ldns_pkt *
read_hex_pkt(char *filename)
{
uint8_t *wire;
size_t wiresize;
ldns_pkt *pkt = NULL;
ldns_status status = LDNS_STATUS_ERR;
wire = xmalloc(LDNS_MAX_PACKETLEN);
wiresize = packetbuffromfile(filename, wire);
if (wiresize > 0) {
status = ldns_wire2pkt(&pkt, wire, wiresize);
}
xfree(wire);
if (status == LDNS_STATUS_OK) {
return pkt;
} else {
fprintf(stderr, "Error parsing hex file: %s\n",
ldns_get_errorstr_by_id(status));
return NULL;
}
}
static char *
get_dns_string(netresolve_query_t query)
{
#ifdef USE_LDNS
const uint8_t *answer;
size_t length;
if (!(answer = netresolve_query_get_dns_answer(query, &length)))
return NULL;
ldns_pkt *pkt;
int status = ldns_wire2pkt(&pkt, answer, length);
if (status) {
fprintf(stderr, "ldns: %s", ldns_get_errorstr_by_id(status));
return NULL;
}
char *result = ldns_pkt2str(pkt);
ldns_pkt_free(pkt);
return result;
#else
return NULL;
#endif
}
DCPluginSyncFilterResult
dcplugin_sync_pre_filter(DCPlugin *dcplugin, DCPluginDNSPacket *dcp_packet)
{
uint8_t *new_packet;
ldns_rdf *edns_data;
ldns_pkt *packet;
size_t new_packet_size;
ldns_wire2pkt(&packet, dcplugin_get_wire_data(dcp_packet),
dcplugin_get_wire_data_len(dcp_packet));
edns_data = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX,
dcplugin_get_user_data(dcplugin));
ldns_pkt_set_edns_data(packet, edns_data);
ldns_pkt2wire(&new_packet, packet, &new_packet_size);
if (dcplugin_get_wire_data_max_len(dcp_packet) >= new_packet_size) {
dcplugin_set_wire_data(dcp_packet, new_packet, new_packet_size);
}
free(new_packet);
ldns_pkt_free(packet);
return DCP_SYNC_FILTER_RESULT_OK;
}
static DCPluginSyncFilterResult
empty_aaa_sync_pre(DCPlugin *dcplugin, DCPluginDNSPacket *dcp_packet)
{
ldns_pkt *packet;
ldns_rr_list *questions;
uint8_t *wire_data;
DCPluginSyncFilterResult result = DCP_SYNC_FILTER_RESULT_OK;
wire_data = dcplugin_get_wire_data(dcp_packet);
ldns_wire2pkt(&packet, wire_data, dcplugin_get_wire_data_len(dcp_packet));
if (packet == NULL) {
return DCP_SYNC_FILTER_RESULT_ERROR;
}
questions = ldns_pkt_question(packet);
if (ldns_rr_list_rr_count(questions) == (size_t) 1U &&
ldns_rr_get_type(ldns_rr_list_rr(questions,
(size_t) 0U)) == LDNS_RR_TYPE_AAAA) {
LDNS_QR_SET(wire_data);
LDNS_RA_SET(wire_data);
result = DCP_SYNC_FILTER_RESULT_DIRECT;
}
ldns_pkt_free(packet);
return result;
}
ldns_pkt *
read_hex_pkt(char *hex_data)
{
uint8_t *wire;
size_t wiresize;
ldns_status status = LDNS_STATUS_ERR;
ldns_pkt *pkt = NULL;
wire = malloc(LDNS_MAX_PACKETLEN);
wiresize = packetbuffromfile(hex_data, wire);
if (wiresize > 0) {
status = ldns_wire2pkt(&pkt, wire, wiresize);
}
free(wire);
if (status == LDNS_STATUS_OK) {
return pkt;
} else {
if (verbosity > 0) {
fprintf(stderr, "Parse error: %s\n", ldns_get_errorstr_by_id(status));
fprintf(stderr, "%s\n", hex_data);
}
return NULL;
}
}
DCPluginSyncFilterResult
dcplugin_sync_post_filter(DCPlugin *dcplugin, DCPluginDNSPacket *dcp_packet)
{
Blocking *blocking = dcplugin_get_user_data(dcplugin);
ldns_pkt *packet = NULL;
DCPluginSyncFilterResult result = DCP_SYNC_FILTER_RESULT_OK;
if (blocking->domains == NULL && blocking->ips == NULL) {
return DCP_SYNC_FILTER_RESULT_OK;
}
if (ldns_wire2pkt(&packet, dcplugin_get_wire_data(dcp_packet),
dcplugin_get_wire_data_len(dcp_packet))
!= LDNS_STATUS_OK) {
return DCP_SYNC_FILTER_RESULT_ERROR;
}
if (blocking->domains != NULL &&
(result = apply_block_domains(dcp_packet, blocking, packet)
!= DCP_SYNC_FILTER_RESULT_OK)) {
ldns_pkt_free(packet);
return result;
}
if (blocking->ips != NULL &&
(result = apply_block_ips(dcp_packet, blocking, packet)
!= DCP_SYNC_FILTER_RESULT_OK)) {
ldns_pkt_free(packet);
return result;
}
ldns_pkt_free(packet);
return DCP_SYNC_FILTER_RESULT_OK;
}
ldns_rr *
ldns_axfr_next(ldns_resolver *resolver)
{
ldns_rr *cur_rr;
uint8_t *packet_wire;
size_t packet_wire_size;
ldns_lookup_table *rcode;
ldns_status status;
/* check if start() has been called */
if (!resolver || resolver->_socket == 0) {
return NULL;
}
if (resolver->_cur_axfr_pkt) {
if (resolver->_axfr_i == ldns_pkt_ancount(resolver->_cur_axfr_pkt)) {
ldns_pkt_free(resolver->_cur_axfr_pkt);
resolver->_cur_axfr_pkt = NULL;
return ldns_axfr_next(resolver);
}
cur_rr = ldns_rr_clone(ldns_rr_list_rr(
ldns_pkt_answer(resolver->_cur_axfr_pkt),
resolver->_axfr_i));
resolver->_axfr_i++;
if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) {
resolver->_axfr_soa_count++;
if (resolver->_axfr_soa_count >= 2) {
close(resolver->_socket);
resolver->_socket = 0;
ldns_pkt_free(resolver->_cur_axfr_pkt);
resolver->_cur_axfr_pkt = NULL;
}
}
return cur_rr;
} else {
packet_wire = ldns_tcp_read_wire(resolver->_socket, &packet_wire_size);
if(!packet_wire)
return NULL;
status = ldns_wire2pkt(&resolver->_cur_axfr_pkt, packet_wire,
packet_wire_size);
free(packet_wire);
resolver->_axfr_i = 0;
if (status != LDNS_STATUS_OK) {
/* TODO: make status return type of this function (...api change) */
fprintf(stderr, "Error parsing rr during AXFR: %s\n", ldns_get_errorstr_by_id(status));
return NULL;
} else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) {
rcode = ldns_lookup_by_id(ldns_rcodes, (int) ldns_pkt_get_rcode(resolver->_cur_axfr_pkt));
fprintf(stderr, "Error in AXFR: %s\n", rcode->name);
return NULL;
} else {
return ldns_axfr_next(resolver);
}
}
}
/** check the packet and make sure that EDNS and DO and the type and RRSIG */
static int
check_packet(uint8_t* wire, size_t len, int tp)
{
ldns_pkt *p = NULL;
ldns_status s;
if( (s=ldns_wire2pkt(&p, wire, len)) != LDNS_STATUS_OK) {
if(verb) printf("error: %s\n", ldns_get_errorstr_by_id(s));
goto failed;
}
if(!p) {
if(verb) printf("error: out of memory\n");
goto failed;
}
/* does DNS work? */
if(ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
char* r = ldns_pkt_rcode2str(ldns_pkt_get_rcode(p));
