout] = cb32[((udata[iin] & 0x7c) >> 2)];
iout++;
if (iout >= *buflen || iin >= size) {
iout--; /* previous char is useless */
break;
}
buf[iout] = cb32[((udata[iin] & 0x03) << 3) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xe0) >> 5) : 0)];
iin++; /* 3 complete, iin=4 */
iout++;
if (iout >= *buflen || iin >= size)
break;
buf[iout] = cb32[((udata[iin] & 0x1f))];
iin++; /* 4 complete, iin=5 */
iout++;
/* how many chars can we encode within the buf */
maxsize = BLKSIZE_RAW * (*buflen / BLKSIZE_ENC);
/* how big will the encoded data be */
newsize = BLKSIZE_ENC * (size / BLKSIZE_RAW);
if (size % BLKSIZE_RAW) {
newsize += BLKSIZE_ENC;
}
/* if the buffer is too small, eat some of the data */
if (*buflen < newsize) {
size = maxsize;
}
buf[iout] = '\0';
p = (unsigned char *) buf;
q = (unsigned char *)data;
for(i=0;i<size;i+=BLKSIZE_RAW) {
p[0] = cb32[((q[0] & 0xf8) >> 3)];
p[1] = cb32[(((q[0] & 0x07) << 2) | ((q[1] & 0xc0) >> 6))];
p[2] = (i+1 < size) ? cb32[((q[1] & 0x3e) >> 1)] : '\0';
p[3] = (i+1 < size) ? cb32[((q[1] & 0x01) << 4) | ((q[2] & 0xf0) >> 4)] : '\0';
p[4] = (i+2 < size) ? cb32[((q[2] & 0x0f) << 1) | ((q[3] & 0x80) >> 7)] : '\0';
p[5] = (i+3 < size) ? cb32[((q[3] & 0x7c) >> 2)] : '\0';
p[6] = (i+3 < size) ? cb32[((q[3] & 0x03) << 3) | ((q[4] & 0xe0) >> 5)] : '\0';
p[7] = (i+4 < size) ? cb32[((q[4] & 0x1f))] : '\0';
q += BLKSIZE_RAW;
p += BLKSIZE_ENC;
}
*p = 0;
/* store number of bytes from data that was used */
*buflen = iin;
*buflen = size;
return iout;
return strlen(buf);
}
#define DECODE_ERROR 0xffffffff
#define REV32(x) rev32[(int) (x)]
/*
* Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
* Decoding stops early when *str contains \0.
* Illegal encoded chars are assumed to decode to zero.
*
* NOTE: *buf space should be at least 1 byte _more_ than *buflen
* to hold a trailing '\0' that is added (though *buf will usually
* contain full-binary data).
*
* return value : #bytes filled in buf (excluding \0)
*/
static int base32_decode(void *buf, size_t *buflen, const char *str,
size_t slen)
static int
decode_token(const unsigned char *t, unsigned char *data, size_t len)
{
unsigned char *ubuf = (unsigned char *) buf;
int iout = 0; /* to-be-filled output byte */
int iin = 0; /* next input char to use in decoding */
if (len < 2)
return 0;
base32_reverse_init();
data[0] = ((REV32(t[0]) & 0x1f) << 3) |
((REV32(t[1]) & 0x1c) >> 2);
if (len < 4)
return 1;
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
data[1] = ((REV32(t[1]) & 0x03) << 6) |
((REV32(t[2]) & 0x1f) << 1) |
((REV32(t[3]) & 0x10) >> 4);
while (1) {
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV32(str[iin]) & 0x1f) << 3) |
((REV32(str[iin + 1]) & 0x1c) >> 2);
iin++; /* 0 used up, iin=1 */
iout++;
if (len < 5)
return 2;
if (iout >= *buflen || iin + 2 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0' ||
str[iin + 2] == '\0')
break;
ubuf[iout] = ((REV32(str[iin]) & 0x03) << 6) |
((REV32(str[iin + 1]) & 0x1f) << 1) |
((REV32(str[iin + 2]) & 0x10) >> 4);
iin += 2; /* 1,2 used up, iin=3 */
iout++;
data[2] = ((REV32(t[3]) & 0x0f) << 4) |
((REV32(t[4]) & 0x1e) >> 1);
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV32(str[iin]) & 0x0f) << 4) |
((REV32(str[iin + 1]) & 0x1e) >> 1);
iin++; /* 3 used up, iin=4 */
iout++;
if (len < 7)
return 3;
if (iout >= *buflen || iin + 2 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0' ||
str[iin + 2] == '\0')
break;
ubuf[iout] = ((REV32(str[iin]) & 0x01) << 7) |
((REV32(str[iin + 1]) & 0x1f) << 2) |
((REV32(str[iin + 2]) & 0x18) >> 3);
iin += 2; /* 4,5 used up, iin=6 */
iout++;
data[3] = ((REV32(t[4]) & 0x01) << 7) |
((REV32(t[5]) & 0x1f) << 2) |
((REV32(t[6]) & 0x18) >> 3);
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV32(str[iin]) & 0x07) << 5) |
((REV32(str[iin + 1]) & 0x1f));
iin += 2; /* 6,7 used up, iin=8 */
iout++;
}
if (len < 8)
return 4;
ubuf[iout] = '\0';
data[4] = ((REV32(t[6]) & 0x07) << 5) |
((REV32(t[7]) & 0x1f));
return iout;
return 5;
}
const struct encoder base32_ops = {
.name = "Base32",
static int
base32_decode(void *buf, size_t *buflen, const char *str, size_t slen)
{
unsigned char *q;
size_t newsize;
size_t maxsize;
const char *p;
int len;
.encode = base32_encode,
.decode = base32_decode,
base32_reverse_init();
/* chars needed to decode slen */
newsize = BLKSIZE_RAW * (slen / BLKSIZE_ENC + 1) + 1;
/* encoded chars that fit in buf */
maxsize = BLKSIZE_ENC * (*buflen / BLKSIZE_RAW + 1) + 1;
/* if the buffer is too small, eat some of the data */
if (*buflen < newsize) {
slen = maxsize;
}
.places_dots = false,
.eats_dots = false,
q = buf;
for (p = str; *p && strchr(cb32, *p); p += BLKSIZE_ENC) {
len = decode_token((unsigned char *) p, (unsigned char *) q, slen);
q += len;
slen -= BLKSIZE_ENC;
if (len < BLKSIZE_RAW)
break;
}
*q = '\0';
return q - (unsigned char *) buf;
}
.blocksize_raw = BASE32_BLKSIZE_RAW,
.blocksize_encoded = BASE32_BLKSIZE_ENC,
};

14
src/util.h → src/base32.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,10 +14,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __UTIL_H__
#define __UTIL_H__
#ifndef __BASE32_H__
#define __BASE32_H__
char *get_resolvconf_addr(void);
void socket_setrtable(int fd, int rtable);
struct encoder *get_base32_encoder(void);
int b32_5to8(int);
int b32_8to5(int);
#endif

288
src/base64.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Mostly rewritten 2009 J.A.Bezemer@opensourcepartners.nl
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -21,156 +19,176 @@
#include <string.h>
#include "encoding.h"
#include "common.h"
#include "base64.h"
#define BASE64_BLKSIZE_RAW 3
#define BASE64_BLKSIZE_ENC 4
#define BLKSIZE_RAW 3
#define BLKSIZE_ENC 4
/* Note: the "unofficial" char is last here, which means that the \377 pattern
in DOWNCODECCHECK1 ('Y' request) will properly test it. */
static const char cb64[] =
static const char cb64[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789+";
static unsigned char rev64[256];
static unsigned char rev64[128];
static int reverse_init = 0;
inline static void base64_reverse_init(void)
static int base64_encode(char *, size_t *, const void *, size_t);
static int base64_decode(void *, size_t *, const char *, size_t);
static int base64_handles_dots();
static int base64_blksize_raw();
static int base64_blksize_enc();
#define REV64(x) rev64[(int) (x)]
static struct encoder base64_encoder =
{
"Base64",
base64_encode,
base64_decode,
base64_handles_dots,
base64_handles_dots,
base64_blksize_raw,
base64_blksize_enc
};
struct encoder
*get_base64_encoder()
{
return &base64_encoder;
}
static int
base64_handles_dots()
{
return 0;
}
static int
base64_blksize_raw()
{
return BLKSIZE_RAW;
}
static int
base64_blksize_enc()
{
return BLKSIZE_ENC;
}
static int
base64_encode(char *buf, size_t *buflen, const void *data, size_t size)
{
size_t newsize;
size_t maxsize;
unsigned char *s;
unsigned char *p;
unsigned char *q;
int i;
memset(buf, 0, *buflen);
/* how many chars can we encode within the buf */
maxsize = BLKSIZE_RAW * (*buflen / BLKSIZE_ENC);
/* how big will the encoded data be */
newsize = BLKSIZE_ENC * (size / BLKSIZE_RAW);
if (size % BLKSIZE_RAW) {
newsize += BLKSIZE_ENC;
}
/* if the buffer is too small, eat some of the data */
if (*buflen < newsize) {
size = maxsize;
}
p = s = (unsigned char *) buf;
q = (unsigned char *)data;
for(i=0;i<size;i+=BLKSIZE_RAW) {
p[0] = cb64[((q[0] & 0xfc) >> 2)];
p[1] = cb64[(((q[0] & 0x03) << 4) | ((q[1] & 0xf0) >> 4))];
p[2] = (i+1 < size) ? cb64[((q[1] & 0x0f) << 2 ) | ((q[2] & 0xc0) >> 6)] : '\0';
p[3] = (i+2 < size) ? cb64[(q[2] & 0x3f)] : '\0';
q += BLKSIZE_RAW;
p += BLKSIZE_ENC;
}
*p = 0;
/* store number of bytes from data that was used */
*buflen = size;
return strlen(buf);
}
#define DECODE_ERROR 0xffffffff
static int
decode_token(const unsigned char *t, unsigned char *data, size_t len)
{
if (len < 2)
return 0;
data[0] = ((REV64(t[0]) & 0x3f) << 2) |
((REV64(t[1]) & 0x30) >> 4);
if (len < 3)
return 1;
data[1] = ((REV64(t[1]) & 0x0f) << 4) |
((REV64(t[2]) & 0x3c) >> 2);
if (len < 4)
return 2;
data[2] = ((REV64(t[2]) & 0x03) << 6) |
(REV64(t[3]) & 0x3f);
return 3;
}
static int
base64_decode(void *buf, size_t *buflen, const char *str, size_t slen)
{
unsigned char *q;
size_t newsize;
size_t maxsize;
const char *p;
unsigned char c;
unsigned char block[BLKSIZE_ENC];
int len;
int i;
if (!reverse_init) {
memset(rev64, 0, 256);
for (i = 0; i < 64; i++) {
c = cb64[i];
rev64[(int) c] = i;
}
reverse_init = 1;
}
}
/* chars needed to decode slen */
newsize = BLKSIZE_RAW * (slen / BLKSIZE_ENC + 1) + 1;
/* encoded chars that fit in buf */
maxsize = BLKSIZE_ENC * (*buflen / BLKSIZE_RAW + 1) + 1;
/* if the buffer is too small, eat some of the data */
if (*buflen < newsize) {
slen = maxsize;
}
/*
* Fills *buf with max. *buflen characters, encoding size bytes of *data.
*
* NOTE: *buf space should be at least 1 byte _more_ than *buflen
* to hold the trailing '\0'.
*
* return value : #bytes filled in buf (excluding \0)
* sets *buflen to : #bytes encoded from data
*/
static int base64_encode(char *buf, size_t *buflen, const void *data,
size_t size)
{
unsigned char *udata = (unsigned char *) data;
int iout = 0; /* to-be-filled output char */
int iin = 0; /* one more than last input byte that can be
successfully decoded */
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
while (1) {
if (iout >= *buflen || iin >= size)
break;
buf[iout] = cb64[((udata[iin] & 0xfc) >> 2)];
iout++;
if (iout >= *buflen || iin >= size) {
iout--; /* previous char is useless */
break;
q = buf;
for (p = str; *p; p += BLKSIZE_ENC) {
/* since the str is const, we unescape in another buf */
for (i = 0; i < BLKSIZE_ENC; i++) {
block[i] = p[i];
}
buf[iout] = cb64[((udata[iin] & 0x03) << 4) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xf0) >> 4) : 0)];
iin++; /* 0 complete, iin=1 */
iout++;
if (iout >= *buflen || iin >= size)
len = decode_token(block, (unsigned char *) q, slen);
q += len;
slen -= BLKSIZE_ENC;
if (len < BLKSIZE_RAW)
break;
buf[iout] = cb64[((udata[iin] & 0x0f) << 2) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xc0) >> 6) : 0)];
iin++; /* 1 complete, iin=2 */
iout++;
if (iout >= *buflen || iin >= size)
break;
buf[iout] = cb64[(udata[iin] & 0x3f)];
iin++; /* 2 complete, iin=3 */
iout++;
}
buf[iout] = '\0';
/* store number of bytes from data that was used */
*buflen = iin;
return iout;
*q = '\0';
return q - (unsigned char *) buf;
}
#define REV64(x) rev64[(int) (x)]
/*
* Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
* Decoding stops early when *str contains \0.
* Illegal encoded chars are assumed to decode to zero.
*
* NOTE: *buf space should be at least 1 byte _more_ than *buflen
* to hold a trailing '\0' that is added (though *buf will usually
* contain full-binary data).
*
* return value : #bytes filled in buf (excluding \0)
*/
static int base64_decode(void *buf, size_t *buflen, const char *str,
size_t slen)
{
unsigned char *ubuf = (unsigned char *) buf;
int iout = 0; /* to-be-filled output byte */
int iin = 0; /* next input char to use in decoding */
base64_reverse_init();
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
while (1) {
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV64(str[iin]) & 0x3f) << 2) |
((REV64(str[iin + 1]) & 0x30) >> 4);
iin++; /* 0 used up, iin=1 */
iout++;
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV64(str[iin]) & 0x0f) << 4) |
((REV64(str[iin + 1]) & 0x3c) >> 2);
iin++; /* 1 used up, iin=2 */
iout++;
if (iout >= *buflen || iin + 1 >= slen ||
str[iin] == '\0' || str[iin + 1] == '\0')
break;
ubuf[iout] = ((REV64(str[iin]) & 0x03) << 6) |
(REV64(str[iin + 1]) & 0x3f);
iin += 2; /* 2,3 used up, iin=4 */
iout++;
}
ubuf[iout] = '\0';
return iout;
}
const struct encoder base64_ops = {
.name = "Base64",
.encode = base64_encode,
.decode = base64_decode,
.places_dots = false,
.eats_dots = false,
.blocksize_raw = BASE64_BLKSIZE_RAW,
.blocksize_encoded = BASE64_BLKSIZE_ENC,
};

22
src/base64.h Normal file
View File

@ -0,0 +1,22 @@
/*
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __BASE64_H__
#define __BASE64_H__
struct encoder *get_base64_encoder(void);
#endif

2421
src/client.c
View File

File diff suppressed because it is too large Load Diff

41
src/client.h
View File

@ -1,41 +0,0 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __CLIENT_H__
#define __CLIENT_H__
void client_init(void);
void client_stop(void);
enum connection client_get_conn(void);
const char *client_get_raw_addr(void);
void client_set_nameserver(struct sockaddr_storage *, int);
void client_set_topdomain(const char *cp);
void client_set_password(const char *cp);
int client_set_qtype(char *qtype);
char *client_get_qtype(void);
void client_set_downenc(char *encoding);
void client_set_selecttimeout(int select_timeout);
void client_set_lazymode(int lazy_mode);
void client_set_hostname_maxlen(int i);
int client_handshake(int dns_fd, int raw_mode, int autodetect_frag_size,
int fragsize);
int client_tunnel(int tun_fd, int dns_fd);
#endif

