1 | /* $Id: dnsproxy.c 82968 2020-02-04 10:35:17Z vboxsync $ */
|
---|
2 |
|
---|
3 | /*
|
---|
4 | * Copyright (C) 2009-2020 Oracle Corporation
|
---|
5 | *
|
---|
6 | * This file is part of VirtualBox Open Source Edition (OSE), as
|
---|
7 | * available from http://www.virtualbox.org. This file is free software;
|
---|
8 | * you can redistribute it and/or modify it under the terms of the GNU
|
---|
9 | * General Public License (GPL) as published by the Free Software
|
---|
10 | * Foundation, in version 2 as it comes in the "COPYING" file of the
|
---|
11 | * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
|
---|
12 | * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
|
---|
13 | */
|
---|
14 |
|
---|
15 | /*
|
---|
16 | * Copyright (c) 2003,2004,2005 Armin Wolfermann
|
---|
17 | *
|
---|
18 | * Permission is hereby granted, free of charge, to any person obtaining a
|
---|
19 | * copy of this software and associated documentation files (the "Software"),
|
---|
20 | * to deal in the Software without restriction, including without limitation
|
---|
21 | * the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
---|
22 | * and/or sell copies of the Software, and to permit persons to whom the
|
---|
23 | * Software is furnished to do so, subject to the following conditions:
|
---|
24 | *
|
---|
25 | * The above copyright notice and this permission notice shall be included in
|
---|
26 | * all copies or substantial portions of the Software.
|
---|
27 | *
|
---|
28 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
---|
29 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
---|
30 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
---|
31 | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
---|
32 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
---|
33 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
---|
34 | * DEALINGS IN THE SOFTWARE.
|
---|
35 | */
|
---|
36 |
|
---|
37 | #ifndef VBOX
|
---|
38 | #include <config.h>
|
---|
39 | #include <errno.h>
|
---|
40 | #include <pwd.h>
|
---|
41 | #include <signal.h>
|
---|
42 | #include <stdio.h>
|
---|
43 | #include <stdlib.h>
|
---|
44 | #include <string.h>
|
---|
45 | #include <unistd.h>
|
---|
46 | #else
|
---|
47 | #include "slirp.h"
|
---|
48 | #endif
|
---|
49 |
|
---|
50 | #ifndef VBOX
|
---|
51 | #define GLOBALS 1
|
---|
52 | #include "dnsproxy.h"
|
---|
53 |
|
---|
54 | #define RD(x) (*(x + 2) & 0x01)
|
---|
55 | #define MAX_BUFSPACE 512
|
---|
56 |
|
---|
57 | static unsigned short queryid = 0;
|
---|
58 | #define QUERYID queryid++
|
---|
59 |
|
---|
60 | static struct sockaddr_in authoritative_addr;
|
---|
61 | static struct sockaddr_in recursive_addr;
|
---|
62 | static int sock_query;
|
---|
63 | static int sock_answer;
|
---|
64 | static int dnsproxy_sig;
|
---|
65 |
|
---|
66 | extern int event_gotsig;
|
---|
67 | extern int (*event_sigcb)(void);
|
---|
68 |
|
---|
69 | #ifdef DEBUG
|
---|
70 | char *malloc_options = "AGZ";
|
---|
71 | #endif
|
---|
72 |
|
---|
73 | /* signal_handler -- Native signal handler. Set external flag for libevent
|
---|
74 | * and store type of signal. Real signal handling is done in signal_event.
|
---|
75 | */
|
---|
76 |
|
---|
77 | RETSIGTYPE
|
---|
78 | signal_handler(int sig)
|
---|
79 | {
|
---|
80 | event_gotsig = 1;
|
---|
81 | dnsproxy_sig = sig;
|
---|
82 | }
|
---|
83 |
|
---|
84 | /* signal_event -- Called by libevent to deliver a signal.
|
---|
85 | */
|
---|
86 |
|
---|
87 | int
|
---|
88 | signal_event(void)
|
---|
89 | {
|
---|
90 | fatal("exiting on signal %d", dnsproxy_sig);
|
---|
91 | return 0;
|
---|
92 | }
|
---|
93 |
|
---|
94 | #else /* VBOX */
|
---|
95 |
|
---|
96 | # define RD(x) (*(x + 2) & 0x01)
|
---|
97 |
|
---|
98 | # define QUERYID queryid++
|
---|
99 |
|
---|
100 | #endif
|
---|
101 | /* timeout -- Called by the event loop when a query times out. Removes the
|
---|
102 | * query from the queue.
