diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2018-02-07 01:02:47 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2018-02-07 01:02:47 +0000 |
| commit | 3006c43c444754ca61b618a05b637710bbe1dfab (patch) | |
| tree | 086b85497f392a5ac4772b46c54ff65a4c1d2f03 | |
| parent | 0fe97d16eb05f1cc4e9f10caab4d86878eecb3ee (diff) | |
remove the magic dns port hijacking feature. it's complicated and
brittle, and never quite made the next step to being useful.
| -rw-r--r-- | usr.sbin/rebound/rebound.8 | 13 | ||||
| -rw-r--r-- | usr.sbin/rebound/rebound.c | 23 |
2 files changed, 6 insertions, 30 deletions
diff --git a/usr.sbin/rebound/rebound.8 b/usr.sbin/rebound/rebound.8 index 83de981a445..381000e2076 100644 --- a/usr.sbin/rebound/rebound.8 +++ b/usr.sbin/rebound/rebound.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rebound.8,v 1.9 2018/01/12 04:36:45 deraadt Exp $ +.\" $OpenBSD: rebound.8,v 1.10 2018/02/07 01:02:46 tedu Exp $ .\" .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> .\" @@ -13,7 +13,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: January 12 2018 $ +.Dd $Mdocdate: February 7 2018 $ .Dt REBOUND 8 .Os .Sh NAME @@ -27,16 +27,9 @@ .Sh DESCRIPTION The .Nm -daemon proxies DNS requests. +daemon proxies and caches DNS requests. It listens by default on localhost and forwards queries to another server. .Pp -When -.Nm -starts, it sets the -.Dv kern.dnsjackport -.Xr sysctl 2 -which enables it to intercept all DNS traffic. -.Pp If sent a .Dv SIGUSR1 signal, diff --git a/usr.sbin/rebound/rebound.c b/usr.sbin/rebound/rebound.c index ecc1ef699ca..d27e0651832 100644 --- a/usr.sbin/rebound/rebound.c +++ b/usr.sbin/rebound/rebound.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rebound.c,v 1.92 2018/02/06 20:38:47 tedu Exp $ */ +/* $OpenBSD: rebound.c,v 1.93 2018/02/07 01:02:46 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -966,15 +966,6 @@ doublebreak: return 1; } -static void -resetport(void) -{ - int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT }; - int jackport = 0; - - sysctl(dnsjacking, 2, NULL, NULL, &jackport, sizeof(jackport)); -} - static void __dead usage(void) { @@ -985,8 +976,6 @@ usage(void) int main(int argc, char **argv) { - int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT }; - int jackport = 54; union sockun bindaddr; int ld, ld6, ud, ud6, ch; int one = 1; @@ -1009,7 +998,6 @@ main(int argc, char **argv) break; case 'l': bindname = optarg; - jackport = 0; break; case 'W': daemonized = 1; @@ -1032,7 +1020,7 @@ main(int argc, char **argv) memset(&bindaddr, 0, sizeof(bindaddr)); bindaddr.i.sin_len = sizeof(bindaddr.i); bindaddr.i.sin_family = AF_INET; - bindaddr.i.sin_port = htons(jackport ? jackport : 53); + bindaddr.i.sin_port = htons(53); inet_aton(bindname, &bindaddr.i.sin_addr); ud = socket(AF_INET, SOCK_DGRAM, 0); @@ -1053,7 +1041,7 @@ main(int argc, char **argv) memset(&bindaddr, 0, sizeof(bindaddr)); bindaddr.i6.sin6_len = sizeof(bindaddr.i6); bindaddr.i6.sin6_family = AF_INET6; - bindaddr.i6.sin6_port = htons(jackport ? jackport : 53); + bindaddr.i6.sin6_port = htons(53); bindaddr.i6.sin6_addr = in6addr_loopback; ud6 = socket(AF_INET6, SOCK_DGRAM, 0); @@ -1071,11 +1059,6 @@ main(int argc, char **argv) if (listen(ld6, 10) == -1) logerr("listen: %s", strerror(errno)); - if (jackport) { - atexit(resetport); - sysctl(dnsjacking, 2, NULL, NULL, &jackport, sizeof(jackport)); - } - if (debug) { int conffd = openconfig(confname, -1); return workerloop(conffd, ud, ld, ud6, ld6); |