diff --git a/src/Cedar/Cedar.h b/src/Cedar/Cedar.h index fc730a57..558380f9 100644 --- a/src/Cedar/Cedar.h +++ b/src/Cedar/Cedar.h @@ -138,7 +138,7 @@ #define CEDAR_VER 424 // Build Number -#define CEDAR_BUILD 9651 +#define CEDAR_BUILD 9652 // Beta number //#define BETA_NUMBER 3 @@ -158,11 +158,11 @@ // Specifies the build date #define BUILD_DATE_Y 2017 -#define BUILD_DATE_M 10 -#define BUILD_DATE_D 23 -#define BUILD_DATE_HO 1 -#define BUILD_DATE_MI 4 -#define BUILD_DATE_SE 19 +#define BUILD_DATE_M 12 +#define BUILD_DATE_D 21 +#define BUILD_DATE_HO 10 +#define BUILD_DATE_MI 34 +#define BUILD_DATE_SE 43 // Tolerable time difference #define ALLOW_TIMESTAMP_DIFF (UINT64)(3 * 24 * 60 * 60 * 1000) diff --git a/src/Cedar/IPsec_IkePacket.c b/src/Cedar/IPsec_IkePacket.c index 81f61257..c02e3c04 100644 --- a/src/Cedar/IPsec_IkePacket.c +++ b/src/Cedar/IPsec_IkePacket.c @@ -3055,7 +3055,7 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT // Generation of data 2 data2_size = h->HashSize + hmac_block_size; - for (i = 0;i < HMAC_BLOCK_SIZE;i++) + for (i = 0;i < hmac_block_size;i++) { data2[i] = k[i] ^ 0x5c; } diff --git a/src/Cedar/Logging.c b/src/Cedar/Logging.c index 310d9523..58d6d50a 100644 --- a/src/Cedar/Logging.c +++ b/src/Cedar/Logging.c @@ -1307,6 +1307,11 @@ UINT CalcPacketLoggingLevelEx(HUB_LOG *g, PKT *packet) // OpenVPN connection request ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]); break; + + case L7_DNS: + // DNS request + ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]); + break; } break; @@ -1354,6 +1359,11 @@ UINT CalcPacketLoggingLevelEx(HUB_LOG *g, PKT *packet) // OpenVPN connection request ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]); break; + + case L7_DNS: + // DNS request + ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]); + break; } break; @@ -1759,6 +1769,13 @@ char *PacketLogParseProc(RECORD *rec) } break; + case L7_DNS: + // DNS query + t->Token[6] = CopyStr("DNSv4"); + t->Token[7] = CopyStr("DNS_Query"); + t->Token[14] = CopyStr(p->DnsQueryHost); + break; + default: // Unknown Packet t->Token[6] = CopyStr("UDPv4"); @@ -2024,6 +2041,13 @@ char *PacketLogParseProc(RECORD *rec) } break; + case L7_DNS: + // DNS query + t->Token[6] = CopyStr("DNSv6"); + t->Token[7] = CopyStr("DNS_Query"); + t->Token[14] = CopyStr(p->DnsQueryHost); + break; + default: t->Token[6] = CopyStr("UDPv6"); break; diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index 6e7f3c56..2a100ecb 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -924,7 +924,7 @@ void SiWriteSysLog(SERVER *s, char *typestr, char *hubname, wchar_t *message) // Date and time LocalTime(&st); if(s->StrictSyslogDatetimeFormat){ - GetDateTimeStrRFC3164(datetime, sizeof(datetime), &st, GetCurrentTimezone()); + GetDateTimeStrRFC3339(datetime, sizeof(datetime), &st, GetCurrentTimezone()); }else{ GetDateTimeStrMilli(datetime, sizeof(datetime), &st); } diff --git a/src/Cedar/Virtual.c b/src/Cedar/Virtual.c index 4d25efcc..7cf3b840 100644 --- a/src/Cedar/Virtual.c +++ b/src/Cedar/Virtual.c @@ -6955,104 +6955,6 @@ NAT_ENTRY *CreateNatDns(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT de return n; } -// Get the next byte -UCHAR GetNextByte(BUF *b) -{ - UCHAR c = 0; - // Validate arguments - if (b == NULL) - { - return 0; - } - - if (ReadBuf(b, &c, 1) != 1) - { - return 0; - } - - return c; -} - -// Interpret