|
---|
103 | */
|
---|
104 | /* ARGSUSED */
|
---|
105 | #ifndef VBOX
|
---|
106 | static void
|
---|
107 | timeout(int fd, short event, void *arg)
|
---|
108 | {
|
---|
109 | /* here we should check if we reached the end of the DNS server list */
|
---|
110 | hash_remove_request(pData, (struct request *)arg);
|
---|
111 | free((struct request *)arg);
|
---|
112 | ++removed_queries;
|
---|
113 | }
|
---|
114 | #else /* VBOX */
|
---|
115 | static void
|
---|
116 | timeout(PNATState pData, struct socket *so, void *arg)
|
---|
117 | {
|
---|
118 | struct request *req = (struct request *)arg;
|
---|
119 | struct dns_entry *de;
|
---|
120 | /* be paranoid */
|
---|
121 | AssertPtrReturnVoid(arg);
|
---|
122 |
|
---|
123 | if ( req->dnsgen != pData->dnsgen
|
---|
124 | || req->dns_server == NULL
|
---|
125 | || (de = TAILQ_PREV(req->dns_server, dns_list_head, de_list)) == NULL)
|
---|
126 | {
|
---|
127 | if (req->dnsgen != pData->dnsgen)
|
---|
128 | {
|
---|
129 | /* XXX: Log2 */
|
---|
130 | LogRel(("NAT: dnsproxy: timeout: req %p dnsgen %u != %u on %R[natsock]\n",
|
---|
131 | req, req->dnsgen, pData->dnsgen, so));
|
---|
132 | }
|
---|
133 | hash_remove_request(pData, req);
|
---|
134 | RTMemFree(req);
|
---|
135 | ++removed_queries;
|
---|
136 | /* the rest of clean up at the end of the method. */
|
---|
137 | }
|
---|
138 | else
|
---|
139 | {
|
---|
140 | struct ip *ip;
|
---|
141 | struct udphdr *udp;
|
---|
142 | int iphlen;
|
---|
143 | struct mbuf *m = NULL;
|
---|
144 | char *data;
|
---|
145 |
|
---|
146 | m = slirpDnsMbufAlloc(pData);
|
---|
147 | if (m == NULL)
|
---|
148 | {
|
---|
149 | LogRel(("NAT: Can't allocate mbuf\n"));
|
---|
150 | goto socket_clean_up;
|
---|
151 | }
|
---|
152 |
|
---|
153 | /* mbuf initialization */
|
---|
154 | m->m_data += if_maxlinkhdr;
|
---|
155 |
|
---|
156 | ip = mtod(m, struct ip *);
|
---|
157 | udp = (struct udphdr *)&ip[1]; /* ip attributes */
|
---|
158 | data = (char *)&udp[1];
|
---|
159 | iphlen = sizeof(struct ip);
|
---|
160 |
|
---|
161 | m->m_len += sizeof(struct ip);
|
---|
162 | m->m_len += sizeof(struct udphdr);
|
---|
163 | m->m_len += req->nbyte;
|
---|
164 |
|
---|
165 | ip->ip_src.s_addr = so->so_laddr.s_addr;
|
---|
166 | ip->ip_dst.s_addr = RT_H2N_U32(RT_N2H_U32(pData->special_addr.s_addr) | CTL_DNS);
|
---|
167 | udp->uh_dport = ntohs(53);
|
---|
168 | udp->uh_sport = so->so_lport;
|
---|
169 |
|
---|
170 | memcpy(data, req->byte, req->nbyte); /* coping initial req */
|
---|
171 |
|
---|
172 | /* req points to so->so_timeout_arg */
|
---|
173 | req->dns_server = de;
|
---|
174 |
|
---|
175 | /* expiration will be bumped in dnsproxy_query */
|
---|
176 |
|
---|
177 | dnsproxy_query(pData, so, m, iphlen);
|
---|
178 | /* should we free so->so_m ? */
|
---|
179 | return;
|
---|
180 | }
|
---|
181 |
|
---|
182 | socket_clean_up:
|
---|
183 | /* This socket (so) will be detached, so we need to remove timeout(&_arg) references
|
---|
184 | * before leave
|
---|
185 | */
|
---|
186 | so->so_timeout = NULL;
|
---|
187 | so->so_timeout_arg = NULL;
|
---|
188 | return;
|
---|
189 |
|
---|
190 | }
|
---|
191 | #endif /* VBOX */
|
---|
192 |
|
---|
193 | /* do_query -- Called by the event loop when a packet arrives at our
|
---|
194 | * listening socket. Read the packet, create a new query, append it to the
|
---|
195 | * queue and send it to the correct server.
