From 97c2e721c54f51a2a5c56d71bcd911a2f9863e50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 10 Dec 2020 12:08:36 +0100 Subject: [PATCH] libbind - Fix #11 #133: - Remove dependency on libbind, replaced with LDNS - Fix memory leak in EDNS0 ECS address parsing - Change `-g`'s format of EDNS0 output to be consistent with the rest of the parsable output - No more spaces in the output - Fix incorrect `\` and extra empty new-line - All EDNS0 options are added after `edns0[...]` using comma separation, example: `edns0[],edns0opt[],...` - Client Subnet format: `edns0opt[ECS,family=nn,source=nn,scope=nn,addr=...]` - Unknown/unsupported code: `edns0opt[code=nn,codelen=nn]` - Parsing error messages have changed, they came from libbind, now comes from LDNS - `plugins/eventlog`: Use LDNS instead of libbind - `plugins/royparse`: Use LDNS instead of libbind - `plugins/txtout`: Use LDNS instead of libbind - `-X`/`-x` will now match against FQDNs --- configure.ac | 42 +-- plugins/anonaes128/test2.gold | 18 +- plugins/anonaes128/test3.gold | 6 +- plugins/anonmask/test2.gold | 42 +-- plugins/cryptopan/test2.gold | 18 +- plugins/cryptopan/test3.gold | 6 +- plugins/cryptopant/test2.gold | 18 +- plugins/cryptopant/test3.gold | 6 +- plugins/eventlog/eventlog.c | 205 +++++++----- plugins/ipcrypt/test2.gold | 18 +- plugins/ipcrypt/test3.gold | 6 +- plugins/royparse/royparse.c | 86 ++--- plugins/rssm/Makefile.am | 7 +- plugins/rzkeychange/Makefile.am | 7 +- plugins/txtout/Makefile.am | 4 +- plugins/txtout/txtout.c | 113 ++++--- src/Makefile.am | 5 +- src/args.c | 21 +- src/dnscap.c | 1 - src/dnscap.h | 13 +- src/dump_dns.c | 552 ++++++++++++++------------------ src/dump_dns.h | 5 +- src/network.c | 264 ++++++++------- src/tcpreasm.c | 15 +- src/test/test10.gold | 12 +- src/test/test7.gold | 9 +- src/test/test8.gold | 3 +- 27 files changed, 720 insertions(+), 782 deletions(-) diff --git a/configure.ac b/configure.ac index 4e1f0c4..1dd7256 100644 --- a/configure.ac +++ b/configure.ac @@ -78,23 +78,18 @@ AM_CONDITIONAL([ENABLE_GCOV], [test "x$enable_gcov" != "xno"]) AM_EXTRA_RECURSIVE_TARGETS([gcov]) # Checks for libraries. -AC_CHECK_LIB([bind], [ns_initparse], [], [AC_CHECK_LIB([bind], [__ns_initparse])]) -AC_CHECK_LIB([resolv], [res_mkquery], [], [ - AC_CHECK_LIB([resolv], [__res_mkquery], [], [ - AC_CHECK_LIB([resolv], [res_9_mkquery]) - ]) -]) AC_CHECK_LIB([dl], [dlopen]) AC_CHECK_LIB([tinycbor], [cbor_parser_init]) AM_CONDITIONAL([HAVE_CBOR], [test "x$ac_cv_lib_tinycbor_cbor_parser_init" = "xyes"]) -AC_CHECK_LIB([ldns], [ldns_wire2pkt]) -AM_CONDITIONAL([HAVE_LDNS], [test "x$ac_cv_lib_ldns_ldns_wire2pkt" = "xyes"]) AC_CHECK_LIB([z], [gzopen]) PKG_CHECK_MODULES([libcrypto], [libcrypto], [AC_DEFINE([HAVE_LIBCRYPTO], [1], [Define to 1 if you have libcrypto.])]) AC_CHECK_LIB([cryptopant], [scramble_init], [], [ AC_CHECK_LIB([cryptopANT], [scramble_init]) ]) +PKG_CHECK_MODULES([libldns], [libldns], , [ + PKG_CHECK_MODULES([libldns], [ldns]) +]) # Check for OS specific libraries case "$host_os" in @@ -122,41 +117,12 @@ AC_CHECK_HEADERS([sys/time.h]) AC_CHECK_HEADERS([zlib.h]) AC_CHECK_HEADERS([openssl/conf.h openssl/evp.h openssl/err.h]) AC_CHECK_HEADERS([cryptopANT.h]) +AC_CHECK_HEADERS([endian.h sys/endian.h machine/endian.h]) # Checks for library functions. AC_CHECK_FUNCS([snprintf]) AC_CHECK_FUNCS([setreuid setresuid setregid setresgid setegid seteuid initgroups setgroups]) AC_CHECK_FUNCS([funopen fopencookie gzopen]) -AC_CHECK_FUNC([ns_initparse], - [AC_DEFINE([HAVE_NS_INITPARSE], [1], [Define to 1 if you have the `ns_initparse' function.])], - [AC_CHECK_FUNC(__ns_initparse, - [AC_DEFINE([HAVE_NS_INITPARSE], [1], [Define to 1 if you have the `ns_initparse' function.])] - )] -) -AC_CHECK_FUNC([ns_parserr], - [AC_DEFINE([HAVE_NS_PARSERR], [1], [Define to 1 if you have the `ns_parserr' function.])], - [AC_CHECK_FUNC(__ns_parserr, - [AC_DEFINE([HAVE_NS_PARSERR], [1], [Define to 1 if you have the `ns_parserr' function.])] - )] -) -AC_CHECK_FUNC([ns_sprintrr], - [AC_DEFINE([HAVE_NS_SPRINTRR], [1], [Define to 1 if you have the `ns_sprintrr' function.])], - [AC_CHECK_FUNC(__ns_sprintrr, - [AC_DEFINE([HAVE_NS_SPRINTRR], [1], [Define to 1 if you have the `ns_sprintrr' function.])] - )] -) -AC_CHECK_FUNC([ns_name_uncompress], - [AC_DEFINE([HAVE_NS_NAME_UNCOMPRESS], [1], [Define to 1 if you have the `ns_name_uncompress' function.])], - [AC_CHECK_FUNC(__ns_name_uncompress, - [AC_DEFINE([HAVE_NS_NAME_UNCOMPRESS], [1], [Define to 1 if you have the `ns_name_uncompress' function.])] - )] -) -AC_CHECK_FUNC([p_rcode], - [AC_DEFINE([HAVE_P_RCODE], [1], [Define to 1 if you have the `p_rcode' function.])], - [AC_CHECK_FUNC(__p_rcode, - [AC_DEFINE([HAVE_P_RCODE], [1], [Define to 1 if you have the `p_rcode' function.])] - )] -) AC_CHECK_FUNCS([__assertion_failed]) # Check for SECCOMP diff --git a/plugins/anonaes128/test2.gold b/plugins/anonaes128/test2.gold index 6b6efe3..1780ffe 100644 --- a/plugins/anonaes128/test2.gold +++ b/plugins/anonaes128/test2.gold @@ -2,38 +2,32 @@ [4a92:a508:d567:5c16:d07:5236:4b51:417e].51972 [6733:3377:d5f:662b:299f:6a97:c7fe:d424].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [6733:3377:d5f:662b:299f:6a97:c7fe:d424].53 [4a92:a508:d567:5c16:d07:5236:4b51:417e].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [4a92:a508:d567:5c16:d07:5236:4b51:417e].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::8888].53 [4a92:a508:d567:5c16:d07:5236:4b51:417e].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0:0:57::245].51972 [6733:3377:d5f:662b:299f:6a97:c7fe:d424].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [6733:3377:d5f:662b:299f:6a97:c7fe:d424].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/anonaes128/test3.gold b/plugins/anonaes128/test3.gold index c3a0c02..b3f0230 100644 --- a/plugins/anonaes128/test3.gold +++ b/plugins/anonaes128/test3.gold @@ -2,12 +2,10 @@ [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \ [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/anonmask/test2.gold b/plugins/anonmask/test2.gold index 9d049fb..3e86855 100644 --- a/plugins/anonmask/test2.gold +++ b/plugins/anonmask/test2.gold @@ -2,90 +2,76 @@ [2a01:3f0::].51972 [2001:4860:4860::].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::].53 [2a01:3f0::].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:300::].51972 [2001:4800::].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4800::].53 [2a01:300::].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0::].51972 [2001:4860::].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860::].53 [2a01:3f0::].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0:0:57::].51972 [2001:4860:4860::].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::].53 [2a01:3f0:0:57::].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0:0:57::].51972 [2001:4860:4860::].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::].53 [2a01:3f0:0:57::].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0::].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::8888].53 [2a01:3f0::].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0:0:57::245].51972 [2001:4860:4860::].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/cryptopan/test2.gold b/plugins/cryptopan/test2.gold index 6543340..f85077b 100644 --- a/plugins/cryptopan/test2.gold +++ b/plugins/cryptopan/test2.gold @@ -2,38 +2,32 @@ [11eb:460f:2668:8b63:2668:8b2a:2668:8948].51972 [1845:9ab2:426f:b370:2668:8b2a:2668:33ab].