int arp_in (struct rte_mbuf *mbuf) { assert(mbuf->buf_len >= sizeof(struct arp)); struct arp *arp_pkt; struct ether_hdr *eth; uint32_t ip_add = 0; eth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *); assert(rte_pktmbuf_data_len(mbuf) >= (sizeof(struct arp) + sizeof(struct ether_hdr))); arp_pkt = rte_pktmbuf_mtod(mbuf, char *) + sizeof(struct ether_hdr); switch(ntohs(arp_pkt->opcode)) { case ARP_REQ :// send_arp_reply(arp_pkt->dst_pr_add, arp_pkt->src_pr_add); break; /* uint32_t ip_add = GetIntAddFromChar(arp_pkt->src_pr_add, 0); add_mac((ip_add), arp_pkt->src_hw_add); logger(ARP, NORMAL, "seen arp packet\n"); break; */ case ARP_REPLY :// ip_add = GetIntAddFromChar(arp_pkt->src_pr_add, 0); add_mac((ip_add), arp_pkt->src_hw_add); break; // default : assert(0); } }
void AddInterface(struct Interface *Iface) { struct Interface *ptr = NULL; int i = 0; ptr = malloc(sizeof(struct Interface)); memcpy(ptr, Iface, sizeof(struct Interface)); ptr->Next = NULL; if(InterfaceList == NULL) { InterfaceList = ptr; } else { InterfaceList->Next = ptr; } uint32_t Ipv4Addr = GetIntAddFromChar(ptr->IP, 0); // ptr->IP[0] | ptr->IP[1] << 8 | ptr->IP[2] << 16 | ptr->IP[3] << 24 ; //printf("assembled mac address = %x\n", Ipv4Addr); add_mac(Ipv4Addr, ptr->HwAddress); }
void InitInterface(struct Interface *IfList[], UINT Count) { struct Interface *ptr = NULL; int i = 0; for(i=0; i<Count; i++) { ptr = malloc(sizeof(struct Interface)); memcpy(ptr, IfList[i], sizeof(struct Interface)); ptr->Next = NULL; if(i==0) { InterfaceList = ptr; } else { InterfaceList->Next = ptr; } uint32_t Ipv4Addr = GetIntAddFromChar(ptr->IP, 0); // ptr->IP[0] | ptr->IP[1] << 8 | ptr->IP[2] << 16 | ptr->IP[3] << 24 ; //printf("assembled mac address = %x\n", Ipv4Addr); add_mac(Ipv4Addr, ptr->HwAddress); } }
/* The daemon forks before calling this: it should deal with one connection, blocking as neccessary, and then return. Note, need to be a bit careful about resources for debug mode, when the fork is suppressed: that's done by the caller. */ unsigned char *tcp_request(int confd, time_t now, union mysockaddr *local_addr, struct in_addr netmask) { size_t size = 0; int norebind = 0; int checking_disabled; size_t m; unsigned short qtype, gotname; unsigned char c1, c2; /* Max TCP packet + slop */ unsigned char *packet = whine_malloc(65536 + MAXDNAME + RRFIXEDSZ); struct dns_header *header; struct server *last_server; struct in_addr dst_addr_4; union mysockaddr peer_addr; socklen_t peer_len = sizeof(union mysockaddr); if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) == -1) return packet; while (1) { if (!packet || !read_write(confd, &c1, 1, 1) || !read_write(confd, &c2, 1, 1) || !(size = c1 << 8 | c2) || !read_write(confd, packet, size, 1)) return packet; if (size < (int)sizeof(struct dns_header)) continue; header = (struct dns_header *)packet; /* save state of "cd" flag in query */ checking_disabled = header->hb4 & HB4_CD; /* RFC 4035: sect 4.6 para 2 */ header->hb4 &= ~HB4_AD; if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype))) { char types[20]; querystr(types, qtype); if (peer_addr.sa.sa_family == AF_INET) log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, (struct all_addr *)&peer_addr.in.sin_addr, types); #ifdef HAVE_IPV6 else log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, (struct all_addr *)&peer_addr.in6.sin6_addr, types); #endif } if (local_addr->sa.sa_family == AF_INET) dst_addr_4 = local_addr->in.sin_addr; else dst_addr_4.s_addr = 0; /* m > 0 if answered from cache */ m = answer_request(header, ((char *) header) + 65536, (unsigned int)size, dst_addr_4, netmask, now); /* Do this by steam