Upgrade code to iodine 0.7.0 and improve logging

AndroidManifest.xml

@@ -11,6 +11,7 @@
     <uses-permission android:name="android.permission.INTERNET"/>
 
     <application
+            android:debuggable="true"
             android:allowBackup="false"
             android:icon="@drawable/logo"
             android:label="@string/app_name"

jni/Android.mk

@@ -34,15 +34,4 @@ LOCAL_SRC_FILES := iodine-client.c \
  iodine/src/client.c \
  iodine/src/util.c
 
-$(LOCAL_PATH)/iodine/src/base64u.c: $(LOCAL_PATH)/iodine/src/base64.c $(LOCAL_PATH)/iodine/src/base64u.h
-	@echo Making $@
-	@echo '/* No use in editing, produced by Makefile! */' > $@
-	@sed -e 's/\([Bb][Aa][Ss][Ee]64\)/\1u/g ; s/0123456789+/0123456789_/' < $< >> $@
-
-$(LOCAL_PATH)/iodine/src/base64u.h: $(LOCAL_PATH)/iodine/src/base64.h
-	@echo Making $@
-	@echo '/* No use in editing, produced by Makefile! */' > $@
-	@sed -e 's/\([Bb][Aa][Ss][Ee]64\)/\1u/g ; s/0123456789+/0123456789_/' < $< >> $@
-
-
 include $(BUILD_SHARED_LIBRARY)

jni/iodine-client.c

@@ -3,6 +3,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <unistd.h>
+#include <netdb.h>
 
 #include <jni.h>
 
@@ -89,13 +90,18 @@ JNIEXPORT jint JNICALL Java_org_xapek_andiodine_IodineClient_connect(
 	// XXX strdup leaks
 	const char *__p_nameserv_addr = (*env)->GetStringUTFChars(env,
 			j_nameserv_addr, NULL);
-	const char *p_nameserv_addr = strdup(__p_nameserv_addr);
+	char *p_nameserv_addr = strdup(__p_nameserv_addr);
+	struct sockaddr_storage p_nameserv;
+	int p_nameserv_len = get_addr(p_nameserv_addr, 53, AF_INET, 0, &p_nameserv);
 	(*env)->ReleaseStringUTFChars(env, j_nameserv_addr, __p_nameserv_addr);
 
 	const char *__p_topdomain = (*env)->GetStringUTFChars(env, j_topdomain,
 			NULL);
 	const char *p_topdomain = strdup(__p_topdomain);
+	__android_log_print(ANDROID_LOG_ERROR, "iodine", "Topdomain from vm: %s", p_topdomain);
+
 	(*env)->ReleaseStringUTFChars(env, j_topdomain, __p_topdomain);
+	__android_log_print(ANDROID_LOG_ERROR, "iodine", "Topdomain from vm: %s", p_topdomain);
 
 	const char *p_password = (*env)->GetStringUTFChars(env, j_password, NULL);
 	char passwordField[33];
@@ -126,14 +132,14 @@ JNIEXPORT jint JNICALL Java_org_xapek_andiodine_IodineClient_connect(
 
 	srand((unsigned) time(NULL));
 	client_init();
-	client_set_nameserver(p_nameserv_addr, DNS_PORT);
+	client_set_nameserver(&p_nameserv, p_nameserv_len);
 	client_set_selecttimeout(selecttimeout);
 	client_set_lazymode(lazy_mode);
 	client_set_topdomain(p_topdomain);
 	client_set_hostname_maxlen(hostname_maxlen);
 	client_set_password(passwordField);
 
-	if ((dns_fd = open_dns(0, INADDR_ANY)) == -1) {
+	if ((dns_fd = open_dns_from_host(NULL, 0, AF_INET, AI_PASSIVE)) == -1) {
 		printf("Could not open dns socket: %s", strerror(errno));
 		return 1;
 	}

jni/iodine/CHANGELOG

@@ -5,7 +5,30 @@ iodine - http://code.kryo.se/iodine
 
 CHANGES:
 
