/*! \brief Reset packet parse state. */ static int pkt_reset_sections(knot_pkt_t *pkt) { pkt->parsed = 0; pkt->current = KNOT_ANSWER; memset(pkt->sections, 0, sizeof(pkt->sections)); return knot_pkt_begin(pkt, KNOT_ANSWER); }
static int rosedb_synth(knot_pkt_t *pkt, const knot_dname_t *key, struct iter *it, struct query_data *qdata) { struct entry entry; int ret = KNOT_EOK; uint16_t qtype = knot_pkt_qtype(qdata->query); /* Answer section. */ while (ret == KNOT_EOK) { if (cache_iter_val(it, &entry) == 0) { ret = rosedb_synth_rr(pkt, &entry, qtype); } if (cache_iter_next(it) != 0) { break; } } /* Authority section. */ knot_pkt_begin(pkt, KNOT_AUTHORITY); /* Not found (zone cut if records exist). */ ret = cache_iter_begin(it, key); while (ret == KNOT_EOK) { if (cache_iter_val(it, &entry) == 0) { ret = rosedb_synth_rr(pkt, &entry, KNOT_RRTYPE_NS); ret = rosedb_synth_rr(pkt, &entry, KNOT_RRTYPE_SOA); } if (cache_iter_next(it) != 0) { break; } } /* Our response is authoritative. */ if (knot_wire_get_nscount(pkt->wire) > 0) { knot_wire_set_aa(pkt->wire); if (knot_wire_get_ancount(pkt->wire) == 0) { qdata->rcode = KNOT_RCODE_NXDOMAIN; } } /* Send message to syslog. */ struct sockaddr_storage syslog_addr; if (sockaddr_set(&syslog_addr, AF_INET, entry.syslog_ip, DEFAULT_PORT) == KNOT_EOK) { int sock = net_unbound_socket(AF_INET, &syslog_addr); if (sock > 0) { rosedb_send_log(sock, (struct sockaddr *)&syslog_addr, pkt, entry.threat_code, qdata); close(sock); } } return ret; }
/*! \brief Create zone query packet. */ static knot_pkt_t *zone_query(const zone_t *zone, uint16_t pkt_type, knot_mm_t *mm) { /* Determine query type and opcode. */ uint16_t query_type = KNOT_RRTYPE_SOA; uint16_t opcode = KNOT_OPCODE_QUERY; switch(pkt_type) { case KNOT_QUERY_AXFR: query_type = KNOT_RRTYPE_AXFR; break; case KNOT_QUERY_IXFR: query_type = KNOT_RRTYPE_IXFR; break; case KNOT_QUERY_NOTIFY: opcode = KNOT_OPCODE_NOTIFY; break; } knot_pkt_t *pkt = knot_pkt_new(NULL, KNOT_WIRE_MAX_PKTSIZE, mm); if (pkt == NULL) { return NULL; } knot_wire_set_id(pkt->wire, dnssec_random_uint16_t()); knot_wire_set_opcode(pkt->wire, opcode); if (pkt_type == KNOT_QUERY_NOTIFY) { knot_wire_set_aa(pkt->wire); } knot_pkt_put_question(pkt, zone->name, KNOT_CLASS_IN, query_type); /* Put current SOA (optional). */ zone_contents_t *contents = zone->contents; if (pkt_type == KNOT_QUERY_IXFR) { /* RFC1995, SOA in AUTHORITY. */ knot_pkt_begin(pkt, KNOT_AUTHORITY); knot_rrset_t soa_rr = node_rrset(contents->apex, KNOT_RRTYPE_SOA); knot_pkt_put(pkt, KNOT_COMPR_HINT_QNAME, &soa_rr, 0); } else if (pkt_type == KNOT_QUERY_NOTIFY) { /* RFC1996, SOA in ANSWER. */ knot_pkt_begin(pkt, KNOT_ANSWER); knot_rrset_t soa_rr = node_rrset(contents->apex, KNOT_RRTYPE_SOA); knot_pkt_put(pkt, KNOT_COMPR_HINT_QNAME, &soa_rr, 0); } return pkt; }
_public_ int knot_pkt_parse_payload(knot_pkt_t *pkt, unsigned flags) { if (pkt == NULL) { return KNOT_EINVAL; } assert(pkt->wire != NULL); assert(pkt->size > 0); /* Reserve memory in advance to avoid resizing. */ size_t rr_count = knot_wire_get_ancount(pkt->wire) + knot_wire_get_nscount(pkt->wire) + knot_wire_get_arcount(pkt->wire); int ret = pkt_rr_array_alloc(pkt, rr_count); if (ret != KNOT_EOK) { return ret; } for (knot_section_t i = KNOT_ANSWER; i <= KNOT_ADDITIONAL; ++i) { ret = knot_pkt_begin(pkt, i); if (ret != KNOT_EOK) { return ret; } ret = knot_pkt_parse_section(pkt, flags); if (ret != KNOT_EOK) { return ret; } } /* TSIG must be last record of AR if present. */ const knot_pktsection_t *ar = knot_pkt_section(pkt, KNOT_ADDITIONAL); if (pkt->tsig_rr != NULL) { const knot_rrset_t *last_rr = knot_pkt_rr(ar, ar->count - 1); if (ar->count > 0 && pkt->tsig_rr->rrs.data != last_rr->rrs.data) { return KNOT_EMALF; } } /* Check for trailing garbage. */ if (pkt->parsed < pkt->size) { return KNOT_EMALF; } return KNOT_EOK; }
