LINK = $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS)
HEADER = config.h
-TESTS = run-test0 run-test7 run-test18 run-test19 run-test20 \
- dname-label-test notify run-test-read-zone
.PHONY: all clean realclean
-all: $(TESTS)
+all: lua
lua: lua-rns
-run-test0: run-test0.o
- $(LINK) -o $@ $+
-
-run-test7: run-test7.o
- $(LINK) -o $@ $+
-
-run-test11: run-test11.o
- $(LINK) -o $@ $+
-
-run-test18: run-test18.o
- $(LINK) -lssl -o $@ $+
-
-run-test19: run-test19.o
- $(LINK) -lssl -o $@ $+
-
-run-test20: run-test20.o
- $(LINK) -lssl -o $@ $+
-
-run-test-read-zone: run-test-read-zone.o
- $(LINK) -lssl -o $@ $+
-
-dname-label-test: dname-label-test.o
- $(LINK) -o $@ $+
-
-notify: notify.o
- $(LINK) -o $@ $+
-
lua-rns: lua-rns.o
$(LINK) `lua-config --libs` -o $@ $+
-lua-rns.o: lua-rns.c
- $(COMPILE) `lua-config --include` -c $<
+#lua-rns.o: lua-rns.c
+# $(COMPILE) `lua-config --include` -c $<
## implicit rule
%.o: %.c $(HEADER)
- $(COMPILE) -c $<
+ $(COMPILE) `lua-config --include` -c $<
clean:
rm -f *.o
- rm -f $(TESTS)
rm -f lua-rns
realclean: clean
-
-free functions
+free functions from ldns - sometimes they are needed
-- dofile (filename)
-- swap 2 rrs in a pkt --
-function lua_swap_rr(pkt, n1, n2)
- print("[info] [RR] swapping", n1, n2)
+function lua_transpose_rr(pkt, n1, n2)
+ print("[info] [RR] transpose", n1, n2)
local rr_n1 = l_pkt_get_rr(pkt, n1)
local rr_n2 = l_pkt_set_rr(pkt, rr_n1, n2)
local rr_tm = l_pkt_set_rr(pkt, rr_n2, n1)
-- rm_tm is mem leak atm -- need free functions of ldns
end
-function lua_swap_rr_random(pkt)
+function lua_transpose_rr_random(pkt)
local total = l_pkt_rr_count(pkt) - 1
local rn1 = math.random(0, total)
local rn2 = math.random(0, total)
lua_swap_rr(pkt, rn1, rn2)
end
+-- substiture, add, remove
+
+---------------------------------
+-- these are more higher level --
+---------------------------------
+
-- reverse all the rrs in a pkt --
function lua_reverse_pkt(pkt)
local total = l_pkt_rr_count(pkt) - 1
end
lua_rand_init()
-
-rr1 = l_rr_new_frm_str("www.miek.nl IN A 192.168.1.2")
-rr2 = l_rr_new_frm_str("miek.nl IN ns gaap")
-rr3 = l_rr_new_frm_str("miek.nl IN ns gaap2")
-rr4 = l_rr_new_frm_str("www.atoom.net. IN A 192.168.1.2")
-
-pkt = l_pkt_new()
-pkt = l_pkt_push_rr(pkt, LDNS_SECTION_ANSWER, rr1)
-pkt = l_pkt_push_rr(pkt, LDNS_SECTION_ANSWER, rr4)
-pkt = l_pkt_push_rr(pkt, LDNS_SECTION_AUTHORITY, rr2)
-pkt = l_pkt_push_rr(pkt, LDNS_SECTION_AUTHORITY, rr3)
-
-l_pkt_print(pkt)
-
-lua_reverse_pkt(pkt)
-
-l_pkt_print(pkt)
-
--- now do it at random
-lua_swap_rr_random(pkt)
-
--- print again
-l_pkt_print(pkt)
--- /dev/null
+* Classes of Manglement
+
+from higher to lower level:
+ - deliberatly mess up a resolver ability to recurse
+ - move RRsets to different sections
+ - fiddle with the ID
+ - add/delete RRs
+ - remove glue, add wrong glue
+ - add fake signatures
+ - split up RRsets
+ == mess with the final packet ==
+ - distort the compression pointers in the final packet
+ - swap bytes in the final packet
+ - swap bits in the final packet
+
+Based on a simple ldns-based nameserver.
