/*
- * Copyright (c) 2006-2007 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <string.h>
#include <signal.h>
#include <unistd.h>
-#include <netdb.h>
-#include <netinet/in.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
-#include <sys/socket.h>
#include <fcntl.h>
-#include <err.h>
-#include <grp.h>
-#include <pwd.h>
-#include <arpa/inet.h>
#include <zlib.h>
+
+#ifdef WINDOWS32
+#include "windows.h"
+#include <winsock2.h>
+#else
#include <arpa/nameser.h>
#ifdef DARWIN
#include <arpa/nameser8_compat.h>
#endif
+#include <sys/socket.h>
+#include <err.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <grp.h>
+#include <pwd.h>
+#include <netdb.h>
+#endif
#include "common.h"
#include "encoding.h"
#include "base32.h"
+#include "base64.h"
#include "dns.h"
#include "login.h"
#include "tun.h"
#include "version.h"
+#ifdef WINDOWS32
+WORD req_version = MAKEWORD(2, 2);
+WSADATA wsa_data;
+#endif
+
static void send_ping(int fd);
static void send_chunk(int fd);
static int build_hostname(char *buf, size_t buflen,
static char *topdomain;
static uint16_t rand_seed;
+static int downstream_seqno;
+static int downstream_fragment;
+static int down_ack_seqno;
+static int down_ack_fragment;
-/* Current IP packet */
-static struct packet packet;
+/* Current up/downstream IP packet */
+static struct packet outpkt;
+static struct packet inpkt;
/* My userid at the server */
static char userid;
size_t space;
char *b;
-
- space = MIN(0xFF, buflen) - strlen(topdomain) - 2;
+ space = MIN(0xFF, buflen) - strlen(topdomain) - 7;
if (!encoder->places_dots())
- space -= (space / 62); /* space for dots */
+ space -= (space / 57); /* space for dots */
memset(buf, 0, buflen);
return space;
}
-int
+static int
is_sending()
{
- return (packet.len != 0);
+ return (outpkt.len != 0);
}
-int
+static int
read_dns(int fd, char *buf, int buflen)
{
struct sockaddr_in from;
rv = dns_decode(buf, buflen, &q, QR_ANSWER, data, r);
- if (is_sending() && chunkid == q.id) {
- /* Got ACK on sent packet */
- packet.offset += packet.sentlen;
- if (packet.offset == packet.len) {
- /* Packet completed */
- packet.offset = 0;
- packet.len = 0;
- packet.sentlen = 0;
- } else {
- /* More to send */
- send_chunk(fd);
+ /* decode the data header, update seqno and frag before next request */
+ if (rv >= 2) {
+ downstream_seqno = (buf[1] >> 5) & 7;
+ downstream_fragment = (buf[1] >> 1) & 15;
+ }
+
+
+ if (is_sending()) {
+ if (chunkid == q.id) {
+ /* Got ACK on sent packet */
+ outpkt.offset += outpkt.sentlen;
+ if (outpkt.offset == outpkt.len) {
+ /* Packet completed */
+ outpkt.offset = 0;
+ outpkt.len = 0;
+ outpkt.sentlen = 0;
+
+ /* If the ack contains unacked frag number but no data,
+ * send a ping to ack the frag number and get more data*/
+ if (rv == 2 && (
+ downstream_seqno != down_ack_seqno ||
+ downstream_fragment != down_ack_fragment
+ )) {
+
+ send_ping(fd);
+ }
+ } else {
+ /* More to send */
+ send_chunk(fd);
+ }
+
}
}
return rv;
unsigned long inlen;
char out[64*1024];
char in[64*1024];
- size_t read;
+ ssize_t read;
if ((read = read_tun(tun_fd, in, sizeof(in))) <= 0)
return -1;
inlen = read;
compress2((uint8_t*)out, &outlen, (uint8_t*)in, inlen, 9);
- memcpy(packet.data, out, MIN(outlen, sizeof(packet.data)));
- packet.sentlen = 0;
- packet.offset = 0;