/*! \brief Set EDNS section. */ static int prepare_edns(conf_t *conf, zone_t *zone, knot_pkt_t *pkt) { conf_val_t val = conf_zone_get(conf, C_REQUEST_EDNS_OPTION, zone->name); /* Check if an extra EDNS option is configured. */ size_t opt_len; const uint8_t *opt_data = conf_data(&val, &opt_len); if (opt_data == NULL) { return KNOT_EOK; } knot_rrset_t opt_rr; conf_val_t *max_payload = &conf->cache.srv_max_udp_payload; int ret = knot_edns_init(&opt_rr, conf_int(max_payload), 0, KNOT_EDNS_VERSION, &pkt->mm); if (ret != KNOT_EOK) { return ret; } ret = knot_edns_add_option(&opt_rr, wire_read_u64(opt_data), yp_bin_len(opt_data + sizeof(uint64_t)), yp_bin(opt_data + sizeof(uint64_t)), &pkt->mm); if (ret != KNOT_EOK) { knot_rrset_clear(&opt_rr, &pkt->mm); return ret; } knot_pkt_begin(pkt, KNOT_ADDITIONAL); ret = knot_pkt_put(pkt, KNOT_COMPR_HINT_NONE, &opt_rr, KNOT_PF_FREE); if (ret != KNOT_EOK) { knot_rrset_clear(&opt_rr, &pkt->mm); return ret; } return KNOT_EOK; }
_public_ int knot_pkt_put_question(knot_pkt_t *pkt, const knot_dname_t *qname, uint16_t qclass, uint16_t qtype) { if (pkt == NULL || qname == NULL) { return KNOT_EINVAL; } assert(pkt->size == KNOT_WIRE_HEADER_SIZE); assert(pkt->rrset_count == 0); /* Copy name wireformat. */ uint8_t *dst = pkt->wire + KNOT_WIRE_HEADER_SIZE; int qname_len = knot_dname_to_wire(dst, qname, pkt->max_size - pkt->size); if (qname_len < 0) { return qname_len; } /* Check size limits. */ size_t question_len = 2 * sizeof(uint16_t) + qname_len; if (qname_len < 0 || pkt->size + question_len > pkt->max_size) { return KNOT_ESPACE; } /* Copy QTYPE & QCLASS */ dst += qname_len; wire_write_u16(dst, qtype); dst += sizeof(uint16_t); wire_write_u16(dst, qclass); /* Update question count and sizes. */ knot_wire_set_qdcount(pkt->wire, 1); pkt->size += question_len; pkt->qname_size = qname_len; /* Start writing ANSWER. */ return knot_pkt_begin(pkt, KNOT_ANSWER); }
int main(int argc, char *argv[]) { plan(25); /* Create memory pool context. */ int ret = 0; knot_mm_t mm; mm_ctx_mempool(&mm, MM_DEFAULT_BLKSIZE); /* Create names and data. */ knot_dname_t* dnames[NAMECOUNT] = {0}; knot_rrset_t* rrsets[NAMECOUNT] = {0}; for (unsigned i = 0; i < NAMECOUNT; ++i) { dnames[i] = knot_dname_from_str_alloc(g_names[i]); } uint8_t *edns_str = (uint8_t *)"ab"; /* Create OPT RR. */ knot_rrset_t opt_rr; ret = knot_edns_init(&opt_rr, 1024, 0, 0, &mm); if (ret != KNOT_EOK) { skip_block(25, "Failed to initialize OPT RR."); return 0; } /* Add NSID */ ret = knot_edns_add_option(&opt_rr, KNOT_EDNS_OPTION_NSID, strlen((char *)edns_str), edns_str, &mm); if (ret != KNOT_EOK) { knot_rrset_clear(&opt_rr, &mm); skip_block(25, "Failed to add NSID to OPT RR."); return 0; } /* * Packet writer tests. */ /* Create packet. */ knot_pkt_t *out = knot_pkt_new(NULL, MM_DEFAULT_BLKSIZE, &mm); ok(out != NULL, "pkt: new"); /* Mark as response (not part of the test). */ knot_wire_set_qr(out->wire); /* Secure packet. */ const char *tsig_secret = "abcd"; knot_tsig_key_t