403
src/common.c
View File

@ -1,8 +1,7 @@
/* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
/* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
* Copyright (c) 2007 Albert Lee <trisk@acm.jhu.edu>.
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -27,7 +26,6 @@
#include <string.h>
#include <ctype.h>
#include <fcntl.h>
#include <errno.h>
#ifdef WINDOWS32
#include <winsock2.h>
@ -35,33 +33,22 @@
#else
#include <arpa/nameser.h>
#ifdef DARWIN
#define BIND_8_COMPAT
#include <arpa/nameser_compat.h>
#include <arpa/nameser8_compat.h>
#endif
#include <termios.h>
#include <err.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <syslog.h>
#include <sys/socket.h>
#include <netdb.h>
#endif
#ifdef HAVE_SETCON
# include <selinux/selinux.h>
#include <netinet/in.h>
#endif
#include "common.h"
/* The raw header used when not using DNS protocol */
const unsigned char raw_header[RAW_HDR_LEN] = { 0x10, 0xd1, 0x9e, 0x00 };
/* daemon(3) exists only in 4.4BSD or later, and in GNU libc */
#if !defined(ANDROID) && !defined(WINDOWS32) && !(defined(BSD) && (BSD >= 199306)) && !defined(__GLIBC__)
#if !defined(WINDOWS32) && !(defined(BSD) && (BSD >= 199306)) && !defined(__GLIBC__)
static int daemon(int nochdir, int noclose)
{
int fd, i;
switch (fork()) {
case 0:
break;
@ -70,15 +57,15 @@ static int daemon(int nochdir, int noclose)
default:
_exit(0);
}
if (!nochdir) {
chdir("/");
}
if (setsid() < 0) {
return -1;
}
if (!noclose) {
if ((fd = open("/dev/null", O_RDWR)) >= 0) {
for (i = 0; i < 3; i++) {
@ -101,86 +88,34 @@ int setgroups(int count, int *groups)
}
#endif
#ifndef WINDOWS32
void
check_superuser(void)
check_superuser(void (*usage_fn)(void))
{
#ifndef WINDOWS32
if (geteuid() != 0) {
warnx("Run as root and you'll be happy.");
exit(-1);
warnx("Run as root and you'll be happy.\n");
usage_fn();
/* NOTREACHED */
}
}
#endif
char *
format_addr(struct sockaddr_storage *sockaddr, int sockaddr_len)
{
static char dst[INET6_ADDRSTRLEN + 1];
memset(dst, 0, sizeof(dst));
if (sockaddr->ss_family == AF_INET && sockaddr_len >= sizeof(struct sockaddr_in)) {
getnameinfo((struct sockaddr *)sockaddr, sockaddr_len, dst, sizeof(dst) - 1, NULL, 0, NI_NUMERICHOST);
} else if (sockaddr->ss_family == AF_INET6 && sockaddr_len >= sizeof(struct sockaddr_in6)) {
struct sockaddr_in6 *addr = (struct sockaddr_in6 *) sockaddr;
if (IN6_IS_ADDR_V4MAPPED(&addr->sin6_addr)) {
struct in_addr ia;
/* Get mapped v4 addr from last 32bit field */
memcpy(&ia.s_addr, &addr->sin6_addr.s6_addr[12], sizeof(ia));
strcpy(dst, inet_ntoa(ia));
} else {
getnameinfo((struct sockaddr *)sockaddr, sockaddr_len, dst, sizeof(dst) - 1, NULL, 0, NI_NUMERICHOST);
}
} else {
dst[0] = '?';
}
return dst;
}
int
get_addr(char *host, int port, int addr_family, int flags, struct sockaddr_storage *out)
int
open_dns(int localport, in_addr_t listen_ip)
{
struct addrinfo hints, *addr;
int res;
char portnum[8];
memset(portnum, 0, sizeof(portnum));
snprintf(portnum, sizeof(portnum) - 1, "%d", port);
memset(&hints, 0, sizeof(hints));
hints.ai_family = addr_family;
#if defined(WINDOWS32) || defined(OPENBSD)
/* AI_ADDRCONFIG misbehaves on windows, and does not exist in OpenBSD */
hints.ai_flags = flags;
#else
hints.ai_flags = AI_ADDRCONFIG | flags;
#endif
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
res = getaddrinfo(host, portnum, &hints, &addr);
if (res == 0) {
int addrlen = addr->ai_addrlen;
/* Grab first result */
memcpy(out, addr->ai_addr, addr->ai_addrlen);
freeaddrinfo(addr);
return addrlen;
}
return res;
}
int
open_dns(struct sockaddr_storage *sockaddr, size_t sockaddr_len)
{
return open_dns_opt(sockaddr, sockaddr_len, -1);
}
int
open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len, int v6only)
{
int flag;
struct sockaddr_in addr;
int flag = 1;
int fd;
if ((fd = socket(sockaddr->ss_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(localport);
/* listen_ip already in network byte order from inet_addr, or 0 */
addr.sin_addr.s_addr = listen_ip;
if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
fprintf(stderr, "got fd %d\n", fd);
err(1, "socket");
}
@ -191,40 +126,24 @@ open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len, int v6only)
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void*) &flag, sizeof(flag));
#ifndef WINDOWS32
fd_set_close_on_exec(fd);
/* To get destination address from each UDP datagram, see iodined.c:read_dns() */
setsockopt(fd, IPPROTO_IP, DSTADDR_SOCKOPT, (const void*) &flag, sizeof(flag));
#endif
if (sockaddr->ss_family == AF_INET6 && v6only >= 0) {
setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (const void*) &v6only, sizeof(v6only));
}
#ifdef IP_OPT_DONT_FRAG
/* Set dont-fragment ip header flag */
flag = DONT_FRAG_VALUE;
setsockopt(fd, IPPROTO_IP, IP_OPT_DONT_FRAG, (const void*) &flag, sizeof(flag));
#endif
if (bind(fd, (struct sockaddr*) sockaddr, sockaddr_len) < 0)
err(1, "bind() to %s", format_addr(sockaddr, sockaddr_len));
if(bind(fd, (struct sockaddr*)&addr, sizeof(addr)) < 0)
err(1, "bind");
fprintf(stderr, "Opened IPv%d UDP socket\n", sockaddr->ss_family == AF_INET6 ? 6 : 4);
fprintf(stderr, "Opened UDP socket\n");
return fd;
}
int
open_dns_from_host(char *host, int port, int addr_family, int flags)
{
struct sockaddr_storage addr;
int addrlen;
addrlen = get_addr(host, port, addr_family, flags, &addr);
if (addrlen < 0)
return addrlen;
return open_dns(&addr, addrlen);
}
void
close_dns(int fd)
{
@ -238,43 +157,13 @@ do_chroot(char *newroot)
if (chroot(newroot) != 0 || chdir("/") != 0)
err(1, "%s", newroot);
if (seteuid(geteuid()) != 0 || setuid(getuid()) != 0) {
err(1, "set[e]uid()");
}
seteuid(geteuid());
setuid(getuid());
#else
warnx("chroot not available");
#endif
}
void
do_setcon(char *context)
{
#ifdef HAVE_SETCON
if (-1 == setcon(context))
err(1, "%s", context);
#else
warnx("No SELinux support built in");
#endif
}
void
do_pidfile(char *pidfile)
{
#ifndef WINDOWS32
FILE *file;
if ((file = fopen(pidfile, "w")) == NULL) {
syslog(LOG_ERR, "Cannot write pidfile to %s, exiting", pidfile);
err(1, "do_pidfile: Can not write pidfile to %s", pidfile);
} else {
fprintf(file, "%d\n", (int)getpid());
fclose(file);
}
#else
fprintf(stderr, "Windows version does not support pid file\n");
#endif
}
void
do_detach()
{
@ -291,24 +180,24 @@ do_detach()
void
read_password(char *buf, size_t len)
{
char pwd[80] = {0};
char pwd[80];
#ifndef WINDOWS32
struct termios old;
struct termios tp;
tcgetattr(0, &tp);
old = tp;
tp.c_lflag &= (~ECHO);
tcsetattr(0, TCSANOW, &tp);
#else
int i;
#endif
fprintf(stderr, "Enter tunnel password: ");
fprintf(stderr, "Enter password: ");
fflush(stderr);
#ifndef WINDOWS32
fscanf(stdin, "%79[^\n]", pwd);
scanf("%79s", pwd);
#else
for (i = 0; i < sizeof(pwd); i++) {
pwd[i] = getch();
@ -324,7 +213,7 @@ read_password(char *buf, size_t len)
fprintf(stderr, "\n");
#ifndef WINDOWS32
tcsetattr(0, TCSANOW, &old);
tcsetattr(0, TCSANOW, &old);
#endif
strncpy(buf, pwd, len);
@ -332,146 +221,29 @@ read_password(char *buf, size_t len)
}
int
check_topdomain(char *str, int allow_wildcard, char **errormsg)
check_topdomain(char *str)
{
int i;
int dots = 0;
int chunklen = 0;
int i;
if (strlen(str) < 3) {
if (errormsg) *errormsg = "Too short (< 3)";
return 1;
}
if (strlen(str) > 128) {
if (errormsg) *errormsg = "Too long (> 128)";
return 1;
}
if(str[0] == '.') /* special case */
return 1;
if (str[0] == '.') {
if (errormsg) *errormsg = "Starts with a dot";
return 1;
}
for (i = 0; i < strlen(str); i++) {
if (str[i] == '.') {
dots++;
if (chunklen == 0) {
if (errormsg) *errormsg = "Consecutive dots";
return 1;
}
if (chunklen > 63) {
if (errormsg) *errormsg = "Too long domain part (> 63)";
return 1;
}
chunklen = 0;
} else {
chunklen++;
}
if ((str[i] >= 'a' && str[i] <= 'z') || (str[i] >= 'A' && str[i] <= 'Z') ||
isdigit(str[i]) || str[i] == '-' || str[i] == '.') {
continue;
} else if (allow_wildcard && str[i] == '*') {
/* First char allowed to be wildcard, if followed by dot */
if (i == 0) {
if (str[i+1] == '.') {
continue;
}
if (errormsg) *errormsg = "Wildcard (*) must be followed by dot";
return 1;
} else {
if (errormsg) *errormsg = "Wildcard (*) only allowed as first char";
return 1;
}
} else {
if (errormsg) *errormsg = "Contains illegal character (allowed: [a-zA-Z0-9-.])";
return 1;
}
}
if (dots == 0) {
if (errormsg) *errormsg = "No dots";
return 1;
}
if (chunklen == 0) {
if (errormsg) *errormsg = "Ends with a dot";
return 1;
}
if (chunklen > 63) {
if (errormsg) *errormsg = "Too long domain part (> 63)";
return 1;
}
return 0;
for( i = 0; i < strlen(str); i++) {
if( isalpha(str[i]) || isdigit(str[i]) || str[i] == '-' || str[i] == '.' )
continue;
else
return 1;
}
return 0;
}
int
query_datalen(const char *qname, const char *topdomain)
{
/* Return number of data bytes embedded in DNS query name,
* or -1 if domains do not match.
*/
int qpos = strlen(qname);
int tpos = strlen(topdomain);
if (tpos < 3 || qpos < tpos) {
/* Domain or query name too short */
return -1;
}
/* Backward string compare */
qpos--;
tpos--;
while (qpos >= 0) {
if (topdomain[tpos] == '*') {
/* Wild match, is first in topdomain */
if (qname[qpos] == '*') {
/* Don't match against stars in query name */
return -1;
} else if (qpos == 0 || qname[qpos-1] == '.') {
/* Reached start of query name or chunk separator */
return qpos;
}
qpos--;
} else if (tolower(qname[qpos]) == tolower(topdomain[tpos])) {
/* Matching char, exclude wildcard in query name */
if (tpos == 0) {
/* Fully matched domain */
if (qpos == 0 || qname[qpos-1] == '.') {
/* Start of name or has dot before matching topdomain */
return qpos;
}
/* Query name has longer chunk than topdomain */
return -1;
}
tpos--;
qpos--;
} else {
return -1;
}
}
return -1;
}
#if defined(WINDOWS32) || defined(ANDROID)
#ifndef ANDROID
#ifdef WINDOWS32
int
inet_aton(const char *cp, struct in_addr *inp)
{
inp->s_addr = inet_addr(cp);
return inp->s_addr != INADDR_ANY;
}
#endif
void
vwarn(const char *fmt, va_list list)
{
if (fmt) vfprintf(stderr, fmt, list);
#ifndef ANDROID
if (errno == 0) {
fprintf(stderr, ": WSA error %d\n", WSAGetLastError());
} else {
fprintf(stderr, ": %s\n", strerror(errno));
}
#endif
}
void
warn(const char *fmt, ...)
@ -479,7 +251,23 @@ warn(const char *fmt, ...)
va_list list;
va_start(list, fmt);
vwarn(fmt, list);
if (fmt) fprintf(stderr, fmt, list);
if (errno == 0) {
fprintf(stderr, ": WSA error %d\n", WSAGetLastError());
} else {
fprintf(stderr, ": %s\n", strerror(errno));
}
va_end(list);
}
void
warnx(const char *fmt, ...)
{
va_list list;
va_start(list, fmt);
if (fmt) fprintf(stderr, fmt, list);
fprintf(stderr, "\n");
va_end(list);
}
@ -489,71 +277,20 @@ err(int eval, const char *fmt, ...)
va_list list;
va_start(list, fmt);
vwarn(fmt, list);
warn(fmt, list);
va_end(list);
exit(eval);
}
void
vwarnx(const char *fmt, va_list list)
{
if (fmt) vfprintf(stderr, fmt, list);
fprintf(stderr, "\n");
}
void
warnx(const char *fmt, ...)
{
va_list list;
va_start(list, fmt);
vwarnx(fmt, list);
va_end(list);
}
void
errx(int eval, const char *fmt, ...)
{
va_list list;
va_start(list, fmt);
vwarnx(fmt, list);
warnx(fmt, list);
va_end(list);
exit(eval);
}
#endif
int recent_seqno(int ourseqno, int gotseqno)
/* Return 1 if we've seen gotseqno recently (current or up to 3 back).
Return 0 if gotseqno is new (or very old).
*/
{
int i;
for (i = 0; i < 4; i++, ourseqno--) {
if (ourseqno < 0)
ourseqno = 7;
if (gotseqno == ourseqno)
return 1;
}
return 0;
}
#ifndef WINDOWS32
/* Set FD_CLOEXEC flag on file descriptor.
* This stops it from being inherited by system() calls.
*/
void
fd_set_close_on_exec(int fd)
{
int flags;
flags = fcntl(fd, F_GETFD);
if (flags == -1)
err(4, "Failed to get fd flags");
flags |= FD_CLOEXEC;
if (fcntl(fd, F_SETFD, flags) == -1)
err(4, "Failed to set fd flags");
}
#endif

96
src/common.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2015 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -18,32 +17,15 @@
#ifndef __COMMON_H__
#define __COMMON_H__
/* Last byte of raw header is the command */
#define RAW_HDR_LEN 4
#define RAW_HDR_IDENT_LEN 3
#define RAW_HDR_CMD 3
#define RAW_HDR_CMD_LOGIN 0x10
#define RAW_HDR_CMD_DATA 0x20
#define RAW_HDR_CMD_PING 0x30
#define RAW_HDR_CMD_MASK 0xF0
#define RAW_HDR_USR_MASK 0x0F
#define RAW_HDR_GET_CMD(x) ((x)[RAW_HDR_CMD] & RAW_HDR_CMD_MASK)
#define RAW_HDR_GET_USR(x) ((x)[RAW_HDR_CMD] & RAW_HDR_USR_MASK)
extern const unsigned char raw_header[RAW_HDR_LEN];
#include <stdarg.h>
#ifdef WINDOWS32
#include "windows.h"
#else
#include <sys/types.h>
#include <sys/socket.h>
#include <err.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#endif
#define DNS_PORT 53
#ifndef MIN
#define MIN(a,b) ((a)<(b)?(a):(b))
@ -54,6 +36,14 @@ extern const unsigned char raw_header[RAW_HDR_LEN];
#define QUERY_NAME_SIZE 256
#if defined IP_RECVDSTADDR
# define DSTADDR_SOCKOPT IP_RECVDSTADDR
# define dstaddr(x) ((struct in_addr *) CMSG_DATA(x))
#elif defined IP_PKTINFO
# define DSTADDR_SOCKOPT IP_PKTINFO
# define dstaddr(x) (&(((struct in_pktinfo *)(CMSG_DATA(x)))->ipi_addr))
#endif
#if defined IP_MTU_DISCOVER
/* Linux */
# define IP_OPT_DONT_FRAG IP_MTU_DISCOVER
@ -68,13 +58,7 @@ extern const unsigned char raw_header[RAW_HDR_LEN];
# define DONT_FRAG_VALUE 1
#endif
#define T_PRIVATE 65399
/* Undefined RR type; "private use" range, see
* http://www.bind9.net/dns-parameters */
#define T_UNSET 65432
/* Unused RR type, never actually sent */
struct packet
struct packet
{
int len; /* Total packet length */
int sentlen; /* Length of chunk currently transmitted */
@ -87,66 +71,30 @@ struct packet
struct query {
char name[QUERY_NAME_SIZE];
unsigned short type;
unsigned short rcode;
unsigned short id;
struct sockaddr_storage destination;
socklen_t dest_len;
struct sockaddr_storage from;
socklen_t fromlen;
unsigned short id2;
struct sockaddr_storage from2;
socklen_t fromlen2;
struct in_addr destination;
struct sockaddr from;
int fromlen;
};
enum connection {
CONN_RAW_UDP = 0,
CONN_DNS_NULL,
CONN_MAX
};
#ifdef WINDOWS32
static inline void check_superuser(void)
{
}
#else
void check_superuser(void);
#endif
char *format_addr(struct sockaddr_storage *sockaddr, int sockaddr_len);
int get_addr(char *, int, int, int, struct sockaddr_storage *);
int open_dns(struct sockaddr_storage *, size_t);
int open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len,
int v6only);
int open_dns_from_host(char *host, int port, int addr_family, int flags);
void check_superuser(void (*usage_fn)(void));
int open_dns(int, in_addr_t);
void close_dns(int);
void do_chroot(char *);
void do_setcon(char *);
void do_detach(void);
void do_pidfile(char *);
void do_detach();
void read_password(char*, size_t);
int check_topdomain(char *, int, char **);
int check_topdomain(char *);
int query_datalen(const char *qname, const char *topdomain);
#if defined(WINDOWS32) || defined(ANDROID)
#ifndef ANDROID
#ifdef WINDOWS32
int inet_aton(const char *cp, struct in_addr *inp);
#endif
void vwarn(const char *fmt, va_list list);
void warn(const char *fmt, ...);
void err(int eval, const char *fmt, ...);
void vwarnx(const char *fmt, va_list list);
void warnx(const char *fmt, ...);
void warn(const char *fmt, ...);
void errx(int eval, const char *fmt, ...);
#endif
int recent_seqno(int , int);
#ifndef WINDOWS32
void fd_set_close_on_exec(int fd);
void warnx(const char *fmt, ...);
#endif
#endif

