Erik Ekman
b715be5cf3
Fix authentication bypass bug
...
The client could bypass the password check by continuing after getting error
from the server and guessing the network parameters. The server would still
accept the rest of the setup and also network traffic.
Add checks for normal and raw mode that user has authenticated before allowing
any other communication.
Problem found by Oscar Reparaz.
2014-06-16 21:43:22 +02:00
Erik Ekman
bf658b0c59
Misc cleanup of tun.c
...
- Make variables static
- open_tun(): First Linux code, then Windows, then BSDs
- write_tun()/read_tun(): Split Windows and normal code
2014-06-11 21:04:22 +02:00
Erik Ekman
3ebcd29b13
Add support for using an unspecified RR type
...
Add PRIVATE query type with id 65399 (private use range).
According to RFC3597 the reply data in a query with unspecified RR type must be handled
as unstructured binary data, which means it can contain raw packet data just like the NULL type.
Since the reply format is optimal it is ordered just after NULL in the priority order.
2014-06-09 20:06:36 +02:00
Erik Ekman
2466cd184a
Change readshort() to work with unsigned values
2014-06-09 19:47:44 +02:00
Erik Ekman
1f4b9250cf
Check that supplied query type is valid
2014-06-09 18:56:32 +02:00
Erik Ekman
4d7678dc5b
Prefix exported functions from client.c
2014-06-09 18:11:16 +02:00
Erik Ekman
fbb5a49cf3
Fix windows build
2014-06-05 02:19:57 +02:00
Erik Ekman
3fadbfb580
Do not let sockets be inherited by sub-processes
...
Set FD_CLOEXEC flag on tunnel and UDP file descriptors.
Fixes ticket #99 , "should not allow UDP socket to be inherited by ifconfig"
2014-06-04 17:48:43 +09:00
Erik Ekman
a23899513d
Remove trailing whitespace
2014-06-01 08:46:54 +02:00
Erik Ekman
388afe3845
Update copyright
2014-06-01 08:46:54 +02:00
Erik Ekman
95dedf51db
Simplify opening UDP socket in win32 tun reader
2014-05-31 21:22:03 +02:00
Erik Ekman
d0fb85e8cf
Do not use 53 as source port for DNS/raw traffic.
...
For some reason this makes raw traffic get dropped.
2014-05-31 21:20:04 +02:00
Erik Ekman
5b71224def
Fix segfault in windows tun reader thread
...
The arguments to open_dns() needs to be updated after API change.
Called with 0, INADDR_ANY used to mean port, IP address but now means
pointer to sockadddr and its length. Thanks to C for not giving any
warnings or errors..
2014-05-31 19:33:25 +02:00
Erik Ekman
00268bc160
Fix two unused variables for windows build
2014-05-31 10:19:46 +02:00
Erik Ekman
3914d37c99
Move error message generation into topdomain check method
...
Change isalpha() to a-z check to avoid locale issues
2014-05-31 10:07:36 +02:00
Erik Ekman
9bb2323f84
Improve check of topdomain to use
...
Add more checks and unit tests
2014-05-30 00:18:45 +02:00
Erik Ekman
bacb69e4f0
Mark usage() method as noreturn to avoid warning on BSD
...
Warning from OpenBSD/NetBSD:
CC iodine.c
iodine.c: In function 'main':
iodine.c:141:6: warning: 'nameservaddr_len' may be used uninitialized in this function
2014-05-29 23:21:55 +02:00
Erik Ekman
d6c3426b84
Set C standard to C99
...
Also include strings.h where strcasecmp() is used
2014-05-29 18:38:43 +02:00
Erik Ekman
b079b0eda5
Fix build error and a warning on OpenBSD
2014-05-29 16:18:59 +02:00
Barak A. Pearlmutter
88590bcaaf
Mixing signed and unsigned quantities in MIN() upset GCC's tender soul.
2014-04-06 13:41:31 +02:00
Barak A. Pearlmutter
f73fb9f8d0
rewrite comparison to avoid negative unsigned numbers
...
Note that GCC -O2 is happy to optimize away (x<0) when x is an
unsigned quantity. This was actually occurring in CHECKLEN(0),
causing the compiler to issue a warning.
