[BIGPATCH 1/2] Add CNAME, A, MX, TXT transports

[guest]

Hi all,

So there I was, one day before leaving for holidays and expecting to encounter a few "free DNS" wifi hotspots on the way. Searching for a dns tunnel app, I quickly found iodine, which was working quite well.

Great job, people, highly appreciated!

However, #30 got me worrying, and, having not much else to do, I had working CNAME, A-returning-CNAME, MX and hostname-over-TXT transports at the end of the day.

Well, it turned out I didn't need it, but I could test at a few places and got a bit real-life experience. After that, I cleaned up the patch and added some more improvements, and fixes for stuff I discovered when reading through the code for the first time. Also added a real full-length TXT transport.

So I present to you the big "If This Doesn't Get You a Working Tunnel, Nothing Will" patch for iodine 0.5.2.

(For those not "in the know": Unzip iodine-0.5.2 source, cd to base dir, apply patch with: gunzip < iodine-0.5.2-CNAME2.patch.gz | patch -p1)

• Wire protocol fully backward & forward compatible with 0.5.2, but of course <=0.5.2 servers/clients only offer/use NULL transport
  
• Add TXT, CNAME, A (->CNAME), MX transports with Base32/Base64/Raw downstream encoding, selectable by each client individually
  
• Really use random domains for fragment probes (MIN/MAX typo)
  
• Add pseudo-random content to downstream fragsize response, and check it to notice corruption (real-life case: NULL fragsize probed at ~1200, but only usable at <=400)
  
• Probe fragsize as accurately as possible when fragments are smallish (e.g. with CNAME/A/MX)
  
• Fix fragsize probe off-by-two
  
• Add strict checks in dns encoding/decoding
  
• Add more verbose server-error reporting in dns decoding
  
• Reduce NS response TTL to more sensible value (1 hour)
  
• Generalize inline_dotify interval, putting constants (57) together where used
  
• Set cache-miss-counter to random value at startup, so that version/login etc. will not return cached responses
  
• Set dns id to random value at startup, and increase with a large prime to prevent some guessable-id-based dns attacks
  
• Give useful error message when resolv.conf is empty
  
• Switch request headers to lowercase to avoid attention
  
• Have base32 decode uppercase too (ouch..)
  
• Reset all client data on new login
  
• Cache the time(NULL) in a global var
  
• Prevent continuing a session that should have timed out long ago
  
• Allow requesting specific userid to get predictable static IP address
  
• Add "indent" target to Makefiles, matching the current coding style as closely as possible; recommended to run "make indent; make clean" before tarring up a new official version
  
• Extend protocol description with option-handshake 'O'/'o' for downstream codec switch and add 'V'/'v' option for forcing userid
  
• Update README
  
• Update, clarify, extend manpage

Then there are some further ideas that I didn't pursue:

• TXT/CNAME/A/MX encoding autodetect (base32/64/raw). Difficult: Raw check requires testing all 256 byte values, which might not fit in one packet
  
• Update stuff under tests/

And sorry, this is not against HEAD, since I opted for a fully "official" production-ready version (and I wasn't disappointed ;-).

Legal dept: If the patch has any original, non-derived code, then that's copyright by me and licensed under whatever license iodine has and/or will ever have, as long as it's DFSG-free.

Best regards, and look out for the upcoming BIGPATCH2,

Anne Bezemer
J.A.Bezemer X opensourcepartners Y nl | tr XY @.

[guest]

iodine-0.5.2-CNAME2.patch.gz

[guest]

To get this to compile with mingw32 on ubuntu I needed to patch src/windows.h I also needed to change the Makefile (i686-mingw32-gcc => i586-mingw32msvc-gcc) but I suspect that is local to my install. DNS_TYPE_SRV is not used and can safely be ignored but I am hopeful that it may end up being used at some point...

--- iodine-0.5.2-CNAME2/src/windows.h 2009-08-28 12:10:49.000000000 -0400 +++ iodine-0.5.2-CNAME2.mingw/src/windows.h 2009-09-04 11:33:31.000000000 -0400 @@ -25,6 +25,14 @@

#include <ws2tcpip.h> #include <iphlpapi.h>

+/* Missing from the mingw headers */ + #ifndef DNS_TYPE_SRV + # define DNS_TYPE_SRV 33 + #endif + #ifndef DNS_TYPE_TXT + # define DNS_TYPE_TXT 16 + #endif +

#define T_A DNS_TYPE_A #define T_NS DNS_TYPE_NS #define T_NULL DNS_TYPE_NULL

[guest]

--- iodine-0.5.2-CNAME2/src/windows.h 2009-08-28 12:10:49.000000000 -0400
+++ iodine-0.5.2-CNAME2.mingw/src/windows.h 2009-09-04 11:33:31.000000000 -0400
@@ -25,6 +25,14 @@
 #include <ws2tcpip.h>
 #include <iphlpapi.h>
 
+/* Missing from the mingw headers */
+ #ifndef DNS_TYPE_SRV
+ # define DNS_TYPE_SRV 33
+ #endif
+ #ifndef DNS_TYPE_TXT
+ # define DNS_TYPE_TXT 16
+ #endif
+
 #define T_A DNS_TYPE_A
 #define T_NS DNS_TYPE_NS
 #define T_NULL DNS_TYPE_NULL

[yarrick]

When I crosscompiled I only needed to add the TXT field. Thanks for the additional patch.

I am considering how to merge this stuff. If the patch was available as a series of commits on a git tree that would be optimal, but I will find a way anyway.

[guest]

Ported the patch to trunk. Well, not exactly trunk to be precise, trunk with #77 and #78 applied, but those changes are really minor. Also, I didn't incorporate DNS_TYPE_* in windows.h.

It compiles and with the default options iodine still seems to work, but I would be glad if somebody could review the patch before it gets committed.

[yarrick]

Lets see if this can be merged..

[yarrick]

Finally merged, in [928], [929], [930], [931], [932], [933], [934], [935], [936], [937], [938]. Thanks for the patch and for logix doing the porting. I did some changes, for instance removed the fixed user id feature.