haskal
/
iodine
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: haskal:xenia/toplevel
Branches Tags
haskal:xenia/toplevel
haskal:master
haskal:iodine-0.6.0
haskal:iodine-0.7
haskal:iodine-0.6
haskal:iodine-0.5
haskal:iodine-0.4
haskal:iodine-0.3
haskal:v0.7.0
haskal:v0.6.0-rc1
haskal:v0.5.2
haskal:v0.5.1
haskal:v0.5.0
haskal:v0.4.2
haskal:v0.4.1
haskal:v0.4.0
haskal:v0.3.4
haskal:v0.3.3
haskal:v0.3.2
haskal:v0.3.1
haskal:v0.3
..
compare: haskal:v0.7.0
Branches Tags
haskal:xenia/toplevel
haskal:master
haskal:iodine-0.6.0
haskal:iodine-0.7
haskal:iodine-0.6
haskal:iodine-0.5
haskal:iodine-0.4
haskal:iodine-0.3
haskal:v0.7.0
haskal:v0.6.0-rc1
haskal:v0.5.2
haskal:v0.5.1
haskal:v0.5.0
haskal:v0.4.2
haskal:v0.4.1
haskal:v0.4.0
haskal:v0.3.4
haskal:v0.3.3
haskal:v0.3.2
haskal:v0.3.1
haskal:v0.3

1 Commits
xenia/topl ... v0.7.0

Author SHA1 Message Date
Erik Ekman 392b8e2be7 Release version 0.7.0 2014-06-16 22:28:29 +02:00
64 changed files with 1841 additions and 2559 deletions
Show Stats Expand all files Collapse all files

21
.github/workflows/macos.yml vendored
View File

@ -1,21 +0,0 @@
name: macos
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
- name: make
run: make
- name: install check
run: brew install check
- name: run tests
run: make test

33
.github/workflows/ubuntu.yml vendored
View File

@ -1,33 +0,0 @@
name: ubuntu
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: make
run: make
- name: install check
run: sudo apt install check
- name: run tests
run: make test
build-android:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: nttld/setup-ndk@v1
with:
ndk-version: r21e
- name: make
run: make cross-android

25
.github/workflows/windows.yml vendored
View File

@ -1,25 +0,0 @@
name: windows
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: windows-latest
defaults:
run:
shell: msys2 {0}
steps:
- uses: actions/checkout@v2
- uses: msys2/setup-msys2@v2
with:
msystem: MINGW64
update: false
install: git make mingw-w64-x86_64-toolchain mingw-w64-x86_64-zlib
- name: make
run: make TARGETOS=windows32

3
.gitignore vendored
View File

@ -3,6 +3,3 @@
/src/base64u.c
/src/base64u.h
/tests/test
*.o.d
/src/obj/local/*/iodine
/src/libs/*/iodine

11
.travis.yml Normal file
View File

@ -0,0 +1,11 @@
#set language to objective-c to force osx build
#linux builds are done at http://buildbot.dev.kryo.se
language: objective-c
os: osx
before_install: brew update
install: brew install check
script: make && make test

4
.vimrc
View File

@ -1,4 +0,0 @@
set noexpandtab
set tabstop=8
set softtabstop=8
set shiftwidth=8

23
CHANGELOG
View File

@ -1,27 +1,10 @@
iodine - https://code.kryo.se/iodine
iodine - http://code.kryo.se/iodine
***********************************
CHANGES:
master:
- Mac OS X: Support native utun VPN devices. Patch by
Peter Sagerson, ported from OpenVPN by Catalin Patulea.
- Fix compilation failure on kFreeBSD and Hurd, by Gregor Herrmann
- Patch from Ryan Welton that fixes compilation warning.
- README converted to markdown by Nicolas Braud-Santoni.
- Linux: use pkg-config for systemd support flags.
Patch by Jason A. Donenfeld.
- Add support for IPv6 in the server.
Raw mode will be with same protocol as used for login.
Traffic inside tunnel is still IPv4.
- Update android build to support 5.0 (Lollipop) and newer.
- Change external IP lookup to using myip.opendns.com via DNS.
- Add option to choose IPv4 listen address from external IP lookup.
- Add server support for handling multiple domains via wildcard.
- Recognize tap device component id 'root' prefix on Windows.
2014-06-16: 0.7.0 "Kryoptonite"
- Partial IPv6 support (#107)
Client can connect to iodined through an relaying IPv6
@ -172,10 +155,10 @@ master:
- New encoding, 25% more peak upstream throughput
- New -l option to set local ip to listen to on server
2006-07-11: 0.3.1
2006-07-11: 0.3.1
- Add Mac OSX support
- Add setting device name
- Use compression of domain name in reply (should allow setting MTU
- Use compression of domain name in reply (should allow setting MTU
approx 200 bytes higher)
2006-06-24: 0.3.0

13
LICENSE
View File

@ -1,13 +0,0 @@
Copyright (c) 2006-2020 iodine authors
Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.

61
Makefile
View File

@ -2,7 +2,6 @@ prefix?=/usr/local
sbindir=$(prefix)/sbin
datadir=$(prefix)/share
mandir=$(datadir)/man
docdir=$(datadir)/doc
DESTDIR=
@ -18,7 +17,7 @@ RM_FLAGS=-f
TARGETOS = `uname`
all:
@$(MAKE) -C src TARGETOS=$(TARGETOS) all
@(cd src; $(MAKE) TARGETOS=$(TARGETOS) all)
install: all
$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(sbindir)
@ -29,9 +28,6 @@ install: all
$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(mandir)/man8
$(INSTALL) $(INSTALL_FLAGS) man/iodine.8 $(DESTDIR)$(mandir)/man8/iodine.8
chmod 644 $(DESTDIR)$(mandir)/man8/iodine.8
$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(docdir)/iodine
$(INSTALL) $(INSTALL_FLAGS) README.md $(DESTDIR)$(docdir)/iodine/README.md
chmod 644 $(DESTDIR)$(docdir)/iodine/README.md
uninstall:
$(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodine
@ -40,13 +36,13 @@ uninstall:
test: all
@echo "!! The check library is required for compiling and running the tests"
@echo "!! Get it at https://libcheck.github.io/check/"
@$(MAKE) -C tests TARGETOS=$(TARGETOS) all
@echo "!! Get it at http://check.sf.net"
@(cd tests; $(MAKE) TARGETOS=$(TARGETOS) all)
clean:
@echo "Cleaning..."
@$(MAKE) -C src clean
@$(MAKE) -C tests clean
@(cd src; $(MAKE) clean)
@(cd tests; $(MAKE) clean)
@rm -rf bin iodine-latest*
#Helper target for windows/android zipfiles
@ -54,60 +50,55 @@ iodine-latest:
@rm -rf iodine-latest*
@mkdir -p iodine-latest
@echo "Create date: " > iodine-latest/VERSION.txt
@LANG=en_US date >> iodine-latest/VERSION.txt
@date >> iodine-latest/VERSION.txt
@echo "Git version: " >> iodine-latest/VERSION.txt
@git rev-parse HEAD >> iodine-latest/VERSION.txt
@for i in README.md CHANGELOG; do cp $$i iodine-latest/$$i.txt; done
@for i in README CHANGELOG TODO; do cp $$i iodine-latest/$$i.txt; done
@unix2dos iodine-latest/*
#non-PIE build for old android
cross-android-old:
@$(MAKE) -C src base64u.c
@(cd src && ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk APP_PLATFORM=android-3)
#Position-indepedent build for modern android
cross-android:
@$(MAKE) -C src base64u.c
@(cd src && ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.16.mk APP_PLATFORM=android-16)
@(cd src; $(MAKE) base64u.c base64u.h)
@(cd src; ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk)
iodine-latest-android.zip: iodine-latest
@mv iodine-latest iodine-latest-android
@mkdir -p iodine-latest-android/pre-kitkat/armeabi
@mkdir -p iodine-latest-android/pre-kitkat/x86
@$(MAKE) cross-android-old TARGET_ARCH_ABI=armeabi
@cp src/libs/armeabi/* iodine-latest-android/pre-kitkat/armeabi
@$(MAKE) cross-android-old TARGET_ARCH_ABI=x86
@cp src/libs/x86/* iodine-latest-android/pre-kitkat/x86
@rm -rf src/libs src/obj
@mkdir -p iodine-latest-android/armeabi
@mkdir -p iodine-latest-android/arm64-v8a
@mkdir -p iodine-latest-android/x86
@mkdir -p iodine-latest-android/armeabi iodine-latest-android/x86
@$(MAKE) cross-android TARGET_ARCH_ABI=armeabi
@cp src/libs/armeabi/* iodine-latest-android/armeabi
@$(MAKE) cross-android TARGET_ARCH_ABI=arm64-v8a
@cp src/libs/arm64-v8a/* iodine-latest-android/arm64-v8a
@$(MAKE) cross-android TARGET_ARCH_ABI=x86
@cp src/libs/x86/* iodine-latest-android/x86
@cp README-android.txt iodine-latest-android
@zip -r iodine-latest-android.zip iodine-latest-android
cross-mingw32:
@$(MAKE) -C src TARGETOS=windows32 CC=i686-w64-mingw32-gcc all
@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-w64-mingw32-gcc all)
cross-mingw64:
@$(MAKE) -C src TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc all
@(cd src; $(MAKE) TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc all)
iodine-latest-windows.zip: iodine-latest
@mv iodine-latest iodine-latest-windows
@mkdir -p iodine-latest-windows/64bit iodine-latest-windows/32bit
@$(MAKE) -C src TARGETOS=windows32 CC=i686-w64-mingw32-gcc clean all
@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-w64-mingw32-gcc clean all)
@i686-w64-mingw32-strip bin/iodine*
@for i in `ls bin`; do cp bin/$$i iodine-latest-windows/32bit/$$i.exe; done
@cp /usr/i686-w64-mingw32/bin/zlib1.dll iodine-latest-windows/32bit
@$(MAKE) -C src TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc clean all
@(cd src; $(MAKE) TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc clean all)
@x86_64-w64-mingw32-strip bin/iodine*
@for i in `ls bin`; do cp bin/$$i iodine-latest-windows/64bit/$$i.exe; done
@cp /usr/x86_64-w64-mingw32/bin/zlib1.dll iodine-latest-windows/64bit
@cp README-win32.txt iodine-latest-windows
@zip -r iodine-latest-windows.zip iodine-latest-windows
cross-mingw:
@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-mingw32-gcc all)
iodine-latest-win32.zip: cross-mingw iodine-latest
@mv iodine-latest iodine-latest-win32
@mkdir -p iodine-latest-win32/bin
@i686-mingw32-strip bin/iodine*
@for i in `ls bin`; do cp bin/$$i iodine-latest-win32/bin/$$i.exe; done
@cp /usr/i686-mingw32/usr/bin/zlib1.dll iodine-latest-win32/bin
@cp README-win32.txt iodine-latest-win32
@zip -r iodine-latest-win32.zip iodine-latest-win32

379
README Normal file
View File

@ -0,0 +1,379 @@
iodine - http://code.kryo.se/iodine
***********************************
This is a piece of software that lets you tunnel IPv4 data through a DNS
server. This can be usable in different situations where internet access is
firewalled, but DNS queries are allowed.
COMPILING:
Iodine has no configure script. There are two optional features for Linux
(SELinux and systemd support) that will be enabled automatically if the
relevant header files are found in /usr/include. (See script at ./src/osflags)
Run 'make' to compile the server and client binaries.
Run 'make install' to copy binaries and manpage to the destination directory.
Run 'make test' to compile and run the unit tests. (Requires the check library)
QUICKSTART:
Try it out within your own LAN! Follow these simple steps:
- On your server, run: ./iodined -f 10.0.0.1 test.com
(If you already use the 10.0.0.0 network, use another internal net like
172.16.0.0)
- Enter a password
- On the client, run: ./iodine -f -r 192.168.0.1 test.com
(Replace 192.168.0.1 with your server's ip address)
- Enter the same password
- Now the client has the tunnel ip 10.0.0.2 and the server has 10.0.0.1
- Try pinging each other through the tunnel
- Done! :)
To actually use it through a relaying nameserver, see below.
HOW TO USE:
Note: server and client are required to speak the exact same protocol. In most
cases, this means running the same iodine version. Unfortunately, implementing
backward and forward protocol compatibility is usually not feasible.
Server side:
To use this tunnel, you need control over a real domain (like mydomain.com),
and a server with a public IP address to run iodined on. If this server
already runs a DNS program, change its listening port and then use iodined's
-b option to let iodined forward the DNS requests. (Note that this procedure
is not advised in production environments, because iodined's DNS forwarding
is not completely transparent.)
Then, delegate a subdomain (say, t1.mydomain.com) to the iodined server.
If you use BIND for your domain, add two lines like these to the zone file:
t1 IN NS t1ns.mydomain.com. ; note the dot!
t1ns IN A 10.15.213.99
The "NS" line is all that's needed to route queries for the "t1" subdomain
to the "t1ns" server. We use a short name for the subdomain, to keep as much
space as possible available for the data traffic. At the end of the "NS" line
is the name of your iodined server. This can be any name, pointing anywhere,
but in this case it's easily kept in the same zone file. It must be a name
(not an IP address), and that name itself must have an A record (not a CNAME).
If your iodined server has a dynamic IP, use a dynamic dns provider. Simply
point the "NS" line to it, and leave the "A" line out:
t1 IN NS myname.mydyndnsprovider.com. ; note the dot!
Then reload or restart your nameserver program. Now any DNS queries for
domains ending in t1.mydomain.com will be sent to your iodined server.
Finally start iodined on your server. The first argument is the IP address
inside the tunnel, which can be from any range that you don't use yet (for
example 192.168.99.1), and the second argument is the assigned domain (in this
case t1.mydomain.com). Using the -f option will keep iodined running in the
foreground, which helps when testing. iodined will open a virtual interface
("tun device"), and will also start listening for DNS queries on UDP port 53.
Either enter a password on the commandline (-P pass) or after the server has
started. Now everything is ready for the client.
If there is a chance you'll be using an iodine tunnel from unexpected
environments, start iodined with a -c option.
Resulting commandline in this example situation:
./iodined -f -c -P secretpassword 192.168.99.1 t1.mydomain.com
Client side:
All the setup is done, just start iodine. It takes one or two arguments, the
first is the local relaying DNS server (optional) and the second is the domain
you used (t1.mydomain.com). If you don't specify the first argument, the
system's current DNS setting will be consulted.
If DNS queries are allowed to any computer, you can directly give the iodined
server's address as first argument (in the example: t1ns.mydomain.com or
10.15.213.99). In that case, it may also happen that _any_ traffic is allowed
to the DNS port (53 UDP) of any computer. Iodine will detect this, and switch
to raw UDP tunneling if possible. To force DNS tunneling in any case, use the
-r option (especially useful when testing within your own network).
The client's tunnel interface will get an IP close to the server's (in this
case 192.168.99.2 or .3 etc.) and a suitable MTU. Enter the same password as
on the server either as commandline option or after the client has started.
Using the -f option will keep the iodine client running in the foreground.
Resulting commandline in this example situation:
./iodine -f -P secretpassword t1.mydomain.com
(add -r to force DNS tunneling even if raw UDP tunneling would be possible)
From either side, you should now be able to ping the IP address on the other
end of the tunnel. In this case, ping 192.168.99.1 from the iodine client, and
192.168.99.2 or .3 etc. from the iodine server.
MISC. INFO:
IPv6:
At the moment the iodined server only supports IPv4. The data inside the tunnel
is IPv4 only.
The client can use IPv4 or IPv6 nameservers to connect to iodined. The relay
nameservers will translate between protocols automatically if needed. Use
options -4 or -6 to force the client to use a specific IP version for its DNS
queries. The client has to force IPv4 if it has dual-stack connectivity and
the hostname handling the tunnel domain has both A and AAAA records.
Routing:
It is possible to route all traffic through the DNS tunnel. To do this, first
add a host route to the nameserver used by iodine over the wired/wireless
interface with the default gateway as gateway. Then replace the default
gateway with the iodined server's IP address inside the DNS tunnel, and
configure the server to do NAT.
However, note that the tunneled data traffic is not encrypted at all, and can
be read and changed by external parties relatively easily. For maximum
security, run a VPN through the DNS tunnel (=double tunneling), or use secure
shell (SSH) access, possibly with port forwarding. The latter can also be used
for web browsing, when you run a web proxy (for example Privoxy) on your
server.
Testing:
The iodined server replies to NS requests sent for subdomains of the tunnel
domain. If your iodined subdomain is t1.mydomain.com, send a NS request for
foo123.t1.mydomain.com to see if the delegation works. dig is a good tool
for this:
dig -t NS foo123.t1.mydomain.com
Also, the iodined server will answer requests starting with 'z' for any of the
supported request types, for example:
dig -t TXT z456.t1.mydomain.com
dig -t SRV z456.t1.mydomain.com
dig -t CNAME z456.t1.mydomain.com
The reply should look like garbled text in all these cases.
Operational info:
The DNS-response fragment size is normally autoprobed to get maximum bandwidth.
To force a specific value (and speed things up), use the -m option.
The DNS hostnames are normally used up to their maximum length, 255 characters.
Some DNS relays have been found that answer full-length queries rather
unreliably, giving widely varying (and mostly very bad) results of the
fragment size autoprobe on repeated tries. In these cases, use the -M switch
to reduce the DNS hostname length to for example 200 characters, which makes
these DNS relays much more stable. This is also useful on some "de-optimizing"
DNS relays that stuff the response with two full copies of the query, leaving
very little space for downstream data (also not capable of EDNS0). The -M
switch can trade some upstream bandwidth for downstream bandwidth. Note that
the minimum -M value is about 100, since the protocol can split packets (1200
bytes max) in only 16 fragments, requiring at least 75 real data bytes per
fragment.
The upstream data is sent gzipped encoded with Base32; or Base64 if the relay
server supports mixed case and '+' in domain names; or Base64u if '_' is
supported instead; or Base128 if high-byte-value characters are supported.
This upstream encoding is autodetected. The DNS protocol allows one query per
packet, and one query can be max 256 chars. Each domain name part can be max
63 chars. So your domain name and subdomain should be as short as possible to
allow maximum upstream throughput.
Several DNS request types are supported, with the NULL and PRIVATE types
expected to provide the largest downstream bandwidth. The PRIVATE type uses
value 65399 in the private-use range. Other available types are TXT, SRV, MX,
CNAME and A (returning CNAME), in decreasing bandwidth order. Normally the
"best" request type is autodetected and used. However, DNS relays may impose
limits on for example NULL and TXT, making SRV or MX actually the best choice.
This is not autodetected, but can be forced using the -T option. It is
advisable to try various alternatives especially when the autodetected request
type provides a downstream fragment size of less than 200 bytes.
Note that SRV, MX and A (returning CNAME) queries may/will cause additional
lookups by "smart" caching nameservers to get an actual IP address, which may
either slow down or fail completely.
DNS responses for non-NULL/PRIVATE queries can be encoded with the same set of
codecs as upstream data. This is normally also autodetected, but no fully
exhaustive tests are done, so some problems may not be noticed when selecting
more advanced codecs. In that case, you'll see failures/corruption in the
fragment size autoprobe. In particular, several DNS relays have been found that
change replies returning hostnames (SRV, MX, CNAME, A) to lowercase only when
that hostname exceeds ca. 180 characters. In these and similar cases, use the
-O option to try other downstream codecs; Base32 should always work.
Normal operation now is for the server to _not_ answer a DNS request until
the next DNS request has come in, a.k.a. being "lazy". This way, the server
will always have a DNS request handy when new downstream data has to be sent.
This greatly improves (interactive) performance and latency, and allows to
slow down the quiescent ping requests to 4 second intervals by default, and
possibly much slower. In fact, the main purpose of the pings now is to force
a reply to the previous ping, and prevent DNS server timeouts (usually at
least 5-10 seconds per RFC1035). Some DNS servers are more impatient and will
give SERVFAIL errors (timeouts) in periods without tunneled data traffic. All
data should still get through in these cases, but iodine will reduce the ping
interval to 1 second anyway (-I1) to reduce the number of error messages. This
may not help for very impatient DNS relays like dnsadvantage.com (ultradns),
which time out in 1 second or even less. Yet data will still get trough, and
you can ignore the SERVFAIL errors.
If you are running on a local network without any DNS server in-between, try
-I 50 (iodine and iodined close the connection after 60 seconds of silence).
The only time you'll notice a slowdown, is when DNS reply packets go missing;
the iodined server then has to wait for a new ping to re-send the data. You can
speed this up by generating some upstream traffic (keypress, ping). If this
happens often, check your network for bottlenecks and/or run with -I1.
The delayed answering in lazy mode will cause some "carrier grade" commercial
DNS relays to repeatedly re-send the same DNS query to the iodined server.
If the DNS relay is actually implemented as a pool of parallel servers,
duplicate requests may even arrive from multiple sources. This effect will
only be visible in the network traffic at the iodined server, and will not
affect the client's connection. Iodined will notice these duplicates, and send
the same answer (when its time has come) to both the original query and the
latest duplicate. After that, the full answer is cached for a short while.
Delayed duplicates that arrive at the server even later, get a reply that the
iodine client will ignore (if it ever arrives there).
If you have problems, try inspecting the traffic with network monitoring tools
like tcpdump or ethereal/wireshark, and make sure that the relaying DNS server
has not cached the response. A cached error message could mean that you
started the client before the server. The -D (and -DD) option on the server
can also show received and sent queries.
TIPS & TRICKS:
If your port 53 is taken on a specific interface by an application that does
not use it, use -p on iodined to specify an alternate port (like -p 5353) and
use for instance iptables (on Linux) to forward the traffic:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353
(Sent in by Tom Schouten)
Iodined will reject data from clients that have not been active (data/pings)
for more than 60 seconds. Similarly, iodine will exit when no downstream
data has been received for 60 seconds. In case of a long network outage or
similar, just restart iodine (re-login), possibly multiple times until you get
your old IP address back. Once that's done, just wait a while, and you'll
eventually see the tunneled TCP traffic continue to flow from where it left
off before the outage.
With the introduction of the downstream packet queue in the server, its memory
usage has increased with several megabytes in the default configuration.
For use in low-memory environments (e.g. running on your DSL router), you can
decrease USERS and undefine OUTPACKETQ_LEN in user.h without any ill conse-
quence, assuming at most one client will be connected at any time. A small
DNSCACHE_LEN is still advised, preferably 2 or higher, however you can also
undefine it to save a few more kilobytes.
PERFORMANCE:
This section tabulates some performance measurements. To view properly, use
a fixed-width font like Courier.
Measurements were done in protocol 00000502 in lazy mode; upstream encoding
always Base128; iodine -M255; iodined -m1130. Network conditions were not
extremely favorable; results are not benchmarks but a realistic indication of
real-world performance that can be expected in similar situations.
Upstream/downstream throughput was measured by scp'ing a file previously
read from /dev/urandom (i.e. incompressible), and measuring size with
"ls -l ; sleep 30 ; ls -l" on a separate non-tunneled connection. Given the
large scp block size of 16 kB, this gives a resolution of 4.3 kbit/s, which
explains why some values are exactly equal.
Ping round-trip times measured with "ping -c100", presented are average rtt
and mean deviation (indicating spread around the average), in milliseconds.
Situation 1:
Laptop -> Wifi AP -> Home server -> DSL provider -> Datacenter
iodine DNS "relay" bind9 DNS cache iodined
downstr. upstream downstr. ping-up ping-down
fragsize kbit/s kbit/s avg +/-mdev avg +/-mdev
------------------------------------------------------------------------------
iodine -> Wifi AP :53
-Tnull (= -Oraw) 982 43.6 131.0 28.0 4.6 26.8 3.4
iodine -> Home server :53
-Tnull (= -Oraw) 1174 48.0 305.8 26.6 5.0 26.9 8.4
iodine -> DSL provider :53
-Tnull (= -Oraw) 1174 56.7 367.0 20.6 3.1 21.2 4.4
-Ttxt -Obase32 730 56.7 174.7*
-Ttxt -Obase64 874 56.7 174.7
-Ttxt -Obase128 1018 56.7 174.7
-Ttxt -Oraw 1162 56.7 358.2
-Tsrv -Obase128 910 56.7 174.7
-Tcname -Obase32 151 56.7 43.6
-Tcname -Obase128 212 56.7 52.4
iodine -> DSL provider :53
wired (no Wifi) -Tnull 1174 74.2 585.4 20.2 5.6 19.6 3.4
[174.7* : these all have 2frag/packet]
Situation 2:
Laptop -> Wifi+vpn / wired -> Home server
iodine iodined
downstr. upstream downstr. ping-up ping-down
fragsize kbit/s kbit/s avg +/-mdev avg +/-mdev
------------------------------------------------------------------------------
wifi + openvpn -Tnull 1186 166.0 1022.3 6.3 1.3 6.6 1.6
wired -Tnull 1186 677.2 2464.1 1.3 0.2 1.3 0.1
Performance is strongly coupled to low ping times, as iodine requires
confirmation for every data fragment before moving on to the next. Allowing
multiple fragments in-flight like TCP could possibly increase performance,
but it would likely cause serious overload for the intermediary DNS servers.
The current protocol scales performance with DNS responsivity, since the
DNS servers are on average handling at most one DNS request per client.
PORTABILITY:
iodine has been tested on Linux (arm, ia64, x86, AMD64 and SPARC64), FreeBSD
(ia64, x86), OpenBSD (x86), NetBSD (x86), MacOS X (ppc and x86, with
http://tuntaposx.sourceforge.net/). and Windows (with OpenVPN TAP32 driver, see
win32 readme file). It should be easy to port to other unix-like systems that
has TUN/TAP tunneling support. Let us know if you get it to run on other
platforms.
THE NAME:
The name iodine was chosen since it starts with IOD (IP Over DNS) and since
iodine has atomic number 53, which happens to be the DNS port number.
THANKS:
- To kuxien for FreeBSD and OS X testing
- To poplix for code audit
AUTHORS & LICENSE:
Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>, 2006-2009 Bjorn
Andersson <flex@kryo.se>. Also major contributions by Anne Bezemer.
Permission to use, copy, modify, and distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
MD5 implementation by L. Peter Deutsch (license and source in src/md5.[ch])
Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.

