Allow setting netmask in iodined, fixes #27. The same netmask will be given to clients as well. Updated docs.

This commit is contained in:
Erik Ekman 2009-01-04 12:39:28 +00:00
parent f5e58e6527
commit f8eb4c952b
7 changed files with 54 additions and 23 deletions

View File

@ -17,6 +17,11 @@ CHANGES:
- Upstream data is now Base64 encoded if relay server preserves case and - Upstream data is now Base64 encoded if relay server preserves case and
supports the plus (+) character in domain names, fixes #16. supports the plus (+) character in domain names, fixes #16.
- Fixed problem in client when DNS trans. ID has highest bit set (#37) - Fixed problem in client when DNS trans. ID has highest bit set (#37)
- IP addresses are now assigned within the netmask, so iodined can
use any address for itself, fixes #28.
- Netmask size is now adjustable. Setting a small net will reduce the
number of users. Use x.x.x.x/n notation on iodined tunnel ip.
This fixes #27.
2008-08-06: 0.4.2 "Opened Zone" 2008-08-06: 0.4.2 "Opened Zone"
- Applied a few small patches from Maxim Bourmistrov and Gregor Herrmann - Applied a few small patches from Maxim Bourmistrov and Gregor Herrmann

View File

@ -26,7 +26,7 @@ Client sends:
CMC CMC
Server replies: Server replies:
LNAK means not accepted LNAK means not accepted
x.x.x.x-y.y.y.y-mtu means accepted (server ip, client ip, mtu) x.x.x.x-y.y.y.y-mtu-netmask means accepted (server ip, client ip, mtu, netmask bits)
Case check: Case check:
Client sends: Client sends:

View File

@ -45,6 +45,9 @@ iodine, iodined \- tunnel IPv4 over DNS
.I password .I password
.B ] .B ]
.I tunnel_ip .I tunnel_ip
.B [
.I /netmask
.B ]
.I topdomain .I topdomain
.SH DESCRIPTION .SH DESCRIPTION
.B iodine .B iodine
@ -133,10 +136,12 @@ is the iodined server, then the topdomain can be chosen freely. This argument
must be the same on both the client and the server. must be the same on both the client and the server.
.SS Server Arguments: .SS Server Arguments:
.TP .TP
.B tunnel_ip .B tunnel_ip[/netmask]
This is the servers ip address on the tunnel interface. The client will be This is the servers ip address on the tunnel interface. The client will be
given the next ip number in the range. It is recommended to use the given the next ip number in the range. It is recommended to use the
10.0.0.0/8 or 172.16.0.0/12 ranges. 10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overriden
by specifying it here. Using a smaller network will limit the number of
concurrent users.
.TP .TP
.B topdomain .B topdomain
The dns traffic will is expected to be sent as querys of type NULL for The dns traffic will is expected to be sent as querys of type NULL for

View File

@ -488,15 +488,16 @@ perform_login:
} }
if (read > 0) { if (read > 0) {
int netmask;
if (strncmp("LNAK", in, 4) == 0) { if (strncmp("LNAK", in, 4) == 0) {
printf("Bad password\n"); printf("Bad password\n");
return 1; return 1;
} else if (sscanf(in, "%64[^-]-%64[^-]-%d", } else if (sscanf(in, "%64[^-]-%64[^-]-%d-%d",
server, client, &mtu) == 3) { server, client, &mtu, &netmask) == 4) {
server[64] = 0; server[64] = 0;
client[64] = 0; client[64] = 0;
if (tun_setip(client) == 0 && if (tun_setip(client, netmask) == 0 &&
tun_setmtu(mtu) == 0) { tun_setmtu(mtu) == 0) {
goto perform_case_check; goto perform_case_check;
} else { } else {