2014-04-06 13:41:17 +02:00
Erik Ekman
acd6c37ac1
Fix build after rtable patch
2014-04-06 13:35:09 +02:00
Erik Ekman
eca80f769b
Merge branch 'master' of https://github.com/jedisct1/iodine
2014-04-06 13:31:34 +02:00
Erik Ekman
619ede5da8
Add options to force IP version for client DNS traffic
2014-02-10 22:52:31 +01:00
Erik Ekman
540d3795a9
Switch from inet_pton() to getnameinfo() for portability
...
Windows XP is supported again
2014-02-06 22:50:23 +01:00
Erik Ekman
f02339b3b2
IPv6: Create single way to format IP addresses
2014-02-06 19:44:26 +01:00
Erik Ekman
400f45c793
Do not use AI_ADDRCONFIG on Windows
...
It was not available on my MinGW crosscompiler,
and it may be harmful:
https://code.google.com/p/chromium/issues/detail?id=5234
Also, remove old conflicting WINVER in osflags.
It is set in src/windows.h now.
2014-02-05 22:55:35 +01:00
Erik Ekman
a1d88c4f0a
IPv6 support for client ( #107 )
...
The iodine client now supports both IPv4 and IPv6 nameservers for
sending DNS queries to an IPv4 iodined. The nameserver will
transparently handle translation between IP protocols.
Windows port needs Vista or later to support IPv6.
2014-02-05 22:36:53 +01:00
Erik Ekman
8baad91156
Make sure buffer is zero-terminated when getting external ip
...
Also switch to HTTP 1.0 to avoid chunked transfer coding.
2014-01-29 23:12:22 +01:00
Erik Ekman
967276f3ba
Fix git revision for android
2014-01-29 20:34:00 +01:00
Erik Ekman
fb9e930fee
Print git revision as version
2014-01-29 20:25:45 +01:00
Erik Ekman
97b5e688ef
Fix warning, unused variable 'accepted_fragsize'
2014-01-29 19:33:54 +01:00
Erik Ekman
a7f491f808
Fix warning, unused variable 'rtable'
2014-01-29 19:12:46 +01:00
Erik Ekman
4f02f7d0aa
Fix warning, unused variable 'encsize'
2014-01-29 19:12:42 +01:00
Erik Ekman
900647fa0c
Merge pull request #4 from mscherer/systemd
...
Add socket activation for systemd, with a option to stop on idle
2014-01-29 09:25:00 -08:00
Michael Scherer
abd276ed9e
Add idle option, so we can stop iodine and start it on demand with systemd
2013-12-23 22:57:50 +01:00
Michael Scherer
27fb4c75cd
Add support to have on demand socket activation of iodine
2013-12-23 22:57:40 +01:00
Michael Scherer
64ff684754
Fix gcc warning -Wsizeof-pointer-memaccess
...
iodined.c: In function ‘write_dns_nameenc’:
iodined.c:2030:23: attention : argument to ‘sizeof’ in ‘memset’ call is the same
expression as the destination; did you mean to provide an explicit length? [-Wsizeof-pointer-memaccess]
memset(buf, 0, sizeof(buf));
sizeof buf will just give the size of the pointer, while buflen will clean the whole
memory.
2013-12-23 18:04:06 +01:00
Frank Denis
28ceecba37
size_t values can't be negative.
2013-05-20 10:40:44 -07:00
Frank Denis
1523a4f035
snprintf() is a macro on some operating systems
...
and having #ifdef statements in macro parameters has undefined behavior.
2013-05-20 10:39:05 -07:00
Frank Denis
b31e66343a
-R only works on OpenBSD.
2013-05-20 10:31:39 -07:00
Frank Denis
58dac78bd8
Fix NULL pointer deref
2013-05-20 10:30:43 -07:00
Frank Denis
2d90aaaf30
Wipe the whole buffer containing the DNS name, not the size of its pointer
2013-05-20 10:28:25 -07:00
Frank Denis
ac7cbd4435
Check set[e]uid return code
2013-05-20 10:27:23 -07:00
Erik Ekman
59dbaf2b50
Merge pull request #1 from zschoche/master
...
Bugfix for Mountain Lion
2013-01-15 00:26:02 -08:00
Jason A. Donenfeld
ade78ac8a2
More generic way of finding ifconfig.
2012-09-09 14:02:54 +02:00
Erik Ekman
c99f381719
Set WINVER to Windows XP to support getaddrinfo
2012-09-03 10:52:04 +02:00
Erik Ekman
43e4fb5448
Add automatic external IP lookup via '-n auto'
...