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [1845:9ab2:426f:b370:2668:8b2a:2668:33ab].53 [11eb:460f:2668:8b63:2668:8b2a:2668:8948].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [11eb:460f:2668:8b63:2668:8b2a:2668:8948].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::8888].53 [11eb:460f:2668:8b63:2668:8b2a:2668:8948].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0:0:57::245].51972 [1845:9ab2:426f:b370:2668:8b2a:2668:33ab].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [1845:9ab2:426f:b370:2668:8b2a:2668:33ab].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/cryptopan/test3.gold b/plugins/cryptopan/test3.gold index d910b76..e1bf6a4 100644 --- a/plugins/cryptopan/test3.gold +++ b/plugins/cryptopan/test3.gold @@ -716,12 +716,10 @@ [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \ [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/cryptopant/test2.gold b/plugins/cryptopant/test2.gold index aa358a9..48bf0f8 100644 --- a/plugins/cryptopant/test2.gold +++ b/plugins/cryptopant/test2.gold @@ -2,38 +2,32 @@ [2a01:3a0:52c7:8483:3fd2:892c:443c:197e].51972 [2001:48e7:eb7b:8330:a6b3:e29f:c7a1:a114].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:48e7:eb7b:8330:a6b3:e29f:c7a1:a114].53 [2a01:3a0:52c7:8483:3fd2:892c:443c:197e].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [f97c:c1a0:52c7:8483:3fd2:892c:443c:197e].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::8888].53 [f97c:c1a0:52c7:8483:3fd2:892c:443c:197e].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0:0:57::245].51972 [f29a:ede7:eb7b:8330:a6b3:e29f:c7a1:a114].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [f29a:ede7:eb7b:8330:a6b3:e29f:c7a1:a114].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/cryptopant/test3.gold b/plugins/cryptopant/test3.gold index d910b76..e1bf6a4 100644 --- a/plugins/cryptopant/test3.gold +++ b/plugins/cryptopant/test3.gold @@ -716,12 +716,10 @@ [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \ [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/eventlog/eventlog.c b/plugins/eventlog/eventlog.c index 1ca53ed..cd59663 100644 --- a/plugins/eventlog/eventlog.c +++ b/plugins/eventlog/eventlog.c @@ -56,7 +56,7 @@ #include #include #include -#include +#include #include "dnscap_common.h" @@ -68,7 +68,6 @@ static int opt_t = 0; static char* opt_n = NULL; output_t eventlog_output; -void eventlog_output_ipbytes(unsigned int len, const unsigned char* data); void eventlog_usage() { @@ -210,6 +209,29 @@ void eventlog_extension(int ext, void* arg) } } +static void eventlog_output_ipbytes(size_t len, const uint8_t* data) +{ + + /* If there are 4 bytes, print them as an IPv4 address. */ + if (len == 4) { + fprintf(out, "%u.%u.%u.%u", data[0], data[1], data[2], data[3]); + } + + /* If there are 16 bytes, print them as an IPv6 address. */ + else if (len == 16) { + /* If there are 16 bytes, print them as an IPv6 address. */ + fprintf(out, "%x:%x:%x:%x:%x:%x:%x:%x", + ((unsigned int)data[0]) << 8 | data[1], + ((unsigned int)data[2]) << 8 | data[3], + ((unsigned int)data[4]) << 8 | data[5], + ((unsigned int)data[6]) << 8 | data[7], + ((unsigned int)data[8]) << 8 | data[9], + ((unsigned int)data[10]) << 8 | data[11], + ((unsigned int)data[12]) << 8 | data[13], + ((unsigned int)data[14]) << 8 | data[15]); + } +} + void eventlog_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, unsigned sport, unsigned dport, my_bpftimeval ts, const u_char* pkt_copy, unsigned olen, @@ -220,12 +242,17 @@ void eventlog_output(const char* descr, iaddr from, iaddr to, uint8_t proto, uns if (!(flags & DNSCAP_OUTPUT_ISDNS)) { return; } - ns_msg msg; - if (ns_initparse(payload, payloadlen, &msg) < 0) { + ldns_pkt* pkt; + if (ldns_wire2pkt(&pkt, payload, payloadlen) != LDNS_STATUS_OK) { if (tcpstate_getcurr && tcpstate_reset) tcpstate_reset(tcpstate_getcurr(), ""); return; } + ldns_buffer* buf = ldns_buffer_new(512); + if (!buf) { + logerr("out of memmory\n"); + exit(1); + } /* * Output the packet timestamp @@ -247,19 +274,27 @@ void eventlog_output(const char* descr, iaddr from, iaddr to, uint8_t proto, uns * Short output, only print QTYPE and QNAME for IN records */ if (opt_s) { - int qdcount, err = 0; - ns_rr rr; - qdcount = ns_msg_count(msg, ns_s_qd); - - if (qdcount > 0 && 0 == (err = ns_parserr(&msg, ns_s_qd, 0, &rr)) && ns_rr_class(rr) == 1) { - fprintf(out, "%s %s\n", - p_type(ns_rr_type(rr)), - ns_rr_name(rr)); - } - if (err < 0) { - if (tcpstate_getcurr && tcpstate_reset) - tcpstate_reset(tcpstate_getcurr(), ""); + ldns_rr_list* qds = ldns_pkt_question(pkt); + if (qds) { + ldns_rr* qd = ldns_rr_list_rr(qds, 0); + + if (qd && ldns_rr_get_class(qd) == LDNS_RR_CLASS_IN) { + if (ldns_rr_type2buffer_str(buf, ldns_rr_get_type(qd)) == LDNS_STATUS_OK) { + fprintf(out, "%s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR"); + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %.*s\n", (int)ldns_buffer_position(buf) - 1, (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR\n"); + } + } } + ldns_pkt_free(pkt); + ldns_buffer_free(buf); return; } @@ -280,74 +315,103 @@ void eventlog_output(const char* descr, iaddr from, iaddr to, uint8_t proto, uns break; } - int rrnum, qdcount, err = 0; - ns_rr rr; - char* delim; - /* * DNS Header */ - fprintf(out, " mid=%u", ns_msg_id(msg)); - fprintf(out, " op=%u", ns_msg_getflag(msg, ns_f_opcode)); + fprintf(out, " mid=%u", ldns_pkt_id(pkt)); + fprintf(out, " op=%u", ldns_pkt_get_opcode(pkt)); fprintf(out, " fl=|"); - if (ns_msg_getflag(msg, ns_f_qr)) + if (ldns_pkt_qr(pkt)) fprintf(out, "QR|"); - if (ns_msg_getflag(msg, ns_f_aa)) + if (ldns_pkt_aa(pkt)) fprintf(out, "AA|"); - if (ns_msg_getflag(msg, ns_f_tc)) + if (ldns_pkt_tc(pkt)) fprintf(out, "TC|"); - if (ns_msg_getflag(msg, ns_f_rd)) + if (ldns_pkt_rd(pkt)) fprintf(out, "RD|"); - if (ns_msg_getflag(msg, ns_f_ra)) + if (ldns_pkt_ra(pkt)) fprintf(out, "RA|"); - if (ns_msg_getflag(msg, ns_f_ad)) + if (ldns_pkt_ad(pkt)) fprintf(out, "AD|"); - if (ns_msg_getflag(msg, ns_f_cd)) + if (ldns_pkt_cd(pkt)) fprintf(out, "CD|"); - switch (ns_msg_getflag(msg, ns_f_rcode)) { - case ns_r_noerror: + switch (ldns_pkt_get_rcode(pkt)) { + case LDNS_RCODE_NOERROR: fprintf(out, " rc=OK"); break; - case ns_r_nxdomain: + case LDNS_RCODE_NXDOMAIN: fprintf(out, " rc=NXDOMAIN"); break; - case ns_r_servfail: + case LDNS_RCODE_SERVFAIL: fprintf(out, " rc=SRVFAIL"); break; default: - fprintf(out, " rc=%u", ns_msg_getflag(msg, ns_f_rcode)); + fprintf(out, " rc=%u", ldns_pkt_get_rcode(pkt)); break; } - qdcount = ns_msg_count(msg, ns_s_qd); - if (qdcount > 0 && 0 == (err = ns_parserr(&msg, ns_s_qd, 0, &rr))) { - fprintf(out, " cl=%s tp=%s name=%s", - p_class(ns_rr_class(rr)), - p_type(ns_rr_type(rr)), - ns_rr_name(rr)); - } - if (err < 0) { - fprintf(out, " **ERROR parsing response record**\n"); - if (tcpstate_getcurr && tcpstate_reset) - tcpstate_reset(tcpstate_getcurr(), ""); - return; + ldns_rr_list* qds = ldns_pkt_question(pkt); + ldns_rr* qd; + if (qds && (qd = ldns_rr_list_rr(qds, 0))) { + if (ldns_rr_class2buffer_str(buf, ldns_rr_get_class(qd)) == LDNS_STATUS_OK) { + fprintf(out, " cl=%s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " **ERROR parsing response record**\n"); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } + + ldns_buffer_clear(buf); + if (ldns_rr_type2buffer_str(buf, ldns_rr_get_type(qd)) == LDNS_STATUS_OK) { + fprintf(out, " tp=%s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " **ERROR parsing response record**\n"); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + fprintf(out, " name=%.