647
src/dns.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -21,7 +20,6 @@
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <strings.h>
#include <ctype.h>
#ifdef WINDOWS32
@ -29,15 +27,10 @@
#else
#include <arpa/nameser.h>
#ifdef DARWIN
#define BIND_8_COMPAT
#include <arpa/nameser_compat.h>
#include <arpa/nameser8_compat.h>
#endif
#include <netinet/in.h>
#include <arpa/inet.h>
#include <err.h>
#ifdef ANDROID
#include "android_dns.h"
#endif
#endif
@ -45,26 +38,18 @@
#include "encoding.h"
#include "read.h"
int dnsc_use_edns0 = 1;
#define CHECKLEN(x) if (buflen < (x) + (unsigned)(p-buf)) return 0
int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
const char *data, size_t datalen)
int
dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr, char *data, size_t datalen)
{
HEADER *header;
short name;
char *p;
int len;
int ancnt;
if (buflen < sizeof(HEADER))
return 0;
memset(buf, 0, buflen);
header = (HEADER*)buf;
header->id = htons(q->id);
header->qr = (qr == QR_ANSWER);
header->opcode = 0;
@ -77,290 +62,64 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
switch (qr) {
case QR_ANSWER:
header->ancount = htons(1);
header->qdcount = htons(1);
name = 0xc000 | ((p - buf) & 0x3fff);
/* Question section */
putname(&p, buflen - (p - buf), q->name);
putname(&p, sizeof(q->name), q->name);
CHECKLEN(4);
putshort(&p, q->type);
putshort(&p, C_IN);
/* Answer section */
putshort(&p, name);
putshort(&p, q->type);
putshort(&p, C_IN);
putlong(&p, 0);
if (q->type == T_CNAME || q->type == T_A) {
/* data is expected to be like
* "Hblabla.host.name.com\0" */
char *startp;
int namelen;
CHECKLEN(10);
putshort(&p, name);
if (q->type == T_A)
/* answer CNAME to A question */
putshort(&p, T_CNAME);
else
putshort(&p, q->type);
putshort(&p, C_IN);
putlong(&p, 0); /* TTL */
startp = p;
p += 2; /* skip 2 bytes length */
putname(&p, buflen - (p - buf), data);
CHECKLEN(0);
namelen = p - startp;
namelen -= 2;
putshort(&startp, namelen);
ancnt = 1;
} else if (q->type == T_MX || q->type == T_SRV) {
/* Data is expected to be like
"Hblabla.host.name.com\0Hanother.com\0\0"
For SRV, see RFC2782.
*/
const char *mxdata = data;
char *startp;
int namelen;
ancnt = 1;
while (1) {
CHECKLEN(10);
putshort(&p, name);
putshort(&p, q->type);
putshort(&p, C_IN);
putlong(&p, 0); /* TTL */
startp = p;
p += 2; /* skip 2 bytes length */
CHECKLEN(2);
putshort(&p, 10 * ancnt); /* preference */
if (q->type == T_SRV) {
/* weight, port (5060 = SIP) */
CHECKLEN(4);
putshort(&p, 10);
putshort(&p, 5060);
}
putname(&p, buflen - (p - buf), mxdata);
CHECKLEN(0);
namelen = p - startp;
namelen -= 2;
putshort(&startp, namelen);
mxdata = mxdata + strlen(mxdata) + 1;
if (*mxdata == '\0')
break;
ancnt++;
}
} else if (q->type == T_TXT) {
/* TXT has binary or base-X data */
char *startp;
int txtlen;
CHECKLEN(10);
putshort(&p, name);
putshort(&p, q->type);
putshort(&p, C_IN);
putlong(&p, 0); /* TTL */
startp = p;
p += 2; /* skip 2 bytes length */
puttxtbin(&p, buflen - (p - buf), data, datalen);
CHECKLEN(0);
txtlen = p - startp;
txtlen -= 2;
putshort(&startp, txtlen);
ancnt = 1;
} else {
/* NULL has raw binary data */
CHECKLEN(10);
putshort(&p, name);
putshort(&p, q->type);
putshort(&p, C_IN);
putlong(&p, 0); /* TTL */
datalen = MIN(datalen, buflen - (p - buf));
CHECKLEN(2);
putshort(&p, datalen);
CHECKLEN(datalen);
putdata(&p, data, datalen);
CHECKLEN(0);
ancnt = 1;
}
header->ancount = htons(ancnt);
putshort(&p, datalen);
putdata(&p, data, datalen);
break;
case QR_QUERY:
/* Note that iodined also uses this for forward queries */
header->qdcount = htons(1);
datalen = MIN(datalen, buflen - (p - buf));
header->arcount = htons(1);
putname(&p, datalen, data);
CHECKLEN(4);
putshort(&p, q->type);
putshort(&p, C_IN);
/* EDNS0 to advertise maximum response length
(even CNAME/A/MX, 255+255+header would be >512) */
if (dnsc_use_edns0) {
header->arcount = htons(1);
CHECKLEN(11);
putbyte(&p, 0x00); /* Root */
putshort(&p, 0x0029); /* OPT */
putshort(&p, 0x1000); /* Payload size: 4096 */
putshort(&p, 0x0000); /* Higher bits/edns version */
putshort(&p, 0x8000); /* Z */
putshort(&p, 0x0000); /* Data length */
}
/* EDNS0 */
putbyte(&p, 0x00); /* Root */
putshort(&p, 0x0029); /* OPT */
putshort(&p, 0x1000); /* Payload size: 4096 */
putshort(&p, 0x0000); /* Higher bits/edns version */
putshort(&p, 0x8000); /* Z */
putshort(&p, 0x0000); /* Data length */
break;
}
len = p - buf;
return len;
}
/* Only used when iodined gets a AAAA type query */
/* Mostly same as dns_encode_caa_response() below */
int dns_encode_aaaa_response(char *buf, size_t buflen, struct query *q,
char *topdomain)
{
HEADER *header;
int len;
int domain_len;
char *p;
if (buflen < sizeof(HEADER))
return 0;
memset(buf, 0, buflen);
header = (HEADER*)buf;
header->id = htons(q->id);
header->qr = 1;
header->opcode = 0;
header->aa = 1;
header->tc = 0;
header->rd = 0;
header->ra = 0;
p = buf + sizeof(HEADER);
header->qdcount = htons(1);
header->ancount = htons(0);
domain_len = strlen(q->name) - strlen(topdomain);
if (domain_len < 0 || domain_len == 1)
return -1;
if (strcasecmp(q->name + domain_len, topdomain))
return -1;
if (domain_len >= 1 && q->name[domain_len - 1] != '.')
return -1;
/* Query section */
putname(&p, buflen - (p - buf), q->name); /* Name */
CHECKLEN(4);
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
len = p - buf;
return len;
}
/* Only used when iodined gets a CAA type query */
/* Mostly same as dns_encode_ns_response() below */
int dns_encode_caa_response(char *buf, size_t buflen, struct query *q,
char *topdomain)
{
HEADER *header;
int len;
short name;
int domain_len;
char *p;
if (buflen < sizeof(HEADER))
return 0;
memset(buf, 0, buflen);
header = (HEADER*)buf;
header->id = htons(q->id);
header->qr = 1;
header->opcode = 0;
header->aa = 1;
header->tc = 0;
header->rd = 0;
header->ra = 0;
p = buf + sizeof(HEADER);
header->qdcount = htons(1);
header->ancount = htons(1);
/* pointer to start of name */
name = 0xc000 | ((p - buf) & 0x3fff);
domain_len = strlen(q->name) - strlen(topdomain);
if (domain_len < 0 || domain_len == 1)
return -1;
if (strcasecmp(q->name + domain_len, topdomain))
return -1;
if (domain_len >= 1 && q->name[domain_len - 1] != '.')
return -1;
/* Query section */
putname(&p, buflen - (p - buf), q->name); /* Name */
CHECKLEN(4);
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
/* Answer section */
CHECKLEN(12);
putshort(&p, name); /* Name */
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putshort(&p, 22); /* Data length */
/* caa record */
CHECKLEN(22);
memcpy(p, "\x00\x05\x69\x73\x73\x75\x65\x6c\x65\x74\x73\x65\x6e\x63\x72\x79\x70" \
"\x74\x2e\x6f\x72\x67", 22);
p += 22;
len = p - buf;
return len;
}
/* Only used when iodined gets an NS type query */
/* Mostly same as dns_encode_a_response() below */
int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
char *topdomain)
int
dns_encode_ns_response(char *buf, size_t buflen, struct query *q, char *topdomain)
{
HEADER *header;
int len;
short name;
short topname;
short nsname;
char *ipp;
char *domain;
int domain_len;
char *p;
if (buflen < sizeof(HEADER))
return 0;
memset(buf, 0, buflen);
header = (HEADER*)buf;
header->id = htons(q->id);
header->qr = 1;
header->opcode = 0;
@ -373,139 +132,59 @@ int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
header->qdcount = htons(1);
header->ancount = htons(1);
header->arcount = htons(1);
/* pointer to start of name */
name = 0xc000 | ((p - buf) & 0x3fff);
domain_len = strlen(q->name) - strlen(topdomain);
if (domain_len < 0 || domain_len == 1)
domain = strstr(q->name, topdomain);
if (domain) {
domain_len = (int) (domain - q->name);
} else {
return -1;
if (strcasecmp(q->name + domain_len, topdomain))
return -1;
if (domain_len >= 1 && q->name[domain_len - 1] != '.')
return -1;
/* pointer to start of topdomain; instead of dots at the end
we have length-bytes in front, so total length is the same */
}
/* pointer to start of topdomain */
topname = 0xc000 | ((p - buf + domain_len) & 0x3fff);
/* Query section */
putname(&p, buflen - (p - buf), q->name); /* Name */
CHECKLEN(4);
putname(&p, sizeof(q->name), q->name); /* Name */
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
/* Answer section */
CHECKLEN(12);
putshort(&p, name); /* Name */
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putlong(&p, 0x3ea7d011); /* TTL */
putshort(&p, 5); /* Data length */
/* pointer to ns.topdomain */
nsname = 0xc000 | ((p - buf) & 0x3fff);
CHECKLEN(5);
putbyte(&p, 2);
putbyte(&p, 'n');
putbyte(&p, 's');
putshort(&p, topname); /* Name Server */
/* Do we have an IPv4 address to send? */
if (q->destination.ss_family == AF_INET) {
struct sockaddr_in *dest = (struct sockaddr_in *) &q->destination;
/* One additional record coming */
header->arcount = htons(1);
/* Additional data (A-record of NS server) */
CHECKLEN(12);
putshort(&p, nsname); /* Name Server */
putshort(&p, T_A); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putshort(&p, 4); /* Data length */
/* ugly hack to output IP address */
ipp = (char *) &dest->sin_addr.s_addr;
CHECKLEN(4);
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
putbyte(&p, *ipp);
}
len = p - buf;
return len;
}
/* Only used when iodined gets an A type query for ns.topdomain or
* www.topdomain . Mostly same as dns_encode_ns_response() above */
int dns_encode_a_response(char *buf, size_t buflen, struct query *q)
{
struct sockaddr_in *dest = (struct sockaddr_in *) &q->destination;
HEADER *header;
int len;
short name;
char *ipp;
char *p;
/* Check if we have an IPv4 address to send */
if (q->destination.ss_family != AF_INET)
return -1;
if (buflen < sizeof(HEADER))
return 0;
memset(buf, 0, buflen);
header = (HEADER*)buf;
header->id = htons(q->id);
header->qr = 1;
header->opcode = 0;
header->aa = 1;
header->tc = 0;
header->rd = 0;
header->ra = 0;
p = buf + sizeof(HEADER);
header->qdcount = htons(1);
header->ancount = htons(1);
/* pointer to start of name */
name = 0xc000 | ((p - buf) & 0x3fff);
/* Query section */
putname(&p, buflen - (p - buf), q->name); /* Name */
CHECKLEN(4);
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
/* Answer section */
CHECKLEN(12);
putshort(&p, name); /* Name */
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putshort(&p, 4); /* Data length */
/* Additional data (A-record of NS server) */
putshort(&p, nsname); /* Name Server */
putshort(&p, T_A); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 0x3ea7d011); /* TTL */
putshort(&p, 4); /* Data length */
/* ugly hack to output IP address */
ipp = (char *) &dest->sin_addr.s_addr;
CHECKLEN(4);
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
putbyte(&p, *ipp);
domain = (char *) &q->destination;
putbyte(&p, *domain++);
putbyte(&p, *domain++);
putbyte(&p, *domain++);
putbyte(&p, *domain);
len = p - buf;
return len;
}
#undef CHECKLEN
unsigned short dns_get_id(char *packet, size_t packetlen)
unsigned short
dns_get_id(char *packet, size_t packetlen)
{
HEADER *header;
header = (HEADER*)packet;
@ -516,10 +195,8 @@ unsigned short dns_get_id(char *packet, size_t packetlen)
return ntohs(header->id);
}
#define CHECKLEN(x) if (packetlen < (x) + (unsigned)(data-packet)) return 0
int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
size_t packetlen)
int
dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, size_t packetlen)
{
char name[QUERY_NAME_SIZE];
char rdata[4*1024];
@ -527,21 +204,20 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
short qdcount;
short ancount;
uint32_t ttl;
unsigned short class;
unsigned short type;
short class;
short type;
char *data;
unsigned short rlen;
int id;
short rlen;
int id;
int rv;
q->id2 = 0;
rv = 0;
header = (HEADER*)packet;
/* Reject short packets */
if (packetlen < sizeof(HEADER))
if (packetlen < sizeof(HEADER))
return 0;
if (header->qr != qr) {
warnx("header->qr does not match the requested qr");
return -1;
@ -550,196 +226,71 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
data = packet + sizeof(HEADER);
qdcount = ntohs(header->qdcount);
ancount = ntohs(header->ancount);
id = ntohs(header->id);
id = id & 0xFFFF; /* Kill any sign extension */
rlen = 0;
if (q != NULL)
q->rcode = header->rcode;
switch (qr) {
case QR_ANSWER:
if (qdcount < 1) {
/* We need a question */
if(qdcount != 1 || ancount != 1) {
switch (header->rcode) {
case REFUSED:
warnx("Got REFUSED as reply");
break;
case NOTIMP:
warnx("Got NOTIMP as reply");
break;
case NXDOMAIN:
warnx("Got NXDOMAIN as reply");
break;
case SERVFAIL:
warnx("Got SERVFAIL as reply");
break;
case NOERROR:
default:
warnx("no query or answer in reply packet");
break;
}
return -1;
}
if (q != NULL)
if (q != NULL)
q->id = id;
/* Read name even if no answer, to give better error message */
readname(packet, packetlen, &data, name, sizeof(name));
CHECKLEN(4);
readshort(packet, &data, &type);
readshort(packet, &data, &class);
readname(packet, packetlen, &data, name, sizeof(name));
readshort(packet, &data, &type);
readshort(packet, &data, &class);
readlong(packet, &data, &ttl);
readshort(packet, &data, &rlen);
rv = MIN(rlen, sizeof(rdata));
rv = readdata(packet, &data, rdata, rv);
/* if CHECKLEN okay, then we're sure to have a proper name */
if (q != NULL) {
/* We only need the first char to check it */
q->name[0] = name[0];
q->name[1] = '\0';
if(type == T_NULL && rv >= 2 && buf) {
rv = MIN(rv, buflen);
memcpy(buf, rdata, rv);
}
if (ancount < 1) {
/* DNS errors like NXDOMAIN have ancount=0 and
stop here. CNAME may also have A; MX/SRV may have
multiple results. */
return -1;
}
/* Here type is still the question type */
if (type == T_NULL || type == T_PRIVATE) {
/* Assume that first answer is what we wanted */
readname(packet, packetlen, &data, name, sizeof(name));
CHECKLEN(10);
readshort(packet, &data, &type);
readshort(packet, &data, &class);
readlong(packet, &data, &ttl);
readshort(packet, &data, &rlen);
rv = MIN(rlen, sizeof(rdata));
rv = readdata(packet, &data, rdata, rv);
if (rv >= 2 && buf) {
rv = MIN(rv, buflen);
memcpy(buf, rdata, rv);
} else {
rv = 0;
}
}
else if ((type == T_A || type == T_CNAME) && buf) {
/* Assume that first answer is what we wanted */
readname(packet, packetlen, &data, name, sizeof(name));
CHECKLEN(10);
readshort(packet, &data, &type);
readshort(packet, &data, &class);
readlong(packet, &data, &ttl);
readshort(packet, &data, &rlen);
if (type == T_CNAME) {
/* For tunnels, query type A has CNAME type answer */
memset(name, 0, sizeof(name));
readname(packet, packetlen, &data, name, sizeof(name) - 1);
name[sizeof(name)-1] = '\0';
strncpy(buf, name, buflen);
buf[buflen - 1] = '\0';
rv = strlen(buf);
}
if (type == T_A) {
/* Answer type A includes only 4 bytes.
Not used for tunneling. */
rv = MIN(rlen, sizeof(rdata));
rv = readdata(packet, &data, rdata, rv);
if (rv >= 2 && buf) {
rv = MIN(rv, buflen);
memcpy(buf, rdata, rv);
} else {
rv = 0;
}
}
}
else if ((type == T_MX || type == T_SRV) && buf) {
/* We support 250 records, 250*(255+header) ~= 64kB.
Only exact 10-multiples are accepted, and gaps in
numbering are not jumped over (->truncated).
Hopefully DNS servers won't mess around too much.
*/
char names[250][QUERY_NAME_SIZE];
char *rdatastart;
unsigned short pref;
int i;
int offset;
memset(names, 0, sizeof(names));
for (i = 0; i < ancount; i++) {
readname(packet, packetlen, &data, name, sizeof(name));
CHECKLEN(12);
readshort(packet, &data, &type);
readshort(packet, &data, &class);
readlong(packet, &data, &ttl);
readshort(packet, &data, &rlen);
rdatastart = data;
readshort(packet, &data, &pref);
if (type == T_SRV) {
/* skip weight, port */
data += 4;
CHECKLEN(0);
}
if (pref % 10 == 0 && pref >= 10 &&
pref < 2500) {
readname(packet, packetlen, &data,
names[pref / 10 - 1],
QUERY_NAME_SIZE - 1);
names[pref / 10 - 1]
[QUERY_NAME_SIZE-1] = '\0';
}
/* always trust rlen, not name encoding */
data = rdatastart + rlen;
CHECKLEN(0);
}
/* output is like Hname10.com\0Hname20.com\0\0 */
offset = 0;
i = 0;
while (names[i][0] != '\0') {
int l = MIN(strlen(names[i]), buflen-offset-2);
if (l <= 0)
break;
memcpy(buf + offset, names[i], l);
offset += l;
*(buf + offset) = '\0';
offset++;
i++;
}
*(buf + offset) = '\0';
rv = offset;
}
else if (type == T_TXT && buf) {
/* Assume that first answer is what we wanted */
readname(packet, packetlen, &data, name, sizeof(name));
CHECKLEN(10);
readshort(packet, &data, &type);
readshort(packet, &data, &class);
readlong(packet, &data, &ttl);
readshort(packet, &data, &rlen);
rv = readtxtbin(packet, &data, rlen, rdata,
sizeof(rdata));
if (rv >= 1) {
rv = MIN(rv, buflen);
memcpy(buf, rdata, rv);
} else {
rv = 0;
}
}
/* Here type is the answer type (note A->CNAME) */
if (q != NULL)
q->type = type;
break;
case QR_QUERY:
if (qdcount < 1) {
if (qdcount != 1) {
warnx("no question section in name query");
return -1;
}
memset(name, 0, sizeof(name));
readname(packet, packetlen, &data, name, sizeof(name) - 1);
name[sizeof(name)-1] = '\0';
CHECKLEN(4);
readshort(packet, &data, &type);
readshort(packet, &data, &class);
if (q == NULL) {
rv = 0;
break;
}
strncpy(q->name, name, sizeof(q->name));
q->name[sizeof(q->name) - 1] = '\0';
q->type = type;

17
src/dns.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -25,16 +24,8 @@ typedef enum {
QR_ANSWER = 1
} qr_t;
extern int dnsc_use_edns0;
int dns_encode(char *, size_t, struct query *, qr_t, const char *, size_t);
int dns_encode_aaaa_response(char *buf, size_t buflen, struct query *q,
char *topdomain);
int dns_encode_caa_response(char *buf, size_t buflen, struct query *q,
char *topdomain);
int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
char *topdomain);
int dns_encode_a_response(char *buf, size_t buflen, struct query *q);
int dns_encode(char *, size_t, struct query *, qr_t, char *, size_t);
int dns_encode_ns_response(char *buf, size_t buflen, struct query *q, char *topdomain);
unsigned short dns_get_id(char *packet, size_t packetlen);
int dns_decode(char *, size_t, struct query *, qr_t, char *, size_t);

