예제 #1
0
파일: dns.c 프로젝트: vstakhov/curvedns
int dns_forward_query_tcp(event_entry_t *general_entry) {
	struct event_tcp_entry *entry = &general_entry->tcp;

	if (!ip_tcp_open(&entry->intsock, &global_target_address)) {
		debug_log(DEBUG_ERROR, "dns_forward_query_tcp(): unable to open TCP socket\n");
		goto wrong;
	}
	
	// randomizing port is not really necessary, as TCP is invulnerable to cache poisoning
	// however, the source IP address is set in ip_bind_random...
	if (!ip_bind_random(entry->intsock)) {
		// if this fails, let the kernel handle it (would mean source IP address is not guaranteed...)
		debug_log(DEBUG_WARN, "dns_forward_query_tcp(): unable to bind to source IP address and/or random port\n");
	}

	if (!ip_connect(entry->intsock, &global_target_address)) {
		debug_log(DEBUG_ERROR, "dns_forward_query_tcp(): unable to connect to authoritative name server (%s)\n", strerror(errno));
		goto wrong;
	}

	// Now generate a new TXID to forecome any poisoning:
	entry->buffer[0] = misc_crypto_random(256);
	entry->buffer[1] = misc_crypto_random(256);
	// XXX: do this platform safe (i.e. ntoh)
	entry->dns.dsttxid = (entry->buffer[0] << 8) + entry->buffer[1];

	debug_log(DEBUG_INFO, "dns_forward_query_tcp(): forwarding query to authoritative name server (prev id = %d, new id = %d)\n",
			entry->dns.srctxid, entry->dns.dsttxid);

	return 1;

wrong:
	return 0;
}
예제 #2
0
파일: dns.c 프로젝트: charlieyqin/curvedns
int dns_forward_query_udp(event_entry_t *general_entry) {
	int sock, n;
	struct event_udp_entry *entry = &general_entry->udp;

	if (!ip_udp_open(&sock, &global_target_address)) {
		debug_log(DEBUG_ERROR, "dns_forward_query_udp(): unable to open a UDP socket to forward query to authoritative server\n");
		goto wrong;
	}

	// randomize the outgoing source port and set the source IP address, if needed
	if (!ip_bind_random(sock)) {
		// if this fails, let the kernel handle it (would mean source IP address is not guaranteed...)
		debug_log(DEBUG_WARN, "dns_forward_query_udp(): unable to bind to source IP address and/or random port\n");
	}

	entry->state = EVENT_UDP_INT_WRITING;
	entry->read_int_watcher.data = general_entry;
	entry->timeout_int_watcher.data = general_entry;
	entry->retries++;

	// Now generate a new TXID to forecome any poisoning:
	entry->buffer[0] = misc_crypto_random(256);
	entry->buffer[1] = misc_crypto_random(256);
	// XXX: do this platform safe (i.e. ntoh)
	entry->dns.dsttxid = (entry->buffer[0] << 8) + entry->buffer[1];

	ev_io_init(&entry->read_int_watcher, event_udp_int_cb, sock, EV_READ);
	ev_timer_init(&entry->timeout_int_watcher, event_udp_timeout_cb, 0., global_ip_internal_timeout);

	ev_io_start(event_default_loop, &entry->read_int_watcher);
	ev_timer_again(event_default_loop, &entry->timeout_int_watcher);

	debug_log(DEBUG_INFO, "dns_forward_query_udp(): forwarding query to authoritative name server (prev id = %d, new id = %d)\n",
			(entry->dns.type == DNS_DNSCURVE_STREAMLINED || entry->dns.type == DNS_NON_DNSCURVE) ? entry->dns.srctxid : entry->dns.srcinsidetxid,
			entry->dns.dsttxid);

	n = sendto(sock, entry->buffer, entry->packetsize, MSG_DONTWAIT,
			(struct sockaddr *) &global_target_address.sa, global_target_address_len);
	if (n == -1) {
		debug_log(DEBUG_ERROR, "dns_forward_query_udp(): unable to forward the query to authoritative name server (%s)\n", strerror(errno));
		goto wrong;
	}

	return 1;

wrong:
	return 0;
}