- packet.len = outlen;
+ memcpy(outpkt.data, out, MIN(outlen, sizeof(outpkt.data)));
+ outpkt.sentlen = 0;
+ outpkt.offset = 0;
+ outpkt.len = outlen;
+ outpkt.seqno++;
+ outpkt.fragment = 0;
send_chunk(dns_fd);
static int
tunnel_dns(int tun_fd, int dns_fd)
{
- unsigned long outlen;
- unsigned long inlen;
- char out[64*1024];
- char in[64*1024];
+ unsigned long datalen;
+ char buf[64*1024];
size_t read;
- if ((read = read_dns(dns_fd, in, sizeof(in))) <= 0)
+ if ((read = read_dns(dns_fd, buf, sizeof(buf))) <= 2)
return -1;
-
- outlen = sizeof(out);
- inlen = read;
- if (uncompress((uint8_t*)out, &outlen, (uint8_t*)in, inlen) != Z_OK)
+
+ if (downstream_seqno != inpkt.seqno) {
+ /* New packet */
+ inpkt.seqno = downstream_seqno;
+ inpkt.fragment = downstream_fragment;
+ inpkt.len = 0;
+ } else if (downstream_fragment <= inpkt.fragment) {
+ /* Duplicate fragment */
return -1;
+ }
+ inpkt.fragment = downstream_fragment;
+
+ datalen = MIN(read - 2, sizeof(inpkt.data) - inpkt.len);
- write_tun(tun_fd, out, outlen);
+ /* Skip 2 byte data header and append to packet */
+ memcpy(&inpkt.data[inpkt.len], &buf[2], datalen);
+ inpkt.len += datalen;
+
+ if (buf[1] & 1) { /* If last fragment flag is set */
+ /* Uncompress packet and send to tun */
+ datalen = sizeof(buf);
+ if (uncompress((uint8_t*)buf, &datalen, (uint8_t*) inpkt.data, inpkt.len) == Z_OK) {
+ write_tun(tun_fd, buf, datalen);
+ }
+ inpkt.len = 0;
+ }
+
+ /* If we have nothing to send, send a ping to get more data */
if (!is_sending())
send_ping(dns_fd);
tv.tv_sec = 1;
tv.tv_usec = 0;
+
FD_ZERO(&fds);
- if (!is_sending())
+ if (!is_sending()) {
FD_SET(tun_fd, &fds);
+ }
FD_SET(dns_fd, &fds);
i = select(MAX(tun_fd, dns_fd) + 1, &fds, NULL, NULL, &tv);
int code;
char *p;
- p = packet.data;
- p += packet.offset;
- avail = packet.len - packet.offset;
+ p = outpkt.data;
+ p += outpkt.offset;
+ avail = outpkt.len - outpkt.offset;
- packet.sentlen = build_hostname(buf + 1, sizeof(buf) - 1, p, avail, topdomain, dataenc);
+ outpkt.sentlen = build_hostname(buf + 4, sizeof(buf) - 4, p, avail, topdomain, dataenc);
- if (packet.sentlen == avail)
- code = 1;
- else
- code = 0;
-
- code |= (userid << 1);
- buf[0] = hex[code];
+ /* Build upstream data header (see doc/proto_xxxxxxxx.txt) */
+ buf[0] = hex[userid & 15]; /* First byte is 4 bits userid */
+
+ code = ((outpkt.seqno & 7) << 2) | ((outpkt.fragment & 15) >> 2);
+ buf[1] = b32_5to8(code); /* Second byte is 3 bits seqno, 2 upper bits fragment count */
+
+ code = ((outpkt.fragment & 3) << 3) | (downstream_seqno & 7);
+ buf[2] = b32_5to8(code); /* Third byte is 2 bits lower fragment count, 3 bits downstream packet seqno */
+
+ code = ((downstream_fragment & 15) << 1) | (outpkt.sentlen == avail);
+ buf[3] = b32_5to8(code); /* Fourth byte is 4 bits downstream fragment count, 1 bit last frag flag */
+
+ down_ack_seqno = downstream_seqno;
+ down_ack_fragment = downstream_fragment;
+
+ outpkt.fragment++;
send_query(fd, buf);
}
-void
+static void
send_login(int fd, char *login, int len)
{
char data[19];
static void
send_ping(int fd)
{
- char data[3];
+ char data[4];
if (is_sending()) {
- packet.sentlen = 0;
- packet.offset = 0;
- packet.len = 0;
+ outpkt.sentlen = 0;
+ outpkt.offset = 0;
+ outpkt.len = 0;
}
data[0] = userid;
