search

randomstuff / dnsfwd

DNS forwarder over a (TCP) virtual circuit
MIT License
23 stars 4 forks source link

error: use of undeclared identifier 'SO_DOMAIN' #1

Closed vollkommenheit closed 8 years ago

vollkommenheit commented 8 years ago

Getting the following during make on macOS (OS X / Darwin):

/dnsfwd/src/dnsfwd.hpp:137:7: warning: suggest braces around initialization of subobject [-Wmissing-braces] boost::asio::buffer( &networksize, sizeof(networksize) ), ^~~~~~~~~~~~~ /dnsfwd/src/server.cpp:48:34: error: use of undeclared identifier 'SO_DOMAIN' if (getsockopt(fd, SOL_SOCKET, SO_DOMAIN, &domain, &len) != 0) { ^ /dnsfwd/src/server.cpp:60:34: error: use of undeclared identifier 'SO_PROTOCOL' if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &protocol, &len) != 0) { ^ 1 warning and 2 errors generated. make[2]: * [CMakeFiles/dnsfwd.dir/src/server.cpp.o] Error 1 make[2]: * Waiting for unfinished jobs.... In file included from /dnsfwd/src/service.cpp:24: /dnsfwd/src/dnsfwd.hpp:137:7: warning: suggest braces around initialization of subobject [-Wmissing-braces] boost::asio::buffer( &networksize, sizeof(networksize) ), ^~~~~~~~~~~~~

Supposedly, SO_DOMAIN is Linux only and SO_PROTOCOL is not defined on OS X and platform-dependent: https://trac.torproject.org/projects/tor/ticket/13571 http://archives.seul.org/tor/bugs/Oct-2014/msg01489.html http://tor-dev.torproject.narkive.com/sBOppDHG/torsocks-2-0-0-rc1-release https://github.com/dgoulet/torsocks/commit/1e4e20b1bbed7d2e3b8b4d60420a746a0615f1af

https://stackoverflow.com/questions/24418930/os-x-getsockopt-no-so-protocol

I realize this is prototype project written on Linux. It would be nice to be able to built and use it on non-Linux BSD-like platforms such OS X, since the project is the implementation of a great concept.

randomstuff commented 8 years ago

Yes, it would definitely be great to be able to use it on non-Linux systems. This part (SO_DOMAIN, SO_PROTOCOL) is only used for systemd socket activation support anyway so it would make sense to make it a compile-time option.

randomstuff commented 8 years ago

I disabled the remaining socket-activation bits when the (USE_SYSTEMD) option is off. This should fix the issue. I'll try to get a BSD environment to test if it works successfully now.

vollkommenheit commented 8 years ago

Thanks! It built successfully:

/dnsfwd/src/dnsfwd.hpp:139:7: /dnsfwd/src/dnsfwd.hpp:139:7: warningwarning: : suggest braces suggestaround bracesinitialization aroundof initializationsubobject of [-Wmissing-braces]subobject [-Wmissing-braces] boost::asio::buffer( &networksize, sizeof(networksize) ), ^~~~~~~~~~~~~ boost::asio::buffer( &networksize, sizeof(networksize) ), ^~~~~~~~~~~~~ 1 warning generated. [ 50%] Building CXX object CMakeFiles/dnsfwd.dir/src/server.cpp.o /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++ -std=c++11 -Wall -o CMakeFiles/dnsfwd.dir/src/server.cpp.o -c /dnsfwd/src/server.cpp 1 warning generated. [ 66%] Building CXX object CMakeFiles/dnsfwd.dir/src/service.cpp.o /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++ -std=c++11 -Wall -o CMakeFiles/dnsfwd.dir/src/service.cpp.o -c /dnsfwd/src/service.cpp In file included from /dnsfwd/src/server.cpp:24: /dnsfwd/src/dnsfwd.hpp:139:7: warning: suggest braces around initialization of subobject [-Wmissing-braces] boost::asio::buffer( &networksize, sizeof(networksize) ), ^~~~~~~~~~~~~ 1 warning generated. [ 83%] Building CXX object CMakeFiles/dnsfwd.dir/src/config.cpp.o /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++ -std=c++11 -Wall -o CMakeFiles/dnsfwd.dir/src/config.cpp.o -c /dnsfwd/src/config.cpp In file included from /dnsfwd/src/service.cpp:24: /dnsfwd/src/dnsfwd.hpp:139:7: warning: suggest braces around initialization of subobject [-Wmissing-braces] boost::asio::buffer( &networksize, sizeof(networksize) ), ^~~~~~~~~~~~~ 1 warning generated. In file included from /dnsfwd/src/config.cpp:39: /dnsfwd/src/dnsfwd.hpp:139:7: warning: suggest braces around initialization of subobject [-Wmissing-braces] boost::asio::buffer( &networksize, sizeof(networksize) ), ^~~~~~~~~~~~~ /dnsfwd/src/config.cpp:104:12: warning: moving a local object in a return statement prevents copy elision [-Wpessimizing-move] return std::move(res); ^ /dnsfwd/src/config.cpp:104:12: note: remove std::move call here return std::move(res); ^~~~~~ ~ 2 warnings generated. [100%] Linking CXX executable dnsfwd /usr/local/Cellar/cmake/3.6.1/bin/cmake -E cmake_link_script CMakeFiles/dnsfwd.dir/link.txt --verbose=1 /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++ -std=c++11 -Wall -Wl,-search_paths_first -Wl,-headerpad_max_install_names CMakeFiles/dnsfwd.dir/src/dnsfwd.cpp.o CMakeFiles/dnsfwd.dir/src/client.cpp.o CMakeFiles/dnsfwd.dir/src/server.cpp.o CMakeFiles/dnsfwd.dir/src/service.cpp.o CMakeFiles/dnsfwd.dir/src/config.cpp.o -o dnsfwd -lboost_system -lboost_program_options -lpthread [100%] Built target dnsfwd /usr/local/Cellar/cmake/3.6.1/bin/cmake -E cmake_progress_start /dnsfwd/CMakeFiles 0

Then, I rebuilt with the optimization technique discussed at https://www.phoronix.com/forums/forum/software/general-linux-open-source/34334-link-time-optimizations-with-gcc-4-8

git clone https://github.com/randomstuff/dnsfwd cd dnsfwd cmake . export CFLAGS='-flto' export CXXFLAGS="${CFLAGS}" export LDFLAGS='-O3 -march=native -flto' make

This results in a dnsfwd binary that's one third the size of the non-optimized one built earlier: -rwxr-xr-x 1 myuid staff 304K Oct 31 18:44 ./dnsfwd -rwxr-xr-x 1 myuid admin 960K Oct 31 18:34 /usr/local/bin/dnsfwd

Now I get to try out the functionalities.

vollkommenheit commented 8 years ago

I can't seem to figure out how to use dnsfwd, even after looking at config.cpp.

If unbound is left running on localhost at udp port 53, with

sudo dnsfwd --bind-udp 127.0.0.1 --connect-tcp 127.0.0.1@53 --logformat human --loglevel 5 I get:

<2>bind: Address already in use

If I move unbound to port 5353, with

sudo dnsfwd --bind-udp 127.0.0.1 --connect-tcp 127.0.0.1@5353 --logformat human --loglevel 5 or sudo dnsfwd --bind-udp localhost --connect-tcp 127.0.0.1@5353 --logformat human --loglevel 5 or sudo dnsfwd --bind-udp 127.0.0.1 --connect-tcp 8.8.8.8 --logformat human --loglevel 5

Telnet to localhost port 53 shows all connections refused. I'm not sure if @53 is the right syntax. While dnsfwd is running like the above, port 53 is still available. So it doesn't seem it's running.

randomstuff commented 8 years ago

OK, the documentation is lacking. I'll add some examples, manpage, usage information.