if(verb) printf("no answer, %s\n", r?r:"(out of memory)");
LDNS_FREE(r);
goto failed;
}
/* test EDNS0 presence, of OPT record */
/* LDNS forgets during pkt parse, but we test the ARCOUNT;
* 0 additionals means no EDNS(on the wire), and after parsing the
* same additional RRs as before means no EDNS OPT */
if(LDNS_ARCOUNT(wire) == 0 ||
ldns_pkt_arcount(p) == LDNS_ARCOUNT(wire)) {
if(verb) printf("no EDNS\n");
goto failed;
}
/* test if the type, RRSIG present */
if(!check_type_in_answer(p, tp) ||
!check_type_in_answer(p, LDNS_RR_TYPE_RRSIG)) {
goto failed;
}
LDNS_FREE(wire);
ldns_pkt_free(p);
return 1;
failed:
LDNS_FREE(wire);
ldns_pkt_free(p);
return 0;
}
void dnspkt_proc (const char *bytes, uint16_t len, struct timeval ts, host_t *src, host_t *dst) {
ldns_pkt *pkt;
if (ldns_wire2pkt(&pkt, bytes, len) != LDNS_STATUS_OK) {
return;
}
if (ldns_pkt_get_opcode(pkt) != LDNS_PACKET_QUERY) goto done;
uint16_t i;
ldns_rr_list *rrlist;
if (ldns_pkt_qr(pkt) == 0) {
rrlist = ldns_pkt_question(pkt);
for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) {
dnspkt_printqry(ldns_rr_list_rr(rrlist, i), ts, src, dst);
}
} else {
dnspkt_printresp(pkt, ts, src, dst);
if (ldns_pkt_aa(pkt) == 0) goto done;
if (ldns_pkt_tc(pkt) == 1) goto done;
if (ldns_pkt_rd(pkt) == 1) goto done;
if (ldns_pkt_get_rcode(pkt) != LDNS_RCODE_NOERROR) goto done;
rrlist = ldns_pkt_answer(pkt);
for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) {
dnspkt_printrr(ldns_rr_list_rr(rrlist, i), ts, src, dst, 0);
}
rrlist = ldns_pkt_authority(pkt);
for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) {
dnspkt_printrr(ldns_rr_list_rr(rrlist, i), ts, src, dst, 1);
}
rrlist = ldns_pkt_additional(pkt);
for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) {
dnspkt_printrr(ldns_rr_list_rr(rrlist, i), ts, src, dst, 2);
}
}
done:
ldns_pkt_free(pkt);
}
int massdns_receive_packet(int socket, void (*handle_packet)(ldns_pkt *, struct sockaddr_storage, void *),
void *ctx)
{
uint8_t recvbuf[0xFFFF];
struct sockaddr_storage recvaddr;
socklen_t fromlen = sizeof(recvaddr);
ssize_t num_received = recvfrom(socket, recvbuf, sizeof(recvbuf), 0, (struct sockaddr *) &recvaddr, &fromlen);
if (num_received > 0)
{
ldns_pkt *packet;
if(LDNS_STATUS_OK != ldns_wire2pkt(&packet, recvbuf, (size_t)num_received))
{
// We have received a packet with an invalid format
return 1;
}
handle_packet(packet, recvaddr, ctx);
ldns_pkt_free(packet);
return 1;
}
return 0;
}
DCPluginSyncFilterResult
dcplugin_sync_post_filter(DCPlugin *dcplugin, DCPluginDNSPacket *dcp_packet)
{
Context *context = dcplugin_get_user_data(dcplugin);
ldns_pkt *packet;
DCPluginSyncFilterResult result = DCP_SYNC_FILTER_RESULT_OK;
if (context->blacklist == NULL) {
return DCP_SYNC_FILTER_RESULT_OK;
}
if (ldns_wire2pkt(&packet, dcplugin_get_wire_data(dcp_packet),
dcplugin_get_wire_data_len(dcp_packet)) != LDNS_STATUS_OK) {
return DCP_SYNC_FILTER_RESULT_ERROR;
}
if ((result = apply_block_ips(dcp_packet, context, packet)
!= DCP_SYNC_FILTER_RESULT_OK)) {
ldns_pkt_free(packet);
return result;
}
ldns_pkt_free(packet);
return DCP_SYNC_FILTER_RESULT_OK;
}
void dns_parser (packetinfo *pi) {
ldns_status status;
ldns_pkt *dns_pkt;
status = LDNS_STATUS_ERR;
/* In DNS tcp messages, the first 2 bytes signal the
* amount of data to expect. So we need to skip them in the read.
*/
if (pi->plen <= 2) return; /* The minimum bytes in a packet - else return */
if ( pi->af == AF_INET ) {
switch (pi->ip4->ip_p) {
case IP_PROTO_TCP:
status = ldns_wire2pkt(&dns_pkt,pi->payload + 2, pi->plen - 2);
break;
case IP_PROTO_UDP:
status = ldns_wire2pkt(&dns_pkt,pi->payload, pi->plen);
break;
default:
break;
}
} else if ( pi->af == AF_INET6 ) {
switch (pi->ip6->next) {
case IP_PROTO_TCP:
status = ldns_wire2pkt(&dns_pkt,pi->payload + 2, pi->plen - 2);
break;
case IP_PROTO_UDP:
status = ldns_wire2pkt(&dns_pkt,pi->payload, pi->plen);
break;
default:
break;
}
}
if (status != LDNS_STATUS_OK) {
dlog("[D] ldns_wire2pkt status: %d\n", status);
update_dns_stats(pi,ERROR);
return;
}
/* We dont want to process Truncated packets */
if (ldns_pkt_tc(dns_pkt)) {
dlog("[D] DNS packet with Truncated (TC) bit set! Skipping!\n");
ldns_pkt_free(dns_pkt);
update_dns_stats(pi,ERROR);
return;
}
/* we only care about answers when we record data */
if (ldns_pkt_qr(dns_pkt)) {
/* Answer must come from the server, and the client has to have sent a packet! */
if ( pi->sc != SC_SERVER || pi->cxt->s_total_pkts == 0 ) {
dlog("[D] DNS Answer without a Question?: Query TID = %d and Answer TID = %d\n",pi->cxt->plid,ldns_pkt_id(dns_pkt));
ldns_pkt_free(dns_pkt);
update_dns_stats(pi,ERROR);
return;
}
dlog("[D] DNS Answer\n");
/* Check the DNS TID */
if ( (pi->cxt->plid == ldns_pkt_id(dns_pkt)) ) {
dlog("[D] DNS Query TID match Answer TID: %d\n", pi->cxt->plid);
} else {
dlog("[D] DNS Query TID did not match Answer TID: %d != %d - Skipping!\n", pi->cxt->plid, ldns_pkt_id(dns_pkt));
ldns_pkt_free(dns_pkt);
update_dns_stats(pi,ERROR);
return;
}
/* From isc.org wording:
* We do not collect any of the query-response traffic that
* occurs when the client sets the RD or "Recursion Desired"
* bit to 1, that is, the traffic that occurs between DNS
* "stub" clients and the caching server itself, since only the
* traffic generated in response to a cache miss (RD bit set to 0)
* is strictly needed in order to build a passive DNS database.
*/
if (ldns_pkt_rd(dns_pkt)) {
dlog("[D] DNS packet with Recursion Desired (RD) bit set!\n");
/* Between DNS-server to DNS-server, we should drop this kind
* of traffic if we are thinking hardening and correctness!
* But for people trying this out in a corporate network etc,
* between a client and a DNS proxy, will need this most likely
* to see any traffic at all. In the future, this might be
* controlled by a cmdline switch.