Leonard Lausen proposed iodined should use externalip.net api
to find external ip. Use -n auto to trigger a lookup.
2012-09-03 10:34:27 +02:00
Philipp Zschoche
e1e438497a
after update to OSX 10.8 I've gotten these error:
...
route: writing to routing socket: Can't assign requested address
add net 192.168.99.2: gateway 192.168.99.2: Can't assign requested address
This change fix that!
2012-07-31 22:09:53 +02:00
Erik Ekman
b30abea6b0
Reorganize imports for OpenBSD
2012-02-10 23:26:27 +01:00
Erik Ekman
45a5d80c49
Adjust indentation
2012-02-06 20:28:42 +01:00
Erik Ekman
24f1959bab
Rename user struct to fix ubuntu arm build failure
2012-02-05 00:49:30 +01:00
Erik Ekman
423cbec41d
Added android specific readme file, along with new make targets
...
Also updated changelog.
2012-02-05 00:36:15 +01:00
Pavel Pergamenshchik
85be9b07d1
Missing break in iodine.c command-line parsing
...
Bug-Ubuntu: https://bugs.launchpad.net/bugs/880508
Author: Pavel Pergamenshchik <ppergame@gmail.com>
Reviewed-by: gregor herrmann <gregoa@debian.org>
Last-Update: 2011-10-23
2012-02-04 22:38:27 +01:00
Marcel Bokhorst
a569030bb7
Android support ( #105 ) patch from Marcel Bokhorst
2012-02-04 20:34:05 +01:00
Erik Ekman
66d9428dff
Add check for SO_RTABLE support in openbsd, #95
2012-02-04 20:34:05 +01:00
Laurent Ghigonis
d4849a5dbf
Add support for openbsd routing domain, #95
2012-02-04 20:34:05 +01:00
Håkan Kvist
9c3343e6ac
Allow spaces in passwords, #93
2012-02-04 20:34:05 +01:00
Erik Ekman
0a968a5144
Initialize 'inside_topdomain'. Fixes #94
2012-02-04 20:34:05 +01:00
Erik Ekman
0be4332193
Fix things mentioned in #91
2012-02-04 20:34:05 +01:00
Erik Ekman
b22e3da5a0
#89 , use remote ip as second ip in ifconfig on FreeBSD
2012-02-04 20:34:05 +01:00
Erik Ekman
465cfe54a3
Fix build error on windows
2012-02-04 20:34:04 +01:00
jsbid1
7ae8d04955
Fix #86 , patch from jsbid1 gmail.com
2012-02-04 20:34:04 +01:00
Erik Ekman
6e2cf70587
Fix osx compile, maybe also OpenBSD
2012-02-04 20:34:04 +01:00
Erik Ekman
79f0092c70
Fix compile for win32
2012-02-04 20:34:04 +01:00
J. A. Bezemer
b177901d38
Applied patch from #88 , thanks a lot!
2012-02-04 20:34:04 +01:00
Erik Ekman
1a26a91db3
#82 , switch to gethostbyname() for win32 support
2012-02-04 20:34:04 +01:00
Erik Ekman
c5bdf07070
#82 update docs
2012-02-04 20:34:04 +01:00
Erik Ekman
365aab1d29
#82 , fix resolving given nameserver on everything but win32
2012-02-04 20:34:04 +01:00
Erik Ekman
acd264b435
Make sure replies with errors get the name parsed
2012-02-04 20:34:04 +01:00
Erik Ekman
269499ba43
Print DNS errors only when requested packet has an error
2012-02-04 20:34:04 +01:00
Erik Ekman
326da432c9
Fix buggy set lazy mode function
2012-02-04 20:34:04 +01:00
J. A. Bezemer
3c48602747
merge client code #76
2012-02-04 20:34:04 +01:00
J. A. Bezemer
d87432ec18
merge server code #76
2012-02-04 20:34:04 +01:00
J. A. Bezemer
60dfbf1b34
merge dns and user #76
2012-02-04 20:34:04 +01:00
J. A. Bezemer
05e99c7a3f
start merging common and docs #76
2012-02-04 20:34:04 +01:00
Erik Ekman
92b160a416
Fix mtu fragment size probing
2012-02-04 20:34:04 +01:00
Erik Ekman
5951166b36
Fix data length in encoding dns queries