tsig_key; tsig_key.algorithm = DNSSEC_TSIG_HMAC_MD5; tsig_key.name = dnames[0]; tsig_key.secret.data = (uint8_t *)strdup(tsig_secret); tsig_key.secret.size = strlen(tsig_secret); ret = knot_pkt_reserve(out, knot_tsig_wire_maxsize(&tsig_key)); ok(ret == KNOT_EOK, "pkt: set TSIG key"); /* Write question. */ ret = knot_pkt_put_question(out, dnames[0], KNOT_CLASS_IN, KNOT_RRTYPE_A); ok(ret == KNOT_EOK, "pkt: put question"); /* Add OPT to packet (empty NSID). */ ret = knot_pkt_reserve(out, knot_edns_wire_size(&opt_rr)); ok(ret == KNOT_EOK, "pkt: reserve OPT RR"); /* Begin ANSWER section. */ ret = knot_pkt_begin(out, KNOT_ANSWER); ok(ret == KNOT_EOK, "pkt: begin ANSWER"); /* Write ANSWER section. */ rrsets[0] = knot_rrset_new(dnames[0], KNOT_RRTYPE_A, KNOT_CLASS_IN, NULL); knot_dname_free(&dnames[0], NULL); knot_rrset_add_rdata(rrsets[0], RDVAL(0), RDLEN(0), TTL, NULL); ret = knot_pkt_put(out, KNOT_COMPR_HINT_QNAME, rrsets[0], 0); ok(ret == KNOT_EOK, "pkt: write ANSWER"); /* Begin AUTHORITY. */ ret = knot_pkt_begin(out, KNOT_AUTHORITY); ok(ret == KNOT_EOK, "pkt: begin AUTHORITY"); /* Write rest to AUTHORITY. */ ret = KNOT_EOK; for (unsigned i = 1; i < NAMECOUNT; ++i) { rrsets[i] = knot_rrset_new(dnames[i], KNOT_RRTYPE_NS, KNOT_CLASS_IN, NULL); knot_dname_free(&dnames[i], NULL); knot_rrset_add_rdata(rrsets[i], RDVAL(i), RDLEN(i), TTL, NULL); ret |= knot_pkt_put(out, KNOT_COMPR_HINT_NONE, rrsets[i], 0); } ok(ret == KNOT_EOK, "pkt: write AUTHORITY(%u)", NAMECOUNT - 1); /* Begin ADDITIONALS */ ret = knot_pkt_begin(out, KNOT_ADDITIONAL); ok(ret == KNOT_EOK, "pkt: begin ADDITIONALS"); /* Encode OPT RR. */ ret = knot_pkt_put(out, KNOT_COMPR_HINT_NONE, &opt_rr, 0); ok(ret == KNOT_EOK, "pkt: write OPT RR"); /* * Packet reader tests. */ /* Create new packet from query packet. */ knot_pkt_t *in = knot_pkt_new(out->wire, out->size, &out->mm); ok(in != NULL, "pkt: create packet for parsing"); /* Read packet header. */ ret = knot_pkt_parse_question(in); ok(ret == KNOT_EOK, "pkt: read header"); /* Read packet payload. */ ret = knot_pkt_parse_payload(in, 0); ok(ret == KNOT_EOK, "pkt: read payload"); /* Compare parsed packet to written packet. */ packet_match(in, out); /* * Copied packet tests. */ knot_pkt_t *copy = knot_pkt_new(NULL, in->max_size, &in->mm); ret = knot_pkt_copy(copy, in); ok(ret == KNOT_EOK, "pkt: create packet copy"); /* Compare copied packet to original. */ packet_match(in, copy); /* Free packets. */ knot_pkt_free(©); knot_pkt_free(&out); knot_pkt_free(&in); ok(in == NULL && out == NULL && copy == NULL, "pkt: free"); /* Free extra data. */ for (unsigned i = 0; i < NAMECOUNT; ++i) { knot_rrset_free(&rrsets[i], NULL); } free(tsig_key.secret.data); mp_delete((struct mempool *)mm.ctx); return 0; }
int main(int argc, char *argv[]) { plan(8*6 + 3); /* exec_query = 6 TAP tests */ /* Create processing context. */ knot_process_t query_ctx; memset(&query_ctx, 0, sizeof(knot_process_t)); mm_ctx_mempool(&query_ctx.mm, sizeof(knot_pkt_t)); /* Create name server. */ server_t server; server_init(&server); server.opt_rr = knot_edns_new(); knot_edns_set_version(server.opt_rr, EDNS_VERSION); knot_edns_set_payload(server.opt_rr, 4096); conf()->identity = strdup("bogus.ns"); conf()->version = strdup("0.11"); /* Insert root zone. */ create_root_zone(&server, &query_ctx.mm); zone_t *zone = knot_zonedb_find(server.zone_db, ROOT_DNAME); /* Prepare. */ int state = NS_PROC_FAIL; uint8_t