summaryrefslogtreecommitdiffstats
path: root/nmap_dns.cc
diff options
context:
space:
mode:
Diffstat (limited to 'nmap_dns.cc')
-rw-r--r--nmap_dns.cc1700
1 files changed, 1700 insertions, 0 deletions
diff --git a/nmap_dns.cc b/nmap_dns.cc
new file mode 100644
index 0000000..50c8a81
--- /dev/null
+++ b/nmap_dns.cc
@@ -0,0 +1,1700 @@
+
+/***************************************************************************
+ * nmap_dns.cc -- Handles parallel reverse DNS resolution for target IPs *
+ * *
+ ***********************IMPORTANT NMAP LICENSE TERMS************************
+ *
+ * The Nmap Security Scanner is (C) 1996-2023 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and add
+ * new features. You are highly encouraged to submit your changes as a Github PR
+ * or by email to the dev@nmap.org mailing list for possible incorporation into
+ * the main distribution. Unless you specify otherwise, it is understood that
+ * you are offering us very broad rights to use your submissions as described in
+ * the Nmap Public Source License Contributor Agreement. This is important
+ * because we fund the project by selling licenses with various terms, and also
+ * because the inability to relicense code has caused devastating problems for
+ * other Free Software projects (such as KDE and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
+ ***************************************************************************/
+
+// mass_rdns - Parallel Asynchronous Reverse DNS Resolution
+//
+// One of Nmap's features is to perform reverse DNS queries
+// on large number of IP addresses. Nmap supports 2 different
+// methods of accomplishing this:
+//
+// System Resolver (specified using --system-dns):
+// Performs sequential getnameinfo() calls on all the IPs.
+// As reliable as your system resolver, almost guaranteed
+// to be portable, but intolerably slow for scans of hundreds
+// or more because the result from each query needs to be
+// received before the next one can be sent.
+//
+// Mass/Async DNS (default):
+// Attempts to resolve host names in parallel using a set
+// of DNS servers. DNS servers are found here:
+//
+// --dns-servers <serv1[,serv2],...> (all platforms - overrides everything else)
+//
+// /etc/resolv.conf (only on unix)
+//
+// These registry keys: (only on windows)
+//
+// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
+// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer
+// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*\NameServer
+// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*\DhcpNameServer
+//
+//
+// Also, most systems maintain a file "/etc/hosts" that contains
+// IP to hostname mappings. We also try to consult these files. Here
+// is where we look for the files:
+//
+// Unix: /etc/hosts
+//
+// Windows:
+// for 95/98/Me: WINDOWS_DIR\hosts
+// for NT/2000/XP Pro: WINDOWS_DIR\system32\drivers\etc\hosts
+// for XP Home: WINDOWS_DIR\system32\drivers\etc\hosts
+// --see http://accs-net.com/hosts/how_to_use_hosts.html
+//
+//
+// Created by Doug Hoyte <doug at hcsw.org> http://www.hcsw.org
+// DNS Caching and aging added by Eddie Bell ejlbell@gmail.com 2007
+// IPv6 and improved DNS cache by Gioacchino Mazzurco <gmazzurco89@gmail.com> 2015
+
+
+// TODO:
+//
+// * Tune performance parameters
+//
+// * Figure out best way to estimate completion time
+// and display it in a ScanProgressMeter
+
+#ifdef WIN32
+#include "nmap_winconfig.h"
+/* Need DnetName2PcapName */
+#include "libnetutil/netutil.h"
+#endif
+
+#include "nmap.h"
+#include "NmapOps.h"
+#include "nmap_dns.h"
+#include "nsock.h"
+#include "nmap_error.h"
+#include "nmap_tty.h"
+#include "tcpip.h"
+#include "timing.h"
+#include "Target.h"
+
+#include <stdlib.h>
+#include <limits.h>
+#include <list>
+#include <vector>
+
+extern NmapOps o;
+
+
+
+//------------------- Performance Parameters ---------------------
+
+// Algorithm:
+//
+// A batch of num_targets hosts is passed to nmap_mass_rdns():
+// void nmap_mass_rdns(Target **targets, int num_targets)
+//
+// mass_dns sends out CAPACITY_MIN of these hosts to the DNS
+// servers detected, alternating in sequence.
+
+// When a request is fulfilled (either a resolved domain, NXDomain,
+// or confirmed ServFail) CAPACITY_UP_STEP is added to the current
+// capacity of the server the request was found by.
+
+// When a request times out and retries on the same server,
+// the server's capacity is scaled by CAPACITY_MINOR_DOWN_STEP.