17
README-android.txt
View File

@ -1,6 +1,6 @@
iodine - https://code.kryo.se/iodine
iodine - http://code.kryo.se/iodine
***********************************
@ -13,7 +13,7 @@ Extra README file for Android
2. Find/build a compatible tun.ko for your specific Android kernel
3. Copy tun.ko and the iodine binary to your device:
(Almost all devices need the armeabi binary. Only Intel powered
(Almost all devices need the armeabi binary. Only Intel powered
ones need the x86 build.)
adb push tun.ko /data/local/tmp
@ -35,16 +35,11 @@ For more information: http://blog.bokhorst.biz/5123
2. Download and unpack the iodine sources
3. Build:
cd src
make base64u.h base64u.c
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.16.mk APP_PLATFORM=android-16
cd src
make base64u.h base64u.c
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk
or run "make cross-android" in the iodine root directory.
To build for other archs, specify TARGET_ARCH_ABI:
To build for other archs, specify TARGET_ARCH_ABI:
"make cross-android TARGET_ARCH_ABI=x86"
For older android versions (pre-kitkat), build with "make cross-android-old" in the
root directory, or manually like above but with APP_PLATFORM=android-3 and with
APP_BUILD_SCRIPT=Android.mk
The iodine binary ends up in src/libs/<arch>/iodine

13
README-win32.txt
View File

@ -1,6 +1,6 @@
iodine - https://code.kryo.se/iodine
iodine - http://code.kryo.se/iodine
***********************************
@ -11,11 +11,10 @@ Extra README file for Win32 related stuff
0. After iodine 0.6, you need Windows XP or newer to run.
1. Install the TAP driver
https://openvpn.net/index.php/open-source/downloads.html
Download the OpenVPN TAP driver (under section Tap-windows)
Problems has been reported with the NDIS6 version (9.2x.y), use the
NDIS5 version for now if possible.
1. Install the TAP32 driver
http://openvpn.net/index.php/open-source/downloads.html
Choose OpenVPN 2.0.9 Windows Installer, when installing you can
select to install only the TAP driver.
2. Have at least one TAP32 interface installed. There are scripts for adding
and removing in the OpenVPN bin directory. If you have more than one
@ -47,7 +46,7 @@ Note that the binaries will not get a .exe suffix
== Zlib download
You can get zlib for MinGW here (both for native and crosscompile):
https://code.kryo.se/iodine/deps/zlib.zip
http://code.kryo.se/iodine/deps/zlib.zip
Unzip it in your MinGW directory on Windows or in $ROOT/usr for
cross-compile.

423
README.md
View File

@ -1,423 +0,0 @@
iodine - <https://code.kryo.se/iodine>
=====================================
This is a piece of software that lets you tunnel IPv4 data through a DNS
server. This can be usable in different situations where internet access is
firewalled, but DNS queries are allowed.
COMPILING
---------
Iodine has no configure script. There are two optional features for Linux
(SELinux and systemd support) that will be enabled automatically if the
relevant header files are found in `/usr/include`.
(See script at `./src/osflags`)
Run `make` to compile the server and client binaries.
Run `make install` to copy binaries and manpage to the destination directory.
Run `make test` to compile and run the unit tests. (Requires the `check` library)
QUICKSTART
----------
Try it out within your own LAN! Follow these simple steps:
- On your server, run: `./iodined -f 10.0.0.1 test.com`.
If you already use the `10.0.0.0` network, use another internal net like
`172.16.0.0`.
- Enter a password.
- On the client, run: `./iodine -f -r 192.168.0.1 test.com`.
Replace `192.168.0.1` with your server's ip address.
- Enter the same password.
- Now the client has the tunnel ip `10.0.0.2` and the server has `10.0.0.1`.
- Try pinging each other through the tunnel.
- Done! :)
To actually use it through a relaying nameserver, see below.
HOW TO USE
----------
Note: server and client are required to speak the exact same protocol. In most
cases, this means running the same iodine version. Unfortunately, implementing
backward and forward protocol compatibility is usually not feasible.
### Server side
To use this tunnel, you need control over a real domain (like `mydomain.com`),
and a server with a public IP address to run `iodined` on. If this server
already runs a DNS program, change its listening port and then use `iodined`'s
`-b` option to let `iodined` forward the DNS requests. (Note that this procedure
is not advised in production environments, because `iodined`'s DNS forwarding
is not completely transparent, for example zone transfers will not work.)
Alternatively you can forward the subdomain from your DNS server to `iodined`
which must then run on a different port (`-p`).
Then, delegate a subdomain (say, `t1.mydomain.com`) to the iodined server.
If you use BIND for your domain, add two lines like these to the zone file:
t1 IN NS t1ns.mydomain.com. ; note the dot!
t1ns IN A 10.15.213.99
The `NS` line is all that's needed to route queries for the `t1` subdomain
to the `t1ns` server. We use a short name for the subdomain, to keep as much
space as possible available for the data traffic. At the end of the `NS` line
is the name of your `iodined` server. This can be any name, pointing anywhere,
but in this case it's easily kept in the same zone file. It must be a name
(not an IP address), and that name itself must have an `A` record
(not a `CNAME`).
If your `iodined` server has a dynamic IP, use a dynamic DNS provider. Simply
point the `NS` line to it, and leave the `A` line out:
t1 IN NS myname.mydyndnsprovider.com. ; note the dot!
Then reload or restart your nameserver program. Now any DNS queries for
domains ending in `t1.mydomain.com` will be sent to your `iodined` server.
Finally start `iodined` on your server. The first argument is the IP address
inside the tunnel, which can be from any range that you don't use yet (for
example `192.168.99.1`), and the second argument is the assigned domain (in this
case `t1.mydomain.com`). Using the `-f` option will keep iodined running in the
foreground, which helps when testing. iodined will open a virtual interface
("tun device"), and will also start listening for DNS queries on UDP port 53.
Either enter a password on the commandline (`-P pass`) or after the server has
started. Now everything is ready for the client.
If there is a chance you'll be using an iodine tunnel from unexpected
environments, start `iodined` with a `-c` option.
Resulting commandline in this example situation:
./iodined -f -c -P secretpassword 192.168.99.1 t1.mydomain.com
### Client side
All the setup is done, just start `iodine`. It takes one or two arguments, the
first is the local relaying DNS server (optional) and the second is the domain
you used (`t1.mydomain.com`). If you don't specify the first argument, the
system's current DNS setting will be consulted.
If DNS queries are allowed to any computer, you can directly give the `iodined`
server's address as first argument (in the example: `t1ns.mydomain.com` or
`10.15.213.99`). In that case, it may also happen that _any_ traffic is allowed
to the DNS port (53 UDP) of any computer. Iodine will detect this, and switch
to raw UDP tunneling if possible. To force DNS tunneling in any case, use the
`-r` option (especially useful when testing within your own network).
The client's tunnel interface will get an IP close to the server's (in this
case `192.168.99.2` or `.3` etc.) and a suitable MTU. Enter the same password as
on the server either as commandline option or after the client has started.
Using the `-f` option will keep the iodine client running in the foreground.
Resulting commandline in this example situation, adding -r forces DNS tunneling
even if raw UDP tunneling would be possible:
./iodine -f -P secretpassword t1.mydomain.com
From either side, you should now be able to ping the IP address on the other
end of the tunnel. In this case, `ping 192.168.99.1` from the iodine client, and
`192.168.99.2` from the iodine server.
### MISC. INFO
#### IPv6
The data inside the tunnel is IPv4 only.
The server listens to both IPv4 and IPv6 for incoming requests by default.
Use options `-4` or `-6` to only listen on one protocol. Raw mode will be
attempted on the same protocol as used for the login.
The client can use IPv4 or IPv6 nameservers to connect to iodined. The relay
nameservers will translate between protocols automatically if needed. Use
options `-4` or `-6` to force the client to use a specific IP version for its DNS
queries.
If your server is listening on IPv6 and is reachable, add an AAAA record for it
to your DNS setup. Extending the example above would look like this:
t1 IN NS t1ns.mydomain.com. ; note the dot!
t1ns IN A 10.15.213.99
t1ns IN AAAA 2001:db8::1001:99
#### Routing
It is possible to route all traffic through the DNS tunnel. To do this, first
add a host route to the nameserver used by iodine over the wired/wireless
interface with the default gateway as gateway. Then replace the default
gateway with the iodined server's IP address inside the DNS tunnel, and
configure the server to do NAT.
However, note that the tunneled data traffic is not encrypted at all, and can
be read and changed by external parties relatively easily. For maximum
security, run a VPN through the DNS tunnel (=double tunneling), or use secure
shell (SSH) access, possibly with port forwarding. The latter can also be used
for web browsing, when you run a web proxy (for example Privoxy) on your
server.
#### Testing
The `iodined` server replies to `NS` requests sent for subdomains of the tunnel
domain. If your iodined subdomain is `t1.mydomain.com`, send a `NS` request for
`foo123.t1.mydomain.com` to see if the delegation works.
`dig` is a good tool for this:
% dig -t NS foo123.t1.mydomain.com
ns.io.citronna.de.
Also, the iodined server will answer requests starting with 'z' for any of the
supported request types, for example:
dig -t TXT z456.t1.mydomain.com
dig -t SRV z456.t1.mydomain.com
dig -t CNAME z456.t1.mydomain.com
The reply should look like garbled text in all these cases.
#### Mac OS X
On Mac OS X 10.6 and later, iodine supports the native utun devices built into
the OS - use `-d utunX`.
Operational info
----------------
The DNS-response fragment size is normally autoprobed to get maximum bandwidth.
To force a specific value (and speed things up), use the `-m` option.
The DNS hostnames are normally used up to their maximum length, 255 characters.
Some DNS relays have been found that answer full-length queries rather
unreliably, giving widely varying (and mostly very bad) results of the
fragment size autoprobe on repeated tries. In these cases, use the `-M` switch
to reduce the DNS hostname length to, for example 200 characters, which makes
these DNS relays much more stable. This is also useful on some “de-optimizing”
DNS relays that stuff the response with two full copies of the query, leaving
very little space for downstream data (also not capable of EDNS0). The `-M`
switch can trade some upstream bandwidth for downstream bandwidth. Note that
the minimum `-M` value is about 100, since the protocol can split packets (1200
bytes max) in only 16 fragments, requiring at least 75 real data bytes per
fragment.
The upstream data is sent gzipped encoded with Base32; or Base64 if the relay
server supports mixed case and `+` in domain names; or Base64u if `_` is
supported instead; or Base128 if high-byte-value characters are supported.
This upstream encoding is autodetected. The DNS protocol allows one query per
packet, and one query can be max 256 chars. Each domain name part can be max
63 chars. So your domain name and subdomain should be as short as possible to
allow maximum upstream throughput.
Several DNS request types are supported, with the `NULL` and `PRIVATE` types
expected to provide the largest downstream bandwidth. The `PRIVATE` type uses
value 65399 in the private-use range. Other available types are `TXT`, `SRV`,
`MX`, `CNAME` and `A` (returning `CNAME`), in decreasing bandwidth order.
Normally the “best” request type is autodetected and used. However, DNS relays
may impose limits on for example NULL and TXT, making SRV or MX actually the best
choice. This is not autodetected, but can be forced using the `-T` option.
It is advisable to try various alternatives especially when the autodetected
request type provides a downstream fragment size of less than 200 bytes.
Note that `SRV`, `MX` and `A` (returning `CNAME`) queries may/will cause
additional lookups by "smart" caching nameservers to get an actual IP address,
which may either slow down or fail completely.
DNS responses for non-`NULL/PRIVATE` queries can be encoded with the same set of
codecs as upstream data. This is normally also autodetected, but no fully
exhaustive tests are done, so some problems may not be noticed when selecting
more advanced codecs. In that case, you'll see failures/corruption in the
fragment size autoprobe. In particular, several DNS relays have been found that
change replies returning hostnames (`SRV`, `MX`, `CNAME`, `A`) to lowercase only
when that hostname exceeds ca. 180 characters. In these and similar cases, use
the `-O` option to try other downstream codecs; Base32 should always work.
Normal operation now is for the server to _not_ answer a DNS request until
the next DNS request has come in, a.k.a. being “lazy”. This way, the server
will always have a DNS request handy when new downstream data has to be sent.
This greatly improves (interactive) performance and latency, and allows to
slow down the quiescent ping requests to 4 second intervals by default, and
possibly much slower. In fact, the main purpose of the pings now is to force
a reply to the previous ping, and prevent DNS server timeouts (usually at
least 5-10 seconds per RFC1035). Some DNS servers are more impatient and will
give SERVFAIL errors (timeouts) in periods without tunneled data traffic. All
data should still get through in these cases, but `iodine` will reduce the ping
interval to 1 second anyway (-I1) to reduce the number of error messages. This
may not help for very impatient DNS relays like `dnsadvantage.com` (ultradns),
which time out in 1 second or even less. Yet data will still get trough, and
you can ignore the `SERVFAIL` errors.
If you are running on a local network without any DNS server in-between, try
`-I 50` (iodine and iodined close the connection after 60 seconds of silence).
The only time you'll notice a slowdown, is when DNS reply packets go missing;
the `iodined` server then has to wait for a new ping to re-send the data. You can
speed this up by generating some upstream traffic (keypress, ping). If this
happens often, check your network for bottlenecks and/or run with `-I1`.
The delayed answering in lazy mode will cause some “carrier grade” commercial
DNS relays to repeatedly re-send the same DNS query to the iodined server.
If the DNS relay is actually implemented as a pool of parallel servers,
duplicate requests may even arrive from multiple sources. This effect will
only be visible in the network traffic at the `iodined` server, and will not
affect the client's connection. Iodined will notice these duplicates, and send
the same answer (when its time has come) to both the original query and the
latest duplicate. After that, the full answer is cached for a short while.
Delayed duplicates that arrive at the server even later, get a reply that the
iodine client will ignore (if it ever arrives there).
If you have problems, try inspecting the traffic with network monitoring tools
like tcpdump or ethereal/wireshark, and make sure that the relaying DNS server
has not cached the response. A cached error message could mean that you
started the client before the server. The `-D` (and `-DD`) option on the server
can also show received and sent queries.
TIPS & TRICKS
-------------
If your port 53 is taken on a specific interface by an application that does
not use it, use `-p` on iodined to specify an alternate port (like `-p 5353`)
and use for instance iptables (on Linux) to forward the traffic:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353
(Sent in by Tom Schouten)
Iodined will reject data from clients that have not been active (data/pings)
for more than 60 seconds. Similarly, iodine will exit when no downstream
data has been received for 60 seconds. In case of a long network outage or
similar, just restart iodine (re-login), possibly multiple times until you get
your old IP address back. Once that's done, just wait a while, and you'll
eventually see the tunneled TCP traffic continue to flow from where it left
off before the outage.
With the introduction of the downstream packet queue in the server, its memory
usage has increased with several megabytes in the default configuration.
For use in low-memory environments (e.g. running on your DSL router), you can
decrease USERS and undefine OUTPACKETQ_LEN in user.h without any ill conse-
quence, assuming at most one client will be connected at any time. A small
DNSCACHE_LEN is still advised, preferably 2 or higher, however you can also
undefine it to save a few more kilobytes.
One iodine server can handle multiple domains. Set up different NS records
on the same domain all pointing to the same host, and use a wildcard
at the start of the topdomain argument (example `*.mydomain.com`). iodine
will accept tunnel traffic for all domains matching that pattern. The wildcard
has to be at the start of the topdomain argument and be followed by a dot.
PERFORMANCE
-----------
This section tabulates some performance measurements. To view properly, use
a fixed-width font like Courier.
Measurements were done in protocol 00000502 in lazy mode; upstream encoding
always Base128; `iodine -M255`; `iodined -m1130`. Network conditions were not
extremely favorable; results are not benchmarks but a realistic indication of
real-world performance that can be expected in similar situations.
Upstream/downstream throughput was measured by `scp`'ing a file previously
read from `/dev/urandom` (i.e. incompressible), and measuring size with
`ls -l ; sleep 30 ; ls -l` on a separate non-tunneled connection. Given the
large `scp` block size of 16 kB, this gives a resolution of 4.3 kbit/s, which
explains why some values are exactly equal.
Ping round-trip times measured with `ping -c100`, presented are average rtt
and mean deviation (indicating spread around the average), in milliseconds.
### Situation 1: `Laptop -> Wifi AP -> Home server -> DSL provider -> Datacenter`
iodine DNS "relay" bind9 DNS cache iodined
downstr. upstream downstr. ping-up ping-down
fragsize kbit/s kbit/s avg +/-mdev avg +/-mdev
-----------------------------------------------------------------------------
iodine -> Wifi AP :53
-Tnull (= -Oraw) 982 43.6 131.0 28.0 4.6 26.8 3.4
iodine -> Home server :53
-Tnull (= -Oraw) 1174 48.0 305.8 26.6 5.0 26.9 8.4
iodine -> DSL provider :53
-Tnull (= -Oraw) 1174 56.7 367.0 20.6 3.1 21.2 4.4
-Ttxt -Obase32 730 56.7 174.7*
-Ttxt -Obase64 874 56.7 174.7
-Ttxt -Obase128 1018 56.7 174.7
-Ttxt -Oraw 1162 56.7 358.2
-Tsrv -Obase128 910 56.7 174.7
-Tcname -Obase32 151 56.7 43.6
-Tcname -Obase128 212 56.7 52.4
iodine -> DSL provider :53
wired (no Wifi) -Tnull 1174 74.2 585.4 20.2 5.6 19.6 3.4
[174.7* : these all have 2frag/packet]
### Situation 2: `Laptop -> Wifi+vpn / wired -> Home server`
iodine iodined
downstr. upstream downstr. ping-up ping-down
fragsize kbit/s kbit/s avg +/-mdev avg +/-mdev
-----------------------------------------------------------------------------
wifi + openvpn -Tnull 1186 166.0 1022.3 6.3 1.3 6.6 1.6
wired -Tnull 1186 677.2 2464.1 1.3 0.2 1.3 0.1
### Notes
Performance is strongly coupled to low ping times, as iodine requires
confirmation for every data fragment before moving on to the next. Allowing
multiple fragments in-flight like TCP could possibly increase performance,
but it would likely cause serious overload for the intermediary DNS servers.
The current protocol scales performance with DNS responsivity, since the
DNS servers are on average handling at most one DNS request per client.
PORTABILITY
-----------
iodine has been tested on Linux (arm, ia64, x86, AMD64 and SPARC64), FreeBSD
(ia64, x86), OpenBSD (x86), NetBSD (x86), MacOS X (ppc and x86, with
<http://tuntaposx.sourceforge.net/>). and Windows (with OpenVPN TAP32 driver, see
win32 readme file). It should be easy to port to other unix-like systems that
have TUN/TAP tunneling support. Let us know if you get it to run on other
platforms.
THE NAME
--------
The name iodine was chosen since it starts with IOD (IP Over DNS) and since
iodine has atomic number 53, which happens to be the DNS port number.
THANKS
------
- To kuxien for FreeBSD and OS X testing
- To poplix for code audit
AUTHORS & LICENSE
-----------------
Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>, 2006-2009 Bjorn
Andersson <flex@kryo.se>. Also major contributions by Anne Bezemer.
Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
MD5 implementation by L. Peter Deutsch (license and source in `src/md5.[ch]`)
Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.

12
TODO Normal file
View File

@ -0,0 +1,12 @@
iodine - http://code.kryo.se/iodine
***********************************
The TODO list is now located at
http://dev.kryo.se/iodine/
The list is under the "View tickets" page
Feel free to add your own wishes and bug reports

2
doc/iodine-server.socket
View File

@ -3,8 +3,6 @@ Description=Iodine socket
[Socket]
ListenDatagram=53
ListenDatagram=0.0.0.0:53
BindIPv6Only=ipv6-only
[Install]
WantedBy=sockets.target

22
doc/proto_00000502.txt
View File

@ -38,7 +38,7 @@ Server replies:
VFUL (server has no free slots), followed by max users
4 byte value: means login challenge/server protocol version/max users
1 byte userid of the new user, or any byte if not VACK
Login:
Client sends:
First byte l or L
@ -50,19 +50,17 @@ Server replies:
LNAK means not accepted
x.x.x.x-y.y.y.y-mtu-netmask means accepted (server ip, client ip, mtu, netmask bits)
IP Request: (for where to try raw login)
IP Request:
Client sends:
First byte i or I
5 bits coded as Base32 char, meaning userid
CMC as 3 Base32 chars
Server replies
BADIP if bad userid
First byte I
Then comes external IP address of iodined server
as 4 bytes (IPv4) or 16 bytes (IPv6)
BADIP if bad userid, or
I and then 4 bytes network order external IP address of iodined server
Upstream codec check / bounce:
Client sends:
Client sends:
First byte z or Z
Lots of data that should not be decoded
Server replies:
@ -102,7 +100,7 @@ Client sends:
7: Base128 (a-zA-Z0-9\274-\375)
CMC as 3 Base32 chars
Server sends:
Name of codec if accepted. After this all upstream data packets must
Name of codec if accepted. After this all upstream data packets must
be encoded with the new codec.
BADCODEC if not accepted. Client must then revert to previous codec
BADLEN if length of query is too short
@ -184,7 +182,7 @@ GGGG = Downstream fragment number
C = Compression enabled for downstream packet
UDCMC = Upstream Data CMC, 36 steps a-z0-9, case-insensitive
Upstream data packet starts with 1 byte ASCII hex coded user byte; then 3 bytes
Upstream data packet starts with 1 byte ASCII hex coded user byte; then 3 bytes
Base32 encoded header; then 1 char data-CMC; then comes the payload data,
encoded with the chosen upstream codec.
@ -227,8 +225,8 @@ always starting with the 2 bytes downstream data header as shown above.
If server has nothing to send, no data is added after the header.
If server has something to send, it will add the downstream data packet
(or some fragment of it) after the header.
"Lazy-mode" operation
=====================
@ -252,7 +250,7 @@ downstream data has to be sent.
*: upstream data ack is usually done as reply on the previous ping packet,
and the upstream-data packet itself is kept in queue.
Client:
Downstream data is acked immediately, to keep it flowing fast (includes a
ping after last downstream frag).