now we're not in the select() loop */ check_log_writer(NULL); if (m == 0) { unsigned int flags = 0; struct all_addr *addrp = NULL; int type = 0; char *domain = NULL; if (option_bool(OPT_ADD_MAC)) size = add_mac(header, size, ((char *) header) + 65536, &peer_addr); if (gotname) flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind); if (type != 0 || option_bool(OPT_ORDER) || !daemon->last_server) last_server = daemon->servers; else last_server = daemon->last_server; if (!flags && last_server) { struct server *firstsendto = NULL; unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff); /* Loop round available servers until we succeed in connecting to one. Note that this code subtley ensures that consecutive queries on this connection which can go to the same server, do so. */ while (1) { if (!firstsendto) firstsendto = last_server; else { if (!(last_server = last_server->next)) last_server = daemon->servers; if (last_server == firstsendto) break; } /* server for wrong domain */ if (type != (last_server->flags & SERV_TYPE) || (type == SERV_HAS_DOMAIN && !hostname_isequal(domain, last_server->domain))) continue; if (last_server->tcpfd == -1) { if ((last_server->tcpfd = socket(last_server->addr.sa.sa_family, SOCK_STREAM, 0)) == -1) continue; if ((!local_bind(last_server->tcpfd, &last_server->source_addr, last_server->interface, 1) || connect(last_server->tcpfd, &last_server->addr.sa, sa_len(&last_server->addr)) == -1)) { close(last_server->tcpfd); last_server->tcpfd = -1; continue; } #ifdef HAVE_CONNTRACK /* Copy connection mark of incoming query to outgoing connection. */ if (option_bool(OPT_CONNTRACK)) { unsigned int mark; struct all_addr local; #ifdef HAVE_IPV6 if (local_addr->sa.sa_family == AF_INET6) local.addr.addr6 = local_addr->in6.sin6_addr; else #endif local.addr.addr4 = local_addr->in.sin_addr; if (get_incoming_mark(&peer_addr, &local, 1, &mark)) setsockopt(last_server->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int)); } #endif } c1 = size >> 8; c2 = size; if (!read_write(last_server->tcpfd, &c1, 1, 0) || !read_write(last_server->tcpfd, &c2, 1, 0) || !read_write(last_server->tcpfd, packet, size, 0) || !read_write(last_server->tcpfd, &c1, 1, 1) || !read_write(last_server->tcpfd, &c2, 1, 1)) { close(last_server->tcpfd); last_server->tcpfd = -1; continue; } m = (c1 << 8) | c2; if (!read_write(last_server->tcpfd, packet, m, 1)) return packet; if (!gotname) strcpy(daemon->namebuff, "query"); if (last_server->addr.sa.sa_family == AF_INET) log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, (struct all_addr *)&last_server->addr.in.sin_addr, NULL); #ifdef HAVE_IPV6 else log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, (struct all_addr *)&last_server->addr.in6.sin6_addr, NULL); #endif /* There's no point in updating the cache, since this process will exit and lose the information after a few queries. We make this call for the alias and bogus-nxdomain side-effects. */ /* If the crc of the question section doesn't match the crc we sent, then someone might be attempting to insert bogus values into the cache by sending replies containing questions and bogus answers. */ if (crc == questions_crc(header, (unsigned int)m, daemon->namebuff)) m = process_reply(header, now, last_server, (unsigned int)m, option_bool(OPT_NO_REBIND) && !norebind, checking_disabled); break; } } /* In case of local answer or no connections made. */ if (m == 0) m = setup_reply(header, (unsigned int)size, addrp, flags, daemon->local_ttl); } check_log_writer(NULL); c1 = m>>8; c2 = m; if (!read_write(confd, &c1, 1, 0) || !read_write(confd, &c2, 1, 0) || !read_write(confd, packet, m, 0)) return packet; }
