Hi,
this is actually not only asking for an ACK, but also for users that
rely on the *old* behaviour ("foo.bar.gov" -> "foo-0x12345.bar.gov")
and would be surprised.
gert
On Sun, Nov 17, 2013 at 03:30:20PM +0100, Gert Doering wrote:
> Documentation examples, description and code were disagreeing on what
> this option actually does. Now they will all agree that it will
> *prepend* a random-byte string to the hostname name before resolving
> to work around DNS caching (needs a "*" wildcard record in the zone).
>
> Fix trac #143
>
> Signed-off-by: Gert Doering <g...@greenie.muc.de>
> ---
> doc/openvpn.8 | 2 +-
> src/openvpn/misc.c | 27 +++++++++------------------
> 2 files changed, 10 insertions(+), 19 deletions(-)
>
> diff --git a/doc/openvpn.8 b/doc/openvpn.8
> index b53d383..3e2e1a4 100644
> --- a/doc/openvpn.8
> +++ b/doc/openvpn.8
> @@ -271,7 +271,7 @@ failover capability.
> .\"*********************************************************
> .TP
> .B \-\-remote-random-hostname
> -Add a random string (6 characters) to first DNS label of hostname to prevent
> +Prepend a random string (6 bytes, 12 hex characters) to hostname to prevent
> DNS caching. For example, "foo.bar.gov" would be modified to
> "<random-chars>.foo.bar.gov".
> .\"*********************************************************
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 4688444..7483184 100644
> --- a/src/openvpn/misc.c
> +++ b/src/openvpn/misc.c
> @@ -926,32 +926,23 @@ create_temp_file (const char *directory, const char
> *prefix, struct gc_arena *gc
> }
>
> /*
> - * Add a random string to first DNS label of hostname to prevent DNS caching.
> + * Prepend a random string to hostname to prevent DNS caching.
> * For example, foo.bar.gov would be modified to <random-chars>.foo.bar.gov.
> - * Of course, this requires explicit support in the DNS server.
> + * Of course, this requires explicit support in the DNS server (wildcard).
> */
> const char *
> hostname_randomize(const char *hostname, struct gc_arena *gc)
> {
> # define n_rnd_bytes 6
>
> - char *hst = string_alloc(hostname, gc);
> - char *dot = strchr(hst, '.');
> + uint8_t rnd_bytes[n_rnd_bytes];
> + const char *rnd_str;
> + struct buffer hname = alloc_buf_gc
> (strlen(hostname)+sizeof(rnd_bytes)*2+4, gc);
>
> - if (dot)
> - {
> - uint8_t rnd_bytes[n_rnd_bytes];
> - const char *rnd_str;
> - struct buffer hname = alloc_buf_gc
> (strlen(hostname)+sizeof(rnd_bytes)*2+4, gc);
> -
> - *dot++ = '\0';
> - prng_bytes (rnd_bytes, sizeof (rnd_bytes));
> - rnd_str = format_hex_ex (rnd_bytes, sizeof (rnd_bytes), 40, 0, NULL,
> gc);
> - buf_printf(&hname, "%s-0x%s.%s", hst, rnd_str, dot);
> - return BSTR(&hname);
> - }
> - else
> - return hostname;
> + prng_bytes (rnd_bytes, sizeof (rnd_bytes));
> + rnd_str = format_hex_ex (rnd_bytes, sizeof (rnd_bytes), 40, 0, NULL, gc);
> + buf_printf(&hname, "%s.%s", rnd_str, hostname);
> + return BSTR(&hname);
> # undef n_rnd_bytes
> }
>
> --
> 1.8.1.5
>
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgplDmZQ2njGO.pgp
Description: PGP signature
