iodine/src/client.c

2716 lines
69 KiB
C

/*
* Copyright (c) 2006-2014 Erik Ekman <yarrick@kryo.se>,
* 2006-2009 Bjorn Andersson <flex@kryo.se>,
* 2015 Frekk van Blagh <frekk@frekkworks.com>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <ctype.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <signal.h>
#include <unistd.h>
#include <sys/param.h>
#include <fcntl.h>
#include <zlib.h>
#include <sys/time.h>
#include <time.h>
#ifdef WINDOWS32
#include "windows.h"
#else
#include <arpa/nameser.h>
#ifdef ANDROID
#include "android_dns.h"
#endif
#ifdef DARWIN
#define BIND_8_COMPAT
#include <arpa/nameser_compat.h>
#endif
#include <grp.h>
#include <pwd.h>
#include <netdb.h>
#endif
#include "common.h"
#include "encoding.h"
#include "base32.h"
#include "base64.h"
#include "base64u.h"
#include "base128.h"
#include "dns.h"
#include "login.h"
#include "tun.h"
#include "version.h"
#include "window.h"
#include "util.h"
#include "client.h"
/* Output flags for debug and time between stats update */
int debug;
int stats;
static int running;
static const char *password;
/* Nameserver/domain info */
static struct sockaddr_storage *nameserv_addrs;
static int nameserv_addrs_len;
static int current_nameserver;
static struct sockaddr_storage raw_serv;
static int raw_serv_len;
static const char *topdomain;
static uint16_t rand_seed;
/* Current up/downstream window data */
static struct frag_buffer *outbuf;
static struct frag_buffer *inbuf;
static size_t windowsize_up;
static size_t windowsize_down;
static size_t maxfragsize_up;
/* Next downstream seqID to be ACK'd (-1 if none pending) */
static int next_downstream_ack;
/* Remembering queries we sent for tracking purposes */
static struct query_tuple *pending_queries;
static size_t num_pending;
static time_t max_timeout_ms;
static time_t send_interval_ms;
static time_t min_send_interval_ms;
/* Server response timeout in ms and downstream window timeout */
static time_t server_timeout_ms;
static time_t downstream_timeout_ms;
static int autodetect_server_timeout;
/* Cumulative Round-Trip-Time in ms */
static time_t rtt_total_ms;
static size_t num_immediate;
/* Connection statistics */
static size_t num_timeouts;
static size_t num_untracked;
static size_t num_servfail;
static size_t num_badip;
static size_t num_sent;
static size_t num_recv;
static size_t send_query_sendcnt = 0;
static size_t send_query_recvcnt = 0;
static size_t num_frags_sent;
static size_t num_frags_recv;
static size_t num_pings;
/* My userid at the server */
static char userid;
static char userid_char; /* used when sending (lowercase) */
static char userid_char2; /* also accepted when receiving (uppercase) */
static uint16_t chunkid;
/* Base32 encoder used for non-data packets and replies */
static struct encoder *b32;
/* Base64 etc encoders for replies */
static struct encoder *b64;
static struct encoder *b64u;
static struct encoder *b128;
/* The encoder used for data packets
* Defaults to Base32, can be changed after handshake */
static struct encoder *dataenc;
/* Upstream/downstream compression flags */
static int compression_up;
static int compression_down;
/* The encoder to use for downstream data */
static char downenc = ' ';
/* set query type to send */
static uint16_t do_qtype = T_UNSET;
/* My connection mode */
static enum connection conn;
static int connected;
static int lazymode;
static long send_ping_soon;
static time_t lastdownstreamtime;
static size_t hostname_maxlen = 0xFF;
void
client_init()
{
running = 1;
b32 = get_base32_encoder();
b64 = get_base64_encoder();
b64u = get_base64u_encoder();
b128 = get_base128_encoder();
dataenc = get_base32_encoder();
rand_seed = (uint16_t) rand();
send_ping_soon = 1; /* send ping immediately after startup */
conn = CONN_DNS_NULL;
chunkid = (uint16_t) rand();
/* RFC says timeout minimum 5sec */
max_timeout_ms = 5000;
windowsize_up = 8;
windowsize_down = 8;
compression_up = 0;
compression_down = 1;
next_downstream_ack = -1;
current_nameserver = 0;
maxfragsize_up = 100;
num_immediate = 1;
rtt_total_ms = 1000;
send_interval_ms = 1000;
min_send_interval_ms = 1;
downstream_timeout_ms = 5000;
outbuf = NULL;
inbuf = NULL;
pending_queries = NULL;
connected = 0;
}
void
client_stop()
{
running = 0;
}
enum connection
client_get_conn()
{
return conn;
}
void
client_set_nameservers(struct sockaddr_storage *addr, int addrslen)
{
nameserv_addrs = addr;
nameserv_addrs_len = addrslen;
}
void
client_set_topdomain(const char *cp)
{
topdomain = cp;
}
void
client_set_password(const char *cp)
{
password = cp;
}
int
client_set_qtype(char *qtype)
{
if (!strcasecmp(qtype, "NULL"))
do_qtype = T_NULL;
else if (!strcasecmp(qtype, "PRIVATE"))
do_qtype = T_PRIVATE;
else if (!strcasecmp(qtype, "CNAME"))
do_qtype = T_CNAME;
else if (!strcasecmp(qtype, "A"))
do_qtype = T_A;
else if (!strcasecmp(qtype, "MX"))
do_qtype = T_MX;
else if (!strcasecmp(qtype, "SRV"))
do_qtype = T_SRV;
else if (!strcasecmp(qtype, "TXT"))
do_qtype = T_TXT;
return (do_qtype == T_UNSET);
}
char *
client_get_qtype()
{
char *c = "UNDEFINED";
if (do_qtype == T_NULL) c = "NULL";
else if (do_qtype == T_PRIVATE) c = "PRIVATE";
else if (do_qtype == T_CNAME) c = "CNAME";
else if (do_qtype == T_A) c = "A";
else if (do_qtype == T_MX) c = "MX";
else if (do_qtype == T_SRV) c = "SRV";
else if (do_qtype == T_TXT) c = "TXT";
return c;
}
void
client_set_downenc(char *encoding)
{
if (!strcasecmp(encoding, "base32"))
downenc = 'T';
else if (!strcasecmp(encoding, "base64"))
downenc = 'S';
else if (!strcasecmp(encoding, "base64u"))
downenc = 'U';
else if (!strcasecmp(encoding, "base128"))
downenc = 'V';
else if (!strcasecmp(encoding, "raw"))
downenc = 'R';
}
void
client_set_compression(int up, int down)
{
compression_up = up;
compression_down = down;
}
void
client_set_dnstimeout(double timeout, double servertimeout, double downfrag, int autodetect)
{
max_timeout_ms = timeout * 1000;
server_timeout_ms = servertimeout * 1000;
downstream_timeout_ms = downfrag * 1000;
autodetect_server_timeout = autodetect;
}
void
client_set_interval(double interval_msec, double mininterval_msec)
{
send_interval_ms = interval_msec;
min_send_interval_ms = mininterval_msec;
}
void
client_set_lazymode(int lazy_mode)
{
lazymode = lazy_mode;
}
void
client_set_windowsize(size_t up, size_t down)
/* set window sizes for upstream and downstream
* XXX upstream/downstream windowsizes might as well be the same */
{
windowsize_up = up;
windowsize_down = down;
}
void
client_set_hostname_maxlen(size_t i)
{
if (i <= 0xFF && i != hostname_maxlen) {
hostname_maxlen = i;
maxfragsize_up = get_raw_length_from_dns(hostname_maxlen - UPSTREAM_HDR, dataenc, topdomain);
if (outbuf)
outbuf->maxfraglen = maxfragsize_up;
}
}
const char *
client_get_raw_addr()
{
return format_addr(&raw_serv, raw_serv_len);
}
void
client_rotate_nameserver()
{
current_nameserver ++;
if (current_nameserver >= nameserv_addrs_len)
current_nameserver = 0;
}
void
immediate_mode_defaults()
{
send_interval_ms = MIN(rtt_total_ms / num_immediate, 1000);
max_timeout_ms = MAX(4 * rtt_total_ms / num_immediate, 5000);
server_timeout_ms = 0;
}
/* Client-side query tracking for lazy mode */
/* Handy macro for printing stats with messages */
#define QTRACK_DEBUG(l, ...) \
if (debug >= l) {\
fprintf(stderr, "[QTRACK (%lu/%lu), ? %lu, TO %lu, S %lu/%lu] ", num_pending, PENDING_QUERIES_LENGTH, \
num_untracked, num_timeouts, window_sending(outbuf), outbuf->numitems); \
fprintf(stderr, __VA_ARGS__);\
fprintf(stderr, "\n");\
}
static int
update_server_timeout(int dns_fd, int handshake)
/* Calculate server timeout based on average RTT, send ping "handshake" to set
* if handshake sent, return query ID */
{
time_t rtt_ms;
static size_t num_rtt_timeouts = 0;
/* Get average RTT in ms */
rtt_ms = rtt_total_ms / num_immediate;
if (rtt_ms >= max_timeout_ms && num_immediate > 5) {
num_rtt_timeouts++;
if (num_rtt_timeouts < 3) {
fprintf(stderr, "Target interval of %ld ms less than average round-trip of "
"%ld ms! Try increasing interval with -I.\n", max_timeout_ms, rtt_ms);
} else {
/* bump up target timeout */
max_timeout_ms = rtt_ms + 1000;
server_timeout_ms = 1000;
if (lazymode)
fprintf(stderr, "Adjusting server timeout to %ld ms, target interval %ld ms. Try -I%.1f next time with this network.\n",
server_timeout_ms, max_timeout_ms, max_timeout_ms / 1000.0);
num_rtt_timeouts = 0;
}
} else {
/* Set server timeout based on target interval and RTT */
server_timeout_ms = max_timeout_ms - rtt_ms;
if (server_timeout_ms <= 0) {
server_timeout_ms = 0;
fprintf(stderr, "Setting server timeout to 0 ms: if this continues try disabling lazy mode. (-L0)\n");
}
}
/* update up/down window timeouts to something reasonable */
downstream_timeout_ms = rtt_ms * 2;
outbuf->timeout = ms_to_timeval(downstream_timeout_ms);
if (handshake) {
/* Send ping handshake to set server timeout */
return send_ping(dns_fd, 1, -1, 1);
}
return -1;
}
static void
