iodine/src/iodine.c

1397 lines
30 KiB
C
Raw Normal View History

2006-06-05 15:41:08 +03:00
/*
2009-01-04 01:27:21 +02:00
* Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
2006-06-05 15:41:08 +03:00
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
2006-06-05 17:43:04 +03:00
#include <string.h>
2006-06-05 17:46:10 +03:00
#include <signal.h>
2006-06-05 18:13:30 +03:00
#include <unistd.h>
#include <sys/types.h>
2008-07-12 15:26:41 +03:00
#include <sys/param.h>
2007-06-17 14:46:05 +03:00
#include <sys/time.h>
2006-06-06 02:34:23 +03:00
#include <fcntl.h>
2006-06-06 20:59:24 +03:00
#include <zlib.h>
#include <time.h>
#ifdef WINDOWS32
#include "windows.h"
#include <winsock2.h>
#else
#include <arpa/nameser.h>
#ifdef DARWIN
#include <arpa/nameser8_compat.h>
#endif
#include <sys/socket.h>
#include <err.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <grp.h>
#include <pwd.h>
#include <netdb.h>
#endif
2006-06-05 15:41:08 +03:00
#include "common.h"
2007-06-09 19:18:59 +03:00
#include "encoding.h"
#include "base32.h"
#include "base64.h"
2006-06-05 16:38:10 +03:00
#include "dns.h"
2006-11-18 18:08:47 +02:00
#include "login.h"
#include "tun.h"
#include "version.h"
2006-06-05 15:41:08 +03:00
2009-01-25 19:13:12 +02:00
#ifdef WINDOWS32
2009-02-21 12:07:10 +02:00
WORD req_version = MAKEWORD(2, 2);
2009-01-25 19:13:12 +02:00
WSADATA wsa_data;
#endif
static void send_ping(int fd);
2007-02-05 19:40:06 +02:00
static void send_chunk(int fd);
static void send_raw_data(int fd);
static int build_hostname(char *buf, size_t buflen,
2007-06-07 21:57:18 +03:00
const char *data, const size_t datalen,
2007-06-24 13:54:50 +03:00
const char *topdomain, struct encoder *encoder);
static int running = 1;
static char password[33];
2006-06-05 17:46:10 +03:00
static struct sockaddr_in nameserv;
static struct sockaddr_in raw_serv;
static char *topdomain;
static uint16_t rand_seed;
static int downstream_seqno;
static int downstream_fragment;
static int down_ack_seqno;
static int down_ack_fragment;
/* Current up/downstream IP packet */
static struct packet outpkt;
static struct packet inpkt;
/* My userid at the server */
static char userid;
/* DNS id for next packet */
static uint16_t chunkid;
2008-12-07 00:12:18 +02:00
/* Base32 encoder used for non-data packets */
static struct encoder *b32;
/* The encoder used for data packets
2007-06-24 13:54:50 +03:00
* Defaults to Base32, can be changed after handshake */
static struct encoder *dataenc;
2007-06-09 19:18:59 +03:00
/* My connection mode */
static enum connection conn;
2008-07-12 15:26:41 +03:00
#if !defined(BSD) && !defined(__GLIBC__)
static char *__progname;
#endif
2006-06-05 17:46:10 +03:00
static void
2007-02-04 19:00:20 +02:00
sighandler(int sig)
{
2006-06-05 17:46:10 +03:00
running = 0;
}
static void
2007-07-12 02:10:08 +03:00
send_query(int fd, char *hostname)
{
char packet[4096];
struct query q;
size_t len;
q.id = ++chunkid;
q.type = T_NULL;
len = dns_encode(packet, sizeof(packet), &q, QR_QUERY, hostname, strlen(hostname));
sendto(fd, packet, len, 0, (struct sockaddr*)&nameserv, sizeof(nameserv));
}
static void
send_raw(int fd, char *buf, int buflen, int user, int cmd)
{
char packet[4096];
int len;
len = MIN(sizeof(packet) - RAW_HDR_LEN, buflen);
memcpy(packet, raw_header, RAW_HDR_LEN);
memcpy(&packet[RAW_HDR_LEN], buf, len);
len += RAW_HDR_LEN;
packet[RAW_HDR_CMD] = cmd | (user & 0x0F);
sendto(fd, packet, len, 0, (struct sockaddr*)&raw_serv, sizeof(raw_serv));
}
2007-07-12 02:10:08 +03:00
static void
2008-12-07 00:12:18 +02:00
send_packet(int fd, char cmd, const char *data, const size_t datalen)
2007-07-12 02:10:08 +03:00
{
char buf[4096];
2008-12-07 00:12:18 +02:00
buf[0] = cmd;
build_hostname(buf + 1, sizeof(buf) - 1, data, datalen, topdomain, b32);
2007-07-12 02:10:08 +03:00
send_query(fd, buf);
}
2007-06-07 21:57:18 +03:00
static int
build_hostname(char *buf, size_t buflen,
2007-06-07 21:57:18 +03:00
const char *data, const size_t datalen,
2007-06-24 13:54:50 +03:00
const char *topdomain, struct encoder *encoder)
2007-06-07 21:57:18 +03:00
{
2008-12-07 00:12:18 +02:00
int encsize;
2007-06-18 10:17:55 +03:00
size_t space;
2007-06-07 21:57:18 +03:00
char *b;
space = MIN(0xFF, buflen) - strlen(topdomain) - 7;
2007-06-24 13:54:50 +03:00
if (!encoder->places_dots())
space -= (space / 57); /* space for dots */
2007-06-09 19:18:59 +03:00
2007-06-07 21:57:18 +03:00
memset(buf, 0, buflen);
2008-12-07 00:12:18 +02:00
encsize = encoder->encode(buf, &space, data, datalen);
2007-06-09 19:18:59 +03:00
2007-06-24 13:54:50 +03:00
if (!encoder->places_dots())
2007-06-09 19:18:59 +03:00
inline_dotify(buf, buflen);
2007-06-07 21:57:18 +03:00
2007-06-09 19:18:59 +03:00
b = buf;
2007-06-07 21:57:18 +03:00
b += strlen(buf);
2007-06-09 19:18:59 +03:00
2007-06-07 21:57:18 +03:00
if (*b != '.')
