Added -n to set NS ip, updated docs, added checks

This commit is contained in:
Erik Ekman 2008-09-14 13:21:11 +00:00 committed by Erik Ekman
parent e7fdb0a5f5
commit b36ed27117
3 changed files with 52 additions and 15 deletions

View File

@ -13,7 +13,8 @@ CHANGES:
a nameserver on localhost. Use -b port to enable. a nameserver on localhost. Use -b port to enable.
- iodine client now shuts down if it detects a server restart. - iodine client now shuts down if it detects a server restart.
- iodined now replies to NS request on its own domain, fixes issue #33. - iodined now replies to NS request on its own domain, fixes issue #33.
The destination IP address is sent as reply. The destination IP address is sent as reply. Use -n to specify
a specific IP address to return (if behind NAT etc).
- Upstream data is now Base64 encoded if relay server preserves case and - Upstream data is now Base64 encoded if relay server preserves case and
supports the plus (+) character in domain names, fixes #16. supports the plus (+) character in domain names, fixes #16.

View File

@ -27,16 +27,22 @@ iodine, iodined \- tunnel IPv4 over DNS
.B iodined [-c] [-s] [-f] [-D] [-u .B iodined [-c] [-s] [-f] [-D] [-u
.I user .I user
.B ] [-P
.I password
.B ] [-t .B ] [-t
.I chrootdir .I chrootdir
.B ] [-d
.I device
.B ] [-m .B ] [-m
.I mtu .I mtu
.B ] [-l .B ] [-l
.I listen_ip .I listen_ip
.B ] [-d .B ] [-p
.I device .I port
.B ] [-n
.I external ip
.B ] [-b
.I dnsport
.B ] [-P
.I password
.B ] .B ]
.I tunnel_ip .I tunnel_ip
.I topdomain .I topdomain
@ -68,14 +74,14 @@ Drop privileges and run as user 'user' after setting up tunnel.
.B -t chrootdir .B -t chrootdir
Chroot to 'chrootdir' after setting up tunnel. Chroot to 'chrootdir' after setting up tunnel.
.TP .TP
.B -d device
Use the TUN device 'device' instead of the normal one, which is dnsX on Linux
and otherwise tunX.
.TP
.B -P password .B -P password
Use 'password' to authenticate. If not used, Use 'password' to authenticate. If not used,
.B stdin .B stdin
will be used as input. Only the first 32 characters will be used. will be used as input. Only the first 32 characters will be used.
.TP
.B -d device
Use the TUN device 'device' instead of the normal one, which is dnsX on Linux
and otherwise tunX.
.SS Server Options: .SS Server Options:
.TP .TP
.B -c .B -c
@ -100,6 +106,14 @@ connections.
Make the server listen on 'port' instead of 53 for traffic. Make the server listen on 'port' instead of 53 for traffic.
.B Note: .B Note:
You must make sure the dns requests are forwarded to this port yourself. You must make sure the dns requests are forwarded to this port yourself.
.TP
.B -n external ip
The IP address to return in NS responses. Default is to return the address used
as destination in the query.
.TP
.B -b dnsport
If this port is specified, all incoming requests not inside the tunnel domain
will be forwarded to this port on localhost, to be handled by a real dns.
.SS Client Arguments: .SS Client Arguments:
.TP .TP
.B nameserver .B nameserver