- data[1] = (rand_seed >> 8) & 0xff;
- data[2] = (rand_seed >> 0) & 0xff;
+ data[1] = ((downstream_seqno & 7) << 4) | (downstream_fragment & 15);
+ data[2] = (rand_seed >> 8) & 0xff;
+ data[3] = (rand_seed >> 0) & 0xff;
+
+ down_ack_seqno = downstream_seqno;
+ down_ack_fragment = downstream_fragment;
rand_seed++;
send_packet(fd, 'P', data, sizeof(data));
}
-void
+static void
+send_fragsize_probe(int fd, int fragsize)
+{
+ char probedata[256];
+ char buf[4096];
+
+ /* build a large query domain which is random and maximum size */
+ memset(probedata, MIN(1, rand_seed & 0xff), sizeof(probedata));
+ probedata[1] = MIN(1, (rand_seed >> 8) & 0xff);
+ rand_seed++;
+ build_hostname(buf + 4, sizeof(buf) - 4, probedata, sizeof(probedata), topdomain, dataenc);
+
+ fragsize &= 2047;
+
+ buf[0] = 'r'; /* Probe downstream fragsize packet */
+ buf[1] = b32_5to8((userid << 1) | ((fragsize >> 10) & 1));
+ buf[2] = b32_5to8((fragsize >> 5) & 31);
+ buf[3] = b32_5to8(fragsize & 31);
+
+ send_query(fd, buf);
+}
+
+static void
+send_set_downstream_fragsize(int fd, int fragsize)
+{
+ char data[5];
+
+ data[0] = userid;
+ data[1] = (fragsize & 0xff00) >> 8;
+ data[2] = (fragsize & 0x00ff);
+ data[3] = (rand_seed >> 8) & 0xff;
+ data[4] = (rand_seed >> 0) & 0xff;
+
+ rand_seed++;
+
+ send_packet(fd, 'N', data, sizeof(data));
+}
+
+static void
send_version(int fd, uint32_t version)
{
char data[6];
send_packet(fd, 'V', data, sizeof(data));
}
-void
+static void
send_case_check(int fd)
{
- char buf[512] = "zZaAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyY123-4560789.";
+ /* The '+' plus character is not allowed according to RFC.
+ * Expect to get SERVFAIL or similar if it is rejected.
+ */
+ char buf[512] = "zZ+-aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyY1234.";
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
+static void
+send_codec_switch(int fd, int userid, int bits)
+{
+ char buf[512] = "S__.";
+ buf[1] = b32_5to8(userid);
+ buf[2] = b32_5to8(bits);
+
+ strncat(buf, topdomain, 512 - strlen(buf));
+ send_query(fd, buf);
+}
+
static int
-handshake(int dns_fd)
+handshake_version(int dns_fd, int *seed)
{
struct timeval tv;
- uint32_t payload;
- char server[65];
- char client[65];
- char login[16];
char in[4096];
fd_set fds;
- int read;
- int mtu;
- int seed;
+ uint32_t payload;
int i;
int r;
+ int read;
for (i = 0; running && i < 5; i++) {
tv.tv_sec = i + 1;
((in[7] & 0xff)));
if (strncmp("VACK", in, 4) == 0) {
- seed = payload;
+ *seed = payload;
userid = in[8];
- printf("Version ok, both running 0x%08x. You are user #%d\n", VERSION, userid);
- goto perform_login;
+ fprintf(stderr, "Version ok, both using protocol v 0x%08x. You are user #%d\n", VERSION, userid);
+ return 0;
} else if (strncmp("VNAK", in, 4) == 0) {
- errx(1, "you run 0x%08x, server runs 0x%08x. giving up\n",
+ warnx("You use protocol v 0x%08x, server uses v 0x%08x. Giving up",
VERSION, payload);
- /* NOTREACHED */
+ return 1;
} else if (strncmp("VFUL", in, 4) == 0) {
- errx(1, "server full, all %d slots are taken. try again later\n", payload);
- /* NOTREACHED */
+ warnx("Server full, all %d slots are taken. Try again later", payload);
+ return 1;
}
} else
- warnx("did not receive proper login challenge\n");
+ warnx("did not receive proper login challenge");
}