check_pending_queries()
/* Updates pending queries list */
{
num_pending = 0;
struct timeval now, qtimeout, max_timeout;
gettimeofday(&now, NULL);
/* Max timeout for queries is max interval + 1 second extra */
max_timeout = ms_to_timeval(max_timeout_ms + 1000);
for (int i = 0; i < PENDING_QUERIES_LENGTH; i++) {
if (pending_queries[i].time.tv_sec > 0 && pending_queries[i].id >= 0) {
timeradd(&pending_queries[i].time, &max_timeout, &qtimeout);
if (!timercmp(&qtimeout, &now, >)) {
/* Query has timed out, clear timestamp but leave ID */
pending_queries[i].time.tv_sec = 0;
num_timeouts++;
}
num_pending++;
}
}
}
static void
query_sent_now(int id)
{
int i = 0, found = 0;
if (!pending_queries)
return;
if (id < 0 || id > 65535)
return;
/* Replace any empty queries first, then timed out ones if necessary */
for (i = 0; i < PENDING_QUERIES_LENGTH; i++) {
if (pending_queries[i].id < 0) {
found = 1;
break;
}
}
if (!found) {
for (i = 0; i < PENDING_QUERIES_LENGTH; i++) {
if (pending_queries[i].time.tv_sec == 0) {
found = 1;
break;
}
}
}
/* if no slots found after both checks */
if (!found) {
QTRACK_DEBUG(1, "Buffer full! Failed to add id %d.", id);
} else {
/* Add query into found location */
pending_queries[i].id = id;
gettimeofday(&pending_queries[i].time, NULL);
num_pending ++;
QTRACK_DEBUG(4, "Adding query id %d into pending_queries[%d]", id, i);
id = -1;
}
}
static void
got_response(int id, int immediate, int fail)
{
struct timeval now, rtt;
time_t rtt_ms;
gettimeofday(&now, NULL);
QTRACK_DEBUG(4, "Got answer id %d (%s)%s", id, immediate ? "immediate" : "lazy",
fail ? ", FAIL" : "");
for (int i = 0; i < PENDING_QUERIES_LENGTH; i++) {
if (id >= 0 && pending_queries[i].id == id) {
if (num_pending > 0)
num_pending--;
if (pending_queries[i].time.tv_sec == 0) {
if (num_timeouts > 0) {
/* If query has timed out but is still stored - just in case
* ID is kept on timeout in check_pending_queries() */
num_timeouts --;
immediate = 0;
} else {
/* query is empty */
continue;
}
}
if (immediate || debug >= 4) {
timersub(&now, &pending_queries[i].time, &rtt);
rtt_ms = timeval_to_ms(&rtt);
}
QTRACK_DEBUG(5, " found answer id %d in pending queries[%d], %ld ms old", id, i, rtt_ms);
if (immediate) {
/* If this was an immediate response we can use it to get
more detailed connection statistics like RTT.
This lets us determine and adjust server lazy response time
during the session much more accurately. */
rtt_total_ms += rtt_ms;
num_immediate++;
if (autodetect_server_timeout)
update_server_timeout(-1, 0);
}
/* Remove query info from buffer to mark it as answered */
id = -1;
pending_queries[i].id = -1;
pending_queries[i].time.tv_sec = 0;
break;
}
}
if (id > 0) {
QTRACK_DEBUG(4, " got untracked response to id %d.", id);
num_untracked++;
}
}
static int
send_query(int fd, uint8_t *hostname)
/* Returns DNS ID of sent query */
{
uint8_t packet[4096];
struct query q;
size_t len;
DEBUG(3, "TX: pkt len %lu: hostname '%s'", strlen((char *)hostname), hostname);
chunkid += 7727;
if (chunkid == 0)
/* 0 is used as "no-query" in iodined.c */
chunkid = rand() & 0xFF;
q.id = chunkid;
q.type = do_qtype;
len = dns_encode((char *)packet, sizeof(packet), &q, QR_QUERY, (char *)hostname, strlen((char *)hostname));
if (len < 1) {
warnx("dns_encode doesn't fit");
return -1;
}
DEBUG(4, " Sendquery: id %5d name[0] '%c'", q.id, hostname[0]);
sendto(fd, packet, len, 0, (struct sockaddr*) &nameserv_addrs[current_nameserver],
sizeof(struct sockaddr_storage));
client_rotate_nameserver();
/* There are DNS relays that time out quickly but don't send anything
back on timeout.
And there are relays where, in lazy mode, our new query apparently
_replaces_ our previous query, and we get no answers at all in
lazy mode while legacy immediate-ping-pong works just fine.
Here we detect and fix these situations.
(Can't very well do this anywhere else; this is the only place
we'll reliably get to in such situations.)
Note: only start fixing up connection AFTER we have connected */
num_sent++;
if (send_query_sendcnt >= 0 && send_query_sendcnt < 100 && lazymode && connected) {
send_query_sendcnt++;
if ((send_query_sendcnt > windowsize_down && send_query_recvcnt <= 0) ||
(send_query_sendcnt > 2 * windowsize_down && 4 * send_query_recvcnt < send_query_sendcnt)) {
if (max_timeout_ms > 500 && autodetect_server_timeout) {
max_timeout_ms -= 200;
double secs = (double) max_timeout_ms / 1000.0;
fprintf(stderr, "Receiving too few answers. Setting target timeout to %.1fs (-I%.1f)\n", secs, secs);
/* restart counting */
send_query_sendcnt = 0;
send_query_recvcnt = 0;
} else if (lazymode && autodetect_server_timeout) {
fprintf(stderr, "Receiving too few answers. Will try to switch lazy mode off, but that may not"
" always work any more. Start with -L0 next time on this network.\n");
lazymode = 0;
server_timeout_ms = 0;
}
update_server_timeout(fd, 1);
}
}
return q.id;
}
static void
send_raw(int fd, uint8_t *buf, size_t buflen, int user, int cmd)
{
char packet[4096];
int len;
len = MIN(sizeof(packet) - RAW_HDR_LEN, buflen);
memcpy(packet, raw_header, RAW_HDR_LEN);
if (len) {
memcpy(&packet[RAW_HDR_LEN], buf, len);
}
len += RAW_HDR_LEN;
packet[RAW_HDR_CMD] = (cmd & 0xF0) | (user & 0x0F);
sendto(fd, packet, len, 0, (struct sockaddr*)&raw_serv, sizeof(raw_serv));
}
static void
send_raw_data(int dns_fd, uint8_t *data, size_t datalen)
{
send_raw(dns_fd, data, datalen, userid, RAW_HDR_CMD_DATA);
}
static int
send_packet(int fd, char cmd, const uint8_t *data, const size_t datalen)
/* Base32 encodes data and sends as single DNS query
* Returns ID of sent query */
{
uint8_t buf[4096];
buf[0] = cmd;
build_hostname(buf, sizeof(buf), data, datalen, topdomain, b32, hostname_maxlen, 1);
return send_query(fd, buf);
}
int
send_ping(int fd, int ping_response, int ack, int set_timeout)
{
num_pings++;
if (conn == CONN_DNS_NULL) {
uint8_t data[11];
int id;
/* Build ping header (see doc/proto_xxxxxxxx.txt) */
data[0] = userid;
data[1] = ack & 0xFF;
if (outbuf && inbuf) {
data[2] = outbuf->windowsize & 0xff; /* Upstream window size */
data[3] = inbuf->windowsize & 0xff; /* Downstream window size */
data[4] = outbuf->start_seq_id & 0xff; /* Upstream window start */
data[5] = inbuf->start_seq_id & 0xff; /* Downstream window start */
}
*(uint16_t *) (data + 6) = htons(server_timeout_ms);
*(uint16_t *) (data + 8) = htons(downstream_timeout_ms);
/* update server frag/lazy timeout, ack flag, respond with ping flag */
data[10] = ((set_timeout & 1) << 4) | ((set_timeout & 1) << 3) | ((ack < 0 ? 0 : 1) << 2) | (ping_response & 1);
data[11] = (rand_seed >> 8) & 0xff;
data[12] = (rand_seed >> 0) & 0xff;
rand_seed += 263;
DEBUG(3, " SEND PING: respond %d, ack %d, %s(server %ld ms, downfrag %ld ms), flags %02X",
ping_response, ack, set_timeout ? "SET " : "", server_timeout_ms,
downstream_timeout_ms, data[8]);
id = send_packet(fd, 'p', data, sizeof(data));
/* Log query ID as being sent now */
query_sent_now(id);
return id;
} else {
send_raw(fd, NULL, 0, userid, RAW_HDR_CMD_PING);
return -1;
}
}
static void
send_next_frag(int fd)
/* Sends next available fragment of data from the outgoing window buffer */
{
static uint8_t buf[MAX_FRAGSIZE], hdr[5];
int code, id;
static int datacmc = 0;
static char *datacmcchars = "abcdefghijklmnopqrstuvwxyz0123456789";
fragment *f;
size_t buflen, len;
/* Get next fragment to send */
f = window_get_next_sending_fragment(outbuf, &next_downstream_ack);
if (!f) {
if (outbuf->numitems > 0) {
/* There is stuff to send but we're out of sync, so send a ping
* to get things back in order and keep the packets flowing */
send_ping(fd, 1, next_downstream_ack, 1);
next_downstream_ack = -1;
window_tick(outbuf);
}
return; /* nothing to send */
}
/* Build upstream data header (see doc/proto_xxxxxxxx.txt) */
buf[0] = userid_char; /* First byte is hex userid */
buf[1] = datacmcchars[datacmc]; /* Second byte is data-CMC */
/* Next 3 bytes is seq ID, downstream ACK and flags */
code = ((f->ack_other < 0 ? 0 : 1) << 3) | (f->compressed << 2)
| (f->start << 1) | f->end;
hdr[0] = f->seqID & 0xFF;
hdr[1] = f->ack_other & 0xFF;
hdr[2] = code << 4; /* Flags are in upper 4 bits - lower 4 unused */
buflen = sizeof(buf) - 1;
/* Encode 3 bytes data into 2 bytes after buf */
len = b32->encode(buf + 2, &buflen, hdr, 3);
if (len != 5)
warnx("mismatch in encoded upstream header length! expected 5, got %lu", len);
/* Encode data into buf after header (6 = user + CMC + 4 bytes header) */
build_hostname(buf, sizeof(buf), f->data, f->len, topdomain,
dataenc, hostname_maxlen, 6);
datacmc++;
if (datacmc >= 36)
datacmc = 0;
id = send_query(fd, buf);
/* Log query ID as being sent now */
query_sent_now(id);
window_tick(outbuf);
num_frags_sent++;
}
static void
write_dns_error(struct query *q, int ignore_some_errors)
/* This is called from:
1. handshake_waitdns() when already checked that reply fits to our
latest query.