*/
//ldns_pkt_free(decoded_dns);
//return;
}
if (!ldns_pkt_qdcount(dns_pkt)) {
/* no questions or answers */
dlog("[D] DNS packet did not contain a question. Skipping!\n");
ldns_pkt_free(dns_pkt);
update_dns_stats(pi,ERROR);
return;
}
// send it off for processing
if (process_dns_answer(pi, dns_pkt) < 0) {
dlog("[D] process_dns_answer() returned -1\n");
}
} else {
/* We need to get the DNS TID from the Query to later match with the
* DNS TID in the answer - to harden the implementation.
*/
/* Question must come from the client (and the server should not have sent a packet). */
if ( pi->sc != SC_CLIENT ) {
dlog("[D] DNS Query not from a client? Skipping!\n");
ldns_pkt_free(dns_pkt);
update_dns_stats(pi,ERROR);
return;
}
/* Check for reuse of a session and a hack for
* no timeout of sessions when reading pcaps atm. :/
* 60 Secs are default UDP timeout in cxt, and should
* be enough for a TCP session of DNS too.
*/
if ( (pi->cxt->plid != 0 && pi->cxt->plid != ldns_pkt_id(dns_pkt)) && ((pi->cxt->last_pkt_time - pi->cxt->start_time) <= 60) ) {
dlog("[D] DNS Query on an established DNS session - TID: Old:%d New:%d\n", pi->cxt->plid, ldns_pkt_id(dns_pkt));
/* Some clients have bad or strange random src
* port generator and will gladly reuse the same
* src port several times in a short time period.
* To implment this fully, each cxt should be include
* the TID in its tuple, but still this will make a mess :/
*/
} else {
dlog("[D] New DNS Query\n");
}
if (!ldns_pkt_qdcount(dns_pkt)) {
/* no questions or answers */
dlog("[D] DNS Query packet did not contain a question? Skipping!\n");
ldns_pkt_free(dns_pkt);
update_dns_stats(pi,ERROR);
return;
}
if ( (pi->cxt->plid = ldns_pkt_id(dns_pkt)) ) {
dlog("[D] DNS Query with TID = %d\n", pi->cxt->plid);
} else {
dlog("[E] Error getting DNS TID from Query!\n");
ldns_pkt_free(dns_pkt);
update_dns_stats(pi,ERROR);
return;
}
/* For hardening, we can extract the query and add it to the cxt
* and then check it later in the answer, that they match.
*/
/*
if (update_query_cxt(pi, dns_pkt) < 0) {
dlog("[D] update_query_cxt() returned -1\n");
}
*/
}
ldns_pkt_free(dns_pkt);
}
int
main(int argc, char **argv)
{
/* arguments */
int port;
int soa;
ldns_rdf *zone_name;
size_t count;
size_t maxcount;
/* network */
int sock;
ssize_t nb;
struct sockaddr addr_me;
struct sockaddr addr_him;
socklen_t hislen = sizeof(addr_him);
const char *my_address;
uint8_t inbuf[INBUF_SIZE];
uint8_t *outbuf;
/* dns */
ldns_status status;
ldns_pkt *query_pkt;
ldns_pkt *answer_pkt;
size_t answer_size;
ldns_rr *query_rr;
ldns_rr *rr;
char rr_string[MAX_LEN + 1];
ldns_rr *soa_rr;
char soa_string[MAX_LEN + 1];
/* use this to listen on specified interfaces later? */
my_address = NULL;
if(argc == 5) {
/* -# num given */
if (argv[1][0] == '-') {
maxcount = atoi(argv[1] + 1);
if (maxcount == 0) {
usage(stdout);
exit(EXIT_FAILURE);
} else {
fprintf(stderr, "quiting after %d qs\n", (int)maxcount);
}
} else {
fprintf(stderr, "Use -Number for max count\n");
exit(EXIT_FAILURE);
}
argc--;
argv++;
} else {
maxcount = 0;
}
if (argc != 4) {
usage(stdout);
exit(EXIT_FAILURE);
} else {
port = atoi(argv[1]);
if (port < 1) {
fprintf(stderr, "Use a number for the port\n");
usage(stdout);
exit(EXIT_FAILURE);
}
zone_name = ldns_dname_new_frm_str(argv[2]);
if (!zone_name) {
fprintf(stderr, "Illegal domain name: %s\n", argv[2]);
usage(stdout);
exit(EXIT_FAILURE);
}
soa = atoi(argv[3]);
if (soa < 1) {
fprintf(stderr, "Illegal soa number\n");
usage(stdout);
exit(EXIT_FAILURE);
}
}
printf("Listening on port %d\n", port);
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
fprintf(stderr, "%s: socket(): %s\n", argv[0], strerror(errno));
exit(EXIT_FAILURE);
}
memset(&addr_me, 0, sizeof(addr_me));
/* bind: try all ports in that range */
if (udp_bind(sock, port, my_address)) {
fprintf(stderr, "%s: cannot bind(): %s\n", argv[0], strerror(errno));
}
/* create our ixfr answer */
answer_pkt = ldns_pkt_new();
snprintf(rr_string, MAX_LEN, "%s IN IXFR", argv[2]);
(void)ldns_rr_new_frm_str(&rr, rr_string , 0, NULL, NULL);
(void)ldns_pkt_push_rr(answer_pkt, LDNS_SECTION_QUESTION, rr);
/* next add some rrs, with SOA stuff so that we mimic or ixfr reply */
snprintf(soa_string, MAX_LEN, "%s IN SOA miek.miek.nl elektron.atoom.net %d 1 2 3000 4",
argv[2], soa);
(void)ldns_rr_new_frm_str(&soa_rr, soa_string, 0, NULL, NULL);
snprintf(rr_string, MAX_LEN, "%s IN A 127.0.0.1", argv[2]);
(void)ldns_rr_new_frm_str(&rr, rr_string , 0, NULL, NULL);
/* compose the ixfr pkt */
(void)ldns_pkt_push_rr(answer_pkt, LDNS_SECTION_ANSWER, soa_rr);
(void)ldns_pkt_push_rr(answer_pkt, LDNS_SECTION_ANSWER, rr);
(void)ldns_pkt_push_rr(answer_pkt, LDNS_SECTION_ANSWER, soa_rr);
/* Done. Now receive */
count = 0;
while (1) {
nb = recvfrom(sock, inbuf, INBUF_SIZE, 0, &addr_him, &hislen);
if (nb < 1) {
fprintf(stderr, "%s: recvfrom(): %s\n",
argv[0], strerror(errno));
exit(EXIT_FAILURE);
}
printf("Got query of %d bytes\n", (int)nb);
status = ldns_wire2pkt(&query_pkt, inbuf, nb);
if (status != LDNS_STATUS_OK) {
printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status));
continue;
}
query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0);
printf("%d QUERY RR +%d: \n", (int)++count, ldns_pkt_id(query_pkt));
ldns_rr_print(stdout, query_rr);
ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt));
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
printf("Answer packet size: %u bytes.\n", (unsigned int) answer_size);
if (status != LDNS_STATUS_OK) {
printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
} else {
nb = (size_t) sendto(sock, outbuf, answer_size, 0, &addr_him, hislen);
}
if (maxcount > 0 && count >= maxcount) {
fprintf(stderr, "%d queries seen... goodbye\n", (int)count);
exit(EXIT_SUCCESS);
}
}
return 0;
}
int
main(int argc, char **argv)
{
/* arguments */
int port;
const char *zone_file;
/* network */
int sock;
ssize_t nb;
struct sockaddr addr_me;
struct sockaddr addr_him;
socklen_t hislen = (socklen_t) sizeof(addr_him);
uint8_t inbuf[INBUF_SIZE];
uint8_t *outbuf;
/* dns */
ldns_status status;
ldns_pkt *query_pkt;
ldns_pkt *answer_pkt;
size_t answer_size;
ldns_rr *query_rr;
ldns_rr_list *answer_qr;
ldns_rr_list *answer_an;
ldns_rr_list *answer_ns;
ldns_rr_list *answer_ad;
ldns_rdf *origin = NULL;
/* zone */
ldns_zone *zone;
int line_nr;
FILE *zone_fp;
/* use this to listen on specified interfaces later? */
char *my_address = NULL;
if (argc < 5) {
usage(stderr);
exit(EXIT_FAILURE);
} else {
my_address = argv[1];
port = atoi(argv[2]);
if (port < 1) {
usage(stderr);
exit(EXIT_FAILURE);
}
if (ldns_str2rdf_dname(&origin, argv[3]) != LDNS_STATUS_OK) {
fprintf(stderr, "Bad origin, not a correct domain name\n");
usage(stderr);
exit(EXIT_FAILURE);
}
zone_file = argv[4];
}
printf("Reading zone file %s\n", zone_file);
zone_fp = fopen(zone_file, "r");
if (!zone_fp) {