2012-02-04 20:34:04 +01:00
Erik Ekman
d4d88d2ad0
Remove arg to inline_dotify
2012-02-04 20:34:04 +01:00
J. A. Bezemer
40167437d3
update server code #75
2012-02-04 20:34:04 +01:00
J. A. Bezemer
55cfed9956
update client code #75
2012-02-04 20:34:03 +01:00
J. A. Bezemer
2c2dd6f06e
update client code #75
2012-02-04 20:34:03 +01:00
J. A. Bezemer
90e25e3a2c
update dns parsing #75
2012-02-04 20:34:03 +01:00
J. A. Bezemer
c2bc500cba
add downenc per-user field #75
2012-02-04 20:34:03 +01:00
J. A. Bezemer
1fcab767cd
Add win32 defines for TXT and SRV #75
2012-02-04 20:34:03 +01:00
J. A. Bezemer
05a23a544d
add win32 defines #75
2012-02-04 20:34:03 +01:00
J. A. Bezemer
4c0fe80ba8
add txt read/write #75
2012-02-04 20:34:03 +01:00
J. A. Bezemer
fb17474438
base32 decode uppercase #75
2012-02-04 20:34:03 +01:00
Erik Ekman
b6eb8d75d4
Fix FreeBSD build error, remove more includes
2012-02-04 20:34:03 +01:00
Erik Ekman
f9c2257ba9
Prune includes
2012-02-04 20:34:03 +01:00
Erik Ekman
379ca540ef
Fix OpenBSD build error
2012-02-04 20:34:03 +01:00
Erik Ekman
93a313b130
Added new test, found and fixed an actual bug
2012-02-04 20:34:03 +01:00
Erik Ekman
a1a2e3cefe
Refactored to make it easier to add unit tests
2012-02-04 20:34:03 +01:00
Guillaume Rischard
3879f96a80
Fix build error on OSX 10.6 by Guillaume Rischard, #79
2012-02-04 20:34:03 +01:00
Erik Ekman
0cdd537819
#78 , print server tunnel ip
2012-02-04 20:34:03 +01:00
Erik Ekman
01e558022e
#77 , get password from env variable
2012-02-04 20:34:03 +01:00
Erik Ekman
8074696a14
Fix password reading
2012-02-04 20:34:03 +01:00
Erik Ekman
27fdc23433
Split the client code out from the file with the main() func
2012-02-04 20:34:03 +01:00
Erik Ekman
1137ac6ac9
Updated docs
2012-02-04 20:34:03 +01:00
misc
7efdd01ae2
add -F option for writing pid file. Patch from misc@mandriva.org #70
2012-02-04 20:34:03 +01:00
Erik Ekman
2482a42d01
Fixes for unpacking raw packets
2012-02-04 20:34:03 +01:00
Erik Ekman
ef8e3b7ea4
Fix win32 build error
2012-02-04 20:34:03 +01:00
Erik Ekman
cb926cf0c9
Fix some uninitialized variable warnings
2012-02-04 20:34:03 +01:00
Victor Ostorga
24871faa99
Keep user CC and CFLAGS/LDFLAGS.
2012-02-04 20:34:03 +01:00
Erik Ekman
473bb93951
#36 , Send ping message every 20 seconds
2012-02-04 20:34:03 +01:00
Erik Ekman
7e4ee6c470
#36 , update printouts
2012-02-04 20:34:03 +01:00
Erik Ekman
ebc1b2f7f8
#36 , Use -r to skip raw mode
2012-02-04 20:34:02 +01:00
Erik Ekman
e5370ad95b
#36 , basic raw mode tunnel works
2012-02-04 20:34:02 +01:00
Erik Ekman
58d9615160
#36 , upstream traffic now sent in raw mode
2012-02-04 20:34:02 +01:00
Erik Ekman
02c06d742f
Formatting
2012-02-04 20:34:02 +01:00
Erik Ekman
293796fcf6
Fix #65 , randomize rand_seed on startup
2012-02-04 20:34:02 +01:00
Erik Ekman
938c2458b9
Exit if IP/mtu can not be configured
2012-02-04 20:34:02 +01:00
Erik Ekman
a62ae8e562
Allow bind port and listen port to be the same if listenip doesnt include localhost. Also remove newlines from warnx
2012-02-04 20:34:02 +01:00
Sebastien Raveau
d5acb508bc
Add support for applying SELinux context
2012-02-04 20:34:02 +01:00
Erik Ekman
cf78fdca85
print error if tun device is already taken