2. tunnel_dns() when already checked that reply is for a ping or data
packet, but possibly timed out.
Errors should not be ignored, but too many can be annoying.
*/
{
static size_t errorcounts[24] = {0};
if (!q) return;
if (q->rcode < 24) {
errorcounts[q->rcode]++;
if (errorcounts[q->rcode] == 20) {
warnx("Too many error replies, not logging any more.");
return;
} else if (errorcounts[q->rcode] > 20) {
return;
}
}
switch (q->rcode) {
case NOERROR: /* 0 */
if (!ignore_some_errors)
warnx("Got reply without error, but also without question and/or answer");
break;
case FORMERR: /* 1 */
warnx("Got FORMERR as reply: server does not understand our request");
break;
case SERVFAIL: /* 2 */
if (!ignore_some_errors)
warnx("Got SERVFAIL as reply: server failed or recursion timeout");
break;
case NXDOMAIN: /* 3 */
warnx("Got NXDOMAIN as reply: domain does not exist");
break;
case NOTIMP: /* 4 */
warnx("Got NOTIMP as reply: server does not support our request");
break;
case REFUSED: /* 5 */
warnx("Got REFUSED as reply");
break;
default:
warnx("Got RCODE %u as reply", q->rcode);
break;
}
}
static size_t
dns_namedec(uint8_t *outdata, size_t outdatalen, uint8_t *buf, size_t buflen)
/* Decodes *buf to *outdata.
* *buf WILL be changed by undotify.
* Note: buflen must be _exactly_ strlen(buf) before undotifying.
* (undotify of reduced-len won't copy \0, base-X decode will decode too much.)
* Returns #bytes usefully filled in outdata.
*/
{
size_t outdatalenu = outdatalen;
switch (buf[0]) {
case 'h': /* Hostname with base32 */
case 'H':
/* Need 1 byte H, 3 bytes ".xy", >=1 byte data */
if (buflen < 5)
return 0;
/* this also does undotify */
return unpack_data(outdata, outdatalen, buf + 1, buflen - 4, b32);
case 'i': /* Hostname++ with base64 */
case 'I':
/* Need 1 byte I, 3 bytes ".xy", >=1 byte data */
if (buflen < 5)
return 0;
/* this also does undotify */
return unpack_data(outdata, outdatalen, buf + 1, buflen - 4, b64);
case 'j': /* Hostname++ with base64u */
case 'J':
/* Need 1 byte J, 3 bytes ".xy", >=1 byte data */
if (buflen < 5)
return 0;
/* this also does undotify */
return unpack_data(outdata, outdatalen, buf + 1, buflen - 4, b64u);
case 'k': /* Hostname++ with base128 */
case 'K':
/* Need 1 byte J, 3 bytes ".xy", >=1 byte data */
if (buflen < 5)
return 0;
/* this also does undotify */
return unpack_data(outdata, outdatalen, buf + 1, buflen - 4, b128);
case 't': /* plain base32(Thirty-two) from TXT */
case 'T':
if (buflen < 2)
return 0;
return b32->decode(outdata, &outdatalenu, buf + 1, buflen - 1);
case 's': /* plain base64(Sixty-four) from TXT */
case 'S':
if (buflen < 2)
return 0;
return b64->decode(outdata, &outdatalenu, buf + 1, buflen - 1);
case 'u': /* plain base64u (Underscore) from TXT */
case 'U':
if (buflen < 2)
return 0;
return b64u->decode(outdata, &outdatalenu, buf + 1, buflen - 1);
case 'v': /* plain base128 from TXT */
case 'V':
if (buflen < 2)
return 0;
return b128->decode(outdata, &outdatalenu, buf + 1, buflen - 1);
case 'r': /* Raw binary from TXT */
case 'R':
/* buflen>=1 already checked */
buflen--;
buflen = MIN(buflen, outdatalen);
memcpy(outdata, buf + 1, buflen);
return buflen;
default:
warnx("Received unsupported encoding");
return 0;
}
/* notreached */
return 0;
}
static int
read_dns_withq(int dns_fd, int tun_fd, uint8_t *buf, size_t buflen, struct query *q)
/* Returns -1 on receive error or decode error, including DNS error replies.
Returns 0 on replies that could be correct but are useless, and are not
DNS error replies.
Returns >0 on correct replies; value is #valid bytes in *buf.
*/
{
struct sockaddr_storage from;
uint8_t data[64*1024];
socklen_t addrlen;
int r;
addrlen = sizeof(from);
if ((r = recvfrom(dns_fd, data, sizeof(data), 0,
(struct sockaddr*)&from, &addrlen)) < 0) {
warn("recvfrom");
return -1;
}
if (conn == CONN_DNS_NULL) {
int rv;
if (r <= 0)
/* useless packet */
return 0;
rv = dns_decode((char *)buf, buflen, q, QR_ANSWER, (char *)data, r);
if (rv <= 0)
return rv;
if (q->type == T_CNAME || q->type == T_TXT)
/* CNAME can also be returned from an A question */
{
/*
* buf is a hostname or txt stream that we still need to
* decode to binary
*
* also update rv with the number of valid bytes
*
* data is unused here, and will certainly hold the smaller binary
*/
rv = dns_namedec(data, sizeof(data), buf, rv);
rv = MIN(rv, buflen);
if (rv > 0)
memcpy(buf, data, rv);
} else if (q->type == T_MX || q->type == T_SRV) {
/* buf is like "Hname.com\0Hanother.com\0\0" */
int buftotal = rv; /* idx of last \0 */
int bufoffset = 0;
int dataoffset = 0;
int thispartlen, dataspace, datanew;
while (1) {
thispartlen = strlen((char *)buf);
thispartlen = MIN(thispartlen, buftotal-bufoffset);
dataspace = sizeof(data) - dataoffset;
if (thispartlen <= 0 || dataspace <= 0)
break;
datanew = dns_namedec(data + dataoffset, dataspace,
buf + bufoffset, thispartlen);
if (datanew <= 0)
break;
bufoffset += thispartlen + 1;
dataoffset += datanew;
}
rv = dataoffset;
rv = MIN(rv, buflen);
if (rv > 0)
memcpy(buf, data, rv);
}
DEBUG(2, "RX: id %5d name[0]='%c'", q->id, q->name[0]);
return rv;
} else { /* CONN_RAW_UDP */
size_t datalen;
uint8_t buf[64*1024];
/* minimum length */
if (r < RAW_HDR_LEN)
return 0;
/* should start with header */
if (memcmp(data, raw_header, RAW_HDR_IDENT_LEN))
return 0;
/* should be my user id */
if (RAW_HDR_GET_USR(data) != userid)
return 0;
if (RAW_HDR_GET_CMD(data) == RAW_HDR_CMD_DATA ||
RAW_HDR_GET_CMD(data) == RAW_HDR_CMD_PING)
lastdownstreamtime = time(NULL);
/* should be data packet */
if (RAW_HDR_GET_CMD(data) != RAW_HDR_CMD_DATA)
return 0;
r -= RAW_HDR_LEN;
datalen = sizeof(buf);
if (uncompress(buf, &datalen, data + RAW_HDR_LEN, r) == Z_OK) {
write_tun(tun_fd, buf, datalen);
}
/* all done */
return 0;
}
}
int
handshake_waitdns(int dns_fd, char *buf, size_t buflen, char cmd, int timeout)
/* Wait for DNS reply fitting to our latest query and returns it.
Returns length of reply = #bytes used in buf.
Returns 0 if fitting reply happens to be useless.
Returns -2 on (at least) DNS error that fits to our latest query,
error message already printed.
Returns -3 on timeout (given in seconds).
Returns -1 on other errors.
Timeout is restarted when "wrong" (previous/delayed) replies are received,
so effective timeout may be longer than specified.