*s\n", (int)ldns_buffer_position(buf) - 1, (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " **ERROR parsing response record**\n"); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } } /* output the query answers */ - delim = " ans="; - for (rrnum = 0; rrnum < ns_msg_count(msg, ns_s_an); rrnum++) { - if (0 == (err = ns_parserr(&msg, ns_s_an, rrnum, &rr))) { - /* If the answer is an IP address, output it. */ - if ((0 == strncmp(p_type(ns_rr_type(rr)), "A", 2)) || (0 == strncmp(p_type(ns_rr_type(rr)), "AAAA", 5))) { - fprintf(out, "%s", delim); - delim = ","; - eventlog_output_ipbytes(ns_rr_rdlen(rr), ns_rr_rdata(rr)); + ldns_rr_list* ans = ldns_pkt_answer(pkt); + if (ans) { + const char* delim = " ans="; + size_t i, n; + for (i = 0, n = ldns_rr_list_rr_count(ans); i < n; i++) { + ldns_rr* rr = ldns_rr_list_rr(ans, i); + + if (rr) { + switch (ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_A: + case LDNS_RR_TYPE_AAAA: { + ldns_rdf* rdf = ldns_rr_rdf(rr, 0); + if (rdf) { + fprintf(out, "%s", delim); + delim = ","; + eventlog_output_ipbytes(ldns_rdf_size(rdf), ldns_rdf_data(rdf)); + continue; + } + break; + } + default: + continue; + } } - } - if (err < 0) { + fprintf(out, " **ERROR parsing response record**\n"); - if (tcpstate_getcurr && tcpstate_reset) - tcpstate_reset(tcpstate_getcurr(), ""); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); return; } } @@ -356,27 +420,6 @@ void eventlog_output(const char* descr, iaddr from, iaddr to, uint8_t proto, uns * Done */ fprintf(out, "\n"); -} - -void eventlog_output_ipbytes(unsigned int len, const unsigned char* data) -{ - - /* If there are 4 bytes, print them as an IPv4 address. */ - if (len == 4) { - fprintf(out, "%u.%u.%u.%u", data[0], data[1], data[2], data[3]); - } - - /* If there are 16 bytes, print them as an IPv6 address. */ - else if (len == 16) { - /* If there are 16 bytes, print them as an IPv6 address. */ - fprintf(out, "%x:%x:%x:%x:%x:%x:%x:%x", - ((unsigned int)data[0]) << 8 | data[1], - ((unsigned int)data[2]) << 8 | data[3], - ((unsigned int)data[4]) << 8 | data[5], - ((unsigned int)data[6]) << 8 | data[7], - ((unsigned int)data[8]) << 8 | data[9], - ((unsigned int)data[10]) << 8 | data[11], - ((unsigned int)data[12]) << 8 | data[13], - ((unsigned int)data[14]) << 8 | data[15]); - } + ldns_pkt_free(pkt); + ldns_buffer_free(buf); } diff --git a/plugins/ipcrypt/test2.gold b/plugins/ipcrypt/test2.gold index afeadf6..728ac5b 100644 --- a/plugins/ipcrypt/test2.gold +++ b/plugins/ipcrypt/test2.gold @@ -2,38 +2,32 @@ [150a:8a55:31dc:6eac:cbc:bc41:5a09:3606].51972 [830c:987b:b17f:8b55:cbc:bc41:6b7c:2e56].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [830c:987b:b17f:8b55:cbc:bc41:6b7c:2e56].53 [150a:8a55:31dc:6eac:cbc:bc41:5a09:3606].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [150a:8a55:31dc:6eac:cbc:bc41:5a09:3606].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::8888].53 [150a:8a55:31dc:6eac:cbc:bc41:5a09:3606].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0:0:57::245].51972 [830c:987b:b17f:8b55:cbc:bc41:6b7c:2e56].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [830c:987b:b17f:8b55:cbc:bc41:6b7c:2e56].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/ipcrypt/test3.gold b/plugins/ipcrypt/test3.gold index d910b76..e1bf6a4 100644 --- a/plugins/ipcrypt/test3.gold +++ b/plugins/ipcrypt/test3.gold @@ -716,12 +716,10 @@ [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \ [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/royparse/royparse.c b/plugins/royparse/royparse.c index 2c46a63..1c2e243 100644 --- a/plugins/royparse/royparse.c +++ b/plugins/royparse/royparse.c @@ -48,6 +48,7 @@ #include #include #include +#include static logerr_t* logerr; static char* opt_q = 0; @@ -175,49 +176,54 @@ void royparse_output(const char* descr, iaddr from, iaddr to, uint8_t proto, uns const u_char* payload, unsigned payloadlen) { if (flags & DNSCAP_OUTPUT_ISDNS) { - int rrmax; - ns_msg msg; - ns_rr rr; - if (ns_initparse(payload, payloadlen, &msg) < 0) { + ldns_buffer* buf = ldns_buffer_new(512); + if (!buf) { + logerr("out of memmory\n"); + exit(1); + } + + ldns_pkt* pkt; + if (ldns_wire2pkt(&pkt, payload, payloadlen) != LDNS_STATUS_OK) { fprintf(r_out, "ERR\n"); + ldns_buffer_free(buf); return; } - if (ns_msg_getflag(msg, ns_f_qr) != 0 && sport == 53) { - fprintf(r_out, "%cD_", ns_msg_getflag(msg, ns_f_rd) ? 'R' : 'N'); + if (ldns_pkt_qr(pkt) && sport == 53) { + fprintf(r_out, "%cD_", ldns_pkt_rd(pkt) ? 'R' : 'N'); - switch (ns_msg_getflag(msg, ns_f_opcode)) { - case ns_o_query: + switch (ldns_pkt_get_opcode(pkt)) { + case LDNS_PACKET_QUERY: fprintf(r_out, "QUERY"); break; - case ns_o_notify: + case LDNS_PACKET_NOTIFY: fprintf(r_out, "NOTIFY"); break; - case ns_o_update: + case LDNS_PACKET_UPDATE: fprintf(r_out, "UPDATE"); break; default: fprintf(r_out, "ELSE"); } - fprintf(r_out, "_%u_%cA_", ns_msg_count(msg, ns_s_an) ? 1 : 0, ns_msg_getflag(msg, ns_f_aa) ? 'A' : 'N'); + fprintf(r_out, "_%u_%cA_", ldns_pkt_ancount(pkt) ? 1 : 0, ldns_pkt_aa(pkt) ? 'A' : 'N'); - switch (ns_msg_getflag(msg, ns_f_rcode)) { - case ns_r_noerror: + switch (ldns_pkt_get_rcode(pkt)) { + case LDNS_RCODE_NOERROR: fprintf(r_out, "NOERROR"); break; - case ns_r_formerr: + case LDNS_RCODE_FORMERR: fprintf(r_out, "FORMERR"); break; - case ns_r_nxdomain: + case LDNS_RCODE_NXDOMAIN: fprintf(r_out, "NXDOMAIN"); break; - case ns_r_notimpl: + case LDNS_RCODE_NOTIMPL: fprintf(r_out, "NOTIMP"); break; - case ns_r_refused: + case LDNS_RCODE_REFUSED: fprintf(r_out, "REFUSED"); break; - case ns_r_notauth: + case LDNS_RCODE_NOTAUTH: fprintf(r_out, "NOTAUTH"); break; default: @@ -226,39 +232,41 @@ void royparse_output(const char* descr, iaddr from, iaddr to, uint8_t proto, uns fprintf(r_out, " %s,", royparse_ia_str(to)); - if (ns_msg_count(msg, ns_s_qd) > 0) { - if (ns_parserr(&msg, ns_s_qd, 0, &rr) == 0) { - royparse_normalize(ns_rr_name(rr)); - fprintf(r_out, "%s%s,%u", ns_rr_name(rr), (ns_rr_name(rr)[0] == '.') ? "" : ".", ns_rr_type(rr)); - } else + ldns_rr_list* qds = ldns_pkt_question(pkt); + ldns_rr* qd; + if (qds && (qd = ldns_rr_list_rr(qds, 0))) { + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + royparse_normalize((char*)ldns_buffer_begin(buf)); + fprintf(r_out, "%.*s%s,%u", (int)ldns_buffer_position(buf) - 1, (char*)ldns_buffer_begin(buf), + ((char*)ldns_buffer_begin(buf))[0] == '.' ? "" : ".", + ldns_rr_get_type(qd)); + } else { fprintf(r_out, "ERR,ERR"); + } } else fprintf(r_out, ","); - fprintf(r_out, ",%ld,%s%s%s%s", (long)ns_msg_size(msg), ns_msg_id(msg) < 256 ? "-L" : "", - ns_msg_getflag(msg, ns_f_tc) ? "-TC" : "", - ns_msg_getflag(msg, ns_f_ad) ? "-AD" : "", - ns_msg_getflag(msg, ns_f_cd) ? "-CD" : ""); - rrmax = ns_msg_count(msg, ns_s_ar); - - while (rrmax > 0) { - rrmax--; - if (ns_parserr(&msg, ns_s_ar, rrmax, &rr) == 0) { - if (ns_rr_type(rr) == ns_t_opt) { - fprintf(r_out, "-%c", (u_long)ns_rr_ttl(rr) & NS_OPT_DNSSEC_OK ? 'D' : 'E'); - break; - } - } + fprintf(r_out, ",%zu,%s%s%s%s", ldns_pkt_size(pkt), ldns_pkt_id(pkt) < 256 ? "-L" : "", + ldns_pkt_tc(pkt) ? "-TC" : "", + ldns_pkt_ad(pkt) ? "-AD" : "", + ldns_pkt_cd(pkt) ? "-CD" : ""); + if (ldns_pkt_edns(pkt)) { + fprintf(r_out, "-%c", ldns_pkt_edns_do(pkt) ? 