56
src/encoding.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -16,53 +15,19 @@
*/
#include <string.h>
#include "common.h"
#include "encoding.h"
int build_hostname(char *buf, size_t buflen, const char *data,
const size_t datalen, const char *topdomain,
const struct encoder *encoder, int maxlen)
int
unpack_data(char *buf, size_t buflen, char *data, size_t datalen, struct encoder *enc)
{
size_t space;
char *b;
space = MIN((size_t)maxlen, buflen) - strlen(topdomain) - 8;
/* 8 = 5 max header length + 1 dot before topdomain + 2 safety */
if (!encoder->places_dots)
space -= (space / 57); /* space for dots */
memset(buf, 0, buflen);
encoder->encode(buf, &space, data, datalen);
if (!encoder->places_dots)
inline_dotify(buf, buflen);
b = buf;
b += strlen(buf);
/* move b back one step to see if the dot is there */
b--;
if (*b != '.')
*++b = '.';
b++;
/* move b ahead of the string so we can copy to it */
strncpy(b, topdomain, strlen(topdomain)+1);
return space;
}
int unpack_data(char *buf, size_t buflen, char *data, size_t datalen,
const struct encoder *enc)
{
if (!enc->eats_dots)
if (!enc->eats_dots())
datalen = inline_undotify(data, datalen);
return enc->decode(buf, &buflen, data, datalen);
}
int inline_dotify(char *buf, size_t buflen)
int
inline_dotify(char *buf, size_t buflen)
{
unsigned dots;
unsigned pos;
@ -99,7 +64,8 @@ int inline_dotify(char *buf, size_t buflen)
return total;
}
int inline_undotify(char *buf, size_t len)
int
inline_undotify(char *buf, size_t len)
{
unsigned pos;
unsigned dots;
@ -121,7 +87,7 @@ int inline_undotify(char *buf, size_t len)
*writer++ = *reader++;
pos++;
}
/* return new length of string */
return len - dots;
}

52
src/encoding.h
View File

@ -1,14 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman
* 2006-2009 Bjorn Andersson
* Copyright (c) 2017 Ralf Ramsauer
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Authors:
* Bjorn Andersson <flex@kryo.se>
* Erok Ekman <yarrick@kryo.se>,
* Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -24,42 +17,19 @@
#ifndef _ENCODING_H_
#define _ENCODING_H_
#include <stdbool.h>
/* All-0, all-1, 01010101, 10101010: each 4 times to make sure the pattern
spreads across multiple encoded chars -> 16 bytes total.
Followed by 32 bytes from my /dev/random; should be enough.
*/
#define DOWNCODECCHECK1 \
"\000\000\000\000\377\377\377\377\125\125\125\125\252\252\252\252" \
"\201\143\310\322\307\174\262\027\137\117\316\311\111\055\122\041" \
"\141\251\161\040\045\263\006\163\346\330\104\060\171\120\127\277"
#define DOWNCODECCHECK1_LEN 48
struct encoder {
const char name[8];
int (*encode)(char *dst, size_t *dstlen, const void *src, size_t srclen);
int (*decode)(void *dst, size_t *dstlen, const char *src, size_t srclen);
const bool places_dots;
const bool eats_dots;
const int blocksize_raw;
const int blocksize_encoded;
char name[8];
int (*encode) (char *, size_t *, const void *, size_t);
int (*decode) (void *, size_t *, const char *, size_t);
int (*places_dots) (void);
int (*eats_dots) (void);
int (*blocksize_raw)(void);
int (*blocksize_encoded)(void);
};
int build_hostname(char *, size_t, const char *, const size_t, const char *,
const struct encoder *, int);
int unpack_data(char *, size_t, char *, size_t, const struct encoder *);
int unpack_data(char *, size_t, char *, size_t, struct encoder *);
int inline_dotify(char *, size_t);
int inline_undotify(char *, size_t);
extern const struct encoder base32_ops;
extern const struct encoder base64_ops;
extern const struct encoder base64u_ops;
extern const struct encoder base128_ops;
int b32_5to8(int);
int b32_8to5(int);
#endif
#endif /* _ENCODING_H_ */

8
src/fw_query.c
View File

@ -1,7 +1,7 @@
/*
* Copyright (c) 2008-2014 Erik Ekman <yarrick@kryo.se>
* Copyright (c) 2008 Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -29,9 +29,9 @@ void fw_query_init()
void fw_query_put(struct fw_query *fw_query)
{
memcpy(&(fwq[fwq_ix]), fw_query, sizeof(struct fw_query));
++fwq_ix;
if (fwq_ix >= FW_QUERY_CACHE_SIZE)
if (fwq_ix >= FW_QUERY_CACHE_SIZE)
fwq_ix = 0;
}

8
src/fw_query.h
View File

@ -1,7 +1,7 @@
/*
* Copyright (c) 2008-2014 Erik Ekman <yarrick@kryo.se>
* Copyright (c) 2008 Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -28,12 +28,12 @@
#define FW_QUERY_CACHE_SIZE 16
struct fw_query {
struct sockaddr_storage addr;
struct sockaddr addr;
int addrlen;
unsigned short id;
};
void fw_query_init(void);
void fw_query_init();
void fw_query_put(struct fw_query *fw_query);
void fw_query_get(unsigned short query_id, struct fw_query **fw_query);

1191
src/iodine.c
View File

File diff suppressed because it is too large Load Diff

2660
src/iodined.c
View File

File diff suppressed because it is too large Load Diff

17
src/login.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -21,18 +20,16 @@
#ifdef WINDOWS32
#include "windows.h"
#else
#include <netinet/in.h>
#include <arpa/inet.h>
#endif
#include "login.h"
#include "md5.h"
/*
* Needs a 16byte array for output, and 32 bytes password
/*
* Needs a 16byte array for output, and 32 bytes password
*/
void
login_calculate(char *buf, int buflen, const char *pass, int seed)
void
login_calculate(char *buf, int buflen, char *pass, int seed)
{
unsigned char temp[32];
md5_state_t ctx;
@ -40,7 +37,7 @@ login_calculate(char *buf, int buflen, const char *pass, int seed)
int i;
int k;
if (buflen < 16)
if (buflen < 16)
return;
memcpy(temp, pass, 32);

7
src/login.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -18,7 +17,7 @@
#ifndef __LOGIN_H__
#define __LOGIN_H__
void login_calculate(char *, int, const char *, int);
void login_calculate(char *, int, char *, int);
#endif

44
src/md5.c
View File

@ -157,18 +157,18 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
#endif
#if BYTE_ORDER <= 0 /* little-endian */
{
/*
* On little-endian machines, we can process properly aligned
* data without copying it.
*/
if (!((data - (const md5_byte_t *)0) & 3)) {
/* data are properly aligned */
X = (const md5_word_t *)data;
} else {
/* not aligned */
memcpy(xbuf, data, 64);
X = xbuf;
}
/*
* On little-endian machines, we can process properly aligned
* data without copying it.
*/
if (!((data - (const md5_byte_t *)0) & 3)) {
/* data are properly aligned */
X = (const md5_word_t *)data;
} else {
/* not aligned */
memcpy(xbuf, data, 64);
X = xbuf;
}
}
#endif
#if BYTE_ORDER == 0
@ -176,20 +176,20 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
#endif
#if BYTE_ORDER >= 0 /* big-endian */
{
/*
* On big-endian machines, we must arrange the bytes in the
* right order.
*/
const md5_byte_t *xp = data;
int i;
/*
* On big-endian machines, we must arrange the bytes in the
* right order.
*/
const md5_byte_t *xp = data;
int i;
# if BYTE_ORDER == 0
X = xbuf; /* (dynamic only) */
X = xbuf; /* (dynamic only) */
# else
# define xbuf X /* (static only) */
# endif
for (i = 0; i < 16; ++i, xp += 4)
xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
for (i = 0; i < 16; ++i, xp += 4)
xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
}
#endif
}
@ -342,7 +342,7 @@ md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes)
memcpy(pms->buf + offset, p, copy);
if (offset + copy < 64)
return;
return;
p += copy;
left -= copy;
md5_process(pms, pms->buf);

2
src/md5.h
View File

@ -71,7 +71,7 @@ typedef struct md5_state_s {
} md5_state_t;
#ifdef __cplusplus
extern "C"
extern "C"
{
#endif

25
src/osflags
View File

@ -1,7 +1,5 @@
#!/bin/sh
: "${PKG_CONFIG:=pkg-config}"
case $2 in
link)
@ -18,36 +16,13 @@ link)
windows32)
echo '-lws2_32 -liphlpapi';
;;
Linux)
FLAGS="";
[ -e /usr/include/selinux/selinux.h ] && FLAGS="$FLAGS -lselinux";
"$PKG_CONFIG" --exists libsystemd-daemon && FLAGS="$FLAGS $($PKG_CONFIG --libs libsystemd-daemon)";
"$PKG_CONFIG" --exists libsystemd && FLAGS="$FLAGS $($PKG_CONFIG --libs libsystemd)";
echo $FLAGS;
;;
esac
;;
cflags)
case $1 in
windows32)
echo '-DWINVER=0x0501';
;;
BeOS)
echo '-Dsocklen_t=int';
;;
Darwin)
echo '-D__APPLE_USE_RFC_3542';
;;
Linux)
FLAGS="-D_GNU_SOURCE"
[ -e /usr/include/selinux/selinux.h ] && FLAGS="$FLAGS -DHAVE_SETCON";
"$PKG_CONFIG" --exists libsystemd-daemon && FLAGS="$FLAGS -DHAVE_SYSTEMD";
"$PKG_CONFIG" --exists libsystemd && FLAGS="$FLAGS -DHAVE_SYSTEMD";
echo $FLAGS;
;;
GNU/kFreeBSD|GNU)
echo '-D_GNU_SOURCE'
;;
esac
;;
*)

94
src/read.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -19,8 +18,6 @@
#include <stdint.h>
#include <stdlib.h>
#include "read.h"
static int
readname_loop(char *packet, int packetlen, char **src, char *dst, size_t length, size_t loop)
{
@ -41,7 +38,7 @@ readname_loop(char *packet, int packetlen, char **src, char *dst, size_t length,
c = *s++;
/* is this a compressed label? */
if ((c & 0xc0) == 0xc0) {
if((c & 0xc0) == 0xc0) {
offset = (((s[-1] & 0x3f) << 8) | (s[0] & 0xff));
if (offset > packetlen) {
if (len == 0) {
@ -63,7 +60,7 @@ readname_loop(char *packet, int packetlen, char **src, char *dst, size_t length,
c--;
}
if (len >= length - 1) {
break; /* We used up all space */
}
@ -87,15 +84,15 @@ readname(char *packet, int packetlen, char **src, char *dst, size_t length)
}
int
readshort(char *packet, char **src, unsigned short *dst)
readshort(char *packet, char **src, short *dst)
{
unsigned char *p;
p = (unsigned char *) *src;
*dst = (p[0] << 8) | p[1];
(*src) += sizeof(unsigned short);
return sizeof(unsigned short);
(*src) += sizeof(short);
return sizeof(short);
}
int
@ -106,8 +103,8 @@ readlong(char *packet, char **src, uint32_t *dst)
p = (unsigned char *) *src;
*dst = ((uint32_t)p[0] << 24)
| ((uint32_t)p[1] << 16)
*dst = ((uint32_t)p[0] << 24)
| ((uint32_t)p[1] << 16)
| ((uint32_t)p[2] << 8)
| ((uint32_t)p[3]);
@ -118,6 +115,9 @@ readlong(char *packet, char **src, uint32_t *dst)
int
readdata(char *packet, char **src, char *dst, size_t len)
{
if (len < 0)
return 0;
memcpy(dst, *src, len);
(*src) += len;
@ -125,35 +125,6 @@ readdata(char *packet, char **src, char *dst, size_t len)
return len;
}
int
readtxtbin(char *packet, char **src, size_t srcremain, char *dst, size_t dstremain)
{
unsigned char *uc;
int tocopy;
int dstused = 0;
while (srcremain > 0)
{
uc = (unsigned char*) (*src);
tocopy = *uc;
(*src)++;
srcremain--;
if (tocopy > srcremain)
return 0; /* illegal, better have nothing */
if (tocopy > dstremain)
return 0; /* doesn't fit, better have nothing */
memcpy(dst, *src, tocopy);
dst += tocopy;
(*src) += tocopy;
srcremain -= tocopy;
dstremain -= tocopy;
dstused += tocopy;
}
return dstused;
}
int
putname(char **buf, size_t buflen, const char *host)
{
@ -165,7 +136,7 @@ putname(char **buf, size_t buflen, const char *host)
h = strdup(host);
left = buflen;
p = *buf;
word = strtok(h, ".");
while(word) {
if (strlen(word) > 63 || strlen(word) > left) {
@ -230,43 +201,14 @@ putlong(char **dst, uint32_t value)
}
int
putdata(char **dst, const char *data, size_t len)
putdata(char **dst, char *data, size_t len)
{
memcpy(*dst, data, len);
if (len < 0)
return 0;
memcpy(*dst, data, len);
(*dst) += len;
return len;
}
int
puttxtbin(char **buf, size_t bufremain, const char *from, size_t fromremain)
{
unsigned char uc;
unsigned char *ucp = &uc;
char *cp = (char *) ucp;
int tocopy;
int bufused = 0;
while (fromremain > 0)
{
tocopy = fromremain;
if (tocopy > 252)
tocopy = 252; /* allow off-by-1s in caches etc */
if (tocopy + 1 > bufremain)
return -1; /* doesn't fit, better have nothing */
uc = tocopy;
**buf = *cp;
(*buf)++;
bufremain--;
bufused++;
memcpy(*buf, from, tocopy);
(*buf) += tocopy;
from += tocopy;
bufremain -= tocopy;
fromremain -= tocopy;
bufused += tocopy;
}
return bufused;
}

11
src/read.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -19,16 +18,14 @@
#define _READ_H_
int readname(char *, int, char **, char *, size_t);
int readshort(char *, char **, unsigned short *);
int readshort(char *, char **, short *);
int readlong(char *, char **, uint32_t *);
int readdata(char *, char **, char *, size_t);
int readtxtbin(char *, char **, size_t, char *, size_t);
int putname(char **, size_t, const char *);
int putbyte(char **, unsigned char);
int putshort(char **, unsigned short);
int putlong(char **, uint32_t);
int putdata(char **, const char *, size_t);
int puttxtbin(char **, size_t, const char *, size_t);
int putdata(char **, char *, size_t);
#endif