|
---|
196 | *
|
---|
197 | * Slirp: this routine should be called from udp_input
|
---|
198 | * socket is Slirp's construction (here we should set expiration time for socket)
|
---|
199 | * mbuf points on ip header to easy fetch information about source and destination.
|
---|
200 | * iphlen - len of ip header
|
---|
201 | */
|
---|
202 |
|
---|
203 | /* ARGSUSED */
|
---|
204 | #ifndef VBOX
|
---|
205 | static void
|
---|
206 | do_query(int fd, short event, void *arg)
|
---|
207 | #else
|
---|
208 | void
|
---|
209 | dnsproxy_query(PNATState pData, struct socket *so, struct mbuf *m, int iphlen)
|
---|
210 | #endif
|
---|
211 | {
|
---|
212 | #ifndef VBOX
|
---|
213 | char buf[MAX_BUFSPACE];
|
---|
214 | unsigned int fromlen = sizeof(fromaddr);
|
---|
215 | struct timeval tv;
|
---|
216 | #else
|
---|
217 | struct ip *ip;
|
---|
218 | char *buf;
|
---|
219 | int retransmit;
|
---|
220 | struct udphdr *udp;
|
---|
221 | #endif
|
---|
222 | struct sockaddr_in addr;
|
---|
223 | struct request *req = NULL;
|
---|
224 | #ifndef VBOX
|
---|
225 | struct sockaddr_in fromaddr;
|
---|
226 | #else
|
---|
227 | struct sockaddr_in fromaddr = { 0, };
|
---|
228 | #endif
|
---|
229 | int byte = 0;
|
---|
230 |
|
---|
231 | ++all_queries;
|
---|
232 |
|
---|
233 | #ifndef VBOX
|
---|
234 | /* Reschedule event */
|
---|
235 | event_add((struct event *)arg, NULL);
|
---|
236 |
|
---|
237 | /* read packet from socket */
|
---|
238 | if ((byte = recvfrom(fd, buf, sizeof(buf), 0,
|
---|
239 | (struct sockaddr *)&fromaddr, &fromlen)) == -1) {
|
---|
240 | LogRel(("recvfrom failed: %s\n", strerror(errno)));
|
---|
241 | ++dropped_queries;
|
---|
242 | return;
|
---|
243 | }
|
---|
244 |
|
---|
245 | /* check for minimum dns packet length */
|
---|
246 | if (byte < 12) {
|
---|
247 | LogRel(("query too short from %s\n", inet_ntoa(fromaddr.sin_addr)));
|
---|
248 | ++dropped_queries;
|
---|
249 | return;
|
---|
250 | }
|
---|
251 |
|
---|
252 | /* allocate new request */
|
---|
253 | if ((req = calloc(1, sizeof(struct request))) == NULL) {
|
---|
254 | LogRel(("calloc failed\n"));
|
---|
255 | ++dropped_queries;
|
---|
256 | return;
|
---|
257 | }
|
---|
258 |
|
---|
259 | req->id = QUERYID;
|
---|
260 | memcpy(&req->client, &fromaddr, sizeof(struct sockaddr_in));
|
---|
261 | memcpy(&req->clientid, &buf[0], 2);
|
---|
262 |
|
---|
263 | /* where is this query coming from? */
|
---|
264 | if (is_internal(pData, fromaddr.sin_addr)) {
|
---|
265 | req->recursion = RD(buf);
|
---|
266 | DPRINTF(("Internal query RD=%d\n", req->recursion));
|
---|
267 | } else {
|
---|
268 | /* no recursion for foreigners */
|
---|
269 | req->recursion = 0;
|
---|
270 | DPRINTF(("External query RD=%d\n", RD(buf)));
|
---|
271 | }
|
---|
272 |
|
---|
273 | /* insert it into the hash table */
|
---|
274 | hash_add_request(pData, req);
|
---|
275 |
|
---|
276 | /* overwrite the original query id */
|
---|
277 | memcpy(&buf[0], &req->id, 2);
|
---|
278 |
|
---|
279 | if (req->recursion) {
|
---|
280 |
|
---|
281 | /* recursive queries timeout in 90s */
|
---|
282 | event_set(&req->timeout, -1, 0, timeout, req);
|
---|
283 | tv.tv_sec=recursive_timeout; tv.tv_usec=0;
|
---|
284 | event_add(&req->timeout, &tv);
|
---|
285 |
|
---|
286 | /* send it to our recursive server */
|
---|
287 | if ((byte = sendto(sock_answer, buf, (unsigned int)byte, 0,
|
---|
288 | (struct sockaddr *)&recursive_addr,
|
