diff options
author | Gert Doering <gert@greenie.muc.de> | 2013-11-17 15:30:20 +0100 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2014-01-09 11:29:51 +0100 |
commit | 7de8f3f322c1a1c13022a0243267624930dac5c9 (patch) | |
tree | 4815607d2c7d00a9f2c140a9b74fa512c6d46364 | |
parent | 1aac9a0b7a4046822a0134cd8693a828f2e16576 (diff) | |
download | openvpn-7de8f3f322c1a1c13022a0243267624930dac5c9.tar.gz openvpn-7de8f3f322c1a1c13022a0243267624930dac5c9.tar.xz openvpn-7de8f3f322c1a1c13022a0243267624930dac5c9.zip |
Make code and documentation for --remote-random-hostname consistent.
Documentation examples, description and code were disagreeing on what
this option actually does. Now they will all agree that it will
*prepend* a random-byte string to the hostname name before resolving
to work around DNS caching (needs a "*" wildcard record in the zone).
Fix trac #143
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1384698620-27946-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7999
-rw-r--r-- | doc/openvpn.8 | 2 | ||||
-rw-r--r-- | src/openvpn/misc.c | 27 |
2 files changed, 10 insertions, 19 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 3df7a6f..7736c63 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -274,7 +274,7 @@ failover capability. .\"********************************************************* .TP .B \-\-remote-random-hostname -Add a random string (6 characters) to first DNS label of hostname to prevent +Prepend a random string (6 bytes, 12 hex characters) to hostname to prevent DNS caching. For example, "foo.bar.gov" would be modified to "<random-chars>.foo.bar.gov". .\"********************************************************* diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 4688444..7483184 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -926,32 +926,23 @@ create_temp_file (const char *directory, const char *prefix, struct gc_arena *gc } /* - * Add a random string to first DNS label of hostname to prevent DNS caching. + * Prepend a random string to hostname to prevent DNS caching. * For example, foo.bar.gov would be modified to <random-chars>.foo.bar.gov. - * Of course, this requires explicit support in the DNS server. + * Of course, this requires explicit support in the DNS server (wildcard). */ const char * hostname_randomize(const char *hostname, struct gc_arena *gc) { # define n_rnd_bytes 6 - char *hst = string_alloc(hostname, gc); - char *dot = strchr(hst, '.'); + uint8_t rnd_bytes[n_rnd_bytes]; + const char *rnd_str; + struct buffer hname = alloc_buf_gc (strlen(hostname)+sizeof(rnd_bytes)*2+4, gc); - if (dot) - { - uint8_t rnd_bytes[n_rnd_bytes]; - const char *rnd_str; - struct buffer hname = alloc_buf_gc (strlen(hostname)+sizeof(rnd_bytes)*2+4, gc); - - *dot++ = '\0'; - prng_bytes (rnd_bytes, sizeof (rnd_bytes)); - rnd_str = format_hex_ex (rnd_bytes, sizeof (rnd_bytes), 40, 0, NULL, gc); - buf_printf(&hname, "%s-0x%s.%s", hst, rnd_str, dot); - return BSTR(&hname); - } - else - return hostname; + prng_bytes (rnd_bytes, sizeof (rnd_bytes)); + rnd_str = format_hex_ex (rnd_bytes, sizeof (rnd_bytes), 40, 0, NULL, gc); + buf_printf(&hname, "%s.%s", rnd_str, hostname); + return BSTR(&hname); # undef n_rnd_bytes } |