diff -urN nstx-1.1-beta6/Makefile nstx-1.1-beta6.new/Makefile
--- nstx-1.1-beta6/Makefile 2004-06-27 23:46:38.000000000 +0200
+++ nstx-1.1-beta6.new/Makefile 2006-12-24 12:15:23.000000000 +0100
@@ -1,4 +1,4 @@
-CFLAGS += -ggdb -Wall -Werror
+CFLAGS += -ggdb -Wall -Werror -Wsign-compare
NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c
NSTXD_OBJS = ${NSTXD_SRCS:.c=.o}
diff -urN nstx-1.1-beta6/nstx_dns.c nstx-1.1-beta6.new/nstx_dns.c
--- nstx-1.1-beta6/nstx_dns.c 2004-06-27 23:43:34.000000000 +0200
+++ nstx-1.1-beta6.new/nstx_dns.c 2006-12-24 12:15:23.000000000 +0100
@@ -6,6 +6,7 @@
#include <fcntl.h>
#include <syslog.h>
#include <unistd.h>
+#include <assert.h>
#include "nstxfun.h"
#include "nstxdns.h"
@@ -58,7 +59,7 @@
* DNS-packet 'msg'. */
static char *
-decompress_label(const char *msg, int msglen, const char *lbl)
+decompress_label(const char *msg, unsigned int msglen, const char *lbl)
{
const char *ptr = lbl;
char *buf;
@@ -69,7 +70,7 @@
while ((chunklen = *ptr)) {
if (chunklen > 63) {
- if ((ptr-msg) >= (msglen-1)) {
+ if ((ptr-msg) >= ((signed int)msglen-1)) {
DEBUG("Bad pointer at end of msg");
if (buf)
free(buf);
@@ -104,13 +105,15 @@
ptr += chunklen + 1;
}
}
- buf[buflen] = 0;
- buflen++;
+ if (buf) {
+ buf[buflen] = 0;
+ buflen++;
+ }
return buf;
}
static const unsigned char *
-_cstringify(const unsigned char *data, int *dlen, int clen)
+_cstringify(const unsigned char *data, int *dlen, unsigned int clen)
{
static unsigned char *buf;
@@ -143,7 +146,7 @@
{
int len;
- len = strlen(data);
+ len = strlen((char*)data);
return _cstringify(data, &len, 63);
}
@@ -183,24 +186,24 @@
static const unsigned char *
lbl2data (const unsigned char *data, size_t len)
{
- static unsigned char *buf;
-
+ static signed char *buf = NULL;
const unsigned char *s = data;
- unsigned char *d;
- unsigned int llen;
+ signed char *d;
+ signed int llen;
d = buf = realloc(buf, len);
+ assert(d);
do
{
llen = *s++;
- if ((llen > 63) || (llen > len - (s - data)))
- return NULL;
+ if ((llen > 63) || (llen > (signed int)(len - (s - data))))
+ break;
memcpy(d, s, llen);
s += llen;
d += llen;
} while (llen);
*d = '\0';
- return buf;
+ return (const unsigned char*)buf;
}
/* New DNS-Code */
@@ -318,7 +321,7 @@
const char *ptr;
static char *fqdn;
- ptr = data2lbl(data);
+ ptr = (char*)data2lbl((unsigned char*)data);
fqdn = realloc(fqdn, strlen(ptr)+strlen(suffix)+1);
strcpy(fqdn, ptr);
strcat(fqdn, suffix);
@@ -336,8 +339,9 @@
free(buf);
off = strstr(fqdn, suffix);
- if (off)
- buf = strdup(lbl2data(fqdn, off - fqdn));
+ /* only parse if the fqdn was found, and there is more than the fqdn */
+ if (off && off != fqdn)
+ buf = strdup((char*)lbl2data((unsigned char*)fqdn, off - fqdn));
else
/* Our suffix not found... */
buf = NULL;
@@ -364,7 +368,7 @@
const char *ptr;
char *buf;
- ptr = data2txt(data, &len);
+ ptr = (char*)data2txt((unsigned char*)data, &len);
buf = malloc(len);
memcpy(buf, ptr, len);
@@ -477,7 +481,7 @@
{
offsets[i++] = ptr - buf;
rrp = _new_listitem(&pkt->query);
- rrp->data = decompress_label(buf, len, ptr);