View File

@ -60,6 +60,8 @@ static int check_ip;
static int my_mtu; static int my_mtu;
static in_addr_t my_ip; static in_addr_t my_ip;
static in_addr_t ns_ip;
static int bind_port; static int bind_port;
static int debug; static int debug;
@ -353,6 +355,10 @@ handle_ns_request(int dns_fd, struct query *q)
char buf[64*1024]; char buf[64*1024];
int len; int len;
if (ns_ip != INADDR_ANY) {
memcpy(&q->destination.s_addr, &ns_ip, sizeof(in_addr_t));
}
len = dns_encode_ns_response(buf, sizeof(buf), q, topdomain); len = dns_encode_ns_response(buf, sizeof(buf), q, topdomain);
if (debug >= 1) { if (debug >= 1) {
@ -636,7 +642,7 @@ usage() {
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] " printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
"[-t chrootdir] [-d device] [-m mtu] " "[-t chrootdir] [-d device] [-m mtu] "
"[-l ip address to listen on] [-p port] [-b port] [-P password]" "[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]"
" tunnel_ip topdomain\n", __progname); " tunnel_ip topdomain\n", __progname);
exit(2); exit(2);
} }
@ -648,7 +654,7 @@ help() {
printf("iodine IP over DNS tunneling server\n"); printf("iodine IP over DNS tunneling server\n");
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] " printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
"[-t chrootdir] [-d device] [-m mtu] " "[-t chrootdir] [-d device] [-m mtu] "
"[-l ip address to listen on] [-p port] [-b port] [-P password]" "[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]"
" tunnel_ip topdomain\n", __progname); " tunnel_ip topdomain\n", __progname);
printf(" -v to print version info and exit\n"); printf(" -v to print version info and exit\n");
printf(" -h to print this help and exit\n"); printf(" -h to print this help and exit\n");
@ -664,6 +670,7 @@ help() {
printf(" -l ip address to listen on for incoming dns traffic " printf(" -l ip address to listen on for incoming dns traffic "
"(default 0.0.0.0)\n"); "(default 0.0.0.0)\n");
printf(" -p port to listen on for incoming dns traffic (default 53)\n"); printf(" -p port to listen on for incoming dns traffic (default 53)\n");
printf(" -n ip to respond with to NS queries\n");
printf(" -b port to forward normal DNS queries to (on localhost)\n"); printf(" -b port to forward normal DNS queries to (on localhost)\n");
printf(" -P password used for authentication (max 32 chars will be used)\n"); printf(" -P password used for authentication (max 32 chars will be used)\n");
printf("tunnel_ip is the IP number of the local tunnel interface.\n"); printf("tunnel_ip is the IP number of the local tunnel interface.\n");
@ -711,6 +718,7 @@ main(int argc, char **argv)
mtu = 1024; mtu = 1024;
listen_ip = INADDR_ANY; listen_ip = INADDR_ANY;
port = 53; port = 53;
ns_ip = INADDR_ANY;
check_ip = 1; check_ip = 1;
skipipconfig = 0; skipipconfig = 0;
debug = 0; debug = 0;
@ -729,7 +737,7 @@ main(int argc, char **argv)
srand(time(NULL)); srand(time(NULL));
fw_query_init(); fw_query_init();
while ((choice = getopt(argc, argv, "vcsfhDu:t:d:m:l:p:b:P:")) != -1) { while ((choice = getopt(argc, argv, "vcsfhDu:t:d:m:l:p:n:b:P:")) != -1) {
switch(choice) { switch(choice) {
case 'v': case 'v':
version(); version();
@ -767,6 +775,9 @@ main(int argc, char **argv)
case 'p': case 'p':
port = atoi(optarg); port = atoi(optarg);
break; break;
case 'n':
ns_ip = inet_addr(optarg);
break;
case 'b': case 'b':
bind_enable = 1; bind_enable = 1;
bind_port = atoi(optarg); bind_port = atoi(optarg);
@ -795,6 +806,13 @@ main(int argc, char **argv)
if (argc != 2) if (argc != 2)
usage(); usage();
my_ip = inet_addr(argv[0]);
if (my_ip == INADDR_NONE) {
warnx("Bad IP address to use inside tunnel.\n");
usage();
}
topdomain = strdup(argv[1]); topdomain = strdup(argv[1]);
if(strlen(topdomain) <= 128) { if(strlen(topdomain) <= 128) {
if(check_topdomain(topdomain)) { if(check_topdomain(topdomain)) {
@ -849,6 +867,11 @@ main(int argc, char **argv)
usage(); usage();
} }
if (ns_ip == INADDR_NONE) {
warnx("Bad IP address to return as nameserver.\n");
usage();
}
if (strlen(password) == 0) if (strlen(password) == 0)
read_password(password, sizeof(password)); read_password(password, sizeof(password));
@ -863,7 +886,6 @@ main(int argc, char **argv)
if ((bind_fd = open_dns(0, INADDR_ANY)) == -1) if ((bind_fd = open_dns(0, INADDR_ANY)) == -1)
goto cleanup3; goto cleanup3;
my_ip = inet_addr(argv[0]);
my_mtu = mtu; my_mtu = mtu;
init_users(my_ip); init_users(my_ip);