*b++ = '.';
strncpy(b, topdomain, strlen(topdomain)+1);
2007-06-09 19:18:59 +03:00
return space;
2007-06-07 21:57:18 +03:00
}
static int
is_sending()
{
return (outpkt.len != 0);
}
static int
2009-08-06 23:42:26 +03:00
read_dns(int dns_fd, int tun_fd, char *buf, int buflen) /* FIXME: tun_fd needed for raw handling */
{
struct sockaddr_in from;
char data[64*1024];
2009-01-25 18:42:28 +02:00
socklen_t addrlen;
struct query q;
int r;
addrlen = sizeof(struct sockaddr);
2009-08-06 23:42:26 +03:00
if ((r = recvfrom(dns_fd, data, sizeof(data), 0,
(struct sockaddr*)&from, &addrlen)) == -1) {
2007-02-06 18:01:09 +02:00
warn("recvfrom");
return 0;
}
2009-08-06 23:42:26 +03:00
if (conn == CONN_DNS_NULL) {
int rv;
rv = dns_decode(buf, buflen, &q, QR_ANSWER, data, r);
2009-08-06 23:42:26 +03:00
/* decode the data header, update seqno and frag before next request */
if (rv >= 2) {
downstream_seqno = (buf[1] >> 5) & 7;
downstream_fragment = (buf[1] >> 1) & 15;
}
2009-08-06 23:42:26 +03:00
if (is_sending()) {
if (chunkid == q.id) {
/* Got ACK on sent packet */
outpkt.offset += outpkt.sentlen;
if (outpkt.offset == outpkt.len) {
/* Packet completed */
outpkt.offset = 0;
outpkt.len = 0;
outpkt.sentlen = 0;
/* If the ack contains unacked frag number but no data,
* send a ping to ack the frag number and get more data*/
if (rv == 2 && (
downstream_seqno != down_ack_seqno ||
downstream_fragment != down_ack_fragment
)) {
send_ping(dns_fd);
}
} else {
/* More to send */
send_chunk(dns_fd);
}
}
}
2009-08-06 23:42:26 +03:00
return rv;
} else { /* CONN_RAW_UDP */
unsigned long datalen;
char buf[64*1024];
int raw_user;
/* minimum length */
if (r < RAW_HDR_LEN) return 0;
/* should start with header */
if (memcmp(data, raw_header, RAW_HDR_IDENT_LEN)) return 0;
/* should be data packet */
if (RAW_HDR_GET_CMD(data) != RAW_HDR_CMD_DATA) return 0;
raw_user = RAW_HDR_GET_USR(data);
if (uncompress((uint8_t*)buf, &datalen, (uint8_t*) &data[RAW_HDR_LEN], r) == Z_OK) {
write_tun(tun_fd, buf, datalen);
}
return 0;
}
}
2006-06-05 17:43:04 +03:00
static int
tunnel_tun(int tun_fd, int dns_fd)
2006-06-05 17:43:04 +03:00
{
2007-02-04 18:06:53 +02:00
unsigned long outlen;
unsigned long inlen;
2007-02-06 18:01:09 +02:00
char out[64*1024];
char in[64*1024];
ssize_t read;
2007-02-06 18:01:09 +02:00
if ((read = read_tun(tun_fd, in, sizeof(in))) <= 0)
return -1;
2007-02-06 18:01:09 +02:00
outlen = sizeof(out);
inlen = read;
compress2((uint8_t*)out, &outlen, (uint8_t*)in, inlen, 9);
2007-02-06 18:01:09 +02:00
memcpy(outpkt.data, out, MIN(outlen, sizeof(outpkt.data)));
outpkt.sentlen = 0;
outpkt.offset = 0;
outpkt.len = outlen;
outpkt.seqno++;
outpkt.fragment = 0;
if (conn == CONN_DNS_NULL) {
send_chunk(dns_fd);
} else {
send_raw_data(dns_fd);
}
return read;
}
static int
tunnel_dns(int tun_fd, int dns_fd)
{
unsigned long datalen;
char buf[64*1024];
size_t read;
2009-08-06 23:42:26 +03:00
if ((read = read_dns(dns_fd, tun_fd, buf, sizeof(buf))) <= 2)
2007-02-06 18:01:09 +02:00
return -1;
if (downstream_seqno != inpkt.seqno) {
/* New packet */
inpkt.seqno = downstream_seqno;
inpkt.fragment = downstream_fragment;
inpkt.len = 0;
} else if (downstream_fragment <= inpkt.fragment) {
/* Duplicate fragment */
return -1;
}
inpkt.fragment = downstream_fragment;
datalen = MIN(read - 2, sizeof(inpkt.data) - inpkt.len);
/* Skip 2 byte data header and append to packet */
memcpy(&inpkt.data[inpkt.len], &buf[2], datalen);
inpkt.len += datalen;
if (buf[1] & 1) { /* If last fragment flag is set */
/* Uncompress packet and send to tun */
datalen = sizeof(buf);
if (uncompress((uint8_t*)buf, &datalen, (uint8_t*) inpkt.data, inpkt.len) == Z_OK) {
write_tun(tun_fd, buf, datalen);
}
inpkt.len = 0;
}
/* If we have nothing to send, send a ping to get more data */
if (!is_sending())
send_ping(dns_fd);
return read;
}
static int
tunnel(int tun_fd, int dns_fd)
{
2006-08-25 01:12:45 +03:00
struct timeval tv;
fd_set fds;
int rv;
int i;
2006-08-25 01:12:45 +03:00
rv = 0;
2006-06-06 02:34:23 +03:00
2006-06-05 17:46:10 +03:00
while (running) {
tv.tv_sec = 1;
tv.tv_usec = 0;
2006-06-05 17:43:04 +03:00
2006-06-05 17:43:04 +03:00
FD_ZERO(&fds);
if ((!is_sending()) || conn == CONN_RAW_UDP) {
2006-06-05 23:05:11 +03:00
FD_SET(tun_fd, &fds);
}
2006-06-05 17:43:04 +03:00
FD_SET(dns_fd, &fds);
2009-01-25 18:42:28 +02:00
i = select(MAX(tun_fd, dns_fd) + 1, &fds, NULL, NULL, &tv);
2006-06-05 17:43:04 +03:00
if (running == 0)
break;
if (i < 0)
err(1, "select");
if (i == 0 && conn == CONN_DNS_NULL) /* timeout */
send_ping(dns_fd);
else {
if (FD_ISSET(tun_fd, &fds)) {