68
man/iodine.8
View File

@ -1,5 +1,5 @@
.\" groff -man -Tascii iodine.8
.TH IODINE 8 "APR 2012" "User Manuals"
.TH IODINE 8 "JUN 2014" "User Manuals"
.SH NAME
iodine, iodined \- tunnel IPv4 over DNS
.SH SYNOPSIS
@ -45,7 +45,7 @@ iodine, iodined \- tunnel IPv4 over DNS
.B iodined [-h]
.B iodined [-4] [-6] [-c] [-s] [-f] [-D] [-u
.B iodined [-c] [-s] [-f] [-D] [-u
.I user
.B ] [-t
.I chrootdir
@ -54,9 +54,7 @@ iodine, iodined \- tunnel IPv4 over DNS
.B ] [-m
.I mtu
.B ] [-l
.I listen_ip4
.B ] [-L
.I listen_ip6
.I listen_ip
.B ] [-p
.I port
.B ] [-n
@ -83,9 +81,9 @@ iodine, iodined \- tunnel IPv4 over DNS
.I topdomain
.SH DESCRIPTION
.B iodine
lets you tunnel IPv4 data through a DNS
lets you tunnel IPv4 data through a DNS
server. This can be useful in situations where Internet access is firewalled,
but DNS queries are allowed. It needs a TUN/TAP device to operate. The
but DNS queries are allowed. It needs a TUN/TAP device to operate. The
bandwidth is asymmetrical,
with a measured maximum of 680 kbit/s upstream and 2.3 Mbit/s
downstream in a wired LAN test network.
@ -112,12 +110,6 @@ Print usage info and exit.
.B -f
Keep running in foreground.
.TP
.B -4
Force/allow only IPv4 DNS queries
.TP
.B -6
Force/allow only IPv6 DNS queries
.TP
.B -u user
Drop privileges and run as user 'user' after setting up tunnel.
.TP
@ -126,11 +118,10 @@ Chroot to 'chrootdir' after setting up tunnel.
.TP
.B -d device
Use the TUN device 'device' instead of the normal one, which is dnsX on Linux
and otherwise tunX. On Mac OS X 10.6, this can also be utunX, which will attempt
to use an utun device built into the OS.
and otherwise tunX.
.TP
.B -P password
Use 'password' to authenticate. If not used,
Use 'password' to authenticate. If not used,
.B stdin
will be used as input. Only the first 32 characters will be used.
.TP
@ -141,6 +132,12 @@ Apply SELinux 'context' after initialization.
Create 'pidfile' and write process id in it.
.SS Client Options:
.TP
.B -4
Force IPv4 DNS queries
.TP
.B -6
Force IPv6 DNS queries
.TP
.B -r
Skip raw UDP mode. If not used, iodine will try getting the public IP address
of the iodined host and test if it is reachable directly. If it is, traffic
@ -247,7 +244,7 @@ rejected, however this will cause problems when requests are routed
via a cluster of DNS servers.
.TP
.B -s
Don't try to configure IP address or MTU.
Don't try to configure IP address or MTU.
This should only be used if you have already configured the device that will be
used.
.TP
@ -263,26 +260,18 @@ This is easily done with : "LC_ALL=C luit iodined \-DD ..."
(see luit(1)).
.TP
.B -m mtu
Set 'mtu' as mtu size for the tun device.
Set 'mtu' as mtu size for the tun device.
This will be sent to the client on login, and the client will use the same mtu
for its tun device. Default 1130. Note that the DNS traffic will be
automatically fragmented when needed.
.TP
.B -l external|listen_ip4
Make the server listen only on 'listen_ip4' for incoming IPv4 requests.
By default, incoming requests are accepted from all interfaces (0.0.0.0).
A domain name can be used as argument - use one with only one A record.
If listen_ip4 is 'external', iodined will use the opendns.com DNS service to
retrieve the external IP of the host and use that as listen address.
.TP
.B -L listen_ip6
Make the server listen only on 'listen_ip6' for incoming IPv6 requests.
By default, incoming requests are accepted from all interfaces (::).
A domain name can be used as argument - use one with only one AAAA record.
.B -l listen_ip
Make the server listen only on 'listen_ip' for incoming requests.
By default, incoming requests are accepted from all interfaces.
.TP
.B -p port
Make the server listen on 'port' instead of 53 for traffic.
If 'listen_ip4' does not include localhost, this 'port' can be the same
Make the server listen on 'port' instead of 53 for traffic.
If 'listen_ip' does not include localhost, this 'port' can be the same
as 'dnsport'.
.B Note:
You must make sure the dns requests are forwarded to this port yourself.
@ -290,7 +279,7 @@ You must make sure the dns requests are forwarded to this port yourself.
.B -n auto|external_ip
The IP address to return in NS responses. Default is to return the address used
as destination in the query.
If external_ip is 'auto', iodined will use the opendns.com DNS service to
If external_ip is 'auto', iodined will use externalip.net web service to
retrieve the external IP of the host and use that for NS responses.
.TP
.B -b dnsport
@ -318,7 +307,7 @@ file.
.B topdomain
The dns traffic will be sent as queries for subdomains under
\'topdomain'. This is normally a subdomain to a domain you own. Use a short
domain name to get better throughput. If
domain name to get better throughput. If
.B nameserver
is the iodined server, then the topdomain can be chosen freely. This argument
must be the same on both the client and the server.
@ -326,19 +315,18 @@ must be the same on both the client and the server.
.TP
.B tunnel_ip[/netmask]
This is the server's ip address on the tun interface. The client will be
given the next ip number in the range. It is recommended to use the
given the next ip number in the range. It is recommended to use the
10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overridden
by specifying it here. Using a smaller network will limit the number of
concurrent users.
.TP
.B topdomain
The dns traffic is expected to arrive as queries for
subdomains under 'topdomain'. This is normally a subdomain to a domain you
own. Use a short domain name to get better throughput. This argument must be
subdomains under 'topdomain'. This is normally a subdomain to a domain you
own. Use a short domain name to get better throughput. This argument must be
the same on both the client and the server. Queries for domains other
than 'topdomain' will be forwarded when the \-b option is given, otherwise
they will be dropped. The topdomain can start with '*' which will allow all
domains ending with the same suffix.
they will be dropped.
.SH EXAMPLES
See the README file for both a quick test scenario, and a detailed description
of real-world deployment.
@ -360,7 +348,7 @@ except to the used ssh or vpn ports.
If the environment variable
.B IODINE_PASS
is set, iodine will use the value it is set to as password instead of asking
for one. The
for one. The
.B -P
option still has precedence.
.SS IODINED_PASS
@ -374,7 +362,7 @@ option still has precedence.
The README file in the source distribution contains some more elaborate
information.
.SH BUGS
File bugs at https://github.com/yarrick/iodine
File bugs at http://dev.kryo.se/iodine/
.SH AUTHORS
Erik Ekman <yarrick@kryo.se> and Bjorn Andersson <flex@kryo.se>. Major
contributions by Anne Bezemer.

26
src/Android.16.mk
View File

@ -1,26 +0,0 @@
#
# iodine for Android
#
# by Marcel Bokhorst
# http://blog.bokhorst.biz/5123/computers-en-internet/iodine-for-android/
#
# cd iodine-0.6.0-rc1/src
# make base64u.h base64u.c
# .../ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk
#
LOCAL_PATH:= $(call my-dir)
HEAD_COMMIT = `git rev-parse --short HEAD`
include $(CLEAR_VARS)
LOCAL_MODULE := iodine
LOCAL_SRC_FILES := tun.c dns.c read.c encoding.c login.c base32.c base64.c base64u.c base128.c md5.c common.c iodine.c client.c util.c
LOCAL_CFLAGS := -c -DANDROID -DLINUX -DIFCONFIGPATH=\"/system/bin/\" -Wall -DGITREVISION=\"$(HEAD_COMMIT)\"
LOCAL_LDLIBS := -lz
LOCAL_CFLAGS += -fPIE
LOCAL_LDFLAGS += -fPIE -pie
include $(BUILD_EXECUTABLE)

4
src/Android.mk
View File

@ -11,13 +11,11 @@
LOCAL_PATH:= $(call my-dir)
HEAD_COMMIT = `git rev-parse --short HEAD`
include $(CLEAR_VARS)
LOCAL_MODULE := iodine
LOCAL_SRC_FILES := tun.c dns.c read.c encoding.c login.c base32.c base64.c base64u.c base128.c md5.c common.c iodine.c client.c util.c
LOCAL_CFLAGS := -c -DANDROID -DLINUX -DIFCONFIGPATH=\"/system/bin/\" -Wall -DGITREVISION=\"$(HEAD_COMMIT)\"
LOCAL_CFLAGS := -c -DANDROID -DLINUX -DIFCONFIGPATH=\"/system/bin/\" -Wall
LOCAL_LDLIBS := -lz
include $(BUILD_EXECUTABLE)

9
src/Makefile
View File

@ -6,12 +6,10 @@ SERVER = ../bin/iodined
OS = `echo $(TARGETOS) | tr "a-z" "A-Z"`
ARCH = `uname -m`
HEAD_COMMIT = `git rev-parse --short HEAD`
LIBPATH = -L.
LDFLAGS += -lz `sh osflags $(TARGETOS) link` $(LIBPATH)
CFLAGS += -std=c99 -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags` -DGITREVISION=\"$(HEAD_COMMIT)\"
CFLAGS += -Wstrict-prototypes -Wtype-limits -Wmissing-declarations -Wmissing-prototypes
CFLAGS += -std=c99 -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags`
all: stateos $(CLIENT) $(SERVER)
@ -32,10 +30,15 @@ $(SERVER): $(COMMONOBJS) $(SERVEROBJS)
@echo CC $<
@$(CC) $(CFLAGS) $< -o $@
base64u.o client.o iodined.o: base64u.h
base64u.c: base64.c
@echo Making $@
@echo '/* No use in editing, produced by Makefile! */' > $@
@sed -e 's/\([Bb][Aa][Ss][Ee]64\)/\1u/g ; s/0123456789+/0123456789_/' < base64.c >> $@
base64u.h: base64.h
@echo Making $@
@echo '/* No use in editing, produced by Makefile! */' > $@
@sed -e 's/\([Bb][Aa][Ss][Ee]64\)/\1u/g ; s/0123456789+/0123456789_/' < base64.h >> $@
clean:
@echo "Cleaning src/"

22
src/android_dns.h
View File

@ -1,25 +1,7 @@
/*
* Copyright (c) 2009 Marcel Bokhorst <marcel@bokhorst.biz>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __FIX_ANDROID_H__
#define __FIX_ANDROID_H__
/* Newer android platforms can have this data already */
#ifndef C_IN
typedef struct {
unsigned id :16;
unsigned rd :1;
@ -47,13 +29,11 @@ typedef struct {
#define C_IN 1
#define T_A 1
#define T_A 1
#define T_CNAME 5
#define T_NULL 10
#define T_MX 15
#define T_TXT 16
#define T_SRV 33
#endif /* !C_IN */
#endif

76
src/base128.c
View File

@ -1,7 +1,7 @@
/*
* Copyright (C) 2009 J.A.Bezemer@opensourcepartners.nl
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -33,9 +33,10 @@
#include <string.h>
#include "encoding.h"
#include "base128.h"
#define BASE128_BLKSIZE_RAW 7
#define BASE128_BLKSIZE_ENC 8
#define BLKSIZE_RAW 7
#define BLKSIZE_ENC 8
/* Don't use '-' (restricted to middle of labels), prefer iso_8859-1
* accent chars since they might readily be entered in normal use,
@ -51,13 +52,55 @@ static const unsigned char cb128[] =
static unsigned char rev128[256];
static int reverse_init = 0;
inline static void base128_reverse_init(void)
static int base128_encode(char *, size_t *, const void *, size_t);
static int base128_decode(void *, size_t *, const char *, size_t);
static int base128_handles_dots();
static int base128_blksize_raw();
static int base128_blksize_enc();
static struct encoder base128_encoder =
{
"Base128",
base128_encode,
base128_decode,
base128_handles_dots,
base128_handles_dots,
base128_blksize_raw,
base128_blksize_enc
};
struct encoder
*get_base128_encoder()
{
return &base128_encoder;
}
static int
base128_handles_dots()
{
return 0;
}
static int
base128_blksize_raw()
{
return BLKSIZE_RAW;
}
static int
base128_blksize_enc()
{
return BLKSIZE_ENC;
}
inline static void
base128_reverse_init()
{
int i;
unsigned char c;
if (!reverse_init) {
memset(rev128, 0, 256);
memset (rev128, 0, 256);
for (i = 0; i < 128; i++) {
c = cb128[i];
rev128[(int) c] = i;
@ -66,6 +109,8 @@ inline static void base128_reverse_init(void)
}
}
static int
base128_encode(char *buf, size_t *buflen, const void *data, size_t size)
/*
* Fills *buf with max. *buflen characters, encoding size bytes of *data.
*
@ -75,8 +120,6 @@ inline static void base128_reverse_init(void)
* return value : #bytes filled in buf (excluding \0)
* sets *buflen to : #bytes encoded from data
*/
static int base128_encode(char *buf, size_t *buflen, const void *data,
size_t size)
{
unsigned char *ubuf = (unsigned char *) buf;
unsigned char *udata = (unsigned char *) data;
@ -160,6 +203,8 @@ static int base128_encode(char *buf, size_t *buflen, const void *data,
#define REV128(x) rev128[(int) (x)]
static int
base128_decode(void *buf, size_t *buflen, const char *str, size_t slen)
/*
* Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
* Decoding stops early when *str contains \0.
@ -171,15 +216,13 @@ static int base128_encode(char *buf, size_t *buflen, const void *data,
*
* return value : #bytes filled in buf (excluding \0)
*/
static int base128_decode(void *buf, size_t *buflen, const char *str,
size_t slen)
{
unsigned char *ustr = (unsigned char *) str;
unsigned char *ubuf = (unsigned char *) buf;
int iout = 0; /* to-be-filled output byte */
int iin = 0; /* next input char to use in decoding */
base128_reverse_init();
base128_reverse_init ();
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
@ -246,16 +289,3 @@ static int base128_decode(void *buf, size_t *buflen, const char *str,
return iout;
}
const struct encoder base128_ops = {
.name = "Base128",
.encode = base128_encode,
.decode = base128_decode,
.places_dots = false,
.eats_dots = false,
.blocksize_raw = BASE128_BLKSIZE_RAW,
.blocksize_encoded = BASE128_BLKSIZE_ENC,
};

22
src/base128.h Normal file
View File

@ -0,0 +1,22 @@
/*
* Copyright (C) 2009 J.A.Bezemer@opensourcepartners.nl
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __BASE128_H__
#define __BASE128_H__
struct encoder *get_base128_encoder(void);
#endif

81
src/base32.c
View File

@ -3,7 +3,7 @@
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Mostly rewritten 2009 J.A.Bezemer@opensourcepartners.nl
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -21,9 +21,10 @@
#include <string.h>
#include "encoding.h"
#include "base32.h"
#define BASE32_BLKSIZE_RAW 5
#define BASE32_BLKSIZE_ENC 8
#define BLKSIZE_RAW 5
#define BLKSIZE_ENC 8
static const char cb32[] =
"abcdefghijklmnopqrstuvwxyz012345";
@ -32,13 +33,55 @@ static const char cb32_ucase[] =
static unsigned char rev32[256];
static int reverse_init = 0;
inline static void base32_reverse_init(void)
static int base32_encode(char *, size_t *, const void *, size_t);
static int base32_decode(void *, size_t *, const char *, size_t);
static int base32_handles_dots();
static int base32_blksize_raw();
static int base32_blksize_enc();
static struct encoder base32_encoder =
{
"Base32",
base32_encode,
base32_decode,
base32_handles_dots,
base32_handles_dots,
base32_blksize_raw,
base32_blksize_enc
};
struct encoder
*get_base32_encoder()
{
return &base32_encoder;
}
static int
base32_handles_dots()
{
return 0;
}
static int
base32_blksize_raw()
{
return BLKSIZE_RAW;
}
static int
base32_blksize_enc()
{
return BLKSIZE_ENC;
}
inline static void
base32_reverse_init()
{
int i;
unsigned char c;
if (!reverse_init) {
memset(rev32, 0, 256);
memset (rev32, 0, 256);
for (i = 0; i < 32; i++) {
c = cb32[i];
rev32[(int) c] = i;
@ -49,17 +92,21 @@ inline static void base32_reverse_init(void)
}
}
int b32_5to8(int in)
int
b32_5to8(int in)
{
return cb32[in & 31];
}
int b32_8to5(int in)
int
b32_8to5(int in)
{
base32_reverse_init();
return rev32[in];
}
static int
base32_encode(char *buf, size_t *buflen, const void *data, size_t size)
/*
* Fills *buf with max. *buflen characters, encoding size bytes of *data.
*
@ -69,7 +116,6 @@ int b32_8to5(int in)
* return value : #bytes filled in buf (excluding \0)
* sets *buflen to : #bytes encoded from data
*/
static int base32_encode(char *buf, size_t *buflen, const void *data, size_t size)
{
unsigned char *udata = (unsigned char *) data;
int iout = 0; /* to-be-filled output char */
@ -150,6 +196,8 @@ static int base32_encode(char *buf, size_t *buflen, const void *data, size_t siz
#define REV32(x) rev32[(int) (x)]
static int
base32_decode(void *buf, size_t *buflen, const char *str, size_t slen)
/*
* Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
* Decoding stops early when *str contains \0.
@ -161,14 +209,12 @@ static int base32_encode(char *buf, size_t *buflen, const void *data, size_t siz
*
* return value : #bytes filled in buf (excluding \0)
*/
static int base32_decode(void *buf, size_t *buflen, const char *str,
size_t slen)
{
unsigned char *ubuf = (unsigned char *) buf;
int iout = 0; /* to-be-filled output byte */
int iin = 0; /* next input char to use in decoding */
base32_reverse_init();
base32_reverse_init ();
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
@ -223,16 +269,3 @@ static int base32_decode(void *buf, size_t *buflen, const char *str,
return iout;
}
const struct encoder base32_ops = {
.name = "Base32",
.encode = base32_encode,
.decode = base32_decode,
.places_dots = false,
.eats_dots = false,
.blocksize_raw = BASE32_BLKSIZE_RAW,
.blocksize_encoded = BASE32_BLKSIZE_ENC,
};

25
src/base32.h Normal file
View File

@ -0,0 +1,25 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __BASE32_H__
#define __BASE32_H__
struct encoder *get_base32_encoder(void);
int b32_5to8(int);
int b32_8to5(int);
#endif

78
src/base64.c
View File

@ -3,7 +3,7 @@
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Mostly rewritten 2009 J.A.Bezemer@opensourcepartners.nl
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -21,9 +21,10 @@
#include <string.h>
#include "encoding.h"
#include "base64.h"
#define BASE64_BLKSIZE_RAW 3
#define BASE64_BLKSIZE_ENC 4
#define BLKSIZE_RAW 3
#define BLKSIZE_ENC 4
/* Note: the "unofficial" char is last here, which means that the \377 pattern
in DOWNCODECCHECK1 ('Y' request) will properly test it. */
@ -32,13 +33,55 @@ static const char cb64[] =
static unsigned char rev64[256];
static int reverse_init = 0;
inline static void base64_reverse_init(void)
static int base64_encode(char *, size_t *, const void *, size_t);
static int base64_decode(void *, size_t *, const char *, size_t);
static int base64_handles_dots();
static int base64_blksize_raw();
static int base64_blksize_enc();
static struct encoder base64_encoder =
{
"Base64",
base64_encode,
base64_decode,
base64_handles_dots,
base64_handles_dots,
base64_blksize_raw,
base64_blksize_enc
};
struct encoder
*get_base64_encoder()
{
return &base64_encoder;
}
static int
base64_handles_dots()
{
return 0;
}
static int
base64_blksize_raw()
{
return BLKSIZE_RAW;
}
static int
base64_blksize_enc()
{
return BLKSIZE_ENC;
}
inline static void
base64_reverse_init()
{
int i;
unsigned char c;
if (!reverse_init) {
memset(rev64, 0, 256);
memset (rev64, 0, 256);
for (i = 0; i < 64; i++) {
c = cb64[i];
rev64[(int) c] = i;
@ -47,6 +90,8 @@ inline static void base64_reverse_init(void)
}
}
static int
base64_encode(char *buf, size_t *buflen, const void *data, size_t size)
/*
* Fills *buf with max. *buflen characters, encoding size bytes of *data.
*
@ -56,8 +101,6 @@ inline static void base64_reverse_init(void)
* return value : #bytes filled in buf (excluding \0)
* sets *buflen to : #bytes encoded from data
*/
static int base64_encode(char *buf, size_t *buflen, const void *data,
size_t size)
{
unsigned char *udata = (unsigned char *) data;
int iout = 0; /* to-be-filled output char */
@ -85,7 +128,7 @@ static int base64_encode(char *buf, size_t *buflen, const void *data,
if (iout >= *buflen || iin >= size)
break;
buf[iout] = cb64[((udata[iin] & 0x0f) << 2) |
buf[iout] = cb64[((udata[iin] & 0x0f) << 2 ) |
((iin + 1 < size) ?
((udata[iin + 1] & 0xc0) >> 6) : 0)];
iin++; /* 1 complete, iin=2 */
@ -108,6 +151,8 @@ static int base64_encode(char *buf, size_t *buflen, const void *data,
#define REV64(x) rev64[(int) (x)]
static int
base64_decode(void *buf, size_t *buflen, const char *str, size_t slen)
/*
* Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
* Decoding stops early when *str contains \0.
@ -119,14 +164,12 @@ static int base64_encode(char *buf, size_t *buflen, const void *data,
*
* return value : #bytes filled in buf (excluding \0)
*/
static int base64_decode(void *buf, size_t *buflen, const char *str,
size_t slen)
{
unsigned char *ubuf = (unsigned char *) buf;
int iout = 0; /* to-be-filled output byte */
int iin = 0; /* next input char to use in decoding */
base64_reverse_init();
base64_reverse_init ();
/* Note: Don't bother to optimize manually. GCC optimizes
better(!) when using simplistic array indexing. */
@ -161,16 +204,3 @@ static int base64_decode(void *buf, size_t *buflen, const char *str,
return iout;
}
const struct encoder base64_ops = {
.name = "Base64",
.encode = base64_encode,
.decode = base64_decode,
.places_dots = false,
.eats_dots = false,
.blocksize_raw = BASE64_BLKSIZE_RAW,
.blocksize_encoded = BASE64_BLKSIZE_ENC,
};

23
src/base64.h Normal file
View File

@ -0,0 +1,23 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __BASE64_H__
#define __BASE64_H__
struct encoder *get_base64_encoder(void);
#endif