---|
289 | sizeof(struct sockaddr_in))) == -1) {
|
---|
290 | LogRel(("sendto failed: %s\n", strerror(errno)));
|
---|
291 | ++dropped_queries;
|
---|
292 | return;
|
---|
293 | }
|
---|
294 |
|
---|
295 | ++recursive_queries;
|
---|
296 |
|
---|
297 | } else {
|
---|
298 |
|
---|
299 | /* authoritative queries timeout in 10s */
|
---|
300 | event_set(&req->timeout, -1, 0, timeout, req);
|
---|
301 | tv.tv_sec=authoritative_timeout; tv.tv_usec=0;
|
---|
302 | event_add(&req->timeout, &tv);
|
---|
303 |
|
---|
304 | /* send it to our authoritative server */
|
---|
305 | if ((byte = sendto(sock_answer, buf, (unsigned int)byte, 0,
|
---|
306 | (struct sockaddr *)&authoritative_addr,
|
---|
307 | sizeof(struct sockaddr_in))) == -1) {
|
---|
308 | LogRel(("sendto failed: %s\n", strerror(errno)));
|
---|
309 | ++dropped_queries;
|
---|
310 | return;
|
---|
311 | }
|
---|
312 | ++authoritative_queries;
|
---|
313 | }
|
---|
314 |
|
---|
315 | #else /* VBOX */
|
---|
316 | AssertPtr(pData);
|
---|
317 |
|
---|
318 | /* m->m_data points to IP header */
|
---|
319 | #if 0
|
---|
320 | /* XXX: for some reason it make gdb ill,
|
---|
321 | * it good to have this assert here with assumption above.
|
---|
322 | */
|
---|
323 | M_ASSERTPKTHDR(m);
|
---|
324 | #endif
|
---|
325 |
|
---|
326 | ip = mtod(m, struct ip *);
|
---|
327 | udp = (struct udphdr *)(m->m_data + iphlen);
|
---|
328 |
|
---|
329 | fromaddr.sin_addr.s_addr = ip->ip_src.s_addr;
|
---|
330 | fromaddr.sin_port = udp->uh_sport;
|
---|
331 | fromaddr.sin_family = AF_INET;
|
---|
332 |
|
---|
333 | /* iphlen equals to lenght of ip header */
|
---|
334 | Assert(iphlen == sizeof(struct ip));
|
---|
335 | iphlen += sizeof (struct udphdr);
|
---|
336 |
|
---|
337 | byte = m->m_len - iphlen;
|
---|
338 | buf = m->m_data + iphlen;
|
---|
339 |
|
---|
340 | /* check for minimum dns packet length */
|
---|
341 | if (byte < 12) {
|
---|
342 | LogRel(("NAT: Query too short from %RTnaipv4\n", fromaddr.sin_addr));
|
---|
343 | ++dropped_queries;
|
---|
344 | return;
|
---|
345 | }
|
---|
346 |
|
---|
347 | req = so->so_timeout_arg;
|
---|
348 |
|
---|
349 | if (!req)
|
---|
350 | {
|
---|
351 |
|
---|
352 | Assert(!so->so_timeout_arg);
|
---|
353 |
|
---|
354 | if ((req = RTMemAllocZ(sizeof(struct request) + byte)) == NULL)
|
---|
355 | {
|
---|
356 | LogRel(("NAT: calloc failed\n"));
|
---|
357 | ++dropped_queries;
|
---|
358 | return;
|
---|
359 | }
|
---|
360 |
|
---|
361 | req->id = QUERYID;
|
---|
362 | memcpy(&req->client, &fromaddr, sizeof(struct sockaddr_in));
|
---|
363 | memcpy(&req->clientid, &buf[0], 2);
|
---|
364 | req->dns_server = TAILQ_LAST(&pData->pDnsList, dns_list_head);
|
---|
365 | req->dnsgen = pData->dnsgen;
|
---|
366 | if (req->dns_server == NULL)
|
---|
367 | {
|
---|
368 | RTMemFree(req);
|
---|
369 | return;
|
---|
370 | }
|
---|
371 | retransmit = 0;
|
---|
372 | so->so_timeout = timeout;
|
---|
373 | so->so_timeout_arg = req;
|
---|
374 | req->nbyte = byte;
|
---|
375 | memcpy(req->byte, buf, byte); /* copying original request */
|
---|
376 | }
|
---|
377 | else
|
---|
378 | {
|
---|
379 | if (req->dnsgen != pData->dnsgen)
|
---|
380 | {
|
---|
381 | /* XXX: Log2 */
|
---|
382 | LogRel(("NAT: dnsproxy: query: req %p dnsgen %u != %u on %R[natsock]\n",
|
---|
383 | req, req->dnsgen, pData->dnsgen, so));
|
---|
384 | /*
|
---|
385 | * XXX: TODO: this probably requires more cleanup.