- printf("Retrying version check...\n");
+ fprintf(stderr, "Retrying version check...\n");
}
- errx(1, "couldn't connect to server");
- /* NOTREACHED */
-
-perform_login:
+ warnx("couldn't connect to server");
+ return 1;
+}
+
+static int
+handshake_login(int dns_fd, int seed)
+{
+ struct timeval tv;
+ char in[4096];
+ char login[16];
+ char server[65];
+ char client[65];
+ int mtu;
+ fd_set fds;
+ int i;
+ int r;
+ int read;
+
login_calculate(login, 16, password, seed);
for (i=0; running && i<5 ;i++) {
}
if (read > 0) {
+ int netmask;
if (strncmp("LNAK", in, 4) == 0) {
- printf("Bad password\n");
+ fprintf(stderr, "Bad password\n");
return 1;
- } else if (sscanf(in, "%64[^-]-%64[^-]-%d",
- server, client, &mtu) == 3) {
+ } else if (sscanf(in, "%64[^-]-%64[^-]-%d-%d",
+ server, client, &mtu, &netmask) == 4) {
server[64] = 0;
client[64] = 0;
- if (tun_setip(client) == 0 &&
+ if (tun_setip(client, netmask) == 0 &&
tun_setmtu(mtu) == 0) {
- goto perform_case_check;
+ return 0;
} else {
warnx("Received handshake with bad data");
}
} else {
- printf("Received bad handshake\n");
+ fprintf(stderr, "Received bad handshake\n");
}
}
}
- printf("Retrying login...\n");
+ fprintf(stderr, "Retrying login...\n");
}
- errx(1, "couldn't login to server");
- /* NOTREACHED */
+ warnx("couldn't login to server");
+ return 1;
+}
+
+static void
+handshake_case_check(int dns_fd)
+{
+ struct timeval tv;
+ char in[4096];
+ fd_set fds;
+ int i;
+ int r;
+ int read;
-perform_case_check:
case_preserved = 0;
for (i=0; running && i<5 ;i++) {
tv.tv_sec = i + 1;
if(r > 0) {
read = read_dns(dns_fd, in, sizeof(in));
- if(read <= 0) {
- warn("read");
- continue;
- }
-
if (read > 0) {
if (in[0] == 'z' || in[0] == 'Z') {
- if (read < (26 * 2)) {
- printf("Received short case reply...\n");
+ if (read < (27 * 2)) {
+ fprintf(stderr, "Received short case check reply. Will use base32 encoder\n");
+ return;
} else {
int k;
+ /* TODO enhance this, base128 is probably also possible */
case_preserved = 1;
- for (k = 0; k < 26 && case_preserved; k += 2) {
+ for (k = 0; k < 27 && case_preserved; k += 2) {
if (in[k] == in[k+1]) {
- /* test string: zZaAbBcCdD... */
+ /* test string: zZ+-aAbBcCdDeE... */
case_preserved = 0;
}
}
- return 0;
+ return;
}
} else {
- printf("Received bad case check reply\n");
+ fprintf(stderr, "Received bad case check reply\n");
}
+ } else {
+ fprintf(stderr, "Got error on case check, will use base32\n");
+ return;
}
}
- printf("Retrying case check...\n");
+ fprintf(stderr, "Retrying case check...\n");
}
- printf("No reply on case check, continuing\n");
- return 0;
+ fprintf(stderr, "No reply on case check, continuing\n");
}
+
+static void
+handshake_switch_codec(int dns_fd)
+{
+ struct timeval tv;
+ char in[4096];
+ fd_set fds;
+ int i;
+ int r;
+ int read;
+
+ dataenc = get_base64_encoder();
+ fprintf(stderr, "Switching to %s codec\n", dataenc->name);
+ /* Send to server that this user will use base64 from now on */
+ for (i=0; running && i<5 ;i++) {
+ int bits;
+ tv.tv_sec = i + 1;
+ tv.tv_usec = 0;
+
+ bits = 6; /* base64 = 6 bits per byte */
+
+ send_codec_switch(dns_fd, userid, bits);
+ FD_ZERO(&fds);
+ FD_SET(dns_fd, &fds);
+
+ r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
+
+ if(r > 0) {
+ read = read_dns(dns_fd, in, sizeof(in));