if (tunnel_tun(tun_fd, dns_fd) <= 0)
continue;
2006-06-05 17:43:04 +03:00
}
if (FD_ISSET(dns_fd, &fds)) {
if (tunnel_dns(tun_fd, dns_fd) <= 0)
continue;
2006-06-05 17:43:04 +03:00
}
}
2006-06-05 17:43:04 +03:00
}
2006-08-25 01:12:45 +03:00
return rv;
2006-06-05 17:43:04 +03:00
}
static void
send_raw_data(int dns_fd)
{
send_raw(dns_fd, outpkt.data, outpkt.len, userid, RAW_HDR_CMD_DATA);
}
2007-02-05 19:40:06 +02:00
static void
send_chunk(int fd)
{
2008-12-07 00:12:18 +02:00
char hex[] = "0123456789ABCDEF";
char buf[4096];
2007-02-05 19:40:06 +02:00
int avail;
2008-12-07 00:12:18 +02:00
int code;
2007-02-05 19:40:06 +02:00
char *p;
p = outpkt.data;
p += outpkt.offset;
avail = outpkt.len - outpkt.offset;
outpkt.sentlen = build_hostname(buf + 4, sizeof(buf) - 4, p, avail, topdomain, dataenc);
2007-02-05 19:40:06 +02:00
/* Build upstream data header (see doc/proto_xxxxxxxx.txt) */
buf[0] = hex[userid & 15]; /* First byte is 4 bits userid */
code = ((outpkt.seqno & 7) << 2) | ((outpkt.fragment & 15) >> 2);
buf[1] = b32_5to8(code); /* Second byte is 3 bits seqno, 2 upper bits fragment count */
code = ((outpkt.fragment & 3) << 3) | (downstream_seqno & 7);
buf[2] = b32_5to8(code); /* Third byte is 2 bits lower fragment count, 3 bits downstream packet seqno */
code = ((downstream_fragment & 15) << 1) | (outpkt.sentlen == avail);
buf[3] = b32_5to8(code); /* Fourth byte is 4 bits downstream fragment count, 1 bit last frag flag */
down_ack_seqno = downstream_seqno;
down_ack_fragment = downstream_fragment;
2007-02-05 19:40:06 +02:00
outpkt.fragment++;
2007-07-12 02:10:08 +03:00
send_query(fd, buf);
2007-02-05 19:40:06 +02:00
}
static void
send_login(int fd, char *login, int len)
{
char data[19];
memset(data, 0, sizeof(data));
2008-12-07 00:12:18 +02:00
data[0] = userid;
memcpy(&data[1], login, MIN(len, 16));
data[17] = (rand_seed >> 8) & 0xff;
data[18] = (rand_seed >> 0) & 0xff;
rand_seed++;
2008-12-07 00:12:18 +02:00
send_packet(fd, 'L', data, sizeof(data));
}
static void
send_ping(int fd)
{
char data[4];
if (is_sending()) {
outpkt.sentlen = 0;
outpkt.offset = 0;
outpkt.len = 0;
}
2008-12-07 00:12:18 +02:00
data[0] = userid;
data[1] = ((downstream_seqno & 7) << 4) | (downstream_fragment & 15);
data[2] = (rand_seed >> 8) & 0xff;
data[3] = (rand_seed >> 0) & 0xff;
down_ack_seqno = downstream_seqno;
down_ack_fragment = downstream_fragment;
rand_seed++;
2008-12-07 00:12:18 +02:00
send_packet(fd, 'P', data, sizeof(data));
}
static void
send_fragsize_probe(int fd, int fragsize)
{
char probedata[256];
char buf[4096];
/* build a large query domain which is random and maximum size */
memset(probedata, MIN(1, rand_seed & 0xff), sizeof(probedata));
probedata[1] = MIN(1, (rand_seed >> 8) & 0xff);
rand_seed++;
build_hostname(buf + 4, sizeof(buf) - 4, probedata, sizeof(probedata), topdomain, dataenc);
fragsize &= 2047;
buf[0] = 'r'; /* Probe downstream fragsize packet */
buf[1] = b32_5to8((userid << 1) | ((fragsize >> 10) & 1));
buf[2] = b32_5to8((fragsize >> 5) & 31);
buf[3] = b32_5to8(fragsize & 31);
send_query(fd, buf);
}
static void
send_set_downstream_fragsize(int fd, int fragsize)
{
char data[5];
data[0] = userid;
data[1] = (fragsize & 0xff00) >> 8;
data[2] = (fragsize & 0x00ff);
data[3] = (rand_seed >> 8) & 0xff;
data[4] = (rand_seed >> 0) & 0xff;
rand_seed++;
send_packet(fd, 'N', data, sizeof(data));
}
static void
send_version(int fd, uint32_t version)
{
2008-12-07 00:12:18 +02:00
char data[6];
2008-12-07 00:12:18 +02:00
data[0] = (version >> 24) & 0xff;
data[1] = (version >> 16) & 0xff;
data[2] = (version >> 8) & 0xff;
data[3] = (version >> 0) & 0xff;
2008-12-07 00:12:18 +02:00
data[4] = (rand_seed >> 8) & 0xff;
data[5] = (rand_seed >> 0) & 0xff;
rand_seed++;
2008-12-07 00:12:18 +02:00
send_packet(fd, 'V', data, sizeof(data));
}
2009-06-11 23:23:05 +03:00
static void
send_ip_request(int fd, int userid)
{
2009-06-12 08:44:34 +03:00
char buf[512] = "I____.";
2009-06-11 23:23:05 +03:00
buf[1] = b32_5to8(userid);
2009-06-12 08:44:34 +03:00
buf[2] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[3] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[4] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
2009-06-11 23:23:05 +03:00
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
static void
send_raw_udp_login(int dns_fd, int userid, int seed)
{
char buf[16];
login_calculate(buf, 16, password, seed + 1);
send_raw(dns_fd, buf, sizeof(buf), userid, RAW_HDR_CMD_LOGIN);
}
static void
send_case_check(int fd)
{
/* The '+' plus character is not allowed according to RFC.