static int forward_query(int udpfd, union mysockaddr *udpaddr, struct all_addr *dst_addr, unsigned int dst_iface, struct dns_header *header, size_t plen, time_t now, struct frec *forward) { char *domain = NULL; int type = 0, norebind = 0; struct all_addr *addrp = NULL; unsigned int crc = questions_crc(header, plen, daemon->namebuff); unsigned int flags = 0; unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL); struct server *start = NULL; /* RFC 4035: sect 4.6 para 2 */ header->hb4 &= ~HB4_AD; /* may be no servers available. */ if (!daemon->servers) forward = NULL; else if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, crc))) { /* retry on existing query, send to all available servers */ domain = forward->sentto->domain; forward->sentto->failed_queries++; if (!option_bool(OPT_ORDER)) { forward->forwardall = 1; daemon->last_server = NULL; } type = forward->sentto->flags & SERV_TYPE; if (!(start = forward->sentto->next)) start = daemon->servers; /* at end of list, recycle */ header->id = htons(forward->new_id); } else { if (gotname) flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind); if (!flags && !(forward = get_new_frec(now, NULL))) /* table full - server failure. */ flags = F_NEG; if (forward) { forward->source = *udpaddr; forward->dest = *dst_addr; forward->iface = dst_iface; forward->orig_id = ntohs(header->id); forward->new_id = get_id(crc); forward->fd = udpfd; forward->crc = crc; forward->forwardall = 0; if (norebind) forward->flags |= FREC_NOREBIND; if (header->hb4 & HB4_CD) forward->flags |= FREC_CHECKING_DISABLED; header->id = htons(forward->new_id); /* In strict_order mode, always try servers in the order specified in resolv.conf, if a domain is given always try all the available servers, otherwise, use the one last known to work. */ if (type == 0) { if (option_bool(OPT_ORDER)) start = daemon->servers; else if (!(start = daemon->last_server) || daemon->forwardcount++ > FORWARD_TEST || difftime(now, daemon->forwardtime) > FORWARD_TIME) { start = daemon->servers; forward->forwardall = 1; daemon->forwardcount = 0; daemon->forwardtime = now; } } else { start = daemon->servers; if (!option_bool(OPT_ORDER)) forward->forwardall = 1; } } } /* check for send errors here (no route to host) if we fail to send to all nameservers, send back an error packet straight away (helps modem users when offline) */ if (!flags && forward) { struct server *firstsentto = start; int forwarded = 0; if (udpaddr && option_bool(OPT_ADD_MAC)) plen = add_mac(header, plen, ((char *) header) + PACKETSZ, udpaddr); while (1) { /* only send to servers dealing with our domain. domain may be NULL, in which case server->domain must be NULL also. */ if (type == (start->flags & SERV_TYPE) && (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) && !(start->flags & SERV_LITERAL_ADDRESS)) { int fd; /* find server socket to use, may need to get random one. */ if (start->sfd) fd = start->sfd->fd; else { #ifdef HAVE_IPV6 if (start->addr.sa.sa_family == AF_INET6) { if (!forward->rfd6 && !(forward->rfd6 = allocate_rfd(AF_INET6))) break; daemon->rfd_save = forward->rfd6; fd = forward->rfd6->fd; } else #endif { if (!forward->rfd4 && !