'D' : 'E'); } fprintf(r_out, "\n"); - } else if (opt_q != 0 && ns_msg_getflag(msg, ns_f_qr) == 0 && dport == 53) { + } else if (opt_q != 0 && !ldns_pkt_qr(pkt) && dport == 53) { struct pcap_pkthdr h; - if (flags & DNSCAP_OUTPUT_ISLAYER) + if (flags & DNSCAP_OUTPUT_ISLAYER) { + ldns_pkt_free(pkt); + ldns_buffer_free(buf); return; + } memset(&h, 0, sizeof h); h.ts = ts; h.len = h.caplen = olen; pcap_dump((u_char*)q_out, &h, pkt_copy); } + ldns_pkt_free(pkt); + ldns_buffer_free(buf); } } diff --git a/plugins/rssm/Makefile.am b/plugins/rssm/Makefile.am index 5be8ea5..08e4429 100644 --- a/plugins/rssm/Makefile.am +++ b/plugins/rssm/Makefile.am @@ -5,14 +5,14 @@ CLEANFILES = $(srcdir)/hashtbl.c \ AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ - $(SECCOMPFLAGS) + $(SECCOMPFLAGS) \ + $(libldns_CFLAGS) -if HAVE_LDNS pkglib_LTLIBRARIES = rssm.la rssm_la_SOURCES = rssm.c nodist_rssm_la_SOURCES = hashtbl.c BUILT_SOURCES = hashtbl.c -rssm_la_LDFLAGS = -module -avoid-version +rssm_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh test2.sh test3.sh test4.sh test5.sh EXTRA_DIST = $(TESTS) test1.gold test2.gold dnscap-rssm-rssac002.1.in \ test3.gold test5.gold @@ -28,7 +28,6 @@ gcov-local: gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ done endif -endif hashtbl.c: $(top_srcdir)/src/hashtbl.c cp $(top_srcdir)/src/hashtbl.c ./ diff --git a/plugins/rzkeychange/Makefile.am b/plugins/rzkeychange/Makefile.am index 4655a64..869eba6 100644 --- a/plugins/rzkeychange/Makefile.am +++ b/plugins/rzkeychange/Makefile.am @@ -4,12 +4,12 @@ CLEANFILES = *.gcda *.gcno *.gcov AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ - $(SECCOMPFLAGS) + $(SECCOMPFLAGS) \ + $(libldns_CFLAGS) -if HAVE_LDNS pkglib_LTLIBRARIES = rzkeychange.la rzkeychange_la_SOURCES = rzkeychange.c -rzkeychange_la_LDFLAGS = -module -avoid-version $(LIBRARY_VERSION) +rzkeychange_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) @@ -21,4 +21,3 @@ gcov-local: gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ done endif -endif diff --git a/plugins/txtout/Makefile.am b/plugins/txtout/Makefile.am index c544124..c802b92 100644 --- a/plugins/txtout/Makefile.am +++ b/plugins/txtout/Makefile.am @@ -4,11 +4,11 @@ CLEANFILES = *.gcda *.gcno *.gcov AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir)/src \ -I$(top_srcdir)/isc \ - $(SECCOMPFLAGS) + $(SECCOMPFLAGS) $(libldns_CFLAGS) pkglib_LTLIBRARIES = txtout.la txtout_la_SOURCES = txtout.c -txtout_la_LDFLAGS = -module -avoid-version +txtout_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) TESTS = test1.sh EXTRA_DIST = $(TESTS) diff --git a/plugins/txtout/txtout.c b/plugins/txtout/txtout.c index e5d3d5f..abf57f2 100644 --- a/plugins/txtout/txtout.c +++ b/plugins/txtout/txtout.c @@ -44,6 +44,7 @@ #include #include #include +#include #include "dnscap_common.h" @@ -177,25 +178,41 @@ void txtout_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsig */ if (opt_s) { if (flags & DNSCAP_OUTPUT_ISDNS) { - ns_msg msg; - int qdcount, err = 0; - ns_rr rr; - if (ns_initparse(payload, payloadlen, &msg) < 0) { + ldns_pkt* pkt; + + if (ldns_wire2pkt(&pkt, payload, payloadlen) < 0) { if (tcpstate_getcurr && tcpstate_reset) tcpstate_reset(tcpstate_getcurr(), ""); return; } - qdcount = ns_msg_count(msg, ns_s_qd); - if (qdcount > 0 && 0 == (err = ns_parserr(&msg, ns_s_qd, 0, &rr)) && ns_rr_class(rr) == 1) { - fprintf(out, "%s %s\n", - p_type(ns_rr_type(rr)), - ns_rr_name(rr)); - } - if (err < 0) { - if (tcpstate_getcurr && tcpstate_reset) - tcpstate_reset(tcpstate_getcurr(), ""); + ldns_rr_list* qds = ldns_pkt_question(pkt); + if (qds) { + ldns_rr* qd = ldns_rr_list_rr(qds, 0); + + if (qd && ldns_rr_get_class(qd) == LDNS_RR_CLASS_IN) { + ldns_buffer* buf = ldns_buffer_new(512); + if (!buf) { + logerr("out of memmory\n"); + exit(1); + } + + if (ldns_rr_type2buffer_str(buf, ldns_rr_get_type(qd)) == LDNS_STATUS_OK) { + fprintf(out, "%s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR"); + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %.*s\n", (int)ldns_buffer_position(buf) - 1, (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR\n"); + } + ldns_buffer_free(buf); + } } + ldns_pkt_free(pkt); } return; } @@ -209,10 +226,9 @@ void txtout_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsig fprintf(out, " %hhu", proto); if (flags & DNSCAP_OUTPUT_ISDNS) { - ns_msg msg; - int qdcount, err = 0; - ns_rr rr; - if (ns_initparse(payload, payloadlen, &msg) < 0) { + ldns_pkt* pkt; + + if (ldns_wire2pkt(&pkt, payload, payloadlen) != LDNS_STATUS_OK) { if (tcpstate_getcurr && tcpstate_reset) tcpstate_reset(tcpstate_getcurr(), ""); fprintf(out, "\n"); @@ -222,36 +238,59 @@ void txtout_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsig /* * DNS Header */ - fprintf(out, " %u", ns_msg_id(msg)); - fprintf(out, " %u", ns_msg_getflag(msg, ns_f_opcode)); - fprintf(out, " %u", ns_msg_getflag(msg, ns_f_rcode)); + fprintf(out, " %u", ldns_pkt_id(pkt)); + fprintf(out, " %u", ldns_pkt_get_opcode(pkt)); + fprintf(out, " %u", ldns_pkt_get_rcode(pkt)); fprintf(out, " |"); - if (ns_msg_getflag(msg, ns_f_qr)) + if (ldns_pkt_qr(pkt)) fprintf(out, "QR|"); - if (ns_msg_getflag(msg, ns_f_aa)) + if (ldns_pkt_aa(pkt)) fprintf(out, "AA|"); - if (ns_msg_getflag(msg, ns_f_tc)) + if (ldns_pkt_tc(pkt)) fprintf(out, "TC|"); - if (ns_msg_getflag(msg, ns_f_rd)) + if (ldns_pkt_rd(pkt)) fprintf(out, "RD|"); - if (ns_msg_getflag(msg, ns_f_ra)) + if (ldns_pkt_ra(pkt)) fprintf(out, "RA|"); - if (ns_msg_getflag(msg, ns_f_ad)) + if (ldns_pkt_ad(pkt)) fprintf(out, "AD|"); - if (ns_msg_getflag(msg, ns_f_cd)) + if (ldns_pkt_cd(pkt)) fprintf(out, "CD|"); - qdcount = ns_msg_count(msg, ns_s_qd); - if (qdcount > 0 && 0 == (err = ns_parserr(&msg, ns_s_qd, 0, &rr))) { - fprintf(out, " %s %s %s", - p_class(ns_rr_class(rr)), - p_type(ns_rr_type(rr)), - ns_rr_name(rr)); - } - if (err < 0) { - if (tcpstate_getcurr && tcpstate_reset) - tcpstate_reset(tcpstate_getcurr(), ""); + ldns_rr_list* qds = ldns_pkt_question(pkt); + if (qds) { + ldns_rr* qd = ldns_rr_list_rr(qds, 0); + + if (qd) { + ldns_buffer* buf = ldns_buffer_new(512); + if (!buf) { + logerr("out of memmory\n"); + exit(1); + } + + if (ldns_rr_class2buffer_str(buf, ldns_rr_get_class(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " ERR"); + } + + ldns_buffer_clear(buf); + if (ldns_rr_type2buffer_str(buf, ldns_rr_get_type(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " ERR"); + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %.*s", (int)ldns_buffer_position(buf) - 1, (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR"); + } + ldns_buffer_free(buf); + } } + ldns_pkt_free(pkt); } /* * Done diff --git a/src/Makefile.am b/src/Makefile.am index 8f1390f..fef2391 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -7,7 +7,8 @@ AM_CFLAGS = -I$(srcdir) \ -I$(top_srcdir) \ $(SECCOMPFLAGS) \ $(PTHREAD_CFLAGS) \ - $(libcrypto_CFLAGS) + $(libcrypto_CFLAGS) \ + $(libldns_CFLAGS) EXTRA_DIST = dnscap.1.in @@ -21,7 +22,7 @@ dist_dnscap_SOURCES = args.h bpft.h daemon.h dnscap_common.h dnscap.h \ dump_cbor.h dump_cds.h dump_dns.h dumper.h endpoint.h hashtbl.h iaddr.h \ log.h network.h options.h pcaps.h sig.h tcpstate.h tcpreasm.h memzero.h \ pcap-thread/pcap_thread.h pcap-thread/pcap_thread_ext_frag.h -dnscap_LDADD = $(PTHREAD_LIBS) $(libcrypto_LIBS) +dnscap_LDADD = $(PTHREAD_LIBS) $(libcrypto_LIBS) $(libldns_LIBS) man1_MANS = dnscap.1 diff --git a/src/args.c b/src/args.c index 3d8b81e..23a0735 100644 --- a/src/args.c +++ b/src/args.c @@ -527,9 +527,7 @@ void parse_args(int argc, char* argv[]) break; case 'x': /* FALLTHROUGH */ - case 'X': -#if HAVE_NS_INITPARSE && HAVE_NS_PARSERR && HAVE_NS_SPRINTRR - { + case 'X': { int i; myregex_ptr myregex = calloc(1, sizeof *myregex); assert(myregex != NULL); @@ -543,18 +541,7 @@ void parse_args(int argc, char* argv[]) } myregex->not = (ch == 'X'); APPEND(myregexes, myregex, link); - } -#else - /* - * -x and -X options require libbind because - * the code calls ns_initparse(), ns_parserr(), - * and ns_sprintrr() - */ - fprintf(stderr, "%s must be compiled with libbind to use the -x or -X option.