From: Miek Gieben Date: Tue, 9 Aug 2005 08:56:37 +0000 (+0000) Subject: better naming, everything in one dir X-Git-Tag: release-1.0.0~345 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=61fd45c70407ce530ac8a171e23ecb79c7fe4380;p=thirdparty%2Fldns.git better naming, everything in one dir --- diff --git a/lua/Makefile.in b/lua/Makefile.in index bcaaa5f3..b482008b 100644 --- a/lua/Makefile.in +++ b/lua/Makefile.in @@ -18,55 +18,25 @@ COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS) LINK = $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS) HEADER = config.h -TESTS = run-test0 run-test7 run-test18 run-test19 run-test20 \ - dname-label-test notify run-test-read-zone .PHONY: all clean realclean -all: $(TESTS) +all: lua lua: lua-rns -run-test0: run-test0.o - $(LINK) -o $@ $+ - -run-test7: run-test7.o - $(LINK) -o $@ $+ - -run-test11: run-test11.o - $(LINK) -o $@ $+ - -run-test18: run-test18.o - $(LINK) -lssl -o $@ $+ - -run-test19: run-test19.o - $(LINK) -lssl -o $@ $+ - -run-test20: run-test20.o - $(LINK) -lssl -o $@ $+ - -run-test-read-zone: run-test-read-zone.o - $(LINK) -lssl -o $@ $+ - -dname-label-test: dname-label-test.o - $(LINK) -o $@ $+ - -notify: notify.o - $(LINK) -o $@ $+ - lua-rns: lua-rns.o $(LINK) `lua-config --libs` -o $@ $+ -lua-rns.o: lua-rns.c - $(COMPILE) `lua-config --include` -c $< +#lua-rns.o: lua-rns.c +# $(COMPILE) `lua-config --include` -c $< ## implicit rule %.o: %.c $(HEADER) - $(COMPILE) -c $< + $(COMPILE) `lua-config --include` -c $< clean: rm -f *.o - rm -f $(TESTS) rm -f lua-rns realclean: clean diff --git a/lua/lua-todo b/lua/lua-todo index 99b1ca9b..2af10f15 100644 --- a/lua/lua-todo +++ b/lua/lua-todo @@ -1,2 +1 @@ - -free functions +free functions from ldns - sometimes they are needed diff --git a/lua/reverse-pkt.lua b/lua/rns-lib.lua similarity index 58% rename from lua/reverse-pkt.lua rename to lua/rns-lib.lua index f13091d4..cb31be5c 100644 --- a/lua/reverse-pkt.lua +++ b/lua/rns-lib.lua @@ -8,21 +8,27 @@ LDNS_SECTION_ANY_NOQUESTION = 5 -- dofile (filename) -- swap 2 rrs in a pkt -- -function lua_swap_rr(pkt, n1, n2) - print("[info] [RR] swapping", n1, n2) +function lua_transpose_rr(pkt, n1, n2) + print("[info] [RR] transpose", n1, n2) local rr_n1 = l_pkt_get_rr(pkt, n1) local rr_n2 = l_pkt_set_rr(pkt, rr_n1, n2) local rr_tm = l_pkt_set_rr(pkt, rr_n2, n1) -- rm_tm is mem leak atm -- need free functions of ldns end -function lua_swap_rr_random(pkt) +function lua_transpose_rr_random(pkt) local total = l_pkt_rr_count(pkt) - 1 local rn1 = math.random(0, total) local rn2 = math.random(0, total) lua_swap_rr(pkt, rn1, rn2) end +-- substiture, add, remove + +--------------------------------- +-- these are more higher level -- +--------------------------------- + -- reverse all the rrs in a pkt -- function lua_reverse_pkt(pkt) local total = l_pkt_rr_count(pkt) - 1 @@ -41,26 +47,3 @@ function lua_rand_init() end lua_rand_init() - -rr1 = l_rr_new_frm_str("www.miek.nl IN A 192.168.1.2") -rr2 = l_rr_new_frm_str("miek.nl IN ns gaap") -rr3 = l_rr_new_frm_str("miek.nl IN ns gaap2") -rr4 = l_rr_new_frm_str("www.atoom.net. IN A 192.168.1.2") - -pkt = l_pkt_new() -pkt = l_pkt_push_rr(pkt, LDNS_SECTION_ANSWER, rr1) -pkt = l_pkt_push_rr(pkt, LDNS_SECTION_ANSWER, rr4) -pkt = l_pkt_push_rr(pkt, LDNS_SECTION_AUTHORITY, rr2) -pkt = l_pkt_push_rr(pkt, LDNS_SECTION_AUTHORITY, rr3) - -l_pkt_print(pkt) - -lua_reverse_pkt(pkt) - -l_pkt_print(pkt) - --- now