537
src/tun.c
View File

@ -1,9 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* 2013 Peter Sagerson <psagers.github@ignorare.net>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -26,48 +24,28 @@
#include <sys/stat.h>
#include <fcntl.h>
#ifdef DARWIN
#include <ctype.h>
#include <sys/kern_control.h>
#include <sys/sys_domain.h>
#include <sys/ioctl.h>
#include <net/if_utun.h>
#include <netinet/ip.h>
#endif
#ifndef IFCONFIGPATH
#define IFCONFIGPATH "PATH=/sbin:/bin "
#endif
#ifndef ROUTEPATH
#define ROUTEPATH "PATH=/sbin:/bin "
#endif
#ifdef WINDOWS32
#include "windows.h"
#include <winsock2.h>
#include <winioctl.h>
#include "windows.h"
static HANDLE dev_handle;
static struct tun_data data;
static void get_name(char *ifname, int namelen, char *dev_name);
HANDLE dev_handle;
struct tun_data data;
#define TAP_CONTROL_CODE(request,method) CTL_CODE(FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS)
#define TAP_IOCTL_CONFIG_TUN TAP_CONTROL_CODE(10, METHOD_BUFFERED)
#define TAP_IOCTL_SET_MEDIA_STATUS TAP_CONTROL_CODE(6, METHOD_BUFFERED)
#define TAP_ADAPTER_KEY "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
#define NETWORK_KEY "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
#define TAP_DEVICE_SPACE "\\\\.\\Global\\"
#define TAP_VERSION_ID_0801 "tap0801"
#define TAP_VERSION_ID_0901 "tap0901"
#define TAP_VERSION_ID_0901_ROOT "root\\tap0901"
#define KEY_COMPONENT_ID "ComponentId"
#define NET_CFG_INST_ID "NetCfgInstanceId"
#else
#include <err.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#define TUN_MAX_TRY 50
#endif
@ -75,34 +53,31 @@ static void get_name(char *ifname, int namelen, char *dev_name);
#include "tun.h"
#include "common.h"
static char if_name[250];
char if_name[50];
#ifndef WINDOWS32
#ifdef LINUX
#include <sys/ioctl.h>
#include <net/if.h>
#include <linux/if_tun.h>
int
open_tun(const char *tun_device)
int
open_tun(const char *tun_device)
{
int i;
int tun_fd;
struct ifreq ifreq;
#ifdef ANDROID
char *tunnel = "/dev/tun";
#else
char *tunnel = "/dev/net/tun";
#endif
if ((tun_fd = open(tunnel, O_RDWR)) < 0) {
warn("open_tun: %s", tunnel);
warn("open_tun: %s: %s", tunnel, strerror(errno));
return -1;
}
memset(&ifreq, 0, sizeof(ifreq));
ifreq.ifr_flags = IFF_TUN;
ifreq.ifr_flags = IFF_TUN;
if (tun_device != NULL) {
strncpy(ifreq.ifr_name, tun_device, IFNAMSIZ);
@ -112,12 +87,11 @@ open_tun(const char *tun_device)
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
fd_set_close_on_exec(tun_fd);
return tun_fd;
}
if (errno != EBUSY) {
warn("open_tun: ioctl[TUNSETIFF]");
warn("open_tun: ioctl[TUNSETIFF]: %s", strerror(errno));
return -1;
}
} else {
@ -127,26 +101,65 @@ open_tun(const char *tun_device)
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
snprintf(if_name, sizeof(if_name), "dns%d", i);
fd_set_close_on_exec(tun_fd);
return tun_fd;
}
if (errno != EBUSY) {
warn("open_tun: ioctl[TUNSETIFF]");
warn("open_tun: ioctl[TUNSETIFF]: %s", strerror(errno));
return -1;
}
}
warn("open_tun: Couldn't set interface name");
}
warn("error when opening tun");
return -1;
}
#elif WINDOWS32
#else /* BSD */
int
open_tun(const char *tun_device)
{
int i;
int tun_fd;
char tun_name[50];
if (tun_device != NULL) {
snprintf(tun_name, sizeof(tun_name), "/dev/%s", tun_device);
strncpy(if_name, tun_device, sizeof(if_name));
if_name[sizeof(if_name)-1] = '\0';
if ((tun_fd = open(tun_name, O_RDWR)) < 0) {
warn("open_tun: %s: %s", tun_name, strerror(errno));
return -1;
}
fprintf(stderr, "Opened %s\n", tun_name);
return tun_fd;
} else {
for (i = 0; i < TUN_MAX_TRY; i++) {
snprintf(tun_name, sizeof(tun_name), "/dev/tun%d", i);
if ((tun_fd = open(tun_name, O_RDWR)) >= 0) {
fprintf(stderr, "Opened %s\n", tun_name);
snprintf(if_name, sizeof(if_name), "tun%d", i);
return tun_fd;
}
if (errno == ENOENT)
break;
}
warn("open_tun: Failed to open tunneling device");
}
return -1;
}
#endif /* !LINUX */
#else /* WINDOWS32 */
static void
get_device(char *device, int device_len, const char *wanted_dev)
get_device(char *device, int device_len)
{
LONG status;
HKEY adapter_key;
@ -156,10 +169,10 @@ get_device(char *device, int device_len, const char *wanted_dev)
status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, TAP_ADAPTER_KEY, 0, KEY_READ, &adapter_key);
if (status != ERROR_SUCCESS) {
warnx("Error opening registry key " TAP_ADAPTER_KEY);
warnx("Error opening registry key " TAP_ADAPTER_KEY );
return;
}
while (TRUE) {
char name[256];
char unit[256];
@ -176,7 +189,7 @@ get_device(char *device, int device_len, const char *wanted_dev)
if (status == ERROR_NO_MORE_ITEMS) {
break;
} else if (status != ERROR_SUCCESS) {
warnx("Error enumerating subkeys of registry key " TAP_ADAPTER_KEY);
warnx("Error enumerating subkeys of registry key " TAP_ADAPTER_KEY );
break;
}
@ -194,27 +207,15 @@ get_device(char *device, int device_len, const char *wanted_dev)
goto next;
}
if (strncmp(TAP_VERSION_ID_0801, component, strlen(TAP_VERSION_ID_0801)) == 0 ||
strncmp(TAP_VERSION_ID_0901, component, strlen(TAP_VERSION_ID_0901)) == 0 ||
strncmp(TAP_VERSION_ID_0901_ROOT, component, strlen(TAP_VERSION_ID_0901_ROOT)) == 0) {
strncmp(TAP_VERSION_ID_0901, component, strlen(TAP_VERSION_ID_0901)) == 0) {
/* We found a TAP32 device, get its NetCfgInstanceId */
char iid_string[256] = NET_CFG_INST_ID;
status = RegQueryValueEx(device_key, iid_string, NULL, &datatype, (LPBYTE) device, (DWORD *) &device_len);
if (status != ERROR_SUCCESS || datatype != REG_SZ) {
warnx("Error reading registry key %s\\%s on TAP device", unit, iid_string);
} else {
/* Done getting GUID of TAP device,
* now check if the name is the requested one */
if (wanted_dev) {
char name[250];
get_name(name, sizeof(name), device);
if (strncmp(name, wanted_dev, strlen(wanted_dev))) {
/* Skip if name mismatch */
goto next;
}
}
/* Get the if name */
get_name(if_name, sizeof(if_name), device);
/* Done getting name of TAP device */
RegCloseKey(device_key);
return;
}
@ -226,35 +227,6 @@ next:
RegCloseKey(adapter_key);
}
static void
get_name(char *ifname, int namelen, char *dev_name)
{
char path[256];
char name_str[256] = "Name";
LONG status;
HKEY conn_key;
DWORD len;
DWORD datatype;
memset(ifname, 0, namelen);
snprintf(path, sizeof(path), NETWORK_KEY "\\%s\\Connection", dev_name);
status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, path, 0, KEY_READ, &conn_key);
if (status != ERROR_SUCCESS) {
fprintf(stderr, "Could not look up name of interface %s: error opening key\n", dev_name);
RegCloseKey(conn_key);
return;
}
len = namelen;
status = RegQueryValueEx(conn_key, name_str, NULL, &datatype, (LPBYTE)ifname, &len);
if (status != ERROR_SUCCESS || datatype != REG_SZ) {
fprintf(stderr, "Could not look up name of interface %s: error reading value\n", dev_name);
RegCloseKey(conn_key);
return;
}
RegCloseKey(conn_key);
}
DWORD WINAPI tun_reader(LPVOID arg)
{
struct tun_data *tun = arg;
@ -264,7 +236,7 @@ DWORD WINAPI tun_reader(LPVOID arg)
OVERLAPPED olpd;
int sock;
sock = open_dns_from_host("127.0.0.1", 0, AF_INET, 0);
sock = open_dns(0, INADDR_ANY);
olpd.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
@ -275,326 +247,132 @@ DWORD WINAPI tun_reader(LPVOID arg)
if (!res) {
WaitForSingleObject(olpd.hEvent, INFINITE);
res = GetOverlappedResult(dev_handle, &olpd, (LPDWORD) &len, FALSE);
res = sendto(sock, buf, len, 0, (struct sockaddr*) &(tun->addr),
tun->addrlen);
res = sendto(sock, buf, len, 0, (struct sockaddr*) &(tun->addr),
sizeof(struct sockaddr_in));
}
}
return 0;
}
int
open_tun(const char *tun_device)
int
open_tun(const char *tun_device)
{
char adapter[256];
char tapfile[512];
int tunfd;
struct sockaddr_storage localsock;
int localsock_len;
in_addr_t local;
memset(adapter, 0, sizeof(adapter));
memset(if_name, 0, sizeof(if_name));
get_device(adapter, sizeof(adapter), tun_device);
get_device(adapter, sizeof(adapter));
if (strlen(adapter) == 0 || strlen(if_name) == 0) {
if (tun_device) {
warnx("No TAP adapters found. Try without -d.");
} else {
warnx("No TAP adapters found. Version 0801 and 0901 are supported.");
}
if (strlen(adapter) == 0) {
warnx("No TAP adapters found. See README-win32.txt for help.\n");
return -1;
}
fprintf(stderr, "Opening device %s\n", if_name);
snprintf(tapfile, sizeof(tapfile), "%s%s.tap", TAP_DEVICE_SPACE, adapter);
fprintf(stderr, "Opening device %s\n", tapfile);
dev_handle = CreateFile(tapfile, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, NULL);
if (dev_handle == INVALID_HANDLE_VALUE) {
warnx("Could not open device!");
return -1;
}
/* TODO get name of interface */
strncpy(if_name, "dns", MIN(4, sizeof(if_name)));
/* Use a UDP connection to forward packets from tun,
* so we can still use select() in main code.
* A thread does blocking reads on tun device and
* A thread does blocking reads on tun device and
* sends data as udp to this socket */
localsock_len = get_addr("127.0.0.1", 55353, AF_INET, 0, &localsock);
tunfd = open_dns(&localsock, localsock_len);
local = htonl(0x7f000001); /* 127.0.0.1 */
tunfd = open_dns(55353, local);
data.tun = dev_handle;
memcpy(&(data.addr), &localsock, localsock_len);
data.addrlen = localsock_len;
memset(&(data.addr), 0, sizeof(data.addr));
data.addr.sin_family = AF_INET;
data.addr.sin_port = htons(55353);
data.addr.sin_addr.s_addr = local;
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)tun_reader, &data, 0, NULL);
return tunfd;
}
#endif
#else /* BSD and friends */
#ifdef DARWIN
/* Extract the device number from the name, if given. The value returned will
* be suitable for sockaddr_ctl.sc_unit, which means 0 for auto-assign, or
* (n + 1) for manual.
*/
static int
utun_unit(const char *dev)
{
const char *unit_str = dev;
int unit = 0;
if (!dev)
return -1;
while (*unit_str != '\0' && !isdigit(*unit_str))
unit_str++;
if (isdigit(*unit_str))
unit = strtol(unit_str, NULL, 10) + 1;
return unit;
}
static int
open_utun(const char *dev)
{
struct sockaddr_ctl addr;
struct ctl_info info;
char ifname[10];
socklen_t ifname_len = sizeof(ifname);
int unit;
int fd = -1;
int err = 0;
fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
if (fd < 0) {
warn("open_utun: socket(PF_SYSTEM)");
return -1;
}
/* Look up the kernel controller ID for utun devices. */
bzero(&info, sizeof(info));
strncpy(info.ctl_name, UTUN_CONTROL_NAME, MAX_KCTL_NAME);
err = ioctl(fd, CTLIOCGINFO, &info);
if (err != 0) {
warn("open_utun: ioctl(CTLIOCGINFO)");
close(fd);
return -1;
}
/* Connecting to the socket creates the utun device. */
addr.sc_len = sizeof(addr);
addr.sc_family = AF_SYSTEM;
addr.ss_sysaddr = AF_SYS_CONTROL;
addr.sc_id = info.ctl_id;
unit = utun_unit(dev);
if (unit < 0) {
close(fd);
return -1;
}
addr.sc_unit = unit;
err = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
if (err != 0) {
warn("open_utun: connect");
close(fd);
return -1;
}
/* Retrieve the assigned interface name. */
err = getsockopt(fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, ifname, &ifname_len);
if (err != 0) {
warn("open_utun: getsockopt(UTUN_OPT_IFNAME)");
close(fd);
return -1;
}
strncpy(if_name, ifname, sizeof(if_name));
fprintf(stderr, "Opened %s\n", ifname);
fd_set_close_on_exec(fd);
return fd;
}
#endif
int
open_tun(const char *tun_device)
{
int i;
int tun_fd;
char tun_name[50];
if (tun_device != NULL) {
#ifdef DARWIN
if (!strncmp(tun_device, "utun", 4)) {
tun_fd = open_utun(tun_device);
if (tun_fd >= 0) {
return tun_fd;
}
}
#endif
snprintf(tun_name, sizeof(tun_name), "/dev/%s", tun_device);
strncpy(if_name, tun_device, sizeof(if_name));
if_name[sizeof(if_name)-1] = '\0';
if ((tun_fd = open(tun_name, O_RDWR)) < 0) {
warn("open_tun: %s", tun_name);
return -1;
}
fprintf(stderr, "Opened %s\n", tun_name);
fd_set_close_on_exec(tun_fd);
return tun_fd;
} else {
for (i = 0; i < TUN_MAX_TRY; i++) {
snprintf(tun_name, sizeof(tun_name), "/dev/tun%d", i);
if ((tun_fd = open(tun_name, O_RDWR)) >= 0) {
fprintf(stderr, "Opened %s\n", tun_name);
snprintf(if_name, sizeof(if_name), "tun%d", i);
fd_set_close_on_exec(tun_fd);
return tun_fd;
}
if (errno == ENOENT)
break;
}
#ifdef DARWIN
fprintf(stderr, "No tun devices found, trying utun\n");
for (i = 0; i < TUN_MAX_TRY; i++) {
snprintf(tun_name, sizeof(tun_name), "utun%d", i);
tun_fd = open_utun(tun_name);
if (tun_fd >= 0) {
return tun_fd;
}
}
#endif
warn("open_tun: Failed to open tunneling device");
}
return -1;
}
#endif
void
close_tun(int tun_fd)
void
close_tun(int tun_fd)
{
if (tun_fd >= 0)
close(tun_fd);
}
#ifdef WINDOWS32
int
write_tun(int tun_fd, char *data, size_t len)
int
write_tun(int tun_fd, char *data, size_t len)
{
DWORD written;
DWORD res;
OVERLAPPED olpd;
#if defined (FREEBSD) || defined (DARWIN) || defined(NETBSD) || defined(WINDOWS32)
data += 4;
len -= 4;
#else /* !FREEBSD/DARWIN */
#ifdef LINUX
data[0] = 0x00;
data[1] = 0x00;
data[2] = 0x08;
data[3] = 0x00;
#else /* OPENBSD */
data[0] = 0x00;
data[1] = 0x00;
data[2] = 0x00;
data[3] = 0x02;
#endif /* !LINUX */
#endif /* FREEBSD */
olpd.Offset = 0;
olpd.OffsetHigh = 0;
olpd.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
res = WriteFile(dev_handle, data, len, &written, &olpd);
if (!res && GetLastError() == ERROR_IO_PENDING) {
WaitForSingleObject(olpd.hEvent, INFINITE);
res = GetOverlappedResult(dev_handle, &olpd, &written, FALSE);
if (written != len) {
return -1;
#ifndef WINDOWS32
if (write(tun_fd, data, len) != len) {
warn("write_tun");
return 1;
}
#else /* WINDOWS32 */
{
DWORD written;
DWORD res;
OVERLAPPED olpd;
olpd.Offset = 0;
olpd.OffsetHigh = 0;
olpd.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
res = WriteFile(dev_handle, data, len, &written, &olpd);
if (!res && GetLastError() == ERROR_IO_PENDING) {
WaitForSingleObject(olpd.hEvent, INFINITE);
res = GetOverlappedResult(dev_handle, &olpd, &written, FALSE);
if (written != len) {
return -1;
}
}
}
#endif
return 0;
}
ssize_t
read_tun(int tun_fd, char *buf, size_t len)
read_tun(int tun_fd, char *buf, size_t len)
{
#if defined (FREEBSD) || defined (DARWIN) || defined(NETBSD) || defined(WINDOWS32)
/* FreeBSD/Darwin/NetBSD has no header */
int bytes;
memset(buf, 0, 4);
bytes = recv(tun_fd, buf + 4, len - 4, 0);
bytes = recv(tun_fd, buf + 4, len, 0);
if (bytes < 0) {
return bytes;
} else {
return bytes + 4;
}
}
#else
static int
tun_uses_header(void)
{
#if defined (FREEBSD) || defined (NETBSD)
/* FreeBSD/NetBSD has no header */
return 0;
#elif defined (DARWIN)
/* Darwin tun has no header, Darwin utun does */
return !strncmp(if_name, "utun", 4);
#else /* LINUX/OPENBSD */
return 1;
#endif
#else /* !FREEBSD */
return read(tun_fd, buf, len);
#endif /* !FREEBSD */
}
int
write_tun(int tun_fd, char *data, size_t len)
{
if (!tun_uses_header()) {
data += 4;
len -= 4;
} else {
#ifdef LINUX
// Linux prefixes with 32 bits ethertype
// 0x0800 for IPv4, 0x86DD for IPv6
data[0] = 0x00;
data[1] = 0x00;
data[2] = 0x08;
data[3] = 0x00;
#else /* OPENBSD and DARWIN(utun) */
// BSDs prefix with 32 bits address family
// AF_INET for IPv4, AF_INET6 for IPv6
data[0] = 0x00;
data[1] = 0x00;
data[2] = 0x00;
data[3] = 0x02;
#endif
}
if (write(tun_fd, data, len) != len) {
warn("write_tun");
return 1;
}
return 0;
}
ssize_t
read_tun(int tun_fd, char *buf, size_t len)
{
if (!tun_uses_header()) {
int bytes;
memset(buf, 0, 4);
bytes = read(tun_fd, buf + 4, len - 4);
if (bytes < 0) {
return bytes;
} else {
return bytes + 4;
}
} else {
return read(tun_fd, buf, len);
}
}
#endif
int
tun_setip(const char *ip, const char *other_ip, int netbits)
tun_setip(const char *ip, int netbits)
{
char cmdline[512];
int netmask;
@ -608,11 +386,6 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
DWORD ipdata[3];
struct in_addr addr;
DWORD len;
#else
const char *display_ip;
#ifndef LINUX
struct in_addr netip;
#endif
#endif
netmask = 0;
@ -627,32 +400,24 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
return 1;
}
#ifndef WINDOWS32
# ifdef FREEBSD
display_ip = other_ip; /* FreeBSD wants other IP as second IP */
# else
display_ip = ip;
# endif
snprintf(cmdline, sizeof(cmdline),
IFCONFIGPATH "ifconfig %s %s %s netmask %s",
snprintf(cmdline, sizeof(cmdline),
"/sbin/ifconfig %s %s %s netmask %s",
if_name,
ip,
display_ip,
ip,
inet_ntoa(net));
fprintf(stderr, "Setting IP of %s to %s\n", if_name, ip);
#ifndef LINUX
netip.s_addr = inet_addr(ip);
netip.s_addr = netip.s_addr & net.s_addr;
r = system(cmdline);
if (r != 0) {
if(r != 0) {
return r;
} else {
snprintf(cmdline, sizeof(cmdline),
ROUTEPATH "route add %s/%d %s",
inet_ntoa(netip), netbits, ip);
"/sbin/route add %s/%d %s",
ip, netbits, ip);
}
fprintf(stderr, "Adding route %s/%d to %s\n", inet_ntoa(netip), netbits, ip);
fprintf(stderr, "Adding route %s/%d to %s\n", ip, netbits, ip);
#endif
return system(cmdline);
#else /* WINDOWS32 */
@ -660,13 +425,13 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
/* Set device as connected */
fprintf(stderr, "Enabling interface '%s'\n", if_name);
status = 1;
r = DeviceIoControl(dev_handle, TAP_IOCTL_SET_MEDIA_STATUS, &status,
r = DeviceIoControl(dev_handle, TAP_IOCTL_SET_MEDIA_STATUS, &status,
sizeof(status), &status, sizeof(status), &len, NULL);
if (!r) {
fprintf(stderr, "Failed to enable interface\n");
return -1;
}
if (inet_aton(ip, &addr)) {
ipdata[0] = (DWORD) addr.s_addr; /* local ip addr */
ipdata[1] = net.s_addr & ipdata[0]; /* network addr */
@ -676,7 +441,7 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
}
/* Tell ip/networkaddr/netmask to device for arp use */
r = DeviceIoControl(dev_handle, TAP_IOCTL_CONFIG_TUN, &ipdata,
r = DeviceIoControl(dev_handle, TAP_IOCTL_CONFIG_TUN, &ipdata,
sizeof(ipdata), &ipdata, sizeof(ipdata), &len, NULL);
if (!r) {
fprintf(stderr, "Failed to set interface in TUN mode\n");
@ -691,18 +456,18 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
#endif
}
int
int
tun_setmtu(const unsigned mtu)
{
#ifndef WINDOWS32
char cmdline[512];
if (mtu > 200 && mtu <= 1500) {
snprintf(cmdline, sizeof(cmdline),
IFCONFIGPATH "ifconfig %s mtu %u",
snprintf(cmdline, sizeof(cmdline),
"/sbin/ifconfig %s mtu %u",
if_name,
mtu);
fprintf(stderr, "Setting MTU of %s to %u\n", if_name, mtu);
return system(cmdline);
} else {