+ rrp->data = decompress_label((char*)buf, len, (char*)ptr);
if (!rrp->data)
{
syslog(LOG_ERR, "dns_extractpkt: decompress_label choked in qd\n");
@@ -517,8 +521,9 @@
if (j < i)
rrp->link = j;
}
- ptr = _skip_lbl(ptr, &remain);
- rrp->len = ptr[8]*256+ptr[9];
+ // ptr = _skip_lbl(ptr, &remain);
+ // rrp->len = ptr[8]*256+ptr[9];
+ rrp->len = ptr[10]*256+ptr[11];
ptr += 12;
remain -= 12;
if (remain < rrp->len)
diff -urN nstx-1.1-beta6/nstx_encode.c nstx-1.1-beta6.new/nstx_encode.c
--- nstx-1.1-beta6/nstx_encode.c 2004-06-27 23:43:34.000000000 +0200
+++ nstx-1.1-beta6.new/nstx_encode.c 2006-12-24 12:15:23.000000000 +0100
@@ -30,11 +30,11 @@
void init_revmap (void)
{
- int i;
+ unsigned int i;
revmap = malloc(256);
- for (i = 0; i < strlen(map); i++)
+ for (i = 0; i < strlen((char*)map); i++)
revmap[map[i]] = i;
}
@@ -70,11 +70,11 @@
if (!revmap)
init_revmap();
- len = strlen(data)-1;
-
+ len = strlen((char*)data);
+
buf = realloc(buf, ((len+3)/4)*3);
- while (off < len) {
+ while (off+3 < len) {
buf[i+0] = (revmap[data[off]]<<2)|((revmap[data[off+1]]&48)>>4);
buf[i+1] = ((revmap[data[off+1]]&15)<<4)|((revmap[data[off+2]]&60)>>2);
buf[i+2] = ((revmap[data[off+2]]&3)<<6)|(revmap[data[off+3]]);
diff -urN nstx-1.1-beta6/nstx_pstack.c nstx-1.1-beta6.new/nstx_pstack.c
--- nstx-1.1-beta6/nstx_pstack.c 2004-06-27 23:43:34.000000000 +0200
+++ nstx-1.1-beta6.new/nstx_pstack.c 2006-12-24 12:15:23.000000000 +0100
@@ -49,7 +49,7 @@
char *netpacket;
int netpacketlen;
- if ((!ptr) || len < sizeof(struct nstxhdr))
+ if ((!ptr) || (signed int) len < (signed int) sizeof(struct nstxhdr))
return;
if (!nstxpkt->id)
diff -urN nstx-1.1-beta6/nstx_tuntap.c nstx-1.1-beta6.new/nstx_tuntap.c
--- nstx-1.1-beta6/nstx_tuntap.c 2004-06-27 23:43:34.000000000 +0200
+++ nstx-1.1-beta6.new/nstx_tuntap.c 2006-12-24 12:15:23.000000000 +0100
@@ -215,7 +215,7 @@
struct nstxmsg *nstx_select (int timeout)
{
- int peerlen;
+ unsigned peerlen;
fd_set set;
struct timeval tv;
static struct nstxmsg *ret = NULL;
diff -urN nstx-1.1-beta6/nstxcd.8 nstx-1.1-beta6.new/nstxcd.8
--- nstx-1.1-beta6/nstxcd.8 1970-01-01 01:00:00.000000000 +0100
+++ nstx-1.1-beta6.new/nstxcd.8 2006-12-24 12:15:23.000000000 +0100
@@ -0,0 +1,36 @@
+.TH NSTXCD "8" "May 2004" "nstx 1.1-beta4" "User Commands"
+.SH NAME
+nstxcd \- IP over DNS tunneling client
+
+.SH SYNOPSIS
+.B "nstxcd \fIDOMAIN\fR \fIIPADDRESS\fR"
+
+.SH DESCRIPTION
+.B nstxcd
+tunnels IP packets over DNS, allowing them to be sent to a server without
+any protocols other than DNS being used.
+
+.SH OPTIONS
+.B nstxcd
+takes the following options:
+.IP "domain"
+The domain that nstxcd will send requests to. This domain must be delegated
+to a machine that is running nstxd.
+.IP "IP address"
+The IP address of a DNS server that can be reached from the current machine.
+
+.SH USAGE
+.Bnstxcd
+should be run against a domain that has been delegated to a machine running
+nstxd. It will then take any packets that are sent to the tun0 interface and
+send them over DNS to the other tunnel endpoint. Responses will appear on
+the tun0 interface.