*/
{
struct query q;
int r, rv;
fd_set fds;
struct timeval tv;
char qcmd;
cmd = toupper(cmd);
while (1) {
tv.tv_sec = timeout;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if (r < 0)
return -1; /* select error */
if (r == 0)
return -3; /* select timeout */
q.id = -1;
q.name[0] = '\0';
rv = read_dns_withq(dns_fd, 0, (uint8_t *)buf, buflen, &q);
qcmd = toupper(q.name[0]);
if (q.id != chunkid || qcmd != cmd) {
DEBUG(1, "Ignoring unfitting reply id %d starting with '%c'", q.id, q.name[0]);
continue;
}
/* if still here: reply matches our latest query */
/* Non-recursive DNS servers (such as [a-m].root-servers.net)
return no answer, but only additional and authority records.
Can't explicitly test for that here, just assume that
NOERROR is such situation. Only trigger on the very first
requests (Y or V, depending if -T given).
*/
if (rv < 0 && q.rcode == NOERROR &&
(q.name[0] == 'Y' || q.name[0] == 'y' ||
q.name[0] == 'V' || q.name[0] == 'v')) {
fprintf(stderr, "Got empty reply. This nameserver may not be resolving recursively, use another.\n");
fprintf(stderr, "Try \"iodine [options] ns.%s %s\" first, it might just work.\n",
topdomain, topdomain);
return -2;
}
/* If we get an immediate SERVFAIL on the handshake query
we're waiting for, wait a while before sending the next.
SERVFAIL reliably happens during fragsize autoprobe, but
mostly long after we've moved along to some other queries.
However, some DNS relays, once they throw a SERVFAIL, will
for several seconds apply it immediately to _any_ new query
for the same topdomain. When this happens, waiting a while
is the only option that works.
*/
if (rv < 0 && q.rcode == SERVFAIL)
sleep(1);
if (rv < 0) {
write_dns_error(&q, 1);
return -2;
}
/* rv either 0 or >0, return it as is. */
return rv;
}
/* not reached */
return -1;
}
int
parse_data(uint8_t *data, size_t len, fragment *f, int *immediate)
{
size_t headerlen = DOWNSTREAM_HDR;
int ping;
memset(f, 0, sizeof(fragment));
f->seqID = data[0];
/* Flags */
f->end = data[2] & 1;
f->start = (data[2] >> 1) & 1;
f->compressed = (data[2] >> 2) & 1;
f->ack_other = (data[2] >> 3) & 1 ? data[1] : -1;
ping = (data[2] >> 4) & 1;
if (immediate)
*immediate = (data[2] >> 5) & 1;
if (ping) { /* Handle ping stuff */
static unsigned dn_start_seq, up_start_seq, dn_wsize, up_wsize;
headerlen = DOWNSTREAM_PING_HDR;
if (len < headerlen) return -1; /* invalid packet - continue */
/* Parse data/ping header */
dn_wsize = data[3];
up_wsize = data[4];
dn_start_seq = data[5];
up_start_seq = data[6];
DEBUG(3, "PING pkt data=%lu WS: up=%u, dn=%u; Start: up=%u, dn=%u",
len - headerlen, up_wsize, dn_wsize, up_start_seq, dn_start_seq);
}
f->len = len - headerlen;
if (f->len > 0)
memcpy(f->data, data + headerlen, MIN(f->len, sizeof(f->data)));
return ping; /* return ping flag (if corresponding query was a ping) */
}
static int
tunnel_tun(int tun_fd, int dns_fd)
{
size_t datalen;
uint8_t out[64*1024];
uint8_t in[64*1024];
uint8_t *data;
ssize_t read;
if ((read = read_tun(tun_fd, in, sizeof(in))) <= 0)
return -1;
/* Check if outgoing buffer can hold data */
if (window_buffer_available(outbuf) < (read / MAX_FRAGSIZE) + 1) {
DEBUG(1, " Outgoing buffer full (%lu/%lu), not adding data!",
outbuf->numitems, outbuf->length);
return -1;
}
DEBUG(2, " IN: %lu bytes on tunnel, compression %d", read, compression_up);
if (conn != CONN_DNS_NULL || compression_up) {
datalen = sizeof(out);
compress2(out, &datalen, in, read, 9);
data = out;
} else {
datalen = read;
data = in;
}
if (conn == CONN_DNS_NULL) {
window_add_outgoing_data(outbuf, data, datalen, compression_up);
/* Don't send anything here to respect min. send interval */
} else {
send_raw_data(dns_fd, data, datalen);
}
return read;
}
static int
tunnel_dns(int tun_fd, int dns_fd)
{
struct query q;
size_t datalen, buflen;
uint8_t buf[64*1024], cbuf[64*1024], *data;
fragment f;
int read, compressed, res, immediate;
memset(&q, 0, sizeof(q));
memset(buf, 0, sizeof(buf));
memset(cbuf, 0, sizeof(cbuf));
read = read_dns_withq(dns_fd, tun_fd, cbuf, sizeof(cbuf), &q);
if (conn != CONN_DNS_NULL)
return 1; /* everything already done */
/* Don't process anything that isn't data for us; usually error
replies from fragsize probes etc. However a sequence of those,
mostly 1 sec apart, will continuously break the >=2-second select
timeout, which means we won't send a proper ping for a while.
So make select a bit faster, <1sec. */
if (q.name[0] != 'P' && q.name[0] != 'p' &&
q.name[0] != userid_char && q.name[0] != userid_char2) {
send_ping_soon = 700;
got_response(q.id, 0, 0);
return -1; /* nothing done */
}
if (read < DOWNSTREAM_HDR) {
/* Maybe SERVFAIL etc. Send ping to get things back in order,
but wait a bit to prevent fast ping-pong loops.
Only change options if user hasn't specified server timeout */
if (read < 0)
write_dns_error(&q, 0);
if (q.rcode == SERVFAIL && read < 0) {
num_servfail++;
if (lazymode) {
if (send_query_recvcnt < 500 && num_servfail < 4) {
fprintf(stderr, "Hmm, that's %ld SERVFAILs. Your data should still go through...\n", num_servfail);
} else if (send_query_recvcnt < 500 && num_servfail >= 10 &&
autodetect_server_timeout && max_timeout_ms >= 500 && num_servfail % 5 == 0) {
max_timeout_ms -= 200;
double target_timeout = (float) max_timeout_ms / 1000.0;
fprintf(stderr, "Too many SERVFAILs (%ld), reducing timeout to"
" %.1f secs. (use -I%.1f next time on this network)\n",
num_servfail, target_timeout, target_timeout);
/* Reset query counts stats */
send_query_sendcnt = 0;
send_query_recvcnt = 0;
update_server_timeout(dns_fd, 1);
} else if (send_query_recvcnt < 500 && num_servfail >= 40 &&
autodetect_server_timeout && max_timeout_ms < 500) {
/* last-ditch attempt to fix SERVFAILs - disable lazy mode */
immediate_mode_defaults();
fprintf(stderr, "Attempting to disable lazy mode due to excessive SERVFAILs\n");
handshake_switch_options(dns_fd, 0, compression_down, downenc);
}
}
}
send_ping_soon = 900;
/* Mark query as received */
got_response(q.id, 0, 1);
return -1; /* nothing done */
}
send_query_recvcnt++; /* unlikely we will ever overflow (2^64 queries is a LOT) */
if (read == 5 && !strncmp("BADIP", (char *)cbuf, 5)) {
num_badip++;
if (num_badip % 5 == 1) {
fprintf(stderr, "BADIP (%ld): Server rejected sender IP address (maybe iodined -c will help), or server "
"kicked us due to timeout. Will exit if no downstream data is received in 60 seconds.\n", num_badip);
}
return -1; /* nothing done */
}
/* Okay, we have a recent downstream packet */
lastdownstreamtime = time(NULL);
num_recv++;
/* Decode the downstream data header and fragment-ify ready for processing */
res = parse_data(cbuf, read, &f, &immediate);
/* Mark query as received */
got_response(q.id, immediate, 0);
if ((debug >= 3 && res) || (debug >= 2 && !res))
fprintf(stderr, " RX %s; frag ID %3u, ACK %3d, compression %d, datalen %lu, s%d e%d\n",
res ? "PING" : "DATA", f.seqID, f.ack_other, f.compressed, f.len, f.start, f.end);
window_ack(outbuf, f.ack_other);
window_tick(outbuf);
/* In lazy mode, we shouldn't get immediate replies to our most-recent
query, only during heavy data transfer. Since this means the server
doesn't have any packets to send, send one relatively fast (but not
too fast, to avoid runaway ping-pong loops..) */
/* Don't send anything too soon; no data waiting from server */
if (f.len == 0) {
if (!res)
DEBUG(1, "[WARNING] Received downstream data fragment with 0 length and NOT a ping!");
if (!lazymode)
send_ping_soon = 100;
else
send_ping_soon = 700;
return -1;
}
/* Get next ACK if nothing already pending: if we get a new ack
