v4.24-9652-beta

src/Cedar/Cedar.h

@@ -138,7 +138,7 @@
 #define	CEDAR_VER					424
 
 // Build Number
-#define	CEDAR_BUILD					9651
+#define	CEDAR_BUILD					9652
 
 // Beta number
 //#define	BETA_NUMBER					3
@@ -158,11 +158,11 @@
 
 // Specifies the build date
 #define	BUILD_DATE_Y		2017
-#define	BUILD_DATE_M		10
-#define	BUILD_DATE_D		23
-#define	BUILD_DATE_HO		1
-#define	BUILD_DATE_MI		4
-#define	BUILD_DATE_SE		19
+#define	BUILD_DATE_M		12
+#define	BUILD_DATE_D		21
+#define	BUILD_DATE_HO		10
+#define	BUILD_DATE_MI		34
+#define	BUILD_DATE_SE		43
 
 // Tolerable time difference
 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)

src/Cedar/IPsec_IkePacket.c

@@ -3055,7 +3055,7 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
 	// Generation of data 2
 	data2_size = h->HashSize + hmac_block_size;
 
-	for (i = 0;i < HMAC_BLOCK_SIZE;i++)
+	for (i = 0;i < hmac_block_size;i++)
 	{
 		data2[i] = k[i] ^ 0x5c;
 	}

src/Cedar/Logging.c

@@ -1307,6 +1307,11 @@ UINT CalcPacketLoggingLevelEx(HUB_LOG *g, PKT *packet)
 				// OpenVPN connection request
 				ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]);
 				break;
+
+			case L7_DNS:
+				// DNS request
+				ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]);
+				break;
 			}
 
 			break;
@@ -1354,6 +1359,11 @@ UINT CalcPacketLoggingLevelEx(HUB_LOG *g, PKT *packet)
 				// OpenVPN connection request
 				ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]);
 				break;
+
+			case L7_DNS:
+				// DNS request
+				ret = MAX(ret, g->PacketLogConfig[PACKET_LOG_TCP_CONN]);
+				break;
 			}
 
 			break;
@@ -1759,6 +1769,13 @@ char *PacketLogParseProc(RECORD *rec)
 					}
 					break;
 
+				case L7_DNS:
+					// DNS query
+					t->Token[6] = CopyStr("DNSv4");
+					t->Token[7] = CopyStr("DNS_Query");
+					t->Token[14] = CopyStr(p->DnsQueryHost);
+					break;
+
 				default:
 					// Unknown Packet
 					t->Token[6] = CopyStr("UDPv4");
@@ -2024,6 +2041,13 @@ char *PacketLogParseProc(RECORD *rec)
 					}
 					break;
 
+				case L7_DNS:
+					// DNS query
+					t->Token[6] = CopyStr("DNSv6");
+					t->Token[7] = CopyStr("DNS_Query");
+					t->Token[14] = CopyStr(p->DnsQueryHost);
+					break;
+
 				default:
 					t->Token[6] = CopyStr("UDPv6");
 					break;

src/Cedar/Server.c

@@ -924,7 +924,7 @@ void SiWriteSysLog(SERVER *s, char *typestr, char *hubname, wchar_t *message)
 	// Date and time
 	LocalTime(&st);
 	if(s->StrictSyslogDatetimeFormat){
-		GetDateTimeStrRFC3164(datetime, sizeof(datetime), &st, GetCurrentTimezone());
+		GetDateTimeStrRFC3339(datetime, sizeof(datetime), &st, GetCurrentTimezone());
 	}else{
 		GetDateTimeStrMilli(datetime, sizeof(datetime), &st);
 	}

src/Cedar/Virtual.c

@@ -6955,104 +6955,6 @@ NAT_ENTRY *CreateNatDns(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT de
 	return n;
 }
 