\n", - ProgramName); - exit(1); -#endif - break; + } break; case 'B': { struct tm tm; memset(&tm, '\0', sizeof(tm)); @@ -815,12 +802,8 @@ void parse_args(int argc, char* argv[]) } if (options.reassemble_tcp_bfbparsedns) { -#if HAVE_NS_INITPARSE if (!options.reassemble_tcp) { usage("can't do byte for byte parsing of DNS without reassemble_tcp=yes"); } -#else - usage("not compiled with libbind, needed for reassemble_tcp_bfbparsedns=yes"); -#endif } } diff --git a/src/dnscap.c b/src/dnscap.c index b1c4bef..9eef7ee 100644 --- a/src/dnscap.c +++ b/src/dnscap.c @@ -133,7 +133,6 @@ int main(int argc, char* argv[]) #endif #endif - res_init(); parse_args(argc, argv); gettimeofday(&now, 0); if (!only_offline_pcaps && start_time) { diff --git a/src/dnscap.h b/src/dnscap.h index 440657f..82cd1d2 100644 --- a/src/dnscap.h +++ b/src/dnscap.h @@ -127,7 +127,6 @@ #include #include #include -#include #include #include #include @@ -168,12 +167,12 @@ #define ERR_TRUNC 0x0001 #define ERR_RCODE_BASE 0x0002 -#define ERR_NO (ERR_RCODE_BASE << ns_r_noerror) -#define ERR_FORMERR (ERR_RCODE_BASE << ns_r_formerr) -#define ERR_SERVFAIL (ERR_RCODE_BASE << ns_r_servfail) -#define ERR_NXDOMAIN (ERR_RCODE_BASE << ns_r_nxdomain) -#define ERR_NOTIMPL (ERR_RCODE_BASE << ns_r_notimpl) -#define ERR_REFUSED (ERR_RCODE_BASE << ns_r_refused) +#define ERR_NO (ERR_RCODE_BASE << 0) +#define ERR_FORMERR (ERR_RCODE_BASE << 1) +#define ERR_SERVFAIL (ERR_RCODE_BASE << 2) +#define ERR_NXDOMAIN (ERR_RCODE_BASE << 3) +#define ERR_NOTIMPL (ERR_RCODE_BASE << 4) +#define ERR_REFUSED (ERR_RCODE_BASE << 5) #define ERR_YES (0xffffffff & ~ERR_NO) #define END_INITIATOR 0x0001 diff --git a/src/dump_dns.c b/src/dump_dns.c index f040c33..2c298d0 100644 --- a/src/dump_dns.c +++ b/src/dump_dns.c @@ -41,357 +41,287 @@ #include "dnscap_common.h" -#include -#include #include "dump_dns.h" #include "network.h" #include "tcpstate.h" -#if HAVE_NS_INITPARSE && HAVE_NS_PARSERR && HAVE_NS_NAME_UNCOMPRESS && HAVE_P_RCODE - -#ifdef __linux__ -#define _GNU_SOURCE -#ifndef __USE_POSIX199309 -#define __USE_POSIX199309 +#include +#ifdef HAVE_ENDIAN_H +#include +#else +#ifdef HAVE_SYS_ENDIAN_H +#include +#else +#ifdef HAVE_MACHINE_ENDIAN_H +#include #endif #endif - -#ifdef __SVR4 -#define u_int32_t uint32_t -#define u_int16_t uint16_t #endif +#include -#include +static inline uint32_t _need16(const void* ptr) +{ + uint16_t v; + memcpy(&v, ptr, sizeof(v)); + return be16toh(v); +} -#include -#include -#include -#if HAVE_ARPA_NAMESER_COMPAT_H -#include -#endif +static void dump_dns_rr(ldns_rr* rr, FILE* trace, ldns_buffer* lbuf, bool qsect) +{ + size_t rdlen, i; + ldns_rdf* rdf; -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef p_rcode -#undef p_rcode -#endif -#define p_rcode __p_rcode -extern const char* p_rcode(int rcode); - -static const char* p_opcode(int opcode); -static void dump_dns_sect(ns_msg*, ns_sect, FILE*, const char*); -static void dump_dns_rr(ns_msg*, ns_rr*, ns_sect, FILE*); - -#define MY_GET16(s, cp) \ - do { \ - register const u_char* t_cp = (const u_char*)(cp); \ - (s) = ((u_int16_t)t_cp[0] << 8) \ - | ((u_int16_t)t_cp[1]); \ - (cp) += NS_INT16SZ; \ - } while (0) - -#define MY_GET32(l, cp) \ - do { \ - register const u_char* t_cp = (const u_char*)(cp); \ - (l) = ((u_int32_t)t_cp[0] << 24) \ - | ((u_int32_t)t_cp[1] << 16) \ - | ((u_int32_t)t_cp[2] << 8) \ - | ((u_int32_t)t_cp[3]); \ - (cp) += NS_INT32SZ; \ - } while (0) + // owner + ldns_buffer_clear(lbuf); + if (ldns_rdf2buffer_str(lbuf, ldns_rr_owner(rr)) != LDNS_STATUS_OK) { + goto error; + } + fprintf(trace, "%.*s", (int)ldns_buffer_position(lbuf) - 1, (char*)ldns_buffer_begin(lbuf)); -#include "dump_dns.h" + // class + ldns_buffer_clear(lbuf); + if (ldns_rr_class2buffer_str(lbuf, ldns_rr_get_class(rr)) != LDNS_STATUS_OK) { + goto error; + } + fprintf(trace, ",%s", (char*)ldns_buffer_begin(lbuf)); -void dump_dns(const u_char* payload, size_t paylen, - FILE* trace, const char* endline) -{ - u_int opcode, rcode, id; - const char* sep; - ns_msg msg; - tcpstate_ptr tcpstate; + // type + ldns_buffer_clear(lbuf); + if (ldns_rr_type2buffer_str(lbuf, ldns_rr_get_type(rr)) != LDNS_STATUS_OK) { + goto error; + } + fprintf(trace, ",%s", (char*)ldns_buffer_begin(lbuf)); - fprintf(trace, " %sdns ", endline); - if (ns_initparse(payload, paylen, &msg) < 0) { - /* DNS message may have padding, try get actual size */ - if (errno == EMSGSIZE) { - size_t dnslen = calcdnslen(payload, paylen); - if (dnslen > 0 && dnslen < paylen && ns_initparse(payload, dnslen, &msg) < 0) { - fputs(strerror(errno), trace); - if ((tcpstate = tcpstate_getcurr())) - tcpstate_reset(tcpstate, strerror(errno)); - return; + if (qsect) + return; + + fprintf(trace, ",%u", ldns_rr_ttl(rr)); + switch (ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_SOA: + for (i = 0; i < 2; i++) { + if (!(rdf = ldns_rr_rdf(rr, i))) { + goto error; } - } else { - fputs(strerror(errno), trace); - if ((tcpstate = tcpstate_getcurr())) - tcpstate_reset(tcpstate, strerror(errno)); - return; + ldns_buffer_clear(lbuf); + if (ldns_rdf2buffer_str(lbuf, rdf) != LDNS_STATUS_OK) { + goto error; + } + fprintf(trace, ",%.*s", (int)ldns_buffer_position(lbuf) - 1, (char*)ldns_buffer_begin(lbuf)); + } + for (; i < 7; i++) { + if (!(rdf = ldns_rr_rdf(rr, i))) { + goto error; + } + ldns_buffer_clear(lbuf); + if (ldns_rdf2buffer_str(lbuf, rdf) != LDNS_STATUS_OK) { + goto error; + } + fprintf(trace, ",%s", (char*)ldns_buffer_begin(lbuf)); } + break; + + case LDNS_RR_TYPE_A: + case LDNS_RR_TYPE_AAAA: + case LDNS_RR_TYPE_MX: + if (!(rdf = ldns_rr_rdf(rr, 0))) { + goto error; + } + ldns_buffer_clear(lbuf); + if (ldns_rdf2buffer_str(lbuf, rdf) != LDNS_STATUS_OK) { + goto error; + } + fprintf(trace, ",%s", (char*)ldns_buffer_begin(lbuf)); + break; + + case LDNS_RR_TYPE_NS: + case LDNS_RR_TYPE_PTR: + case LDNS_RR_TYPE_CNAME: + if (!(rdf = ldns_rr_rdf(rr, 0))) { + goto error; + } + ldns_buffer_clear(lbuf); + if (ldns_rdf2buffer_str(lbuf, rdf) != LDNS_STATUS_OK) { + goto error; + } + fprintf(trace, ",%.*s", (int)ldns_buffer_position(lbuf) - 1, (char*)ldns_buffer_begin(lbuf)); + break; + + default: + goto error; } - opcode = ns_msg_getflag(msg, ns_f_opcode); - rcode = ns_msg_getflag(msg, ns_f_rcode); - id = ns_msg_id(msg); - fprintf(trace, "%s,%s,%u", p_opcode(opcode), p_rcode(rcode), id); - sep = ","; -#define FLAG(t, f) \ - if (ns_msg_getflag(msg, f)) { \ - fprintf(trace, "%s%s", sep, t); \ - sep = "|"; \ + return; + +error: + for (rdlen = 0, i = 0, rdf = ldns_rr_rdf(rr, i); rdf; rdf = ldns_rr_rdf(rr, ++i)) { + rdlen += ldns_rdf_size(rdf); } - FLAG("qr", ns_f_qr); - FLAG("aa", ns_f_aa); - FLAG("tc", ns_f_tc); - FLAG("rd", ns_f_rd); - FLAG("ra", ns_f_ra); - FLAG("z", ns_f_z); - FLAG("ad", ns_f_ad); - FLAG("cd", ns_f_cd); -#undef FLAG - dump_dns_sect(&msg, ns_s_qd, trace, endline); - dump_dns_sect(&msg, ns_s_an, trace, endline); - dump_dns_sect(&msg, ns_s_ns, trace, endline); - dump_dns_sect(&msg, ns_s_ar, trace, endline); + fprintf(trace, ",[%zu]", rdlen); } -static void -dump_dns_sect(ns_msg* msg, ns_sect sect, FILE* trace, const char* endline) +static void dump_dns_sect(ldns_rr_list* rrs, FILE* trace, const char* endline, ldns_buffer* lbuf, bool qsect, bool ansect, ldns_pkt* pkt) { - int rrnum, rrmax; - const char* sep; - ns_rr rr; - tcpstate_ptr tcpstate; + size_t rrnum, rrmax; + const char* sep; + + if (ansect && ldns_pkt_edns(pkt)) { + rrmax = ldns_rr_list_rr_count(rrs); + fprintf(trace, " %s%zu", endline, rrmax + 1); + sep = ""; + for (rrnum = 0; rrnum < rrmax; rrnum++) { + fprintf(trace, " %s", sep); + dump_dns_rr(ldns_rr_list_rr(rrs, rrnum), trace, lbuf, qsect); + sep = endline; + } + ldns_rdf* edns_data = ldns_pkt_edns_data(pkt); + fprintf(trace, " %s.,%u,%u,0,edns0[len=%zu,UDP=%u,ver=%u,rcode=%u,DO=%u,z=%u]", + sep, ldns_pkt_edns_udp_size(pkt), ldns_pkt_edns_udp_size(pkt), + edns_data ? ldns_rdf_size(edns_data) : 0, + ldns_pkt_edns_udp_size(pkt), + ldns_pkt_edns_version(pkt), + ldns_pkt_edns_extended_rcode(pkt), + ldns_pkt_edns_do(pkt) ? 