The destination field in struct query was changed from in_addr_t to
struct sockaddr_storage, wihtout updating the functions sending it
in src/dns.c.
Only add extra A answer for NS queries if destination refers to an
IPv4 address, and fail if trying to encode a reply to an A query
if destination is not IPv4.
This means NS requests received over IPv6 will not contain an address
and A requests will be ignored, unless the -n option is used, or the
www subdomain is requested which sets a fixed address (127.0.0.1).
Why not using constant bools?
Much simpler than complex function calls, that eventually return
constant values.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
Get rid of unique header files for each encoder, consolidate them to
where they are actually needed: encoding.h.
This also simplifies the generation of the base64u decoder, as its
header file does not need to be generated any longer.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
iodine does not seem to follow any styling guidelines (mixture of
different function prototypes, ...). So let's introduce some. This
will improve overall code quality and readability.
Additionally, warnings will improve code quality as well. Let's turn on
very pedantic warnings, and fix everything where the compiler barks
back.
Introduce the following function definition scheme:
type function_name(type name, type1 name1 ...)
{
}
This allows us to copy and paste the definition to the declaration by
selecting one single line.
Furthermore, limit line length to 80 characters.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
Like other unix tools: don't print application output, if the user asks
intentionally for help.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
There is no value in printing the usage in this case, as the usage
doesn't give the user any hint on how to solve this issue.
Furthermore, replace the Windows implementation with an empty inline
function, which will result in no code.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
Server will by default listen on both IPv4 and IPv6.
No way to only listen on one protocol right now.
Use -L to only listen on a specific v6 address.
IP address to use for raw mode is still IPv4 only.
Use -n on server to make raw mode work from IPv6 clients,
then they will get an IPv4 address from the server for raw mode.
Tunnel data is still IPv4.
Add a struct with multiple dns file descriptors (for IPv4 and IPv6)
and pass this to required areas. Choose which descriptor to use when
sending by looking at the destination address family.
"Permission to use, copy, modify, and distribute this software" is now
"Permission to use, copy, modify, and/or distribute this software".
Add license header to source files missing one.
The client could bypass the password check by continuing after getting error
from the server and guessing the network parameters. The server would still
accept the rest of the setup and also network traffic.
Add checks for normal and raw mode that user has authenticated before allowing
any other communication.
Problem found by Oscar Reparaz.