* Expect to get SERVFAIL or similar if it is rejected.
*/
2008-12-07 00:12:18 +02:00
char buf[512] = "zZ+-aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyY1234.";
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
static void
send_codec_switch(int fd, int userid, int bits)
{
2009-06-12 08:44:34 +03:00
char buf[512] = "S_____.";
buf[1] = b32_5to8(userid);
buf[2] = b32_5to8(bits);
2008-12-07 00:12:18 +02:00
2009-06-12 08:44:34 +03:00
buf[3] = b32_5to8((rand_seed >> 10) & 0x1f);
buf[4] = b32_5to8((rand_seed >> 5) & 0x1f);
buf[5] = b32_5to8((rand_seed ) & 0x1f);
rand_seed++;
2008-12-07 00:12:18 +02:00
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
2006-06-11 19:13:40 +03:00
static int
handshake_version(int dns_fd, int *seed)
2006-06-11 19:13:40 +03:00
{
2006-08-25 00:23:29 +03:00
struct timeval tv;
char in[4096];
fd_set fds;
uint32_t payload;
2006-06-11 19:13:40 +03:00
int i;
int r;
int read;
2006-06-11 19:13:40 +03:00
for (i = 0; running && i < 5; i++) {
2006-11-18 18:08:47 +02:00
tv.tv_sec = i + 1;
2006-06-11 19:13:40 +03:00
tv.tv_usec = 0;
send_version(dns_fd, VERSION);
2006-06-11 19:13:40 +03:00
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2009-08-06 23:42:26 +03:00
read = read_dns(dns_fd, 0, in, sizeof(in));
2006-06-11 19:13:40 +03:00
2008-07-12 23:30:35 +03:00
if(read <= 0) {
if (read == 0) {
warn("handshake read");
}
/* if read < 0 then warning has been printed already */
2006-06-11 19:13:40 +03:00
continue;
}
if (read >= 9) {
payload = (((in[4] & 0xff) << 24) |
((in[5] & 0xff) << 16) |
((in[6] & 0xff) << 8) |
((in[7] & 0xff)));
2006-11-18 18:08:47 +02:00
if (strncmp("VACK", in, 4) == 0) {
*seed = payload;
userid = in[8];
fprintf(stderr, "Version ok, both using protocol v 0x%08x. You are user #%d\n", VERSION, userid);
return 0;
} else if (strncmp("VNAK", in, 4) == 0) {
warnx("You use protocol v 0x%08x, server uses v 0x%08x. Giving up",
VERSION, payload);
return 1;
} else if (strncmp("VFUL", in, 4) == 0) {
warnx("Server full, all %d slots are taken. Try again later", payload);
return 1;
2006-11-18 18:08:47 +02:00
}
} else
2008-08-07 17:13:33 +03:00
warnx("did not receive proper login challenge");
2006-11-18 18:08:47 +02:00
}
fprintf(stderr, "Retrying version check...\n");
2006-11-18 18:08:47 +02:00
}
warnx("couldn't connect to server");
return 1;
}
static int
handshake_login(int dns_fd, int seed)
{
struct timeval tv;
char in[4096];
char login[16];
char server[65];
char client[65];
int mtu;
fd_set fds;
int i;
int r;
int read;
2006-11-18 18:08:47 +02:00
login_calculate(login, 16, password, seed);
2006-11-18 18:08:47 +02:00
for (i=0; running && i<5 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
send_login(dns_fd, login, 16);
2006-11-18 18:08:47 +02:00
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2009-08-06 23:42:26 +03:00
read = read_dns(dns_fd, 0, in, sizeof(in));
2006-11-18 18:08:47 +02:00
if(read <= 0) {
warn("read");
2006-11-18 18:08:47 +02:00
continue;
}
if (read > 0) {
int netmask;
2006-11-18 18:08:47 +02:00
if (strncmp("LNAK", in, 4) == 0) {
fprintf(stderr, "Bad password\n");
2006-11-18 18:08:47 +02:00
return 1;
} else if (sscanf(in, "%64[^-]-%64[^-]-%d-%d",
server, client, &mtu, &netmask) == 4) {
2006-11-08 23:02:08 +02:00
server[64] = 0;
client[64] = 0;
if (tun_setip(client, netmask) == 0 &&
2006-11-08 23:02:08 +02:00
tun_setmtu(mtu) == 0) {
return 0;
2006-11-08 23:02:08 +02:00
} else {
2009-07-23 00:17:26 +03:00
errx(4, "Failed to set IP and MTU");
2006-11-08 23:02:08 +02:00
}
} else {
fprintf(stderr, "Received bad handshake\n");
2006-06-11 22:54:38 +03:00
}
2006-06-11 21:07:26 +03:00
}
2006-06-11 19:13:40 +03:00
}
fprintf(stderr, "Retrying login...\n");
2006-06-11 19:13:40 +03:00
}
warnx("couldn't login to server");
return 1;
}
2009-06-11 23:23:05 +03:00
static int
handshake_raw_udp(int dns_fd, int seed)
2009-06-11 23:23:05 +03:00
{
struct timeval tv;
char in[4096];
fd_set fds;
int i;
int r;
2009-06-14 17:01:48 +03:00
int len;
2009-06-11 23:23:05 +03:00
unsigned remoteaddr = 0;
struct in_addr server;
2009-08-15 13:45:07 +03:00
fprintf(stderr, "Testing raw UDP data to the server (skip with -r)\n");
2009-06-11 23:23:05 +03:00