311
src/client.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -32,10 +32,10 @@
#ifdef WINDOWS32
#include "windows.h"
#else
#include <arpa/nameser.h>
#ifdef ANDROID
#include "android_dns.h"
#endif
#include <arpa/nameser.h>
#ifdef DARWIN
#define BIND_8_COMPAT
#include <arpa/nameser_compat.h>
@ -47,6 +47,10 @@
#include "common.h"
#include "encoding.h"
#include "base32.h"
#include "base64.h"
#include "base64u.h"
#include "base128.h"
#include "dns.h"
#include "login.h"
#include "tun.h"
@ -60,8 +64,7 @@ static const char *password;
static struct sockaddr_storage nameserv;
static int nameserv_len;
static struct sockaddr_storage raw_serv;
static int raw_serv_len;
static struct sockaddr_in raw_serv;
static const char *topdomain;
static uint16_t rand_seed;
@ -81,9 +84,16 @@ static uint16_t chunkid;
static uint16_t chunkid_prev;
static uint16_t chunkid_prev2;
/* Base32 encoder used for non-data packets and replies */
static struct encoder *b32;
/* Base64 etc encoders for replies */
static struct encoder *b64;
static struct encoder *b64u;
static struct encoder *b128;
/* The encoder used for data packets
* Defaults to Base32, can be changed after handshake */
const static struct encoder *dataenc = &base32_ops;
static struct encoder *dataenc;
/* The encoder to use for downstream data */
static char downenc = ' ';
@ -106,6 +116,11 @@ void
client_init()
{
running = 1;
b32 = get_base32_encoder();
b64 = get_base64_encoder();
b64u = get_base64u_encoder();
b128 = get_base128_encoder();
dataenc = get_base32_encoder();
rand_seed = ((unsigned int) rand()) & 0xFFFF;
send_ping_soon = 1; /* send ping immediately after startup */
conn = CONN_DNS_NULL;
@ -158,7 +173,7 @@ int
client_set_qtype(char *qtype)
{
if (!strcasecmp(qtype, "NULL"))
do_qtype = T_NULL;
do_qtype = T_NULL;
else if (!strcasecmp(qtype, "PRIVATE"))
do_qtype = T_PRIVATE;
else if (!strcasecmp(qtype, "CNAME"))
@ -227,7 +242,7 @@ client_set_hostname_maxlen(int i)
const char *
client_get_raw_addr()
{
return format_addr(&raw_serv, raw_serv_len);
return inet_ntoa(raw_serv.sin_addr);
}
static void
@ -292,7 +307,7 @@ send_query(int fd, char *hostname)
}
static void
send_raw(int fd, char *buf, int buflen, int cmd)
send_raw(int fd, char *buf, int buflen, int user, int cmd)
{
char packet[4096];
int len;
@ -305,7 +320,7 @@ send_raw(int fd, char *buf, int buflen, int cmd)
}
len += RAW_HDR_LEN;
packet[RAW_HDR_CMD] = cmd | (userid & 0x0F);
packet[RAW_HDR_CMD] = cmd | (user & 0x0F);
sendto(fd, packet, len, 0, (struct sockaddr*)&raw_serv, sizeof(raw_serv));
}
@ -313,7 +328,7 @@ send_raw(int fd, char *buf, int buflen, int cmd)
static void
send_raw_data(int dns_fd)
{
send_raw(dns_fd, outpkt.data, outpkt.len, RAW_HDR_CMD_DATA);
send_raw(dns_fd, outpkt.data, outpkt.len, userid, RAW_HDR_CMD_DATA);
outpkt.len = 0;
}
@ -326,11 +341,12 @@ send_packet(int fd, char cmd, const char *data, const size_t datalen)
buf[0] = cmd;
build_hostname(buf + 1, sizeof(buf) - 1, data, datalen, topdomain,
&base32_ops, hostname_maxlen);
b32, hostname_maxlen);
send_query(fd, buf);
}
static inline int is_sending(void)
static inline int
is_sending()
{
return (outpkt.len != 0);
}
@ -400,7 +416,7 @@ send_ping(int fd)
send_packet(fd, 'p', data, sizeof(data));
} else {
send_raw(fd, NULL, 0, RAW_HDR_CMD_PING);
send_raw(fd, NULL, 0, userid, RAW_HDR_CMD_PING);
}
}
@ -464,7 +480,7 @@ dns_namedec(char *outdata, int outdatalen, char *buf, int buflen)
/* this also does undotify */
return unpack_data(outdata, outdatalen, buf + 1, buflen - 4,
&base32_ops);
b32);
case 'i': /* Hostname++ with base64 */
case 'I':
@ -474,7 +490,7 @@ dns_namedec(char *outdata, int outdatalen, char *buf, int buflen)
/* this also does undotify */
return unpack_data(outdata, outdatalen, buf + 1, buflen - 4,
&base64_ops);
b64);
case 'j': /* Hostname++ with base64u */
case 'J':
@ -484,7 +500,7 @@ dns_namedec(char *outdata, int outdatalen, char *buf, int buflen)
/* this also does undotify */
return unpack_data(outdata, outdatalen, buf + 1, buflen - 4,
&base64u_ops);
b64u);
case 'k': /* Hostname++ with base128 */
case 'K':
@ -494,35 +510,35 @@ dns_namedec(char *outdata, int outdatalen, char *buf, int buflen)
/* this also does undotify */
return unpack_data(outdata, outdatalen, buf + 1, buflen - 4,
&base128_ops);
b128);
case 't': /* plain base32(Thirty-two) from TXT */
case 'T':
if (buflen < 2)
return 0;
return base32_ops.decode(outdata, &outdatalenu, buf + 1, buflen - 1);
return b32->decode(outdata, &outdatalenu, buf + 1, buflen - 1);
case 's': /* plain base64(Sixty-four) from TXT */
case 'S':
if (buflen < 2)
return 0;
return base64_ops.decode(outdata, &outdatalenu, buf + 1, buflen - 1);
return b64->decode(outdata, &outdatalenu, buf + 1, buflen - 1);
case 'u': /* plain base64u (Underscore) from TXT */
case 'U':
if (buflen < 2)
return 0;
return base64_ops.decode(outdata, &outdatalenu, buf + 1, buflen - 1);
return b64u->decode(outdata, &outdatalenu, buf + 1, buflen - 1);
case 'v': /* plain base128 from TXT */
case 'V':
if (buflen < 2)
return 0;
return base128_ops.decode(outdata, &outdatalenu, buf + 1, buflen - 1);
return b128->decode(outdata, &outdatalenu, buf + 1, buflen - 1);
case 'r': /* Raw binary from TXT */
case 'R':
@ -833,7 +849,7 @@ tunnel_dns(int tun_fd, int dns_fd)
}
}
/* read == 1 happens with "QMEM" illegal replies, caused by
/* read==1 happens with "QMEM" illegal replies, caused by
heavy reordering, or after short disconnections when
data-CMC has looped around into the "duplicate" values.
All these cases are helped by faster pinging. */
@ -1012,7 +1028,7 @@ tunnel_dns(int tun_fd, int dns_fd)
send_something_now = 1;
}
break;
break;
}
/* NOTE: buf[] was overwritten when down-packet complete */
@ -1255,74 +1271,116 @@ send_version(int fd, uint32_t version)
send_packet(fd, 'v', data, sizeof(data));
}
/* Add lower 15 bits of rand seed as base32,
* followed by a dot and the tunnel domain and send */
static void
send_handshake_query(int fd, char *prefix)
send_ip_request(int fd, int userid)
{
char buf[300];
char cmc_dot[5];
char buf[512] = "i____.";
buf[1] = b32_5to8(userid);
cmc_dot[0] = b32_5to8((rand_seed >> 10) & 0x1f);
cmc_dot[1] = b32_5to8((rand_seed >> 5) & 0x1f);
cmc_dot[2] = b32_5to8((rand_seed) & 0x1f);
cmc_dot[3] = '.';
cmc_dot[4] = 0;
buf[2] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[3] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[4] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
buf[0] = 0;
strncat(buf, prefix, 60); /* 63 - space for 3 CMC bytes */
strcat(buf, cmc_dot);
strncat(buf, topdomain, sizeof(buf) - strlen(buf) - 1);
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
static void
send_raw_udp_login(int dns_fd, int seed)
send_raw_udp_login(int dns_fd, int userid, int seed)
{
char buf[16];
login_calculate(buf, 16, password, seed + 1);
send_raw(dns_fd, buf, sizeof(buf), RAW_HDR_CMD_LOGIN);
send_raw(dns_fd, buf, sizeof(buf), userid, RAW_HDR_CMD_LOGIN);
}
static void
send_upenctest(int fd, const char *s)
send_upenctest(int fd, char *s)
/* NOTE: String may be at most 63-4=59 chars to fit in 1 dns chunk. */
{
char buf[512] = "z___";
buf[1] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[2] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[3] = b32_5to8((rand_seed) & 0x1f);
buf[3] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat(buf, s, 128);
strncat(buf, ".", 2);
strncat(buf, s, 512);
strncat(buf, ".", 512);
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
static void
send_downenctest(int fd, char downenc, int variant)
send_downenctest(int fd, char downenc, int variant, char *s, int slen)
/* Note: content/handling of s is not defined yet. */
{
char prefix[4] = "y__";
prefix[1] = tolower(downenc);
prefix[2] = b32_5to8(variant);
char buf[512] = "y_____.";
/* Use send_query directly if we ever send more data here. */
send_handshake_query(fd, prefix);
buf[1] = tolower(downenc);
buf[2] = b32_5to8(variant);
buf[3] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[4] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[5] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
static void
send_lazy_switch(int fd)
send_codec_switch(int fd, int userid, int bits)
{
char sw_lazy[] = { 'o', b32_5to8(userid), 'i', 0 };
char buf[512] = "s_____.";
buf[1] = b32_5to8(userid);
buf[2] = b32_5to8(bits);
buf[3] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[4] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[5] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
static void
send_downenc_switch(int fd, int userid)
{
char buf[512] = "o_____.";
buf[1] = b32_5to8(userid);
buf[2] = tolower(downenc);
buf[3] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[4] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[5] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
static void
send_lazy_switch(int fd, int userid)
{
char buf[512] = "o_____.";
buf[1] = b32_5to8(userid);
if (lazymode)
sw_lazy[2] = 'l';
buf[2] = 'l';
else
buf[2] = 'i';
send_handshake_query(fd, sw_lazy);
buf[3] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[4] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[5] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
static int
@ -1337,7 +1395,7 @@ handshake_version(int dns_fd, int *seed)
for (i = 0; running && i < 5; i++) {
send_version(dns_fd, PROTOCOL_VERSION);
send_version(dns_fd, VERSION);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'v', 'V', i+1);
@ -1353,12 +1411,11 @@ handshake_version(int dns_fd, int *seed)
userid_char = hex[userid & 15];
userid_char2 = hex2[userid & 15];
fprintf(stderr, "Version ok, both using protocol v 0x%08x. You are user #%d\n",
PROTOCOL_VERSION, userid);
fprintf(stderr, "Version ok, both using protocol v 0x%08x. You are user #%d\n", VERSION, userid);
return 0;
} else if (strncmp("VNAK", in, 4) == 0) {
warnx("You use protocol v 0x%08x, server uses v 0x%08x. Giving up",
PROTOCOL_VERSION, payload);
VERSION, payload);
return 1;
} else if (strncmp("VFUL", in, 4) == 0) {
warnx("Server full, all %d slots are taken. Try again later", payload);
@ -1386,7 +1443,7 @@ handshake_login(int dns_fd, int seed)
login_calculate(login, 16, password, seed);
for (i = 0; running && i < 5; i++) {
for (i=0; running && i<5 ;i++) {
send_login(dns_fd, login, 16);
@ -1397,9 +1454,6 @@ handshake_login(int dns_fd, int seed)
if (strncmp("LNAK", in, 4) == 0) {
fprintf(stderr, "Bad password\n");
return 1;
} else if (strncmp("BADIP", in, 5) == 0) {
warnx("BADIP: Server rejected sender IP address (maybe iodined -c will help)");
return 1;
} else if (sscanf(in, "%64[^-]-%64[^-]-%d-%d",
server, client, &mtu, &netmask) == 4) {
@ -1428,43 +1482,31 @@ static int
handshake_raw_udp(int dns_fd, int seed)
{
struct timeval tv;
char get_ip[] = { 'i', b32_5to8(userid), 0 };
char in[4096];
fd_set fds;
int i;
int r;
int len;
int got_addr;
unsigned remoteaddr = 0;
struct in_addr server;
memset(&raw_serv, 0, sizeof(raw_serv));
got_addr = 0;
fprintf(stderr, "Testing raw UDP data to the server (skip with -r)");
for (i=0; running && i<3 ;i++) {
fprintf(stderr, "Requesting server address to attempt raw UDP mode (skip with -r) ");
fflush(stderr);
for (i = 0; running && i < 3; i++) {
send_handshake_query(dns_fd, get_ip);
send_ip_request(dns_fd, userid);
len = handshake_waitdns(dns_fd, in, sizeof(in), 'i', 'I', i+1);
if (len == 5 && in[0] == 'I') {
/* Received IPv4 address */
struct sockaddr_in *raw4_serv = (struct sockaddr_in *) &raw_serv;
raw4_serv->sin_family = AF_INET;
memcpy(&raw4_serv->sin_addr, &in[1], sizeof(struct in_addr));
raw4_serv->sin_port = htons(53);
raw_serv_len = sizeof(struct sockaddr_in);
got_addr = 1;
break;
}
if (len == 17 && in[0] == 'I') {
/* Received IPv6 address */
struct sockaddr_in6 *raw6_serv = (struct sockaddr_in6 *) &raw_serv;
raw6_serv->sin6_family = AF_INET6;
memcpy(&raw6_serv->sin6_addr, &in[1], sizeof(struct in6_addr));
raw6_serv->sin6_port = htons(53);
raw_serv_len = sizeof(struct sockaddr_in6);
got_addr = 1;
/* Received IP address */
remoteaddr = (in[1] & 0xff);
remoteaddr <<= 8;
remoteaddr |= (in[2] & 0xff);
remoteaddr <<= 8;
remoteaddr |= (in[3] & 0xff);
remoteaddr <<= 8;
remoteaddr |= (in[4] & 0xff);
server.s_addr = ntohl(remoteaddr);
break;
}
@ -1475,29 +1517,34 @@ handshake_raw_udp(int dns_fd, int seed)
if (!running)
return 0;
if (!got_addr) {
if (!remoteaddr) {
fprintf(stderr, "Failed to get raw server IP, will use DNS mode.\n");
return 0;
}
fprintf(stderr, "Server is at %s, trying raw login: (skip with -r) ",
format_addr(&raw_serv, raw_serv_len));
fprintf(stderr, "Server is at %s, trying raw login: ", inet_ntoa(server));
fflush(stderr);
/* Store address to iodined server */
memset(&raw_serv, 0, sizeof(raw_serv));
raw_serv.sin_family = AF_INET;
raw_serv.sin_port = htons(53);
raw_serv.sin_addr = server;
/* do login against port 53 on remote server
* based on the old seed. If reply received,
* switch to raw udp mode */
for (i = 0; running && i < 4; i++) {
for (i=0; running && i<4 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
send_raw_udp_login(dns_fd, seed);
send_raw_udp_login(dns_fd, userid, seed);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if (r > 0) {
if(r > 0) {
/* recv() needed for windows, dont change to read() */
len = recv(dns_fd, in, sizeof(in), 0);
if (len >= (16 + RAW_HDR_LEN)) {
@ -1521,7 +1568,7 @@ handshake_raw_udp(int dns_fd, int seed)
}
static int
handshake_upenctest(int dns_fd, const char *s)
handshake_upenctest(int dns_fd, char *s)
/* NOTE: *s may be max 59 chars; must start with "aA" for case-swap check
Returns:
-1: case swap, no need for any further test: error printed; or Ctrl-C
@ -1531,13 +1578,13 @@ handshake_upenctest(int dns_fd, const char *s)
{
char in[4096];
unsigned char *uin = (unsigned char *) in;
const unsigned char *us = (const unsigned char *) s;
unsigned char *us = (unsigned char *) s;
int i;
int read;
int slen;
int slen;
slen = strlen(s);
for (i = 0; running && i < 3; i++) {
for (i=0; running && i<3 ;i++) {
send_upenctest(dns_fd, s);
@ -1613,17 +1660,17 @@ handshake_upenc_autodetect(int dns_fd)
[A-Z] as first, and [A-Z0-9] as last char _per label_.
Test by having '-' as last char.
*/
const char *pat64 = "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ+0129-";
const char *pat64u = "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ_0129-";
const char *pat128a = "aA-Aaahhh-Drink-mal-ein-J\344germeister-";
const char *pat128b = "aA-La-fl\373te-na\357ve-fran\347aise-est-retir\351-\340-Cr\350te";
const char *pat128c = "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ";
const char *pat128d = "aA0123456789\274\275\276\277"
"\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317";
const char *pat128e="aA"
"\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337"
"\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357"
"\360\361\362\363\364\365\366\367\370\371\372\373\374\375";
char *pat64="aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ+0129-";
char *pat64u="aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ_0129-";
char *pat128a="aA-Aaahhh-Drink-mal-ein-J\344germeister-";
char *pat128b="aA-La-fl\373te-na\357ve-fran\347aise-est-retir\351-\340-Cr\350te";
char *pat128c="aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ";
char *pat128d="aA0123456789\274\275\276\277"
"\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317";
char *pat128e="aA"
"\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337"
"\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357"
"\360\361\362\363\364\365\366\367\370\371\372\373\374\375";
int res;
/* Try Base128, starting very gently to not draw attention */
@ -1703,11 +1750,11 @@ handshake_downenctest(int dns_fd, char trycodec)
int i;
int read;
char *s = DOWNCODECCHECK1;
int slen = DOWNCODECCHECK1_LEN;
int slen = DOWNCODECCHECK1_LEN;
for (i = 0; running && i < 3; i++) {
for (i=0; running && i<3 ;i++) {
send_downenctest(dns_fd, trycodec, 1);
send_downenctest(dns_fd, trycodec, 1, NULL, 0);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'y', 'Y', i+1);
@ -1794,7 +1841,7 @@ handshake_qtypetest(int dns_fd, int timeout)
char in[4096];
int read;
char *s = DOWNCODECCHECK1;
int slen = DOWNCODECCHECK1_LEN;
int slen = DOWNCODECCHECK1_LEN;
int trycodec;
int k;
@ -1807,7 +1854,7 @@ handshake_qtypetest(int dns_fd, int timeout)
byte values can be returned, which is needed for NULL/PRIVATE
to work. */
send_downenctest(dns_fd, trycodec, 1);
send_downenctest(dns_fd, trycodec, 1, NULL, 0);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'y', 'Y', timeout);
@ -1923,7 +1970,7 @@ handshake_edns0_check(int dns_fd)
int i;
int read;
char *s = DOWNCODECCHECK1;
int slen = DOWNCODECCHECK1_LEN;
int slen = DOWNCODECCHECK1_LEN;
char trycodec;
if (do_qtype == T_NULL)
@ -1931,9 +1978,9 @@ handshake_edns0_check(int dns_fd)
else
trycodec = 'T';
for (i = 0; running && i < 3; i++) {
for (i=0; running && i<3 ;i++) {
send_downenctest(dns_fd, trycodec, 1);
send_downenctest(dns_fd, trycodec, 1, NULL, 0);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'y', 'Y', i+1);
@ -1965,27 +2012,26 @@ handshake_edns0_check(int dns_fd)
static void
handshake_switch_codec(int dns_fd, int bits)
{
char sw_codec[] = { 's', b32_5to8(userid), b32_5to8(bits), 0 };
char in[4096];
int i;
int read;
const struct encoder *tempenc;
struct encoder *tempenc;
if (bits == 5)
tempenc = &base32_ops;
tempenc = get_base32_encoder();
else if (bits == 6)
tempenc = &base64_ops;
tempenc = get_base64_encoder();
else if (bits == 26) /* "2nd" 6 bits per byte, with underscore */
tempenc = &base64u_ops;
tempenc = get_base64u_encoder();
else if (bits == 7)
tempenc = &base128_ops;
tempenc = get_base128_encoder();
else return;
fprintf(stderr, "Switching upstream to codec %s\n", tempenc->name);
for (i = 0; running && i < 5; i++) {
for (i=0; running && i<5 ;i++) {
send_handshake_query(dns_fd, sw_codec);
send_codec_switch(dns_fd, userid, bits);
read = handshake_waitdns(dns_fd, in, sizeof(in), 's', 'S', i+1);
@ -2020,7 +2066,6 @@ codec_revert:
static void
handshake_switch_downenc(int dns_fd)
{
char sw_downenc[] = { 'o', b32_5to8(userid), tolower(downenc), 0 };
char in[4096];
int i;
int read;
@ -2037,9 +2082,9 @@ handshake_switch_downenc(int dns_fd)
dname = "Raw";
fprintf(stderr, "Switching downstream to codec %s\n", dname);
for (i = 0; running && i < 5; i++) {
for (i=0; running && i<5 ;i++) {
send_handshake_query(dns_fd, sw_downenc);
send_downenc_switch(dns_fd, userid);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'o', 'O', i+1);
@ -2078,9 +2123,9 @@ handshake_try_lazy(int dns_fd)
int read;
fprintf(stderr, "Switching to lazy mode for low-latency\n");
for (i = 0; running && i < 5 ;i++) {
for (i=0; running && i<5; i++) {
send_lazy_switch(dns_fd);
send_lazy_switch(dns_fd, userid);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'o', 'O', i+1);
@ -2122,9 +2167,9 @@ handshake_lazyoff(int dns_fd)
int i;
int read;
for (i = 0; running && i < 5; i++) {
for (i=0; running && i<5; i++) {
send_lazy_switch(dns_fd);
send_lazy_switch(dns_fd, userid);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'o', 'O', 1);
@ -2228,7 +2273,7 @@ handshake_autoprobe_fragsize(int dns_fd)
fprintf(stderr, "Autoprobing max downstream fragment size... (skip with -m fragsize)\n");
while (running && range > 0 && (range >= 8 || max_fragsize < 300)) {
/* stop the slow probing early when we have enough bytes anyway */
for (i = 0; running && i < 3; i++) {
for (i=0; running && i<3 ;i++) {
send_fragsize_probe(dns_fd, proposed_fragsize);
@ -2296,7 +2341,7 @@ handshake_set_fragsize(int dns_fd, int fragsize)
int read;
fprintf(stderr, "Setting downstream fragment size to max %d...\n", fragsize);
for (i = 0; running && i < 5; i++) {
for (i=0; running && i<5 ;i++) {
send_set_downstream_fragsize(dns_fd, fragsize);

15
src/client.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -18,24 +18,23 @@
#ifndef __CLIENT_H__
#define __CLIENT_H__
void client_init(void);
void client_stop(void);
void client_init();
void client_stop();
enum connection client_get_conn(void);
const char *client_get_raw_addr(void);
enum connection client_get_conn();
const char *client_get_raw_addr();
void client_set_nameserver(struct sockaddr_storage *, int);
void client_set_topdomain(const char *cp);
void client_set_password(const char *cp);
int client_set_qtype(char *qtype);
char *client_get_qtype(void);
char *client_get_qtype();
void client_set_downenc(char *encoding);
void client_set_selecttimeout(int select_timeout);
void client_set_lazymode(int lazy_mode);
void client_set_hostname_maxlen(int i);
int client_handshake(int dns_fd, int raw_mode, int autodetect_frag_size,
int fragsize);
int client_handshake(int dns_fd, int raw_mode, int autodetect_frag_size, int fragsize);
int client_tunnel(int tun_fd, int dns_fd);
#endif

