summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/dnsfunneld.html9
-rw-r--r--src/dnsfunnel/dnsfunneld.c26
2 files changed, 20 insertions, 15 deletions
diff --git a/doc/dnsfunneld.html b/doc/dnsfunneld.html
index 7fde21f..ae03cf1 100644
--- a/doc/dnsfunneld.html
+++ b/doc/dnsfunneld.html
@@ -29,7 +29,7 @@ queries, the responses, or both.
 <h2> Interface </h2>
 
 <pre>
-     dnsfunneld [ -v <em>verbosity</em> ] [ -1 ] [ -U | -u <em>uid</em> -g <em>gid</em> ] [ -i <em>ip</em>:<em>port</em> ] [ -R <em>root</em> ] [ -b <em>bufsize</em> ] [ -t <em>globaltimeout</em> ] [ -X | -x ] [ -N | -n ]
+     dnsfunneld [ -v <em>verbosity</em> ] [ -1 ] [ -U | -u <em>uid</em> -g <em>gid</em> ] [ -i <em>ip</em> ] [ -p <em>port</em> ] [ -R <em>root</em> ] [ -b <em>bufsize</em> ] [ -t <em>globaltimeout</em> ] [ -X | -x ] [ -N | -n ]
 </pre>
 
 <ul>
@@ -85,9 +85,10 @@ in the GID environment variable, and drop privileges to that uid/gid. </li>
 <em>uid</em>. </li>
  <li> <tt>-g&nbsp;<em>gid</em></tt>&nbsp;: drop privileges to numerical gid
 <em>gid</em>. </li>
- <li> <tt>-i&nbsp;<em>ip</em>:<em>port</em></tt>&nbsp;: bind the socket to
-IPv4 <em>ip</em> and port <em>port</em>. Default for <em>ip</em> is
-<tt>127.0.0.1</tt>; default for <em>port</em> is 53. </li>
+ <li> <tt>-i&nbsp;<em>ip</em></tt>&nbsp;: bind the socket to
+IPv4 <em>ip</em>. Default is <tt>127.0.0.1</tt>. </li>
+ <li> <tt>-p&nbsp;<em>port</em></tt>&nbsp;: bind the socket to
+port <em>port</em>. Default is <tt>53</tt>. </li>
  <li> <tt>-R&nbsp;<em>root</em></tt>&nbsp;: chroot to <em>root</em>. Default
 is <tt>/run/dnsfunnel/root</tt>. Note that chrooting only increases security
 if privileges are also dropped via the <tt>-U</tt> or <tt>-u</tt> and <tt>-g</tt>
diff --git a/src/dnsfunnel/dnsfunneld.c b/src/dnsfunnel/dnsfunneld.c
index 5df06f4..4aa2366 100644
--- a/src/dnsfunnel/dnsfunneld.c
+++ b/src/dnsfunnel/dnsfunneld.c
@@ -37,7 +37,7 @@
 
 #include "dnsfunneld.h"
 
-#define USAGE "dnsfunneld [ -v verbosity ] [ -1 ] [ -U | -u uid -g gid ] [ -i ip:port ] [ -R root ] [ -b bufsize ] [ -t globaltimeout ] [ -X | -x ] [ -N | -n ]"
+#define USAGE "dnsfunneld [ -v verbosity ] [ -1 ] [ -U | -u uid -g gid ] [ -i ip ] [ -p port ] [ -R root ] [ -b bufsize ] [ -t globaltimeout ] [ -X | -x ] [ -N | -n ]"
 #define dieusage() strerr_dieusage(100, USAGE)
 
 #define DNSFUNNELD_INPUT_MAX 64
@@ -156,6 +156,15 @@ static inline void sanitize_and_new (char const *buf, unsigned int len, char con
   else query_new(&d, qtype, hdr.id, ip, port, 0) ;
 }
 
+static inline size_t ip40_scan (char const *s, char *ip)
+{
+  char t[4] ;
+  size_t l = ip4_scan(s, t) ;
+  if (!l || s[l]) return 0 ;
+  memcpy(ip, t, 4) ;
+  return l ;
+}
+
 int main (int argc, char const *const *argv)
 {
   int spfd = -1 ;
@@ -166,19 +175,17 @@ int main (int argc, char const *const *argv)
     int flagU = 0 ;
     uid_t uid = -1 ;
     gid_t gid = -1 ;
-    char const *ipport = "127.0.0.1:53" ;
     char const *root = "/run/dnsfunnel/root" ;
     int notif = 0 ;
     int fd ;
-    char ip[4] ;
-    size_t pos ;
     unsigned int t = 0 ;
-    uint16_t port ;
+    char ip[4] = { 127, 0, 0, 1 } ;
+    uint16_t port = 53 ;
     subgetopt_t l = SUBGETOPT_ZERO ;
 
     for (;;)
     {
-      int opt = subgetopt_r(argc, argv, "v:1Uu:g:i:R:b:t:XxNn", &l) ;
+      int opt = subgetopt_r(argc, argv, "v:1Uu:g:i:p:R:b:t:XxNn", &l) ;
       if (opt == -1) break ;
       switch (opt)
       {
@@ -187,7 +194,8 @@ int main (int argc, char const *const *argv)
         case 'U' : flagU = 1 ; break ;
         case 'u' : if (!uid0_scan(l.arg, &uid)) dieusage() ; break ;
         case 'g' : if (!gid0_scan(l.arg, &gid)) dieusage() ; break ;
-        case 'i' : ipport = l.arg ; break ;
+        case 'i' : if (!ip40_scan(l.arg, ip)) dieusage() ; break ;
+        case 'p' : if (!uint160_scan(l.arg, &port)) dieusage() ; break ;
         case 'R' : root = l.arg ; break ;
         case 'b' : if (!uint0_scan(l.arg, &bufsize)) dieusage() ; break ;
         case 't' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ;
@@ -202,10 +210,6 @@ int main (int argc, char const *const *argv)
 
     if (t) tain_from_millisecs(&globaltto, t) ;
     else globaltto = tain_infinite_relative ;
-    pos = ip4_scan(ipport, ip) ;
-    if (!pos) dieusage() ;
-    if (ipport[pos] != ':') dieusage() ;
-    if (!uint160_scan(ipport + pos + 1, &port)) dieusage() ;
     if (fcntl(1, F_GETFD) < 0)
     {
       if (notif) strerr_dief1sys(100, "option -1 given but stdout unavailable") ;