fprintf(stderr, "Unable to open %s: %s\n", zone_file, strerror(errno));
exit(EXIT_FAILURE);
}
line_nr = 0;
status = ldns_zone_new_frm_fp_l(&zone, zone_fp, origin, 0, LDNS_RR_CLASS_IN, &line_nr);
if (status != LDNS_STATUS_OK) {
printf("Zone reader failed, aborting\n");
exit(EXIT_FAILURE);
} else {
printf("Read %u resource records in zone file\n", (unsigned int) ldns_zone_rr_count(zone));
}
fclose(zone_fp);
printf("Listening on port %d\n", port);
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
fprintf(stderr, "%s: socket(): %s\n", argv[0], strerror(errno));
exit(1);
}
memset(&addr_me, 0, sizeof(addr_me));
/* bind: try all ports in that range */
if (udp_bind(sock, port, my_address)) {
fprintf(stderr, "%s: cannot bind(): %s\n", argv[0], strerror(errno));
exit(errno);
}
/* Done. Now receive */
while (1) {
nb = recvfrom(sock, (void*)inbuf, INBUF_SIZE, 0,
&addr_him, &hislen);
if (nb < 1) {
fprintf(stderr, "%s: recvfrom(): %s\n",
argv[0], strerror(errno));
exit(1);
}
/*
show(inbuf, nb, nn, hp, sp, ip, bp);
*/
printf("Got query of %u bytes\n", (unsigned int) nb);
status = ldns_wire2pkt(&query_pkt, inbuf, (size_t) nb);
if (status != LDNS_STATUS_OK) {
printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status));
} else {
ldns_pkt_print(stdout, query_pkt);
}
query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0);
printf("QUERY RR: \n");
ldns_rr_print(stdout, query_rr);
answer_qr = ldns_rr_list_new();
ldns_rr_list_push_rr(answer_qr, ldns_rr_clone(query_rr));
answer_an = get_rrset(zone, ldns_rr_owner(query_rr), ldns_rr_get_type(query_rr), ldns_rr_get_class(query_rr));
answer_pkt = ldns_pkt_new();
answer_ns = ldns_rr_list_new();
answer_ad = ldns_rr_list_new();
ldns_pkt_set_qr(answer_pkt, 1);
ldns_pkt_set_aa(answer_pkt, 1);
ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt));
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_QUESTION, answer_qr);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ANSWER, answer_an);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_AUTHORITY, answer_ns);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ADDITIONAL, answer_ad);
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
printf("Answer packet size: %u bytes.\n", (unsigned int) answer_size);
if (status != LDNS_STATUS_OK) {
printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
} else {
nb = sendto(sock, (void*)outbuf, answer_size, 0,
&addr_him, hislen);
}
ldns_pkt_free(query_pkt);
ldns_pkt_free(answer_pkt);
LDNS_FREE(outbuf);
ldns_rr_list_free(answer_qr);
ldns_rr_list_free(answer_an);
ldns_rr_list_free(answer_ns);
ldns_rr_list_free(answer_ad);
}
/* No cleanup because of the infinite loop
*
* ldns_rdf_deep_free(origin);
* ldns_zone_deep_free(zone);
* return 0;
*/
}
ldns_rr *
ldns_axfr_next(ldns_resolver *resolver)
{
ldns_rr *cur_rr;
uint8_t *packet_wire;
size_t packet_wire_size;
ldns_lookup_table *rcode;
ldns_status status;
/* check if start() has been called */
if (!resolver || resolver->_socket == 0) {
return NULL;
}
if (resolver->_cur_axfr_pkt) {
if (resolver->_axfr_i == ldns_pkt_ancount(resolver->_cur_axfr_pkt)) {
ldns_pkt_free(resolver->_cur_axfr_pkt);
resolver->_cur_axfr_pkt = NULL;
return ldns_axfr_next(resolver);
}
cur_rr = ldns_rr_clone(ldns_rr_list_rr(
ldns_pkt_answer(resolver->_cur_axfr_pkt),
resolver->_axfr_i));
resolver->_axfr_i++;
if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) {
resolver->_axfr_soa_count++;
if (resolver->_axfr_soa_count >= 2) {
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
ldns_pkt_free(resolver->_cur_axfr_pkt);
resolver->_cur_axfr_pkt = NULL;
}
}
return cur_rr;
} else {
packet_wire = ldns_tcp_read_wire(resolver->_socket, &packet_wire_size);
if(!packet_wire)
return NULL;
status = ldns_wire2pkt(&resolver->_cur_axfr_pkt, packet_wire,
packet_wire_size);
free(packet_wire);
resolver->_axfr_i = 0;
if (status != LDNS_STATUS_OK) {
/* TODO: make status return type of this function (...api change) */
fprintf(stderr, "Error parsing rr during AXFR: %s\n", ldns_get_errorstr_by_id(status));
/* RoRi: we must now also close the socket, otherwise subsequent uses of the
same resolver structure will fail because the link is still open or
in an undefined state */
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
return NULL;
} else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) {
rcode = ldns_lookup_by_id(ldns_rcodes, (int) ldns_pkt_get_rcode(resolver->_cur_axfr_pkt));
fprintf(stderr, "Error in AXFR: %s\n", rcode->name);
/* RoRi: we must now also close the socket, otherwise subsequent uses of the
same resolver structure will fail because the link is still open or
in an undefined state */
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
return NULL;
} else {
return ldns_axfr_next(resolver);
}
}
}
/**
* Process query.
*
*/
query_state
query_process(query_type* q, void* engine)
{
ldns_status status = LDNS_STATUS_OK;
ldns_pkt* pkt = NULL;
ldns_rr* rr = NULL;
ldns_pkt_rcode rcode = LDNS_RCODE_NOERROR;
ldns_pkt_opcode opcode = LDNS_PACKET_QUERY;
ldns_rr_type qtype = LDNS_RR_TYPE_SOA;
engine_type* e = (engine_type*) engine;
ods_log_assert(e);
ods_log_assert(q);
ods_log_assert(q->buffer);
if (!e || !q || !q->buffer) {
ods_log_error("[%s] drop query: assertion error", query_str);
return QUERY_DISCARDED; /* should not happen */
}
if (buffer_limit(q->buffer) < BUFFER_PKT_HEADER_SIZE) {
ods_log_debug("[%s] drop query: packet too small", query_str);
return QUERY_DISCARDED; /* too small */
}
if (buffer_pkt_qr(q->buffer)) {
ods_log_debug("[%s] drop query: qr bit set", query_str);
return QUERY_DISCARDED; /* not a query */
}
/* parse packet */
status = ldns_wire2pkt(&pkt, buffer_current(q->buffer),
buffer_remaining(q->buffer));
if (status != LDNS_STATUS_OK) {
ods_log_debug("[%s] got bad packet: %s", query_str,
ldns_get_errorstr_by_id(status));
return query_formerr(q);
}
rr = ldns_rr_list_rr(ldns_pkt_question(pkt), 0);
lock_basic_lock(&e->zonelist->zl_lock);
/* we can just lookup the zone, because we will only handle SOA queries,
zone transfers, updates and notifies */
q->zone = zonelist_lookup_zone_by_dname(e->zonelist, ldns_rr_owner(rr),
ldns_rr_get_class(rr));
/* don't answer for zones that are just added */
if (q->zone && q->zone->zl_status == ZONE_ZL_ADDED) {
ods_log_warning("[%s] zone %s just added, don't answer for now",
query_str, q->zone->name);
q->zone = NULL;
}
lock_basic_unlock(&e->zonelist->zl_lock);
if (!q->zone) {
ods_log_debug("[%s] zone not found", query_str);
return query_servfail(q);
}
/* see if it is tsig signed */
if (!query_find_tsig(q)) {
return query_formerr(q);
}
/* else: valid tsig, or no tsig present */
ods_log_debug("[%s] tsig %s", query_str, tsig_status2str(q->tsig_rr->status));
rcode = query_process_tsig(q);
if (rcode != LDNS_RCODE_NOERROR) {
return query_error(q, rcode);
}
/* process edns */
rcode = query_process_edns(q);
if (rcode != LDNS_RCODE_NOERROR) {
/* We should not return FORMERR, but BADVERS (=16).