137
src/common.c
View File

@ -2,7 +2,7 @@
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* Copyright (c) 2007 Albert Lee <trisk@acm.jhu.edu>.
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -101,16 +101,18 @@ int setgroups(int count, int *groups)
}
#endif
#ifndef WINDOWS32
void
check_superuser(void)
check_superuser(void (*usage_fn)(void))
{
#ifndef WINDOWS32
if (geteuid() != 0) {
warnx("Run as root and you'll be happy.");
exit(-1);
warnx("Run as root and you'll be happy.\n");
usage_fn();
/* NOTREACHED */
}
}
#endif
}
char *
format_addr(struct sockaddr_storage *sockaddr, int sockaddr_len)
@ -171,13 +173,7 @@ get_addr(char *host, int port, int addr_family, int flags, struct sockaddr_stora
int
open_dns(struct sockaddr_storage *sockaddr, size_t sockaddr_len)
{
return open_dns_opt(sockaddr, sockaddr_len, -1);
}
int
open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len, int v6only)
{
int flag;
int flag = 1;
int fd;
if ((fd = socket(sockaddr->ss_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
@ -191,21 +187,20 @@ open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len, int v6only)
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void*) &flag, sizeof(flag));
#ifndef WINDOWS32
/* To get destination address from each UDP datagram, see iodined.c:read_dns() */
setsockopt(fd, IPPROTO_IP, DSTADDR_SOCKOPT, (const void*) &flag, sizeof(flag));
fd_set_close_on_exec(fd);
#endif
if (sockaddr->ss_family == AF_INET6 && v6only >= 0) {
setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (const void*) &v6only, sizeof(v6only));
}
#ifdef IP_OPT_DONT_FRAG
/* Set dont-fragment ip header flag */
flag = DONT_FRAG_VALUE;
setsockopt(fd, IPPROTO_IP, IP_OPT_DONT_FRAG, (const void*) &flag, sizeof(flag));
#endif
if (bind(fd, (struct sockaddr*) sockaddr, sockaddr_len) < 0)
err(1, "bind() to %s", format_addr(sockaddr, sockaddr_len));
if(bind(fd, (struct sockaddr*) sockaddr, sockaddr_len) < 0)
err(1, "bind");
fprintf(stderr, "Opened IPv%d UDP socket\n", sockaddr->ss_family == AF_INET6 ? 6 : 4);
@ -305,7 +300,7 @@ read_password(char *buf, size_t len)
int i;
#endif
fprintf(stderr, "Enter tunnel password: ");
fprintf(stderr, "Enter password: ");
fflush(stderr);
#ifndef WINDOWS32
fscanf(stdin, "%79[^\n]", pwd);
@ -332,7 +327,7 @@ read_password(char *buf, size_t len)
}
int
check_topdomain(char *str, int allow_wildcard, char **errormsg)
check_topdomain(char *str, char **errormsg)
{
int i;
int dots = 0;
@ -352,8 +347,8 @@ check_topdomain(char *str, int allow_wildcard, char **errormsg)
return 1;
}
for (i = 0; i < strlen(str); i++) {
if (str[i] == '.') {
for( i = 0; i < strlen(str); i++) {
if(str[i] == '.') {
dots++;
if (chunklen == 0) {
if (errormsg) *errormsg = "Consecutive dots";
@ -367,21 +362,9 @@ check_topdomain(char *str, int allow_wildcard, char **errormsg)
} else {
chunklen++;
}
if ((str[i] >= 'a' && str[i] <= 'z') || (str[i] >= 'A' && str[i] <= 'Z') ||
isdigit(str[i]) || str[i] == '-' || str[i] == '.') {
if( (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= 'A' && str[i] <= 'Z') ||
isdigit(str[i]) || str[i] == '-' || str[i] == '.' ) {
continue;
} else if (allow_wildcard && str[i] == '*') {
/* First char allowed to be wildcard, if followed by dot */
if (i == 0) {
if (str[i+1] == '.') {
continue;
}
if (errormsg) *errormsg = "Wildcard (*) must be followed by dot";
return 1;
} else {
if (errormsg) *errormsg = "Wildcard (*) only allowed as first char";
return 1;
}
} else {
if (errormsg) *errormsg = "Contains illegal character (allowed: [a-zA-Z0-9-.])";
return 1;
@ -404,52 +387,6 @@ check_topdomain(char *str, int allow_wildcard, char **errormsg)
return 0;
}
int
query_datalen(const char *qname, const char *topdomain)
{
/* Return number of data bytes embedded in DNS query name,
* or -1 if domains do not match.
*/
int qpos = strlen(qname);
int tpos = strlen(topdomain);
if (tpos < 3 || qpos < tpos) {
/* Domain or query name too short */
return -1;
}
/* Backward string compare */
qpos--;
tpos--;
while (qpos >= 0) {
if (topdomain[tpos] == '*') {
/* Wild match, is first in topdomain */
if (qname[qpos] == '*') {
/* Don't match against stars in query name */
return -1;
} else if (qpos == 0 || qname[qpos-1] == '.') {
/* Reached start of query name or chunk separator */
return qpos;
}
qpos--;
} else if (tolower(qname[qpos]) == tolower(topdomain[tpos])) {
/* Matching char, exclude wildcard in query name */
if (tpos == 0) {
/* Fully matched domain */
if (qpos == 0 || qname[qpos-1] == '.') {
/* Start of name or has dot before matching topdomain */
return qpos;
}
/* Query name has longer chunk than topdomain */
return -1;
}
tpos--;
qpos--;
} else {
return -1;
}
}
return -1;
}
#if defined(WINDOWS32) || defined(ANDROID)
#ifndef ANDROID
int
@ -461,9 +398,12 @@ inet_aton(const char *cp, struct in_addr *inp)
#endif
void
vwarn(const char *fmt, va_list list)
warn(const char *fmt, ...)
{
if (fmt) vfprintf(stderr, fmt, list);
va_list list;
va_start(list, fmt);
if (fmt) fprintf(stderr, fmt, list);
#ifndef ANDROID
if (errno == 0) {
fprintf(stderr, ": WSA error %d\n", WSAGetLastError());
@ -471,15 +411,17 @@ vwarn(const char *fmt, va_list list)
fprintf(stderr, ": %s\n", strerror(errno));
}
#endif
va_end(list);
}
void
warn(const char *fmt, ...)
warnx(const char *fmt, ...)
{
va_list list;
va_start(list, fmt);
vwarn(fmt, list);
if (fmt) fprintf(stderr, fmt, list);
fprintf(stderr, "\n");
va_end(list);
}
@ -489,35 +431,18 @@ err(int eval, const char *fmt, ...)
va_list list;
va_start(list, fmt);
vwarn(fmt, list);
warn(fmt, list);
va_end(list);
exit(eval);
}
void
vwarnx(const char *fmt, va_list list)
{
if (fmt) vfprintf(stderr, fmt, list);
fprintf(stderr, "\n");
}
void
warnx(const char *fmt, ...)
{
va_list list;
va_start(list, fmt);
vwarnx(fmt, list);
va_end(list);
}
void
errx(int eval, const char *fmt, ...)
{
va_list list;
va_start(list, fmt);
vwarnx(fmt, list);
warnx(fmt, list);
va_end(list);
exit(eval);
}

49
src/common.h
View File

@ -1,8 +1,8 @@
/*
* Copyright (c) 2006-2015 Erik Ekman <yarrick@kryo.se>,
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -32,7 +32,6 @@
#define RAW_HDR_GET_USR(x) ((x)[RAW_HDR_CMD] & RAW_HDR_USR_MASK)
extern const unsigned char raw_header[RAW_HDR_LEN];
#include <stdarg.h>
#ifdef WINDOWS32
#include "windows.h"
#else
@ -54,6 +53,14 @@ extern const unsigned char raw_header[RAW_HDR_LEN];
#define QUERY_NAME_SIZE 256
#if defined IP_RECVDSTADDR
# define DSTADDR_SOCKOPT IP_RECVDSTADDR
# define dstaddr(x) ((struct in_addr *) CMSG_DATA(x))
#elif defined IP_PKTINFO
# define DSTADDR_SOCKOPT IP_PKTINFO
# define dstaddr(x) (&(((struct in_pktinfo *)(CMSG_DATA(x)))->ipi_addr))
#endif
#if defined IP_MTU_DISCOVER
/* Linux */
# define IP_OPT_DONT_FRAG IP_MTU_DISCOVER
@ -69,8 +76,7 @@ extern const unsigned char raw_header[RAW_HDR_LEN];
#endif
#define T_PRIVATE 65399
/* Undefined RR type; "private use" range, see
* http://www.bind9.net/dns-parameters */
/* Undefined RR type; "private use" range, see http://www.bind9.net/dns-parameters */
#define T_UNSET 65432
/* Unused RR type, never actually sent */
@ -89,58 +95,45 @@ struct query {
unsigned short type;
unsigned short rcode;
unsigned short id;
struct sockaddr_storage destination;
socklen_t dest_len;
struct in_addr destination;
struct sockaddr_storage from;
socklen_t fromlen;
int fromlen;
unsigned short id2;
struct sockaddr_storage from2;
socklen_t fromlen2;
struct sockaddr from2;
int fromlen2;
};
enum connection {
CONN_RAW_UDP = 0,
CONN_RAW_UDP,
CONN_DNS_NULL,
CONN_MAX
};
#ifdef WINDOWS32
static inline void check_superuser(void)
{
}
#else
void check_superuser(void);
#endif
void check_superuser(void (*usage_fn)(void));
char *format_addr(struct sockaddr_storage *sockaddr, int sockaddr_len);
int get_addr(char *, int, int, int, struct sockaddr_storage *);
int open_dns(struct sockaddr_storage *, size_t);
int open_dns_opt(struct sockaddr_storage *sockaddr, size_t sockaddr_len,
int v6only);
int open_dns_from_host(char *host, int port, int addr_family, int flags);
void close_dns(int);
void do_chroot(char *);
void do_setcon(char *);
void do_detach(void);
void do_detach();
void do_pidfile(char *);
void read_password(char*, size_t);
int check_topdomain(char *, int, char **);
int query_datalen(const char *qname, const char *topdomain);
int check_topdomain(char *, char **);
#if defined(WINDOWS32) || defined(ANDROID)
#ifndef ANDROID
int inet_aton(const char *cp, struct in_addr *inp);
#endif
void vwarn(const char *fmt, va_list list);
void warn(const char *fmt, ...);
void err(int eval, const char *fmt, ...);
void vwarnx(const char *fmt, va_list list);
void warnx(const char *fmt, ...);
void warn(const char *fmt, ...);
void errx(int eval, const char *fmt, ...);
void warnx(const char *fmt, ...);
#endif
int recent_seqno(int , int);

258
src/dns.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -27,6 +27,9 @@
#ifdef WINDOWS32
#include "windows.h"
#else
#ifdef ANDROID
#include "android_dns.h"
#endif
#include <arpa/nameser.h>
#ifdef DARWIN
#define BIND_8_COMPAT
@ -35,9 +38,6 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <err.h>
#ifdef ANDROID
#include "android_dns.h"
#endif
#endif
@ -49,8 +49,8 @@ int dnsc_use_edns0 = 1;
#define CHECKLEN(x) if (buflen < (x) + (unsigned)(p-buf)) return 0
int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
const char *data, size_t datalen)
int
dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr, char *data, size_t datalen)
{
HEADER *header;
short name;
@ -91,8 +91,7 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
/* Answer section */
if (q->type == T_CNAME || q->type == T_A) {
/* data is expected to be like
* "Hblabla.host.name.com\0" */
/* data is expected to be like "Hblabla.host.name.com\0" */
char *startp;
int namelen;
@ -121,7 +120,7 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
For SRV, see RFC2782.
*/
const char *mxdata = data;
char *mxdata = data;
char *startp;
int namelen;
@ -131,12 +130,12 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
putshort(&p, name);
putshort(&p, q->type);
putshort(&p, C_IN);
putlong(&p, 0); /* TTL */
putlong(&p, 0); /* TTL */
startp = p;
p += 2; /* skip 2 bytes length */
p += 2; /* skip 2 bytes length */
CHECKLEN(2);
putshort(&p, 10 * ancnt); /* preference */
putshort(&p, 10 * ancnt); /* preference */
if (q->type == T_SRV) {
/* weight, port (5060 = SIP) */
@ -166,10 +165,10 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
putshort(&p, name);
putshort(&p, q->type);
putshort(&p, C_IN);
putlong(&p, 0); /* TTL */
putlong(&p, 0); /* TTL */
startp = p;
p += 2; /* skip 2 bytes length */
p += 2; /* skip 2 bytes length */
puttxtbin(&p, buflen - (p - buf), data, datalen);
CHECKLEN(0);
txtlen = p - startp;
@ -178,11 +177,12 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
ancnt = 1;
} else {
/* NULL has raw binary data */
CHECKLEN(10);
putshort(&p, name);
putshort(&p, q->type);
putshort(&p, C_IN);
putlong(&p, 0); /* TTL */
putlong(&p, 0); /* TTL */
datalen = MIN(datalen, buflen - (p - buf));
CHECKLEN(2);
@ -227,123 +227,10 @@ int dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr,
return len;
}
/* Only used when iodined gets a AAAA type query */
/* Mostly same as dns_encode_caa_response() below */
int dns_encode_aaaa_response(char *buf, size_t buflen, struct query *q,
char *topdomain)
{
HEADER *header;
int len;
int domain_len;
char *p;
if (buflen < sizeof(HEADER))
return 0;
memset(buf, 0, buflen);
header = (HEADER*)buf;
header->id = htons(q->id);
header->qr = 1;
header->opcode = 0;
header->aa = 1;
header->tc = 0;
header->rd = 0;
header->ra = 0;
p = buf + sizeof(HEADER);
header->qdcount = htons(1);
header->ancount = htons(0);
domain_len = strlen(q->name) - strlen(topdomain);
if (domain_len < 0 || domain_len == 1)
return -1;
if (strcasecmp(q->name + domain_len, topdomain))
return -1;
if (domain_len >= 1 && q->name[domain_len - 1] != '.')
return -1;
/* Query section */
putname(&p, buflen - (p - buf), q->name); /* Name */
CHECKLEN(4);
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
len = p - buf;
return len;
}
/* Only used when iodined gets a CAA type query */
/* Mostly same as dns_encode_ns_response() below */
int dns_encode_caa_response(char *buf, size_t buflen, struct query *q,
char *topdomain)
{
HEADER *header;
int len;
short name;
int domain_len;
char *p;
if (buflen < sizeof(HEADER))
return 0;
memset(buf, 0, buflen);
header = (HEADER*)buf;
header->id = htons(q->id);
header->qr = 1;
header->opcode = 0;
header->aa = 1;
header->tc = 0;
header->rd = 0;
header->ra = 0;
p = buf + sizeof(HEADER);
header->qdcount = htons(1);
header->ancount = htons(1);
/* pointer to start of name */
name = 0xc000 | ((p - buf) & 0x3fff);
domain_len = strlen(q->name) - strlen(topdomain);
if (domain_len < 0 || domain_len == 1)
return -1;
if (strcasecmp(q->name + domain_len, topdomain))
return -1;
if (domain_len >= 1 && q->name[domain_len - 1] != '.')
return -1;
/* Query section */
putname(&p, buflen - (p - buf), q->name); /* Name */
CHECKLEN(4);
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
/* Answer section */
CHECKLEN(12);
putshort(&p, name); /* Name */
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putshort(&p, 22); /* Data length */
/* caa record */
CHECKLEN(22);
memcpy(p, "\x00\x05\x69\x73\x73\x75\x65\x6c\x65\x74\x73\x65\x6e\x63\x72\x79\x70" \
"\x74\x2e\x6f\x72\x67", 22);
p += 22;
len = p - buf;
return len;
}
int
dns_encode_ns_response(char *buf, size_t buflen, struct query *q, char *topdomain)
/* Only used when iodined gets an NS type query */
/* Mostly same as dns_encode_a_response() below */
int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
char *topdomain)
{
HEADER *header;
int len;
@ -373,6 +260,7 @@ int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
header->qdcount = htons(1);
header->ancount = htons(1);
header->arcount = htons(1);
/* pointer to start of name */
name = 0xc000 | ((p - buf) & 0x3fff);
@ -411,49 +299,37 @@ int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
putbyte(&p, 's');
putshort(&p, topname); /* Name Server */
/* Do we have an IPv4 address to send? */
if (q->destination.ss_family == AF_INET) {
struct sockaddr_in *dest = (struct sockaddr_in *) &q->destination;
/* Additional data (A-record of NS server) */
CHECKLEN(12);
putshort(&p, nsname); /* Name Server */
putshort(&p, T_A); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putshort(&p, 4); /* Data length */
/* One additional record coming */
header->arcount = htons(1);
/* Additional data (A-record of NS server) */
CHECKLEN(12);
putshort(&p, nsname); /* Name Server */
putshort(&p, T_A); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putshort(&p, 4); /* Data length */
/* ugly hack to output IP address */
ipp = (char *) &dest->sin_addr.s_addr;
CHECKLEN(4);
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
putbyte(&p, *ipp);
}
/* ugly hack to output IP address */
ipp = (char *) &q->destination;
CHECKLEN(4);
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
putbyte(&p, *ipp);
len = p - buf;
return len;
}
/* Only used when iodined gets an A type query for ns.topdomain or
* www.topdomain . Mostly same as dns_encode_ns_response() above */
int dns_encode_a_response(char *buf, size_t buflen, struct query *q)
int
dns_encode_a_response(char *buf, size_t buflen, struct query *q)
/* Only used when iodined gets an A type query for ns.topdomain or www.topdomain */
/* Mostly same as dns_encode_ns_response() above */
{
struct sockaddr_in *dest = (struct sockaddr_in *) &q->destination;
HEADER *header;
int len;
short name;
char *ipp;
char *p;
/* Check if we have an IPv4 address to send */
if (q->destination.ss_family != AF_INET)
return -1;
if (buflen < sizeof(HEADER))
return 0;
@ -478,21 +354,21 @@ int dns_encode_a_response(char *buf, size_t buflen, struct query *q)
name = 0xc000 | ((p - buf) & 0x3fff);
/* Query section */
putname(&p, buflen - (p - buf), q->name); /* Name */
putname(&p, buflen - (p - buf), q->name); /* Name */
CHECKLEN(4);
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
/* Answer section */
CHECKLEN(12);
putshort(&p, name); /* Name */
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putshort(&p, 4); /* Data length */
putshort(&p, name); /* Name */
putshort(&p, q->type); /* Type */
putshort(&p, C_IN); /* Class */
putlong(&p, 3600); /* TTL */
putshort(&p, 4); /* Data length */
/* ugly hack to output IP address */
ipp = (char *) &dest->sin_addr.s_addr;
ipp = (char *) &q->destination;
CHECKLEN(4);
putbyte(&p, *(ipp++));
putbyte(&p, *(ipp++));
@ -505,7 +381,8 @@ int dns_encode_a_response(char *buf, size_t buflen, struct query *q)
#undef CHECKLEN
unsigned short dns_get_id(char *packet, size_t packetlen)
unsigned short
dns_get_id(char *packet, size_t packetlen)
{
HEADER *header;
header = (HEADER*)packet;
@ -518,8 +395,8 @@ unsigned short dns_get_id(char *packet, size_t packetlen)
#define CHECKLEN(x) if (packetlen < (x) + (unsigned)(data-packet)) return 0
int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
size_t packetlen)
int
dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, size_t packetlen)
{
char name[QUERY_NAME_SIZE];
char rdata[4*1024];
@ -561,7 +438,7 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
switch (qr) {
case QR_ANSWER:
if (qdcount < 1) {
if(qdcount < 1) {
/* We need a question */
return -1;
}
@ -617,27 +494,12 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
readlong(packet, &data, &ttl);
readshort(packet, &data, &rlen);
if (type == T_CNAME) {
/* For tunnels, query type A has CNAME type answer */
memset(name, 0, sizeof(name));
readname(packet, packetlen, &data, name, sizeof(name) - 1);
name[sizeof(name)-1] = '\0';
strncpy(buf, name, buflen);
buf[buflen - 1] = '\0';
rv = strlen(buf);
}
if (type == T_A) {
/* Answer type A includes only 4 bytes.
Not used for tunneling. */
rv = MIN(rlen, sizeof(rdata));
rv = readdata(packet, &data, rdata, rv);
if (rv >= 2 && buf) {
rv = MIN(rv, buflen);
memcpy(buf, rdata, rv);
} else {
rv = 0;
}
}
memset(name, 0, sizeof(name));
readname(packet, packetlen, &data, name, sizeof(name) - 1);
name[sizeof(name)-1] = '\0';
strncpy(buf, name, buflen);
buf[buflen - 1] = '\0';
rv = strlen(buf);
}
else if ((type == T_MX || type == T_SRV) && buf) {
/* We support 250 records, 250*(255+header) ~= 64kB.
@ -653,7 +515,7 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
memset(names, 0, sizeof(names));
for (i = 0; i < ancount; i++) {
for (i=0; i < ancount; i++) {
readname(packet, packetlen, &data, name, sizeof(name));
CHECKLEN(12);
readshort(packet, &data, &type);
@ -674,8 +536,7 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
readname(packet, packetlen, &data,
names[pref / 10 - 1],
QUERY_NAME_SIZE - 1);
names[pref / 10 - 1]
[QUERY_NAME_SIZE-1] = '\0';
names[pref / 10 - 1][QUERY_NAME_SIZE-1] = '\0';
}
/* always trust rlen, not name encoding */
@ -708,8 +569,7 @@ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet,
readlong(packet, &data, &ttl);
readshort(packet, &data, &rlen);
rv = readtxtbin(packet, &data, rlen, rdata,
sizeof(rdata));
rv = readtxtbin(packet, &data, rlen, rdata, sizeof(rdata));
if (rv >= 1) {
rv = MIN(rv, buflen);
memcpy(buf, rdata, rv);

11
src/dns.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -27,13 +27,8 @@ typedef enum {
extern int dnsc_use_edns0;
int dns_encode(char *, size_t, struct query *, qr_t, const char *, size_t);
int dns_encode_aaaa_response(char *buf, size_t buflen, struct query *q,
char *topdomain);
int dns_encode_caa_response(char *buf, size_t buflen, struct query *q,
char *topdomain);
int dns_encode_ns_response(char *buf, size_t buflen, struct query *q,
char *topdomain);
int dns_encode(char *, size_t, struct query *, qr_t, char *, size_t);
int dns_encode_ns_response(char *buf, size_t buflen, struct query *q, char *topdomain);
int dns_encode_a_response(char *buf, size_t buflen, struct query *q);
unsigned short dns_get_id(char *packet, size_t packetlen);
int dns_decode(char *, size_t, struct query *, qr_t, char *, size_t);

25
src/encoding.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -19,9 +19,10 @@
#include "common.h"
#include "encoding.h"
int build_hostname(char *buf, size_t buflen, const char *data,
const size_t datalen, const char *topdomain,
const struct encoder *encoder, int maxlen)
int
build_hostname(char *buf, size_t buflen,
const char *data, const size_t datalen,
const char *topdomain, struct encoder *encoder, int maxlen)
{
size_t space;
char *b;
@ -29,14 +30,14 @@ int build_hostname(char *buf, size_t buflen, const char *data,
space = MIN((size_t)maxlen, buflen) - strlen(topdomain) - 8;
/* 8 = 5 max header length + 1 dot before topdomain + 2 safety */
if (!encoder->places_dots)
if (!encoder->places_dots())
space -= (space / 57); /* space for dots */
memset(buf, 0, buflen);
encoder->encode(buf, &space, data, datalen);
if (!encoder->places_dots)
if (!encoder->places_dots())
inline_dotify(buf, buflen);
b = buf;
@ -54,15 +55,16 @@ int build_hostname(char *buf, size_t buflen, const char *data,
return space;
}
int unpack_data(char *buf, size_t buflen, char *data, size_t datalen,
const struct encoder *enc)
int
unpack_data(char *buf, size_t buflen, char *data, size_t datalen, struct encoder *enc)
{
if (!enc->eats_dots)
if (!enc->eats_dots())
datalen = inline_undotify(data, datalen);
return enc->decode(buf, &buflen, data, datalen);
}
int inline_dotify(char *buf, size_t buflen)
int
inline_dotify(char *buf, size_t buflen)
{
unsigned dots;
unsigned pos;
@ -99,7 +101,8 @@ int inline_dotify(char *buf, size_t buflen)
return total;
}
int inline_undotify(char *buf, size_t len)
int
inline_undotify(char *buf, size_t len)
{
unsigned pos;
unsigned dots;