the DNS query -bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size) -{ - BUF *b; - char tmp[257]; - bool ok = true; - USHORT val; - // Validate arguments - if (name == NULL || data == NULL || data_size == 0) - { - return false; - } - StrCpy(name, name_size, ""); - - b = NewBuf(); - WriteBuf(b, data, data_size); - SeekBuf(b, 0, 0); - - while (true) - { - UINT next_len = (UINT)GetNextByte(b); - if (next_len > 0) - { - // Read only the specified length - Zero(tmp, sizeof(tmp)); - if (ReadBuf(b, tmp, next_len) != next_len) - { - ok = false; - break; - } - // Append - if (StrLen(name) != 0) - { - StrCat(name, name_size, "."); - } - StrCat(name, name_size, tmp); - } - else - { - // Read all - break; - } - } - - if (ReadBuf(b, &val, sizeof(val)) != sizeof(val)) - { - ok = false; - } - else - { - if (Endian16(val) != 0x01 && Endian16(val) != 0x0c) - { - ok = false; - } - } - - if (ReadBuf(b, &val, sizeof(val)) != sizeof(val)) - { - ok = false; - } - else - { - if (Endian16(val) != 0x01) - { - ok = false; - } - } - - FreeBuf(b); - - if (ok == false || StrLen(name) == 0) - { - return false; - } - else - { - return true; - } -} - // Set the VGS host name void SetDnsProxyVgsHostname(char *hostname) { diff --git a/src/Cedar/Virtual.h b/src/Cedar/Virtual.h index 680f9354..780658a3 100644 --- a/src/Cedar/Virtual.h +++ b/src/Cedar/Virtual.h @@ -594,9 +594,7 @@ void SendTcp(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, UI void DnsProxy(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size); bool ParseDnsPacket(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size); bool ParseDnsPacketEx(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size, DNS_PARSED_PACKET *parsed_result); -bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size); void SetDnsProxyVgsHostname(char *hostname); -UCHAR GetNextByte(BUF *b); bool NatTransactDns(VH *v, NAT_ENTRY *n); void NatDnsThread(THREAD *t, void *param); bool NatGetIP(IP *ip, char *hostname); diff --git a/src/CurrentBuild.txt b/src/CurrentBuild.txt index 1ca6889d..da37d18d 100644 --- a/src/CurrentBuild.txt +++ b/src/CurrentBuild.txt @@ -1,4 +1,4 @@ -BUILD_NUMBER 9651 +BUILD_NUMBER 9652 VERSION 424 BUILD_NAME beta -BUILD_DATE 20171023_010419 +BUILD_DATE 20171221_103443 diff --git a/src/Mayaqua/Kernel.c b/src/Mayaqua/Kernel.c index 3570d2dc..7b97bade 100644 --- a/src/Mayaqua/Kernel.c +++ b/src/Mayaqua/Kernel.c @@ -1631,8 +1631,8 @@ void GetDateTimeStrMilli(char *str, UINT size, SYSTEMTIME *st) st->wMilliseconds); } -// Get the date and time string in RFC3164 format (example: 2017-09-27T18:25:55.434-9:00) -void GetDateTimeStrRFC3164(char *str, UINT size, SYSTEMTIME *st, int timezone_min){ +// Get the date and time string in RFC3339 format (example: 2017-09-27T18:25:55.434-9:00) +void GetDateTimeStrRFC3339(char *str, UINT size, SYSTEMTIME *st, int timezone_min){ // Validate arguments if (str == NULL || st == NULL) { diff --git a/src/Mayaqua/Kernel.h b/src/Mayaqua/Kernel.h index 898262a8..2f126978 100644 --- a/src/Mayaqua/Kernel.h +++ b/src/Mayaqua/Kernel.h @@ -248,7 +248,7 @@ void GetTimeStrEx64(wchar_t *str, UINT size, UINT64 sec64, LOCALE *locale); void GetDateStrEx64(wchar_t *str, UINT size, UINT64 sec64, LOCALE *locale); void GetTimeStrMilli64(char *str, UINT size, UINT64 sec64); void GetTimeStr64(char *str, UINT size, UINT64 sec64); -void GetDateTimeStrRFC3164(char *str, UINT size, SYSTEMTIME *st, int timezone_min); +void GetDateTimeStrRFC3339(char *str, UINT size, SYSTEMTIME *st, int timezone_min); UINT64 SafeTime64(UINT64 sec64); bool Run(char *filename, char *arg, bool hide, bool wait); bool RunW(wchar_t *filename, wchar_t *arg, bool hide, bool wait); diff --git a/src/Mayaqua/TcpIp.c b/src/Mayaqua/TcpIp.c index 445a5b55..ba455edc 100644 --- a/src/Mayaqua/TcpIp.c +++ b/src/Mayaqua/TcpIp.c @@ -1688,6 +1688,10 @@ PKT *ClonePacket(PKT *p, bool copy_data) ret->L7.IkeHeader = MallocFast(sizeof(IKE_HEADER)); Copy(ret->L7.IkeHeader, p->L7.IkeHeader, sizeof(IKE_HEADER)); break; + + case L7_DNS: + StrCpy(ret->DnsQueryHost, sizeof(ret->DnsQueryHost), p->DnsQueryHost); + break; } // Address data @@ -1845,12 +1849,13 @@ PKT *ParsePacketEx4(UCHAR *buf, UINT size, bool no_l3, UINT vlan_type_id, bool b USHORT port_raw = Endian16(80); USHORT port_raw2 = Endian16(8080); USHORT port_raw3 = Endian16(443); + USHORT port_raw4 = Endian16(3128); // Analyze if the packet is a part of HTTP if ((p->TypeL3 == L3_IPV4 || p->TypeL3 == L3_IPV6) && p->TypeL4 == L4_TCP) { TCP_HEADER *tcp = p->L4.TCPHeader; - if (tcp != NULL && (tcp->DstPort == port_raw || tcp->DstPort == port_raw2) && + if (tcp != NULL && (tcp->DstPort == port_raw || tcp->DstPort == port_raw2 || tcp->DstPort == port_raw4) && (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN)))) { if (p->PayloadSize >= 1) @@ -3010,6 +3015,148 @@ bool ParseTCP(PKT *p, UCHAR *buf, UINT size) return true; } +// Get the next byte +UCHAR GetNextByte(BUF *b) +{ + UCHAR c = 0; + // Validate arguments + if (b == NULL) + { + return 0; + } + + if (ReadBuf(b, &c, 1) != 1) + { + return 0; + } + + return c; +} + +// Interpret the DNS query +bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size) +{ + BUF *b; + char tmp[257]; + bool ok = true; + USHORT val; + // Validate arguments + if (name == NULL || data == NULL || data_size == 0) + { + return false; + } + StrCpy(name, name_size, ""); + + b = NewBuf(); + WriteBuf(b, data, data_size); + SeekBuf(b, 0, 0); + + while (true) + { + UINT next_len = (UINT)GetNextByte(b); + if (next_len > 0) + { + // Read only the specified length + Zero(tmp, sizeof(tmp)); + if (ReadBuf(b, tmp, next_len) != next_len) + { + ok = false; + break; + } + // Append + if (StrLen(name) != 0) + { + StrCat(name, name_size, "."); + } + StrCat(name, name_size, tmp); + } + else + { + // Read all + break; + } + } + + if (ReadBuf(b, &val, sizeof(val)) != sizeof(val)) + { + ok = false; + } + else + { + if (Endian16(val) != 0x01 && Endian16(val) != 0x0c) + { + ok = false; + } + } + + if (ReadBuf(b, &val, sizeof(val)) != sizeof(val)) + { + ok = false; + } + else + { + if (Endian16(val) != 0x01) + { + ok = false; + } + } + + FreeBuf(b); + + if (ok == false || StrLen(name) == 0) + { + return false; + } + else + { + return true; + } +} + +// DNS parsing +void ParseDNS(PKT *p, UCHAR *buf, UINT size) +{ + UCHAR *query_data; + UINT query_data_size; + DNSV4_HEADER *dns; + char hostname[MAX_SIZE]; + if (p == NULL|| buf == NULL) + { + return; + } + + if (size < sizeof(DNSV4_HEADER)) + { + return; + } + + dns = (DNSV4_HEADER *)buf; + + if ((dns->Flag1 & 78) != 0 || (dns->Flag1 & 0x80) != 0) + { + // Illegal opcode + return; + } + if (Endian16(dns->NumQuery) != 1) + { + // Number of queries is invalid + return; + } + + query_data = ((UCHAR *)dns) + sizeof(DNSV4_HEADER); + query_data_size = size - sizeof(DNSV4_HEADER); + + // Interpret the query + if (ParseDnsQuery(hostname, sizeof(hostname), query_data, query_data_size) == false) + { + // Interpretation fails + return; + } + + StrCpy(p->DnsQueryHost, sizeof(p->DnsQueryHost), hostname); + p->TypeL7 = L7_DNS; +} + // UDP parsing bool ParseUDP(PKT *p, UCHAR *buf, UINT size) { @@ -3053,6 +3200,12 @@ bool ParseUDP(PKT *p, UCHAR *buf, UINT size) } } + if (dst_port == 53) + { + ParseDNS(p, buf, size); + return true; + } + if (src_port == 500 || dst_port == 500 || src_port == 4500 || dst_port == 4500) { if (p->PayloadSize >= sizeof(IKE_HEADER)) diff --git a/src/Mayaqua/TcpIp.h b/src/Mayaqua/TcpIp.h index f9bec14d..e1969568 100644 --- a/src/Mayaqua/TcpIp.h +++ b/src/Mayaqua/TcpIp.h @@ -705,6 +705,7 @@ struct PKT UCHAR *Payload; // Pointer to the payload of TCP or UDP UINT PayloadSize; // Payload size struct HTTPLOG *HttpLog; // HTTP log + char DnsQueryHost[64]; // DNS hostname } GCC_PACKED; // Layer-3 packet classification @@ -728,6 +729,7 @@ struct PKT #define L7_DHCPV4 1 // DHCPv4 packet #define L7_IKECONN 2 // IKE connection request packet #define L7_OPENVPNCONN 3 // OpenVPN connection request packet +#define L7_DNS 4 // DNS packet // IKE header @@ -869,6 +871,7 @@ bool ParseICMPv6(PKT *p, UCHAR *buf, UINT size); bool ParseTCP(PKT *p, UCHAR *buf, UINT size); bool ParseUDP(PKT *p, UCHAR *buf, UINT size); void ParseDHCPv4(PKT *p, UCHAR *buf, UINT size); +void ParseDNS(PKT *p, UCHAR *buf, UINT size); PKT *ClonePacket(PKT *p, bool copy_data); void FreeClonePacket(PKT *p); @@ -901,6 +904,8 @@ void FreeDHCPv4Data(DHCPV4_DATA *d); bool AdjustTcpMssL3(UCHAR *src, UINT src_size, UINT mss); bool AdjustTcpMssL2(UCHAR *src, UINT src_size, UINT mss, USHORT tag_vlan_tpid); UINT GetIpHeaderSize(UCHAR *src, UINT src_size); +bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size); +UCHAR GetNextByte(BUF *b); bool IsDhcpPacketForSpecificMac(UCHAR *data, UINT size, UCHAR *mac_address); diff --git a/src/bin/vpnweb.cab b/src/bin/vpnweb.cab index cea3ca24..ca1ccb2a 100644 Binary files a/src/bin/vpnweb.cab and b/src/bin/vpnweb.cab differ diff --git a/src/bin/vpnweb.ocx b/src/bin/vpnweb.ocx index 8f5dfe66..0e012e23 100644 Binary files a/src/bin/vpnweb.ocx and b/src/bin/vpnweb.ocx differ diff --git a/src/vpnweb/vpnweb.h b/src/vpnweb/vpnweb.h index 378e0cf0..52df4f12 100644 --- a/src/vpnweb/vpnweb.h +++ b/src/vpnweb/vpnweb.h @@ -4,7 +4,7 @@ /* File created by MIDL compiler version 7.00.0500 */ -/* at Mon Oct 23 01:04:35 2017 +/* at Thu Dec 21 10:34:58 2017 */ /* Compiler settings for .\vpnweb.idl: Oicf, W1, Zp8, env=Win32 (32b run) diff --git a/src/vpnweb/vpnweb_i.c b/src/vpnweb/vpnweb_i.c index 0edd81e1..16c14b71 100644 --- a/src/vpnweb/vpnweb_i.c +++ b/src/vpnweb/vpnweb_i.c @@ -6,7 +6,7 @@ /* File created by MIDL compiler version 7.00.0500 */ -/* at Mon Oct 23 01:04:35 2017 +/* at Thu Dec 21 10:34:58 2017 */ /* Compiler settings for .\vpnweb.idl: Oicf, W1, Zp8, env=Win32 (32b run) diff --git a/src/vpnweb/vpnweb_p.c b/src/vpnweb/vpnweb_p.c index 2dd41cc5..2fcbda11 100644 --- a/src/vpnweb/vpnweb_p.c +++ b/src/vpnweb/vpnweb_p.c @@ -4,7 +4,7 @@ /* File created by MIDL compiler version 7.00.0500 */ -/* at Mon Oct 23 01:04:35 2017 +/* at Thu Dec 21 10:34:58 2017 */ /* Compiler settings for .\vpnweb.idl: Oicf, W1, Zp8, env=Win32 (32b run)