+
+// When a request times out and moves to the next server in
+// sequence, the server's capacity is scaled by CAPACITY_MAJOR_DOWN_STEP.
+
+// mass_dns tries to maintain the current number of "outstanding
+// queries" on each server to that of its current capacity. The
+// packet is dropped if it cycles through all specified DNS
+// servers.
+
+
+// Since multiple DNS servers can be specified, different sequences
+// of timers are maintained. These are the various retransmission
+// intervals for each server before we move on to the next DNS server:
+
+// In milliseconds
+// Each row MUST be terminated with -1
+static int read_timeouts[][4] = {
+ { 4000, 4000, 5000, -1 }, // 1 server
+ { 2500, 4000, -1, -1 }, // 2 servers
+ { 2500, 3000, -1, -1 }, // 3+ servers
+};
+
+#define CAPACITY_MIN 10
+#define CAPACITY_MAX 200
+#define CAPACITY_UP_STEP 2
+#define CAPACITY_MINOR_DOWN_SCALE 0.9
+#define CAPACITY_MAJOR_DOWN_SCALE 0.7
+
+// Each request will try to resolve on at most this many servers:
+#define SERVERS_TO_TRY 3
+
+
+//------------------- Other Parameters ---------------------
+
+// How often to display a short debugging summary if debugging is
+// specified. Lower numbers means it's displayed more often.
+#define SUMMARY_DELAY 50
+
+// Minimum debugging level to display packet trace
+#define TRACE_DEBUG_LEVEL 4
+
+// The amount of time we wait for nsock_write() to complete before
+// retransmission. This should almost never happen. (in milliseconds)
+#define WRITE_TIMEOUT 100
+
+
+//------------------- Internal Structures ---------------------
+
+struct dns_server;
+struct request;
+typedef struct sockaddr_storage sockaddr_storage;
+
+struct dns_server {
+ std::string hostname;
+ sockaddr_storage addr;
+ size_t addr_len;
+ nsock_iod nsd;
+ int connected;
+ int reqs_on_wire;
+ int capacity;
+ int write_busy;
+ std::list<request *> to_process;
+ std::list<request *> in_process;
+};
+
+struct request {
+ Target *targ;
+ struct timeval timeout;
+ int tries;
+ int servers_tried;
+ dns_server *first_server;
+ dns_server *curr_server;
+ u16 id;
+};
+
+/*keeps record of a request going through a particular DNS server
+helps in attaining faster lookup based on ID */
+struct info{
+ dns_server *server;
+ request *tpreq;
+};
+
+class HostElem
+{
+public:
+ HostElem(const std::string & name_, const sockaddr_storage & ip) :
+ name(name_), addr(ip), cache_hits(0) {}
+ ~HostElem() {}
+
+ /* Ages entries and return true with a cache hit of 0 (the least used) */
+ static bool isTimeToClean(HostElem he)
+ {
+ if(he.cache_hits)
+ {
+ he.cache_hits >>= 1;
+ return false;
+ }
+
+ return true;
+ }
+
+ const std::string name;
+ const sockaddr_storage addr;
+ u8 cache_hits;
+};
+
+class HostCacheLine : public std::list<HostElem>{};
+
+class HostCache
+{
+public:
+ // TODO: avoid hardcode this constant
+ HostCache() : lines_count(256), hash_mask(lines_count-1),
+ hosts_storage(new HostCacheLine[lines_count]), elements_count(0)
+ {}
+ ~HostCache()
+ {
+ delete[] hosts_storage;
+ }
+
+ u32 hash(const sockaddr_storage &ip) const
+ {
+ u32 ret = 0;
+
+ switch (ip.ss_family)
+ {
+ case AF_INET:
+ {
+ u8 * ipv4 = (u8 *) &((const struct sockaddr_in *) &ip)->sin_addr;
+ // Shuffle bytes a little so we avoid awful performances in commons
+ // usages patterns like 10.0.1-255.1 and lines_count 256
+ ret = ipv4[0] + (ipv4[1]<<3) + (ipv4[2]<<5) + (ipv4[3]<<7);
+ break;
+ }
+ case AF_INET6:
+ {
+ const struct sockaddr_in6 * sa6 = (const struct sockaddr_in6 *) &ip;
+ u32 * ipv6 = (u32 *) sa6->sin6_addr.s6_addr;
+ ret = ipv6[0] + ipv6[1] + ipv6[2] + ipv6[3];
+ break;
+ }
+ }
+
+ return ret & hash_mask;
+ }
+
+ /* Add to the dns cache. If there are too many entries
+ * we age and remove the least frequently used ones to
