aboutsummaryrefslogtreecommitdiff
path: root/misc.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2009-08-22 18:29:20 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2009-08-22 18:29:20 +0000
commit8e9666d57550398eabd619b34d90ec69d69eb218 (patch)
tree9b4e7f4693a085cafc910534844434aac8ba104e /misc.c
parentFixed ifconfig command for "topology subnet" on FreeBSD (Stefan Bethke). (diff)
downloadopenvpn-8e9666d57550398eabd619b34d90ec69d69eb218.tar.xz
Added --remote-random-hostname option.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4843 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'misc.c')
-rw-r--r--misc.c38
1 files changed, 38 insertions, 0 deletions
diff --git a/misc.c b/misc.c
index d9735bc..33e6762 100644
--- a/misc.c
+++ b/misc.c
@@ -1186,6 +1186,44 @@ create_temp_filename (const char *directory, const char *prefix, struct gc_arena
return gen_path (directory, BSTR (&fname), gc);
}
+/*
+ * Add a random string to first DNS label of hostname to prevent DNS caching.
+ * For example, foo.bar.gov would be modified to <random-chars>.foo.bar.gov.
+ * Of course, this requires explicit support in the DNS server.
+ */
+const char *
+hostname_randomize(const char *hostname, struct gc_arena *gc)
+{
+ const int n_rnd_bytes = 6;
+
+ char *hst = string_alloc(hostname, gc);
+ char *dot = strchr(hst, '.');
+
+ if (dot)
+ {
+ uint8_t rnd_bytes[n_rnd_bytes];
+ const char *rnd_str;
+ struct buffer hname = alloc_buf_gc (strlen(hostname)+sizeof(rnd_bytes)*2+4, gc);
+
+ *dot++ = '\0';
+ prng_bytes (rnd_bytes, sizeof (rnd_bytes));
+ rnd_str = format_hex_ex (rnd_bytes, sizeof (rnd_bytes), 40, 0, NULL, gc);
+ buf_printf(&hname, "%s-0x%s.%s", hst, rnd_str, dot);
+ return BSTR(&hname);
+ }
+ else
+ return hostname;
+}
+
+#else
+
+const char *
+hostname_randomize(const char *hostname, struct gc_arena *gc)
+{
+ msg (M_WARN, "WARNING: hostname randomization disabled when crypto support is not compiled");
+ return hostname;
+}
+
#endif
/*