-// Get the next byte
-UCHAR GetNextByte(BUF *b)
-{
-	UCHAR c = 0;
-	// Validate arguments
-	if (b == NULL)
-	{
-		return 0;
-	}
-
-	if (ReadBuf(b, &c, 1) != 1)
-	{
-		return 0;
-	}
-
-	return c;
-}
-
-// Interpret the DNS query
-bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size)
-{
-	BUF *b;
-	char tmp[257];
-	bool ok = true;
-	USHORT val;
-	// Validate arguments
-	if (name == NULL || data == NULL || data_size == 0)
-	{
-		return false;
-	}
-	StrCpy(name, name_size, "");
-
-	b = NewBuf();
-	WriteBuf(b, data, data_size);
-	SeekBuf(b, 0, 0);
-
-	while (true)
-	{
-		UINT next_len = (UINT)GetNextByte(b);
-		if (next_len > 0)
-		{
-			// Read only the specified length
-			Zero(tmp, sizeof(tmp));
-			if (ReadBuf(b, tmp, next_len) != next_len)
-			{
-				ok = false;
-				break;
-			}
-			// Append
-			if (StrLen(name) != 0)
-			{
-				StrCat(name, name_size, ".");
-			}
-			StrCat(name, name_size, tmp);
-		}
-		else
-		{
-			// Read all
-			break;
-		}
-	}
-
-	if (ReadBuf(b, &val, sizeof(val)) != sizeof(val))
-	{
-		ok = false;
-	}
-	else
-	{
-		if (Endian16(val) != 0x01 && Endian16(val) != 0x0c)
-		{
-			ok = false;
-		}
-	}
-
-	if (ReadBuf(b, &val, sizeof(val)) != sizeof(val))
-	{
-		ok = false;
-	}
-	else
-	{
-		if (Endian16(val) != 0x01)
-		{
-			ok = false;
-		}
-	}
-
-	FreeBuf(b);
-
-	if (ok == false || StrLen(name) == 0)
-	{
-		return false;
-	}
-	else
-	{
-		return true;
-	}
-}
-
 // Set the VGS host name
 void SetDnsProxyVgsHostname(char *hostname)
 {

src/Cedar/Virtual.h

@@ -594,9 +594,7 @@ void SendTcp(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, UI
 void DnsProxy(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size);
 bool ParseDnsPacket(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size);
 bool ParseDnsPacketEx(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT dest_port, void *data, UINT size, DNS_PARSED_PACKET *parsed_result);
-bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size);
 void SetDnsProxyVgsHostname(char *hostname);
-UCHAR GetNextByte(BUF *b);
 bool NatTransactDns(VH *v, NAT_ENTRY *n);
 void NatDnsThread(THREAD *t, void *param);
 bool NatGetIP(IP *ip, char *hostname);

src/CurrentBuild.txt

@@ -1,4 +1,4 @@
-BUILD_NUMBER 9651
+BUILD_NUMBER 9652
 VERSION 424
 BUILD_NAME beta
-BUILD_DATE 20171023_010419
+BUILD_DATE 20171221_103443

src/Mayaqua/Kernel.c

@@ -1631,8 +1631,8 @@ void GetDateTimeStrMilli(char *str, UINT size, SYSTEMTIME *st)
 		st->wMilliseconds);
 }
 
-// Get the date and time string in RFC3164 format (example: 2017-09-27T18:25:55.434-9:00)
-void GetDateTimeStrRFC3164(char *str, UINT size, SYSTEMTIME *st, int timezone_min){
+// Get the date and time string in RFC3339 format (example: 2017-09-27T18:25:55.434-9:00)
+void GetDateTimeStrRFC3339(char *str, UINT size, SYSTEMTIME *st, int timezone_min){
 	// Validate arguments
 	if (str == NULL || st == NULL)
 	{

src/Mayaqua/Kernel.h

@@ -248,7 +248,7 @@ void GetTimeStrEx64(wchar_t *str, UINT size, UINT64 sec64, LOCALE *locale);
 void GetDateStrEx64(wchar_t *str, UINT size, UINT64 sec64, LOCALE *locale);
 void GetTimeStrMilli64(char *str, UINT size, UINT64 sec64);
 void GetTimeStr64(char *str, UINT size, UINT64 sec64);
-void GetDateTimeStrRFC3164(char *str, UINT size, SYSTEMTIME *st, int timezone_min);
+void GetDateTimeStrRFC3339(char *str, UINT size, SYSTEMTIME *st, int timezone_min);
 UINT64 SafeTime64(UINT64 sec64);
 bool Run(char *filename, char *arg, bool hide, bool wait);
 bool RunW(wchar_t *filename, wchar_t *arg, bool hide, bool wait);

src/Mayaqua/TcpIp.c

@@ -1688,6 +1688,10 @@ PKT *ClonePacket(PKT *p, bool copy_data)
 		ret->L7.IkeHeader = MallocFast(sizeof(IKE_HEADER));
 		Copy(ret->L7.IkeHeader, p->L7.IkeHeader, sizeof(IKE_HEADER));
 		break;
+
+	case L7_DNS:
+		StrCpy(ret->DnsQueryHost, sizeof(ret->DnsQueryHost), p->DnsQueryHost);
+		break;
 	}
 
