#11 Permit tc to work even w/o local DNS
I have found the usefulness of transconnect limited on
my network by a significant restriction: TC does no DNS
lookups, and if your local (firewalled) DNS server does
not provide lookups for external hosts, you cannot
access them until you give an IP address. Even finding
the IP address is difficult, you have to go to some
public (web-based) DNS resolution service.
So I suggest another transposition hack.
---
(1) Preload gethostbyname.
(2) If requested not to do DNS tricks by the config
file, forward to the real gethostbyname; if requested
to do tricks, continue.
(3) Keep a static table and index in the .so, say:
char*[65536] hosts_gotten_by_name;
// unsigned 16-bit var:
u_short hosts_index = 0;
(4) When gethostbyname("foo.org") is called, save
"foo.org" in hosts_gotten_by_name[hosts_index++].
Return a hostent giving the IP address as e.g.
127.69.<<idx>> where <<idx>> is a 2-octet sequence
corresponding to 0<=hosts_index<65536. Note that this
is a *bogus* IP address.
(5) When connect() is called, check the IP address
given. If it is of the form 127.69.x.y, use
char *host = hosts_gotten_by_name[256*x+y];
(6) In this case, use the host in the proxy, e.g.:
CONNECT foo.org:1234
Otherwise use the IP address as you do currently.
(7) Advise users that all hosts are resolved in this
way by default. If there are particular hosts which
should not be resolved this way, use /etc/hosts to
hardcode the IPs. Or, have some way of masking out
certain domains from DNS faking.
---
Do you think this would work? Then if some program with
the preload installed runs code such as "look up host
foo.org and connect on port 1234", it will actually get
your fake IP 127.69.0.17, pass that to connect(), and
yet the proxy server will get the correct line to
connect to foo.org:1234.
Of course if your program looks up more than 64K hosts
and then tries to go back and connect to an old one, it
will fail, but this seems unlikely. So long as it does
a lookup and soon follows it by a connect, it can
continue indefinitely: the index will wrap around to
zero and begin overwriting old hostnames. You probably
need to strdup() and malloc/free the hostnames for
safety, I suppose. It may not be safe to free a
hostname after it is connect()d to, since a program
might reconnect without a new call to gethostbyname().
I may be willing to prototype such a patch if there is
any interest.
Logged In: YES
user_id=257383
Seems TC 1.3 Beta already lets you proxy DNS over TCP? I
haven't tried it yet but it may supercede this request.