do it at random -lua_swap_rr_random(pkt) - --- print again -l_pkt_print(pkt) diff --git a/lua/rns-specs b/lua/rns-specs new file mode 100644 index 00000000..44450c8d --- /dev/null +++ b/lua/rns-specs @@ -0,0 +1,128 @@ +* Classes of Manglement + +from higher to lower level: + - deliberatly mess up a resolver ability to recurse + - move RRsets to different sections + - fiddle with the ID + - add/delete RRs + - remove glue, add wrong glue + - add fake signatures + - split up RRsets + == mess with the final packet == + - distort the compression pointers in the final packet + - swap bytes in the final packet + - swap bits in the final packet + +Based on a simple ldns-based nameserver. + +A configuration file is needed to tell it what to do. Some form +of random stuff is also required. + +Ideally what I want is that you "program" you nameserver to mangle +the packets. + +The mangle stage should be seen as a lego system, where you can connect +different boxes together and push the assembled packet through it. + +So RNS should be able to deal with raw packets, so you can put it +IN FRONT of another nameserver or it can directly deal with a ldns_packet*. + +Best way would be to build RNS is as a filter that can be put between the +resolver and nameserver. Or, if running on localhost, all answers can be +sent to a special IP of the resolver you want to test. + +** Mangle Blocks + +Each mangle function is effectively called from the configuration file. +From the config file a mangle-engine is built. The packet is then put +through this engine. After that a binary blob (with a length) comes +out. This blob is then sent out to the network. + +* Design of RNS + +You program the engine in Lua by using ldns building blocks. + +I must be able to call C ldns functions from lua and pass data +from and to the functions. + +:Binary filter: + +Steps: +1. suck in a packet + b: check ip dst address +2. mangle it according to the configuration file +3. rebuilt and put out the new packet. (Or binary blob, or whatever) + +* Implementation + +A bunch of blob/packet functions-in/out. + +So blob_out* lua_mangle_remove_rr(blob_in*, random, extra args??); + +See are then chained together by the lua code. + +:Packet Mangling: + +These are the four basic operations: + +Transpose: switching 2 elements +Substitute: replace an element with another one + (could be random) +Add: add an element +Remove: remove an element + +Each operation can be done on a different level, we distinguish between the +following levels: + +packet-level: the header bits, number of rr in a specific section, +rr-level: placement of rrs (which section) +byte-level: handle specific bytes, like the compression pointers (2 + bytes) +bit-level: handle specific bits + +All 4 operation can be applied at all levels, this gives us 16 degrees of +freedom in the packet mangling. (ghe ghe :-) ) + +To keep matters interesting some sort of randomness is required in some +step, otherwise each packet is mangled in the same way. Also this +randomness together with the Lua script needs to be logged so the the +actual mangling can be replayed. + +:Packet Mangling: address the different elements: +We need a way to address our elements: + +elements: (network order) + bytes: numbered from 0 till the end of the packet + bits: within each byte numbered from 0 till 7 + sections: numbered from the start of the packet (mnemonics?) + rr: numbered in each section + +Ambivalent on whether we need something like addresses: section_answer? +ldns_* provides it. Should we use that????? + +::Packet Mangling Implementation:: +Example: + +Suppose we have a mangling operation that mangles RR (at the rr-level): +transpose_rr(packet, rr1_postition, rr2_position) + +The 2 rr's are now flipped. We could also use rand0 for the position +thereby letting the system decide. All these mangling functions should +this log what they do. + +:: Short Term Implementation :: + +Try to switch 2 rrs from one section to another. Complex addressing of +a packet probably.... Section can be random, RR number +can be random. + + +:: Addressing :: +everything is numbered from 0 to n-1, so n objects +this is how things go in side the packet too, so it is the easiest + +:: Lua Implementation :: +RR level -> ldns stuff +Packet level -> ldns stuff +Byte level -> Lua string +Bit level -> Lua string, but add C bit ops diff --git a/lua/rns.lua b/lua/rns.lua index 6597e56e..812ea796 100644 --- a/lua/rns.lua +++ b/lua/rns.lua @@ -1,37 +1,25 @@ --- ldns defines +-- source the lib file with the function +dofile("rns-lib.lua") -LDNS_SECTION_QUESTION = 0 -LDNS_SECTION_ANSWER = 1 -LDNS_SECTION_AUTHORITY = 2 -LDNS_SECTION_ADDITIONAL = 3 -LDNS_SECTION_ANY = 4 -LDNS_SECTION_ANY_NOQUESTION = 5 +rr1 = l_rr_new_frm_str("www.miek.nl IN A 192.168.1.2") +rr2 = l_rr_new_frm_str("miek.nl IN ns gaap") +rr3 = l_rr_new_frm_str("miek.nl IN ns gaap2") +rr4 = l_rr_new_frm_str("www.atoom.net. IN A 192.168.1.2") --- Now the scary ldns_* stuff +pkt = l_pkt_new() +pkt = l_pkt_push_rr(pkt, LDNS_SECTION_ANSWER, rr1) +pkt = l_pkt_push_rr(pkt, LDNS_SECTION_ANSWER, rr4) +pkt = l_pkt_push_rr(pkt, LDNS_SECTION_AUTHORITY, rr2) +pkt = l_pkt_push_rr(pkt, LDNS_SECTION_AUTHORITY, rr3) -my_rr2 = l_rr_new_frm_str("www.miek.nl") -my_rr = l_rr_new_frm_str("www.miek.nl IN A 192.168.1.2") -my_rr4 = l_rr_new_frm_str("www.atoom.net. IN A 192.168.1.2") +l_pkt_print(pkt) -l_rr_print(my_rr) -l_rr_print(my_rr2) -l_rr_print(my_rr4) +lua_reverse_pkt(pkt) -my_pkt = l_pkt_new() +l_pkt_print(pkt) -my_pkt = l_pkt_push_rr(my_pkt, LDNS_SECTION_ANSWER, my_rr) +-- now do it at random +lua_swap_rr_random(pkt) -l_pkt_print(my_pkt) - -my_pkt = l_pkt_push_rr(my_pkt, LDNS_SECTION_ANSWER, my_rr2) - -my_rr3 = l_pkt_get_rr(my_pkt, 0); -l_rr_print(my_rr3) -my_rr3 = l_pkt_get_rr(my_pkt, 1); -l_rr_print(my_rr3) - -l_pkt_print(my_pkt) -my_rr5 = l_pkt_set_rr(my_pkt, my_rr4, 1) -l_rr_print(my_rr5) - -l_pkt_print(my_pkt) +-- print again +l_pkt_print(pkt) diff --git a/lua/test.lua b/lua/test.lua new file mode 100644 index 00000000..48f3a1e9 --- /dev/null +++ b/lua/test.lua @@ -0,0 +1,30 @@ +-- source the lib file with the function +dofile("rns-lib.lua") + +-- Now the scary ldns_* stuff +my_rr2 = l_rr_new_frm_str("www.miek.nl") +my_rr = l_rr_new_frm_str("www.miek.nl IN A 192.168.1.2") +my_rr4 = l_rr_new_frm_str("www.atoom.net. IN A 192.168.1.2") + +l_rr_print(my_rr) +l_rr_print(my_rr2) +l_rr_print(my_rr4) + +my_pkt = l_pkt_new() + +my_pkt = l_pkt_push_rr(my_pkt, LDNS_SECTION_ANSWER, my_rr) + +l_pkt_print(my_pkt) + +my_pkt = l_pkt_push_rr(my_pkt, LDNS_SECTION_ANSWER, my_rr2) + +my_rr3 = l_pkt_get_rr(my_pkt, 0); +l_rr_print(my_rr3) +my_rr3 = l_pkt_get_rr(my_pkt, 1); +l_rr_print(my_rr3) + +l_pkt_print(my_pkt) +my_rr5 = l_pkt_set_rr(my_pkt, my_rr4, 1) +l_rr_print(my_rr5) + +l_pkt_print(my_pkt)