 	// Address data
@@ -1845,12 +1849,13 @@ PKT *ParsePacketEx4(UCHAR *buf, UINT size, bool no_l3, UINT vlan_type_id, bool b
 		USHORT port_raw = Endian16(80);
 		USHORT port_raw2 = Endian16(8080);
 		USHORT port_raw3 = Endian16(443);
+		USHORT port_raw4 = Endian16(3128);
 
 		// Analyze if the packet is a part of HTTP
 		if ((p->TypeL3 == L3_IPV4 || p->TypeL3 == L3_IPV6) && p->TypeL4 == L4_TCP)
 		{
 			TCP_HEADER *tcp = p->L4.TCPHeader;
-			if (tcp != NULL && (tcp->DstPort == port_raw || tcp->DstPort == port_raw2) &&
+			if (tcp != NULL && (tcp->DstPort == port_raw || tcp->DstPort == port_raw2 || tcp->DstPort == port_raw4) &&
 				(!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
 			{
 				if (p->PayloadSize >= 1)
@@ -3010,6 +3015,148 @@ bool ParseTCP(PKT *p, UCHAR *buf, UINT size)
 	return true;
 }
 
+// Get the next byte
+UCHAR GetNextByte(BUF *b)
+{
+	UCHAR c = 0;
+	// Validate arguments
+	if (b == NULL)
+	{
+		return 0;
+	}
+
+	if (ReadBuf(b, &c, 1) != 1)
+	{
+		return 0;
+	}
+
+	return c;
+}
+
+// Interpret the DNS query
+bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size)
+{
+	BUF *b;
+	char tmp[257];
+	bool ok = true;
+	USHORT val;
+	// Validate arguments
+	if (name == NULL || data == NULL || data_size == 0)
+	{
+		return false;
+	}
+	StrCpy(name, name_size, "");
+
+	b = NewBuf();
+	WriteBuf(b, data, data_size);
+	SeekBuf(b, 0, 0);
+
+	while (true)
+	{
+		UINT next_len = (UINT)GetNextByte(b);
+		if (next_len > 0)
+		{
+			// Read only the specified length
+			Zero(tmp, sizeof(tmp));
+			if (ReadBuf(b, tmp, next_len) != next_len)
+			{
+				ok = false;
+				break;
+			}
+			// Append
+			if (StrLen(name) != 0)
+			{
+				StrCat(name, name_size, ".");
+			}
+			StrCat(name, name_size, tmp);
+		}
+		else
+		{
+			// Read all
+			break;
+		}
+	}
+
+	if (ReadBuf(b, &val, sizeof(val)) != sizeof(val))
+	{
+		ok = false;
+	}
+	else
+	{
+		if (Endian16(val) != 0x01 && Endian16(val) != 0x0c)
+		{
+			ok = false;
+		}
+	}
+
+	if (ReadBuf(b, &val, sizeof(val)) != sizeof(val))
+	{
+		ok = false;
+	}
+	else
+	{
+		if (Endian16(val) != 0x01)
+		{
+			ok = false;
+		}
+	}
+
+	FreeBuf(b);
+
+	if (ok == false || StrLen(name) == 0)
+	{
+		return false;
+	}
+	else
+	{
+		return true;
+	}
+}
+
+// DNS parsing
+void ParseDNS(PKT *p, UCHAR *buf, UINT size)
+{
+	UCHAR *query_data;
+	UINT query_data_size;
+	DNSV4_HEADER *dns;
+	char hostname[MAX_SIZE];
+	if (p == NULL|| buf == NULL)
+	{
+		return;
+	}
+
+	if (size < sizeof(DNSV4_HEADER))
+	{
+		return;
+	}
+
+	dns = (DNSV4_HEADER *)buf;
+
+	if ((dns->Flag1 & 78) != 0 || (dns->Flag1 & 0x80) != 0)
+	{
+		// Illegal opcode
+		return;
+	}
+	if (Endian16(dns->NumQuery) != 1)
+	{
+		// Number of queries is invalid
+		return;
+	}
+
+	query_data = ((UCHAR *)dns) + sizeof(DNSV4_HEADER);
+	query_data_size = size - sizeof(DNSV4_HEADER);
+
+	// Interpret the query
+	if (ParseDnsQuery(hostname, sizeof(hostname), query_data, query_data_size) == false)
+	{
+		// Interpretation fails
+		return;
+	}
+
+	StrCpy(p->DnsQueryHost, sizeof(p->DnsQueryHost), hostname);
+	p->TypeL7 = L7_DNS;
+}
+
 // UDP parsing
 bool ParseUDP(PKT *p, UCHAR *buf, UINT size)
 {
@@ -3053,6 +3200,12 @@ bool ParseUDP(PKT *p, UCHAR *buf, UINT size)
 		}
 	}
 
