From 8e9666d57550398eabd619b34d90ec69d69eb218 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Sat, 22 Aug 2009 18:29:20 +0000
Subject: Added --remote-random-hostname option.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4843 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 misc.c | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'misc.c')

diff --git a/misc.c b/misc.c
index d9735bc..33e6762 100644
--- a/misc.c
+++ b/misc.c
@@ -1186,6 +1186,44 @@ create_temp_filename (const char *directory, const char *prefix, struct gc_arena
   return gen_path (directory, BSTR (&fname), gc);
 }
 
+/*
+ * Add a random string to first DNS label of hostname to prevent DNS caching.
+ * For example, foo.bar.gov would be modified to <random-chars>.foo.bar.gov.
+ * Of course, this requires explicit support in the DNS server.
+ */
+const char *
+hostname_randomize(const char *hostname, struct gc_arena *gc)
+{
+  const int n_rnd_bytes = 6;
+
+  char *hst = string_alloc(hostname, gc);
+  char *dot = strchr(hst, '.');
+
+  if (dot)
+    {
+      uint8_t rnd_bytes[n_rnd_bytes];
+      const char *rnd_str;
+      struct buffer hname = alloc_buf_gc (strlen(hostname)+sizeof(rnd_bytes)*2+4, gc);
+
+      *dot++ = '\0';
+      prng_bytes (rnd_bytes, sizeof (rnd_bytes));
+      rnd_str = format_hex_ex (rnd_bytes, sizeof (rnd_bytes), 40, 0, NULL, gc);
+      buf_printf(&hname, "%s-0x%s.%s", hst, rnd_str, dot);
+      return BSTR(&hname);
+    }
+  else
+    return hostname;
+}
+
+#else
+
+const char *
+hostname_randomize(const char *hostname, struct gc_arena *gc)
+{
+  msg (M_WARN, "WARNING: hostname randomization disabled when crypto support is not compiled");
+  return hostname;
+}
+
 #endif
 
 /*
-- 
cgit