* then we must send it immediately. */
if (next_downstream_ack >= 0) {
/* If this happens something is wrong (or last frag was a re-send)
* May result in ACKs being delayed. */
DEBUG(1, "next_downstream_ack NOT -1! (%d), %u resends, %u oos", next_downstream_ack, outbuf->resends, outbuf->oos);
}
/* Downstream data traffic + ack data fragment */
next_downstream_ack = f.seqID;
window_process_incoming_fragment(inbuf, &f);
num_frags_recv++;
datalen = window_reassemble_data(inbuf, cbuf, sizeof(cbuf), &compressed);
if (datalen > 0) {
if (compressed) {
buflen = sizeof(buf);
if ((res = uncompress(buf, &buflen, cbuf, datalen)) != Z_OK) {
DEBUG(1, "Uncompress failed (%d) for data len %lu: reassembled data corrupted or incomplete!", res, datalen);
datalen = 0;
} else {
datalen = buflen;
}
data = buf;
} else {
data = cbuf;
}
if (datalen)
write_tun(tun_fd, data, datalen);
}
/* Move window along after doing all data processing */
window_tick(inbuf);
return read;
}
int
client_tunnel(int tun_fd, int dns_fd)
{
struct timeval tv;
fd_set fds;
int rv;
int i;
int sending, total;
time_t last_stats;
size_t sent_since_report, recv_since_report;
connected = 1;
/* start counting now */
rv = 0;
lastdownstreamtime = time(NULL);
last_stats = time(NULL);
/* reset connection statistics */
num_badip = 0;
num_servfail = 0;
num_timeouts = 0;
send_query_recvcnt = 0;
send_query_sendcnt = 0;
num_sent = 0;
num_recv = 0;
num_frags_sent = 0;
num_frags_recv = 0;
num_pings = 0;
sent_since_report = 0;
recv_since_report = 0;
if (debug >= 5)
window_debug = debug - 3;
while (running) {
tv = ms_to_timeval(max_timeout_ms);
/* TODO: detect DNS servers which drop frequent requests
* TODO: adjust number of pending queries based on current data rate */
sending = window_sending(outbuf);
total = sending;
check_pending_queries();
if (num_pending < windowsize_down && lazymode)
total = MAX(total, windowsize_down - num_pending);
else if (num_pending < 1 && !lazymode)
total = MAX(total, 1);
if (sending > 0 || total > 0 || next_downstream_ack >= 0) {
/* Upstream traffic - this is where all ping/data queries are sent */
if (sending > 0) {
/* More to send - next fragment */
send_next_frag(dns_fd);
} else {
/* Send ping if we didn't send anything yet */
send_ping(dns_fd, 0, next_downstream_ack, (num_pings > 20 && num_pings % 50 == 0));
next_downstream_ack = -1;
}
sending--;
total--;
QTRACK_DEBUG(3, "Sent a query to fill server lazy buffer to %lu, will send another %d",
lazymode ? windowsize_down : 1, total);
if (sending > 0 || (total > 0 && lazymode)) {
tv = ms_to_timeval(min_send_interval_ms);
tv.tv_usec += 1;
} else if (total > 0 && !lazymode) {
/* use immediate mode send interval if nothing pending */
tv = ms_to_timeval(send_interval_ms);
}
send_ping_soon = 0;
}
if (stats) {
if (difftime(time(NULL), last_stats) >= stats) {
/* print useful statistics report */
fprintf(stderr, "\n============ iodine connection statistics (user %1d) ============\n", userid);
fprintf(stderr, " Queries sent: %8lu" ", answered: %8lu" ", SERVFAILs: %4lu\n",
num_sent, num_recv, num_servfail);
fprintf(stderr, " last %3d secs: %7lu" " (%4lu/s), replies: %7lu" " (%4lu/s)\n",
stats, num_sent - sent_since_report, (num_sent - sent_since_report) / stats,
num_recv - recv_since_report, (num_recv - recv_since_report) / stats);
fprintf(stderr, " num IP rejected: %4lu, untracked: %4lu, lazy mode: %1d\n",
num_badip, num_untracked, lazymode);
fprintf(stderr, " Min send: %5ld ms, Avg RTT: %5ld ms Timeout server: %4ld ms\n",
min_send_interval_ms, rtt_total_ms / num_immediate, server_timeout_ms);
fprintf(stderr, " Queries immediate: %5lu, timed out: %4lu target: %4ld ms\n",
num_immediate, num_timeouts, max_timeout_ms);
fprintf(stderr, " Frags resent: %4u, OOS: %4u down frag: %4ld ms\n",
outbuf->resends, inbuf->oos, downstream_timeout_ms);
fprintf(stderr, " TX fragments: %8lu" ", RX: %8lu" ", pings: %8lu" "\n\n",
num_frags_sent, num_frags_recv, num_pings);
/* update since-last-report stats */
sent_since_report = num_sent;
recv_since_report = num_recv;
last_stats = time(NULL);
}
}
if (send_ping_soon) {
tv.tv_sec = 0;
tv.tv_usec = send_ping_soon * 1000;
}
FD_ZERO(&fds);
if (window_buffer_available(outbuf) > 16) {
/* Fill up outgoing buffer with available data
* The windowing protocol manages data retransmits, timeouts etc. */
FD_SET(tun_fd, &fds);
}
FD_SET(dns_fd, &fds);
DEBUG(4, "Waiting %ld ms before sending more...", timeval_to_ms(&tv));
i = select(MAX(tun_fd, dns_fd) + 1, &fds, NULL, NULL, &tv);
if (difftime(time(NULL), lastdownstreamtime) > 60) {
fprintf(stderr, "No downstream data received in 60 seconds, shutting down.\n");
running = 0;
}
if (running == 0)
break;
if (i < 0)
err(1, "select < 0");
if (i == 0) {
/* TODO check number of timeouts and do something about it */
} else {
if (FD_ISSET(tun_fd, &fds)) {
if (tunnel_tun(tun_fd, dns_fd) <= 0)
continue;
/* Returns -1 on error OR when quickly
dropping data in case of DNS congestion;
we need to _not_ do tunnel_dns() then.
If chunk sent, sets send_ping_soon=0. */
}
if (FD_ISSET(dns_fd, &fds)) {
tunnel_dns(tun_fd, dns_fd);
}
}
}
return rv;
}
static void
send_login(int fd, char *login, int len)
{
uint8_t data[19];
memset(data, 0, sizeof(data));
data[0] = userid;
memcpy(&data[1], login, MIN(len, 16));
data[17] = (rand_seed >> 8) & 0xff;
data[18] = (rand_seed >> 0) & 0xff;
rand_seed++;
send_packet(fd, 'l', data, sizeof(data));
}
static void
send_fragsize_probe(int fd, uint16_t fragsize)
{
uint8_t probedata[256];
uint8_t buf[MAX_FRAGSIZE];
uint8_t hdr[3];
size_t hdr_len_enc = 6;
buf[0] = 'r'; /* Probe downstream fragsize packet */
hdr[0] = userid;
*(uint16_t *) (hdr + 1) = htons(fragsize);
b32->encode(buf + 1, &hdr_len_enc, hdr, 3);
/* build a large query domain which is random and maximum size,
* will also take up maximum space in the return packet */
memset(probedata, MAX(1, rand_seed & 0xff), sizeof(probedata));
probedata[1] = MAX(1, (rand_seed >> 8) & 0xff);
rand_seed++;
/* Note: must either be same, or larger, than send_chunk() */
build_hostname(buf, sizeof(buf), probedata, sizeof(probedata), topdomain,
dataenc, hostname_maxlen, 6);
send_query(fd, buf);
}
static void
send_set_downstream_fragsize(int fd, uint16_t fragsize)
{
uint8_t data[5];
data[0] = userid;
*(uint16_t *) (data + 1) = htons(fragsize);
data[3] = (rand_seed >> 8) & 0xff;
data[4] = (rand_seed >> 0) & 0xff;
rand_seed++;
send_packet(fd, 'n', data, sizeof(data));
}
static void
send_version(int fd, uint32_t version)
{
uint8_t data[6];
version = htonl(version);
*(uint32_t *) data = version;
data[4] = (rand_seed >> 8) & 0xff;
data[5] = (rand_seed >> 0) & 0xff;
rand_seed++;
send_packet(fd, 'v', data, sizeof(data));
}
static void
send_ip_request(int fd, int userid)
{
uint8_t buf[512] = "i____.";
buf[1] = b32_5to8(userid);
buf[2] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[3] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[4] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat((char *)buf, topdomain, 512 - strlen((char *)buf));
send_query(fd, buf);
}
static void
send_raw_udp_login(int dns_fd, int userid, int seed)
{
char buf[16];
login_calculate(buf, 16, password, seed + 1);
send_raw(dns_fd, (uint8_t *) buf, sizeof(buf), userid, RAW_HDR_CMD_LOGIN);
}
static void
send_upenctest(int fd, char *s)
/* NOTE: String may be at most 63-4=59 chars to fit in 1 dns chunk. */
{
char buf[512] = "z___";
buf[1] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[2] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[3] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat(buf, s, 512 - strlen(buf));