-2010-02-13: 0.6.0-rc1 "Hotspotify"
+2014-06-16: 0.7.0 "Kryoptonite"
+	- Partial IPv6 support (#107)
+	   Client can connect to iodined through an relaying IPv6
+	   nameserver. Server only supports IPv4 for now.
+	   Traffic inside tunnel is IPv4.
+	- Add socket activation for systemd, by Michael Scherer.
+	- Add automated lookup of external ip (via -n auto).
+	- Bugfix for OS X (Can't assign requested address)
+	- Fix DNS tunneling bug caused by uninitialized variable, #94
+	- Handle spaces when entering password interactively, fixes #93.
+		Patch by Hagar.
+	- Add -R option to set OpenBSD routing domain for the DNS socket.
+		Patch by laurent at gouloum fr, fixes #95.
+	- Add android patches and makefile, from Marcel Bokhorst, fixes #105.
+	- Added missing break in iodine.c, by Pavel Pergamenshchik, #108.
+	- A number of minor patches from Frank Denis, Gregor Herrmann and
+		Barak A. Pearlmutter.
+	- Testcase compilation fixes for OS X and FreeBSD
+	- Do not let sockets be inherited by sub-processes, fixes #99.
+	- Add unspecified RR type (called PRIVATE; id 65399, in private use
+		range). For servers with RFC3597 support. Fixes #97.
+	- Fix authentication bypass vulnerability; found by Oscar Reparaz.
+
+2010-02-06: 0.6.0-rc1 "Hotspotify"
 	- Fixed tunnel not working on Windows.
 	- Any device name is now supported on Windows, fixes #47.
 	- Multiple installed TAP32 interfaces are now supported, fixes #46.
@@ -30,6 +53,7 @@ CHANGES:
 	- Merged low-latency patch from Anne Bezemer, fixes #76.
 	- Resolve client nameserver argument if given as hostname, fixes #82.
 	- Open log before chroot, fixes #86: logging on FreeBSD.
+	- Merged big bugfix patch from Anne Bezemer, #88.
 
 2009-06-01: 0.5.2 "WifiFree"
 	- Fixed client segfault on OS X, #57

jni/iodine/Makefile

@@ -1,4 +1,4 @@
-prefix=/usr/local
+prefix?=/usr/local
 sbindir=$(prefix)/sbin
 datadir=$(prefix)/share
 mandir=$(datadir)/man
@@ -16,24 +16,9 @@ RM_FLAGS=-f
 
 TARGETOS = `uname`
 
-all: 
+all:
 	@(cd src; $(MAKE) TARGETOS=$(TARGETOS) all)
 
-cross-mingw: 
-	@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-mingw32-gcc all)
-
-cross-mingw-dist: cross-mingw
-	@rm -rf iodine-latest-win32*
-	@mkdir -p iodine-latest-win32/bin
-	@for i in `ls bin`; do cp bin/$$i iodine-latest-win32/bin/$$i.exe; done
-	@cp /usr/i686-mingw32/usr/bin/zlib1.dll iodine-latest-win32/bin
-	@cp README* CH* TO* iodine-latest-win32
-	@echo "Create date: " > iodine-latest-win32/VERSION
-	@date >> iodine-latest-win32/VERSION
-	@echo "SVN version: " >> iodine-latest-win32/VERSION
-	@svnversion >> iodine-latest-win32/VERSION
-	@zip -r iodine-latest-win32.zip iodine-latest-win32
-
 install: all
 	$(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(sbindir)
 	$(INSTALL) $(INSTALL_FLAGS) bin/iodine $(DESTDIR)$(sbindir)/iodine
@@ -48,7 +33,7 @@ uninstall:
 	$(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodine
 	$(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodined
 	$(RM) $(RM_FLAGS) $(DESTDIR)$(mandir)/man8/iodine.8
-	
+
 test: all
 	@echo "!! The check library is required for compiling and running the tests"
 	@echo "!! Get it at http://check.sf.net"
@@ -58,5 +43,62 @@ clean:
 	@echo "Cleaning..."
 	@(cd src; $(MAKE) clean)
 	@(cd tests; $(MAKE) clean)
-	@rm -rf bin iodine-latest-win32*
+	@rm -rf bin iodine-latest*
+
+#Helper target for windows/android zipfiles
+iodine-latest:
+	@rm -rf iodine-latest*
+	@mkdir -p iodine-latest
+	@echo "Create date: " > iodine-latest/VERSION.txt
+	@date >> iodine-latest/VERSION.txt
+	@echo "Git version: " >> iodine-latest/VERSION.txt
+	@git rev-parse HEAD >> iodine-latest/VERSION.txt
+	@for i in README CHANGELOG TODO; do cp $$i iodine-latest/$$i.txt; done
+	@unix2dos iodine-latest/*
+
+cross-android:
+	@(cd src; $(MAKE) base64u.c base64u.h)
+	@(cd src; ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk)
+
+iodine-latest-android.zip: iodine-latest
+	@mv iodine-latest iodine-latest-android
+	@mkdir -p iodine-latest-android/armeabi iodine-latest-android/x86
+	@$(MAKE) cross-android TARGET_ARCH_ABI=armeabi
+	@cp src/libs/armeabi/* iodine-latest-android/armeabi
+	@$(MAKE) cross-android TARGET_ARCH_ABI=x86
+	@cp src/libs/x86/* iodine-latest-android/x86
+	@cp README-android.txt iodine-latest-android
+	@zip -r iodine-latest-android.zip iodine-latest-android
+
+cross-mingw32:
+	@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-w64-mingw32-gcc all)
+
+cross-mingw64:
+	@(cd src; $(MAKE) TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc all)
+
+iodine-latest-windows.zip: iodine-latest
+	@mv iodine-latest iodine-latest-windows
+	@mkdir -p iodine-latest-windows/64bit iodine-latest-windows/32bit
+	@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-w64-mingw32-gcc clean all)
+	@i686-w64-mingw32-strip bin/iodine*
+	@for i in `ls bin`; do cp bin/$$i iodine-latest-windows/32bit/$$i.exe; done
+	@cp /usr/i686-w64-mingw32/bin/zlib1.dll iodine-latest-windows/32bit
+	@(cd src; $(MAKE) TARGETOS=windows32 CC=x86_64-w64-mingw32-gcc clean all)
+	@x86_64-w64-mingw32-strip bin/iodine*
+	@for i in `ls bin`; do cp bin/$$i iodine-latest-windows/64bit/$$i.exe; done
+	@cp /usr/x86_64-w64-mingw32/bin/zlib1.dll iodine-latest-windows/64bit
+	@cp README-win32.txt iodine-latest-windows
+	@zip -r iodine-latest-windows.zip iodine-latest-windows
+
+cross-mingw:
+	@(cd src; $(MAKE) TARGETOS=windows32 CC=i686-mingw32-gcc all)
+
+iodine-latest-win32.zip: cross-mingw iodine-latest
+	@mv iodine-latest iodine-latest-win32
+	@mkdir -p iodine-latest-win32/bin
+	@i686-mingw32-strip bin/iodine*
+	@for i in `ls bin`; do cp bin/$$i iodine-latest-win32/bin/$$i.exe; done
+	@cp /usr/i686-mingw32/usr/bin/zlib1.dll iodine-latest-win32/bin
+	@cp README-win32.txt iodine-latest-win32
+	@zip -r iodine-latest-win32.zip iodine-latest-win32
 