7
src/tun.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -22,7 +21,7 @@ int open_tun(const char *);
void close_tun(int);
int write_tun(int, char *, size_t);
ssize_t read_tun(int, char *, size_t);
int tun_setip(const char *, const char *, int);
int tun_setip(const char *, int);
int tun_setmtu(const unsigned);
#endif /* _TUN_H_ */

124
src/user.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -22,11 +21,16 @@
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#ifdef WINDOWS32
#include <winsock2.h>
#else
#include <err.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <netdb.h>
#endif
@ -34,14 +38,15 @@
#include "encoding.h"
#include "user.h"
struct tun_user *users;
unsigned usercount;
struct user users[USERS];
int init_users(in_addr_t my_ip, int netbits)
int
init_users(in_addr_t my_ip, int netbits)
{
int i;
int skip = 0;
char newip[32];
char newip[16];
int created_users = 0;
int maxusers;
@ -57,10 +62,9 @@ int init_users(in_addr_t my_ip, int netbits)
ipstart.s_addr = my_ip & net.s_addr;
maxusers = (1 << (32-netbits)) - 3; /* 3: Net addr, broadcast addr, iodined addr */
usercount = MIN(maxusers, USERS);
users = calloc(usercount, sizeof(struct tun_user));
for (i = 0; i < usercount; i++) {
memset(users, 0, USERS * sizeof(struct user));
for (i = 0; i < USERS; i++) {
in_addr_t ip;
users[i].id = i;
snprintf(newip, sizeof(newip), "0.0.0.%d", i + skip + 1);
@ -73,34 +77,51 @@ int init_users(in_addr_t my_ip, int netbits)
}
users[i].tun_ip = ip;
net.s_addr = ip;
users[i].disabled = 0;
users[i].authenticated = 0;
users[i].authenticated_raw = 0;
users[i].options_locked = 0;
users[i].active = 0;
/* Rest is reset on login ('V' packet) */
if (maxusers-- < 1) {
users[i].disabled = 1;
} else {
users[i].disabled = 0;
created_users++;
}
users[i].inpacket.len = 0;
users[i].inpacket.offset = 0;
users[i].outpacket.len = 0;
users[i].q.id = 0;
users[i].out_acked_seqno = 0;
users[i].out_acked_fragment = 0;
users[i].fragsize = 4096;
}
return usercount;
return created_users;
}
const char *users_get_first_ip(void)
int
users_waiting_on_reply()
{
struct in_addr ip;
ip.s_addr = users[0].tun_ip;
return strdup(inet_ntoa(ip));
int ret;
int i;
ret = 0;
for (i = 0; i < USERS; i++) {
if (users[i].active && !users[i].disabled &&
users[i].last_pkt + 60 > time(NULL) &&
users[i].q.id != 0) {
ret++;
}
}
return ret;
}
int find_user_by_ip(uint32_t ip)
int
find_user_by_ip(uint32_t ip)
{
int ret;
int i;
ret = -1;
for (i = 0; i < usercount; i++) {
if (users[i].active &&
users[i].authenticated &&
!users[i].disabled &&
for (i = 0; i < USERS; i++) {
if (users[i].active && !users[i].disabled &&
users[i].last_pkt + 60 > time(NULL) &&
ip == users[i].tun_ip) {
ret = i;
@ -110,12 +131,8 @@ int find_user_by_ip(uint32_t ip)
return ret;
}
/* If this returns true, then reading from tun device is blocked.
So only return true when all clients have at least one packet in
the outpacket-queue, so that sending back-to-back is possible
without going through another select loop.
*/
int all_users_waiting_to_send(void)
int
all_users_waiting_to_send()
{
time_t now;
int ret;
@ -123,18 +140,10 @@ int all_users_waiting_to_send(void)
ret = 1;
now = time(NULL);
for (i = 0; i < usercount; i++) {
for (i = 0; i < USERS; i++) {
if (users[i].active && !users[i].disabled &&
users[i].last_pkt + 60 > now &&
((users[i].conn == CONN_RAW_UDP) ||
((users[i].conn == CONN_DNS_NULL)
#ifdef OUTPACKETQ_LEN
&& users[i].outpacketq_filled < 1
#else
&& users[i].outpacket.len == 0
#endif
))) {
users[i].outpacket.len == 0) {
ret = 0;
break;
}
@ -142,20 +151,16 @@ int all_users_waiting_to_send(void)
return ret;
}
int find_available_user(void)
int
find_available_user()
{
int ret = -1;
int i;
for (i = 0; i < usercount; i++) {
for (i = 0; i < USERS; i++) {
/* Not used at all or not used in one minute */
if ((!users[i].active || users[i].last_pkt + 60 < time(NULL)) && !users[i].disabled) {
users[i].active = 1;
users[i].authenticated = 0;
users[i].authenticated_raw = 0;
users[i].options_locked = 0;
users[i].last_pkt = time(NULL);
users[i].fragsize = 4096;
users[i].conn = CONN_DNS_NULL;
ret = i;
break;
}
@ -163,22 +168,11 @@ int find_available_user(void)
return ret;
}
void user_switch_codec(int userid, const struct encoder *enc)
void
user_switch_codec(int userid, struct encoder *enc)
{
if (userid < 0 || userid >= usercount)
if (userid < 0 || userid >= USERS)
return;
users[userid].encoder = enc;
}
void user_set_conn_type(int userid, enum connection c)
{
if (userid < 0 || userid >= usercount)
return;
if (c < CONN_RAW_UDP || c >= CONN_MAX)
return;
users[userid].conn = c;
}

63
src/user.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -20,72 +19,30 @@
#define USERS 16
#define OUTPACKETQ_LEN 4 /* Note: 16 users * 1 packet = 1MB */
/* Undefine to have no queue for packets coming in from tun device, which may
lead to massive dropping in multi-user situations with high traffic. */
#define DNSCACHE_LEN 4
/* Undefine to disable. Should be less than 18; also see comments in iodined.c */
#define QMEMPING_LEN 30
/* Max advisable: 64k/2 = 32000. Total mem usage: QMEMPING_LEN * USERS * 6 bytes */
#define QMEMDATA_LEN 15
/* Max advisable: 36/2 = 18. Total mem usage: QMEMDATA_LEN * USERS * 6 bytes */
struct tun_user {
struct user {
char id;
int active;
int authenticated;
int authenticated_raw;
int options_locked;
int disabled;
time_t last_pkt;
int seed;
in_addr_t tun_ip;
struct sockaddr_storage host;
socklen_t hostlen;
struct in_addr host;
struct query q;
struct query q_sendrealsoon;
int q_sendrealsoon_new;
struct packet inpacket;
struct packet outpacket;
int outfragresent;
const struct encoder *encoder;
char downenc;
struct encoder *encoder;
int out_acked_seqno;
int out_acked_fragment;
int fragsize;
enum connection conn;
int lazy;
unsigned char qmemping_cmc[QMEMPING_LEN * 4];
unsigned short qmemping_type[QMEMPING_LEN];
int qmemping_lastfilled;
unsigned char qmemdata_cmc[QMEMDATA_LEN * 4];
unsigned short qmemdata_type[QMEMDATA_LEN];
int qmemdata_lastfilled;
#ifdef OUTPACKETQ_LEN
struct packet outpacketq[OUTPACKETQ_LEN];
int outpacketq_nexttouse;
int outpacketq_filled;
#endif
#ifdef DNSCACHE_LEN
struct query dnscache_q[DNSCACHE_LEN];
char dnscache_answer[DNSCACHE_LEN][4096];
int dnscache_answerlen[DNSCACHE_LEN];
int dnscache_lastfilled;
#endif
};
extern struct tun_user *users;
extern struct user users[USERS];
int init_users(in_addr_t, int);
const char* users_get_first_ip(void);
int users_waiting_on_reply();
int find_user_by_ip(uint32_t);
int all_users_waiting_to_send(void);
int find_available_user(void);
void user_switch_codec(int userid, const struct encoder *enc);
void user_set_conn_type(int userid, enum connection c);
int all_users_waiting_to_send();
int find_available_user();
void user_switch_codec(int userid, struct encoder *enc);
#endif

89
src/util.c
View File

@ -1,89 +0,0 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdio.h>
#include "common.h"
#include "util.h"
char *get_resolvconf_addr(void)
{
static char addr[16];
char *rv = NULL;
#ifndef WINDOWS32
char buf[80];
FILE *fp;
#ifdef ANDROID
fp = popen("getprop net.dns1", "r");
if (fp == NULL)
err(1, "getprop net.dns1 failed");
if (fgets(buf, sizeof(buf), fp) == NULL)
err(1, "read getprop net.dns1 failed");
if (sscanf(buf, "%15s", addr) == 1)
rv = addr;
pclose(fp);
#else
if ((fp = fopen("/etc/resolv.conf", "r")) == NULL)
err(1, "/etc/resolv.conf");
while (feof(fp) == 0) {
fgets(buf, sizeof(buf), fp);
if (sscanf(buf, "nameserver %15s", addr) == 1) {
rv = addr;
break;
}
}
fclose(fp);
#endif
#else /* !WINDOWS32 */
FIXED_INFO *fixed_info;
ULONG buflen;
DWORD ret;
fixed_info = malloc(sizeof(FIXED_INFO));
buflen = sizeof(FIXED_INFO);
if (GetNetworkParams(fixed_info, &buflen) == ERROR_BUFFER_OVERFLOW) {
/* official ugly api workaround */
free(fixed_info);
fixed_info = malloc(buflen);
}
ret = GetNetworkParams(fixed_info, &buflen);
if (ret == NO_ERROR) {
strncpy(addr, fixed_info->DnsServerList.IpAddress.String, sizeof(addr));
addr[15] = 0;
rv = addr;
}
free(fixed_info);
#endif
return rv;
}
#ifdef OPENBSD
void
socket_setrtable(int fd, int rtable)
{
#ifdef SO_RTABLE
if (setsockopt (fd, IPPROTO_IP, SO_RTABLE, &rtable, sizeof(rtable)) == -1)
err(1, "Failed to set routing table %d", rtable);
#else
fprintf(stderr, "Routing domain support was not available at compile time.\n");
#endif
}
#endif

7
src/version.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -20,7 +19,7 @@
/* This is the version of the network protocol
It is usually equal to the latest iodine version number */
#define PROTOCOL_VERSION 0x00000502
#define VERSION 0x00000500
#endif /* _VERSION_H_ */

97
src/windows.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -20,85 +19,67 @@
typedef unsigned int in_addr_t;
#include <winsock2.h>
#include <windows.h>
#include <windns.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <iphlpapi.h>
/* Missing from the mingw headers */
#ifndef DNS_TYPE_SRV
# define DNS_TYPE_SRV 33
#endif
#ifndef DNS_TYPE_TXT
# define DNS_TYPE_TXT 16
#endif
#define T_A DNS_TYPE_A
#define T_NS DNS_TYPE_NS
#define T_NULL DNS_TYPE_NULL
#define T_CNAME DNS_TYPE_CNAME
#define T_MX DNS_TYPE_MX
#define T_TXT DNS_TYPE_TXT
#define T_SRV DNS_TYPE_SRV
#define C_IN 1
#define FORMERR 1
#define SERVFAIL 2
#define NXDOMAIN 3
#define NOTIMP 4
#define REFUSED 5
#define sleep(seconds) Sleep((seconds)*1000)
typedef struct {
unsigned id :16; /* query identification number */
/* fields in third byte */
unsigned rd :1; /* recursion desired */
unsigned tc :1; /* truncated message */
unsigned aa :1; /* authoritive answer */
unsigned opcode :4; /* purpose of message */
unsigned qr :1; /* response flag */
/* fields in fourth byte */
unsigned rcode :4; /* response code */
unsigned cd: 1; /* checking disabled by resolver */
unsigned ad: 1; /* authentic data from named */
unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */
unsigned ra :1; /* recursion available */
/* remaining bytes */
unsigned qdcount :16; /* number of question entries */
unsigned ancount :16; /* number of answer entries */
unsigned nscount :16; /* number of authority entries */
unsigned arcount :16; /* number of resource entries */
unsigned id :16; /* query identification number */
/* fields in third byte */
unsigned rd :1; /* recursion desired */
unsigned tc :1; /* truncated message */
unsigned aa :1; /* authoritive answer */
unsigned opcode :4; /* purpose of message */
unsigned qr :1; /* response flag */
/* fields in fourth byte */
unsigned rcode :4; /* response code */
unsigned cd: 1; /* checking disabled by resolver */
unsigned ad: 1; /* authentic data from named */
unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */
unsigned ra :1; /* recursion available */
/* remaining bytes */
unsigned qdcount :16; /* number of question entries */
unsigned ancount :16; /* number of answer entries */
unsigned nscount :16; /* number of authority entries */
unsigned arcount :16; /* number of resource entries */
} HEADER;
struct ip {
unsigned int ip_hl:4; /* header length */
unsigned int ip_v:4; /* version */
u_char ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
#define IP_RF 0x8000 /* reserved fragment flag */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src, ip_dst; /* source and dest address */
};
struct ip
{
unsigned int ip_hl:4; /* header length */
unsigned int ip_v:4; /* version */
u_char ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
#define IP_RF 0x8000 /* reserved fragment flag */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src, ip_dst; /* source and dest address */
};
DWORD WINAPI tun_reader(LPVOID arg);
struct tun_data {
HANDLE tun;
int sock;
struct sockaddr_storage addr;
int addrlen;
struct sockaddr_in addr;
};
/* No-op for now. */
#define syslog(...)
#endif

14
tests/Makefile
View File

@ -1,24 +1,26 @@
CC = gcc
TEST = test
OBJS = test.o base32.o base64.o common.o read.o dns.o encoding.o login.o user.o fw_query.o
SRCOBJS = ../src/base32.o ../src/base64.o ../src/common.o ../src/read.o ../src/dns.o ../src/encoding.o ../src/login.o ../src/md5.o ../src/user.o ../src/fw_query.o
OBJS = test.o base32.o base64.o read.o dns.o encoding.o login.o user.o fw_query.o
SRCOBJS = ../src/base32.o ../src/base64.o ../src/read.o ../src/dns.o ../src/encoding.o ../src/login.o ../src/md5.o ../src/user.o ../src/fw_query.o
OS = `uname | tr "a-z" "A-Z"`
CHECK_PATH = /usr/local
LDFLAGS = -L$(CHECK_PATH)/lib `pkg-config check --libs` -lpthread `sh ../src/osflags $(TARGETOS) link`
CFLAGS = -std=c99 -g -Wall -D$(OS) `pkg-config check --cflags` -I../src -I$(CHECK_PATH)/include -pedantic `sh ../src/osflags $(TARGETOS) cflags`
LDFLAGS = -L$(CHECK_PATH)/lib -lcheck `../src/osflags link`
CFLAGS = -g -Wall -D$(OS) -I../src -I$(CHECK_PATH)/include -pedantic `../src/osflags cflags`
all: $(TEST)
@LD_LIBRARY_PATH=${CHECK_PATH}/lib ./$(TEST)
$(TEST): $(OBJS) $(SRCOBJS)
@echo LD $(TEST)
@$(CC) -o $@ $(SRCOBJS) $(OBJS) $(LDFLAGS)
@$(CC) -o $@ $(SRCOBJS) $(OBJS) $(LDFLAGS)
.c.o:
.c.o:
@echo CC $<
@$(CC) $(CFLAGS) -c $<
clean:
@echo "Cleaning tests/"
@rm -f *~ *.core $(TEST) $(OBJS)

51
tests/base32.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -22,6 +21,7 @@
#include <errno.h>
#include "encoding.h"
#include "base32.h"
#include "test.h"
#define TUPLES 5
@ -42,14 +42,16 @@ START_TEST(test_base32_encode)
{
size_t len;
char buf[4096];
struct encoder *b32;
int val;
b32 = get_base32_encoder();
len = sizeof(buf);
val = base32_ops.encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
val = b32->encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
ck_assert(val == strlen(testpairs[_i].b));
ck_assert_str_eq(buf, testpairs[_i].b);
fail_unless(strcmp(buf, testpairs[_i].b) == 0,
"'%s' != '%s'", buf, testpairs[_i].b);
}
END_TEST
@ -57,13 +59,17 @@ START_TEST(test_base32_decode)
{
size_t len;
char buf[4096];
struct encoder *b32;
int val;
b32 = get_base32_encoder();
len = sizeof(buf);
val = base32_ops.decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
val = b32->decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
ck_assert(val == strlen(testpairs[_i].a));
ck_assert_str_eq(buf, testpairs[_i].a);
fail_unless(buf != NULL, "buf == NULL");
fail_unless(strcmp(buf, testpairs[_i].a) == 0,
"'%s' != '%s'", buf, testpairs[_i].a);
}
END_TEST
@ -73,8 +79,8 @@ START_TEST(test_base32_5to8_8to5)
int c;
for (i = 0; i < 32; i++) {
c = b32_5to8(i);
ck_assert(b32_8to5(c) == i);
c = b32_5to8(i);
fail_unless(b32_8to5(c) == i);
}
}
END_TEST
@ -85,11 +91,14 @@ START_TEST(test_base32_blksize)
size_t enclen;
char *rawbuf;
char *encbuf;
struct encoder *b32;
int i;
int val;
rawlen = base32_ops.blocksize_raw;
enclen = base32_ops.blocksize_encoded;
b32 = get_base32_encoder();
rawlen = b32->blocksize_raw();
enclen = b32->blocksize_encoded();
rawbuf = malloc(rawlen + 16);
encbuf = malloc(enclen + 16);
@ -99,21 +108,21 @@ START_TEST(test_base32_blksize)
}
rawbuf[i] = 0;
val = base32_ops.encode(encbuf, &enclen, rawbuf, rawlen);
val = b32->encode(encbuf, &enclen, rawbuf, rawlen);
ck_assert_msg(rawlen == 5, "raw length was %zu not 5", rawlen);
ck_assert_msg(enclen == 5, "encoded %zu bytes, not 5", enclen);
ck_assert_msg(val == 8, "encoded string %s was length %d", encbuf, val);
fail_unless(rawlen == 5, "raw length was %d not 5", rawlen);
fail_unless(enclen == 5, "encoded %d bytes, not 5", enclen);
fail_unless(val == 8, "encoded string %s was length %d", encbuf, val);
memset(rawbuf, 0, rawlen + 16);
enclen = val;
val = base32_ops.decode(rawbuf, &rawlen, encbuf, enclen);
val = b32->decode(rawbuf, &rawlen, encbuf, enclen);
ck_assert_msg(rawlen == 5, "raw length was %zu not 5", rawlen);
ck_assert_msg(val == 5, "val was not 5 but %d", val);
fail_unless(rawlen == 5, "raw length was %d not 5", rawlen);
fail_unless(val == 5, "val was not 5 but %d", val);
for (i = 0; i < rawlen; i++) {
ck_assert(rawbuf[i] == 'A');
fail_unless(rawbuf[i] == 'A');
}
}
END_TEST