for (i=0; running && i<3 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
send_ip_request(dns_fd, userid);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2009-08-06 23:42:26 +03:00
len = read_dns(dns_fd, 0, in, sizeof(in));
2009-06-14 17:01:48 +03:00
if (len == 5 && in[0] == 'I') {
2009-06-11 23:23:05 +03:00
/* Received IP address */
remoteaddr = (in[1] & 0xff);
remoteaddr <<= 8;
remoteaddr |= (in[2] & 0xff);
remoteaddr <<= 8;
remoteaddr |= (in[3] & 0xff);
remoteaddr <<= 8;
remoteaddr |= (in[4] & 0xff);
server.s_addr = ntohl(remoteaddr);
break;
}
} else {
fprintf(stderr, ".");
fflush(stderr);
}
}
if (!remoteaddr) {
2009-08-15 13:49:38 +03:00
fprintf(stderr, "Failed to get raw server IP, will use DNS mode.\n");
return 0;
2009-06-11 23:23:05 +03:00
}
2009-08-15 13:49:38 +03:00
fprintf(stderr, "Server is at %s, trying raw login: ", inet_ntoa(server));
2009-06-11 23:23:05 +03:00
fflush(stderr);
/* Store address to iodined server */
memset(&raw_serv, 0, sizeof(raw_serv));
raw_serv.sin_family = AF_INET;
raw_serv.sin_port = htons(53);
raw_serv.sin_addr = server;
/* do login against port 53 on remote server
* based on the old seed. If reply received,
* switch to raw udp mode */
for (i=0; running && i<4 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
send_raw_udp_login(dns_fd, userid, seed);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2009-06-14 22:50:35 +03:00
/* recv() needed for windows, dont change to read() */
len = recv(dns_fd, in, sizeof(in), 0);
if (len >= (16 + RAW_HDR_LEN)) {
2009-06-14 17:01:48 +03:00
char hash[16];
login_calculate(hash, 16, password, seed - 1);
if (memcmp(in, raw_header, RAW_HDR_IDENT_LEN) == 0
&& RAW_HDR_GET_CMD(in) == RAW_HDR_CMD_LOGIN
&& memcmp(&in[RAW_HDR_LEN], hash, sizeof(hash)) == 0) {
2009-06-14 17:01:48 +03:00
fprintf(stderr, "OK\n");
return 1;
2009-06-14 17:01:48 +03:00
}
}
}
2009-06-14 17:01:48 +03:00
fprintf(stderr, ".");
fflush(stderr);
}
2009-06-14 17:01:48 +03:00
fprintf(stderr, "failed\n");
return 0;
2009-06-11 23:23:05 +03:00
}
static int
handshake_case_check(int dns_fd)
{
struct timeval tv;
char in[4096];
fd_set fds;
int i;
int r;
int read;
int case_preserved;
case_preserved = 0;
for (i=0; running && i<5 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
send_case_check(dns_fd);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2009-08-06 23:42:26 +03:00
read = read_dns(dns_fd, 0, in, sizeof(in));
if (read > 0) {
if (in[0] == 'z' || in[0] == 'Z') {
if (read < (27 * 2)) {
fprintf(stderr, "Received short case check reply. Will use base32 encoder\n");
return case_preserved;
} else {
int k;
/* TODO enhance this, base128 is probably also possible */
case_preserved = 1;
for (k = 0; k < 27 && case_preserved; k += 2) {
if (in[k] == in[k+1]) {
/* test string: zZ+-aAbBcCdDeE... */
case_preserved = 0;
}
}
return case_preserved;
}
} else {
fprintf(stderr, "Received bad case check reply\n");
}
} else {
fprintf(stderr, "Got error on case check, will use base32\n");
return case_preserved;
}
}
fprintf(stderr, "Retrying case check...\n");
}
2006-06-11 19:13:40 +03:00
fprintf(stderr, "No reply on case check, continuing\n");
return case_preserved;
}
static void
handshake_switch_codec(int dns_fd)
{
struct timeval tv;
char in[4096];
fd_set fds;
int i;
int r;
int read;
dataenc = get_base64_encoder();
fprintf(stderr, "Switching to %s codec\n", dataenc->name);
/* Send to server that this user will use base64 from now on */
for (i=0; running && i<5 ;i++) {
int bits;
tv.tv_sec = i + 1;
tv.tv_usec = 0;
bits = 6; /* base64 = 6 bits per byte */
send_codec_switch(dns_fd, userid, bits);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2009-08-06 23:42:26 +03:00
read = read_dns(dns_fd, 0, in, sizeof(in));
if (read > 0) {
if (strncmp("BADLEN", in, 6) == 0) {
fprintf(stderr, "Server got bad message length. ");
goto codec_revert;
} else if (strncmp("BADIP", in, 5) == 0) {
fprintf(stderr, "Server rejected sender IP address. ");
goto codec_revert;
} else if (strncmp("BADCODEC", in, 8) == 0) {
fprintf(stderr, "Server rejected the selected codec. ");
goto codec_revert;
}
in[read] = 0; /* zero terminate */
