static void register_send(settings_t *settings)
{
dns_t *dns;
uint8_t *packet;
uint32_t packet_length;
/* Create the DNS object. */
dns = dns_create();
dns->flags = FLAGS_R_REQUEST | FLAGS_NM_RD | FLAGS_NM_B;
if(settings->query_type == TYPE_REGISTER)
dns->flags = FLAGS_OPCODE_NAME_REGISTRATION;
else if(settings->query_type == TYPE_REFRESH)
dns->flags = FLAGS_OPCODE_NAME_REFRESH;
else if(settings->query_type == TYPE_RELEASE)
dns->flags = FLAGS_OPCODE_NAME_RELEASE;
else
fprintf(stderr, "Unknown query type made it into register_send() -- %d\n", settings->query_type);
dns->trn_id = 0x1337;
/* Add the question/additional. */
dns_add_netbios_question(dns, settings->name, settings->name_type, NULL, DNS_TYPE_NB, 0x0001);
dns_add_additional_NB(dns, settings->name, settings->name_type, NULL, 0x0001, 0, 0x0000, settings->source);
/* Convert the DNS object to a packet. */
packet = dns_to_packet(dns, &packet_length);
dns_destroy(dns);
/* Put it on the wire. */
fprintf(stderr, "Sending query.\n");
udp_send(settings->socket, settings->target, settings->port, packet, packet_length);
safe_free(packet);
}
static void send_conflict_response(settings_t *settings, int socket, char *addr, uint16_t port, char *name, uint8_t name_type, uint16_t trn_id)
{
dns_t *response = dns_create();
uint8_t *packet;
uint32_t packet_length;
fprintf(stderr, "Replying to registration request for '%s<%02x>' with a conflict (%s)\n", name, name_type, settings->source);
response->trn_id = trn_id;
response->flags = FLAGS_R_RESPONSE | FLAGS_OPCODE_NAME_REGISTRATION | FLAGS_NM_AA | FLAGS_NM_RD | FLAGS_NM_RA | FLAGS_RCODE_ACT_ERR;
dns_add_answer_NB(response, name, name_type, NULL, 1, 0, 0x0000, settings->source ? settings->source : "0.0.0.0");
packet = dns_to_packet(response, &packet_length);
dns_destroy(response);
udp_send(socket, addr, port, packet, packet_length);
safe_free(packet);
}
static void send_poison_response(settings_t *settings, int socket, char *addr, uint16_t port, char *name, uint8_t name_type, uint16_t trn_id)
{
dns_t *response = dns_create();
uint8_t *packet;
uint32_t packet_length;
fprintf(stderr, "Replying to request for '%s<%02x>' with %s\n", name, name_type, settings->source);
response->trn_id = trn_id;
response->flags = FLAGS_R_RESPONSE | FLAGS_OPCODE_QUERY | FLAGS_NM_AA | FLAGS_NM_RD;
dns_add_answer_NB(response, name, name_type, NULL, 1, 0, 0x0000, settings->source);
packet = dns_to_packet(response, &packet_length);
dns_destroy(response);
udp_send(socket, addr, port, packet, packet_length);
safe_free(packet);
}
static void query_send(settings_t *settings)
{
dns_t *dns;
uint8_t *packet;
uint32_t packet_length;
/* Create the DNS object. */
dns = dns_create();
dns->flags = FLAGS_R_REQUEST | FLAGS_OPCODE_QUERY | FLAGS_NM_B;
dns->trn_id = 0x1337;
/* Add the question. */
dns_add_netbios_question(dns, settings->name, settings->name_type, NULL, settings->query_type == TYPE_QUERY_NB ? DNS_TYPE_NB : DNS_TYPE_NBSTAT, 0x0001);
/* Convert the DNS object to a packet. */
packet = dns_to_packet(dns, &packet_length);
dns_destroy(dns);
/* Put it on the wire. */
fprintf(stderr, "Sending query.\n");
udp_send(settings->socket, settings->target, settings->port, packet, packet_length);
safe_free(packet);
}
static SELECT_RESPONSE_t dns_callback(void *group, int socket, uint8_t *packet, size_t packet_length, char *addr, uint16_t port, void *s)
{
settings_t *settings = (settings_t*) s;
dns_t *response;
uint8_t *response_packet;
uint32_t response_packet_length;
/* Parse the DNS packet. */
dns_t *request = dns_create_from_packet(packet, packet_length);
/* Create the response packet. */
response = dns_create();