49
src/encoding.h
View File

@ -1,14 +1,8 @@
/*
* Copyright (c) 2006-2014 Erik Ekman
* 2006-2009 Bjorn Andersson
* Copyright (c) 2017 Ralf Ramsauer
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Authors:
* Bjorn Andersson <flex@kryo.se>
* Erok Ekman <yarrick@kryo.se>,
* Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -24,42 +18,27 @@
#ifndef _ENCODING_H_
#define _ENCODING_H_
#include <stdbool.h>
/* All-0, all-1, 01010101, 10101010: each 4 times to make sure the pattern
spreads across multiple encoded chars -> 16 bytes total.
Followed by 32 bytes from my /dev/random; should be enough.
*/
#define DOWNCODECCHECK1 \
"\000\000\000\000\377\377\377\377\125\125\125\125\252\252\252\252" \
"\201\143\310\322\307\174\262\027\137\117\316\311\111\055\122\041" \
"\141\251\161\040\045\263\006\163\346\330\104\060\171\120\127\277"
#define DOWNCODECCHECK1 "\000\000\000\000\377\377\377\377\125\125\125\125\252\252\252\252\201\143\310\322\307\174\262\027\137\117\316\311\111\055\122\041\141\251\161\040\045\263\006\163\346\330\104\060\171\120\127\277"
#define DOWNCODECCHECK1_LEN 48
struct encoder {
const char name[8];
int (*encode)(char *dst, size_t *dstlen, const void *src, size_t srclen);
int (*decode)(void *dst, size_t *dstlen, const char *src, size_t srclen);
const bool places_dots;
const bool eats_dots;
const int blocksize_raw;
const int blocksize_encoded;
char name[8];
int (*encode) (char *, size_t *, const void *, size_t);
int (*decode) (void *, size_t *, const char *, size_t);
int (*places_dots) (void);
int (*eats_dots) (void);
int (*blocksize_raw)(void);
int (*blocksize_encoded)(void);
};
int build_hostname(char *, size_t, const char *, const size_t, const char *,
const struct encoder *, int);
int unpack_data(char *, size_t, char *, size_t, const struct encoder *);
int build_hostname(char *, size_t, const char *, const size_t, const char *, struct encoder *, int);
int unpack_data(char *, size_t, char *, size_t, struct encoder *);
int inline_dotify(char *, size_t);
int inline_undotify(char *, size_t);
extern const struct encoder base32_ops;
extern const struct encoder base64_ops;
extern const struct encoder base64u_ops;
extern const struct encoder base128_ops;
int b32_5to8(int);
int b32_8to5(int);
#endif
#endif /* _ENCODING_H_ */

2
src/fw_query.c
View File

@ -1,7 +1,7 @@
/*
* Copyright (c) 2008-2014 Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*

4
src/fw_query.h
View File

@ -1,7 +1,7 @@
/*
* Copyright (c) 2008-2014 Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -33,7 +33,7 @@ struct fw_query {
unsigned short id;
};
void fw_query_init(void);
void fw_query_init();
void fw_query_put(struct fw_query *fw_query);
void fw_query_get(unsigned short query_id, struct fw_query **fw_query);

100
src/iodine.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,6 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdbool.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
@ -49,8 +48,6 @@ WSADATA wsa_data;
#if !defined(BSD) && !defined(__GLIBC__)
static char *__progname;
#else
extern char *__progname;
#endif
#define PASSWORD_ENV_VAR "IODINE_PASS"
@ -64,64 +61,63 @@ sighandler(int sig)
#if defined(__GNUC__) || defined(__clang__)
/* mark as no return to help some compilers to avoid warnings
* about use of uninitialized variables */
static inline void usage(void) __attribute__((noreturn));
static inline void help(FILE * stream, bool verbose) __attribute__((noreturn));
static void usage() __attribute__((noreturn));
#endif
static void help(FILE *stream, bool verbose)
{
fprintf(stream,
"iodine IP over DNS tunneling client\n\n"
"Usage: %s [-46fhrv] [-u user] [-t chrootdir] [-d device] [-P password]\n"
" [-m maxfragsize] [-M maxlen] [-T type] [-O enc] [-L 0|1] [-I sec]\n"
" [-z context] [-F pidfile] [nameserver] topdomain\n", __progname);
static void
usage() {
extern char *__progname;
if (!verbose)
exit(2);
fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-r] [-u user] [-t chrootdir] [-d device] "
"[-P password] [-m maxfragsize] [-M maxlen] [-T type] [-O enc] [-L 0|1] [-I sec] "
"[-z context] [-F pidfile] [nameserver] topdomain\n", __progname);
exit(2);
}
fprintf(stream,
"\nOptions to try if connection doesn't work:\n"
" -4 to connect only to IPv4\n"
" -6 to connect only to IPv6\n"
" -T force dns type: NULL, PRIVATE, TXT, SRV, MX, CNAME, A (default: autodetect)\n"
" -O force downstream encoding for -T other than NULL: Base32, Base64, Base64u,\n"
" Base128, or (only for TXT:) Raw (default: autodetect)\n"
" -I max interval between requests (default 4 sec) to prevent DNS timeouts\n"
" -L 1: use lazy mode for low-latency (default). 0: don't (implies -I1)\n"
" -m max size of downstream fragments (default: autodetect)\n"
" -M max size of upstream hostnames (~100-255, default: 255)\n"
" -r to skip raw UDP mode attempt\n"
" -P password used for authentication (max 32 chars will be used)\n\n"
"Other options:\n"
" -v to print version info and exit\n"
" -h to print this help and exit\n"
" -f to keep running in foreground\n"
" -u name to drop privileges and run as user 'name'\n"
" -t dir to chroot to directory dir\n"
" -d device to set tunnel device name\n"
" -z context, to apply specified SELinux context after initialization\n"
" -F pidfile to write pid to a file\n\n"
"nameserver is the IP number/hostname of the relaying nameserver. If absent,\n"
" /etc/resolv.conf is used\n"
"topdomain is the FQDN that is delegated to the tunnel endpoint.\n");
static void
help() {
extern char *__progname;
fprintf(stderr, "iodine IP over DNS tunneling client\n");
fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-r] [-u user] [-t chrootdir] [-d device] "
"[-P password] [-m maxfragsize] [-M maxlen] [-T type] [-O enc] [-L 0|1] [-I sec] "
"[-z context] [-F pidfile] [nameserver] topdomain\n", __progname);
fprintf(stderr, "Options to try if connection doesn't work:\n");
fprintf(stderr, " -T force dns type: NULL, PRIVATE, TXT, SRV, MX, CNAME, A (default: autodetect)\n");
fprintf(stderr, " -O force downstream encoding for -T other than NULL: Base32, Base64, Base64u,\n");
fprintf(stderr, " Base128, or (only for TXT:) Raw (default: autodetect)\n");
fprintf(stderr, " -I max interval between requests (default 4 sec) to prevent DNS timeouts\n");
fprintf(stderr, " -L 1: use lazy mode for low-latency (default). 0: don't (implies -I1)\n");
fprintf(stderr, " -m max size of downstream fragments (default: autodetect)\n");
fprintf(stderr, " -M max size of upstream hostnames (~100-255, default: 255)\n");
fprintf(stderr, " -r to skip raw UDP mode attempt\n");
fprintf(stderr, " -P password used for authentication (max 32 chars will be used)\n");
fprintf(stderr, "Other options:\n");
fprintf(stderr, " -v to print version info and exit\n");
fprintf(stderr, " -h to print this help and exit\n");
fprintf(stderr, " -f to keep running in foreground\n");
fprintf(stderr, " -u name to drop privileges and run as user 'name'\n");
fprintf(stderr, " -t dir to chroot to directory dir\n");
fprintf(stderr, " -d device to set tunnel device name\n");
fprintf(stderr, " -z context, to apply specified SELinux context after initialization\n");
fprintf(stderr, " -F pidfile to write pid to a file\n");
fprintf(stderr, "nameserver is the IP number/hostname of the relaying nameserver. if absent, /etc/resolv.conf is used\n");
fprintf(stderr, "topdomain is the FQDN that is delegated to the tunnel endpoint.\n");
exit(0);
}
static inline void usage(void)
{
help(stderr, false);
}
static void
version() {
static void version(void)
{
fprintf(stderr, "iodine IP over DNS tunneling client\n"
"Git version: %s\n", GITREVISION);
fprintf(stderr, "iodine IP over DNS tunneling client\n");
fprintf(stderr, "version: 0.7.0 from 2014-06-16\n");
exit(0);
}
int main(int argc, char **argv)
int
main(int argc, char **argv)
{
char *nameserv_host;
char *topdomain;
@ -208,7 +204,7 @@ int main(int argc, char **argv)
foreground = 1;
break;
case 'h':
help(stdout, true);
help();
/* NOTREACHED */
break;
case 'r':
@ -279,7 +275,7 @@ int main(int argc, char **argv)
}
}
check_superuser();
check_superuser(usage);
argc -= optind;
argv += optind;
@ -317,7 +313,7 @@ int main(int argc, char **argv)
/* NOTREACHED */
}
if (check_topdomain(topdomain, 0, &errormsg)) {
if(check_topdomain(topdomain, &errormsg)) {
warnx("Invalid topdomain: %s", errormsg);
usage();
/* NOTREACHED */

930
src/iodined.c
View File

File diff suppressed because it is too large Load Diff

3
src/login.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -25,7 +25,6 @@
#include <arpa/inet.h>
#endif
#include "login.h"
#include "md5.h"
/*

2
src/login.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*

44
src/md5.c
View File

@ -157,18 +157,18 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
#endif
#if BYTE_ORDER <= 0 /* little-endian */
{
/*
* On little-endian machines, we can process properly aligned
* data without copying it.
*/
if (!((data - (const md5_byte_t *)0) & 3)) {
/* data are properly aligned */
X = (const md5_word_t *)data;
} else {
/* not aligned */
memcpy(xbuf, data, 64);
X = xbuf;
}
/*
* On little-endian machines, we can process properly aligned
* data without copying it.
*/
if (!((data - (const md5_byte_t *)0) & 3)) {
/* data are properly aligned */
X = (const md5_word_t *)data;
} else {
/* not aligned */
memcpy(xbuf, data, 64);
X = xbuf;
}
}
#endif
#if BYTE_ORDER == 0
@ -176,20 +176,20 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
#endif
#if BYTE_ORDER >= 0 /* big-endian */
{
/*
* On big-endian machines, we must arrange the bytes in the
* right order.
*/
const md5_byte_t *xp = data;
int i;
/*
* On big-endian machines, we must arrange the bytes in the
* right order.
*/
const md5_byte_t *xp = data;
int i;
# if BYTE_ORDER == 0
X = xbuf; /* (dynamic only) */
X = xbuf; /* (dynamic only) */
# else
# define xbuf X /* (static only) */
# endif
for (i = 0; i < 16; ++i, xp += 4)
xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
for (i = 0; i < 16; ++i, xp += 4)
xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
}
#endif
}
@ -342,7 +342,7 @@ md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes)
memcpy(pms->buf + offset, p, copy);
if (offset + copy < 64)
return;
return;
p += copy;
left -= copy;
md5_process(pms, pms->buf);

14
src/osflags
View File

@ -1,7 +1,5 @@
#!/bin/sh
: "${PKG_CONFIG:=pkg-config}"
case $2 in
link)
@ -21,8 +19,7 @@ link)
Linux)
FLAGS="";
[ -e /usr/include/selinux/selinux.h ] && FLAGS="$FLAGS -lselinux";
"$PKG_CONFIG" --exists libsystemd-daemon && FLAGS="$FLAGS $($PKG_CONFIG --libs libsystemd-daemon)";
"$PKG_CONFIG" --exists libsystemd && FLAGS="$FLAGS $($PKG_CONFIG --libs libsystemd)";
[ -e /usr/include/systemd/sd-daemon.h ] && FLAGS="$FLAGS -lsystemd-daemon";
echo $FLAGS;
;;
esac
@ -35,19 +32,12 @@ cflags)
BeOS)
echo '-Dsocklen_t=int';
;;
Darwin)
echo '-D__APPLE_USE_RFC_3542';
;;
Linux)
FLAGS="-D_GNU_SOURCE"
[ -e /usr/include/selinux/selinux.h ] && FLAGS="$FLAGS -DHAVE_SETCON";
"$PKG_CONFIG" --exists libsystemd-daemon && FLAGS="$FLAGS -DHAVE_SYSTEMD";
"$PKG_CONFIG" --exists libsystemd && FLAGS="$FLAGS -DHAVE_SYSTEMD";
[ -e /usr/include/systemd/sd-daemon.h ] && FLAGS="$FLAGS -DHAVE_SYSTEMD";
echo $FLAGS;
;;
GNU/kFreeBSD|GNU)
echo '-D_GNU_SOURCE'
;;
esac
;;
*)

10
src/read.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -19,8 +19,6 @@
#include <stdint.h>
#include <stdlib.h>
#include "read.h"
static int
readname_loop(char *packet, int packetlen, char **src, char *dst, size_t length, size_t loop)
{
@ -41,7 +39,7 @@ readname_loop(char *packet, int packetlen, char **src, char *dst, size_t length,
c = *s++;
/* is this a compressed label? */
if ((c & 0xc0) == 0xc0) {
if((c & 0xc0) == 0xc0) {
offset = (((s[-1] & 0x3f) << 8) | (s[0] & 0xff));
if (offset > packetlen) {
if (len == 0) {
@ -230,7 +228,7 @@ putlong(char **dst, uint32_t value)
}
int
putdata(char **dst, const char *data, size_t len)
putdata(char **dst, char *data, size_t len)
{
memcpy(*dst, data, len);
@ -239,7 +237,7 @@ putdata(char **dst, const char *data, size_t len)
}
int
puttxtbin(char **buf, size_t bufremain, const char *from, size_t fromremain)
puttxtbin(char **buf, size_t bufremain, char *from, size_t fromremain)
{
unsigned char uc;
unsigned char *ucp = &uc;

6
src/read.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -28,7 +28,7 @@ int putname(char **, size_t, const char *);
int putbyte(char **, unsigned char);
int putshort(char **, unsigned short);
int putlong(char **, uint32_t);
int putdata(char **, const char *, size_t);
int puttxtbin(char **, size_t, const char *, size_t);
int putdata(char **, char *, size_t);
int puttxtbin(char **, size_t, char *, size_t);
#endif

214
src/tun.c
View File

@ -1,9 +1,8 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
* 2013 Peter Sagerson <psagers.github@ignorare.net>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -26,23 +25,10 @@
#include <sys/stat.h>
#include <fcntl.h>
#ifdef DARWIN
#include <ctype.h>
#include <sys/kern_control.h>
#include <sys/sys_domain.h>
#include <sys/ioctl.h>
#include <net/if_utun.h>
#include <netinet/ip.h>
#endif
#ifndef IFCONFIGPATH
#define IFCONFIGPATH "PATH=/sbin:/bin "
#endif
#ifndef ROUTEPATH
#define ROUTEPATH "PATH=/sbin:/bin "
#endif
#ifdef WINDOWS32
#include "windows.h"
#include <winioctl.h>
@ -61,7 +47,6 @@ static void get_name(char *ifname, int namelen, char *dev_name);
#define TAP_DEVICE_SPACE "\\\\.\\Global\\"
#define TAP_VERSION_ID_0801 "tap0801"
#define TAP_VERSION_ID_0901 "tap0901"
#define TAP_VERSION_ID_0901_ROOT "root\\tap0901"
#define KEY_COMPONENT_ID "ComponentId"
#define NET_CFG_INST_ID "NetCfgInstanceId"
#else
@ -96,7 +81,7 @@ open_tun(const char *tun_device)
#endif
if ((tun_fd = open(tunnel, O_RDWR)) < 0) {
warn("open_tun: %s", tunnel);
warn("open_tun: %s: %s", tunnel, strerror(errno));
return -1;
}
@ -117,7 +102,7 @@ open_tun(const char *tun_device)
}
if (errno != EBUSY) {
warn("open_tun: ioctl[TUNSETIFF]");
warn("open_tun: ioctl[TUNSETIFF]: %s", strerror(errno));
return -1;
}
} else {
@ -132,7 +117,7 @@ open_tun(const char *tun_device)
}
if (errno != EBUSY) {
warn("open_tun: ioctl[TUNSETIFF]");
warn("open_tun: ioctl[TUNSETIFF]: %s", strerror(errno));
return -1;
}
}
@ -156,7 +141,7 @@ get_device(char *device, int device_len, const char *wanted_dev)
status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, TAP_ADAPTER_KEY, 0, KEY_READ, &adapter_key);
if (status != ERROR_SUCCESS) {
warnx("Error opening registry key " TAP_ADAPTER_KEY);
warnx("Error opening registry key " TAP_ADAPTER_KEY );
return;
}
@ -176,7 +161,7 @@ get_device(char *device, int device_len, const char *wanted_dev)
if (status == ERROR_NO_MORE_ITEMS) {
break;
} else if (status != ERROR_SUCCESS) {
warnx("Error enumerating subkeys of registry key " TAP_ADAPTER_KEY);
warnx("Error enumerating subkeys of registry key " TAP_ADAPTER_KEY );
break;
}
@ -194,8 +179,7 @@ get_device(char *device, int device_len, const char *wanted_dev)
goto next;
}
if (strncmp(TAP_VERSION_ID_0801, component, strlen(TAP_VERSION_ID_0801)) == 0 ||
strncmp(TAP_VERSION_ID_0901, component, strlen(TAP_VERSION_ID_0901)) == 0 ||
strncmp(TAP_VERSION_ID_0901_ROOT, component, strlen(TAP_VERSION_ID_0901_ROOT)) == 0) {
strncmp(TAP_VERSION_ID_0901, component, strlen(TAP_VERSION_ID_0901)) == 0) {
/* We found a TAP32 device, get its NetCfgInstanceId */
char iid_string[256] = NET_CFG_INST_ID;
@ -331,95 +315,6 @@ open_tun(const char *tun_device)
#else /* BSD and friends */
#ifdef DARWIN
/* Extract the device number from the name, if given. The value returned will
* be suitable for sockaddr_ctl.sc_unit, which means 0 for auto-assign, or
* (n + 1) for manual.
*/
static int
utun_unit(const char *dev)
{
const char *unit_str = dev;
int unit = 0;
if (!dev)
return -1;
while (*unit_str != '\0' && !isdigit(*unit_str))
unit_str++;
if (isdigit(*unit_str))
unit = strtol(unit_str, NULL, 10) + 1;
return unit;
}
static int
open_utun(const char *dev)
{
struct sockaddr_ctl addr;
struct ctl_info info;
char ifname[10];
socklen_t ifname_len = sizeof(ifname);
int unit;
int fd = -1;
int err = 0;
fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
if (fd < 0) {
warn("open_utun: socket(PF_SYSTEM)");
return -1;
}
/* Look up the kernel controller ID for utun devices. */
bzero(&info, sizeof(info));
strncpy(info.ctl_name, UTUN_CONTROL_NAME, MAX_KCTL_NAME);
err = ioctl(fd, CTLIOCGINFO, &info);
if (err != 0) {
warn("open_utun: ioctl(CTLIOCGINFO)");
close(fd);
return -1;
}
/* Connecting to the socket creates the utun device. */
addr.sc_len = sizeof(addr);
addr.sc_family = AF_SYSTEM;
addr.ss_sysaddr = AF_SYS_CONTROL;
addr.sc_id = info.ctl_id;
unit = utun_unit(dev);
if (unit < 0) {
close(fd);
return -1;
}
addr.sc_unit = unit;
err = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
if (err != 0) {
warn("open_utun: connect");
close(fd);
return -1;
}
/* Retrieve the assigned interface name. */
err = getsockopt(fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, ifname, &ifname_len);
if (err != 0) {
warn("open_utun: getsockopt(UTUN_OPT_IFNAME)");
close(fd);
return -1;
}
strncpy(if_name, ifname, sizeof(if_name));
fprintf(stderr, "Opened %s\n", ifname);
fd_set_close_on_exec(fd);
return fd;
}
#endif
int
open_tun(const char *tun_device)
{
@ -428,21 +323,12 @@ open_tun(const char *tun_device)
char tun_name[50];
if (tun_device != NULL) {
#ifdef DARWIN
if (!strncmp(tun_device, "utun", 4)) {
tun_fd = open_utun(tun_device);
if (tun_fd >= 0) {
return tun_fd;
}
}
#endif
snprintf(tun_name, sizeof(tun_name), "/dev/%s", tun_device);
strncpy(if_name, tun_device, sizeof(if_name));
if_name[sizeof(if_name)-1] = '\0';
if ((tun_fd = open(tun_name, O_RDWR)) < 0) {
warn("open_tun: %s", tun_name);
warn("open_tun: %s: %s", tun_name, strerror(errno));
return -1;
}
@ -464,17 +350,6 @@ open_tun(const char *tun_device)
break;
}
#ifdef DARWIN
fprintf(stderr, "No tun devices found, trying utun\n");
for (i = 0; i < TUN_MAX_TRY; i++) {
snprintf(tun_name, sizeof(tun_name), "utun%d", i);
tun_fd = open_utun(tun_name);
if (tun_fd >= 0) {
return tun_fd;
}
}
#endif
warn("open_tun: Failed to open tunneling device");
}
@ -529,43 +404,25 @@ read_tun(int tun_fd, char *buf, size_t len)
}
}
#else
static int
tun_uses_header(void)
{
#if defined (FREEBSD) || defined (NETBSD)
/* FreeBSD/NetBSD has no header */
return 0;
#elif defined (DARWIN)
/* Darwin tun has no header, Darwin utun does */
return !strncmp(if_name, "utun", 4);
#else /* LINUX/OPENBSD */
return 1;
#endif
}
int
write_tun(int tun_fd, char *data, size_t len)
{
if (!tun_uses_header()) {
data += 4;
len -= 4;
} else {
#if defined (FREEBSD) || defined (DARWIN) || defined(NETBSD)
data += 4;
len -= 4;
#else /* !FREEBSD/DARWIN */
#ifdef LINUX
// Linux prefixes with 32 bits ethertype
// 0x0800 for IPv4, 0x86DD for IPv6
data[0] = 0x00;
data[1] = 0x00;
data[2] = 0x08;
data[3] = 0x00;
#else /* OPENBSD and DARWIN(utun) */
// BSDs prefix with 32 bits address family
// AF_INET for IPv4, AF_INET6 for IPv6
data[0] = 0x00;
data[1] = 0x00;
data[2] = 0x00;
data[3] = 0x02;
#endif
}
data[0] = 0x00;
data[1] = 0x00;
data[2] = 0x08;
data[3] = 0x00;
#else /* OPENBSD */
data[0] = 0x00;
data[1] = 0x00;
data[2] = 0x00;
data[3] = 0x02;
#endif /* !LINUX */
#endif /* FREEBSD */
if (write(tun_fd, data, len) != len) {
warn("write_tun");
@ -577,19 +434,20 @@ write_tun(int tun_fd, char *data, size_t len)
ssize_t
read_tun(int tun_fd, char *buf, size_t len)
{
if (!tun_uses_header()) {
int bytes;
memset(buf, 0, 4);
#if defined (FREEBSD) || defined (DARWIN) || defined(NETBSD)
/* FreeBSD/Darwin/NetBSD has no header */
int bytes;
memset(buf, 0, 4);
bytes = read(tun_fd, buf + 4, len - 4);
if (bytes < 0) {
return bytes;
} else {
return bytes + 4;
}
bytes = read(tun_fd, buf + 4, len - 4);
if (bytes < 0) {
return bytes;
} else {
return read(tun_fd, buf, len);
return bytes + 4;
}
#else /* !FREEBSD */
return read(tun_fd, buf, len);
#endif /* !FREEBSD */
}
#endif
@ -644,12 +502,12 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
netip.s_addr = inet_addr(ip);
netip.s_addr = netip.s_addr & net.s_addr;
r = system(cmdline);
if (r != 0) {
if(r != 0) {
return r;
} else {
snprintf(cmdline, sizeof(cmdline),
ROUTEPATH "route add %s/%d %s",
"/sbin/route add %s/%d %s",
inet_ntoa(netip), netbits, ip);
}
fprintf(stderr, "Adding route %s/%d to %s\n", inet_ntoa(netip), netbits, ip);