+
+ if (read > 0) {
+ if (strncmp("BADLEN", in, 6) == 0) {
+ fprintf(stderr, "Server got bad message length. ");
+ goto codec_revert;
+ } else if (strncmp("BADIP", in, 5) == 0) {
+ fprintf(stderr, "Server rejected sender IP address. ");
+ goto codec_revert;
+ } else if (strncmp("BADCODEC", in, 8) == 0) {
+ fprintf(stderr, "Server rejected the selected codec. ");
+ goto codec_revert;
+ }
+ in[read] = 0; /* zero terminate */
+ fprintf(stderr, "Server switched to codec %s\n", in);
+ return;
+ }
+ }
+ fprintf(stderr, "Retrying codec switch...\n");
+ }
+ fprintf(stderr, "No reply from server on codec switch. ");
+
+codec_revert:
+ fprintf(stderr, "Falling back to base32\n");
+ dataenc = get_base32_encoder();
+}
+
+static int
+handshake_autoprobe_fragsize(int dns_fd)
+{
+ struct timeval tv;
+ char in[4096];
+ fd_set fds;
+ int i;
+ int r;
+ int read;
+ int proposed_fragsize = 768;
+ int range = 768;
+ int max_fragsize = 0;
+
+ max_fragsize = 0;
+ fprintf(stderr, "Autoprobing max downstream fragment size... (skip with -m fragsize)\n");
+ while (running && range > 0 && (range >= 8 || !max_fragsize)) {
+ for (i=0; running && i<3 ;i++) {
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ send_fragsize_probe(dns_fd, proposed_fragsize);
+
+ FD_ZERO(&fds);
+ FD_SET(dns_fd, &fds);
+
+ r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
+
+ if(r > 0) {
+ read = read_dns(dns_fd, in, sizeof(in));
+
+ if (read > 0) {
+ /* We got a reply */
+ int acked_fragsize = ((in[0] & 0xff) << 8) | (in[1] & 0xff);
+ if (acked_fragsize == proposed_fragsize) {
+ if (read == proposed_fragsize) {
+ fprintf(stderr, "%d ok.. ", acked_fragsize);
+ fflush(stderr);
+ max_fragsize = acked_fragsize;
+ }
+ }
+ if (strncmp("BADIP", in, 5) == 0) {
+ fprintf(stderr, "got BADIP.. ");
+ fflush(stderr);
+ }
+ break;
+ }
+ }
+ fprintf(stderr, ".");
+ fflush(stderr);
+ }
+ range >>= 1;
+ if (max_fragsize == proposed_fragsize) {
+ /* Try bigger */
+ proposed_fragsize += range;
+ } else {
+ /* Try smaller */
+ fprintf(stderr, "%d not ok.. ", proposed_fragsize);
+ fflush(stderr);
+ proposed_fragsize -= range;
+ }
+ }
+ if (!running) {
+ fprintf(stderr, "\n");
+ warnx("stopped while autodetecting fragment size (Try probing manually with -m)");
+ return 0;
+ }
+ if (range == 0) {
+ /* Tried all the way down to 2 and found no good size */
+ fprintf(stderr, "\n");
+ warnx("found no accepted fragment size. (Try probing manually with -m)");
+ return 0;
+ }
+ fprintf(stderr, "will use %d\n", max_fragsize);
+ return max_fragsize;
+}
+
+static void
+handshake_set_fragsize(int dns_fd, int fragsize)
+{
+ struct timeval tv;
+ char in[4096];
+ fd_set fds;
+ int i;
+ int r;
+ int read;
+
+ fprintf(stderr, "Setting downstream fragment size to max %d...\n", fragsize);
+ for (i=0; running && i<5 ;i++) {
+ tv.tv_sec = i + 1;
+ tv.tv_usec = 0;
+
+ send_set_downstream_fragsize(dns_fd, fragsize);
+
+ FD_ZERO(&fds);
+ FD_SET(dns_fd, &fds);
+
+ r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
+
+ if(r > 0) {
+ read = read_dns(dns_fd, in, sizeof(in));
+
+ if (read > 0) {
+ int accepted_fragsize;
+
+ if (strncmp("BADFRAG", in, 7) == 0) {
+ fprintf(stderr, "Server rejected fragsize. Keeping default.");
+ return;
+ } else if (strncmp("BADIP", in, 5) == 0) {
