mirror of https://github.com/yarrick/iodine.git
Added -c flag to disable IP/port checking in each request
This commit is contained in:
Erik Ekman
Erik Ekman
parent
06f60e2a3b
commit
0d3494ae78
|
|
@ -12,6 +12,8 @@ CHANGES:
|
|||
- Applied a security patch from Andrew Griffiths, use setgroups() to
|
||||
limit the groups of the user
|
||||
- Applied a patch to make iodine work on (Open)Solaris, from Albert Lee
|
||||
- Added option in server (-c) to disable IP/port checking on each packet,
|
||||
will hopefully help when server is behind NAT
|
||||
|
||||
2007-11-30: 0.4.1 "Tea Online"
|
||||
- Introduced encoding API
|
||||
|
|
|
|||
16
man/iodine.8
16
man/iodine.8
|
|
@ -1,5 +1,5 @@
|
|||
.\" groff -man -Tascii iodine.8
|
||||
.TH IODINE 8 "JUN 2007" "User Manuals"
|
||||
.TH IODINE 8 "JUL 2008" "User Manuals"
|
||||
.SH NAME
|
||||
iodine, iodined \- tunnel IPv4 over DNS
|
||||
.SH SYNOPSIS
|
||||
|
|
@ -25,7 +25,7 @@ iodine, iodined \- tunnel IPv4 over DNS
|
|||
|
||||
.B iodined [-h]
|
||||
|
||||
.B iodined [-f] [-s] [-u
|
||||
.B iodined [-c] [-s] [-f] [-u
|
||||
.I user
|
||||
.B ] [-P
|
||||
.I password
|
||||
|
|
@ -62,10 +62,6 @@ Print usage info and exit.
|
|||
.B -f
|
||||
Keep running in foreground.
|
||||
.TP
|
||||
.B -s
|
||||
Don't try to configure IP address or MTU. This should only be used if
|
||||
you have already configured the device that will be used.
|
||||
.TP
|
||||
.B -u user
|
||||
Drop privileges and run as user 'user' after setting up tunnel.
|
||||
.TP
|
||||
|
|
@ -82,6 +78,14 @@ Use the TUN device 'device' instead of the normal one, which is dnsX on Linux
|
|||
and otherwise tunX.
|
||||
.SS Server Options:
|
||||
.TP
|
||||
.B -c
|
||||
Disable checks on client IP and port on all incoming requests.
|
||||
This might help if server is behind a NAT firewall.
|
||||
.TP
|
||||
.B -s
|
||||
Don't try to configure IP address or MTU. This should only be used if
|
||||
you have already configured the device that will be used.
|
||||
.TP
|
||||
.B -m mtu
|
||||
Set 'mtu' as mtu size for the tunnel device. This will be sent to the client
|
||||
on connect, and the client will use the same mtu.
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ static char *topdomain;
|
|||
static char password[33];
|
||||
static struct encoder *b32;
|
||||
|
||||
static int check_ip;
|
||||
static int my_mtu;
|
||||
static in_addr_t my_ip;
|
||||
|
||||
|
|
@ -191,8 +192,8 @@ tunnel_dns(int tun_fd, int dns_fd)
|
|||
users[userid].last_pkt = time(NULL);
|
||||
login_calculate(logindata, 16, password, users[userid].seed);
|
||||
|
||||
if (dummy.q.fromlen != users[userid].addrlen ||
|
||||
memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0) {
|
||||
if (check_ip && (dummy.q.fromlen != users[userid].addrlen ||
|
||||
memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0)) {
|
||||
write_dns(dns_fd, &(dummy.q), "BADIP", 5);
|
||||
} else {
|
||||
if (read >= 18 && (memcmp(logindata, unpacked+1, 16) == 0)) {
|
||||
|
|
@ -248,8 +249,8 @@ tunnel_dns(int tun_fd, int dns_fd)
|
|||
}
|
||||
|
||||
/* Check sending ip number */
|
||||
if (dummy.q.fromlen != users[userid].addrlen ||
|
||||
memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0) {
|
||||
if (check_ip && (dummy.q.fromlen != users[userid].addrlen ||
|
||||
memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0)) {
|
||||
write_dns(dns_fd, &(dummy.q), "BADIP", 5);
|
||||
} else {
|
||||
/* decode with this users encoding */
|
||||
|
|
@ -402,7 +403,7 @@ static void
|
|||
usage() {
|
||||
extern char *__progname;
|
||||
|
||||
printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
|
||||
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
|
||||
"[-l ip address to listen on] [-p port] [-P password]"
|
||||
" tunnel_ip topdomain\n", __progname);
|
||||
exit(2);
|
||||
|
|
@ -413,11 +414,13 @@ help() {
|
|||
extern char *__progname;
|
||||
|
||||
printf("iodine IP over DNS tunneling server\n");
|
||||
printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
|
||||
printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
|
||||
"[-l ip address to listen on] [-p port] [-P password]"
|
||||
" tunnel_ip topdomain\n", __progname);
|
||||
printf(" -v to print version info and exit\n");
|
||||
printf(" -h to print this help and exit\n");
|
||||
printf(" -c to disable check of client IP/port on each request\n");
|
||||
printf(" -s to skip creating and configuring the tun device which then has to be created manually\n");
|
||||
printf(" -f to keep running in foreground\n");
|
||||
printf(" -u name to drop privileges and run as user 'name'\n");
|
||||
printf(" -t dir to chroot to directory dir\n");
|
||||
|
|
@ -463,6 +466,7 @@ main(int argc, char **argv)
|
|||
mtu = 1024;
|
||||
listen_ip = INADDR_ANY;
|
||||
port = 53;
|
||||
check_ip = 1;
|
||||
skipipconfig = 0;
|
||||
|
||||
b32 = get_base32_encoder();
|
||||
|
|
@ -478,11 +482,14 @@ main(int argc, char **argv)
|
|||
memset(password, 0, sizeof(password));
|
||||
srand(time(NULL));
|
||||
|
||||
while ((choice = getopt(argc, argv, "vsfhu:t:d:m:l:p:P:")) != -1) {
|
||||
while ((choice = getopt(argc, argv, "vcsfhu:t:d:m:l:p:P:")) != -1) {
|
||||
switch(choice) {
|
||||
case 'v':
|
||||
version();
|
||||
break;
|
||||
case 'c':
|
||||
check_ip = 0;
|
||||
break;
|
||||
case 's':
|
||||
skipipconfig = 1;
|
||||
break;
|
||||
|
|
|
|||
Loading…
Reference in New Issue