* BADVERS is created with Ext. RCODE, followed by RCODE.
* Ext. RCODE is set to 1, RCODE must be 0 (getting 0x10 = 16).
* Thus RCODE = NOERROR = NSD_RC_OK. */
return query_error(q, LDNS_RCODE_NOERROR);
}
/* handle incoming request */
opcode = ldns_pkt_get_opcode(pkt);
qtype = ldns_rr_get_type(rr);
ldns_pkt_free(pkt);
switch (opcode) {
case LDNS_PACKET_NOTIFY:
return query_process_notify(q, qtype, engine);
case LDNS_PACKET_QUERY:
return query_process_query(q, qtype, engine);
case LDNS_PACKET_UPDATE:
return query_process_update(q);
default:
break;
}
return query_notimpl(q);
}
/*
* Parses data buffer to a query, finds the correct answer
* and calls the given function for every packet to send.
*/
void
handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count,
enum transport_type transport, void (*sendfunc)(uint8_t*, size_t, void*),
void* userdata, FILE* verbose_out)
{
ldns_status status;
ldns_pkt *query_pkt = NULL;
ldns_pkt *answer_pkt = NULL;
struct reply_packet *p;
ldns_rr *query_rr = NULL;
uint8_t *outbuf = NULL;
size_t answer_size = 0;
struct entry* entry = NULL;
ldns_rdf *stop_command = ldns_dname_new_frm_str("server.stop.");
status = ldns_wire2pkt(&query_pkt, inbuf, (size_t)inlen);
if (status != LDNS_STATUS_OK) {
verbose(1, "Got bad packet: %s\n", ldns_get_errorstr_by_id(status));
ldns_rdf_free(stop_command);
return;
}
query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0);
verbose(1, "query %d: id %d: %s %d bytes: ", ++(*count), (int)ldns_pkt_id(query_pkt),
(transport==transport_tcp)?"TCP":"UDP", (int)inlen);
if(verbose_out) ldns_rr_print(verbose_out, query_rr);
if(verbose_out) ldns_pkt_print(verbose_out, query_pkt);
if (ldns_rr_get_type(query_rr) == LDNS_RR_TYPE_TXT &&
ldns_rr_get_class(query_rr) == LDNS_RR_CLASS_CH &&
ldns_dname_compare(ldns_rr_owner(query_rr), stop_command) == 0) {
exit(0);
}
/* fill up answer packet */
entry = find_match(entries, query_pkt, transport);
if(!entry || !entry->reply_list) {
verbose(1, "no answer packet for this query, no reply.\n");
ldns_pkt_free(query_pkt);
ldns_rdf_free(stop_command);
return;
}
for(p = entry->reply_list; p; p = p->next)
{
verbose(3, "Answer pkt:\n");
if (p->reply_from_hex) {
/* try to parse the hex packet, if it can be
* parsed, we can use adjust rules. if not,
* send packet literally */
status = ldns_buffer2pkt_wire(&answer_pkt, p->reply_from_hex);
if (status == LDNS_STATUS_OK) {
adjust_packet(entry, answer_pkt, query_pkt);
if(verbose_out) ldns_pkt_print(verbose_out, answer_pkt);
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
verbose(2, "Answer packet size: %u bytes.\n", (unsigned int)answer_size);
if (status != LDNS_STATUS_OK) {
verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
ldns_pkt_free(query_pkt);
ldns_rdf_free(stop_command);
return;
}
ldns_pkt_free(answer_pkt);
answer_pkt = NULL;
} else {
verbose(3, "Could not parse hex data (%s), sending hex data directly.\n", ldns_get_errorstr_by_id(status));
/* still try to adjust ID */
answer_size = ldns_buffer_capacity(p->reply_from_hex);
outbuf = LDNS_XMALLOC(uint8_t, answer_size);
memcpy(outbuf, ldns_buffer_export(p->reply_from_hex), answer_size);
if(entry->copy_id) {
ldns_write_uint16(outbuf,
ldns_pkt_id(query_pkt));
}
}
} else {
answer_pkt = ldns_pkt_clone(p->reply);
adjust_packet(entry, answer_pkt, query_pkt);
if(verbose_out) ldns_pkt_print(verbose_out, answer_pkt);
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
verbose(1, "Answer packet size: %u bytes.\n", (unsigned int)answer_size);
if (status != LDNS_STATUS_OK) {
verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
ldns_pkt_free(query_pkt);
ldns_rdf_free(stop_command);
return;
}
ldns_pkt_free(answer_pkt);
answer_pkt = NULL;
}
if(p->packet_sleep) {
verbose(3, "sleeping for next packet %d secs\n",
p->packet_sleep);
#ifdef HAVE_SLEEP
sleep(p->packet_sleep);
#else
Sleep(p->packet_sleep * 1000);
#endif
verbose(3, "wakeup for next packet "
"(slept %d secs)\n", p->packet_sleep);
}
sendfunc(outbuf, answer_size, userdata);
LDNS_FREE(outbuf);
outbuf = NULL;
answer_size = 0;
}
ldns_pkt_free(query_pkt);
ldns_rdf_free(stop_command);
}
static void
notify_host(int s, struct addrinfo* res, uint8_t* wire, size_t wiresize,
const char* addrstr)
{
int timeout_retry = 5; /* seconds */
int num_retry = max_num_retry;
#ifndef S_SPLINT_S
fd_set rfds;
#endif
struct timeval tv;
int retval = 0;
ssize_t received = 0;
int got_ack = 0;
socklen_t addrlen = 0;
uint8_t replybuf[2048];
ldns_status status;
ldns_pkt* pkt = NULL;
while(!got_ack) {
/* send it */
if(sendto(s, (void*)wire, wiresize, 0,
res->ai_addr, res->ai_addrlen) == -1) {
printf("warning: send to %s failed: %s\n",
addrstr, strerror(errno));
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
return;
}
/* wait for ACK packet */
#ifndef S_SPLINT_S
FD_ZERO(&rfds);
FD_SET(s, &rfds);
tv.tv_sec = timeout_retry; /* seconds */
#endif
tv.tv_usec = 0; /* microseconds */
retval = select(s + 1, &rfds, NULL, NULL, &tv);
if (retval == -1) {
printf("error waiting for reply from %s: %s\n",
addrstr, strerror(errno));
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
return;
}
if(retval == 0) {
num_retry--;
if(num_retry == 0) {
printf("error: failed to send notify to %s.\n",
addrstr);
exit(1);
}
printf("timeout (%d s) expired, retry notify to %s.\n",
timeout_retry, addrstr);
}
if (retval == 1) {
got_ack = 1;
}
}
/* got reply */
addrlen = res->ai_addrlen;
received = recvfrom(s, (void*)replybuf, sizeof(replybuf), 0,
res->ai_addr, &addrlen);
res->ai_addrlen = addrlen;
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
if (received == -1) {
printf("recv %s failed: %s\n", addrstr, strerror(errno));
return;
}
/* check reply */
status = ldns_wire2pkt(&pkt, replybuf, (size_t)received);
if(status != LDNS_STATUS_OK) {
ssize_t i;
printf("Could not parse reply packet: %s\n",
ldns_get_errorstr_by_id(status));
if (verbose > 1) {
printf("hexdump of reply: ");
for(i=0; i<received; i++)
printf("%02x", (unsigned)replybuf[i]);
printf("\n");
}
exit(1);
}
if(verbose) {
ssize_t i;
printf("# reply from %s:\n", addrstr);
ldns_pkt_print(stdout, pkt);
if (verbose > 1) {
printf("hexdump of reply: ");
for(i=0; i<received; i++)
printf("%02x", (unsigned)replybuf[i]);
printf("\n");
}
}
ldns_pkt_free(pkt);
}
/** pretty line of output for results */
static void
pretty_output(char* q, int t, int c, struct ub_result* result, int docname)
{
int i;
const char *secstatus = secure_str(result);
char tstr[16];
char cstr[16];
char rcodestr[16];
pretty_type(tstr, 16, t);
pretty_class(cstr, 16, c);
pretty_rcode(rcodestr, 16, result->rcode);
if(!result->havedata && result->rcode) {
printf("Host %s not found: %d(%s).",
q, result->rcode, rcodestr);
if(verb > 0)
printf(" %s", secstatus);
printf("\n");
if(result->bogus && result->why_bogus)
printf("%s\n", result->why_bogus);
return;
}
if(docname && result->canonname &&
result->canonname != result->qname) {
printf("%s is an alias for %s", result->qname,
result->canonname);
if(verb > 0)
printf(" %s", secstatus);
printf("\n");
}
/* remove trailing . from long canonnames for nicer output */
if(result->canonname && strlen(result->canonname) > 1 &&
result->canonname[strlen(result->canonname)-1] == '.')