response->trn_id = request->trn_id;
response->flags = 0x8000;
if(request->question_count > 0)
{
int i;
/* Display the questions. */
for(i = 0; i < request->question_count; i++)
{
/* Grab the question and display it. */
question_t this_question = request->questions[i];
fprintf(stderr, "Question %d: %s (0x%04x 0x%04x)\n", i, this_question.name, this_question.type, this_question.class);
/* Add an answer, if appropriate. */
dns_add_question(response, this_question.name, this_question.type, this_question.class);
if(settings->A && (this_question.type == DNS_TYPE_A || this_question.type == DNS_TYPE_ANY))
{
fprintf(stderr, "(Responding with %s)\n", settings->A);
dns_add_answer_A(response, this_question.name, 0x0001, settings->TTL, settings->A);
}
#ifndef WIN32
else if(settings->AAAA && this_question.type == DNS_TYPE_AAAA)
{
fprintf(stderr, "(Responding with %s)\n", settings->AAAA);
dns_add_answer_AAAA(response, this_question.name, 0x0001, settings->TTL, settings->AAAA);
}
#endif
}
/* If we have any answers, send back our packet. */
if(response->answer_count > 0)
{
/* Send the packet. */
response_packet = dns_to_packet(response, &response_packet_length);
udp_send(socket, addr, port, response_packet, response_packet_length);
}
else
{
/* Send back an error. */
response_packet = dns_create_error_string(request->trn_id, request->questions[0], &response_packet_length);
udp_send(socket, addr, port, response_packet, response_packet_length);
}
/* Delete the response. */
safe_free(response_packet);
dns_destroy(response);
/* Delete the request. */
dns_destroy(request);
}
/* This function expects to receive the proper length of data. */
static void handle_packet_out(driver_dns_t *driver, uint8_t *data, size_t length)
{
size_t i;
dns_t *dns;
buffer_t *buffer;
uint8_t *encoded_bytes;
size_t encoded_length;
uint8_t *dns_bytes;
size_t dns_length;
size_t section_length;
assert(driver->s != -1); /* Make sure we have a valid socket. */
assert(data); /* Make sure they aren't trying to send NULL. */
assert(length > 0); /* Make sure they aren't trying to send 0 bytes. */
assert(length <= MAX_DNSCAT_LENGTH(driver->domain));
buffer = buffer_create(BO_BIG_ENDIAN);
/* If no domain is set, add the wildcard prefix at the start. */
if(!driver->domain)
{
buffer_add_bytes(buffer, (uint8_t*)WILDCARD_PREFIX, strlen(WILDCARD_PREFIX));
buffer_add_int8(buffer, '.');
}
section_length = 0;
/* TODO: I don't much care for this loop... */
for(i = 0; i < length; i++)
{
char hex_buf[3];
#ifdef WIN32
sprintf_s(hex_buf, 3, "%02x", data[i]);
#else
sprintf(hex_buf, "%02x", data[i]);
#endif
buffer_add_bytes(buffer, hex_buf, 2);
/* Add periods when we need them. */
section_length += 2;
if(i + 1 != length && section_length + 2 >= MAX_FIELD_LENGTH)
{
section_length = 0;
buffer_add_int8(buffer, '.');
}
}
/* If a domain is set, instead of the wildcard prefix, add the domain to the end. */
if(driver->domain)
{
buffer_add_int8(buffer, '.');
buffer_add_bytes(buffer, driver->domain, strlen(driver->domain));
}
buffer_add_int8(buffer, '\0');
/* Get the result out. */
encoded_bytes = buffer_create_string_and_destroy(buffer, &encoded_length);
/* Double-check we didn't mess up the length. */
assert(encoded_length <= MAX_DNS_LENGTH);
dns = dns_create(_DNS_OPCODE_QUERY, _DNS_FLAG_RD, _DNS_RCODE_SUCCESS);
dns_add_question(dns, (char*)encoded_bytes, driver->type, _DNS_CLASS_IN);
dns_bytes = dns_to_packet(dns, &dns_length);
LOG_INFO("Sending DNS query for: %s to %s:%d", encoded_bytes, driver->dns_host, driver->dns_port);
udp_send(driver->s, driver->dns_host, driver->dns_port, dns_bytes, dns_length);
safe_free(dns_bytes);
safe_free(encoded_bytes);
dns_destroy(dns);
}