|
---|
386 | * Cf. XXX comment for sendto() failure below, but that
|
---|
387 | * error leg is probably untested since ~never taken.
|
---|
388 | */
|
---|
389 | ++dropped_queries;
|
---|
390 | return;
|
---|
391 | }
|
---|
392 | retransmit = 1;
|
---|
393 | }
|
---|
394 |
|
---|
395 | req->recursion = 0;
|
---|
396 |
|
---|
397 | DPRINTF(("External query RD=%d\n", RD(buf)));
|
---|
398 |
|
---|
399 | if (retransmit == 0)
|
---|
400 | hash_add_request(pData, req);
|
---|
401 |
|
---|
402 |
|
---|
403 | /* overwrite the original query id */
|
---|
404 | memcpy(&buf[0], &req->id, 2);
|
---|
405 |
|
---|
406 | /* let's slirp to care about expiration */
|
---|
407 | so->so_expire = curtime + recursive_timeout * 1000;
|
---|
408 |
|
---|
409 | memset(&addr, 0, sizeof(struct sockaddr_in));
|
---|
410 | addr.sin_family = AF_INET;
|
---|
411 | if (req->dns_server->de_addr.s_addr == (pData->special_addr.s_addr | RT_H2N_U32_C(CTL_ALIAS))) {
|
---|
412 | /* undo loopback remapping done in get_dns_addr_domain() */
|
---|
413 | addr.sin_addr.s_addr = RT_N2H_U32_C(INADDR_LOOPBACK);
|
---|
414 | }
|
---|
415 | else {
|
---|
416 | addr.sin_addr.s_addr = req->dns_server->de_addr.s_addr;
|
---|
417 | }
|
---|
418 | addr.sin_port = htons(53);
|
---|
419 |
|
---|
420 | /* send it to our authoritative server */
|
---|
421 | Log2(("NAT: request will be %ssent to %RTnaipv4 on %R[natsock]\n",
|
---|
422 | retransmit ? "re" : "", addr.sin_addr, so));
|
---|
423 |
|
---|
424 | byte = sendto(so->s, buf, (unsigned int)byte, 0,
|
---|
425 | (struct sockaddr *)&addr,
|
---|
426 | sizeof(struct sockaddr_in));
|
---|
427 | if (byte == -1)
|
---|
428 | {
|
---|
429 | /* XXX: is it really enough? */
|
---|
430 | LogRel(("NAT: sendto failed: %s\n", strerror(errno)));
|
---|
431 | ++dropped_queries;
|
---|
432 | return;
|
---|
433 | }
|
---|
434 |
|
---|
435 | so->so_state = SS_ISFCONNECTED; /* now it's selected */
|
---|
436 | Log2(("NAT: request was %ssent to %RTnaipv4 on %R[natsock]\n",
|
---|
437 | retransmit ? "re" : "", addr.sin_addr, so));
|
---|
438 |
|
---|
439 | ++authoritative_queries;
|
---|
440 |
|
---|
441 | # if 0
|
---|
442 | /* XXX: this stuff for _debugging_ only,
|
---|
443 | * first enforce guest to send next request
|
---|
444 | * and second for faster getting timeout callback
|
---|
445 | * other option is adding couple entries in resolv.conf with
|
---|
446 | * invalid nameservers.
|
---|
447 | *
|
---|
448 | * For testing purposes could be used
|
---|
449 | * namebench -S -q 10000 -m random or -m chunk
|
---|
450 | */
|
---|
451 | /* RTThreadSleep(3000); */
|
---|
452 | /* curtime += 300; */
|
---|
453 | # endif
|
---|
454 | #endif /* VBOX */
|
---|
455 | }
|
---|
456 |
|
---|
457 | /* do_answer -- Process a packet coming from our authoritative or recursive
|
---|
458 | * server. Find the corresponding query and send answer back to querying
|
---|
459 | * host.
|
---|
460 | *
|
---|
461 | * Slirp: we call this from the routine from socrecvfrom routine handling UDP responses.