fprintf(stderr, "Server switched to codec %s\n", in);
return;
}
}
fprintf(stderr, "Retrying codec switch...\n");
}
fprintf(stderr, "No reply from server on codec switch. ");
codec_revert:
fprintf(stderr, "Falling back to base32\n");
dataenc = get_base32_encoder();
}
static int
handshake_autoprobe_fragsize(int dns_fd)
{
struct timeval tv;
char in[4096];
fd_set fds;
int i;
int r;
int read;
int proposed_fragsize = 768;
int range = 768;
2009-02-15 23:12:47 +02:00
int max_fragsize = 0;
2009-02-15 23:12:47 +02:00
max_fragsize = 0;
fprintf(stderr, "Autoprobing max downstream fragment size... (skip with -m fragsize)\n");
2009-02-15 23:12:47 +02:00
while (running && range > 0 && (range >= 8 || !max_fragsize)) {
for (i=0; running && i<3 ;i++) {
tv.tv_sec = 1;
tv.tv_usec = 0;
send_fragsize_probe(dns_fd, proposed_fragsize);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2009-08-06 23:42:26 +03:00
read = read_dns(dns_fd, 0, in, sizeof(in));
if (read > 0) {
/* We got a reply */
int acked_fragsize = ((in[0] & 0xff) << 8) | (in[1] & 0xff);
if (acked_fragsize == proposed_fragsize) {
if (read == proposed_fragsize) {
fprintf(stderr, "%d ok.. ", acked_fragsize);
fflush(stderr);
2009-02-15 23:12:47 +02:00
max_fragsize = acked_fragsize;
}
}
if (strncmp("BADIP", in, 5) == 0) {
fprintf(stderr, "got BADIP.. ");
fflush(stderr);
}
2009-03-07 01:16:23 +02:00
break;
}
}
fprintf(stderr, ".");
fflush(stderr);
}
range >>= 1;
2009-03-07 01:16:23 +02:00
if (max_fragsize == proposed_fragsize) {
/* Try bigger */
proposed_fragsize += range;
} else {
/* Try smaller */
fprintf(stderr, "%d not ok.. ", proposed_fragsize);
fflush(stderr);
proposed_fragsize -= range;
}
}
if (!running) {
fprintf(stderr, "\n");
warnx("stopped while autodetecting fragment size (Try probing manually with -m)");
2009-02-15 23:12:47 +02:00
return 0;
}
if (range == 0) {
/* Tried all the way down to 2 and found no good size */
fprintf(stderr, "\n");
warnx("found no accepted fragment size. (Try probing manually with -m)");
2009-02-15 23:12:47 +02:00
return 0;
}
fprintf(stderr, "will use %d\n", max_fragsize);
2009-02-15 23:12:47 +02:00
return max_fragsize;
}
static void
2009-02-15 23:12:47 +02:00
handshake_set_fragsize(int dns_fd, int fragsize)
{
struct timeval tv;
char in[4096];
fd_set fds;
int i;
int r;
int read;
fprintf(stderr, "Setting downstream fragment size to max %d...\n", fragsize);
for (i=0; running && i<5 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
2009-02-15 23:12:47 +02:00
send_set_downstream_fragsize(dns_fd, fragsize);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2009-08-06 23:42:26 +03:00
read = read_dns(dns_fd, 0, in, sizeof(in));
if (read > 0) {
int accepted_fragsize;
if (strncmp("BADFRAG", in, 7) == 0) {
fprintf(stderr, "Server rejected fragsize. Keeping default.");
return;
} else if (strncmp("BADIP", in, 5) == 0) {
fprintf(stderr, "Server rejected sender IP address.\n");
return;
}
accepted_fragsize = ((in[0] & 0xff) << 8) | (in[1] & 0xff);
return;
}
}
fprintf(stderr, "Retrying set fragsize...\n");
}
fprintf(stderr, "No reply from server when setting fragsize. Keeping default.\n");
}
static int
2009-08-15 13:45:07 +03:00
handshake(int dns_fd, int raw_mode, int autodetect_frag_size, int fragsize)
{
int seed;
int case_preserved;
int r;
r = handshake_version(dns_fd, &seed);
if (r) {
return r;
}
r = handshake_login(dns_fd, seed);
if (r) {
return r;
}
2009-08-15 13:45:07 +03:00
if (raw_mode && handshake_raw_udp(dns_fd, seed)) {
conn = CONN_RAW_UDP;
} else {
2009-08-15 13:45:07 +03:00
if (raw_mode == 0) {
fprintf(stderr, "Skipping raw mode\n");
}
case_preserved = handshake_case_check(dns_fd);
if (case_preserved) {
handshake_switch_codec(dns_fd);
}
if (autodetect_frag_size) {
fragsize = handshake_autoprobe_fragsize(dns_fd);
if (!fragsize) {
return 1;
}
}
handshake_set_fragsize(dns_fd, fragsize);
}
return 0;
2006-06-11 19:13:40 +03:00
}
static char *
get_resolvconf_addr()
{
static char addr[16];
char *rv;
#ifndef WINDOWS32
char buf[80];
FILE *fp;
rv = NULL;
if ((fp = fopen("/etc/resolv.conf", "r")) == NULL)
err(1, "/etc/resolve.conf");
while (feof(fp) == 0) {
fgets(buf, sizeof(buf), fp);
if (sscanf(buf, "nameserver %15s", addr) == 1) {