+ * make more space. */
+ bool add( const sockaddr_storage & ip, const std::string & hname)
+ {
+ std::string discard;
+ if(lookup(ip, discard)) return false;
+
+ if(elements_count >= lines_count) prune();
+
+ HostElem he(hname, ip);
+ hosts_storage[hash(ip)].push_back(he);
+ ++elements_count;
+ return true;
+ }
+
+ u32 prune()
+ {
+ u32 original_count = elements_count;
+ for(u32 i = 0; i < lines_count; ++i)
+ {
+ std::list<HostElem>::iterator it = find_if(hosts_storage[i].begin(),
+ hosts_storage[i].end(),
+ HostElem::isTimeToClean);
+ while ( it != hosts_storage[i].end() )
+ {
+ it = hosts_storage[i].erase(it);
+ assert(elements_count > 0);
+ --elements_count;
+ }
+ }
+
+ return original_count - elements_count;
+ }
+
+ /* Search for a hostname in the cache and increment
+ * its cache hit counter if found */
+ bool lookup(const sockaddr_storage & ip, std::string & name)
+ {
+ std::list<HostElem>::iterator hostI;
+ u32 ip_hash = hash(ip);
+ for( hostI = hosts_storage[ip_hash].begin();
+ hostI != hosts_storage[ip_hash].end();
+ ++hostI)
+ {
+ if (sockaddr_storage_equal(&hostI->addr, &ip))
+ {
+ if(hostI->cache_hits < UCHAR_MAX)
+ hostI->cache_hits++;
+ name = hostI->name;
+ return true;
+ }
+ }
+ return false;
+ }
+
+protected:
+ const u32 lines_count;
+ const u32 hash_mask;
+ HostCacheLine * const hosts_storage;
+ u32 elements_count;
+};
+
+//------------------- Globals ---------------------
+
+u16 DNS::Factory::progressiveId = get_random_u16();
+static std::list<dns_server> servs;
+static std::list<request *> new_reqs;
+static std::list<request *> deferred_reqs;
+static std::map<u16, info> records;
+static int total_reqs;
+static nsock_pool dnspool=NULL;
+
+/* The DNS cache, not just for entries from /etc/hosts. */
+static HostCache host_cache;
+
+static int stat_actual, stat_ok, stat_nx, stat_sf, stat_trans, stat_dropped, stat_cname;
+static struct timeval starttv;
+static int read_timeout_index;
+
+static int firstrun=1;
+static ScanProgressMeter *SPM;
+
+
+//------------------- Prototypes and macros ---------------------
+static void read_evt_handler(nsock_pool, nsock_event, void *);
+static void put_dns_packet_on_wire(request *req);
+
+#define ACTION_FINISHED 0
+#define ACTION_SYSTEM_RESOLVE 1
+#define ACTION_TIMEOUT 2
+
+//------------------- Misc code ---------------------
+
+static void output_summary() {
+ int tp = stat_ok + stat_nx + stat_dropped;
+ struct timeval now;
+
+ memcpy(&now, nsock_gettimeofday(), sizeof(struct timeval));
+
+ if (o.debugging && (tp%SUMMARY_DELAY == 0))
+ log_write(LOG_STDOUT, "mass_rdns: %.2fs %d/%d [#: %lu, OK: %d, NX: %d, DR: %d, SF: %d, TR: %d]\n",
+ TIMEVAL_MSEC_SUBTRACT(now, starttv) / 1000.0,
+ tp, stat_actual,
+ (unsigned long) servs.size(), stat_ok, stat_nx, stat_dropped, stat_sf, stat_trans);
+}
+
+static void check_capacities(dns_server *tpserv) {
+ if (tpserv->capacity < CAPACITY_MIN) tpserv->capacity = CAPACITY_MIN;
+ if (tpserv->capacity > CAPACITY_MAX) tpserv->capacity = CAPACITY_MAX;
+ if (o.debugging >= TRACE_DEBUG_LEVEL) log_write(LOG_STDOUT, "CAPACITY <%s> = %d\n", tpserv->hostname.c_str(), tpserv->capacity);
+}
+
+// Closes all nsis created in connect_dns_servers()
+static void close_dns_servers() {
+ std::list<dns_server>::iterator serverI;
+
+ for(serverI = servs.begin(); serverI != servs.end(); serverI++) {
+ if (serverI->connected) {
+ nsock_iod_delete(serverI->nsd, NSOCK_PENDING_SILENT);
+ serverI->connected = 0;
+ serverI->to_process.clear();
+ serverI->in_process.clear();
+ }
+ }
+}
+
+
+// Puts as many packets on the line as capacity will allow
+static void do_possible_writes() {
+ std::list<dns_server>::iterator servI;
+ request *tpreq;
+
+ for(servI = servs.begin(); servI != servs.end(); servI++) {