jni/iodine/README

@@ -8,6 +8,17 @@ server. This can be usable in different situations where internet access is
 firewalled, but DNS queries are allowed.
 
 
+COMPILING:
+
+Iodine has no configure script. There are two optional features for Linux
+(SELinux and systemd support) that will be enabled automatically if the
+relevant header files are found in /usr/include. (See script at ./src/osflags)
+
+Run 'make' to compile the server and client binaries.
+Run 'make install' to copy binaries and manpage to the destination directory.
+Run 'make test' to compile and run the unit tests. (Requires the check library)
+
+
 QUICKSTART:
 
 Try it out within your own LAN! Follow these simple steps:
@@ -103,6 +114,16 @@ end of the tunnel. In this case, ping 192.168.99.1 from the iodine client, and
 
 MISC. INFO:
 
+IPv6:
+At the moment the iodined server only supports IPv4. The data inside the tunnel
+is IPv4 only.
+
+The client can use IPv4 or IPv6 nameservers to connect to iodined. The relay
+nameservers will translate between protocols automatically if needed. Use
+options -4 or -6 to force the client to use a specific IP version for its DNS
+queries. The client has to force IPv4 if it has dual-stack connectivity and
+the hostname handling the tunnel domain has both A and AAAA records.
+
 Routing:
 It is possible to route all traffic through the DNS tunnel. To do this, first
 add a host route to the nameserver used by iodine over the wired/wireless
@@ -156,27 +177,28 @@ packet, and one query can be max 256 chars. Each domain name part can be max
 63 chars. So your domain name and subdomain should be as short as possible to
 allow maximum upstream throughput.
 
-Several DNS request types are supported, with the NULL type expected to provide
-the largest downstream bandwidth. Other available types are TXT, SRV, MX,
-CNAME and A (returning CNAME), in decreasing bandwidth order. Normally the
+Several DNS request types are supported, with the NULL and PRIVATE types
+expected to provide the largest downstream bandwidth. The PRIVATE type uses
+value 65399 in the private-use range. Other available types are TXT, SRV, MX,
+CNAME and A (returning CNAME), in decreasing bandwidth order.  Normally the
 "best" request type is autodetected and used. However, DNS relays may impose
 limits on for example NULL and TXT, making SRV or MX actually the best choice.
-This is not autodetected, but can be forced using the -T option. It is
+This is not autodetected, but can be forced using the -T option.  It is
 advisable to try various alternatives especially when the autodetected request
 type provides a downstream fragment size of less than 200 bytes.
 
 Note that SRV, MX and A (returning CNAME) queries may/will cause additional
 lookups by "smart" caching nameservers to get an actual IP address, which may
 either slow down or fail completely.
 