rv = addr;
break;
}
}
fclose(fp);
#else /* !WINDOWS32 */
FIXED_INFO *fixed_info;
ULONG buflen;
DWORD ret;
rv = NULL;
fixed_info = malloc(sizeof(FIXED_INFO));
buflen = sizeof(FIXED_INFO);
if (GetNetworkParams(fixed_info, &buflen) == ERROR_BUFFER_OVERFLOW) {
/* official ugly api workaround */
free(fixed_info);
fixed_info = malloc(buflen);
}
ret = GetNetworkParams(fixed_info, &buflen);
if (ret == NO_ERROR) {
2009-02-22 16:35:18 +02:00
strncpy(addr, fixed_info->DnsServerList.IpAddress.String, sizeof(addr));
addr[15] = 0;
rv = addr;
}
2009-02-22 16:42:53 +02:00
free(fixed_info);
#endif
return rv;
}
2006-06-11 19:13:40 +03:00
static void
set_nameserver(const char *cp)
{
struct in_addr addr;
if (inet_aton(cp, &addr) != 1)
errx(1, "error parsing nameserver address: '%s'", cp);
memset(&nameserv, 0, sizeof(nameserv));
nameserv.sin_family = AF_INET;
nameserv.sin_port = htons(53);
nameserv.sin_addr = addr;
}
static void
usage() {
2006-08-25 00:23:29 +03:00
extern char *__progname;
fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] "
"[-P password] [-m maxfragsize] [-z context] [nameserver] topdomain\n", __progname);
exit(2);
}
2006-06-11 16:14:57 +03:00
static void
help() {
2006-08-25 00:23:29 +03:00
extern char *__progname;
fprintf(stderr, "iodine IP over DNS tunneling client\n");
fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] "
"[-P password] [-m maxfragsize] [-z context] [nameserver] topdomain\n", __progname);
fprintf(stderr, " -v to print version info and exit\n");
fprintf(stderr, " -h to print this help and exit\n");
fprintf(stderr, " -f to keep running in foreground\n");
fprintf(stderr, " -u name to drop privileges and run as user 'name'\n");
fprintf(stderr, " -t dir to chroot to directory dir\n");
fprintf(stderr, " -d device to set tunnel device name\n");
fprintf(stderr, " -P password used for authentication (max 32 chars will be used)\n");
fprintf(stderr, " -m maxfragsize, to limit size of downstream packets\n");
fprintf(stderr, " -z context, to apply specified SELinux context after initialization\n");
fprintf(stderr, "nameserver is the IP number of the relaying nameserver, if absent /etc/resolv.conf is used\n");
fprintf(stderr, "topdomain is the FQDN that is delegated to the tunnel endpoint.\n");
2007-02-06 18:01:09 +02:00
2006-06-11 16:14:57 +03:00
exit(0);
}
2006-06-11 16:27:48 +03:00
static void
version() {
2007-02-06 18:01:09 +02:00
char *svnver;
2007-02-06 18:01:09 +02:00
svnver = "$Rev$ from $Date$";
fprintf(stderr, "iodine IP over DNS tunneling client\n");
fprintf(stderr, "SVN version: %s\n", svnver);
2007-02-06 18:01:09 +02:00
2006-06-11 16:27:48 +03:00
exit(0);
}
2006-06-05 15:41:08 +03:00
int
main(int argc, char **argv)
2006-06-05 15:41:08 +03:00
{
char *nameserv_addr;
#ifndef WINDOWS32
2006-08-25 00:23:29 +03:00
struct passwd *pw;
#endif
char *username;
2006-06-11 16:05:41 +03:00
int foreground;
2006-08-25 00:23:29 +03:00
char *newroot;
char *context;
2006-08-25 00:23:29 +03:00
char *device;
int choice;
2006-08-25 01:12:45 +03:00
int tun_fd;
int dns_fd;
2009-02-15 23:12:47 +02:00
int max_downstream_frag_size;
int autodetect_frag_size;
2009-06-24 19:29:30 +03:00
int retval;
2009-08-15 13:45:07 +03:00
int raw_mode;
2006-11-18 18:08:47 +02:00
memset(password, 0, 33);
2007-02-06 18:01:09 +02:00
username = NULL;
2006-06-11 16:05:41 +03:00
foreground = 0;
2006-08-25 00:23:29 +03:00
newroot = NULL;
context = NULL;
2006-08-25 00:23:29 +03:00
device = NULL;
2007-02-06 18:01:09 +02:00
chunkid = 0;
2007-06-09 19:18:59 +03:00
outpkt.seqno = 0;
inpkt.len = 0;
autodetect_frag_size = 1;
max_downstream_frag_size = 3072;
2009-08-15 13:45:07 +03:00
raw_mode = 1;
2008-12-07 00:12:18 +02:00
b32 = get_base32_encoder();
2007-06-24 13:54:50 +03:00
dataenc = get_base32_encoder();
conn = CONN_DNS_NULL;
2009-01-25 19:13:12 +02:00
2009-06-24 19:29:30 +03:00
retval = 0;
2009-01-25 19:13:12 +02:00
#ifdef WINDOWS32
WSAStartup(req_version, &wsa_data);
#endif
srand((unsigned) time(NULL));
rand_seed = rand();
2006-06-11 15:45:46 +03:00
2008-07-12 15:26:41 +03:00
#if !defined(BSD) && !defined(__GLIBC__)
__progname = strrchr(argv[0], '/');
if (__progname == NULL)
