projects / thirdparty / pdns.git / blame
| Commit | Line | Data |
|---|---|---|
| 870a0fe4 AT |
1 | #ifdef HAVE_CONFIG_H |
| 2 | #include "config.h" | |
| 3 | #endif | |
| 181fcd29 | 4 | #include "dnsparser.hh" |
| 12475222 | 5 | #include "rec-lua-conf.hh" |
| 181fcd29 BH |
6 | #include "sstuff.hh" |
| 7 | #include "misc.hh" | |
| 8 | #include "dnswriter.hh" | |
| 9 | #include "dnsrecords.hh" | |
| 10 | #include "statbag.hh" | |
| af7d3ea6 | 11 | #include "ednssubnet.hh" |
| 5bb846fe | 12 | #include "dnssecinfra.hh" |
| 13 | #include "recursor_cache.hh" | |
| 14 | #include "base32.hh" | |
| f2234140 | 15 | #include "root-dnssec.hh" |
| 243f4780 | 16 | |
| 17 | #include "validate.hh" | |
| 181fcd29 BH |
18 | StatBag S; |
| 19 | ||
| 5bb846fe | 20 | class TCPResolver : public boost::noncopyable |
| 21 | { | |
| 22 | public: | |
| 23 | TCPResolver(ComboAddress addr) : d_rsock(AF_INET, SOCK_STREAM) | |
| 24 | { | |
| 25 | d_rsock.connect(addr); | |
| 26 | } | |
| 27 | ||
| 28 | string query(const DNSName& qname, uint16_t qtype) | |
| 29 | { | |
| 30 | cerr<<"Q "<<qname<<"/"<<DNSRecordContent::NumberToType(qtype)<<endl; | |
| 31 | vector<uint8_t> packet; | |
| 32 | DNSPacketWriter pw(packet, qname, qtype); | |
| 33 | ||
| 34 | // recurse | |
| 35 | pw.getHeader()->rd=true; | |
| 36 | ||
| 37 | // we'll do the validation | |
| 38 | pw.getHeader()->cd=true; | |
| 39 | pw.getHeader()->ad=true; | |
| 40 | ||
| 41 | // we do require DNSSEC records to do that! | |
| 42 | pw.addOpt(2800, 0, EDNSOpts::DNSSECOK); | |
| 43 | pw.commit(); | |
| 44 | ||
| 45 | uint16_t len; | |
| 46 | len = htons(packet.size()); | |
| 47 | if(d_rsock.write((char *) &len, 2) != 2) | |
| 48 | throw PDNSException("tcp write failed"); | |
| 49 | ||
| 16657041 | 50 | d_rsock.writen(string(packet.begin(), packet.end())); |
| 5bb846fe | 51 | |
| 2cb98b9a | 52 | int bread=d_rsock.read((char *) &len, 2); |
| 53 | if( bread <0) | |
| 54 | throw PDNSException("tcp read failed: "+std::string(strerror(errno))); | |
| 55 | if(bread != 2) | |
| 56 | throw PDNSException("EOF on TCP read"); | |
| 5bb846fe | 57 | |
| 58 | len=ntohs(len); | |
| 59 | char *creply = new char[len]; | |
| 60 | int n=0; | |
| 61 | int numread; | |
| 62 | while(n<len) { | |
| 63 | numread=d_rsock.read(creply+n, len-n); | |
| 34c513f9 RG |
64 | if(numread<0) { |
| 65 | delete[] creply; | |
| 2cb98b9a | 66 | throw PDNSException("tcp read failed: "+std::string(strerror(errno))); |
| 34c513f9 | 67 | } |
| 5bb846fe | 68 | n+=numread; |
| 69 | } | |
| 70 | ||
| 71 | string reply(creply, len); | |
| 72 | delete[] creply; | |
| 73 | ||
| 74 | return reply; | |
| 75 | } | |
| 76 | ||
| 77 | Socket d_rsock; | |
| 78 | }; | |
| 79 | ||
| 5bb846fe | 80 | |
| 243f4780 | 81 | class TCPRecordOracle : public DNSRecordOracle |
| 5bb846fe | 82 | { |
| 243f4780 | 83 | public: |
| 84 | TCPRecordOracle(const ComboAddress& dest) : d_dest(dest) {} | |
| 85 | vector<DNSRecord> get(const DNSName& qname, uint16_t qtype) override | |
| 5bb846fe | 86 | { |
| 243f4780 | 87 | TCPResolver tr(d_dest); |
| 88 | string resp=tr.query(qname, qtype); | |
| 27c0050c | 89 | MOADNSParser mdp(false, resp); |
| 243f4780 | 90 | vector<DNSRecord> ret; |
| 91 | ret.reserve(mdp.d_answers.size()); | |
| 92 | for(const auto& a : mdp.d_answers) { | |
| 93 | ret.push_back(a.first); | |
| 5bb846fe | 94 | } |
| 243f4780 | 95 | return ret; |
| 5bb846fe | 96 | } |
| 243f4780 | 97 | private: |
| 98 | ComboAddress d_dest; | |
| 99 | }; | |
| 5bb846fe | 100 | |
| 12475222 | 101 | GlobalStateHolder<LuaConfigItems> g_luaconfs; |
| 102 | LuaConfigItems::LuaConfigItems() | |
| 103 | { | |
| f2234140 | 104 | for (const auto &dsRecord : rootDSs) { |