-DNS responses for non-NULL queries can be encoded with the same set of codecs
-as upstream data. This is normally also autodetected, but no fully exhaustive
-tests are done, so some problems may not be noticed when selecting more
-advanced codecs. In that case, you'll see failures/corruption in the fragment
-size autoprobe. In particular, several DNS relays have been found that change
-replies returning hostnames (SRV, MX, CNAME, A) to lowercase only when that
-hostname exceeds ca. 180 characters. In these and similar cases, use the -O
-option to try other downstream codecs; Base32 should always work.
+DNS responses for non-NULL/PRIVATE queries can be encoded with the same set of
+codecs as upstream data. This is normally also autodetected, but no fully
+exhaustive tests are done, so some problems may not be noticed when selecting
+more advanced codecs. In that case, you'll see failures/corruption in the
+fragment size autoprobe. In particular, several DNS relays have been found that
+change replies returning hostnames (SRV, MX, CNAME, A) to lowercase only when
+that hostname exceeds ca. 180 characters. In these and similar cases, use the
+-O option to try other downstream codecs; Base32 should always work.
 
 Normal operation now is for the server to _not_ answer a DNS request until
 the next DNS request has come in, a.k.a. being "lazy". This way, the server
@@ -337,8 +359,8 @@ THANKS:
 
 AUTHORS & LICENSE:
 
-Copyright (c) 2006-2009 Bjorn Andersson <[email protected]>, Erik Ekman <[email protected]>
-Also major contributions by Anne Bezemer.
+Copyright (c) 2006-2014 Erik Ekman <[email protected]>, 2006-2009 Bjorn
+Andersson <[email protected]>. Also major contributions by Anne Bezemer.
 
 Permission to use, copy, modify, and distribute this software for any purpose
 with or without fee is hereby granted, provided that the above copyright notice

jni/iodine/README-android.txt

@@ -0,0 +1,45 @@
+
+
+iodine - http://code.kryo.se/iodine
+
+***********************************
+
+Extra README file for Android
+
+
+== Running iodine on Android:
+1. Get root access on your android device
+
+2. Find/build a compatible tun.ko for your specific Android kernel
+
+3. Copy tun.ko and the iodine binary to your device:
+   (Almost all devices need the armeabi binary. Only Intel powered 
+   ones need the x86 build.)
+
+		adb push tun.ko /data/local/tmp
+		adb push iodine /data/local/tmp
+		adb shell
+		su
+		cd /data/local/tmp
+		chmod 777 iodine
+
+4. Run iodine (see the man page for parameters)
+
+		./iodine ...
+
+For more information: http://blog.bokhorst.biz/5123
+
+== Building iodine for Android:
+1. Download and install the Android SDK and NDK
+
+2. Download and unpack the iodine sources
+
+3. Build:
+		cd src
+		make base64u.h base64u.c
+		ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk
+
+   or run "make cross-android" in the iodine root directory.
+   To build for other archs, specify TARGET_ARCH_ABI: 
+		"make cross-android TARGET_ARCH_ABI=x86"
+

jni/iodine/README-win32.txt

@@ -8,6 +8,9 @@ Extra README file for Win32 related stuff
 
 
 == Running iodine on Windows:
+
+0. After iodine 0.6, you need Windows XP or newer to run.
+
 1. Install the TAP32 driver 
    http://openvpn.net/index.php/open-source/downloads.html
    Choose OpenVPN 2.0.9 Windows Installer, when installing you can

jni/iodine/doc/iodine-server.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Iodine Server
+After=local-fs.target network.target
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/iodine-server
+ExecStart=/usr/local/bin/iodined -i 30 -f $OPTIONS
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target

jni/iodine/doc/iodine-server.socket

@@ -0,0 +1,8 @@
+[Unit]
+Description=Iodine socket
+
+[Socket]
+ListenDatagram=53
+
+[Install]
+WantedBy=sockets.target

jni/iodine/doc/proto_00000502.txt

@@ -122,7 +122,8 @@ Server sends:
 	s or S: Downstream encoding Base64, for TXT/CNAME/A/MX
 	u or U: Downstream encoding Base64u, for TXT/CNAME/A/MX
 	v or V: Downstream encoding Base128, for TXT/CNAME/A/MX
-	r or R: Downstream encoding Raw, for TXT/NULL (default for NULL)
+	r or R: Downstream encoding Raw, for PRIVATE/TXT/NULL (default for
+		PRIVATE and NULL)
 	If codec unsupported for request type, server will use Base32; note
 	that server will answer any mix of request types that a client sends.
 	Server may disregard this option; client must always use the downstream
@@ -188,8 +189,8 @@ encoded with the chosen upstream codec.
 Downstream data starts with 2 byte header. Then payload data, which may be
 compressed.
 
-In NULL responses, downstream data is always raw. In all other response types,
-downstream data is encoded (see Options above).
+In NULL and PRIVATE responses, downstream data is always raw. In all other
+response types, downstream data is encoded (see Options above).
 Encoding type is indicated by 1 prefix char:
 TXT:
 	End result is always DNS-chopped (series of len-prefixed strings