+ if (servI->write_busy == 0 && servI->reqs_on_wire < servI->capacity) {
+ tpreq = NULL;
+ if (!servI->to_process.empty()) {
+ tpreq = servI->to_process.front();
+ servI->to_process.pop_front();
+ } else if (!new_reqs.empty()) {
+ tpreq = new_reqs.front();
+ assert(tpreq != NULL);
+ tpreq->first_server = tpreq->curr_server = &*servI;
+ new_reqs.pop_front();
+ }
+
+ if (tpreq) {
+ if (o.debugging >= TRACE_DEBUG_LEVEL)
+ log_write(LOG_STDOUT, "mass_rdns: TRANSMITTING for <%s> (server <%s>)\n", tpreq->targ->targetipstr() , servI->hostname.c_str());
+ stat_trans++;
+ put_dns_packet_on_wire(tpreq);
+ }
+ }
+ }
+}
+
+// nsock write handler
+static void write_evt_handler(nsock_pool nsp, nsock_event evt, void *req_v) {
+ info record;
+ request *req = (request *) req_v;
+
+ req->curr_server->write_busy = 0;
+
+ req->curr_server->in_process.push_front(req);
+ record.tpreq = req;
+ record.server = req->curr_server;
+ records[req->id] = record;
+
+ do_possible_writes();
+}
+
+// Takes a DNS request structure and actually puts it on the wire
+// (calls nsock_write()). Does various other tasks like recording
+// the time for the timeout.
+static void put_dns_packet_on_wire(request *req) {
+ static const size_t maxlen = 512;
+ u8 packet[maxlen];
+ size_t plen=0;
+
+ struct timeval now, timeout;
+
+ req->id = DNS::Factory::progressiveId;
+ req->curr_server->write_busy = 1;
+ req->curr_server->reqs_on_wire++;
+
+ plen = DNS::Factory::buildReverseRequest(*req->targ->TargetSockAddr(), packet, maxlen);
+
+ memcpy(&now, nsock_gettimeofday(), sizeof(struct timeval));
+ TIMEVAL_MSEC_ADD(timeout, now, read_timeouts[read_timeout_index][req->tries]);
+ memcpy(&req->timeout, &timeout, sizeof(struct timeval));
+
+ req->tries++;
+
+ nsock_write(dnspool, req->curr_server->nsd, write_evt_handler, WRITE_TIMEOUT, req, reinterpret_cast<const char *>(packet), plen);
+}
+
+// Processes DNS packets that have timed out
+// Returns time until next read timeout
+static int deal_with_timedout_reads() {
+ std::list<dns_server>::iterator servI;
+ std::list<dns_server>::iterator servItemp;
+ std::list<request *>::iterator reqI;
+ std::list<request *>::iterator nextI;
+ std::map<u16, info>::iterator infoI;
+ request *tpreq;
+ struct timeval now;
+ int tp, min_timeout = INT_MAX;
+
+ memcpy(&now, nsock_gettimeofday(), sizeof(struct timeval));
+
+ if (keyWasPressed())
+ SPM->printStats((double) (stat_ok + stat_nx + stat_dropped) / stat_actual, &now);
+
+ for(servI = servs.begin(); servI != servs.end(); servI++) {
+ nextI = servI->in_process.begin();
+ if (nextI == servI->in_process.end()) continue;
+
+ do {
+ reqI = nextI++;
+ tpreq = *reqI;
+
+ tp = TIMEVAL_MSEC_SUBTRACT(tpreq->timeout, now);
+ if (tp > 0 && tp < min_timeout) min_timeout = tp;
+
+ if (tp <= 0) {
+ servI->capacity = (int) (servI->capacity * CAPACITY_MINOR_DOWN_SCALE);
+ check_capacities(&*servI);
+ servI->in_process.erase(reqI);
+ std::map<u16, info>::iterator it = records.find(tpreq->id);
+ if ( it != records.end() )
+ records.erase(it);
+ servI->reqs_on_wire--;
+
+ // If we've tried this server enough times, move to the next one
+ if (read_timeouts[read_timeout_index][tpreq->tries] == -1) {
+ servI->capacity = (int) (servI->capacity * CAPACITY_MAJOR_DOWN_SCALE);
+ check_capacities(&*servI);
+
+ servItemp = servI;
+ servItemp++;
+
+ if (servItemp == servs.end()) servItemp = servs.begin();
+
+ tpreq->curr_server = &*servItemp;
+ tpreq->tries = 0;
+ tpreq->servers_tried++;
+
+ if (tpreq->curr_server == tpreq->first_server || tpreq->servers_tried == SERVERS_TO_TRY) {
+ // Either give up on the IP
+ // or, for maximum reliability, put the server back into processing
+ // Note it's possible that this will never terminate.