+ fprintf(stderr, "Server rejected sender IP address.\n");
+ return;
+ }
+
+ accepted_fragsize = ((in[0] & 0xff) << 8) | (in[1] & 0xff);
+ return;
+ }
+ }
+ fprintf(stderr, "Retrying set fragsize...\n");
+ }
+ fprintf(stderr, "No reply from server when setting fragsize. Keeping default.\n");
+}
+
+static int
+handshake(int dns_fd, int autodetect_frag_size, int fragsize)
+{
+ int seed;
+ int r;
+
+ r = handshake_version(dns_fd, &seed);
+ if (r) {
+ return r;
+ }
+
+ r = handshake_login(dns_fd, seed);
+ if (r) {
+ return r;
+ }
+
+ handshake_case_check(dns_fd);
+
+ if (case_preserved) {
+ handshake_switch_codec(dns_fd);
+ }
+
+ if (autodetect_frag_size) {
+ fragsize = handshake_autoprobe_fragsize(dns_fd);
+ if (!fragsize) {
+ return 1;
+ }
+ }
+
+ handshake_set_fragsize(dns_fd, fragsize);
+
+ return 0;
+}
+
static char *
get_resolvconf_addr()
{
static char addr[16];
- char buf[80];
char *rv;
+#ifndef WINDOWS32
+ char buf[80];
FILE *fp;
rv = NULL;
}
fclose(fp);
+#else /* !WINDOWS32 */
+ FIXED_INFO *fixed_info;
+ ULONG buflen;
+ DWORD ret;
+
+ rv = NULL;
+ fixed_info = malloc(sizeof(FIXED_INFO));
+ buflen = sizeof(FIXED_INFO);
+
+ if (GetNetworkParams(fixed_info, &buflen) == ERROR_BUFFER_OVERFLOW) {
+ /* official ugly api workaround */
+ free(fixed_info);
+ fixed_info = malloc(buflen);
+ }
+ ret = GetNetworkParams(fixed_info, &buflen);
+ if (ret == NO_ERROR) {
+ strncpy(addr, fixed_info->DnsServerList.IpAddress.String, sizeof(addr));
+ addr[15] = 0;
+ rv = addr;
+ }
+ free(fixed_info);
+#endif
return rv;
}
usage() {
extern char *__progname;
- printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] "
- "[nameserver] topdomain\n", __progname);
+ fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] "
+ "[-P password] [-m maxfragsize] [nameserver] topdomain\n", __progname);
exit(2);
}
help() {
extern char *__progname;
- printf("iodine IP over DNS tunneling client\n");
- printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] "
- "[-P password] [nameserver] topdomain\n", __progname);
- printf(" -v to print version info and exit\n");
- printf(" -h to print this help and exit\n");
- printf(" -f to keep running in foreground\n");
- printf(" -u name to drop privileges and run as user 'name'\n");
- printf(" -t dir to chroot to directory dir\n");
- printf(" -d device to set tunnel device name\n");
- printf(" -P password used for authentication (max 32 chars will be used)\n");
- printf("nameserver is the IP number of the relaying nameserver, if absent /etc/resolv.conf is used\n");
- printf("topdomain is the FQDN that is delegated to the tunnel endpoint.\n");
+ fprintf(stderr, "iodine IP over DNS tunneling client\n");
+ fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] "
+ "[-P password] [-m maxfragsize] [nameserver] topdomain\n", __progname);
+ fprintf(stderr, " -v to print version info and exit\n");
+ fprintf(stderr, " -h to print this help and exit\n");
+ fprintf(stderr, " -f to keep running in foreground\n");
+ fprintf(stderr, " -u name to drop privileges and run as user 'name'\n");
+ fprintf(stderr, " -t dir to chroot to directory dir\n");
+ fprintf(stderr, " -d device to set tunnel device name\n");
+ fprintf(stderr, " -P password used for authentication (max 32 chars will be used)\n");
+ fprintf(stderr, " -m maxfragsize, to limit size of downstream packets\n");