(forward->rfd4 = allocate_rfd(AF_INET))) break; daemon->rfd_save = forward->rfd4; fd = forward->rfd4->fd; } #ifdef HAVE_CONNTRACK /* Copy connection mark of incoming query to outgoing connection. */ if (option_bool(OPT_CONNTRACK)) { unsigned int mark; if (get_incoming_mark(udpaddr, dst_addr, 0, &mark)) setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int)); } #endif } if (sendto(fd, (char *)header, plen, 0, &start->addr.sa, sa_len(&start->addr)) == -1) { if (retry_send()) continue; } else { /* Keep info in case we want to re-send this packet */ daemon->srv_save = start; daemon->packet_len = plen; if (!gotname) strcpy(daemon->namebuff, "query"); if (start->addr.sa.sa_family == AF_INET) log_query(F_SERVER | F_IPV4 | F_FORWARD, daemon->namebuff, (struct all_addr *)&start->addr.in.sin_addr, NULL); #ifdef HAVE_IPV6 else log_query(F_SERVER | F_IPV6 | F_FORWARD, daemon->namebuff, (struct all_addr *)&start->addr.in6.sin6_addr, NULL); #endif start->queries++; forwarded = 1; forward->sentto = start; if (!forward->forwardall) break; forward->forwardall++; } } if (!(start = start->next)) start = daemon->servers; if (start == firstsentto) break; } if (forwarded) return 1; /* could not send on, prepare to return */ header->id = htons(forward->orig_id); free_frec(forward); /* cancel */ } /* could not send on, return empty answer or address if known for whole domain */ if (udpfd != -1) { plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl); send_from(udpfd, option_bool(OPT_NOWILD), (char *)header, plen, udpaddr, dst_addr, dst_iface); } return 0; }
ATF_TC_BODY(tsig_tcp, tc) { const dns_name_t *tsigowner = NULL; dns_fixedname_t fkeyname; dns_message_t *msg = NULL; dns_name_t *keyname; dns_tsig_keyring_t *ring = NULL; dns_tsigkey_t *key = NULL; isc_buffer_t *buf = NULL; isc_buffer_t *querytsig = NULL; isc_buffer_t *tsigin = NULL; isc_buffer_t *tsigout = NULL; isc_result_t result; unsigned char secret[16] = { 0 }; dst_context_t *tsigctx = NULL; dst_context_t *outctx = NULL; UNUSED(tc); result = dns_test_begin(stderr, ISC_TRUE); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); /* isc_log_setdebuglevel(lctx, 99); */ dns_fixedname_init(&fkeyname); keyname = dns_fixedname_name(&fkeyname); result = dns_name_fromstring(keyname, "test", 0, NULL); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); result = dns_tsigkeyring_create(mctx, &ring); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); result = dns_tsigkey_create(keyname, dns_tsig_hmacsha256_name, secret, sizeof(secret), ISC_FALSE, NULL, 0, 0, mctx, ring, &key); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); /* * Create request. */ result = isc_buffer_allocate(mctx, &buf, 65535); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); render(buf, 0, key, &tsigout, &querytsig, NULL); isc_buffer_free(&buf); /* * Create response message 1. */ result = isc_buffer_allocate(mctx, &buf, 65535); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); render(buf, DNS_MESSAGEFLAG_QR, key, &querytsig, &tsigout, NULL); /* * Process response message 1. */ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_create: %s", dns_result_totext(result)); result = dns_message_settsigkey(msg, key); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_settsigkey: %s", dns_result_totext(result)); result = dns_message_parse(msg, buf, 0); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_parse: %s", dns_result_totext(result)); printmessage(msg); result = dns_message_setquerytsig(msg, querytsig); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_setquerytsig: %s", dns_result_totext(result)); result = dns_tsig_verify(buf, msg, NULL, NULL); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_tsig_verify: %s", dns_result_totext(result)); ATF_CHECK_EQ(msg->verified_sig, 1); ATF_CHECK_EQ(msg->tsigstatus, dns_rcode_noerror); /* * Check that we have a TSIG in the first message. */ ATF_REQUIRE(dns_message_gettsig(msg, &tsigowner) != NULL); result = dns_message_getquerytsig(msg, mctx, &tsigin); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_getquerytsig: %s", dns_result_totext(result)); tsigctx = msg->tsigctx; msg->tsigctx = NULL; isc_buffer_free(&buf); dns_message_destroy(&msg); result = dst_context_create3(key->key, mctx, DNS_LOGCATEGORY_DNSSEC, ISC_FALSE, &outctx); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); /* * Start digesting. */ result = add_mac(outctx, tsigout); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); /* * Create response message 2. */ result = isc_buffer_allocate(mctx, &buf, 65535); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); render(buf, DNS_MESSAGEFLAG_QR, key, &tsigout, &tsigout, outctx); /* * Process response message 2. */ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_create: %s", dns_result_totext(result)); msg->tcp_continuation = 1; msg->tsigctx = tsigctx; tsigctx = NULL; result = dns_message_settsigkey(msg, key); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_settsigkey: %s", dns_result_totext(result)); result = dns_message_parse(msg, buf, 0); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_parse: %s", dns_result_totext(result)); printmessage(msg); result = dns_message_setquerytsig(msg, tsigin); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_setquerytsig: %s", dns_result_totext(result)); result = dns_tsig_verify(buf, msg, NULL, NULL); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_tsig_verify: %s", dns_result_totext(result)); ATF_CHECK_EQ(msg->verified_sig, 1); ATF_CHECK_EQ(msg->tsigstatus, dns_rcode_noerror); /* * Check that we don't have a TSIG in the second message. */ tsigowner = NULL; ATF_REQUIRE(dns_message_gettsig(msg, &tsigowner) == NULL); tsigctx = msg->tsigctx; msg->tsigctx = NULL; isc_buffer_free(&buf); dns_message_destroy(&msg); /* * Create response message 3. */ result = isc_buffer_allocate(mctx, &buf, 65535); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); render(buf, DNS_MESSAGEFLAG_QR, key, &tsigout, &tsigout, outctx); result = add_tsig(outctx, key, buf); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "add_tsig: %s", dns_result_totext(result)); /* * Process response message 3. */ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_create: %s", dns_result_totext(result)); msg->tcp_continuation = 1; msg->tsigctx = tsigctx; tsigctx = NULL; result = dns_message_settsigkey(msg, key); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_settsigkey: %s", dns_result_totext(result)); result = dns_message_parse(msg, buf, 0); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_parse: %s", dns_result_totext(result)); printmessage(msg); /* * Check that we had a TSIG in the third message. */ ATF_REQUIRE(dns_message_gettsig(msg, &tsigowner) != NULL); result = dns_message_setquerytsig(msg, tsigin); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_setquerytsig: %s", dns_result_totext(result)); result = dns_tsig_verify(buf, msg, NULL, NULL); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_tsig_verify: %s", dns_result_totext(result)); ATF_CHECK_EQ(msg->verified_sig, 1); ATF_CHECK_EQ(msg->tsigstatus, dns_rcode_noerror); if (tsigin != NULL) isc_buffer_free(&tsigin); result = dns_message_getquerytsig(msg, mctx, &tsigin); ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "dns_message_getquerytsig: %s", dns_result_totext(result)); isc_buffer_free(&buf); dns_message_destroy(&msg); if (outctx != NULL) dst_context_destroy(&outctx); if (querytsig != NULL) isc_buffer_free(&querytsig); if (tsigin != NULL) isc_buffer_free(&tsigin); if (tsigout != NULL) isc_buffer_free(&tsigout); if (buf != NULL) isc_buffer_free(&buf); if (msg != NULL) dns_message_destroy(&msg); if (key != NULL) dns_tsigkey_detach(&key); if (ring != NULL) dns_tsigkeyring_detach(&ring); dns_test_end(); }