strncat(buf, ".", 512 - strlen(buf));
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, (uint8_t *)buf);
}
static void
send_downenctest(int fd, char downenc, int variant, char *s, int slen)
/* Note: content/handling of s is not defined yet. */
{
char buf[512] = "y_____.";
buf[1] = tolower(downenc);
buf[2] = b32_5to8(variant);
buf[3] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[4] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[5] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, (uint8_t *)buf);
}
static void
send_codec_switch(int fd, int userid, int bits)
{
char buf[512] = "s_____.";
buf[1] = b32_5to8(userid);
buf[2] = b32_5to8(bits);
buf[3] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[4] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[5] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, (uint8_t *)buf);
}
static void
send_server_options(int fd, int userid, int lazy, int compression, char denc, char *options)
/* Options must be length >=4 */
{
char buf[512] = "oU3___CMC.";
buf[1] = b32_5to8(userid);
options[0] = tolower(denc);
options[1] = lazy ? 'l' : 'i';
options[2] = compression ? 'c' : 'd';
options[3] = 0;
strncpy(buf + 3, options, 3);
buf[6] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[7] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[8] = b32_5to8((rand_seed) & 0x1f);
rand_seed++;
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, (uint8_t *)buf);
}
static int
handshake_version(int dns_fd, int *seed)
{
char hex[] = "0123456789abcdef";
char hex2[] = "0123456789ABCDEF";
char in[4096];
uint32_t payload;
int i;
int read;
for (i = 0; running && i < 5; i++) {
send_version(dns_fd, PROTOCOL_VERSION);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'V', i+1);
if (read >= 9) {
payload = (((in[4] & 0xff) << 24) |
((in[5] & 0xff) << 16) |
((in[6] & 0xff) << 8) |
((in[7] & 0xff)));
if (strncmp("VACK", (char *)in, 4) == 0) {
*seed = payload;
userid = in[8];
userid_char = hex[userid & 15];
userid_char2 = hex2[userid & 15];
fprintf(stderr, "Version ok, both using protocol v 0x%08x. You are user #%d\n",
PROTOCOL_VERSION, userid);
return 0;
} else if (strncmp("VNAK", (char *)in, 4) == 0) {
warnx("You use protocol v 0x%08x, server uses v 0x%08x. Giving up",
PROTOCOL_VERSION, payload);
return 1;
} else if (strncmp("VFUL", (char *)in, 4) == 0) {
warnx("Server full, all %d slots are taken. Try again later", payload);
return 1;
}
} else if (read > 0)
warnx("did not receive proper login challenge");
fprintf(stderr, "Retrying version check...\n");
}
warnx("couldn't connect to server (maybe other -T options will work)");
return 1;
}
static int
handshake_login(int dns_fd, int seed)
{
char in[4096];
char login[16];
char server[65];
char client[65];
int mtu;
int i;
int read;
login_calculate(login, 16, password, seed);
for (i=0; running && i<5 ;i++) {
send_login(dns_fd, login, 16);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'L', i+1);
if (read > 0) {
int netmask;
if (strncmp("LNAK", in, 4) == 0) {
fprintf(stderr, "Bad password\n");
return 1;
} else if (sscanf(in, "%64[^-]-%64[^-]-%d-%d",
server, client, &mtu, &netmask) == 4) {
server[64] = 0;
client[64] = 0;
if (tun_setip(client, server, netmask) == 0 &&
tun_setmtu(mtu) == 0) {
fprintf(stderr, "Server tunnel IP is %s\n", server);
return 0;
} else {
errx(4, "Failed to set IP and MTU");
}
} else {
fprintf(stderr, "Received bad handshake\n");
}
}
fprintf(stderr, "Retrying login...\n");
}
warnx("couldn't login to server");
return 1;
}
static int
handshake_raw_udp(int dns_fd, int seed)
{
struct timeval tv;
char in[4096];
fd_set fds;
int i;
int r;
int len;
int got_addr;
memset(&raw_serv, 0, sizeof(raw_serv));
got_addr = 0;
fprintf(stderr, "Testing raw UDP data to the server (skip with -r)");
for (i=0; running && i<3 ;i++) {
send_ip_request(dns_fd, userid);
len = handshake_waitdns(dns_fd, in, sizeof(in), 'I', i+1);
if (len == 5 && in[0] == 'I') {
/* Received IPv4 address */
struct sockaddr_in *raw4_serv = (struct sockaddr_in *) &raw_serv;
raw4_serv->sin_family = AF_INET;
memcpy(&raw4_serv->sin_addr, &in[1], sizeof(struct in_addr));
raw4_serv->sin_port = htons(53);
raw_serv_len = sizeof(struct sockaddr_in);
got_addr = 1;
break;
}
if (len == 17 && in[0] == 'I') {
/* Received IPv6 address */
struct sockaddr_in6 *raw6_serv = (struct sockaddr_in6 *) &raw_serv;
raw6_serv->sin6_family = AF_INET6;
memcpy(&raw6_serv->sin6_addr, &in[1], sizeof(struct in6_addr));
raw6_serv->sin6_port = htons(53);
raw_serv_len = sizeof(struct sockaddr_in6);
got_addr = 1;
break;
}
fprintf(stderr, ".");
fflush(stderr);
}
fprintf(stderr, "\n");
if (!running)
return 0;
if (!got_addr) {
fprintf(stderr, "Failed to get raw server IP, will use DNS mode.\n");
return 0;
}
fprintf(stderr, "Server is at %s, trying raw login: ", format_addr(&raw_serv, raw_serv_len));
fflush(stderr);
/* do login against port 53 on remote server
* based on the old seed. If reply received,
* switch to raw udp mode */
for (i=0; running && i<4 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
send_raw_udp_login(dns_fd, userid, seed);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
/* recv() needed for windows, dont change to read() */
len = recv(dns_fd, in, sizeof(in), 0);
if (len >= (16 + RAW_HDR_LEN)) {
char hash[16];
login_calculate(hash, 16, password, seed - 1);
if (memcmp(in, raw_header, RAW_HDR_IDENT_LEN) == 0
&& RAW_HDR_GET_CMD(in) == RAW_HDR_CMD_LOGIN
&& memcmp(&in[RAW_HDR_LEN], hash, sizeof(hash)) == 0) {
fprintf(stderr, "OK\n");
return 1;
}
}
}
fprintf(stderr, ".");
fflush(stderr);
}
fprintf(stderr, "failed\n");
return 0;
}
static int
handshake_upenctest(int dns_fd, char *s)
/* NOTE: *s may be max 59 chars; must start with "aA" for case-swap check
Returns:
-1: case swap, no need for any further test: error printed; or Ctrl-C
0: not identical or error or timeout
1: identical string returned
*/
{
char in[4096];
unsigned char *uin = (unsigned char *) in;
unsigned char *us = (unsigned char *) s;
int i;
int read;
int slen;
slen = strlen(s);
for (i=0; running && i<3 ;i++) {
send_upenctest(dns_fd, s);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'Z', i+1);
if (read == -2)
return 0; /* hard error */
if (read > 0 && read < slen + 4)
return 0; /* reply too short (chars dropped) */
if (read > 0) {
int k;
/* quick check if case swapped, to give informative error msg */
if (in[4] == 'A') {
fprintf(stderr, "DNS queries get changed to uppercase, keeping upstream codec Base32\n");
return -1;
}
if (in[5] == 'a') {
fprintf(stderr, "DNS queries get changed to lowercase, keeping upstream codec Base32\n");
return -1;
}
for (k = 0; k < slen; k++) {
if (in[k+4] != s[k]) {
/* Definitely not reliable */
if (in[k+4] >= ' ' && in[k+4] <= '~' &&
s[k] >= ' ' && s[k] <= '~') {
fprintf(stderr, "DNS query char '%c' gets changed into '%c'\n",
s[k], in[k+4]);
} else {
fprintf(stderr, "DNS query char 0x%02X gets changed into 0x%02X\n",
(unsigned int) us[k],
(unsigned int) uin[k+4]);
}
return 0;
}
}
/* if still here, then all okay */
return 1;
}
fprintf(stderr, "Retrying upstream codec test...\n");
}
if (!running)
return -1;
/* timeout */
return 0;
}
static int
handshake_upenc_autodetect(int dns_fd)
/* Returns:
0: keep Base32
1: Base64 is okay
2: Base64u is okay
3: Base128 is okay
*/
{
/* Note: max 59 chars, must start with "aA".
pat64: If 0129 work, assume 3-8 are okay too.
RFC1035 par 2.3.1 states that [A-Z0-9-] allowed, but only
[A-Z] as first, and [A-Z0-9] as last char _per label_.
Test by having '-' as last char.