+ fprintf(stderr, "nameserver is the IP number of the relaying nameserver, if absent /etc/resolv.conf is used\n");
+ fprintf(stderr, "topdomain is the FQDN that is delegated to the tunnel endpoint.\n");
exit(0);
}
static void
version() {
-
printf("iodine IP over DNS tunneling client\n");
- printf("version: 0.4.2 from 2008-08-06\n");
+ printf("version: 0.5.1 from 2009-03-21\n");
exit(0);
}
main(int argc, char **argv)
{
char *nameserv_addr;
+#ifndef WINDOWS32
struct passwd *pw;
+#endif
char *username;
int foreground;
char *newroot;
int choice;
int tun_fd;
int dns_fd;
+ int max_downstream_frag_size;
+ int autodetect_frag_size;
memset(password, 0, 33);
username = NULL;
device = NULL;
chunkid = 0;
+ outpkt.seqno = 0;
+ inpkt.len = 0;
+
+ autodetect_frag_size = 1;
+ max_downstream_frag_size = 3072;
+
b32 = get_base32_encoder();
dataenc = get_base32_encoder();
+
+#ifdef WINDOWS32
+ WSAStartup(req_version, &wsa_data);
+#endif
#if !defined(BSD) && !defined(__GLIBC__)
__progname = strrchr(argv[0], '/');
__progname++;
#endif
- while ((choice = getopt(argc, argv, "vfhu:t:d:P:")) != -1) {
+ while ((choice = getopt(argc, argv, "vfhu:t:d:P:m:")) != -1) {
switch(choice) {
case 'v':
version();
+ /* NOTREACHED */
break;
case 'f':
foreground = 1;
break;
case 'h':
help();
+ /* NOTREACHED */
break;
case 'u':
username = optarg;
/* XXX: find better way of cleaning up ps(1) */
memset(optarg, 0, strlen(optarg));
break;
+ case 'm':
+ autodetect_frag_size = 0;
+ max_downstream_frag_size = atoi(optarg);
+ break;
default:
usage();
/* NOTREACHED */
}
}
- if (geteuid() != 0) {
- warnx("Run as root and you'll be happy.\n");
- usage();
- }
+ check_superuser(usage);
argc -= optind;
argv += optind;
/* NOTREACHED */
}
- set_nameserver(nameserv_addr);
+ if (max_downstream_frag_size < 1 || max_downstream_frag_size > 0xffff) {
+ warnx("Use a max frag size between 1 and 65535 bytes.\n");
+ usage();
+ /* NOTREACHED */
+ }
+
+ if (nameserv_addr) {
+ set_nameserver(nameserv_addr);
+ } else {
+ usage();
+ /* NOTREACHED */
+ }
if(strlen(topdomain) <= 128) {
if(check_topdomain(topdomain)) {
warnx("Topdomain contains invalid characters.\n");
usage();
+ /* NOTREACHED */
}
} else {
warnx("Use a topdomain max 128 chars long.\n");
usage();
+ /* NOTREACHED */
}
if (username != NULL) {
+#ifndef WINDOWS32
if ((pw = getpwnam(username)) == NULL) {
warnx("User %s does not exist!\n", username);
usage();
+ /* NOTREACHED */
}
+#endif
}
if (strlen(password) == 0)
signal(SIGINT, sighandler);
signal(SIGTERM, sighandler);
- if(handshake(dns_fd))
+ if(handshake(dns_fd, autodetect_frag_size, max_downstream_frag_size))
goto cleanup2;
- printf("Sending queries for %s to %s\n", topdomain, nameserv_addr);
+ fprintf(stderr, "Sending queries for %s to %s\n", topdomain, nameserv_addr);
if (foreground == 0)
do_detach();
do_chroot(newroot);
if (username != NULL) {
+#ifndef WINDOWS32
gid_t gids[1];
gids[0] = pw->pw_gid;
if (setgroups(1, gids) < 0 || setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
warnx("Could not switch to user %s!\n", username);
usage();
+ /* NOTREACHED */
}
+#endif
}
+ downstream_seqno = 0;
+ downstream_fragment = 0;
+ down_ack_seqno = 0;
+ down_ack_fragment = 0;
+
tunnel(tun_fd, dns_fd);
cleanup2:
ToastFreeware / debian / iodine.git / blobdiff