View File

@ -56,10 +56,12 @@ static int running = 1;
static char *topdomain; static char *topdomain;
static char password[33]; static char password[33];
static struct encoder *b32; static struct encoder *b32;
static int created_users;
static int check_ip; static int check_ip;
static int my_mtu; static int my_mtu;
static in_addr_t my_ip; static in_addr_t my_ip;
static int netmask;
static in_addr_t ns_ip; static in_addr_t ns_ip;
@ -230,7 +232,7 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
users[userid].q.id = 0; users[userid].q.id = 0;
} else { } else {
/* No space for another user */ /* No space for another user */
send_version_response(dns_fd, VERSION_FULL, USERS, 0, q); send_version_response(dns_fd, VERSION_FULL, created_users, 0, q);
} }
} else { } else {
send_version_response(dns_fd, VERSION_NACK, VERSION, 0, q); send_version_response(dns_fd, VERSION_NACK, VERSION, 0, q);
@ -251,15 +253,15 @@ handle_null_request(int tun_fd, int dns_fd, struct query *q, int domain_len)
write_dns(dns_fd, q, "BADIP", 5); write_dns(dns_fd, q, "BADIP", 5);
} else { } else {
if (read >= 18 && (memcmp(logindata, unpacked+1, 16) == 0)) { if (read >= 18 && (memcmp(logindata, unpacked+1, 16) == 0)) {
/* Login ok, send ip/mtu info */ /* Login ok, send ip/mtu/netmask info */
tempip.s_addr = my_ip; tempip.s_addr = my_ip;
tmp[0] = strdup(inet_ntoa(tempip)); tmp[0] = strdup(inet_ntoa(tempip));
tempip.s_addr = users[userid].tun_ip; tempip.s_addr = users[userid].tun_ip;
tmp[1] = strdup(inet_ntoa(tempip)); tmp[1] = strdup(inet_ntoa(tempip));
read = snprintf(out, sizeof(out), "%s-%s-%d", read = snprintf(out, sizeof(out), "%s-%s-%d-%d",
tmp[0], tmp[1], my_mtu); tmp[0], tmp[1], my_mtu, netmask);
write_dns(dns_fd, q, out, read); write_dns(dns_fd, q, out, read);
q->id = 0; q->id = 0;
@ -726,7 +728,7 @@ usage() {
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] " printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
"[-t chrootdir] [-d device] [-m mtu] " "[-t chrootdir] [-d device] [-m mtu] "
"[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]" "[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]"
" tunnel_ip topdomain\n", __progname); " tunnel_ip[/netmask] topdomain\n", __progname);
exit(2); exit(2);
} }
@ -738,7 +740,7 @@ help() {
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] " printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
"[-t chrootdir] [-d device] [-m mtu] " "[-t chrootdir] [-d device] [-m mtu] "
"[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]" "[-l ip address to listen on] [-p port] [-n external ip] [-b dnsport] [-P password]"
" tunnel_ip topdomain\n", __progname); " tunnel_ip[/netmask] topdomain\n", __progname);
printf(" -v to print version info and exit\n"); printf(" -v to print version info and exit\n");
printf(" -h to print this help and exit\n"); printf(" -h to print this help and exit\n");
printf(" -c to disable check of client IP/port on each request\n"); printf(" -c to disable check of client IP/port on each request\n");
@ -757,6 +759,7 @@ help() {
printf(" -b port to forward normal DNS queries to (on localhost)\n"); printf(" -b port to forward normal DNS queries to (on localhost)\n");
printf(" -P password used for authentication (max 32 chars will be used)\n"); printf(" -P password used for authentication (max 32 chars will be used)\n");
printf("tunnel_ip is the IP number of the local tunnel interface.\n"); printf("tunnel_ip is the IP number of the local tunnel interface.\n");
printf(" /netmask sets the size of the tunnel network.\n");
printf("topdomain is the FQDN that is delegated to this server.\n"); printf("topdomain is the FQDN that is delegated to this server.\n");
exit(0); exit(0);
} }
@ -791,8 +794,7 @@ main(int argc, char **argv)
int port; int port;
int mtu; int mtu;
int skipipconfig; int skipipconfig;
int netmask; char *netsize;
int created_users;
username = NULL; username = NULL;
newroot = NULL; newroot = NULL;
@ -892,6 +894,13 @@ main(int argc, char **argv)
if (argc != 2) if (argc != 2)
usage(); usage();
netsize = strchr(argv[0], '/');
if (netsize) {
*netsize = 0;
netsize++;
netmask = atoi(netsize);
}
my_ip = inet_addr(argv[0]); my_ip = inet_addr(argv[0]);
if (my_ip == INADDR_NONE) { if (my_ip == INADDR_NONE) {
@ -968,7 +977,7 @@ main(int argc, char **argv)
if ((tun_fd = open_tun(device)) == -1) if ((tun_fd = open_tun(device)) == -1)
goto cleanup0; goto cleanup0;
if (!skipipconfig) if (!skipipconfig)
if (tun_setip(argv[0]) != 0 || tun_setmtu(mtu) != 0) if (tun_setip(argv[0], netmask) != 0 || tun_setmtu(mtu) != 0)
goto cleanup1; goto cleanup1;
if ((dnsd_fd = open_dns(port, listen_ip)) == -1) if ((dnsd_fd = open_dns(port, listen_ip)) == -1)
goto cleanup2; goto cleanup2;

View File

@ -181,19 +181,30 @@ read_tun(int tun_fd, char *buf, size_t len)
} }
int int
tun_setip(const char *ip) tun_setip(const char *ip, int netbits)
{ {
char cmdline[512]; char cmdline[512];
int netmask;
struct in_addr net;
int i;
#ifndef LINUX #ifndef LINUX
int r; int r;
#endif #endif
netmask = 0;
for (i = 0; i < netbits; i++) {
netmask = (netmask << 1) | 1;
}
netmask <<= (32 - netbits);
net.s_addr = htonl(netmask);
if (inet_addr(ip) != INADDR_NONE) { if (inet_addr(ip) != INADDR_NONE) {
snprintf(cmdline, sizeof(cmdline), snprintf(cmdline, sizeof(cmdline),
"/sbin/ifconfig %s %s %s netmask 255.255.255.0", "/sbin/ifconfig %s %s %s netmask %s",
if_name, if_name,
ip, ip,
ip); ip,
inet_ntoa(net));
printf("Setting IP of %s to %s\n", if_name, ip); printf("Setting IP of %s to %s\n", if_name, ip);
#ifndef LINUX #ifndef LINUX
@ -202,10 +213,10 @@ tun_setip(const char *ip)
return r; return r;
} else { } else {
snprintf(cmdline, sizeof(cmdline), snprintf(cmdline, sizeof(cmdline),
"/sbin/route add %s/24 %s", "/sbin/route add %s/%d %s",
ip, ip); ip, netbits, ip);
} }
printf("Adding route %s/24 to %s\n", ip, ip); printf("Adding route %s/%d to %s\n", ip, netbits, ip);
#endif #endif
return system(cmdline); return system(cmdline);
} else { } else {

View File

@ -21,7 +21,7 @@ int open_tun(const char *);
void close_tun(int); void close_tun(int);
int write_tun(int, char *, size_t); int write_tun(int, char *, size_t);
ssize_t read_tun(int, char *, size_t); ssize_t read_tun(int, char *, size_t);
int tun_setip(const char *); int tun_setip(const char *, int);
int tun_setmtu(const size_t); int tun_setmtu(const size_t);
#endif /* _TUN_H_ */ #endif /* _TUN_H_ */