result->canonname[strlen(result->canonname)-1] = 0;
if(!result->havedata) {
if(verb > 0) {
printf("%s", result->canonname?result->canonname:q);
if(strcmp(cstr, "IN") != 0)
printf(" in class %s", cstr);
if(t == LDNS_RR_TYPE_A)
printf(" has no address");
else if(t == LDNS_RR_TYPE_AAAA)
printf(" has no IPv6 address");
else if(t == LDNS_RR_TYPE_PTR)
printf(" has no domain name ptr");
else if(t == LDNS_RR_TYPE_MX)
printf(" has no mail handler record");
else if(t == LDNS_RR_TYPE_ANY) {
ldns_pkt* p = NULL;
if(ldns_wire2pkt(&p, result->answer_packet,
(size_t)result->answer_len)==LDNS_STATUS_OK){
if(ldns_rr_list_rr_count(
ldns_pkt_answer(p)) == 0)
printf(" has no records\n");
else {
printf(" ANY:\n");
ldns_rr_list_print(stdout,
ldns_pkt_answer(p));
}
} else {
fprintf(stderr, "could not parse "
"reply packet to ANY query\n");
exit(1);
}
ldns_pkt_free(p);
} else printf(" has no %s record", tstr);
printf(" %s\n", secstatus);
}
/* else: emptiness to indicate no data */
if(result->bogus && result->why_bogus)
printf("%s\n", result->why_bogus);
return;
}
i=0;
while(result->data[i])
{
pretty_rdata(
result->canonname?result->canonname:q,
cstr, tstr, t, secstatus, result->data[i],
(size_t)result->len[i]);
i++;
}
if(result->bogus && result->why_bogus)
printf("%s\n", result->why_bogus);
}
void* run_server(void* data) {
timeout_thread_data* tdata = (timeout_thread_data*)data;
int fd;
struct sockaddr_in serv_addr;
uint8_t mesg[65536];
fd_set read_fds;
ldns_rdf* answerfrom;
ldns_resolver* resolver;
int num_received = 0;
queued_response responses[10];
ldns_resolver_new_frm_file(&resolver, NULL);
fd=socket(AF_INET,SOCK_DGRAM,0);
memset(&serv_addr, 0, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr=htonl(INADDR_ANY);
serv_addr.sin_port=htons(tdata->port);
bind(fd,(struct sockaddr *)&serv_addr,sizeof(serv_addr));
/* signal that it's listening */
/* dirty timing hack to yield */
sleep(1);
tdata->running = 1;
/* queue up query responses to send out, and delay sending them
* for a second */
while (tdata->running) {
struct sockaddr_in client_addr;
FD_ZERO(&read_fds);
FD_SET(fd, &read_fds);
struct timeval tv;
tv.tv_sec = 1;
tv.tv_usec = 0;
int r = select(fd + 1, &read_fds, NULL, NULL, &tv);
if (r > 0 && num_received < 10) {
ldns_pkt* query;
socklen_t len = sizeof(client_addr);
int n = recvfrom(fd,mesg,65536,0,(struct sockaddr *)&(responses[num_received].client_addr),&len);
ldns_wire2pkt(&query, mesg, n);
ldns_resolver_send_pkt(&(responses[num_received].pkt), resolver, query);
ldns_str2rdf_a(&answerfrom, "127.0.0.1");
ldns_pkt_set_answerfrom(responses[num_received].pkt, answerfrom);
ldns_pkt_free(query);
++num_received;
} else if (r == 0 && num_received > 0) {
int i = 0;
/* timeout - see if we have anything to send */
for (i = 0; i < num_received; ++i) {
uint8_t* pkt_data;
size_t pkt_len;
ldns_pkt* answer = responses[i].pkt;
ldns_pkt2wire(&pkt_data, answer, &pkt_len);
sendto(fd,pkt_data,pkt_len,0,(struct sockaddr *)&(responses[i].client_addr),sizeof(client_addr));
free(pkt_data);
ldns_pkt_free(answer);
}
num_received = 0;
}
}
ldns_resolver_deep_free(resolver);
return NULL;
}
int output_cbor(iaddr from, iaddr to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, const u_char *payload, size_t payloadlen) {
ldns_pkt *pkt = 0;
ldns_status ldns_rc;
if (!payload) {
return DUMP_CBOR_EINVAL;
}
if (!payloadlen) {
return DUMP_CBOR_EINVAL;
}
/* if (!cbor_stringrefs) {*/
/* cbor_stringrefs = calloc(1, cbor_stringref_size);*/
/* }*/
if (!cbor_buf) {
if (!(cbor_buf = calloc(1, cbor_size + cbor_reserve))) {
return DUMP_CBOR_ENOMEM;
}
}
if (cbor_flushed) {
CborError cbor_err;
cbor_encoder_init(&cbor_root, cbor_buf, cbor_size, 0);
/* cbor_err = cbor_encode_tag(&cbor_root, 256);*/
/* if (cbor_err == CborNoError)*/
cbor_err = cbor_encoder_create_array(&cbor_root, &cbor_pkts, CborIndefiniteLength);
if (cbor_err != CborNoError) {
fprintf(stderr, "cbor init error[%d]: %s\n", cbor_err, cbor_error_string(cbor_err));
return DUMP_CBOR_ECBOR;
}
cbor_flushed = 0;
}
ldns_rc = ldns_wire2pkt(&pkt, payload, payloadlen);
if (ldns_rc != LDNS_STATUS_OK) {
fprintf(stderr, "ldns error [%d]: %s\n", ldns_rc, ldns_get_errorstr_by_id(ldns_rc));
return DUMP_CBOR_ELDNS;
}
if (!pkt) {
return DUMP_CBOR_ELDNS;
}
CborEncoder cbor, ip;
CborError cbor_err = CborNoError;
int should_flush = 0;
cbor_err = append_cbor_map(&cbor_pkts, &cbor, CborIndefiniteLength, &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "dateSeconds", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_double(&cbor, (double)ts.tv_sec + ( (double)ts.tv_usec / 1000000 ), &should_flush);
/* if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "dateNanoFractions", &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ts.tv_usec * 1000, &should_flush);*/
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "ip", &should_flush);
/* if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, proto, &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "sourceIpAddress", &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, ia_str(from), &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "sourcePort", &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, sport, &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "destinationIpAddress", &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, ia_str(to), &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "destinationPort", &should_flush);*/
/* if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, dport, &should_flush);*/
if (cbor_err == CborNoError) cbor_err = append_cbor_array(&cbor, &ip, CborIndefiniteLength, &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&ip, proto, &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&ip, ia_str(from), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&ip, sport, &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&ip, ia_str(to), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&ip, dport, &should_flush);