Some examples:

dnsfwd --bind-udp 127.0.0.1:9999 --connect-tcp 127.0.0.1:43
sudo dnsfwd --bind-udp 127.0.0.1:43 --connect-tcp 80.67.188.188:43
randomstuff commented 8 years ago

Also, be aware that there is currently no code to drop privileges. If you want to listen on port 53, the process will run as root (without socket activation). I added some warning in the README in this regard.

vollkommenheit commented 8 years ago

With dnsfwd --bind-udp 127.0.0.1:9999 --connect-tcp 127.0.0.1:53 --logformat human --loglevel 5, I still get telnet: connect to address 127.0.0.1: Connection refused.

randomstuff commented 8 years ago

You have a(nother) service listening on 127.0.0.1:53?

vollkommenheit commented 8 years ago

Yes, currently (and usually) unbound, with

interface: ::1@53 interface: 127.0.0.1@53

randomstuff commented 8 years ago

telnet? which telnet?

vollkommenheit commented 8 years ago

As in "/usr/bin/telnet 127.0.0.1 9999". Is 127.0.0.1 not supposed to respond when listening on UDP port 9999?

randomstuff commented 8 years ago

Yes but telnet does not do UDP. You can test with dig -p 9999 @127.0.0.1 www.wikipedia.org for example.

vollkommenheit commented 8 years ago

Got it!

dig +dnssec +short debian.org @localhost -p9999

130.89.148.14 149.20.20.22 140.211.15.34 128.31.0.62 5.153.231.4 A 8 2 300 20161211043848 20161101033848 22800 debian.org. zKupw68khUScrvgLbwkk38eWTpFgggSgi4v9p4I+xM4J1obMcMp/3Jaj A5tvZnXFPI6CwrYEvSNI0qKH9keKXgFqAvsFuqqNx6DZCxDSI35pU5iR xs7M/a6wuPKW8vbIx5/MK7mV2Q4ezFmM943T8lyiYmYpZiHD0wJIfmJw JwcbDvvi6aggM1iFUw+ZOwrsoWK8VNzFvK47OoFPWmnoAJeo238S8fOa KxWm1FDQdk0uA6yKCCVK2mUOOYWix2J2

Nov 01 13:41:33 unbound[58649:2] info: 127.0.0.1 debian.org. A IN Nov 01 13:41:33 unbound[58649:2] info: resolving debian.org. A IN Nov 01 13:41:33 unbound[58649:2] info: response for debian.org. A IN Nov 01 13:41:33 unbound[58649:2] info: reply from <.> 8.8.4.4#53 Nov 01 13:41:33 unbound[58649:2] info: query response was ANSWER Nov 01 13:41:33 unbound[58649:2] info: resolving debian.org. DS IN Nov 01 13:41:33 unbound[58649:2] info: response for debian.org. DS IN Nov 01 13:41:33 unbound[58649:2] info: reply from <.> 8.8.8.8#53 Nov 01 13:41:33 unbound[58649:2] info: query response was ANSWER Nov 01 13:41:33 unbound[58649:2] info: validated DS debian.org. DS IN Nov 01 13:41:33 unbound[58649:2] info: resolving debian.org. DNSKEY IN Nov 01 13:41:33 unbound[58649:2] info: response for debian.org. DNSKEY IN Nov 01 13:41:33 unbound[58649:2] info: validated DNSKEY debian.org. DNSKEY IN Nov 01 13:41:33 unbound[58649:2] info: validate(positive): sec_status_secure

vollkommenheit commented 8 years ago

After a while, dnsfwd always shuts down though:

dnsfwd --bind-udp 127.0.0.1:9999 --connect-tcp 127.0.0.1:53

<2>shutdown: Socket is not connected

Is that related to Issue https://github.com/randomstuff/dnsfwd/issues/2 ?

randomstuff commented 8 years ago

I can't reproduce this one. Maybe you could open another bug for this.