|
---|
462 | * So at the moment of call response already has been readed and packed into the mbuf
|
---|
463 | */
|
---|
464 |
|
---|
465 | /* ARGSUSED */
|
---|
466 | #ifndef VBOX
|
---|
467 | static void
|
---|
468 | do_answer(int fd, short event, void *arg)
|
---|
469 | #else
|
---|
470 | void
|
---|
471 | dnsproxy_answer(PNATState pData, struct socket *so, struct mbuf *m)
|
---|
472 | #endif
|
---|
473 | {
|
---|
474 | #ifndef VBOX
|
---|
475 | char buf[MAX_BUFSPACE];
|
---|
476 | int byte = 0;
|
---|
477 | struct request *query = NULL;
|
---|
478 |
|
---|
479 | /* Reschedule event */
|
---|
480 | event_add((struct event *)arg, NULL);
|
---|
481 |
|
---|
482 | /* read packet from socket */
|
---|
483 | if ((byte = recvfrom(fd, buf, sizeof(buf), 0, NULL, NULL)) == -1) {
|
---|
484 | LogRel(("recvfrom failed: %s\n", strerror(errno)));
|
---|
485 | ++dropped_answers;
|
---|
486 | return;
|
---|
487 | }
|
---|
488 |
|
---|
489 | /* check for minimum dns packet length */
|
---|
490 | if (byte < 12) {
|
---|
491 | LogRel(("answer too short\n"));
|
---|
492 | ++dropped_answers;
|
---|
493 | return;
|
---|
494 | }
|
---|
495 |
|
---|
496 | /* find corresponding query */
|
---|
497 | if ((query = hash_find_request(pData, *((unsigned short *)&buf))) == NULL) {
|
---|
498 | ++late_answers;
|
---|
499 | return;
|
---|
500 | }
|
---|
501 | event_del(&query->timeout);
|
---|
502 |
|
---|
503 | hash_remove_request(pData, query);
|
---|
504 |
|
---|
505 | /* restore original query id */
|
---|
506 | memcpy(&buf[0], &query->clientid, 2);
|
---|
507 |
|
---|
508 | if (sendto(sock_query, buf, (unsigned int)byte, 0,
|
---|
509 | (struct sockaddr *)&query->client,
|
---|
510 | sizeof(struct sockaddr_in)) == -1) {
|
---|
511 | LogRel(("sendto failed: %s\n", strerror(errno)));
|
---|
512 | ++dropped_answers;
|
---|
513 | }
|
---|
514 | else
|
---|
515 | ++answered_queries;
|
---|
516 |
|
---|
517 | free(query);
|
---|
518 | #else /* VBOX */
|
---|
519 |
|
---|
520 | char *buf = NULL;
|
---|
521 | int byte = 0;
|
---|
522 | struct request *query = NULL;
|
---|
523 |
|
---|
524 | AssertPtr(pData);
|
---|
525 |
|
---|
526 | /* XXX: mbuf->data points to ??? */
|
---|
527 | byte = m->m_len;
|
---|
528 | buf = mtod(m, char *);
|
---|
529 |
|
---|
530 | /* check for minimum dns packet length */
|
---|
531 | if (byte < 12) {
|
---|
532 | LogRel(("NAT: Answer too short\n"));
|
---|
533 | ++dropped_answers;
|
---|
534 | return;
|
---|
535 | }
|
---|
536 |
|
---|
537 | /* find corresponding query (XXX: but see below) */
|
---|
538 | query = hash_find_request(pData, *((unsigned short *)buf));
|
---|
539 |
|
---|
540 | if (query == NULL)
|
---|
541 | {
|
---|
542 | /* XXX: if we haven't found anything for this request ...
|
---|
543 | * What we are expecting later?
|
---|
544 | */
|
---|
545 | ++late_answers;
|
---|
546 | so->so_expire = curtime + SO_EXPIREFAST;
|
---|
547 | Log2(("NAT: query wasn't found\n"));
|
---|
548 | return;
|
---|
549 | }
|
---|
550 |
|
---|
551 | /*
|
---|
552 | * XXX: The whole hash thing is pretty meaningless right now since
|
---|
553 | * we use a separate socket for each request, so we already know
|
---|
554 | * the answer.
|
---|
555 | *
|
---|
556 | * If the answer is not what we expect it to be, then it's
|
---|
557 | * probably a stray or malicious reply and we'd better not free a
|
---|
558 | * query owned by some other socket - that would cause
|
---|
559 | * use-after-free later on.