*/
char *pat64="aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ+0129-";
char *pat64u="aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ_0129-";
char *pat128a="aA-Aaahhh-Drink-mal-ein-J\344germeister-";
char *pat128b="aA-La-fl\373te-na\357ve-fran\347aise-est-retir\351-\340-Cr\350te";
char *pat128c="aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ";
char *pat128d="aA0123456789\274\275\276\277"
"\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317";
char *pat128e="aA"
"\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337"
"\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357"
"\360\361\362\363\364\365\366\367\370\371\372\373\374\375";
int res;
/* Try Base128, starting very gently to not draw attention */
while (1) {
res = handshake_upenctest(dns_fd, pat128a);
if (res < 0) {
/* DNS swaps case, msg already printed; or Ctrl-C */
return 0;
} else if (res == 0) {
/* Probably not okay, skip Base128 entirely */
break;
}
res = handshake_upenctest(dns_fd, pat128b);
if (res < 0)
return 0;
else if (res == 0)
break;
/* if this works, we can test the real stuff */
res = handshake_upenctest(dns_fd, pat128c);
if (res < 0)
return 0;
else if (res == 0)
break;
res = handshake_upenctest(dns_fd, pat128d);
if (res < 0)
return 0;
else if (res == 0)
break;
res = handshake_upenctest(dns_fd, pat128e);
if (res < 0)
return 0;
else if (res == 0)
break;
/* if still here, then base128 works completely */
return 3;
}
/* Try Base64 (with plus sign) */
res = handshake_upenctest(dns_fd, pat64);
if (res < 0) {
/* DNS swaps case, msg already printed; or Ctrl-C */
return 0;
} else if (res > 0) {
/* All okay, Base64 msg will be printed later */
return 1;
}
/* Try Base64u (with _u_nderscore) */
res = handshake_upenctest(dns_fd, pat64u);
if (res < 0) {
/* DNS swaps case, msg already printed; or Ctrl-C */
return 0;
} else if (res > 0) {
/* All okay, Base64u msg will be printed later */
return 2;
}
/* if here, then nonthing worked */
fprintf(stderr, "Keeping upstream codec Base32\n");
return 0;
}
static int
handshake_downenctest(int dns_fd, char trycodec)
/* Returns:
0: not identical or error or timeout
1: identical string returned
*/
{
char in[4096];
int i;
int read;
char *s = DOWNCODECCHECK1;
int slen = DOWNCODECCHECK1_LEN;
for (i=0; running && i<3 ;i++) {
send_downenctest(dns_fd, trycodec, 1, NULL, 0);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'Y', i+1);
if (read == -2)
return 0; /* hard error */
if (read > 0 && read != slen)
return 0; /* reply incorrect = unreliable */
if (read > 0) {
int k;
for (k = 0; k < slen; k++) {
if (in[k] != s[k]) {
/* Definitely not reliable */
return 0;
}
}
/* if still here, then all okay */
return 1;
}
fprintf(stderr, "Retrying downstream codec test...\n");
}
/* timeout */
return 0;
}
static char
handshake_downenc_autodetect(int dns_fd)
/* Returns codec char (or ' ' if no advanced codec works) */
{
int base64ok = 0;
int base64uok = 0;
int base128ok = 0;
if (do_qtype == T_NULL || do_qtype == T_PRIVATE) {
/* no other choice than raw */
fprintf(stderr, "No alternative downstream codec available, using default (Raw)\n");
return 'R';
}
fprintf(stderr, "Autodetecting downstream codec (use -O to override)\n");
/* Try Base64 */
if (handshake_downenctest(dns_fd, 'S'))
base64ok = 1;
else if (running && handshake_downenctest(dns_fd, 'U'))
base64uok = 1;
/* Try Base128 only if 64 gives us some perspective */
if (running && (base64ok || base64uok)) {
if (handshake_downenctest(dns_fd, 'V'))
base128ok = 1;
}
/* If 128 works, then TXT may give us Raw as well */
if (running && (base128ok && do_qtype == T_TXT)) {
if (handshake_downenctest(dns_fd, 'R'))
return 'R';
}
if (!running)
return ' ';
if (base128ok)
return 'V';
if (base64ok)
return 'S';
if (base64uok)
return 'U';
fprintf(stderr, "No advanced downstream codecs seem to work, using default (Base32)\n");
return ' ';
}
static int
handshake_qtypetest(int dns_fd, int timeout)
/* Returns:
0: doesn't work with this timeout
1: works properly
*/
{
char in[4096];
int read;
char *s = DOWNCODECCHECK1;
int slen = DOWNCODECCHECK1_LEN;
int trycodec;
int k;
if (do_qtype == T_NULL || do_qtype == T_PRIVATE)
trycodec = 'R';
else
trycodec = 'T';
/* We could use 'Z' bouncing here, but 'Y' also tests that 0-255
byte values can be returned, which is needed for NULL/PRIVATE
to work. */
send_downenctest(dns_fd, trycodec, 1, NULL, 0);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'Y', timeout);
if (read != slen)
return 0; /* incorrect */
for (k = 0; k < slen; k++) {
if (in[k] != s[k]) {
/* corrupted */
return 0;
}
}
/* if still here, then all okay */
return 1;
}
static int
handshake_qtype_numcvt(int num)
{
switch (num) {
case 0: return T_NULL;
case 1: return T_PRIVATE;
case 2: return T_TXT;
case 3: return T_SRV;
case 4: return T_MX;
case 5: return T_CNAME;
case 6: return T_A;
}
return T_UNSET;
}
static int
handshake_qtype_autodetect(int dns_fd)
/* Returns:
0: okay, do_qtype set
1: problem, program exit
*/
{
int highestworking = 100;
int timeout;
int qtypenum;
fprintf(stderr, "Autodetecting DNS query type (use -T to override)");
fflush(stderr);
/* Method: try all "interesting" qtypes with a 1-sec timeout, then try
all "still-interesting" qtypes with a 2-sec timeout, etc.
"Interesting" means: qtypes that (are expected to) have higher
bandwidth than what we know is working already (highestworking).
Note that DNS relays may not immediately resolve the first (NULL)
query in 1 sec, due to long recursive lookups, so we keep trying
to see if things will start working after a while.
*/
for (timeout = 1; running && timeout <= 3; timeout++) {
for (qtypenum = 0; running && qtypenum < highestworking; qtypenum++) {
do_qtype = handshake_qtype_numcvt(qtypenum);
if (do_qtype == T_UNSET)
break; /* this round finished */
fprintf(stderr, ".");
fflush(stderr);
if (handshake_qtypetest(dns_fd, timeout)) {
/* okay */
highestworking = qtypenum;
DEBUG(1, " Type %s timeout %d works", client_get_qtype(), timeout);
break;
/* try others with longer timeout */
}
/* else: try next qtype with same timeout */
}
if (highestworking == 0)
/* good, we have NULL; abort immediately */
break;
}
fprintf(stderr, "\n");
if (!running) {
warnx("Stopped while autodetecting DNS query type (try setting manually with -T)");
return 1; /* problem */
}
/* finished */
do_qtype = handshake_qtype_numcvt(highestworking);
if (do_qtype == T_UNSET) {
/* also catches highestworking still 100 */
warnx("No suitable DNS query type found. Are you connected to a network?");
warnx("If you expect very long roundtrip delays, use -T explicitly.");
warnx("(Also, connecting to an \"ancient\" version of iodined won't work.)");
return 1; /* problem */
}
/* "using qtype" message printed in handshake function */
return 0; /* okay */
}
static int
handshake_edns0_check(int dns_fd)
/* Returns:
0: EDNS0 not supported; or Ctrl-C
1: EDNS0 works
*/
{
char in[4096];
int i;
int read;
char *s = DOWNCODECCHECK1;
int slen = DOWNCODECCHECK1_LEN;
char trycodec;
if (do_qtype == T_NULL)
trycodec = 'R';
else
trycodec = 'T';
for (i=0; running && i<3 ;i++) {
send_downenctest(dns_fd, trycodec, 1, NULL, 0);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'Y', i+1);
if (read == -2)
return 0; /* hard error */
if (read > 0 && read != slen)
return 0; /* reply incorrect = unreliable */
if (read > 0) {
int k;
for (k = 0; k < slen; k++) {
if (in[k] != s[k]) {
/* Definitely not reliable */
return 0;
}
}
/* if still here, then all okay */
return 1;
}
fprintf(stderr, "Retrying EDNS0 support test...\n");
}
/* timeout or Ctrl-C */
return 0;
}
static void
handshake_switch_codec(int dns_fd, int bits)
{
char in[4096];
int i;
int read;
struct encoder *tempenc;
if (bits == 5)
tempenc = get_base32_encoder();
else if (bits == 6)
tempenc = get_base64_encoder();
else if (bits == 26) /* "2nd" 6 bits per byte, with underscore */
tempenc = get_base64u_encoder();
else if (bits == 7)
tempenc = get_base128_encoder();
else return;
fprintf(stderr, "Switching upstream to codec %s\n", tempenc->name);
for (i=0; running && i<5 ;i++) {
send_codec_switch(dns_fd, userid, bits);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'S', i+1);
if (read > 0) {
if (strncmp("BADLEN", in, 6) == 0) {
fprintf(stderr, "Server got bad message length.\n");
goto codec_revert;
} else if (strncmp("BADIP", in, 5) == 0) {
fprintf(stderr, "Server rejected sender IP address.\n");
goto codec_revert;
} else if (strncmp("BADCODEC", in, 8) == 0) {
fprintf(stderr, "Server rejected the selected codec.\n");
goto codec_revert;
}
in[read] = 0; /* zero terminate */
fprintf(stderr, "Server switched upstream to codec %s\n", in);
dataenc = tempenc;
/* Update outgoing buffer max (decoded) fragsize */
maxfragsize_up = get_raw_length_from_dns(hostname_maxlen - UPSTREAM_HDR, dataenc, topdomain);
return;
}
fprintf(stderr, "Retrying codec switch...\n");
}
if (!running)
return;
fprintf(stderr, "No reply from server on codec switch.\n");
codec_revert:
fprintf(stderr, "Falling back to upstream codec %s\n", dataenc->name);
}
void
handshake_switch_options(int dns_fd, int lazy, int compression, char denc)
{
char in[4096];
int read;
char *dname, *comp_status, *lazy_status;
char opts[4];
comp_status = compression ? "enabled" : "disabled";
dname = "Base32";
if (denc == 'S')