1 : 0, + ldns_pkt_edns_z(pkt)); + if (edns_data) { + size_t len = ldns_rdf_size(edns_data); + uint8_t* d = ldns_rdf_data(edns_data); + + while (len >= 4) { + uint16_t opcode = _need16(d); + uint16_t oplen = _need16(d + 2); + len -= 4; + d += 4; + + if (oplen > len) { + break; + } + switch (opcode) { + case 8: { + if (oplen >= 4) { + uint16_t family = _need16(d); + uint8_t source_prefix_len = *(d + 2), scope_prefix_len = *(d + 3); + char addr[(INET_ADDRSTRLEN < INET6_ADDRSTRLEN ? INET6_ADDRSTRLEN : INET_ADDRSTRLEN) + 1] = { 0 }; + struct in_addr in4 = { .s_addr = INADDR_ANY }; + struct in6_addr in6 = IN6ADDR_ANY_INIT; + void* in = 0; + int af; + + switch (family) { + case 1: { + memcpy(&in4.s_addr, d + 4, oplen - 4 > sizeof(in4.s_addr) ? sizeof(in4.s_addr) : oplen - 4); + in = &in4; + af = AF_INET; + break; + } + case 2: { + memcpy(&in6.s6_addr, d + 4, oplen - 4 > sizeof(in6.s6_addr) ? sizeof(in6.s6_addr) : oplen - 4); + in = &in6; + af = AF_INET6; + break; + } + default: + break; + } + + if (!in || !inet_ntop(af, in, addr, sizeof(addr) - 1)) { + strncpy(addr, "invalid", sizeof(addr) - 1); + } + + fprintf(trace, ",edns0opt[ECS,family=%u,source=%u,scope=%u,addr=%s]", + family, source_prefix_len, scope_prefix_len, addr); + break; + } + } - rrmax = ns_msg_count(*msg, sect); + default: + fprintf(trace, ",edns0opt[code=%u,codelen=%u]", opcode, oplen); + break; + } + + len -= oplen; + d += oplen; + } + } + return; + } + + rrmax = ldns_rr_list_rr_count(rrs); if (rrmax == 0) { fputs(" 0", trace); return; } - fprintf(trace, " %s%d", endline, rrmax); + fprintf(trace, " %s%zu", endline, rrmax); sep = ""; for (rrnum = 0; rrnum < rrmax; rrnum++) { - if (ns_parserr(msg, sect, rrnum, &rr)) { - fprintf(trace, " %s", strerror(errno)); - if ((tcpstate = tcpstate_getcurr())) - tcpstate_reset(tcpstate, strerror(errno)); - return; - } fprintf(trace, " %s", sep); - dump_dns_rr(msg, &rr, sect, trace); + dump_dns_rr(ldns_rr_list_rr(rrs, rrnum), trace, lbuf, qsect); sep = endline; } } -static void -dump_dns_rr(ns_msg* msg, ns_rr* rr, ns_sect sect, FILE* trace) +void dump_dns(const u_char* payload, size_t paylen, FILE* trace, const char* endline) { - char buf[NS_MAXDNAME]; - u_int class, type; - const u_char* rd; - u_int32_t soa[5]; - u_int16_t mx; - int n; - - memset(buf, 0, sizeof(buf)); - class = ns_rr_class(*rr); - type = ns_rr_type(*rr); - fprintf(trace, "%s,%s,%s", - ns_rr_name(*rr), - p_class(class), - p_type(type)); - if (sect == ns_s_qd) - return; - fprintf(trace, ",%lu", (u_long)ns_rr_ttl(*rr)); - rd = ns_rr_rdata(*rr); - switch (type) { - case ns_t_soa: - n = ns_name_uncompress(ns_msg_base(*msg), ns_msg_end(*msg), - rd, buf, sizeof buf); - if (n < 0) - goto error; - putc(',', trace); - fputs(buf, trace); - rd += n; - n = ns_name_uncompress(ns_msg_base(*msg), ns_msg_end(*msg), - rd, buf, sizeof buf); - if (n < 0) - goto error; - putc(',', trace); - fputs(buf, trace); - rd += n; - if (ns_msg_end(*msg) - rd < 5 * NS_INT32SZ) - goto error; - for (n = 0; n < 5; n++) - MY_GET32(soa[n], rd); - snprintf(buf, sizeof(buf), "%u,%u,%u,%u,%u", - soa[0], soa[1], soa[2], soa[3], soa[4]); - break; - case ns_t_a: - if (ns_msg_end(*msg) - rd < 4) - goto error; - inet_ntop(AF_INET, rd, buf, sizeof buf); - break; - case ns_t_aaaa: - if (ns_msg_end(*msg) - rd < 16) - goto error; - inet_ntop(AF_INET6, rd, buf, sizeof buf); - break; - case ns_t_mx: - if (ns_msg_end(*msg) - rd < 2) - goto error; - MY_GET16(mx, rd); - fprintf(trace, ",%u", mx); - /* FALLTHROUGH */ - case ns_t_ns: - case ns_t_ptr: - case ns_t_cname: - n = ns_name_uncompress(ns_msg_base(*msg), ns_msg_end(*msg), - rd, buf, sizeof buf); - if (n < 0) - goto error; - break; - /* - * GGM 2014/09/04 deal with edns0 a bit more clearly - */ - case ns_t_opt: { - u_long edns0csize; - u_short edns0version; - u_short edns0rcode; - u_char edns0dobit; - u_char edns0z; - - /* class encodes client UDP size accepted */ - edns0csize = (u_long)(class); - - /* - * the first two bytes of ttl encode edns0 version, and the extended rcode - */ - edns0version = ((u_long)ns_rr_ttl(*rr) & 0x00ff0000) >> 16; - edns0rcode = ((u_long)ns_rr_ttl(*rr) & 0xff000000) >> 24; - - /* - * the next two bytes of ttl encode DO bit as the top bit, and the remainder is the 'z' value - */ - edns0dobit = (u_long)ns_rr_ttl(*rr) & 0x8000 ? '1' : '0'; - edns0z = (u_long)ns_rr_ttl(*rr) & 0x7fff; - - /* optlen is the size of the OPT rdata */ - u_short optlen = ns_rr_rdlen(*rr); - - fprintf(trace, ",edns0[len=%d,UDP=%lu,ver=%d,rcode=%d,DO=%c,z=%d] %c\n\t", - optlen, edns0csize, edns0version, edns0rcode, edns0dobit, edns0z, '\\'); - - /* if we have any data */ - while (optlen >= 4) { - /* the next two shorts are the edns0 opt code, and the length of the optionsection */ - u_short edns0optcod; - u_short edns0lenopt; - MY_GET16(edns0optcod, rd); - MY_GET16(edns0lenopt, rd); - optlen -= 4; - fprintf(trace, "edns0[code=%d,codelen=%d] ", edns0optcod, edns0lenopt); - - /* - * Check that the OPTION-LENGTH for this EDNS0 option doesn't - * exceed the size of the remaining OPT record rdata. If it does, - * just bail. - */ - if (edns0lenopt > optlen) - goto error; + const char* sep; + tcpstate_ptr tcpstate; + ldns_pkt* pkt = 0; + ldns_buffer* lbuf = 0; + ldns_status ret; - /* - * "pre-consume" edns0lenopt bytes from optlen here because - * below we're going to decrement edns0lenopt as we go. - * At this point optlen will refer to the size of the remaining - * OPT_T rdata after parsing the current option. - */ - optlen -= edns0lenopt; - - /* if we have edns0_client_subnet */ - if (edns0optcod == 0x08) { - if (edns0lenopt < 4) - goto error; - u_short afi; - MY_GET16(afi, rd); - u_short masks; - MY_GET16(masks, rd); - edns0lenopt -= 4; - u_short srcmask = (masks & 0xff00) >> 8; - u_short scomask = (masks & 0xff); - - char buf[128]; - u_char addr[16]; - memset(addr, 0, sizeof addr); - memcpy(addr, rd, edns0lenopt < sizeof(addr) ? edns0lenopt : sizeof(addr)); - - buf[0] = 0; - if (afi == 0x1) { - inet_ntop(AF_INET, addr, buf, sizeof buf); - } else if (afi == 0x2) { - inet_ntop(AF_INET6, addr, buf, sizeof buf); - } else { - fprintf(trace, "unknown AFI %d\n", afi); - } - fprintf(trace, "edns0_client_subnet=%s/%d (scope %d)", buf[0] ? buf : "", srcmask, scomask); + fprintf(trace, " %sdns ", endline); + if ((ret = ldns_wire2pkt(&pkt, payload, paylen)) != LDNS_STATUS_OK) { + /* DNS message may have padding, try get actual size */ + size_t dnslen = calcdnslen(payload, paylen); + if (dnslen > 0 && dnslen < paylen) { + if ((ret = ldns_wire2pkt(&pkt, payload, dnslen)) != LDNS_STATUS_OK) { + fputs(ldns_get_errorstr_by_id(ret), trace); + if ((tcpstate = tcpstate_getcurr())) + tcpstate_reset(tcpstate, strerror(errno)); + return; } - /* increment the rd pointer by the remaining option data size */ - rd += edns0lenopt; + } else { + fputs(ldns_get_errorstr_by_id(ret), trace); + if ((tcpstate = tcpstate_getcurr())) + tcpstate_reset(tcpstate, strerror(errno)); + return; } - } break; - - default: - error: - snprintf(buf, sizeof(buf), "[%u]", ns_rr_rdlen(*rr)); } - if (buf[0] != '\0') { - putc(',', trace); - fputs(buf, trace); + + if (!