2
src/tun.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*

47
src/user.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -37,11 +37,12 @@
struct tun_user *users;
unsigned usercount;
int init_users(in_addr_t my_ip, int netbits)
int
init_users(in_addr_t my_ip, int netbits)
{
int i;
int skip = 0;
char newip[32];
char newip[16];
int maxusers;
@ -76,7 +77,6 @@ int init_users(in_addr_t my_ip, int netbits)
users[i].disabled = 0;
users[i].authenticated = 0;
users[i].authenticated_raw = 0;
users[i].options_locked = 0;
users[i].active = 0;
/* Rest is reset on login ('V' packet) */
}
@ -84,14 +84,34 @@ int init_users(in_addr_t my_ip, int netbits)
return usercount;
}
const char *users_get_first_ip(void)
const char*
users_get_first_ip()
{
struct in_addr ip;
ip.s_addr = users[0].tun_ip;
return strdup(inet_ntoa(ip));
}
int find_user_by_ip(uint32_t ip)
int
users_waiting_on_reply()
{
int ret;
int i;
ret = 0;
for (i = 0; i < usercount; i++) {
if (users[i].active && !users[i].disabled &&
users[i].last_pkt + 60 > time(NULL) &&
users[i].q.id != 0 && users[i].conn == CONN_DNS_NULL) {
ret++;
}
}
return ret;
}
int
find_user_by_ip(uint32_t ip)
{
int ret;
int i;
@ -110,12 +130,13 @@ int find_user_by_ip(uint32_t ip)
return ret;
}
int
all_users_waiting_to_send()
/* If this returns true, then reading from tun device is blocked.
So only return true when all clients have at least one packet in
the outpacket-queue, so that sending back-to-back is possible
without going through another select loop.
*/
int all_users_waiting_to_send(void)
{
time_t now;
int ret;
@ -142,7 +163,8 @@ int all_users_waiting_to_send(void)
return ret;
}
int find_available_user(void)
int
find_available_user()
{
int ret = -1;
int i;
@ -152,7 +174,6 @@ int find_available_user(void)
users[i].active = 1;
users[i].authenticated = 0;
users[i].authenticated_raw = 0;
users[i].options_locked = 0;
users[i].last_pkt = time(NULL);
users[i].fragsize = 4096;
users[i].conn = CONN_DNS_NULL;
@ -163,7 +184,8 @@ int find_available_user(void)
return ret;
}
void user_switch_codec(int userid, const struct encoder *enc)
void
user_switch_codec(int userid, struct encoder *enc)
{
if (userid < 0 || userid >= usercount)
return;
@ -171,12 +193,13 @@ void user_switch_codec(int userid, const struct encoder *enc)
users[userid].encoder = enc;
}
void user_set_conn_type(int userid, enum connection c)
void
user_set_conn_type(int userid, enum connection c)
{
if (userid < 0 || userid >= usercount)
return;
if (c < CONN_RAW_UDP || c >= CONN_MAX)
if (c < 0 || c >= CONN_MAX)
return;
users[userid].conn = c;

17
src/user.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -39,20 +39,18 @@ struct tun_user {
int active;
int authenticated;
int authenticated_raw;
int options_locked;
int disabled;
time_t last_pkt;
int seed;
in_addr_t tun_ip;
struct sockaddr_storage host;
socklen_t hostlen;
struct in_addr host;
struct query q;
struct query q_sendrealsoon;
int q_sendrealsoon_new;
struct packet inpacket;
struct packet outpacket;
int outfragresent;
const struct encoder *encoder;
struct encoder *encoder;
char downenc;
int out_acked_seqno;
int out_acked_fragment;
@ -81,11 +79,12 @@ struct tun_user {
extern struct tun_user *users;
int init_users(in_addr_t, int);
const char* users_get_first_ip(void);
const char* users_get_first_ip();
int users_waiting_on_reply();
int find_user_by_ip(uint32_t);
int all_users_waiting_to_send(void);
int find_available_user(void);
void user_switch_codec(int userid, const struct encoder *enc);
int all_users_waiting_to_send();
int find_available_user();
void user_switch_codec(int userid, struct encoder *enc);
void user_set_conn_type(int userid, enum connection c);
#endif

12
src/util.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -17,12 +17,12 @@
#include <stdio.h>
#include "common.h"
#include "util.h"
char *get_resolvconf_addr(void)
char *
get_resolvconf_addr()
{
static char addr[16];
char *rv = NULL;
char *rv;
#ifndef WINDOWS32
char buf[80];
FILE *fp;
@ -36,6 +36,9 @@ char *get_resolvconf_addr(void)
rv = addr;
pclose(fp);
#else
rv = NULL;
if ((fp = fopen("/etc/resolv.conf", "r")) == NULL)
err(1, "/etc/resolv.conf");
@ -55,6 +58,7 @@ char *get_resolvconf_addr(void)
ULONG buflen;
DWORD ret;
rv = NULL;
fixed_info = malloc(sizeof(FIXED_INFO));
buflen = sizeof(FIXED_INFO);

19
src/util.h
View File

@ -1,24 +1,7 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __UTIL_H__
#define __UTIL_H__
char *get_resolvconf_addr(void);
char *get_resolvconf_addr();
void socket_setrtable(int fd, int rtable);
#endif

4
src/version.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -20,7 +20,7 @@
/* This is the version of the network protocol
It is usually equal to the latest iodine version number */
#define PROTOCOL_VERSION 0x00000502
#define VERSION 0x00000502
#endif /* _VERSION_H_ */

74
src/windows.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -53,42 +53,43 @@ typedef unsigned int in_addr_t;
#define sleep(seconds) Sleep((seconds)*1000)
typedef struct {
unsigned id :16; /* query identification number */
/* fields in third byte */
unsigned rd :1; /* recursion desired */
unsigned tc :1; /* truncated message */
unsigned aa :1; /* authoritive answer */
unsigned opcode :4; /* purpose of message */
unsigned qr :1; /* response flag */
/* fields in fourth byte */
unsigned rcode :4; /* response code */
unsigned cd: 1; /* checking disabled by resolver */
unsigned ad: 1; /* authentic data from named */
unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */
unsigned ra :1; /* recursion available */
/* remaining bytes */
unsigned qdcount :16; /* number of question entries */
unsigned ancount :16; /* number of answer entries */
unsigned nscount :16; /* number of authority entries */
unsigned arcount :16; /* number of resource entries */
unsigned id :16; /* query identification number */
/* fields in third byte */
unsigned rd :1; /* recursion desired */
unsigned tc :1; /* truncated message */
unsigned aa :1; /* authoritive answer */
unsigned opcode :4; /* purpose of message */
unsigned qr :1; /* response flag */
/* fields in fourth byte */
unsigned rcode :4; /* response code */
unsigned cd: 1; /* checking disabled by resolver */
unsigned ad: 1; /* authentic data from named */
unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */
unsigned ra :1; /* recursion available */
/* remaining bytes */
unsigned qdcount :16; /* number of question entries */
unsigned ancount :16; /* number of answer entries */
unsigned nscount :16; /* number of authority entries */
unsigned arcount :16; /* number of resource entries */
} HEADER;
struct ip {
unsigned int ip_hl:4; /* header length */
unsigned int ip_v:4; /* version */
u_char ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
#define IP_RF 0x8000 /* reserved fragment flag */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src, ip_dst; /* source and dest address */
};
struct ip
{
unsigned int ip_hl:4; /* header length */
unsigned int ip_v:4; /* version */
u_char ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
#define IP_RF 0x8000 /* reserved fragment flag */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src, ip_dst; /* source and dest address */
};
DWORD WINAPI tun_reader(LPVOID arg);
struct tun_data {
@ -98,7 +99,4 @@ struct tun_data {
int addrlen;
};
/* No-op for now. */
#define syslog(...)
#endif

49
tests/base32.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -22,6 +22,7 @@
#include <errno.h>
#include "encoding.h"
#include "base32.h"
#include "test.h"
#define TUPLES 5
@ -42,14 +43,17 @@ START_TEST(test_base32_encode)
{
size_t len;
char buf[4096];
struct encoder *b32;
int val;
b32 = get_base32_encoder();
len = sizeof(buf);
val = base32_ops.encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
val = b32->encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
ck_assert(val == strlen(testpairs[_i].b));
ck_assert_str_eq(buf, testpairs[_i].b);
fail_unless(val == strlen(testpairs[_i].b));
fail_unless(strcmp(buf, testpairs[_i].b) == 0,
"'%s' != '%s'", buf, testpairs[_i].b);
}
END_TEST
@ -57,13 +61,17 @@ START_TEST(test_base32_decode)
{
size_t len;
char buf[4096];
struct encoder *b32;
int val;
len = sizeof(buf);
val = base32_ops.decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
b32 = get_base32_encoder();
ck_assert(val == strlen(testpairs[_i].a));
ck_assert_str_eq(buf, testpairs[_i].a);
len = sizeof(buf);
val = b32->decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
fail_unless(val == strlen(testpairs[_i].a));
fail_unless(strcmp(buf, testpairs[_i].a) == 0,
"'%s' != '%s'", buf, testpairs[_i].a);
}
END_TEST
@ -74,7 +82,7 @@ START_TEST(test_base32_5to8_8to5)
for (i = 0; i < 32; i++) {
c = b32_5to8(i);
ck_assert(b32_8to5(c) == i);
fail_unless(b32_8to5(c) == i);
}
}
END_TEST
@ -85,11 +93,14 @@ START_TEST(test_base32_blksize)
size_t enclen;
char *rawbuf;
char *encbuf;
struct encoder *b32;
int i;
int val;
rawlen = base32_ops.blocksize_raw;
enclen = base32_ops.blocksize_encoded;
b32 = get_base32_encoder();
rawlen = b32->blocksize_raw();
enclen = b32->blocksize_encoded();
rawbuf = malloc(rawlen + 16);
encbuf = malloc(enclen + 16);
@ -99,21 +110,21 @@ START_TEST(test_base32_blksize)
}
rawbuf[i] = 0;
val = base32_ops.encode(encbuf, &enclen, rawbuf, rawlen);
val = b32->encode(encbuf, &enclen, rawbuf, rawlen);
ck_assert_msg(rawlen == 5, "raw length was %zu not 5", rawlen);
ck_assert_msg(enclen == 5, "encoded %zu bytes, not 5", enclen);
ck_assert_msg(val == 8, "encoded string %s was length %d", encbuf, val);
fail_unless(rawlen == 5, "raw length was %d not 5", rawlen);
fail_unless(enclen == 5, "encoded %d bytes, not 5", enclen);
fail_unless(val == 8, "encoded string %s was length %d", encbuf, val);
memset(rawbuf, 0, rawlen + 16);
enclen = val;
val = base32_ops.decode(rawbuf, &rawlen, encbuf, enclen);
val = b32->decode(rawbuf, &rawlen, encbuf, enclen);
ck_assert_msg(rawlen == 5, "raw length was %zu not 5", rawlen);
ck_assert_msg(val == 5, "val was not 5 but %d", val);
fail_unless(rawlen == 5, "raw length was %d not 5", rawlen);
fail_unless(val == 5, "val was not 5 but %d", val);
for (i = 0; i < rawlen; i++) {
ck_assert(rawbuf[i] == 'A');
fail_unless(rawbuf[i] == 'A');
}
}
END_TEST

50
tests/base64.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -22,6 +22,7 @@
#include <errno.h>
#include "encoding.h"
#include "base64.h"
#include "test.h"
#define TUPLES 5
@ -68,13 +69,17 @@ START_TEST(test_base64_encode)
{
size_t len;
char buf[4096];
struct encoder *b64;
int val;
len = sizeof(buf);
val = base64_ops.encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
b64 = get_base64_encoder();
ck_assert(val == strlen(testpairs[_i].b));
ck_assert_str_eq(buf, testpairs[_i].b);
len = sizeof(buf);
val = b64->encode(buf, &len, testpairs[_i].a, strlen(testpairs[_i].a));
fail_unless(val == strlen(testpairs[_i].b));
fail_unless(strcmp(buf, testpairs[_i].b) == 0,
"'%s' != '%s'", buf, testpairs[_i].b);
}
END_TEST
@ -82,13 +87,17 @@ START_TEST(test_base64_decode)
{
size_t len;
char buf[4096];
struct encoder *b64;
int val;
len = sizeof(buf);
val = base64_ops.decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
b64 = get_base64_encoder();
ck_assert(val == strlen(testpairs[_i].a));
ck_assert_str_eq(buf, testpairs[_i].a);
len = sizeof(buf);
val = b64->decode(buf, &len, testpairs[_i].b, strlen(testpairs[_i].b));
fail_unless(val == strlen(testpairs[_i].a));
fail_unless(strcmp(buf, testpairs[_i].a) == 0,
"'%s' != '%s'", buf, testpairs[_i].a);
}
END_TEST
@ -98,11 +107,14 @@ START_TEST(test_base64_blksize)
size_t enclen;
char *rawbuf;
char *encbuf;
struct encoder *b64;
int i;
int val;
rawlen = base64_ops.blocksize_raw;
enclen = base64_ops.blocksize_encoded;
b64 = get_base64_encoder();
rawlen = b64->blocksize_raw();
enclen = b64->blocksize_encoded();
rawbuf = malloc(rawlen + 16);
encbuf = malloc(enclen + 16);
@ -112,21 +124,21 @@ START_TEST(test_base64_blksize)
}
rawbuf[i] = 0;
val = base64_ops.encode(encbuf, &enclen, rawbuf, rawlen);
val = b64->encode(encbuf, &enclen, rawbuf, rawlen);
ck_assert_msg(rawlen == 3, "raw length was %zu not 3", rawlen);
ck_assert_msg(enclen == 3, "encoded %zu bytes, not 3", enclen);
ck_assert_msg(val == 4, "encoded string %s was length %d", encbuf, val);
fail_unless(rawlen == 3, "raw length was %d not 3", rawlen);
fail_unless(enclen == 3, "encoded %d bytes, not 3", enclen);
fail_unless(val == 4, "encoded string %s was length %d", encbuf, val);
memset(rawbuf, 0, rawlen + 16);
enclen = val;
val = base64_ops.decode(rawbuf, &rawlen, encbuf, enclen);
val = b64->decode(rawbuf, &rawlen, encbuf, enclen);
ck_assert_msg(rawlen == 3, "raw length was %zu not 3", rawlen);
ck_assert(val == 3);
fail_unless(rawlen == 3, "raw length was %d not 3", rawlen);
fail_unless(val == 3);
for (i = 0; i < rawlen; i++) {
ck_assert(rawbuf[i] == 'A');
fail_unless(rawbuf[i] == 'A');
}
}
END_TEST

224
tests/common.c
View File

@ -1,20 +1,3 @@
/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <check.h>
#include <common.h>
#include <unistd.h>
@ -23,20 +6,16 @@
START_TEST(test_topdomain_ok)
{
char *error = NULL;
char *error;
ck_assert(check_topdomain("foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 0, &error) == 0);
ck_assert(error == NULL);
/* Allowing wildcard */
ck_assert(check_topdomain("foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 1, &error) == 0);
ck_assert(error == NULL);
fail_if(check_topdomain("foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", &error));
/* Not allowed to start with dot */
ck_assert(check_topdomain(".foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", 0, &error));
ck_assert_str_eq("Starts with a dot", error);
fail_unless(check_topdomain(".foo.0123456789.qwertyuiop.asdfghjkl.zxcvbnm.com", &error));
fail_if(strcmp("Starts with a dot", error));
/* Test missing error msg ptr */
ck_assert(check_topdomain(".foo", 0, NULL));
fail_unless(check_topdomain(".foo", NULL));
}
END_TEST
@ -45,33 +24,29 @@ START_TEST(test_topdomain_length)
char *error;
/* Test empty and too short */
ck_assert(check_topdomain("", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain("a", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain(".a", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain("a.", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain("ab", 0, &error));
ck_assert_str_eq("Too short (< 3)", error);
error = NULL;
ck_assert(check_topdomain("a.b", 0, &error) == 0);
fail_unless(check_topdomain("", &error));
fail_if(strcmp("Too short (< 3)", error));
fail_unless(check_topdomain("a", &error));
fail_if(strcmp("Too short (< 3)", error));
fail_unless(check_topdomain(".a", &error));
fail_if(strcmp("Too short (< 3)", error));
fail_unless(check_topdomain("a.", &error));
fail_if(strcmp("Too short (< 3)", error));
fail_unless(check_topdomain("ab", &error));
fail_if(strcmp("Too short (< 3)", error));
fail_if(check_topdomain("a.b", &error));
fail_if(strcmp("Too short (< 3)", error));
/* Test too long (over 128, need rest of space for data) */
ck_assert(check_topdomain(
fail_unless(check_topdomain(
"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
"abcd12345.abcd12345.foo129xxx", 0, &error));
ck_assert_str_eq("Too long (> 128)", error);
ck_assert(check_topdomain(
"abcd12345.abcd12345.foo129xxx", &error));
fail_if(strcmp("Too long (> 128)", error));
fail_if(check_topdomain(
"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
"abcd12345.abcd12345.abcd12345.abcd12345.abcd12345."
"abcd12345.abcd12345.foo128xx", 0, &error) == 0);
"abcd12345.abcd12345.foo128xx", &error));
}
END_TEST
@ -80,112 +55,36 @@ START_TEST(test_topdomain_chunks)
char *error;
/* Must have at least one dot */
ck_assert(check_topdomain("abcde.gh", 0, &error) == 0);
ck_assert(check_topdomain("abcdefgh", 0, &error));
ck_assert_str_eq("No dots", error);
fail_if(check_topdomain("abcde.gh", &error));
fail_unless(check_topdomain("abcdefgh", &error));
fail_if(strcmp("No dots", error));
/* Not two consecutive dots */
ck_assert(check_topdomain("abc..defgh", 0, &error));
ck_assert_str_eq("Consecutive dots", error);
fail_unless(check_topdomain("abc..defgh", &error));
fail_if(strcmp("Consecutive dots", error));
/* Not end with a dots */
ck_assert(check_topdomain("abc.defgh.", 0, &error));
ck_assert_str_eq("Ends with a dot", error);
fail_unless(check_topdomain("abc.defgh.", &error));
fail_if(strcmp("Ends with a dot", error));
/* No chunk longer than 63 chars */
ck_assert(check_topdomain("123456789012345678901234567890"
"123456789012345678901234567890333.com", 0, &error) == 0);
ck_assert(check_topdomain("123456789012345678901234567890"
"1234567890123456789012345678904444.com", 0, &error));
ck_assert_str_eq("Too long domain part (> 63)", error);
fail_if(check_topdomain("123456789012345678901234567890"
"123456789012345678901234567890333.com", &error));
fail_unless(check_topdomain("123456789012345678901234567890"
"1234567890123456789012345678904444.com", &error));
fail_if(strcmp("Too long domain part (> 63)", error));
ck_assert(check_topdomain("abc.123456789012345678901234567890"
"123456789012345678901234567890333.com", 0, &error) == 0);
ck_assert(check_topdomain("abc.123456789012345678901234567890"
"1234567890123456789012345678904444.com", 0, &error));
ck_assert_str_eq("Too long domain part (> 63)", error);
fail_if(check_topdomain("abc.123456789012345678901234567890"
"123456789012345678901234567890333.com", &error));
fail_unless(check_topdomain("abc.123456789012345678901234567890"
"1234567890123456789012345678904444.com", &error));
fail_if(strcmp("Too long domain part (> 63)", error));
ck_assert(check_topdomain("abc.123456789012345678901234567890"
"123456789012345678901234567890333", 0, &error) == 0);
ck_assert(check_topdomain("abc.123456789012345678901234567890"
"1234567890123456789012345678904444", 0, &error));
ck_assert_str_eq("Too long domain part (> 63)", error);
}
END_TEST
START_TEST(test_topdomain_wild)
{
char *error = NULL;
ck_assert(check_topdomain("*.a", 0, &error) == 1);
ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
error = NULL;
ck_assert(check_topdomain("*.a", 1, &error) == 0);
ck_assert(error == NULL);
ck_assert(check_topdomain("b*.a", 0, &error) == 1);
ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
error = NULL;
ck_assert(check_topdomain("b*.a", 1, &error) == 1);
ck_assert_str_eq("Wildcard (*) only allowed as first char", error);
ck_assert(check_topdomain("*b.a", 0, &error) == 1);
ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
error = NULL;
ck_assert(check_topdomain("*b.a", 1, &error) == 1);
ck_assert_str_eq("Wildcard (*) must be followed by dot", error);
ck_assert(check_topdomain("*.*.a", 0, &error) == 1);
ck_assert_str_eq("Contains illegal character (allowed: [a-zA-Z0-9-.])", error);
error = NULL;
ck_assert(check_topdomain("*.*.a", 1, &error) == 1);
ck_assert_str_eq("Wildcard (*) only allowed as first char", error);
}
END_TEST
START_TEST(test_query_datalen)
{
char *topdomain = "r.foo.com";
/* With data */
ck_assert(query_datalen("foobar.r.foo.com", topdomain) == 7);
ck_assert(query_datalen("foobar.r.FoO.Com", topdomain) == 7);
ck_assert(query_datalen("foo.bar.r.FoO.Com", topdomain) == 8);
ck_assert(query_datalen(".r.foo.com", topdomain) == 1);
/* Without data */
ck_assert(query_datalen("r.foo.com", topdomain) == 0);
ck_assert(query_datalen("R.foo.com", topdomain) == 0);
/* Shorter query name */
ck_assert(query_datalen("foo.com", topdomain) == -1);
/* Mismatched query name */
ck_assert(query_datalen("b.foo.com", topdomain) == -1);
ck_assert(query_datalen("*.foo.com", topdomain) == -1);
/* Query name overlaps topdomain, but is longer */
ck_assert(query_datalen("bar.foo.com", topdomain) == -1);
}
END_TEST
START_TEST(test_query_datalen_wild)
{
char *topdomain = "*.foo.com";
/* With data */
ck_assert(query_datalen("foobar.a.foo.com", topdomain) == 7);
ck_assert(query_datalen("foobar.r.FoO.Com", topdomain) == 7);
ck_assert(query_datalen("foo.bar.r.FoO.Com", topdomain) == 8);
ck_assert(query_datalen("foo.Ab.foo.cOm", topdomain) == 4);
ck_assert(query_datalen("foo.Abcd.Foo.com", topdomain) == 4);
ck_assert(query_datalen("***.STARs.foo.com", topdomain) == 4);
ck_assert(query_datalen(".a.foo.com", topdomain) == 1);
ck_assert(query_datalen(".ab.foo.com", topdomain) == 1);
/* Without data */
ck_assert(query_datalen("rr.foo.com", topdomain) == 0);
ck_assert(query_datalen("b.foo.com", topdomain) == 0);
ck_assert(query_datalen("B.foo.com", topdomain) == 0);
/* Shorter query name */
ck_assert(query_datalen("foo.com", topdomain) == -1);
/* Wildcard part of query name matching topdomain */
ck_assert(query_datalen("aa.*.foo.com", topdomain) == -1);
/* Mismatched query name */
ck_assert(query_datalen("bar.r.boo.com", topdomain) == -1);
fail_if(check_topdomain("abc.123456789012345678901234567890"
"123456789012345678901234567890333", &error));
fail_unless(check_topdomain("abc.123456789012345678901234567890"
"1234567890123456789012345678904444", &error));
fail_if(strcmp("Too long domain part (> 63)", error));
}
END_TEST
@ -198,14 +97,14 @@ START_TEST(test_parse_format_ipv4)
int addr_len;
addr_len = get_addr(host, 53, AF_INET, 0, &addr);
ck_assert(addr_len == sizeof(struct sockaddr_in));
fail_unless(addr_len == sizeof(struct sockaddr_in));
v4addr = (struct sockaddr_in *) &addr;
ck_assert(v4addr->sin_addr.s_addr == htonl(0xc0a8020a));
ck_assert(v4addr->sin_port == htons(53));
fail_unless(v4addr->sin_addr.s_addr == htonl(0xc0a8020a));
fail_unless(v4addr->sin_port == htons(53));
formatted = format_addr(&addr, addr_len);
ck_assert_str_eq(host, formatted);
fail_if(strcmp(host, formatted));
}
END_TEST
@ -218,14 +117,14 @@ START_TEST(test_parse_format_ipv4_listen_all)
int addr_len;
addr_len = get_addr(NULL, 53, AF_INET, AI_PASSIVE, &addr);
ck_assert(addr_len == sizeof(struct sockaddr_in));
fail_unless(addr_len == sizeof(struct sockaddr_in));
v4addr = (struct sockaddr_in *) &addr;
ck_assert(v4addr->sin_addr.s_addr == htonl(0x00000000));
ck_assert(v4addr->sin_port == htons(53));
fail_unless(v4addr->sin_addr.s_addr == htonl(0x00000000));
fail_unless(v4addr->sin_port == htons(53));
formatted = format_addr(&addr, addr_len);
ck_assert_str_eq(host, formatted);
fail_if(strcmp(host, formatted));
}
END_TEST
@ -243,14 +142,14 @@ START_TEST(test_parse_format_ipv6)
int addr_len;
addr_len = get_addr(host, 53, AF_UNSPEC, 0, &addr);
ck_assert(addr_len == sizeof(struct sockaddr_in6));
fail_unless(addr_len == sizeof(struct sockaddr_in6));
v6addr = (struct sockaddr_in6 *) &addr;
ck_assert(memcmp(&v6addr->sin6_addr, v6_bits, sizeof(v6_bits)) == 0);
ck_assert(v6addr->sin6_port == htons(53));
fail_if(memcmp(&v6addr->sin6_addr, v6_bits, sizeof(v6_bits)));
fail_unless(v6addr->sin6_port == htons(53));
formatted = format_addr(&addr, addr_len);
ck_assert_str_eq(compact, formatted);
fail_if(strcmp(compact, formatted));
}
END_TEST
@ -268,15 +167,15 @@ START_TEST(test_parse_format_ipv4_mapped_ipv6)
int addr_len;
addr_len = get_addr(v4mapped, 53, AF_INET6, 0, &addr);
ck_assert(addr_len == sizeof(struct sockaddr_in6));
fail_unless(addr_len == sizeof(struct sockaddr_in6));
v6addr = (struct sockaddr_in6 *) &addr;
ck_assert(memcmp(&v6addr->sin6_addr, v6_bits, sizeof(v6_bits)) == 0);
ck_assert(v6addr->sin6_port == htons(53));
fail_if(memcmp(&v6addr->sin6_addr, v6_bits, sizeof(v6_bits)));
fail_unless(v6addr->sin6_port == htons(53));
/* Format as IPv4 address */
formatted = format_addr(&addr, addr_len);
ck_assert_str_eq(host, formatted);
fail_if(strcmp(host, formatted));
}
END_TEST
@ -290,9 +189,6 @@ test_common_create_tests()
tcase_add_test(tc, test_topdomain_ok);
tcase_add_test(tc, test_topdomain_length);
tcase_add_test(tc, test_topdomain_chunks);
tcase_add_test(tc, test_topdomain_wild);
tcase_add_test(tc, test_query_datalen);
tcase_add_test(tc, test_query_datalen_wild);
tcase_add_test(tc, test_parse_format_ipv4);
tcase_add_test(tc, test_parse_format_ipv4_listen_all);