52
tests/base64.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -22,6 +21,7 @@
#include <errno.h>
#include "encoding.h"
#include "base64.h"
#include "test.h"
#define TUPLES 5
@ -68,13 +68,16 @@ START_TEST(test_base64_encode)
{
size_t len;
char buf[4096];
struct encoder *b64;
int val;
len = sizeof(buf);
val = base64_ops.encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
b64 = get_base64_encoder();
ck_assert(val == strlen(testpairs[_i].b));
ck_assert_str_eq(buf, testpairs[_i].b);
len = sizeof(buf);
val = b64->encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
fail_unless(strcmp(buf, testpairs[_i].b) == 0,
"'%s' != '%s'", buf, testpairs[_i].b);
}
END_TEST
@ -82,13 +85,17 @@ START_TEST(test_base64_decode)
{
size_t len;
char buf[4096];
struct encoder *b64;
int val;
len = sizeof(buf);
val = base64_ops.decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
b64 = get_base64_encoder();
ck_assert(val == strlen(testpairs[_i].a));
ck_assert_str_eq(buf, testpairs[_i].a);
len = sizeof(buf);
val = b64->decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
fail_unless(buf != NULL, "buf == NULL");
fail_unless(strcmp(buf, testpairs[_i].a) == 0,
"'%s' != '%s'", buf, testpairs[_i].a);
}
END_TEST
@ -98,11 +105,14 @@ START_TEST(test_base64_blksize)
size_t enclen;
char *rawbuf;
char *encbuf;
struct encoder *b64;
int i;
int val;
rawlen = base64_ops.blocksize_raw;
enclen = base64_ops.blocksize_encoded;
b64 = get_base64_encoder();
rawlen = b64->blocksize_raw();
enclen = b64->blocksize_encoded();
rawbuf = malloc(rawlen + 16);
encbuf = malloc(enclen + 16);
@ -112,21 +122,21 @@ START_TEST(test_base64_blksize)
}
rawbuf[i] = 0;
val = base64_ops.encode(encbuf, &enclen, rawbuf, rawlen);
val = b64->encode(encbuf, &enclen, rawbuf, rawlen);
ck_assert_msg(rawlen == 3, "raw length was %zu not 3", rawlen);
ck_assert_msg(enclen == 3, "encoded %zu bytes, not 3", enclen);
ck_assert_msg(val == 4, "encoded string %s was length %d", encbuf, val);
fail_unless(rawlen == 3, "raw length was %d not 3", rawlen);
fail_unless(enclen == 3, "encoded %d bytes, not 3", enclen);
fail_unless(val == 4, "encoded string %s was length %d", encbuf, val);
memset(rawbuf, 0, rawlen + 16);
enclen = val;
val = base64_ops.decode(rawbuf, &rawlen, encbuf, enclen);
val = b64->decode(rawbuf, &rawlen, encbuf, enclen);
ck_assert_msg(rawlen == 3, "raw length was %zu not 3", rawlen);
ck_assert(val == 3);
fail_unless(rawlen == 3, "raw length was %d not 3", rawlen);
fail_unless(val == 3);
for (i = 0; i < rawlen; i++) {
ck_assert(rawbuf[i] == 'A');
fail_unless(rawbuf[i] == 'A');
}
}
END_TEST

307
tests/common.c
View File

@ -1,307 +0,0 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <check.h>
#include <common.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netdb.h>
START_TEST(test_topdomain_ok)
{
char *error = NULL;
ck_assert(check_topdomain("foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 0, &error) == 0);
ck_assert(error == NULL);
/* Allowing wildcard */
ck_assert(check_topdomain("foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 1, &error) == 0);
ck_assert(error == NULL);
/* Not allowed to start with dot */
ck_assert(check_topdomain(".foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 0, &error));
ck_assert_str_eq("Starts with a dot", error);
/* Test missing error msg ptr */
ck_assert(check_topdomain(".foo", 0, NULL));
}
END_TEST
START_TEST(test_topdomain_length)
{
char *error;
/* Test empty and too short */
ck_assert(check_topdomain("", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain("a", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain(".a", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain("a.", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain("ab", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain("a.b", 0, &error) == 0);
/* Test too long (over 128, need rest of space for data) */
ck_assert(check_topdomain(
"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
"abcd12345.abcd12345.foo129xxx", 0, &error));
ck_assert_str_eq("Too long (> 128)", error);
ck_assert(check_topdomain(
"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
"abcd12345.abcd12345.foo128xx", 0, &error) == 0);
}
END_TEST
START_TEST(test_topdomain_chunks)
{
char *error;
/* Must have at least one dot */
ck_assert(check_topdomain("abcde.gh", 0, &error) == 0);
ck_assert(check_topdomain("abcdefgh", 0, &error));
ck_assert_str_eq("No dots", error);
/* Not two consecutive dots */
ck_assert(check_topdomain("abc..defgh", 0, &error));
ck_assert_str_eq("Consecutive dots", error);
/* Not end with a dots */
ck_assert(check_topdomain("abc.defgh.", 0, &error));
ck_assert_str_eq("Ends with a dot", error);
/* No chunk longer than 63 chars */
ck_assert(check_topdomain("123456789012345678901234567890"
"123456789012345678901234567890333.com", 0, &error) == 0);
ck_assert(check_topdomain("123456789012345678901234567890"
"1234567890123456789012345678904444.com", 0, &error));
ck_assert_str_eq("Too long domain part (> 63)", error);
ck_assert(check_topdomain("abc.123456789012345678901234567890"
"123456789012345678901234567890333.com", 0, &error) == 0);
ck_assert(check_topdomain("abc.123456789012345678901234567890"
"1234567890123456789012345678904444.com", 0, &error));
ck_assert_str_eq("Too long domain part (> 63)", error);
ck_assert(check_topdomain("abc.123456789012345678901234567890"
"123456789012345678901234567890333", 0, &error) == 0);
ck_assert(check_topdomain("abc.123456789012345678901234567890"
"1234567890123456789012345678904444", 0, &error));
ck_assert_str_eq("Too long domain part (> 63)", error);
}
END_TEST
START_TEST(test_topdomain_wild)
{
char *error = NULL;
ck_assert(check_topdomain("*.a", 0, &error) == 1);
ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
error = NULL;
ck_assert(check_topdomain("*.a", 1, &error) == 0);
ck_assert(error == NULL);
ck_assert(check_topdomain("b*.a", 0, &error) == 1);
ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
error = NULL;
ck_assert(check_topdomain("b*.a", 1, &error) == 1);
ck_assert_str_eq("Wildcard (*) only allowed as first char", error);
ck_assert(check_topdomain("*b.a", 0, &error) == 1);
ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
error = NULL;
ck_assert(check_topdomain("*b.a", 1, &error) == 1);
ck_assert_str_eq("Wildcard (*) must be followed by dot", error);
ck_assert(check_topdomain("*.*.a", 0, &error) == 1);
ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
error = NULL;
ck_assert(check_topdomain("*.*.a", 1, &error) == 1);
ck_assert_str_eq("Wildcard (*) only allowed as first char", error);
}
END_TEST
START_TEST(test_query_datalen)
{
char *topdomain = "r.foo.com";
/* With data */
ck_assert(query_datalen("foobar.r.foo.com", topdomain) == 7);
ck_assert(query_datalen("foobar.r.FoO.Com", topdomain) == 7);
ck_assert(query_datalen("foo.bar.r.FoO.Com", topdomain) == 8);
ck_assert(query_datalen(".r.foo.com", topdomain) == 1);
/* Without data */
ck_assert(query_datalen("r.foo.com", topdomain) == 0);
ck_assert(query_datalen("R.foo.com", topdomain) == 0);
/* Shorter query name */
ck_assert(query_datalen("foo.com", topdomain) == -1);
/* Mismatched query name */
ck_assert(query_datalen("b.foo.com", topdomain) == -1);
ck_assert(query_datalen("*.foo.com", topdomain) == -1);
/* Query name overlaps topdomain, but is longer */
ck_assert(query_datalen("bar.foo.com", topdomain) == -1);
}
END_TEST
START_TEST(test_query_datalen_wild)
{
char *topdomain = "*.foo.com";
/* With data */
ck_assert(query_datalen("foobar.a.foo.com", topdomain) == 7);
ck_assert(query_datalen("foobar.r.FoO.Com", topdomain) == 7);
ck_assert(query_datalen("foo.bar.r.FoO.Com", topdomain) == 8);
ck_assert(query_datalen("foo.Ab.foo.cOm", topdomain) == 4);
ck_assert(query_datalen("foo.Abcd.Foo.com", topdomain) == 4);
ck_assert(query_datalen("***.STARs.foo.com", topdomain) == 4);
ck_assert(query_datalen(".a.foo.com", topdomain) == 1);
ck_assert(query_datalen(".ab.foo.com", topdomain) == 1);
/* Without data */
ck_assert(query_datalen("rr.foo.com", topdomain) == 0);
ck_assert(query_datalen("b.foo.com", topdomain) == 0);
ck_assert(query_datalen("B.foo.com", topdomain) == 0);
/* Shorter query name */
ck_assert(query_datalen("foo.com", topdomain) == -1);
/* Wildcard part of query name matching topdomain */
ck_assert(query_datalen("aa.*.foo.com", topdomain) == -1);
/* Mismatched query name */
ck_assert(query_datalen("bar.r.boo.com", topdomain) == -1);
}
END_TEST
START_TEST(test_parse_format_ipv4)
{
char *host = "192.168.2.10";
char *formatted;
struct sockaddr_storage addr;
struct sockaddr_in *v4addr;
int addr_len;
addr_len = get_addr(host, 53, AF_INET, 0, &addr);
ck_assert(addr_len == sizeof(struct sockaddr_in));
v4addr = (struct sockaddr_in *) &addr;
ck_assert(v4addr->sin_addr.s_addr == htonl(0xc0a8020a));
ck_assert(v4addr->sin_port == htons(53));
formatted = format_addr(&addr, addr_len);
ck_assert_str_eq(host, formatted);
}
END_TEST
START_TEST(test_parse_format_ipv4_listen_all)
{
char *host = "0.0.0.0";
char *formatted;
struct sockaddr_storage addr;
struct sockaddr_in *v4addr;
int addr_len;
addr_len = get_addr(NULL, 53, AF_INET, AI_PASSIVE, &addr);
ck_assert(addr_len == sizeof(struct sockaddr_in));
v4addr = (struct sockaddr_in *) &addr;
ck_assert(v4addr->sin_addr.s_addr == htonl(0x00000000));
ck_assert(v4addr->sin_port == htons(53));
formatted = format_addr(&addr, addr_len);
ck_assert_str_eq(host, formatted);
}
END_TEST
START_TEST(test_parse_format_ipv6)
{
char *host = "2001:0db8:0505:0::123:0abc";
char *compact = "2001:db8:505::123:abc";
unsigned char v6_bits[] = {
0x20, 0x01, 0x0d, 0xb8, 0x05, 0x05, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x23, 0x0a, 0xbc,
};
char *formatted;
struct sockaddr_storage addr;
struct sockaddr_in6 *v6addr;
int addr_len;
addr_len = get_addr(host, 53, AF_UNSPEC, 0, &addr);
ck_assert(addr_len == sizeof(struct sockaddr_in6));
v6addr = (struct sockaddr_in6 *) &addr;
ck_assert(memcmp(&v6addr->sin6_addr, v6_bits, sizeof(v6_bits)) == 0);
ck_assert(v6addr->sin6_port == htons(53));
formatted = format_addr(&addr, addr_len);
ck_assert_str_eq(compact, formatted);
}
END_TEST
START_TEST(test_parse_format_ipv4_mapped_ipv6)
{
char *v4mapped = "::FFFF:192.168.2.10";
char *host = "192.168.2.10";
unsigned char v6_bits[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xff, 0xff, 0xc0, 0xa8, 0x02, 0x0a,
};
char *formatted;
struct sockaddr_storage addr;
struct sockaddr_in6 *v6addr;
int addr_len;
addr_len = get_addr(v4mapped, 53, AF_INET6, 0, &addr);
ck_assert(addr_len == sizeof(struct sockaddr_in6));
v6addr = (struct sockaddr_in6 *) &addr;
ck_assert(memcmp(&v6addr->sin6_addr, v6_bits, sizeof(v6_bits)) == 0);
ck_assert(v6addr->sin6_port == htons(53));
/* Format as IPv4 address */
formatted = format_addr(&addr, addr_len);
ck_assert_str_eq(host, formatted);
}
END_TEST
TCase *
test_common_create_tests()
{
TCase *tc;
int sock;
tc = tcase_create("Common");
tcase_add_test(tc, test_topdomain_ok);
tcase_add_test(tc, test_topdomain_length);
tcase_add_test(tc, test_topdomain_chunks);
tcase_add_test(tc, test_topdomain_wild);
tcase_add_test(tc, test_query_datalen);
tcase_add_test(tc, test_query_datalen_wild);
tcase_add_test(tc, test_parse_format_ipv4);
tcase_add_test(tc, test_parse_format_ipv4_listen_all);
/* Tests require IPv6 support */
sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
if (sock >= 0) {
close(sock);
tcase_add_test(tc, test_parse_format_ipv6);
tcase_add_test(tc, test_parse_format_ipv4_mapped_ipv6);
}
return tc;
}

66
tests/dns.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -25,14 +24,11 @@
#include <netinet/in.h>
#include <sys/stat.h>
#include <arpa/nameser.h>
#ifdef DARWIN
#define BIND_8_COMPAT
#include <arpa/nameser_compat.h>
#endif
#include "common.h"
#include "dns.h"
#include "encoding.h"
#include "base32.h"
#include "test.h"
static void dump_packet(char *, size_t);
@ -69,29 +65,27 @@ START_TEST(test_encode_query)
char buf[512];
char resolv[512];
struct query q;
const struct encoder *enc;
struct encoder *enc;
char *d;
size_t len;
size_t enclen;
int ret;
enclen = sizeof(resolv);
len = sizeof(buf);
memset(&buf, 0, sizeof(buf));
memset(&resolv, 0, sizeof(resolv));
memset(&q, 0, sizeof(struct query));
q.type = T_NULL;
q.id = 1337;
d = resolv;
enc = &base32_ops;
enc = get_base32_encoder();
*d++ = 'A';
enc->encode(d, &enclen, innerData, strlen(innerData));
enc->encode(d, &len, innerData, strlen(innerData));
d = resolv + strlen(resolv);
if (*d != '.') {
*d++ = '.';
}
strcpy(d, topdomain);
len = sizeof(buf);
ret = dns_encode(buf, len, &q, QR_QUERY, resolv, strlen(resolv));
len = sizeof(query_packet) - 1; /* Skip extra null character */
@ -100,10 +94,8 @@ START_TEST(test_encode_query)
dump_packet(query_packet, len);
dump_packet(buf, ret);
}
ck_assert_msg(strncmp(query_packet, buf, sizeof(query_packet)) == 0,
"Did not compile expected packet");
ck_assert_msg(ret == len,
"Bad packet length: %d, expected %zu", ret, len);
fail_unless(strncmp(query_packet, buf, sizeof(query_packet)) == 0, "Did not compile expected packet");
fail_unless(ret == len, "Bad packet length: %d, expected %d", ret, len);
}
END_TEST
@ -112,25 +104,22 @@ START_TEST(test_decode_query)
char buf[512];
char *domain;
struct query q;
const struct encoder *enc;
struct encoder *enc;
size_t len;
memset(&q, 0, sizeof(struct query));
memset(&buf, 0, sizeof(buf));
q.id = 0;
len = sizeof(query_packet) - 1;
enc = &base32_ops;
enc = get_base32_encoder();
dns_decode(buf, sizeof(buf), &q, QR_QUERY, query_packet, len);
domain = strstr(q.name, topdomain);
len = sizeof(buf);
unpack_data(buf, len, &(q.name[1]), (int) (domain - q.name) - 1, enc);
ck_assert_msg(strncmp(buf, innerData, strlen(innerData)) == 0,
"Did not extract expected host: '%s'", buf);
ck_assert_msg(strlen(buf) == strlen(innerData),
"Bad host length: %zu, expected %zu: '%s'",
strlen(buf), strlen(innerData), buf);
fail_unless(strncmp(buf, innerData, strlen(innerData)) == 0, "Did not extract expected host: '%s'", buf);
fail_unless(strlen(buf) == strlen(innerData), "Bad host length: %d, expected %d: '%s'", strlen(buf), strlen(innerData), buf);
}
END_TEST
@ -152,10 +141,8 @@ START_TEST(test_encode_response)
ret = dns_encode(buf, len, &q, QR_ANSWER, msgData, strlen(msgData));
len = sizeof(answer_packet) - 1; /* Skip extra null character */
ck_assert_msg(strncmp(answer_packet, buf, sizeof(answer_packet)) == 0,
"Did not compile expected packet");
ck_assert_msg(ret == len,
"Bad packet length: %d, expected %d", ret, len);
fail_unless(strncmp(answer_packet, buf, sizeof(answer_packet)) == 0, "Did not compile expected packet");
fail_unless(ret == len, "Bad packet length: %d, expected %d", ret, len);
}
END_TEST
@ -170,11 +157,9 @@ START_TEST(test_decode_response)
memset(&buf, 0, sizeof(buf));
ret = dns_decode(buf, len, &q, QR_ANSWER, answer_packet, sizeof(answer_packet)-1);
ck_assert_msg(ret == strlen(msgData),
"Bad data length: %d, expected %zu", ret, strlen(msgData));
ck_assert_msg(strncmp(msgData, buf, strlen(msgData)) == 0,
"Did not extract expected data");
ck_assert(q.id == 0x0539);
fail_unless(strncmp(msgData, buf, sizeof(msgData)) == 0, "Did not extract expected data");
fail_unless(ret == strlen(msgData), "Bad data length: %d, expected %d", ret, strlen(msgData));
fail_unless(q.id == 0x0539);
}
END_TEST
@ -189,12 +174,9 @@ START_TEST(test_decode_response_with_high_trans_id)
memset(&buf, 0, sizeof(buf));
ret = dns_decode(buf, len, &q, QR_ANSWER, answer_packet_high_trans_id, sizeof(answer_packet_high_trans_id)-1);
ck_assert_msg(ret == strlen(msgData),
"Bad data length: %d, expected %zu", ret, strlen(msgData));
ck_assert_msg(strncmp(msgData, buf, strlen(msgData)) == 0,
"Did not extract expected data");
ck_assert_msg(q.id == 0x8539,
"q.id was %08X instead of %08X!", q.id, 0x8539);
fail_unless(strncmp(msgData, buf, sizeof(msgData)) == 0, "Did not extract expected data");
fail_unless(ret == strlen(msgData), "Bad data length: %d, expected %d", ret, strlen(msgData));
fail_unless(q.id == 0x8539, "q.id was %08X instead of %08X!", q.id, 0x8539);
}
END_TEST
@ -208,7 +190,7 @@ START_TEST(test_get_id_short_packet)
memset(&buf, 5, sizeof(buf));
id = dns_get_id(buf, len);
ck_assert(id == 0);
fail_unless(id == 0);
}
END_TEST
@ -217,7 +199,7 @@ START_TEST(test_get_id_low)
unsigned short id;
id = dns_get_id(answer_packet, sizeof(answer_packet));
ck_assert(id == 1337);
fail_unless(id == 1337);
}
END_TEST
@ -226,7 +208,7 @@ START_TEST(test_get_id_high)
unsigned short id;
id = dns_get_id(answer_packet_high_trans_id, sizeof(answer_packet_high_trans_id));
ck_assert(id == 0x8539);
fail_unless(id == 0x8539);
}
END_TEST