+
+.SH AUTHORS
+
+.IP
+Florian Heinz <sky@sysv.de>
+.IP
+Julien Oster <frodo@sysv.de>
+.IP
+http://nstx.dereference.de/nstx/
diff -urN nstx-1.1-beta6/nstxcd.c nstx-1.1-beta6.new/nstxcd.c
--- nstx-1.1-beta6/nstxcd.c 2004-06-27 23:43:34.000000000 +0200
+++ nstx-1.1-beta6.new/nstxcd.c 2006-12-24 12:15:23.000000000 +0100
@@ -63,7 +63,7 @@
int main (int argc, char * argv[]) {
struct nstxmsg *msg;
const char *device = NULL;
- char ch;
+ int ch;
nsid = time(NULL);
@@ -110,11 +110,11 @@
const char *data;
int datalen;
- pkt = dns_extractpkt (reply, len);
+ pkt = dns_extractpkt ((unsigned char*)reply, len);
if (!pkt)
return;
while ((data = dns_getanswerdata(pkt, &datalen))) {
- data = txt2data(data, &datalen);
+ data = (char*)txt2data((unsigned char*)data, &datalen);
nstx_handlepacket (data, datalen, &sendtun);
}
dequeueitem(pkt->id);
@@ -159,9 +159,9 @@
data += l;
datalen -= l;
- dns_addquery(pkt, dns_data2fqdn(nstx_encode(p, sizeof(nh)+l)));
+ dns_addquery(pkt, dns_data2fqdn(nstx_encode((unsigned char*)p, sizeof(nh)+l)));
free(p);
- p = dns_constructpacket(pkt, &l);
+ p = (char*)dns_constructpacket(pkt, &l);
sendns(p, l, NULL);
free(p);
diff -urN nstx-1.1-beta6/nstxd.8 nstx-1.1-beta6.new/nstxd.8
--- nstx-1.1-beta6/nstxd.8 1970-01-01 01:00:00.000000000 +0100
+++ nstx-1.1-beta6.new/nstxd.8 2006-12-24 12:15:23.000000000 +0100
@@ -0,0 +1,47 @@
+.TH NSTXD "7" "Mar 2005" "nstx 1.1-beta6" "User Commands"
+.SH NAME
+nstxd \- IP over DNS tunneling daemon
+
+.SH SYNOPSIS
+.B "nstxd \fIOPTION\fR \fIDOMAIN\fR"
+
+.SH DESCRIPTION
+.B nstxd
+listens for well formed DNS requests and translates them into IP packets.
+Responses are sent in the form of DNS replies. This allows clients to
+tunnel IP packets over the DNS protocol.
+
+.SH OPTIONS
+.B nstxd
+takes the following option:
+.IP \-d tun-device
+Use this tun device instead of tun0
+.IP \-i ipaddr
+Bind to this IP address rather than every available address
+.IP \-C dir
+Chroot to this directory on startup
+.IP \-D
+Daemonize on startup
+.IP \-g
+Switch on debug messages
+.IP \-u user
+Run as the following user
+.IP "domain"
+The domain that nstxd will listen to requests for. This should be a domain
+that is delegated to the machine running nstxd.
+
+.SH USAGE
+A domain should be delegated to the machine that will run nstxd. nstxd should
+then be run giving that domain as the only argument. nstxd will then listen
+for requests and translate them into IP packets that will appear on the tun0
+interface. Packets sent to the tun0 interface will be transferred back to
+the client as DNS answers.
+
+.SH AUTHORS
+
+.IP
+Florian Heinz <sky@sysv.de>
+.IP
+Julien Oster <frodo@sysv.de>
+.IP
+http://nstx.dereference.de/nstx/
diff -urN nstx-1.1-beta6/nstxd.c nstx-1.1-beta6.new/nstxd.c
--- nstx-1.1-beta6/nstxd.c 2004-06-27 23:55:17.000000000 +0200
+++ nstx-1.1-beta6.new/nstxd.c 2006-12-24 12:15:23.000000000 +0100
@@ -67,7 +67,7 @@
}
int main (int argc, char *argv[]) {
- char ch;
+ signed char ch;
const char *device = NULL, *dir = NULL;
in_addr_t bindto = INADDR_ANY;
uid_t uid = 0;
@@ -172,7 +172,7 @@
dns_setid(pkt, q->id);
dns_settype(pkt, DNS_RESPONSE);
dns_addanswer(pkt, "\xb4\x00\x00\x00", 4, dns_addquery(pkt, q->name));
- buf = dns_constructpacket (pkt, &len);
+ buf = (char*)dns_constructpacket (pkt, &len);
sendns(buf, len, &q->peer);
free(buf);
}
@@ -188,7 +188,7 @@
if (msg) {
if (msg->src == FROMNS) {
- pkt = dns_extractpkt(msg->data, msg->len);
+ pkt = dns_extractpkt((unsigned char*)msg->data, msg->len);
if (pkt)
{
name = dns_getquerydata(pkt);
@@ -198,7 +198,7 @@
name);
queueitem(pkt->id, name, &msg->peer);
if ((data = dns_fqdn2data(name)) &&
- (buf = nstx_decode(data, &len)))
+ (buf = nstx_decode((unsigned char*)data, &len)))
{
nstx_handlepacket(buf, len, &sendtun);
}
@@ -220,7 +220,7 @@
len = dns_getfreespace(pkt, DNS_RESPONSE);
buf = dequeue_senditem(&len);
dns_addanswer(pkt, buf, len, link);
- buf = dns_constructpacket(pkt, &len);
+ buf = (char*)dns_constructpacket(pkt, &len);
sendns(buf, len, &qitem->peer);
}
timeoutqueue(do_timeout);