if (cbor_err == CborNoError) cbor_err = close_cbor_container(&cbor, &ip, &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "ID", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_pkt_id(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "QR", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_boolean(&cbor, ldns_pkt_qr(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "Opcode", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_pkt_get_opcode(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "AA", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_boolean(&cbor, ldns_pkt_aa(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "TC", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_boolean(&cbor, ldns_pkt_tc(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "RD", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_boolean(&cbor, ldns_pkt_rd(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "RA", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_boolean(&cbor, ldns_pkt_ra(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "AD", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_boolean(&cbor, ldns_pkt_ad(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "CD", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_boolean(&cbor, ldns_pkt_cd(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "RCODE", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_pkt_get_rcode(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "QDCOUNT", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_pkt_qdcount(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "ANCOUNT", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_pkt_ancount(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "NSCOUNT", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_pkt_nscount(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "ARCOUNT", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_pkt_arcount(pkt), &should_flush);
/* questionRRs */
if (ldns_pkt_qdcount(pkt) > 0) {
ldns_rr_list *list = ldns_pkt_question(pkt);
ldns_rr *rr;
size_t n, qdcount = ldns_pkt_qdcount(pkt);
ldns_buffer *dname;
char *dname_str;
if (!list) {
ldns_pkt_free(pkt);
return DUMP_CBOR_ELDNS;
}
rr = ldns_rr_list_rr(list, 0);
if (!rr) {
ldns_pkt_free(pkt);
return DUMP_CBOR_ELDNS;
}
if (!(dname = ldns_buffer_new(512))) {
ldns_pkt_free(pkt);
return DUMP_CBOR_ENOMEM;
}
if (ldns_rdf2buffer_str_dname(dname, ldns_rr_owner(rr)) != LDNS_STATUS_OK) {
ldns_buffer_free(dname);
ldns_pkt_free(pkt);
return DUMP_CBOR_ELDNS;
}
ldns_buffer_write_u8(dname, 0);
if (!(dname_str = ldns_buffer_export(dname))) {
ldns_buffer_free(dname);
ldns_pkt_free(pkt);
return DUMP_CBOR_ENOMEM;
}
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "QNAME", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, dname_str, &should_flush);
free(dname_str);
ldns_buffer_free(dname);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "QCLASS", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_rr_get_class(rr), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "QTYPE", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor, ldns_rr_get_type(rr), &should_flush);
if (qdcount > 1) {
CborEncoder queries;
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "questionRRs", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_array(&cbor, &queries, CborIndefiniteLength, &should_flush);
for (n = 1; cbor_err == CborNoError && n < qdcount; n++) {
CborEncoder query;
rr = ldns_rr_list_rr(list, n);
if (!rr) {
ldns_pkt_free(pkt);
return DUMP_CBOR_ELDNS;
}
if (!(dname = ldns_buffer_new(512))) {
ldns_pkt_free(pkt);
return DUMP_CBOR_ENOMEM;
}
if (ldns_rdf2buffer_str_dname(dname, ldns_rr_owner(rr)) != LDNS_STATUS_OK) {
ldns_buffer_free(dname);
ldns_pkt_free(pkt);
return DUMP_CBOR_ELDNS;
}
ldns_buffer_write_u8(dname, 0);
if (!(dname_str = ldns_buffer_export(dname))) {
ldns_buffer_free(dname);
ldns_pkt_free(pkt);
return DUMP_CBOR_ENOMEM;
}
if (cbor_err == CborNoError) cbor_err = append_cbor_map(&queries, &query, CborIndefiniteLength, &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&query, "NAME", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&query, dname_str, &should_flush);
free(dname_str);
ldns_buffer_free(dname);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&query, "CLASS", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&query, ldns_rr_get_class(rr), &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&query, "TYPE", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&query, ldns_rr_get_type(rr), &should_flush);
if (cbor_err == CborNoError) cbor_err = close_cbor_container(&queries, &query, &should_flush);
}
if (cbor_err == CborNoError) cbor_err = close_cbor_container(&cbor, &queries, &should_flush);
}
}
/* answerRRs */
if (ldns_pkt_ancount(pkt) > 0) {
CborEncoder cbor_rrs;
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "answerRRs", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_array(&cbor, &cbor_rrs, CborIndefiniteLength, &should_flush);
cbor_ldns_rr_list(&cbor_rrs, ldns_pkt_answer(pkt), ldns_pkt_ancount(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = close_cbor_container(&cbor, &cbor_rrs, &should_flush);
}
/* authorityRRs */
if (ldns_pkt_nscount(pkt) > 0) {
CborEncoder cbor_rrs;
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "authorityRRs", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_array(&cbor, &cbor_rrs, CborIndefiniteLength, &should_flush);
cbor_ldns_rr_list(&cbor_rrs, ldns_pkt_authority(pkt), ldns_pkt_nscount(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = close_cbor_container(&cbor, &cbor_rrs, &should_flush);
}
/* additionalRRs */
if (ldns_pkt_arcount(pkt) > 0) {
CborEncoder cbor_rrs;
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor, "additionalRRs", &should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_array(&cbor, &cbor_rrs, CborIndefiniteLength, &should_flush);
cbor_ldns_rr_list(&cbor_rrs, ldns_pkt_additional(pkt), ldns_pkt_arcount(pkt), &should_flush);
if (cbor_err == CborNoError) cbor_err = close_cbor_container(&cbor, &cbor_rrs, &should_flush);
}
ldns_pkt_free(pkt);
if (cbor_err == CborNoError) cbor_err = close_cbor_container(&cbor_pkts, &cbor, &should_flush);
if (cbor_err != CborNoError) {
fprintf(stderr, "cbor error[%d]: %s\n", cbor_err, cbor_error_string(cbor_err));
return DUMP_CBOR_ECBOR;
}
if (should_flush) {
if ((cbor_err = cbor_encoder_close_container_checked(&cbor_root, &cbor_pkts)) != CborNoError) {
fprintf(stderr, "cbor error[%d]: %s\n", cbor_err, cbor_error_string(cbor_err));
return DUMP_CBOR_ECBOR;
}
fprintf(stderr, "cbor output: %lu bytes\n", cbor_encoder_get_buffer_size(&cbor_root, cbor_buf));
cbor_flushed = 1;
return DUMP_CBOR_FLUSH;
}
return DUMP_CBOR_OK;