53
tests/dns.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -33,6 +33,7 @@
#include "common.h"
#include "dns.h"
#include "encoding.h"
#include "base32.h"
#include "test.h"
static void dump_packet(char *, size_t);
@ -69,7 +70,7 @@ START_TEST(test_encode_query)
char buf[512];
char resolv[512];
struct query q;
const struct encoder *enc;
struct encoder *enc;
char *d;
size_t len;
size_t enclen;
@ -82,7 +83,7 @@ START_TEST(test_encode_query)
q.type = T_NULL;
q.id = 1337;
d = resolv;
enc = &base32_ops;
enc = get_base32_encoder();
*d++ = 'A';
enc->encode(d, &enclen, innerData, strlen(innerData));
@ -100,10 +101,8 @@ START_TEST(test_encode_query)
dump_packet(query_packet, len);
dump_packet(buf, ret);
}
ck_assert_msg(strncmp(query_packet, buf, sizeof(query_packet)) == 0,
"Did not compile expected packet");
ck_assert_msg(ret == len,
"Bad packet length: %d, expected %zu", ret, len);
fail_unless(strncmp(query_packet, buf, sizeof(query_packet)) == 0, "Did not compile expected packet");
fail_unless(ret == len, "Bad packet length: %d, expected %d", ret, len);
}
END_TEST
@ -112,25 +111,22 @@ START_TEST(test_decode_query)
char buf[512];
char *domain;
struct query q;
const struct encoder *enc;
struct encoder *enc;
size_t len;
memset(&q, 0, sizeof(struct query));
memset(&buf, 0, sizeof(buf));
q.id = 0;
len = sizeof(query_packet) - 1;
enc = &base32_ops;
enc = get_base32_encoder();
dns_decode(buf, sizeof(buf), &q, QR_QUERY, query_packet, len);
domain = strstr(q.name, topdomain);
len = sizeof(buf);
unpack_data(buf, len, &(q.name[1]), (int) (domain - q.name) - 1, enc);
ck_assert_msg(strncmp(buf, innerData, strlen(innerData)) == 0,
"Did not extract expected host: '%s'", buf);
ck_assert_msg(strlen(buf) == strlen(innerData),
"Bad host length: %zu, expected %zu: '%s'",
strlen(buf), strlen(innerData), buf);
fail_unless(strncmp(buf, innerData, strlen(innerData)) == 0, "Did not extract expected host: '%s'", buf);
fail_unless(strlen(buf) == strlen(innerData), "Bad host length: %d, expected %d: '%s'", strlen(buf), strlen(innerData), buf);
}
END_TEST
@ -152,10 +148,8 @@ START_TEST(test_encode_response)
ret = dns_encode(buf, len, &q, QR_ANSWER, msgData, strlen(msgData));
len = sizeof(answer_packet) - 1; /* Skip extra null character */
ck_assert_msg(strncmp(answer_packet, buf, sizeof(answer_packet)) == 0,
"Did not compile expected packet");
ck_assert_msg(ret == len,
"Bad packet length: %d, expected %d", ret, len);
fail_unless(strncmp(answer_packet, buf, sizeof(answer_packet)) == 0, "Did not compile expected packet");
fail_unless(ret == len, "Bad packet length: %d, expected %d", ret, len);
}
END_TEST
@ -170,11 +164,9 @@ START_TEST(test_decode_response)
memset(&buf, 0, sizeof(buf));
ret = dns_decode(buf, len, &q, QR_ANSWER, answer_packet, sizeof(answer_packet)-1);
ck_assert_msg(ret == strlen(msgData),
"Bad data length: %d, expected %zu", ret, strlen(msgData));
ck_assert_msg(strncmp(msgData, buf, strlen(msgData)) == 0,
"Did not extract expected data");
ck_assert(q.id == 0x0539);
fail_unless(ret == strlen(msgData), "Bad data length: %d, expected %d", ret, strlen(msgData));
fail_unless(strncmp(msgData, buf, strlen(msgData)) == 0, "Did not extract expected data");
fail_unless(q.id == 0x0539);
}
END_TEST
@ -189,12 +181,9 @@ START_TEST(test_decode_response_with_high_trans_id)
memset(&buf, 0, sizeof(buf));
ret = dns_decode(buf, len, &q, QR_ANSWER, answer_packet_high_trans_id, sizeof(answer_packet_high_trans_id)-1);
ck_assert_msg(ret == strlen(msgData),
"Bad data length: %d, expected %zu", ret, strlen(msgData));
ck_assert_msg(strncmp(msgData, buf, strlen(msgData)) == 0,
"Did not extract expected data");
ck_assert_msg(q.id == 0x8539,
"q.id was %08X instead of %08X!", q.id, 0x8539);
fail_unless(ret == strlen(msgData), "Bad data length: %d, expected %d", ret, strlen(msgData));
fail_unless(strncmp(msgData, buf, strlen(msgData)) == 0, "Did not extract expected data");
fail_unless(q.id == 0x8539, "q.id was %08X instead of %08X!", q.id, 0x8539);
}
END_TEST
@ -208,7 +197,7 @@ START_TEST(test_get_id_short_packet)
memset(&buf, 5, sizeof(buf));
id = dns_get_id(buf, len);
ck_assert(id == 0);
fail_unless(id == 0);
}
END_TEST
@ -217,7 +206,7 @@ START_TEST(test_get_id_low)
unsigned short id;
id = dns_get_id(answer_packet, sizeof(answer_packet));
ck_assert(id == 1337);
fail_unless(id == 1337);
}
END_TEST
@ -226,7 +215,7 @@ START_TEST(test_get_id_high)
unsigned short id;
id = dns_get_id(answer_packet_high_trans_id, sizeof(answer_packet_high_trans_id));
ck_assert(id == 0x8539);
fail_unless(id == 0x8539);
}
END_TEST

17
tests/encoding.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -22,6 +22,8 @@
#include "encoding.h"
#include "test.h"
#include "base32.h"
#include "base64.h"
#define TUPLES 4
@ -50,7 +52,8 @@ START_TEST(test_inline_dotify)
b = temp;
inline_dotify(b, sizeof(temp));
ck_assert_str_eq(dottests[_i].b, temp);
fail_unless(strcmp(dottests[_i].b, temp) == 0,
"'%s' != '%s'", temp, dottests[_i].b);
}
END_TEST
@ -64,7 +67,8 @@ START_TEST(test_inline_undotify)
b = temp;
inline_undotify(b, sizeof(temp));
ck_assert_str_eq(dottests[_i].a, temp);
fail_unless(strcmp(dottests[_i].a, temp) == 0,
"'%s' != '%s'", temp, dottests[_i].a);
}
END_TEST
@ -83,11 +87,10 @@ START_TEST(test_build_hostname)
buflen = sizeof(buf);
for (i = 1; i < sizeof(data); i++) {
int len = build_hostname(buf, buflen, data, i, topdomain, &base32_ops, sizeof(buf));
int len = build_hostname(buf, buflen, data, i, topdomain, get_base32_encoder(), sizeof(buf));
ck_assert(len <= i);
ck_assert_msg(strstr(buf, "..") == NULL,
"Found double dots when encoding data len %d! buf: %s", i, buf);
fail_if(len > i);
fail_if(strstr(buf, ".."), "Found double dots when encoding data len %d! buf: %s", i, buf);
}
}
END_TEST

14
tests/fw_query.c
View File

@ -1,7 +1,7 @@
/*
* Copyright (c) 2009-2014 Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -31,14 +31,14 @@ START_TEST(test_fw_query_simple)
/* Test empty cache */
fw_query_get(0x848A, &qp);
ck_assert(qp == NULL);
fail_unless(qp == NULL);
fw_query_put(&q);
/* Test cache with one entry */
fw_query_get(0x848A, &qp);
ck_assert(qp->addrlen == q.addrlen);
ck_assert(qp->id == q.id);
fail_unless(qp->addrlen == q.addrlen);
fail_unless(qp->id == q.id);
}
END_TEST
@ -62,8 +62,8 @@ START_TEST(test_fw_query_edge)
/* The query should still be cached */
fw_query_get(0x848A, &qp);
ck_assert(qp->addrlen == 33);
ck_assert(qp->id == 0x848A);
fail_unless(qp->addrlen == 33);
fail_unless(qp->id == 0x848A);
q.addrlen++;
q.id++;
@ -71,7 +71,7 @@ START_TEST(test_fw_query_edge)
/* but now it is overwritten */
fw_query_get(0x848A, &qp);
ck_assert(qp == NULL);
fail_unless(qp == NULL);
}
END_TEST

6
tests/login.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -34,7 +34,7 @@ START_TEST(test_login_hash)
memset(ans, 0, sizeof(ans));
login_calculate(ans, len, pass, seed);
ck_assert(strncmp(ans, good, len) == 0);
fail_unless(strncmp(ans, good, len) == 0, NULL);
}
END_TEST
@ -54,7 +54,7 @@ START_TEST(test_login_hash_short)
/* If len < 16, it should do nothing */
login_calculate(ans, len, pass, seed);
ck_assert(memcmp(ans, check, sizeof(ans)) == 0);
fail_if(memcmp(ans, check, sizeof(ans)));
}
END_TEST

45
tests/read.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -46,13 +46,13 @@ START_TEST(test_read_putshort)
for (i = 0; i < 65536; i++) {
p = (char*)&k;
putshort(&p, i);
ck_assert_msg(ntohs(k) == i,
fail_unless(ntohs(k) == i,
"Bad value on putshort for %d: %d != %d",
i, ntohs(k), i);
p = (char*)&k;
readshort(NULL, &p, &l);
ck_assert_msg(l == i,
fail_unless(l == i,
"Bad value on readshort for %d: %d != %d",
i, l, i);
}
@ -73,13 +73,13 @@ START_TEST(test_read_putlong)
putlong(&p, j);
ck_assert_msg(ntohl(k) == j,
fail_unless(ntohl(k) == j,
"Bad value on putlong for %d: %d != %d", i, ntohl(j), j);
p = (char*)&k;
readlong(NULL, &p, &l);
ck_assert_msg(l == j,
fail_unless(l == j,
"Bad value on readlong for %d: %d != %d", i, l, j);
}
}
@ -98,8 +98,8 @@ START_TEST(test_read_name_empty_loop)
data = (char*) emptyloop + sizeof(HEADER);
buf[1023] = 'A';
rv = readname((char *) emptyloop, sizeof(emptyloop), &data, buf, 1023);
ck_assert(rv == 0);
ck_assert(buf[1023] == 'A');
fail_unless(rv == 0);
fail_unless(buf[1023] == 'A');
}
END_TEST
@ -116,8 +116,8 @@ START_TEST(test_read_name_inf_loop)
data = (char*) infloop + sizeof(HEADER);
buf[4] = '\a';
rv = readname((char*) infloop, sizeof(infloop), &data, buf, 4);
ck_assert(rv == 3);
ck_assert(buf[4] == '\a');
fail_unless(rv == 3);
fail_unless(buf[4] == '\a');
}
END_TEST
@ -140,8 +140,8 @@ START_TEST(test_read_name_longname)
data = (char*) longname + sizeof(HEADER);
buf[256] = '\a';
rv = readname((char*) longname, sizeof(longname), &data, buf, 256);
ck_assert(rv == 256);
ck_assert(buf[256] == '\a');
fail_unless(rv == 256);
fail_unless(buf[256] == '\a');
}
END_TEST
@ -157,7 +157,7 @@ START_TEST(test_read_name_onejump)
memset(buf, 0, sizeof(buf));
data = (char*) onejump + sizeof(HEADER);
rv = readname((char*) onejump, sizeof(onejump), &data, buf, 256);
ck_assert(rv == 9);
fail_unless(rv == 9);
}
END_TEST
@ -179,8 +179,8 @@ START_TEST(test_read_name_badjump_start)
data = (char*) jumper + sizeof(HEADER);
rv = readname((char*) jumper, sizeof(badjump), &data, buf, 256);
ck_assert(rv == 0);
ck_assert(buf[0] == 0);
fail_unless(rv == 0);
fail_unless(buf[0] == 0);
}
free(jumper);
}
@ -204,8 +204,9 @@ START_TEST(test_read_name_badjump_second)
data = (char*) jumper + sizeof(HEADER);
rv = readname((char*) jumper, sizeof(badjump2), &data, buf, 256);
ck_assert(rv == 4);
ck_assert_str_eq("BA.", buf);
fail_unless(rv == 4);
fail_unless(strcmp("BA.", buf) == 0,
"buf is not BA: %s", buf);
}
free(jumper);
}
@ -223,8 +224,8 @@ START_TEST(test_putname)
b = buf;
ret = putname(&b, 256, domain);
ck_assert(ret == strlen(domain) + 1);
ck_assert_msg(strncmp(buf, out, ret) == 0, "Happy flow failed");
fail_unless(ret == strlen(domain) + 1);
fail_unless(strncmp(buf, out, ret) == 0, "Happy flow failed");
}
END_TEST
@ -241,8 +242,8 @@ START_TEST(test_putname_nodot)
b = buf;
ret = putname(&b, 256, nodot);
ck_assert(ret == -1);
ck_assert(b == buf);
fail_unless(ret == -1);
fail_unless(b == buf);
}
END_TEST
@ -263,8 +264,8 @@ START_TEST(test_putname_toolong)
b = buf;
ret = putname(&b, 256, toolong);
ck_assert(ret == -1);
ck_assert(b == buf);
fail_unless(ret == -1);
fail_unless(b == buf);
}
END_TEST

2
tests/test.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*

2
tests/test.h
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*

83
tests/user.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>
*
* Permission to use, copy, modify, and/or distribute this software for any
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -38,16 +38,40 @@ START_TEST(test_init_users)
ip = inet_addr("127.0.0.1");
count = init_users(ip, 27);
for (i = 0; i < count; i++) {
ck_assert(users[i].id == i);
ck_assert(users[i].q.id == 0);
ck_assert(users[i].inpacket.len == 0);
ck_assert(users[i].outpacket.len == 0);
fail_unless(users[i].id == i);
fail_unless(users[i].q.id == 0);
fail_unless(users[i].inpacket.len == 0);
fail_unless(users[i].outpacket.len == 0);
snprintf(givenip, sizeof(givenip), "127.0.0.%d", i + 2);
ck_assert(users[i].tun_ip == inet_addr(givenip));
fail_unless(users[i].tun_ip == inet_addr(givenip));
}
}
END_TEST
START_TEST(test_users_waiting)
{
in_addr_t ip;
ip = inet_addr("127.0.0.1");
init_users(ip, 27);
fail_unless(users_waiting_on_reply() == 0);
users[3].active = 1;
fail_unless(users_waiting_on_reply() == 0);
users[3].last_pkt = time(NULL);
fail_unless(users_waiting_on_reply() == 0);
users[3].conn = CONN_DNS_NULL;
users[3].q.id = 1;
fail_unless(users_waiting_on_reply() == 1);
}
END_TEST
START_TEST(test_find_user_by_ip)
{
in_addr_t ip;
@ -58,25 +82,25 @@ START_TEST(test_find_user_by_ip)
users[0].conn = CONN_DNS_NULL;
testip = (unsigned int) inet_addr("10.0.0.1");
ck_assert(find_user_by_ip(testip) == -1);
fail_unless(find_user_by_ip(testip) == -1);
testip = (unsigned int) inet_addr("127.0.0.2");
ck_assert(find_user_by_ip(testip) == -1);
fail_unless(find_user_by_ip(testip) == -1);
users[0].active = 1;
testip = (unsigned int) inet_addr("127.0.0.2");
ck_assert(find_user_by_ip(testip) == -1);
fail_unless(find_user_by_ip(testip) == -1);
users[0].last_pkt = time(NULL);
testip = (unsigned int) inet_addr("127.0.0.2");
ck_assert(find_user_by_ip(testip) == -1);
fail_unless(find_user_by_ip(testip) == -1);
users[0].authenticated = 1;
testip = (unsigned int) inet_addr("127.0.0.2");
ck_assert(find_user_by_ip(testip) == 0);
fail_unless(find_user_by_ip(testip) == 0);
}
END_TEST
@ -87,17 +111,17 @@ START_TEST(test_all_users_waiting_to_send)
ip = inet_addr("127.0.0.1");
init_users(ip, 27);
ck_assert(all_users_waiting_to_send() == 1);
fail_unless(all_users_waiting_to_send() == 1);
users[0].conn = CONN_DNS_NULL;
users[0].active = 1;
ck_assert(all_users_waiting_to_send() == 1);
fail_unless(all_users_waiting_to_send() == 1);
users[0].last_pkt = time(NULL);
users[0].outpacket.len = 0;
ck_assert(all_users_waiting_to_send() == 0);
fail_unless(all_users_waiting_to_send() == 0);
#ifdef OUTPACKETQ_LEN
users[0].outpacketq_filled = 1;
@ -105,7 +129,7 @@ START_TEST(test_all_users_waiting_to_send)
users[0].outpacket.len = 44;
#endif
ck_assert(all_users_waiting_to_send() == 1);
fail_unless(all_users_waiting_to_send() == 1);
}
END_TEST
@ -120,24 +144,24 @@ START_TEST(test_find_available_user)
for (i = 0; i < USERS; i++) {
users[i].authenticated = 1;
users[i].authenticated_raw = 1;
ck_assert(find_available_user() == i);
ck_assert(users[i].authenticated == 0);
ck_assert(users[i].authenticated_raw == 0);
fail_unless(find_available_user() == i);
fail_if(users[i].authenticated);
fail_if(users[i].authenticated_raw);
}
for (i = 0; i < USERS; i++) {
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == -1);
}
users[3].active = 0;
ck_assert(find_available_user() == 3);
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == 3);
fail_unless(find_available_user() == -1);
users[3].last_pkt = 55;
ck_assert(find_available_user() == 3);
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == 3);
fail_unless(find_available_user() == -1);
}
END_TEST
@ -150,22 +174,22 @@ START_TEST(test_find_available_user_small_net)
init_users(ip, 29); /* this should result in 5 enabled users */
for (i = 0; i < 5; i++) {
ck_assert(find_available_user() == i);
fail_unless(find_available_user() == i);
}
for (i = 0; i < USERS; i++) {
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == -1);
}
users[3].active = 0;
ck_assert(find_available_user() == 3);
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == 3);
fail_unless(find_available_user() == -1);
users[3].last_pkt = 55;
ck_assert(find_available_user() == 3);
ck_assert(find_available_user() == -1);
fail_unless(find_available_user() == 3);
fail_unless(find_available_user() == -1);
}
END_TEST
@ -176,6 +200,7 @@ test_user_create_tests()
tc = tcase_create("User");
tcase_add_test(tc, test_init_users);
tcase_add_test(tc, test_users_waiting);
tcase_add_test(tc, test_find_user_by_ip);
tcase_add_test(tc, test_all_users_waiting_to_send);
tcase_add_test(tc, test_find_available_user);