From d7bcbafd6d5cb3e69c494e739e82229a1c68b37d Mon Sep 17 00:00:00 2001 From: tedu Date: Wed, 7 Feb 2018 01:02:46 +0000 Subject: [PATCH] remove the magic dns port hijacking feature. it's complicated and brittle, and never quite made the next step to being useful. --- usr.sbin/rebound/rebound.8 | 13 +++---------- usr.sbin/rebound/rebound.c | 23 +++-------------------- 2 files changed, 6 insertions(+), 30 deletions(-) diff --git a/usr.sbin/rebound/rebound.8 b/usr.sbin/rebound/rebound.8 index 83de981a445..381000e2076 100644 --- a/usr.sbin/rebound/rebound.8 +++ b/usr.sbin/rebound/rebound.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rebound.8,v 1.9 2018/01/12 04:36:45 deraadt Exp $ +.\" $OpenBSD: rebound.8,v 1.10 2018/02/07 01:02:46 tedu Exp $ .\" .\"Copyright (c) 2015 Ted Unangst .\" @@ -13,7 +13,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: January 12 2018 $ +.Dd $Mdocdate: February 7 2018 $ .Dt REBOUND 8 .Os .Sh NAME @@ -27,16 +27,9 @@ .Sh DESCRIPTION The .Nm -daemon proxies DNS requests. +daemon proxies and caches DNS requests. It listens by default on localhost and forwards queries to another server. .Pp -When -.Nm -starts, it sets the -.Dv kern.dnsjackport -.Xr sysctl 2 -which enables it to intercept all DNS traffic. -.Pp If sent a .Dv SIGUSR1 signal, diff --git a/usr.sbin/rebound/rebound.c b/usr.sbin/rebound/rebound.c index ecc1ef699ca..d27e0651832 100644 --- a/usr.sbin/rebound/rebound.c +++ b/usr.sbin/rebound/rebound.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rebound.c,v 1.92 2018/02/06 20:38:47 tedu Exp $ */ +/* $OpenBSD: rebound.c,v 1.93 2018/02/07 01:02:46 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -966,15 +966,6 @@ doublebreak: return 1; } -static void -resetport(void) -{ - int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT }; - int jackport = 0; - - sysctl(dnsjacking, 2, NULL, NULL, &jackport, sizeof(jackport)); -} - static void __dead usage(void) { @@ -985,8 +976,6 @@ usage(void) int main(int argc, char **argv) { - int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT }; - int jackport = 54; union sockun bindaddr; int ld, ld6, ud, ud6, ch; int one = 1; @@ -1009,7 +998,6 @@ main(int argc, char **argv) break; case 'l': bindname = optarg; - jackport = 0; break; case 'W': daemonized = 1; @@ -1032,7 +1020,7 @@ main(int argc, char **argv) memset(&bindaddr, 0, sizeof(bindaddr)); bindaddr.i.sin_len = sizeof(bindaddr.i); bindaddr.i.sin_family = AF_INET; - bindaddr.i.sin_port = htons(jackport ? jackport : 53); + bindaddr.i.sin_port = htons(53); inet_aton(bindname, &bindaddr.i.sin_addr); ud = socket(AF_INET, SOCK_DGRAM, 0); @@ -1053,7 +1041,7 @@ main(int argc, char **argv) memset(&bindaddr, 0, sizeof(bindaddr)); bindaddr.i6.sin6_len = sizeof(bindaddr.i6); bindaddr.i6.sin6_family = AF_INET6; - bindaddr.i6.sin6_port = htons(jackport ? jackport : 53); + bindaddr.i6.sin6_port = htons(53); bindaddr.i6.sin6_addr = in6addr_loopback; ud6 = socket(AF_INET6, SOCK_DGRAM, 0); @@ -1071,11 +1059,6 @@ main(int argc, char **argv) if (listen(ld6, 10) == -1) logerr("listen: %s", strerror(errno)); - if (jackport) { - atexit(resetport); - sysctl(dnsjacking, 2, NULL, NULL, &jackport, sizeof(jackport)); - } - if (debug) { int conffd = openconfig(confname, -1); return workerloop(conffd, ud, ld, ud6, ld6); -- 2.20.1