query_wire[KNOT_WIRE_MAX_PKTSIZE]; uint16_t query_len = KNOT_WIRE_MAX_PKTSIZE; knot_pkt_t *query = knot_pkt_new(query_wire, query_len, &query_ctx.mm); /* Create query processing parameter. */ struct sockaddr_storage ss; memset(&ss, 0, sizeof(struct sockaddr_storage)); sockaddr_set(&ss, AF_INET, "127.0.0.1", 53); struct process_query_param param = {0}; param.query_source = &ss; param.server = &server; /* Query processor (CH zone) */ state = knot_process_begin(&query_ctx, ¶m, NS_PROC_QUERY); const uint8_t chaos_dname[] = "\2""id""\6""server"; /* id.server */ knot_pkt_clear(query); knot_pkt_put_question(query, chaos_dname, KNOT_CLASS_CH, KNOT_RRTYPE_TXT); exec_query(&query_ctx, "CH TXT", query->wire, query->size, KNOT_RCODE_NOERROR); /* Query processor (valid input). */ state = knot_process_reset(&query_ctx); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_SOA); exec_query(&query_ctx, "IN/root", query->wire, query->size, KNOT_RCODE_NOERROR); /* Query processor (-1 bytes, not enough data). */ state = knot_process_reset(&query_ctx); exec_query(&query_ctx, "IN/few-data", query->wire, query->size - 1, KNOT_RCODE_FORMERR); /* Query processor (+1 bytes trailing). */ state = knot_process_reset(&query_ctx); query->wire[query->size] = '\1'; /* Initialize the "garbage" value. */ exec_query(&query_ctx, "IN/trail-garbage", query->wire, query->size + 1, KNOT_RCODE_FORMERR); /* Forge NOTIFY query from SOA query. */ state = knot_process_reset(&query_ctx); knot_wire_set_opcode(query->wire, KNOT_OPCODE_NOTIFY); exec_query(&query_ctx, "IN/notify", query->wire, query->size, KNOT_RCODE_NOTAUTH); /* Forge AXFR query. */ knot_process_reset(&query_ctx); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_AXFR); exec_query(&query_ctx, "IN/axfr", query->wire, query->size, KNOT_RCODE_NOTAUTH); /* Forge IXFR query (badly formed, no SOA in AUTHORITY section). */ knot_process_reset(&query_ctx); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_IXFR); exec_query(&query_ctx, "IN/ixfr-formerr", query->wire, query->size, KNOT_RCODE_FORMERR); /* Forge IXFR query (well formed). */ knot_process_reset(&query_ctx); /* Append SOA RR. */ knot_rrset_t soa_rr = node_rrset(zone->contents->apex, KNOT_RRTYPE_SOA); knot_pkt_begin(query, KNOT_AUTHORITY); knot_pkt_put(query, COMPR_HINT_NONE, &soa_rr, 0); exec_query(&query_ctx, "IN/ixfr", query->wire, query->size, KNOT_RCODE_NOTAUTH); /* \note Tests below are not possible without proper zone and zone data. */ /* #189 Process UPDATE query. */ /* #189 Process AXFR client. */ /* #189 Process IXFR client. */ /* Query processor (smaller than DNS header, ignore). */ state = knot_process_reset(&query_ctx); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_SOA); state = knot_process_in(query->wire, KNOT_WIRE_HEADER_SIZE - 1, &query_ctx); ok(state == NS_PROC_NOOP, "ns: IN/less-than-header query ignored"); /* Query processor (response, ignore). */ state = knot_process_reset(&query_ctx); knot_wire_set_qr(query->wire); state = knot_process_in(query->wire, query->size, &query_ctx); ok(state == NS_PROC_NOOP, "ns: IN/less-than-header query ignored"); /* Finish. */ state = knot_process_finish(&query_ctx); ok(state == NS_PROC_NOOP, "ns: processing end" ); /* Cleanup. */ mp_delete((struct mempool *)query_ctx.mm.ctx); server_deinit(&server); return 0; }