__progname = argv[0];
else
__progname++;
#endif
2009-08-15 13:45:07 +03:00
while ((choice = getopt(argc, argv, "vfhru:t:d:P:m:")) != -1) {
switch(choice) {
2006-06-11 16:27:48 +03:00
case 'v':
version();
2008-12-11 21:11:53 +02:00
/* NOTREACHED */
2006-06-11 16:27:48 +03:00
break;
2006-06-11 16:05:41 +03:00
case 'f':
foreground = 1;
break;
2006-06-11 16:14:57 +03:00
case 'h':
help();
2008-12-11 21:11:53 +02:00
/* NOTREACHED */
2006-06-11 16:14:57 +03:00
break;
2009-08-15 13:45:07 +03:00
case 'r':
raw_mode = 0;
case 'u':
username = optarg;
break;
2006-06-11 17:29:36 +03:00
case 't':
newroot = optarg;
break;
2006-06-24 13:28:24 +03:00
case 'd':
device = optarg;
break;
2006-11-18 18:08:47 +02:00
case 'P':
strncpy(password, optarg, sizeof(password));
password[sizeof(password)-1] = 0;
/* XXX: find better way of cleaning up ps(1) */
memset(optarg, 0, strlen(optarg));
2006-11-18 18:08:47 +02:00
break;
case 'm':
autodetect_frag_size = 0;
max_downstream_frag_size = atoi(optarg);
break;
case 'z':
context = optarg;
break;
default:
usage();
2007-02-04 19:00:20 +02:00
/* NOTREACHED */
}
}
2009-01-24 17:50:54 +02:00
check_superuser(usage);
argc -= optind;
argv += optind;
switch (argc) {
case 1:
nameserv_addr = get_resolvconf_addr();
topdomain = strdup(argv[0]);
break;
case 2:
nameserv_addr = argv[0];
topdomain = strdup(argv[1]);
break;
default:
usage();
/* NOTREACHED */
}
if (max_downstream_frag_size < 1 || max_downstream_frag_size > 0xffff) {
warnx("Use a max frag size between 1 and 65535 bytes.\n");
usage();
/* NOTREACHED */
}
2009-03-28 19:03:42 +02:00
if (nameserv_addr) {
set_nameserver(nameserv_addr);
} else {
usage();
/* NOTREACHED */
}
2009-08-06 22:48:54 +03:00
if (strlen(topdomain) <= 128) {
2008-07-12 14:41:01 +03:00
if(check_topdomain(topdomain)) {
warnx("Topdomain contains invalid characters.\n");
usage();
2008-12-11 21:11:53 +02:00
/* NOTREACHED */
2008-07-12 14:41:01 +03:00
}
} else {
warnx("Use a topdomain max 128 chars long.\n");
usage();
2008-12-11 21:11:53 +02:00
/* NOTREACHED */
}
if (username != NULL) {
#ifndef WINDOWS32
if ((pw = getpwnam(username)) == NULL) {
warnx("User %s does not exist!\n", username);
2006-06-11 15:18:49 +03:00
usage();
2008-12-11 21:11:53 +02:00
/* NOTREACHED */
2006-06-11 15:18:49 +03:00
}
#endif
2006-06-11 15:18:49 +03:00
}
2006-11-18 18:08:47 +02:00
if (strlen(password) == 0)
read_password(password, sizeof(password));
2006-06-11 15:18:49 +03:00
2009-06-24 19:29:30 +03:00
if ((tun_fd = open_tun(device)) == -1) {
retval = 1;
goto cleanup1;
2009-06-24 19:29:30 +03:00
}
if ((dns_fd = open_dns(0, INADDR_ANY)) == -1) {
retval = 1;
2006-06-11 17:42:19 +03:00
goto cleanup2;
2009-06-24 19:29:30 +03:00
}
2006-06-11 22:54:23 +03:00
2006-06-11 21:07:26 +03:00
signal(SIGINT, sighandler);
signal(SIGTERM, sighandler);
2006-06-11 17:29:36 +03:00
2009-08-15 13:45:07 +03:00
if (handshake(dns_fd, raw_mode, autodetect_frag_size, max_downstream_frag_size)) {
2009-06-24 19:29:30 +03:00
retval = 1;
2006-06-11 19:13:40 +03:00
goto cleanup2;
2009-06-24 19:29:30 +03:00
}
2006-11-18 18:08:47 +02:00
if (conn == CONN_DNS_NULL) {
fprintf(stderr, "Sending queries for %s to %s\n", topdomain, nameserv_addr);
} else {
fprintf(stderr, "Sending raw traffic directly to %s\n", inet_ntoa(raw_serv.sin_addr));
}
2006-06-11 19:13:40 +03:00
if (foreground == 0)
do_detach();
if (newroot != NULL)
do_chroot(newroot);
2006-06-05 17:46:10 +03:00
if (username != NULL) {
#ifndef WINDOWS32
gid_t gids[1];
gids[0] = pw->pw_gid;
if (setgroups(1, gids) < 0 || setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
warnx("Could not switch to user %s!\n", username);
usage();
2008-12-11 21:11:53 +02:00
/* NOTREACHED */
}
#endif
}
if (context != NULL)
do_setcon(context);
2007-03-01 23:41:17 +02:00
downstream_seqno = 0;
downstream_fragment = 0;
down_ack_seqno = 0;
down_ack_fragment = 0;
2006-06-05 17:43:04 +03:00
tunnel(tun_fd, dns_fd);
2006-06-05 15:41:08 +03:00
2006-06-11 17:42:19 +03:00
cleanup2:
2006-06-05 17:43:04 +03:00
close_dns(dns_fd);
close_tun(tun_fd);
cleanup1:
2006-06-05 15:41:08 +03:00
2009-06-24 19:29:30 +03:00
return retval;
2006-06-05 15:41:08 +03:00
}
2009-06-24 19:29:30 +03:00