dname = "Base64";
else if (denc == 'U')
dname = "Base64u";
else if (denc == 'V')
dname = "Base128";
else if (denc == 'R')
dname = "Raw";
lazy_status = lazy ? "lazy" : "immediate";
fprintf(stderr, "Switching server options: %s mode, downstream codec %s, compression %s...\n",
lazy_status, dname, comp_status);
for (int i = 0; running && i < 5; i++) {
send_server_options(dns_fd, userid, lazy, compression, denc, opts);
read = handshake_waitdns(dns_fd, in, sizeof(in) - 1, 'O', i + 1);
if (read > 0) {
if (strncmp("BADLEN", in, 6) == 0) {
fprintf(stderr, "Server got bad message length.\n");
goto opt_revert;
} else if (strncmp("BADIP", in, 5) == 0) {
fprintf(stderr, "Server rejected sender IP address.\n");
goto opt_revert;
} else if (strncmp("BADCODEC", in, 8) == 0) {
fprintf(stderr, "Server rejected the selected options.\n");
goto opt_revert;
}
fprintf(stderr, "Switched server options successfully. (%s)\n", opts);
lazymode = lazy;
compression_down = compression;
downenc = denc;
return;
}
fprintf(stderr, "Retrying options switch...\n");
}
if (!running)
return;
fprintf(stderr, "No reply from server on options switch.\n");
opt_revert:
comp_status = compression_down ? "enabled" : "disabled";
lazy_status = lazymode ? "lazy" : "immediate";
fprintf(stderr, "Falling back to previous configuration: downstream codec %s, %s mode, compression %s.\n",
dataenc->name, lazy_status, comp_status);
}
static int
fragsize_check(char *in, int read, int proposed_fragsize, int *max_fragsize)
/* Returns: 0: keep checking, 1: break loop (either okay or definitely wrong) */
{
int acked_fragsize = ((in[0] & 0xff) << 8) | (in[1] & 0xff);
int okay;
int i;
unsigned int v;
if (read >= 5 && strncmp("BADIP", in, 5) == 0) {
fprintf(stderr, "got BADIP (Try iodined -c)..\n");
fflush(stderr);
return 0; /* maybe temporary error */
}
if (acked_fragsize != proposed_fragsize) {
/*
* got ack for wrong fragsize, maybe late response for
* earlier query, or ack corrupted
*/
return 0;
}
if (read != proposed_fragsize) {
/*
* correctly acked fragsize but read too little (or too
* much): this fragsize is definitely not reliable
*/
return 1;
}
/* here: read == proposed_fragsize == acked_fragsize */
/* test: */
/* in[123] = 123; */
if ((in[2] & 0xff) != 107) {
warnx("\ncorruption at byte 2, this won't work. Try -O Base32, or other -T options.");
*max_fragsize = -1;
return 1;
}
/* Check for corruption */
okay = 1;
v = in[3] & 0xff;
for (i = 3; i < read; i++, v = (v + 107) & 0xff)
if ((in[i] & 0xff) != v) {
okay = 0;
break;
}
if (okay) {
fprintf(stderr, "%d ok.. ", acked_fragsize);
fflush(stderr);
*max_fragsize = acked_fragsize;
return 1;
} else {
if (downenc != ' ' && downenc != 'T') {
fprintf(stderr, "%d corrupted at %d.. (Try -O Base32)\n", acked_fragsize, i);
} else {
fprintf(stderr, "%d corrupted at %d.. ", acked_fragsize, i);
}
fflush(stderr);
return 1;
}
/* notreached */
return 1;
}
static int
handshake_autoprobe_fragsize(int dns_fd)
{
char in[MAX_FRAGSIZE];
int i;
int read;
int proposed_fragsize = 768;
int range = 768;
int max_fragsize;
max_fragsize = 0;
fprintf(stderr, "Autoprobing max downstream fragment size... (skip with -m fragsize)");
while (running && range > 0 && (range >= 8 || max_fragsize < 300)) {
/* stop the slow probing early when we have enough bytes anyway */
for (i=0; running && i<3 ;i++) {
send_fragsize_probe(dns_fd, proposed_fragsize);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'R', 1);
if (read > 0) {
/* We got a reply */
if (fragsize_check(in, read, proposed_fragsize, &max_fragsize) == 1)
break;
}
fprintf(stderr, ".");
fflush(stderr);
}
if (max_fragsize < 0)
break;
range >>= 1;
if (max_fragsize == proposed_fragsize) {
/* Try bigger */
proposed_fragsize += range;
} else {
/* Try smaller */
fprintf(stderr, "%d not ok.. ", proposed_fragsize);
fflush(stderr);
proposed_fragsize -= range;
}
}
if (!running) {
warnx("\nstopped while autodetecting fragment size (Try setting manually with -m)");
return 0;
}
if (max_fragsize <= 6) {
/* Tried all the way down to 2 and found no good size.
But we _did_ do all handshake before this, so there must
be some workable connection. */
warnx("\nfound no accepted fragment size.");
warnx("try setting -M to 200 or lower, or try other -T or -O options.");
return 0;
}
/* data header adds 6 bytes */
fprintf(stderr, "will use %d-6=%d\n", max_fragsize, max_fragsize - 6);
/* need 1200 / 16frags = 75 bytes fragsize */
if (max_fragsize < 82) {
fprintf(stderr, "Note: this probably won't work well.\n");
fprintf(stderr, "Try setting -M to 200 or lower, or try other DNS types (-T option).\n");
} else if (max_fragsize < 202 &&
(do_qtype == T_NULL || do_qtype == T_PRIVATE || do_qtype == T_TXT ||
do_qtype == T_SRV || do_qtype == T_MX)) {
fprintf(stderr, "Note: this isn't very much.\n");
fprintf(stderr, "Try setting -M to 200 or lower, or try other DNS types (-T option).\n");
}
return max_fragsize - 2;
}
static void
handshake_set_fragsize(int dns_fd, int fragsize)
{
char in[4096];
int i;
int read;
fprintf(stderr, "Setting downstream fragment size to max %d...\n", fragsize);
for (i=0; running && i<5 ;i++) {
send_set_downstream_fragsize(dns_fd, fragsize);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'N', i+1);
if (read > 0) {
if (strncmp("BADFRAG", in, 7) == 0) {
fprintf(stderr, "Server rejected fragsize. Keeping default.\n");
return;
} else if (strncmp("BADIP", in, 5) == 0) {
fprintf(stderr, "Server rejected sender IP address.\n");
return;
}
/* The server returns the accepted fragsize:
accepted_fragsize = ((in[0] & 0xff) << 8) | (in[1] & 0xff) */
return;
}
fprintf(stderr, "Retrying set fragsize...\n");
}
if (!running)
return;
fprintf(stderr, "No reply from server when setting fragsize. Keeping default.\n");
}
static void
handshake_set_timeout(int dns_fd)
{
char in[4096];
int read, id;
if (autodetect_server_timeout && lazymode) {
fprintf(stderr, "Calculating round-trip time for optimum server timeout...");
} else {
fprintf(stderr, "Setting window sizes to %lu frags upstream, %lu frags downstream...",
windowsize_up, windowsize_down);
}
for (int i = 0; running && i < 5; i++) {
id = autodetect_server_timeout ?
update_server_timeout(dns_fd, 1) : send_ping(dns_fd, 1, -1, 1);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'P', i + 1);
got_response(id, 1, 0);
fprintf(stderr, ".");
if (read > 0) {
if (strncmp("BADIP", in, 5) == 0) {
fprintf(stderr, "Server rejected sender IP address.\n");
}
if (autodetect_server_timeout)
continue;
else
break;
}
}
if (!running)
return;
if (autodetect_server_timeout)
fprintf(stderr, "\nDetermined round-trip time of %ld ms, server timeout of %ld ms.\n",
rtt_total_ms / num_immediate, server_timeout_ms);
else
fprintf(stderr, " done\n");
}
int
client_handshake(int dns_fd, int raw_mode, int autodetect_frag_size, int fragsize)
{
int seed;
int upcodec;
int r;
dnsc_use_edns0 = 0;
/* qtype message printed in handshake function */
if (do_qtype == T_UNSET) {
r = handshake_qtype_autodetect(dns_fd);
if (r) {
return r;
}
}
fprintf(stderr, "Using DNS type %s queries\n", client_get_qtype());
r = handshake_version(dns_fd, &seed);
if (r) {
return r;
}
r = handshake_login(dns_fd, seed);
if (r) {
return r;
}
if (raw_mode && handshake_raw_udp(dns_fd, seed)) {
conn = CONN_RAW_UDP;
max_timeout_ms = 10000;
compression_down = 1;
compression_up = 1;
} else {
if (raw_mode == 0) {
fprintf(stderr, "Skipping raw mode\n");
}
dnsc_use_edns0 = 1;
if (handshake_edns0_check(dns_fd) && running) {
fprintf(stderr, "Using EDNS0 extension\n");
} else if (!running) {
return -1;
} else {
fprintf(stderr, "DNS relay does not support EDNS0 extension\n");
dnsc_use_edns0 = 0;
}
upcodec = handshake_upenc_autodetect(dns_fd);
if (!running)
return -1;
if (upcodec == 1) { /* Base64 */
handshake_switch_codec(dns_fd, 6);
} else if (upcodec == 2) { /* Base64u */
handshake_switch_codec(dns_fd, 26);
} else if (upcodec == 3) { /* Base128 */
handshake_switch_codec(dns_fd, 7);
}
if (!running)
return -1;
if (downenc == ' ') {
downenc = handshake_downenc_autodetect(dns_fd);
}
if (!running)
return -1;
/* Set options for compression, lazymode and downstream codec */
handshake_switch_options(dns_fd, lazymode, compression_down, downenc);
if (!running)
return -1;
if (autodetect_frag_size) {
fragsize = handshake_autoprobe_fragsize(dns_fd);
if (fragsize > MAX_FRAGSIZE) {
/* This is very unlikely except perhaps over LAN */
fprintf(stderr, "Can transfer fragsize of %d, however iodine has been compiled with MAX_FRAGSIZE = %d."
" To fully utilize this connection, please recompile iodine/iodined.\n", fragsize, MAX_FRAGSIZE);
fragsize = MAX_FRAGSIZE;
}
if (!fragsize) {
return 1;
}
}
handshake_set_fragsize(dns_fd, fragsize);
if (!running)
return -1;
/* init windowing protocol */
outbuf = window_buffer_init(64, windowsize_up, maxfragsize_up, WINDOW_SENDING);
/* Incoming buffer max fragsize doesn't matter */
inbuf = window_buffer_init(64, windowsize_down, MAX_FRAGSIZE, WINDOW_RECVING);
/* init query tracking */
num_untracked = 0;
num_pending = 0;
pending_queries = calloc(PENDING_QUERIES_LENGTH, sizeof(struct query_tuple));
for (int i = 0; i < PENDING_QUERIES_LENGTH; i++)
pending_queries[i].id = -1;
/* set server window/timeout parameters and calculate RTT */
handshake_set_timeout(dns_fd);
}
return 0;
}