(lbuf = ldns_buffer_new(512))) { + fprintf(stderr, "%s: out of memory", ProgramName); + exit(1); } -} -static const char* -p_opcode(int opcode) -{ - static char buf[20]; - switch (opcode) { - case 0: - return "QUERY"; - case 1: - return "IQUERY"; - case 2: - return "CQUERYM"; - case 3: - return "CQUERYU"; - case 4: - return "NOTIFY"; - case 5: - return "UPDATE"; - case 14: - return "ZONEINIT"; - case 15: - return "ZONEREF"; - default: - snprintf(buf, sizeof(buf), "OPCODE%d", opcode); - return buf; + if (ldns_pkt_opcode2buffer_str(lbuf, ldns_pkt_get_opcode(pkt)) != LDNS_STATUS_OK) { + fprintf(stderr, "%s: unable to covert opcode to str", ProgramName); + exit(1); } - /* NOTREACHED */ -} + fprintf(trace, "%s,", (char*)ldns_buffer_begin(lbuf)); + ldns_buffer_clear(lbuf); + if (ldns_pkt_rcode2buffer_str(lbuf, ldns_pkt_get_rcode(pkt)) != LDNS_STATUS_OK) { + fprintf(stderr, "%s: unable to covert rcode to str", ProgramName); + exit(1); + } + fprintf(trace, "%s,%u,", (char*)ldns_buffer_begin(lbuf), ldns_pkt_id(pkt)); -#else + sep = ""; +#define FLAG(t, f) \ + if (f) { \ + fprintf(trace, "%s%s", sep, t); \ + sep = "|"; \ + } + FLAG("qr", ldns_pkt_qr(pkt)); + FLAG("aa", ldns_pkt_aa(pkt)); + FLAG("tc", ldns_pkt_tc(pkt)); + FLAG("rd", ldns_pkt_rd(pkt)); + FLAG("ra", ldns_pkt_ra(pkt)); + FLAG("z", LDNS_Z_WIRE(payload)); + FLAG("ad", ldns_pkt_ad(pkt)); + FLAG("cd", ldns_pkt_cd(pkt)); +#undef FLAG + dump_dns_sect(ldns_pkt_question(pkt), trace, endline, lbuf, true, false, 0); + dump_dns_sect(ldns_pkt_answer(pkt), trace, endline, lbuf, false, false, 0); + dump_dns_sect(ldns_pkt_authority(pkt), trace, endline, lbuf, false, false, 0); + dump_dns_sect(ldns_pkt_additional(pkt), trace, endline, lbuf, false, true, pkt); -void dump_dns(const u_char* payload, size_t paylen, - FILE* trace, const char* endline) -{ - (void)payload; - (void)paylen; - fprintf(trace, " %sNO BINDLIB", endline); + ldns_buffer_free(lbuf); + ldns_pkt_free(pkt); } - -#endif diff --git a/src/dump_dns.h b/src/dump_dns.h index 66faf50..a7016f3 100644 --- a/src/dump_dns.h +++ b/src/dump_dns.h @@ -40,7 +40,8 @@ #ifndef __dnscap_dump_dns_h #define __dnscap_dump_dns_h -void dump_dns(const u_char* payload, size_t paylen, - FILE* trace, const char* endline); +#include + +void dump_dns(const u_char* payload, size_t paylen, FILE* trace, const char* endline); #endif // __dnscap_dump_dns_h diff --git a/src/network.c b/src/network.c index bb40c3f..2db1705 100644 --- a/src/network.c +++ b/src/network.c @@ -43,6 +43,8 @@ #include "tcpstate.h" #include "tcpreasm.h" +#include + struct ip6_hdr* network_ipv6 = 0; struct ip* network_ip = 0; struct udphdr* network_udp = 0; @@ -863,85 +865,97 @@ void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_ return; } } -#if HAVE_NS_INITPARSE && HAVE_NS_PARSERR && HAVE_NS_SPRINTRR if (!EMPTY(myregexes)) { - int match, negmatch; - ns_msg msg; - ns_sect s; + int match, negmatch; + ldns_pkt* pkt; + ldns_buffer* buf = ldns_buffer_new(512); + + if (!buf) { + fprintf(stderr, "%s: out of memory", ProgramName); + exit(1); + } match = -1; negmatch = -1; - if (ns_initparse(dnspkt, dnslen, &msg) < 0) { + if (ldns_wire2pkt(&pkt, dnspkt, dnslen) != LDNS_STATUS_OK) { /* DNS message may have padding, try get actual size */ - if (errno == EMSGSIZE) { - size_t dnslen2 = calcdnslen(dnspkt, dnslen); - if (dnslen2 > 0 && dnslen2 < dnslen && ns_initparse(dnspkt, dnslen2, &msg) < 0) { + size_t dnslen2 = calcdnslen(dnspkt, dnslen); + if (dnslen2 > 0 && dnslen2 < dnslen) { + if (ldns_wire2pkt(&pkt, dnspkt, dnslen2) != LDNS_STATUS_OK) { + ldns_buffer_free(buf); tcpstate_discard(tcpstate, "failed parse"); return; } } else { + ldns_buffer_free(buf); tcpstate_discard(tcpstate, "failed parse"); return; } } /* Look at each section of the message: question, answer, authority, additional */ - for (s = ns_s_qd; s < ns_s_max; s++) { - char pres[SNAPLEN * 4]; - const char* look; - int count, n; - ns_rr rr; - - /* Look at each RR in the section (or each QNAME in - the question section). */ - count = ns_msg_count(msg, s); - for (n = 0; n < count; n++) { - myregex_ptr myregex; - - if (ns_parserr(&msg, s, n, &rr) < 0) { - tcpstate_discard(tcpstate, "failed parse"); - return; - } - if (s == ns_s_qd) { - look = ns_rr_name(rr); + ldns_rr_list* rrs = ldns_pkt_all(pkt); + if (!rrs) { + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + tcpstate_discard(tcpstate, "failed to get list of RRs"); + return; + } + /* Look at each RR in the section (or each QNAME in + the question section). */ + size_t i, n; + for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) { + ldns_rr* rr = ldns_rr_list_rr(rrs, i); + if (!rr) { + ldns_rr_list_free(rrs); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + tcpstate_discard(tcpstate, "failed to get RR"); + return; + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(rr)) != LDNS_STATUS_OK) { + ldns_rr_list_free(rrs); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + tcpstate_discard(tcpstate, "failed to get RR"); + return; + } + + myregex_ptr myregex; + for (myregex = HEAD(myregexes); + myregex != NULL; + myregex = NEXT(myregex, link)) { + if (myregex->not ) { + if (negmatch < 0) + negmatch = 0; } else { - if (ns_sprintrr(&msg, &rr, NULL, ".", - pres, sizeof pres) - < 0) { - tcpstate_discard(tcpstate, "failed parse"); - return; - } - look = pres; + if (match < 0) + match = 0; } - for (myregex = HEAD(myregexes); - myregex != NULL; - myregex = NEXT(myregex, link)) { - if (myregex->not ) { - if (negmatch < 0) - negmatch = 0; - } else { - if (match < 0) - match = 0; - } - - if (regexec(&myregex->reg, look, 0, NULL, 0) == 0) { - if (myregex->not ) - negmatch++; - else - match++; - - if (dumptrace >= 2) - fprintf(stderr, - "; \"%s\" %s~ /%s/ %d %d\n", - look, - myregex->not ? "!" : "", - myregex->str, - match, - negmatch); - } + + if (regexec(&myregex->reg, (char*)ldns_buffer_begin(buf), 0, NULL, 0) == 0) { + if (myregex->not ) + negmatch++; + else + match++; + + if (dumptrace >= 2) + fprintf(stderr, + "; \"%s\" %s~ /%s/ %d %d\n", + (char*)ldns_buffer_begin(buf), + myregex->not ? "!" : "", + myregex->str, + match, + negmatch); } } } + ldns_rr_list_free(rrs); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + /* * Fail if any negative matching or if no match, match can be -1 which * indicates that there are only negative matching @@ -951,7 +965,6 @@ void network_pkt2(const char* descr, my_bpftimeval ts, const pcap_thread_packet_ return; } } -#endif /* HAVE_NS_INITPARSE && HAVE_NS_PARSERR && HAVE_NS_SPRINTRR */ /* * TODO: Policy hiding. @@ -1486,85 +1499,97 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf, goto network_pkt_end; } } -#if HAVE_NS_INITPARSE && HAVE_NS_PARSERR && HAVE_NS_SPRINTRR if (!EMPTY(myregexes)) { - int match, negmatch; - ns_msg msg; - ns_sect s; + int match, negmatch; + ldns_pkt* pkt; + ldns_buffer* buf = ldns_buffer_new(512); + + if (!buf) { + fprintf(stderr, "%s: out of memory", ProgramName); + exit(1); + } match = -1; negmatch = -1; - if (ns_initparse(dnspkt, dnslen, &msg) < 0) { + if (ldns_wire2pkt(&pkt, dnspkt, dnslen) != LDNS_STATUS_OK) { /* DNS message may have padding, try get actual size */ - if (errno == EMSGSIZE) { - size_t dnslen2 = calcdnslen(dnspkt, dnslen); - if (dnslen2 > 0 && dnslen2 < dnslen && ns_initparse(dnspkt, dnslen2, &msg) < 0) { + size_t dnslen2 = calcdnslen(dnspkt, dnslen); + if (dnslen2 > 0 && dnslen2 < dnslen) { + if (ldns_wire2pkt(&pkt, dnspkt, dnslen2) != LDNS_STATUS_OK) { + ldns_buffer_free(buf); tcpstate_discard(tcpstate, "failed parse"); goto network_pkt_end; } } else { + ldns_buffer_free(buf); tcpstate_discard(tcpstate, "failed parse"); goto network_pkt_end; } } /* Look at each section of the message: question, answer, authority, additional */ - for (s = ns_s_qd; s < ns_s_max; s++) { - char pres[SNAPLEN * 4]; - const char* look; - int count, n; - ns_rr rr; - - /* Look at each RR in the section (or each QNAME in - the question section). */ - count = ns_msg_count(msg, s); - for (n = 0; n < count; n++) { - myregex_ptr myregex; - - if (ns_parserr(&msg, s, n, &rr) < 0) { - tcpstate_discard(tcpstate, "failed parse"); - goto network_pkt_end; - } - if (s == ns_s_qd) { - look = ns_rr_name(rr); + ldns_rr_list* rrs = ldns_pkt_all(pkt); + if (!rrs) { + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + tcpstate_discard(tcpstate, "failed to get list of RRs"); + goto network_pkt_end; + } + /* Look at each RR in the section (or each QNAME in + the question section). */ + size_t i, n; + for (i = 0, n = ldns_rr_list_rr_count(rrs); i < n; i++) { + ldns_rr* rr = ldns_rr_list_rr(rrs, i); + if (!rr) { + ldns_rr_list_free(rrs); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + tcpstate_discard(tcpstate, "failed to get RR"); + goto network_pkt_end; + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(rr)) != LDNS_STATUS_OK) { + ldns_rr_list_free(rrs); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + tcpstate_discard(tcpstate, "failed to get RR"); + goto network_pkt_end; + } + + myregex_ptr myregex; + for (myregex = HEAD(myregexes); + myregex != NULL; + myregex = NEXT(myregex, link)) { + if (myregex->not ) { + if (negmatch < 0) + negmatch = 0; } else { - if (ns_sprintrr(&msg, &rr, NULL, ".", - pres, sizeof pres) - < 0) { - tcpstate_discard(tcpstate, "failed parse"); - goto network_pkt_end; - } - look = pres; + if (match < 0) + match = 0; } - for (myregex = HEAD(myregexes); - myregex != NULL; - myregex = NEXT(myregex, link)) { - if (myregex->not ) { - if (negmatch < 0) - negmatch = 0; - } else { - if (match < 0) - match = 0; - } - - if (regexec(&myregex->reg, look, 0, NULL, 0) == 0) { - if (myregex->not ) - negmatch++; - else - match++; - - if (dumptrace >= 2) - fprintf(stderr, - "; \"%s\" %s~ /%s/ %d %d\n", - look, - myregex->not ? "!" : "", - myregex->str, - match, - negmatch); - } + + if (regexec(&myregex->reg, (char*)ldns_buffer_begin(buf), 0, NULL, 0) == 0) { + if (myregex->not ) + negmatch++; + else + match++; + + if (dumptrace >= 2) + fprintf(stderr, + "; \"%s\" %s~ /%s/ %d %d\n", + (char*)ldns_buffer_begin(buf), + myregex->not ? "!" : "", + myregex->str, + match, + negmatch); } } } + ldns_rr_list_free(rrs); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + /* * Fail if any negative matching or if no match, match can be -1 which * indicates that there are only negative matching @@ -1574,7 +1599,6 @@ void network_pkt(const char* descr, my_bpftimeval ts, unsigned pf, goto network_pkt_end; } } -#endif /* HAVE_NS_INITPARSE && HAVE_NS_PARSERR && HAVE_NS_SPRINTRR */ /* Policy hiding. */ if (end_hide != 0) { diff --git a/src/tcpreasm.c b/src/tcpreasm.c index be404ef..db897dc 100644 --- a/src/tcpreasm.c +++ b/src/tcpreasm.c @@ -39,6 +39,7 @@ #include "network.h" #include +#include #define dfprintf(a, b...) \ if (dumptrace >= 3) { \ @@ -83,11 +84,10 @@ static int dns_protocol_handler(tcpreasm_t* t, u_char* segment, uint16_t dnslen, { int m; -#if HAVE_NS_INITPARSE if (options.reassemble_tcp_bfbparsedns) { - int s; - ns_msg msg; - size_t at, len; + int s; + ldns_pkt* pkt; + size_t at, len; if (!t->bfb_buf && !(t->bfb_buf = malloc(BFB_BUF_SIZE))) { dfprintf(1, "dns_protocol_handler: no memory for bfb_buf"); @@ -147,7 +147,8 @@ static int dns_protocol_handler(tcpreasm_t* t, u_char* segment, uint16_t dnslen, break; } - if (!ns_initparse(&t->bfb_buf[at + 2], dnslen, &msg)) { + if (ldns_wire2pkt(&pkt, &t->bfb_buf[at + 2], dnslen) == LDNS_STATUS_OK) { + ldns_pkt_free(pkt); dfprintf(1, "dns_protocol_handler: dns at %zu len %u", at + 2, dnslen); for (m = 0; t->dnsmsg[m];) { @@ -171,7 +172,8 @@ static int dns_protocol_handler(tcpreasm_t* t, u_char* segment, uint16_t dnslen, } if (errno == EMSGSIZE) { size_t l = calcdnslen(&t->bfb_buf[at + 2], dnslen); - if (l > 0 && l < dnslen && !ns_initparse(&t->bfb_buf[at + 2], l, &msg)) { + if (l > 0 && l < dnslen && ldns_wire2pkt(&pkt, &t->bfb_buf[at + 2], l) == LDNS_STATUS_OK) { + ldns_pkt_free(pkt); dfprintf(1, "dns_protocol_handler: dns at %zu len %u (real len %zu)", at + 2, dnslen, l); for (m = 0; t->dnsmsg[m];) { @@ -239,7 +241,6 @@ static int dns_protocol_handler(tcpreasm_t* t, u_char* segment, uint16_t dnslen, } } } -#endif for (m = 0; t->dnsmsg[m];) { if (++m >= MAX_TCP_DNS_MSG) { diff --git a/src/test/test10.gold b/src/test/test10.gold index a466464..249139f 100644 --- a/src/test/test10.gold +++ b/src/test/test10.gold @@ -2,25 +2,21 @@ [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ dns QUERY,NOERROR,51420,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ dns QUERY,NOERROR,51420,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,299,172.217.20.46 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/src/test/test7.gold b/src/test/test7.gold index bd96509..04bb908 100644 --- a/src/test/test7.gold +++ b/src/test/test7.gold @@ -1325,15 +1325,13 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate [172.17.0.9].48613 [8.8.8.8].53 \ dns QUERY,NOERROR,4815,rd|ad \ 1 google.com,IN,A 0 0 \ - 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] [109] 2017-12-11 13:59:04.956698 [#1 1qtcpnosyn.pcap-dist 4095] \ [8.8.8.8].53 [172.17.0.9].48613 \ dns QUERY,NOERROR,4815,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,47,172.217.22.174 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [52] 2017-12-11 13:59:04.957247 [#2 1qtcpnosyn.pcap-dist 4095] \ [172.17.0.9].48613 [8.8.8.8].53 [52] 2017-12-11 13:59:04.960230 [#3 1qtcpnosyn.pcap-dist 4095] \ @@ -1344,8 +1342,7 @@ Enabling parse_ongoing_tcp and allow_reset_tcpstate 1513000744.960230 8.8.8.8 53 172.17.0.9 48613 6 [80] 2018-01-10 11:22:41.552406 [#0 do1t-nosyn-1nolen.pcap-dist 4095] \ [172.17.0.8].51388 [8.8.8.8].53 \ - dns QUERY,FORMERR,256 0 0 0 \ - 1639 Message too long + dns Label length overflow [98] 2018-01-10 11:22:41.555912 [#1 do1t-nosyn-1nolen.pcap-dist 4095] \ [8.8.8.8].53 [172.17.0.8].51388 \ dns QUERY,NOERROR,59311,qr|rd|ra \ diff --git a/src/test/test8.gold b/src/test/test8.gold index c97d05a..f545bd2 100644 --- a/src/test/test8.gold +++ b/src/test/test8.gold @@ -19,8 +19,7 @@ dns QUERY,NOERROR,4815,qr|rd|ra \ 1 google.com,IN,A \ 1 google.com,IN,A,47,172.217.22.174 0 \ - 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] \ - + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] [52] 2017-12-11 13:59:04.957247 [#6 dnsotcp-many1pkt.pcap-dist 4095] \ [172.17.0.9].48613 [8.8.8.8].53 [52] 2017-12-11 13:59:04.960230 [#7 dnsotcp-many1pkt.pcap-dist 4095] \