| 32122aab | 105 | auto ds=std::dynamic_pointer_cast<DSRecordContent>(DSRecordContent::make(dsRecord)); |
| 12c06211 | 106 | dsAnchors[g_rootdnsname].insert(*ds); |
| f2234140 | 107 | } |
| 12475222 | 108 | } |
| 5bb846fe | 109 | |
| 12475222 | 110 | DNSFilterEngine::DNSFilterEngine() {} |
| 5bb846fe | 111 | |
| 181fcd29 BH |
112 | int main(int argc, char** argv) |
| 113 | try | |
| 114 | { | |
| 115 | reportAllTypes(); | |
| 12475222 | 116 | // g_rootDS = "19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5"; |
| 7492e4b3 | 117 | |
| 12475222 | 118 | // if(argv[5]) |
| 119 | // g_rootDS = argv[5]; | |
| 120 | ||
| 2cb98b9a | 121 | // g_anchors.insert(DSRecordContent("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")); |
| 181fcd29 | 122 | if(argc < 4) { |
| 2cb98b9a | 123 | cerr<<"Syntax: toysdig IP-address port question question-type [rootDS]\n"; |
| 181fcd29 BH |
124 | exit(EXIT_FAILURE); |
| 125 | } | |
| 5bb846fe | 126 | ComboAddress dest(argv[1] + (*argv[1]=='@'), atoi(argv[2])); |
| 243f4780 | 127 | TCPRecordOracle tro(dest); |
| 5bb846fe | 128 | DNSName qname(argv[3]); |
| 129 | uint16_t qtype=DNSRecordContent::TypeToNumber(argv[4]); | |
| 5bb846fe | 130 | cout<<"digraph oneshot {"<<endl; |
| af7d3ea6 | 131 | |
| 243f4780 | 132 | auto recs=tro.get(qname, qtype); |
| 181fcd29 | 133 | |
| 243f4780 | 134 | cspmap_t cspmap=harvestCSPFromRecs(recs); |
| 9c3caa79 | 135 | cerr<<"Got "<<cspmap.size()<<" RRSETs: "; |
| 136 | int numsigs=0; | |
| 137 | for(const auto& csp : cspmap) { | |
| 138 | cerr<<" "<<csp.first.first<<'/'<<DNSRecordContent::NumberToType(csp.first.second)<<": "<<csp.second.signatures.size()<<" sigs for "<<csp.second.records.size()<<" records"<<endl; | |
| 139 | numsigs+= csp.second.signatures.size(); | |
| 5bb846fe | 140 | } |
| 9c3caa79 | 141 | |
| 647544dc | 142 | skeyset_t keys; |
| 9c3caa79 | 143 | cspmap_t validrrsets; |
| 144 | ||
| 145 | if(numsigs) { | |
| 146 | for(const auto& csp : cspmap) { | |
| 147 | for(const auto& sig : csp.second.signatures) { | |
| 148 | cerr<<"got rrsig "<<sig->d_signer<<"/"<<sig->d_tag<<endl; | |
| 243f4780 | 149 | vState state = getKeysFor(tro, sig->d_signer, keys); |
| 9c3caa79 | 150 | cerr<<"! state = "<<vStates[state]<<", now have "<<keys.size()<<" keys at "<<qname<<endl; |
| 5bb846fe | 151 | // dsmap.insert(make_pair(dsrc.d_tag, dsrc)); |
| 152 | } | |
| 153 | } | |
| 9c3caa79 | 154 | |
| 155 | validateWithKeySet(cspmap, validrrsets, keys); | |
| 92011b8f | 156 | } |
| 5bb846fe | 157 | else { |
| 158 | cerr<<"no sigs, hoping for Insecure"<<endl; | |
| 243f4780 | 159 | vState state = getKeysFor(tro, qname, keys); |
| 5bb846fe | 160 | cerr<<"! state = "<<vStates[state]<<", now have "<<keys.size()<<" keys at "<<qname<<endl; |
| 161 | } | |
| 9c3caa79 | 162 | cerr<<"! validated "<<validrrsets.size()<<" RRsets out of "<<cspmap.size()<<endl; |
| 5bb846fe | 163 | |
| 164 | cerr<<"% validated RRs:"<<endl; | |
| 9c3caa79 | 165 | for(auto i=validrrsets.begin(); i!=validrrsets.end(); i++) { |
| 5bb846fe | 166 | cerr<<"% "<<i->first.first<<"/"<<DNSRecordContent::NumberToType(i->first.second)<<endl; |
| 9c3caa79 | 167 | for(auto j=i->second.records.begin(); j!=i->second.records.end(); j++) { |
| 2cb98b9a | 168 | cerr<<"\t% > "<<(*j)->getZoneRepresentation()<<endl; |
| 5bb846fe | 169 | } |
| 170 | } | |
| 171 | ||
| 172 | cout<<"}"<<endl; | |
| 173 | exit(0); | |
| 181fcd29 BH |
174 | } |
| 175 | catch(std::exception &e) | |
| 176 | { | |
| 177 | cerr<<"Fatal: "<<e.what()<<endl; | |
| 178 | } | |
| 2cb98b9a | 179 | catch(PDNSException &pe) |
| 180 | { | |
| 181 | cerr<<"Fatal: "<<pe.reason<<endl; | |
| 182 | } | |
| 183 |