int main(int argc, char *argv[]) { plan(8*6 + 4); /* exec_query = 6 TAP tests */ knot_mm_t mm; mm_ctx_mempool(&mm, MM_DEFAULT_BLKSIZE); /* Create processing context. */ knot_layer_t proc; memset(&proc, 0, sizeof(knot_layer_t)); proc.mm = &mm; /* Create fake server environment. */ server_t server; int ret = create_fake_server(&server, proc.mm); ok(ret == KNOT_EOK, "ns: fake server initialization"); zone_t *zone = knot_zonedb_find(server.zone_db, ROOT_DNAME); /* Prepare. */ knot_pkt_t *query = knot_pkt_new(NULL, KNOT_WIRE_MAX_PKTSIZE, proc.mm); /* Create query processing parameter. */ struct sockaddr_storage ss; memset(&ss, 0, sizeof(struct sockaddr_storage)); sockaddr_set(&ss, AF_INET, "127.0.0.1", 53); struct process_query_param param = {0}; param.remote = &ss; param.server = &server; /* Query processor (CH zone) */ knot_layer_begin(&proc, NS_PROC_QUERY, ¶m); knot_pkt_clear(query); knot_pkt_put_question(query, IDSERVER_DNAME, KNOT_CLASS_CH, KNOT_RRTYPE_TXT); exec_query(&proc, "CH TXT", query, KNOT_RCODE_NOERROR); /* Query processor (valid input). */ knot_layer_reset(&proc); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_SOA); exec_query(&proc, "IN/root", query, KNOT_RCODE_NOERROR); /* Query processor (-1 bytes, not enough data). */ knot_layer_reset(&proc); query->size -= 1; exec_query(&proc, "IN/few-data", query, KNOT_RCODE_FORMERR); query->size += 1; /* Query processor (+1 bytes trailing). */ knot_layer_reset(&proc); query->wire[query->size] = '\1'; /* Initialize the "garbage" value. */ query->size += 1; exec_query(&proc, "IN/trail-garbage", query, KNOT_RCODE_FORMERR); query->size -= 1; /* Forge NOTIFY query from SOA query. */ knot_layer_reset(&proc); knot_wire_set_opcode(query->wire, KNOT_OPCODE_NOTIFY); exec_query(&proc, "IN/notify", query, KNOT_RCODE_NOTAUTH); /* Forge AXFR query. */ knot_layer_reset(&proc); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_AXFR); exec_query(&proc, "IN/axfr", query, KNOT_RCODE_NOTAUTH); /* Forge IXFR query (badly formed, no SOA in AUTHORITY section). */ knot_layer_reset(&proc); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_IXFR); exec_query(&proc, "IN/ixfr-formerr", query, KNOT_RCODE_FORMERR); /* Forge IXFR query (well formed). */ knot_layer_reset(&proc); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_IXFR); /* Append SOA RR. */ knot_rrset_t soa_rr = node_rrset(zone->contents->apex, KNOT_RRTYPE_SOA); knot_pkt_begin(query, KNOT_AUTHORITY); knot_pkt_put(query, KNOT_COMPR_HINT_NONE, &soa_rr, 0); exec_query(&proc, "IN/ixfr", query, KNOT_RCODE_NOTAUTH); /* \note Tests below are not possible without proper zone and zone data. */ /* #189 Process UPDATE query. */ /* #189 Process AXFR client. */ /* #189 Process IXFR client. */ /* Query processor (smaller than DNS header, ignore). */ knot_layer_reset(&proc); knot_pkt_clear(query); knot_pkt_put_question(query, ROOT_DNAME, KNOT_CLASS_IN, KNOT_RRTYPE_SOA); size_t orig_query_size = query->size; query->size = KNOT_WIRE_HEADER_SIZE - 1; int state = knot_layer_consume(&proc, query); ok(state == KNOT_STATE_NOOP, "ns: IN/less-than-header query ignored"); query->size = orig_query_size; /* Query processor (response, ignore). */ knot_layer_reset(&proc); knot_wire_set_qr(query->wire); state = knot_layer_consume(&proc, query); ok(state == KNOT_STATE_NOOP, "ns: IN/less-than-header query ignored"); /* Finish. */ state = knot_layer_finish(&proc); ok(state == KNOT_STATE_NOOP, "ns: processing end" ); /* Cleanup. */ mp_delete((struct mempool *)mm.ctx); server_deinit(&server); conf_free(conf()); return 0; }