}
void zkdns_start(const char* my_address, int port, const char* my_zone)
{
rp_handle = rp_initialize(my_zone);
/* network */
int sock;
ssize_t nb;
struct sockaddr addr_me;
struct sockaddr addr_him;
socklen_t hislen = (socklen_t) sizeof(addr_him);
uint8_t inbuf[INBUF_SIZE];
uint8_t *outbuf;
/* dns */
ldns_status status;
ldns_pkt *query_pkt;
ldns_pkt *answer_pkt;
size_t answer_size;
ldns_rr *query_rr;
ldns_rr_list *answer_qr;
ldns_rr_list *answer_an;
ldns_rr_list *answer_ns;
ldns_rr_list *answer_ad;
ldns_rdf *origin = NULL;
/* zone */
ldns_zone *zone;
int line_nr;
FILE *zone_fp;
if (ldns_str2rdf_dname(&origin, my_zone) != LDNS_STATUS_OK) {
fprintf(stderr, "Bad origin, not a correct domain name\n");
exit(EXIT_FAILURE);
}
printf("Listening on port %d\n", port);
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
fprintf(stderr, "socket(): %s\n", strerror(errno));
exit(1);
}
memset(&addr_me, 0, sizeof(addr_me));
/* bind: try all ports in that range */
if (udp_bind(sock, port, my_address)) {
fprintf(stderr, "cannot bind(): %s\n", strerror(errno));
exit(errno);
}
/* Done. Now receive */
while (1) {
nb = recvfrom(sock, (void*)inbuf, INBUF_SIZE, 0,
&addr_him, &hislen);
if (nb < 1) {
fprintf(stderr, "recvfrom(): %s\n",
strerror(errno));
exit(1);
}
/*
show(inbuf, nb, nn, hp, sp, ip, bp);
*/
status = ldns_wire2pkt(&query_pkt, inbuf, (size_t) nb);
if (status != LDNS_STATUS_OK) {
printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status));
}
query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0);
answer_qr = ldns_rr_list_new();
ldns_rr_list_push_rr(answer_qr, ldns_rr_clone(query_rr));
answer_an = get_rrset(zone, ldns_rr_owner(query_rr), ldns_rr_get_type(query_rr), ldns_rr_get_class(query_rr));
answer_pkt = ldns_pkt_new();
answer_ns = ldns_rr_list_new();
answer_ad = ldns_rr_list_new();
ldns_pkt_set_qr(answer_pkt, 1);
ldns_pkt_set_aa(answer_pkt, 1);
ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt));
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_QUESTION, answer_qr);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ANSWER, answer_an);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_AUTHORITY, answer_ns);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ADDITIONAL, answer_ad);
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
if (status != LDNS_STATUS_OK) {
printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
} else {
nb = sendto(sock, (void*)outbuf, answer_size, 0,
&addr_him, hislen);
}
ldns_pkt_free(query_pkt);
ldns_pkt_free(answer_pkt);
LDNS_FREE(outbuf);
ldns_rr_list_free(answer_qr);
ldns_rr_list_free(answer_an);
ldns_rr_list_free(answer_ns);
ldns_rr_list_free(answer_ad);
}
ldns_rdf_deep_free(origin);
ldns_zone_deep_free(zone);
rp_shutdown(rp_handle);
}
ldns_status
ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac)
{
uint8_t i;
struct sockaddr_storage *src = NULL;
size_t src_len;
struct sockaddr_storage *ns;
size_t ns_len;
struct timeval tv_s;
struct timeval tv_e;
ldns_rdf **ns_array;
size_t *rtt;
ldns_pkt *reply;
bool all_servers_rtt_inf;
uint8_t retries;
uint8_t *reply_bytes = NULL;
size_t reply_size = 0;
ldns_status status, send_status;
assert(r != NULL);
status = LDNS_STATUS_OK;
rtt = ldns_resolver_rtt(r);
ns_array = ldns_resolver_nameservers(r);
reply = NULL;
ns_len = 0;
all_servers_rtt_inf = true;
if (ldns_resolver_random(r)) {
ldns_resolver_nameservers_randomize(r);
}
if(ldns_resolver_source(r)) {
src = ldns_rdf2native_sockaddr_storage_port(
ldns_resolver_source(r), 0, &src_len);
}
/* loop through all defined nameservers */
for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
if (rtt[i] == LDNS_RESOLV_RTT_INF) {
/* not reachable nameserver! */
continue;
}
/* maybe verbosity setting?
printf("Sending to ");
ldns_rdf_print(stdout, ns_array[i]);
printf("\n");
*/
ns = ldns_rdf2native_sockaddr_storage(ns_array[i],
ldns_resolver_port(r), &ns_len);
#ifndef S_SPLINT_S
if ((ns->ss_family == AF_INET) &&
(ldns_resolver_ip6(r) == LDNS_RESOLV_INET6)) {
/* not reachable */
LDNS_FREE(ns);
continue;
}
if ((ns->ss_family == AF_INET6) &&
(ldns_resolver_ip6(r) == LDNS_RESOLV_INET)) {
/* not reachable */
LDNS_FREE(ns);
continue;
}
#endif
all_servers_rtt_inf = false;
gettimeofday(&tv_s, NULL);
send_status = LDNS_STATUS_ERR;
/* reply_bytes implicitly handles our error */
if (ldns_resolver_usevc(r)) {
for (retries = ldns_resolver_retry(r); retries > 0; retries--) {
send_status =
ldns_tcp_send_from(&reply_bytes, qb,
ns, (socklen_t)ns_len,
src, (socklen_t)src_len,
ldns_resolver_timeout(r),
&reply_size);
if (send_status == LDNS_STATUS_OK) {
break;
}
}
} else {
for (retries = ldns_resolver_retry(r); retries > 0; retries--) {
/* ldns_rdf_print(stdout, ns_array[i]); */
send_status =
ldns_udp_send_from(&reply_bytes, qb,
ns, (socklen_t)ns_len,
src, (socklen_t)src_len,
ldns_resolver_timeout(r),
&reply_size);
if (send_status == LDNS_STATUS_OK) {
break;
}
}
}
if (send_status != LDNS_STATUS_OK) {
ldns_resolver_set_nameserver_rtt(r, i, LDNS_RESOLV_RTT_INF);
status = send_status;
}
/* obey the fail directive */
if (!reply_bytes) {
/* the current nameserver seems to have a problem, blacklist it */
if (ldns_resolver_fail(r)) {
LDNS_FREE(ns);
return LDNS_STATUS_ERR;
} else {
LDNS_FREE(ns);
continue;
}
}
status = ldns_wire2pkt(&reply, reply_bytes, reply_size);
if (status != LDNS_STATUS_OK) {
LDNS_FREE(reply_bytes);
LDNS_FREE(ns);
return status;
}
LDNS_FREE(ns);
gettimeofday(&tv_e, NULL);
if (reply) {
ldns_pkt_set_querytime(reply, (uint32_t)
((tv_e.tv_sec - tv_s.tv_sec) * 1000) +
(tv_e.tv_usec - tv_s.tv_usec) / 1000);
ldns_pkt_set_answerfrom(reply,
ldns_rdf_clone(ns_array[i]));
ldns_pkt_set_timestamp(reply, tv_s);
ldns_pkt_set_size(reply, reply_size);
break;
} else {
if (ldns_resolver_fail(r)) {
/* if fail is set bail out, after the first
* one */
break;
}
}
/* wait retrans seconds... */
sleep((unsigned int) ldns_resolver_retrans(r));
}
if(src) {
LDNS_FREE(src);
}
if (all_servers_rtt_inf) {
LDNS_FREE(reply_bytes);
return LDNS_STATUS_RES_NO_NS;
}
#ifdef HAVE_SSL
if (tsig_mac && reply && reply_bytes) {
if (!ldns_pkt_tsig_verify(reply,
reply_bytes,
reply_size,
ldns_resolver_tsig_keyname(r),
ldns_resolver_tsig_keydata(r), tsig_mac)) {
status = LDNS_STATUS_CRYPTO_TSIG_BOGUS;
}
}
#else
(void)tsig_mac;
#endif /* HAVE_SSL */
LDNS_FREE(reply_bytes);
if (result) {
*result = reply;
}
return status;
}