68
tests/encoding.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -23,9 +22,7 @@
#include "encoding.h"
#include "test.h"
#define TUPLES 4
static struct tuple
struct tuple
{
char *a;
char *b;
@ -42,52 +39,40 @@ static struct tuple
START_TEST(test_inline_dotify)
{
unsigned i;
char temp[1024];
char *b;
memset(temp, 0, sizeof(temp));
strcpy(temp, dottests[_i].a);
b = temp;
inline_dotify(b, sizeof(temp));
i = 0;
while (dottests[i].a) {
memset(temp, 0, sizeof(temp));
strcpy(temp, dottests[i].a);
b = temp;
inline_dotify(b, sizeof(temp));
ck_assert_str_eq(dottests[_i].b, temp);
fail_unless(strcmp(dottests[i].b, temp) == 0,
"'%s' != '%s'", temp, dottests[i].b);
i++;
}
}
END_TEST
START_TEST(test_inline_undotify)
{
unsigned i;
char temp[1024];
char *b;
memset(temp, 0, sizeof(temp));
strcpy(temp, dottests[_i].b);
b = temp;
inline_undotify(b, sizeof(temp));
i = 0;
while (dottests[i].a) {
memset(temp, 0, sizeof(temp));
strcpy(temp, dottests[i].b);
b = temp;
inline_undotify(b, sizeof(temp));
ck_assert_str_eq(dottests[_i].a, temp);
}
END_TEST
START_TEST(test_build_hostname)
{
char data[256];
char buf[1024];
char *topdomain = "a.c";
int buflen;
int i;
for (i = 0; i < sizeof(data); i++) {
data[i] = i & 0xFF;
}
buflen = sizeof(buf);
for (i = 1; i < sizeof(data); i++) {
int len = build_hostname(buf, buflen, data, i, topdomain, &base32_ops, sizeof(buf));
ck_assert(len <= i);
ck_assert_msg(strstr(buf, "..") == NULL,
"Found double dots when encoding data len %d! buf: %s", i, buf);
fail_unless(strcmp(dottests[i].a, temp) == 0,
"'%s' != '%s'", temp, dottests[i].a);
i++;
}
}
END_TEST
@ -98,9 +83,8 @@ test_encoding_create_tests()
TCase *tc;
tc = tcase_create("Encoding");
tcase_add_loop_test(tc, test_inline_dotify, 0, TUPLES);
tcase_add_loop_test(tc, test_inline_undotify, 0, TUPLES);
tcase_add_test(tc, test_build_hostname);
tcase_add_test(tc, test_inline_dotify);
tcase_add_test(tc, test_inline_undotify);
return tc;
}

22
tests/fw_query.c
View File

@ -1,7 +1,7 @@
/*
* Copyright (c) 2009-2014 Erik Ekman <yarrick@kryo.se>
* Copyright (c) 2006-2009 Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -28,17 +28,17 @@ START_TEST(test_fw_query_simple)
q.id = 0x848A;
fw_query_init();
/* Test empty cache */
fw_query_get(0x848A, &qp);
ck_assert(qp == NULL);
fail_unless(qp == NULL);
fw_query_put(&q);
/* Test cache with one entry */
fw_query_get(0x848A, &qp);
ck_assert(qp->addrlen == q.addrlen);
ck_assert(qp->id == q.id);
fail_unless(qp->addrlen == q.addrlen);
fail_unless(qp->id == q.id);
}
END_TEST
@ -49,7 +49,7 @@ START_TEST(test_fw_query_edge)
int i;
fw_query_init();
q.addrlen = 33;
q.id = 0x848A;
fw_query_put(&q);
@ -62,16 +62,16 @@ START_TEST(test_fw_query_edge)
/* The query should still be cached */
fw_query_get(0x848A, &qp);
ck_assert(qp->addrlen == 33);
ck_assert(qp->id == 0x848A);
fail_unless(qp->addrlen == 33);
fail_unless(qp->id == 0x848A);
q.addrlen++;
q.id++;
fw_query_put(&q);
/* but now it is overwritten */
fw_query_get(0x848A, &qp);
ck_assert(qp == NULL);
fail_unless(qp == NULL);
}
END_TEST

9
tests/login.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -34,7 +33,7 @@ START_TEST(test_login_hash)
memset(ans, 0, sizeof(ans));
login_calculate(ans, len, pass, seed);
ck_assert(strncmp(ans, good, len) == 0);
fail_unless(strncmp(ans, good, len) == 0, NULL);
}
END_TEST
@ -54,7 +53,7 @@ START_TEST(test_login_hash_short)
/* If len < 16, it should do nothing */
login_calculate(ans, len, pass, seed);
ck_assert(memcmp(ans, check, sizeof(ans)) == 0);
fail_if(memcmp(ans, check, sizeof(ans)));
}
END_TEST

59
tests/read.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -21,8 +20,7 @@
#include <sys/stat.h>
#include <arpa/nameser.h>
#ifdef DARWIN
#define BIND_8_COMPAT
#include <arpa/nameser_compat.h>
#include <arpa/nameser8_compat.h>
#endif
#include <stdio.h>
#include <stdint.h>
@ -46,13 +44,13 @@ START_TEST(test_read_putshort)
for (i = 0; i < 65536; i++) {
p = (char*)&k;
putshort(&p, i);
ck_assert_msg(ntohs(k) == i,
fail_unless(ntohs(k) == i,
"Bad value on putshort for %d: %d != %d",
i, ntohs(k), i);
p = (char*)&k;
readshort(NULL, &p, &l);
ck_assert_msg(l == i,
readshort(NULL, &p, (short *) &l);
fail_unless(l == i,
"Bad value on readshort for %d: %d != %d",
i, l, i);
}
@ -73,13 +71,13 @@ START_TEST(test_read_putlong)
putlong(&p, j);
ck_assert_msg(ntohl(k) == j,
fail_unless(ntohl(k) == j,
"Bad value on putlong for %d: %d != %d", i, ntohl(j), j);
p = (char*)&k;
readlong(NULL, &p, &l);
ck_assert_msg(l == j,
fail_unless(l == j,
"Bad value on readlong for %d: %d != %d", i, l, j);
}
}
@ -98,8 +96,7 @@ START_TEST(test_read_name_empty_loop)
data = (char*) emptyloop + sizeof(HEADER);
buf[1023] = 'A';
rv = readname((char *) emptyloop, sizeof(emptyloop), &data, buf, 1023);
ck_assert(rv == 0);
ck_assert(buf[1023] == 'A');
fail_unless(buf[1023] == 'A');
}
END_TEST
@ -116,8 +113,7 @@ START_TEST(test_read_name_inf_loop)
data = (char*) infloop + sizeof(HEADER);
buf[4] = '\a';
rv = readname((char*) infloop, sizeof(infloop), &data, buf, 4);
ck_assert(rv == 3);
ck_assert(buf[4] == '\a');
fail_unless(buf[4] == '\a');
}
END_TEST
@ -140,8 +136,7 @@ START_TEST(test_read_name_longname)
data = (char*) longname + sizeof(HEADER);
buf[256] = '\a';
rv = readname((char*) longname, sizeof(longname), &data, buf, 256);
ck_assert(rv == 256);
ck_assert(buf[256] == '\a');
fail_unless(buf[256] == '\a');
}
END_TEST
@ -157,7 +152,7 @@ START_TEST(test_read_name_onejump)
memset(buf, 0, sizeof(buf));
data = (char*) onejump + sizeof(HEADER);
rv = readname((char*) onejump, sizeof(onejump), &data, buf, 256);
ck_assert(rv == 9);
fail_unless(rv == 9);
}
END_TEST
@ -179,8 +174,8 @@ START_TEST(test_read_name_badjump_start)
data = (char*) jumper + sizeof(HEADER);
rv = readname((char*) jumper, sizeof(badjump), &data, buf, 256);
ck_assert(rv == 0);
ck_assert(buf[0] == 0);
fail_unless(rv == 0);
fail_unless(buf[0] == 0);
}
free(jumper);
}
@ -204,8 +199,9 @@ START_TEST(test_read_name_badjump_second)
data = (char*) jumper + sizeof(HEADER);
rv = readname((char*) jumper, sizeof(badjump2), &data, buf, 256);
ck_assert(rv == 4);
ck_assert_str_eq("BA.", buf);
fail_unless(rv == 4);
fail_unless(strcmp("BA.", buf) == 0,
"buf is not BA: %s", buf);
}
free(jumper);
}
@ -217,14 +213,17 @@ START_TEST(test_putname)
char buf[256];
char *domain = "BADGER.BADGER.KRYO.SE";
char *b;
int len;
int ret;
len = 256;
memset(buf, 0, 256);
b = buf;
ret = putname(&b, 256, domain);
ck_assert(ret == strlen(domain) + 1);
ck_assert_msg(strncmp(buf, out, ret) == 0, "Happy flow failed");
fail_unless(ret == strlen(domain) + 1);
fail_unless(strncmp(buf, out, ret) == 0, "Happy flow failed");
}
END_TEST
@ -235,14 +234,17 @@ START_TEST(test_putname_nodot)
"ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
"ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ";
char *b;
int len;
int ret;
len = 256;
memset(buf, 0, 256);
b = buf;
ret = putname(&b, 256, nodot);
ck_assert(ret == -1);
ck_assert(b == buf);
fail_unless(ret == -1);
fail_unless(b == buf);
}
END_TEST
@ -257,14 +259,17 @@ START_TEST(test_putname_toolong)
"ABCDEFGHIJKLMNOPQRSTUVWXYZ.ABCDEFGHIJKLMNOPQRSTUVWXYZ."
"ABCDEFGHIJKLMNOPQRSTUVWXYZ.ABCDEFGHIJKLMNOPQRSTUVWXYZ.";
char *b;
int len;
int ret;
len = 256;
memset(buf, 0, 256);
b = buf;
ret = putname(&b, 256, toolong);
ck_assert(ret == -1);
ck_assert(b == buf);
fail_unless(ret == -1);
fail_unless(b == buf);
}
END_TEST

8
tests/test.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -39,9 +38,6 @@ main()
test = test_base64_create_tests();
suite_add_tcase(iodine, test);
test = test_common_create_tests();
suite_add_tcase(iodine, test);
test = test_dns_create_tests();
suite_add_tcase(iodine, test);

10
tests/test.h
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -20,7 +19,6 @@
TCase *test_base32_create_tests();
TCase *test_base64_create_tests();
TCase *test_common_create_tests();
TCase *test_dns_create_tests();
TCase *test_encoding_create_tests();
TCase *test_read_create_tests();
@ -29,11 +27,11 @@ TCase *test_user_create_tests();
TCase *test_fw_query_create_tests();
char *va_str(const char *, ...);
#if (CHECK_MAJOR_VERSION == 0 && \
((CHECK_MINOR_VERSION == 9 && CHECK_MICRO_VERSION < 2) || \
(CHECK_MINOR_VERSION < 9)))
#define tcase_set_timeout(...)
#define tcase_set_timeout(...)
#endif
#endif

126
tests/user.c
View File

@ -1,8 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -20,8 +19,8 @@
#include <string.h>
#include <time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include "common.h"
#include "encoding.h"
@ -33,21 +32,43 @@ START_TEST(test_init_users)
in_addr_t ip;
char givenip[16];
int i;
int count;
ip = inet_addr("127.0.0.1");
count = init_users(ip, 27);
for (i = 0; i < count; i++) {
ck_assert(users[i].id == i);
ck_assert(users[i].q.id == 0);
ck_assert(users[i].inpacket.len == 0);
ck_assert(users[i].outpacket.len == 0);
init_users(ip, 27);
for (i = 0; i < USERS; i++) {
fail_unless(users[i].id == i);
fail_unless(users[i].q.id == 0);
fail_unless(users[i].inpacket.len == 0);
fail_unless(users[i].outpacket.len == 0);
snprintf(givenip, sizeof(givenip), "127.0.0.%d", i + 2);
ck_assert(users[i].tun_ip == inet_addr(givenip));
fail_unless(users[i].tun_ip == inet_addr(givenip));
}
}
END_TEST
START_TEST(test_users_waiting)
{
in_addr_t ip;
ip = inet_addr("127.0.0.1");
init_users(ip, 27);
fail_unless(users_waiting_on_reply() == 0);
users[3].active = 1;
fail_unless(users_waiting_on_reply() == 0);
users[3].last_pkt = time(NULL);
fail_unless(users_waiting_on_reply() == 0);
users[3].q.id = 1;
fail_unless(users_waiting_on_reply() == 1);
}
END_TEST
START_TEST(test_find_user_by_ip)
{
in_addr_t ip;
@ -55,28 +76,22 @@ START_TEST(test_find_user_by_ip)
ip = inet_addr("127.0.0.1");
init_users(ip, 27);
users[0].conn = CONN_DNS_NULL;
testip = (unsigned int) inet_addr("10.0.0.1");
ck_assert(find_user_by_ip(testip) == -1);
fail_unless(find_user_by_ip(testip) == -1);
testip = (unsigned int) inet_addr("127.0.0.2");
ck_assert(find_user_by_ip(testip) == -1);
fail_unless(find_user_by_ip(testip) == -1);
users[0].active = 1;
testip = (unsigned int) inet_addr("127.0.0.2");
ck_assert(find_user_by_ip(testip) == -1);
fail_unless(find_user_by_ip(testip) == -1);
users[0].last_pkt = time(NULL);
testip = (unsigned int) inet_addr("127.0.0.2");
ck_assert(find_user_by_ip(testip) == -1);
users[0].authenticated = 1;
testip = (unsigned int) inet_addr("127.0.0.2");
ck_assert(find_user_by_ip(testip) == 0);
fail_unless(find_user_by_ip(testip) == 0);
}
END_TEST
@ -87,25 +102,19 @@ START_TEST(test_all_users_waiting_to_send)
ip = inet_addr("127.0.0.1");
init_users(ip, 27);
ck_assert(all_users_waiting_to_send() == 1);
users[0].conn = CONN_DNS_NULL;
fail_unless(all_users_waiting_to_send() == 1);
users[0].active = 1;
ck_assert(all_users_waiting_to_send() == 1);
fail_unless(all_users_waiting_to_send() == 1);
users[0].last_pkt = time(NULL);
users[0].outpacket.len = 0;
fail_unless(all_users_waiting_to_send() == 0);
ck_assert(all_users_waiting_to_send() == 0);
#ifdef OUTPACKETQ_LEN
users[0].outpacketq_filled = 1;
#else
users[0].outpacket.len = 44;
#endif
ck_assert(all_users_waiting_to_send() == 1);
fail_unless(all_users_waiting_to_send() == 1);
}
END_TEST
@ -118,26 +127,22 @@ START_TEST(test_find_available_user)
init_users(ip, 27);
for (i = 0; i < USERS; i++) {
users[i].authenticated = 1;
users[i].authenticated_raw = 1;
ck_assert(find_available_user() == i);
ck_assert(users[i].authenticated == 0);
ck_assert(users[i].authenticated_raw == 0);
fail_unless(find_available_user() == i);
}
for (i = 0; i < USERS; i++) {
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == -1);
}
users[3].active = 0;
ck_assert(find_available_user() == 3);
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == 3);
fail_unless(find_available_user() == -1);
users[3].last_pkt = 55;
ck_assert(find_available_user() == 3);
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == 3);
fail_unless(find_available_user() == -1);
}
END_TEST
@ -150,22 +155,22 @@ START_TEST(test_find_available_user_small_net)
init_users(ip, 29); /* this should result in 5 enabled users */
for (i = 0; i < 5; i++) {
ck_assert(find_available_user() == i);
fail_unless(find_available_user() == i);
}
for (i = 0; i < USERS; i++) {
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == -1);
}
users[3].active = 0;
ck_assert(find_available_user() == 3);
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == 3);
fail_unless(find_available_user() == -1);
users[3].last_pkt = 55;
ck_assert(find_available_user() == 3);
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == 3);
fail_unless(find_available_user() == -1);
}
END_TEST
@ -176,6 +181,7 @@ test_user_create_tests()
tc = tcase_create("User");
tcase_add_test(tc, test_init_users);
tcase_add_test(tc, test_users_waiting);
tcase_add_test(tc, test_find_user_by_ip);
tcase_add_test(tc, test_all_users_waiting_to_send);
tcase_add_test(tc, test_find_available_user);