|
---|
560 | */
|
---|
561 | if (query != so->so_timeout_arg)
|
---|
562 | return;
|
---|
563 |
|
---|
564 | so->so_timeout = NULL;
|
---|
565 | so->so_timeout_arg = NULL;
|
---|
566 |
|
---|
567 | hash_remove_request(pData, query);
|
---|
568 |
|
---|
569 | /* restore original query id */
|
---|
570 | memcpy(&buf[0], &query->clientid, 2);
|
---|
571 |
|
---|
572 | ++answered_queries;
|
---|
573 |
|
---|
574 | RTMemFree(query);
|
---|
575 | #endif /* VBOX */
|
---|
576 | }
|
---|
577 |
|
---|
578 |
|
---|
579 | #ifdef VBOX
|
---|
580 | int
|
---|
581 | dnsproxy_init(PNATState pData)
|
---|
582 | {
|
---|
583 | /* globals initialization */
|
---|
584 | authoritative_port = 53;
|
---|
585 | authoritative_timeout = 10;
|
---|
586 | recursive_port = 53;
|
---|
587 | recursive_timeout = 2;
|
---|
588 | stats_timeout = 3600;
|
---|
589 | dns_port = 53;
|
---|
590 | return 0;
|
---|
591 | }
|
---|
592 | #else /* !VBOX */
|
---|
593 | /* main -- dnsproxy main function
|
---|
594 | */
|
---|
595 | int
|
---|
596 | main(int argc, char *argv[])
|
---|
597 | {
|
---|
598 | int ch;
|
---|
599 | struct passwd *pw = NULL;
|
---|
600 | struct sockaddr_in addr;
|
---|
601 | struct event evq, eva;
|
---|
602 | const char *config = "/etc/dnsproxy.conf";
|
---|
603 | int daemonize = 0;
|
---|
604 |
|
---|
605 | /* Process commandline arguments */
|
---|
606 | while ((ch = getopt(argc, argv, "c:dhV")) != -1) {
|
---|
607 | switch (ch) {
|
---|
608 | case 'c':
|
---|
609 | config = optarg;
|
---|
610 | break;
|
---|
611 | case 'd':
|
---|
612 | daemonize = 1;
|
---|
613 | break;
|
---|
614 | case 'V':
|
---|
615 | fprintf(stderr, PACKAGE_STRING "\n");
|
---|
616 | exit(0);
|
---|
617 | RT_FALL_THRU();
|
---|
618 | case 'h':
|
---|
619 | default:
|
---|
620 | fprintf(stderr,
|
---|
621 | "usage: dnsproxy [-c file] [-dhV]\n" \
|
---|
622 | "\t-c file Read configuration from file\n" \
|
---|
623 | "\t-d Detach and run as a daemon\n" \
|
---|
624 | "\t-h This help text\n" \
|
---|
625 | "\t-V Show version information\n");
|
---|
626 | exit(1);
|
---|
627 | }
|
---|
628 | }
|
---|
629 |
|
---|
630 | /* Parse configuration and check required parameters */
|
---|
631 | if (!parse(config))
|
---|
632 | fatal("unable to parse configuration");
|
---|
633 |
|
---|
634 | if (!authoritative || !recursive)
|
---|
635 | fatal("No authoritative or recursive server defined");
|
---|
636 |
|
---|
637 | if (!listenat)
|
---|
638 | listenat = strdup("0.0.0.0");
|
---|
639 |
|
---|
640 | /* Create and bind query socket */
|
---|
641 | if ((sock_query = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
|
---|
642 | fatal("unable to create socket: %s", strerror(errno));
|
---|
643 |
|
---|
644 | memset(&addr, 0, sizeof(struct sockaddr_in));
|
---|
645 | addr.sin_addr.s_addr = inet_addr(listenat);
|
---|
646 | addr.sin_port = htons(port);
|
---|
647 | addr.sin_family = AF_INET;
|
---|
648 |
|
---|
649 | if (bind(sock_query, (struct sockaddr *)&addr, sizeof(addr)) != 0)
|
---|
650 | fatal("unable to bind socket: %s", strerror(errno));
|
---|
651 |
|
---|
652 | /* Create and bind answer socket */
|
---|
653 | if ((sock_answer = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
|
---|
654 | fatal("unable to create socket: %s", strerror(errno));
|
---|
655 |
|
---|
656 | memset(&addr, 0, sizeof(struct sockaddr_in));
|
---|
657 | addr.sin_family = AF_INET;
|
---|
658 |
|
---|
659 | if (bind(sock_answer, (struct sockaddr *)&addr, sizeof(addr)) != 0)
|
---|
660 | fatal("unable to bind socket: %s", strerror(errno));
|
---|
661 |
|
---|
662 | /* Fill sockaddr_in structs for both servers */
|