+	if (dst_port == 53)
+	{
+		ParseDNS(p, buf, size);
+		return true;
+	}
+
 	if (src_port == 500 || dst_port == 500 || src_port == 4500 || dst_port == 4500)
 	{
 		if (p->PayloadSize >= sizeof(IKE_HEADER))

src/Mayaqua/TcpIp.h

@@ -705,6 +705,7 @@ struct PKT
 	UCHAR				*Payload;		// Pointer to the payload of TCP or UDP
 	UINT				PayloadSize;	// Payload size
 	struct HTTPLOG		*HttpLog;		// HTTP log
+	char DnsQueryHost[64];				// DNS hostname
 } GCC_PACKED;
 
 // Layer-3 packet classification
@@ -728,6 +729,7 @@ struct PKT
 #define	L7_DHCPV4			1		// DHCPv4 packet
 #define	L7_IKECONN			2		// IKE connection request packet
 #define	L7_OPENVPNCONN		3		// OpenVPN connection request packet
+#define L7_DNS				4		// DNS packet
 
 
 // IKE header
@@ -869,6 +871,7 @@ bool ParseICMPv6(PKT *p, UCHAR *buf, UINT size);
 bool ParseTCP(PKT *p, UCHAR *buf, UINT size);
 bool ParseUDP(PKT *p, UCHAR *buf, UINT size);
 void ParseDHCPv4(PKT *p, UCHAR *buf, UINT size);
+void ParseDNS(PKT *p, UCHAR *buf, UINT size);
 PKT *ClonePacket(PKT *p, bool copy_data);
 void FreeClonePacket(PKT *p);
 
@@ -901,6 +904,8 @@ void FreeDHCPv4Data(DHCPV4_DATA *d);
 bool AdjustTcpMssL3(UCHAR *src, UINT src_size, UINT mss);
 bool AdjustTcpMssL2(UCHAR *src, UINT src_size, UINT mss, USHORT tag_vlan_tpid);
 UINT GetIpHeaderSize(UCHAR *src, UINT src_size);
+bool ParseDnsQuery(char *name, UINT name_size, void *data, UINT data_size);
+UCHAR GetNextByte(BUF *b);
 
 bool IsDhcpPacketForSpecificMac(UCHAR *data, UINT size, UCHAR *mac_address);
 

src/vpnweb/vpnweb.h

@@ -4,7 +4,7 @@
 
 
  /* File created by MIDL compiler version 7.00.0500 */
-/* at Mon Oct 23 01:04:35 2017
+/* at Thu Dec 21 10:34:58 2017
  */
 /* Compiler settings for .\vpnweb.idl:
     Oicf, W1, Zp8, env=Win32 (32b run)

src/vpnweb/vpnweb_i.c

@@ -6,7 +6,7 @@
 
 
  /* File created by MIDL compiler version 7.00.0500 */
-/* at Mon Oct 23 01:04:35 2017
+/* at Thu Dec 21 10:34:58 2017
  */
 /* Compiler settings for .\vpnweb.idl:
     Oicf, W1, Zp8, env=Win32 (32b run)

src/vpnweb/vpnweb_p.c

@@ -4,7 +4,7 @@
 
 
  /* File created by MIDL compiler version 7.00.0500 */
-/* at Mon Oct 23 01:04:35 2017
+/* at Thu Dec 21 10:34:58 2017
  */
 /* Compiler settings for .\vpnweb.idl:
     Oicf, W1, Zp8, env=Win32 (32b run)