+
+A configuration file is needed to tell it what to do. Some form
+of random stuff is also required.
+
+Ideally what I want is that you "program" you nameserver to mangle
+the packets.
+
+The mangle stage should be seen as a lego system, where you can connect
+different boxes together and push the assembled packet through it.
+
+So RNS should be able to deal with raw packets, so you can put it
+IN FRONT of another nameserver or it can directly deal with a ldns_packet*.
+
+Best way would be to build RNS is as a filter that can be put between the
+resolver and nameserver. Or, if running on localhost, all answers can be
+sent to a special IP of the resolver you want to test.
+
+** Mangle Blocks
+
+Each mangle function is effectively called from the configuration file.
+From the config file a mangle-engine is built. The packet is then put
+through this engine. After that a binary blob (with a length) comes
+out. This blob is then sent out to the network.
+
+* Design of RNS
+
+You program the engine in Lua by using ldns building blocks.
+
+I must be able to call C ldns functions from lua and pass data
+from and to the functions.
+
+:Binary filter:
+
+Steps:
+1. suck in a packet
+ b: check ip dst address
+2. mangle it according to the configuration file
+3. rebuilt and put out the new packet. (Or binary blob, or whatever)
+
+* Implementation
+
+A bunch of blob/packet functions-in/out.
+
+So blob_out* lua_mangle_remove_rr(blob_in*, random, extra args??);
+
+See are then chained together by the lua code.
+
+:Packet Mangling:
+
+These are the four basic operations:
+
+Transpose: switching 2 elements
+Substitute: replace an element with another one
+ (could be random)
+Add: add an element
+Remove: remove an element
+
+Each operation can be done on a different level, we distinguish between the
+following levels:
+
+packet-level: the header bits, number of rr in a specific section,
+rr-level: placement of rrs (which section)
+byte-level: handle specific bytes, like the compression pointers (2
+ bytes)
+bit-level: handle specific bits
+
+All 4 operation can be applied at all levels, this gives us 16 degrees of
+freedom in the packet mangling. (ghe ghe :-) )
+
+To keep matters interesting some sort of randomness is required in some
+step, otherwise each packet is mangled in the same way. Also this
+randomness together with the Lua script needs to be logged so the the
+actual mangling can be replayed.
+
+:Packet Mangling: address the different elements:
+We need a way to address our elements:
+
+elements: (network order)
+ bytes: numbered from 0 till the end of the packet
+ bits: within each byte numbered from 0 till 7
+ sections: numbered from the start of the packet (mnemonics?)
+ rr: numbered in each section
+
+Ambivalent on whether we need something like addresses: section_answer?
+ldns_* provides it. Should we use that?????
+
+::Packet Mangling Implementation::
+Example:
+
+Suppose we have a mangling operation that mangles RR (at the rr-level):
+transpose_rr(packet, rr1_postition, rr2_position)
+
+The 2 rr's are now flipped. We could also use rand0 for the position
+thereby letting the system decide. All these mangling functions should
+this log what they do.
+
+:: Short Term Implementation ::
+
+Try to switch 2 rrs from one section to another. Complex addressing of
+a packet <Section, RR number> probably.... Section can be random, RR number
+can be random.