---|
663 | memset(&authoritative_addr, 0, sizeof(struct sockaddr_in));
|
---|
664 | authoritative_addr.sin_addr.s_addr = inet_addr(authoritative);
|
---|
665 | authoritative_addr.sin_port = htons(authoritative_port);
|
---|
666 | authoritative_addr.sin_family = AF_INET;
|
---|
667 |
|
---|
668 | memset(&recursive_addr, 0, sizeof(struct sockaddr_in));
|
---|
669 | recursive_addr.sin_addr.s_addr = inet_addr(recursive);
|
---|
670 | recursive_addr.sin_port = htons(recursive_port);
|
---|
671 | recursive_addr.sin_family = AF_INET;
|
---|
672 |
|
---|
673 | /* Daemonize if requested and switch to syslog */
|
---|
674 | if (daemonize) {
|
---|
675 | if (daemon(0, 0) == -1)
|
---|
676 | fatal("unable to daemonize");
|
---|
677 | log_syslog("dnsproxy");
|
---|
678 | }
|
---|
679 |
|
---|
680 | /* Find less privileged user */
|
---|
681 | if (user) {
|
---|
682 | pw = getpwnam(user);
|
---|
683 | if (!pw)
|
---|
684 | fatal("unable to find user %s", user);
|
---|
685 | }
|
---|
686 |
|
---|
687 | /* Do a chroot if requested */
|
---|
688 | if (chrootdir) {
|
---|
689 | if (chdir(chrootdir) || chroot(chrootdir))
|
---|
690 | fatal("unable to chroot to %s", chrootdir);
|
---|
691 | chdir("/");
|
---|
692 | }
|
---|
693 |
|
---|
694 | /* Drop privileges */
|
---|
695 | if (user) {
|
---|
696 | if (setgroups(1, &pw->pw_gid) < 0)
|
---|
697 | fatal("setgroups: %s", strerror(errno));
|
---|
698 | #if defined(HAVE_SETRESGID)
|
---|
699 | if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
|
---|
700 | fatal("setresgid: %s", strerror(errno));
|
---|
701 | #elif defined(HAVE_SETREGID)
|
---|
702 | if (setregid(pw->pw_gid, pw->pw_gid) < 0)
|
---|
703 | fatal("setregid: %s", strerror(errno));
|
---|
704 | #else
|
---|
705 | if (setegid(pw->pw_gid) < 0)
|
---|
706 | fatal("setegid: %s", strerror(errno));
|
---|
707 | if (setgid(pw->pw_gid) < 0)
|
---|
708 | fatal("setgid: %s", strerror(errno));
|
---|
709 | #endif
|
---|
710 | #if defined(HAVE_SETRESUID)
|
---|
711 | if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
|
---|
712 | fatal("setresuid: %s", strerror(errno));
|
---|
713 | #elif defined(HAVE_SETREUID)
|
---|
714 | if (setreuid(pw->pw_uid, pw->pw_uid) < 0)
|
---|
715 | fatal("setreuid: %s", strerror(errno));
|
---|
716 | #else
|
---|
717 | if (seteuid(pw->pw_uid) < 0)
|
---|
718 | fatal("seteuid: %s", strerror(errno));
|
---|
719 | if (setuid(pw->pw_uid) < 0)
|
---|
720 | fatal("setuid: %s", strerror(errno));
|
---|
721 | #endif
|
---|
722 | }
|
---|
723 |
|
---|
724 | /* Init event handling */
|
---|
725 | event_init();
|
---|
726 |
|
---|
727 | event_set(&evq, sock_query, EV_READ, do_query, &evq);
|
---|
728 | event_add(&evq, NULL);
|
---|
729 |
|
---|
730 | event_set(&eva, sock_answer, EV_READ, do_answer, &eva);
|
---|
731 | event_add(&eva, NULL);
|
---|
732 |
|
---|
733 | /* Zero counters and start statistics timer */
|
---|
734 | statistics_start();
|
---|
735 |
|
---|
736 | /* Take care of signals */
|
---|
737 | if (signal(SIGINT, signal_handler) == SIG_ERR)
|
---|
738 | fatal("unable to mask signal SIGINT: %s", strerror(errno));
|
---|
739 |
|
---|
740 | if (signal(SIGTERM, signal_handler) == SIG_ERR)
|
---|
741 | fatal("unable to mask signal SIGTERM: %s", strerror(errno));
|
---|
742 |
|
---|
743 | if (signal(SIGHUP, SIG_IGN) == SIG_ERR)
|
---|
744 | fatal("unable to mask signal SIGHUP: %s", strerror(errno));
|
---|
745 |
|
---|
746 | event_sigcb = signal_event;
|
---|
747 |
|
---|
748 | /* Start libevent main loop */
|
---|
749 | event_dispatch();
|
---|
750 |
|
---|
751 | return 0;
|
---|
752 |
|
---|
753 | }
|
---|
754 | #endif
|
---|