2012-02-04 20:34:02 +01:00
Erik Ekman
196b37c402
return 1 if opening tun fails and args are correct
2012-02-04 20:34:02 +01:00
Erik Ekman
da50020f5b
return 1 if connection failed, #62
2012-02-04 20:34:02 +01:00
Erik Ekman
e84b317e0e
Small tweaks
2012-02-04 20:34:02 +01:00
Erik Ekman
8fc8ce587c
Any number of TAP32 interfaces supported, use -d to choose. #46
2012-02-04 20:34:02 +01:00
Erik Ekman
e59aaa523e
Fixed #47 , support any TAP device name
2012-02-04 20:34:02 +01:00
Erik Ekman
f20b3c9511
Remove a global variable and some warnings
2012-02-04 20:34:02 +01:00
Erik Ekman
de976d0558
#36 client now reads raw reply
2012-02-04 20:34:02 +01:00
Erik Ekman
1235cb3e4a
#36 server now responds to raw login, quite a hack
2012-02-04 20:34:02 +01:00
Erik Ekman
c92ed9bad8
#36 send raw login packet directly to server
2012-02-04 20:34:02 +01:00
Erik Ekman
950c0870b2
Added CMC to I and S packet types
2012-02-04 20:34:02 +01:00
Erik Ekman
3eef144fce
#36 fetch remote ip number after login
2012-02-04 20:34:02 +01:00
Erik Ekman
27fc039700
#36 , add way to request ip address from server
2012-02-04 20:34:02 +01:00
Erik Ekman
96ee6f9630
Use recv on windows and read for the others
2012-02-04 20:34:01 +01:00
Luigi Rizzo
8b95bded10
Use read instead of recv, #58 .
2012-02-04 20:34:01 +01:00
Erik Ekman
4bbf4ecd14
Check that nameserver was found
2012-02-04 20:34:01 +01:00
Erik Ekman
5dccfbecf6
Use ssize_t for read variable (ticket #57 )
2012-02-04 20:34:01 +01:00
Erik Ekman
a3a20a2b09
#53 Support TAP32 version 0901 as well
2012-02-04 20:34:01 +01:00
Erik Ekman
7d140addae
print dot while waiting for probe responses
2012-02-04 20:34:01 +01:00
Erik Ekman
addd798712
Set interface MTU to 1200.
...
1188 is the uncompressed DNS reply payload size that gets through
unfragmented on Ethernet.
2012-02-04 20:34:01 +01:00
Erik Ekman
3db5cd24b7
Fix (ignore) Dont-Fragment for OpenBSD and OS X
2012-02-04 20:34:01 +01:00
Erik Ekman
1bddcd33aa
Set Dont-Fragment for various os
2012-02-04 20:34:01 +01:00
Erik Ekman
789d8f3450
Use winsock2.h, use ws2tcpip.h for socklen_t
2012-02-04 20:34:01 +01:00
Erik Ekman
54195968c7
Use winsock2.h, use ws2tcpip.h for socklen_t
2012-02-04 20:34:01 +01:00
Erik Ekman
bc18afcc83
do proper mtu detection, ticket #54
2012-02-04 20:34:01 +01:00
Erik Ekman
7b30a2e504
actually accept mtu=1500
2012-02-04 20:34:01 +01:00
Erik Ekman
84f5965825
Increase default mtu to 1500
2012-02-04 20:34:01 +01:00
Erik Ekman
751f672a27
properly encode >1024 in probe requests ( fix #52 )
2012-02-04 20:34:01 +01:00
Erik Ekman
3e07afd13b
change all printf to fprintf on stderr for #49
2012-02-04 20:34:01 +01:00
Erik Ekman
9c738bbc81
#44 hide password input
2012-02-04 20:34:01 +01:00
Erik Ekman
990a03e93d
#45 : free the info pointer
2012-02-04 20:34:01 +01:00
Erik Ekman
13a5b7c2db
#45 : use static buffer
2012-02-04 20:34:01 +01:00
Erik Ekman
af1380f29d
#45 : Use IpHelper to get DNS server on win32
2012-02-04 20:34:01 +01:00
Erik Ekman
4ae304a9b7
Use winsock2.2
2012-02-04 20:34:01 +01:00
Erik Ekman
0b280bec2b
clean up codec reverse inits
2012-02-04 20:34:01 +01:00
Erik Ekman
444299b86e
#51 handle one block encode/decode for base32
2012-02-04 20:34:00 +01:00