+
+
+:: Addressing ::
+everything is numbered from 0 to n-1, so n objects
+this is how things go in side the packet too, so it is the easiest
+
+:: Lua Implementation ::
+RR level -> ldns stuff
+Packet level -> ldns stuff
+Byte level -> Lua string
+Bit level -> Lua string, but add C bit ops
--- ldns defines
+-- source the lib file with the function
+dofile("rns-lib.lua")
-LDNS_SECTION_QUESTION = 0
-LDNS_SECTION_ANSWER = 1
-LDNS_SECTION_AUTHORITY = 2
-LDNS_SECTION_ADDITIONAL = 3
-LDNS_SECTION_ANY = 4
-LDNS_SECTION_ANY_NOQUESTION = 5
+rr1 = l_rr_new_frm_str("www.miek.nl IN A 192.168.1.2")
+rr2 = l_rr_new_frm_str("miek.nl IN ns gaap")
+rr3 = l_rr_new_frm_str("miek.nl IN ns gaap2")
+rr4 = l_rr_new_frm_str("www.atoom.net. IN A 192.168.1.2")
--- Now the scary ldns_* stuff
+pkt = l_pkt_new()
+pkt = l_pkt_push_rr(pkt, LDNS_SECTION_ANSWER, rr1)
+pkt = l_pkt_push_rr(pkt, LDNS_SECTION_ANSWER, rr4)
+pkt = l_pkt_push_rr(pkt, LDNS_SECTION_AUTHORITY, rr2)
+pkt = l_pkt_push_rr(pkt, LDNS_SECTION_AUTHORITY, rr3)
-my_rr2 = l_rr_new_frm_str("www.miek.nl")
-my_rr = l_rr_new_frm_str("www.miek.nl IN A 192.168.1.2")
-my_rr4 = l_rr_new_frm_str("www.atoom.net. IN A 192.168.1.2")
+l_pkt_print(pkt)
-l_rr_print(my_rr)
-l_rr_print(my_rr2)
-l_rr_print(my_rr4)
+lua_reverse_pkt(pkt)
-my_pkt = l_pkt_new()
+l_pkt_print(pkt)
-my_pkt = l_pkt_push_rr(my_pkt, LDNS_SECTION_ANSWER, my_rr)
+-- now do it at random
+lua_swap_rr_random(pkt)
-l_pkt_print(my_pkt)
-
-my_pkt = l_pkt_push_rr(my_pkt, LDNS_SECTION_ANSWER, my_rr2)
-
-my_rr3 = l_pkt_get_rr(my_pkt, 0);
-l_rr_print(my_rr3)
-my_rr3 = l_pkt_get_rr(my_pkt, 1);
-l_rr_print(my_rr3)
-
-l_pkt_print(my_pkt)
-my_rr5 = l_pkt_set_rr(my_pkt, my_rr4, 1)
-l_rr_print(my_rr5)
-
-l_pkt_print(my_pkt)
+-- print again
+l_pkt_print(pkt)
--- /dev/null
+-- source the lib file with the function
+dofile("rns-lib.lua")
+
+-- Now the scary ldns_* stuff
+my_rr2 = l_rr_new_frm_str("www.miek.nl")
+my_rr = l_rr_new_frm_str("www.miek.nl IN A 192.168.1.2")
+my_rr4 = l_rr_new_frm_str("www.atoom.net. IN A 192.168.1.2")
+
+l_rr_print(my_rr)
+l_rr_print(my_rr2)
+l_rr_print(my_rr4)
+
+my_pkt = l_pkt_new()
+
+my_pkt = l_pkt_push_rr(my_pkt, LDNS_SECTION_ANSWER, my_rr)
+
+l_pkt_print(my_pkt)
+
+my_pkt = l_pkt_push_rr(my_pkt, LDNS_SECTION_ANSWER, my_rr2)
+
+my_rr3 = l_pkt_get_rr(my_pkt, 0);
+l_rr_print(my_rr3)
+my_rr3 = l_pkt_get_rr(my_pkt, 1);
+l_rr_print(my_rr3)
+
+l_pkt_print(my_pkt)
+my_rr5 = l_pkt_set_rr(my_pkt, my_rr4, 1)
+l_rr_print(my_rr5)
+
+l_pkt_print(my_pkt)
projects / thirdparty / ldns.git / commitdiff