+ // FIXME: Find a good compromise
+
+ // **** We've already tried all servers... give up
+ if (o.debugging >= TRACE_DEBUG_LEVEL) log_write(LOG_STDOUT, "mass_rdns: *DR*OPPING <%s>\n", tpreq->targ->targetipstr());
+
+ output_summary();
+ stat_dropped++;
+ total_reqs--;
+ infoI = records.find(tpreq->id);
+ if ( infoI != records.end() )
+ records.erase(infoI);
+ delete tpreq;
+
+ // **** OR We start at the back of this server's queue
+ //servItemp->to_process.push_back(tpreq);
+ } else {
+ servItemp->to_process.push_back(tpreq);
+ }
+ } else {
+ servI->to_process.push_back(tpreq);
+ }
+
+ }
+
+ } while (nextI != servI->in_process.end());
+
+ }
+
+ if (min_timeout > 500) return 500;
+ else return min_timeout;
+
+}
+
+// After processing a DNS response, we search through the IPs we're
+// looking for and update their results as necessary.
+// Returns non-zero if this matches a query we're looking for
+static int process_result(const sockaddr_storage &ip, const std::string &result, int action, u16 id)
+{
+ request *tpreq;
+ std::map<u16, info>::iterator infoI;
+ dns_server *server;
+
+ infoI = records.find(id);
+
+ if( infoI != records.end() ){
+
+ tpreq = infoI->second.tpreq;
+ server = infoI->second.server;
+
+ if( !result.empty() && !sockaddr_storage_equal(&ip, tpreq->targ->TargetSockAddr()) )
+ return 0;
+
+ if (action == ACTION_SYSTEM_RESOLVE || action == ACTION_FINISHED)
+ {
+ server->capacity += CAPACITY_UP_STEP;
+ check_capacities(&*server);
+
+ if(!result.empty())
+ {
+ tpreq->targ->setHostName(result.c_str());
+ host_cache.add(* tpreq->targ->TargetSockAddr(), result);
+ }
+
+ records.erase(infoI);
+ server->in_process.remove(tpreq);
+ server->reqs_on_wire--;
+
+ total_reqs--;
+
+ if (action == ACTION_SYSTEM_RESOLVE) deferred_reqs.push_back(tpreq);
+ if (action == ACTION_FINISHED) delete tpreq;
+ }
+ else
+ {
+ memcpy(&tpreq->timeout, nsock_gettimeofday(), sizeof(struct timeval));
+ deal_with_timedout_reads();
+ }
+
+ do_possible_writes();
+
+ // Close DNS servers if we're all done so that we kill
+ // all events and return from nsock_loop immediateley
+ if (total_reqs == 0)
+ close_dns_servers();
+ return 1;
+ }
+ return 0;
+}
+
+// Nsock read handler. One nsock read for each DNS server exists at each
+// time. This function uses various helper functions as defined above.
+static void read_evt_handler(nsock_pool nsp, nsock_event evt, void *) {
+ const u8 *buf;
+ int buflen;
+
+ if (total_reqs >= 1)
+ nsock_read(nsp, nse_iod(evt), read_evt_handler, -1, NULL);
+
+ if (nse_type(evt) != NSE_TYPE_READ || nse_status(evt) != NSE_STATUS_SUCCESS) {
+ if (o.debugging)
+ log_write(LOG_STDOUT, "mass_dns: warning: got a %s:%s in %s()\n",
+ nse_type2str(nse_type(evt)),
+ nse_status2str(nse_status(evt)), __func__);
+ return;
+ }
+
+ buf = (unsigned char *) nse_readbuf(evt, &buflen);
+
+ DNS::Packet p;
+ size_t readed_bytes = p.parseFromBuffer(buf, buflen);
+ if(readed_bytes < DNS::DATA) return;
+
+ // We should have 1+ queries:
+ u16 &f = p.flags;
+ if(p.queries.empty() || !DNS_HAS_FLAG(f, DNS::RESPONSE) ||
+ !DNS_HAS_FLAG(f, DNS::OP_STANDARD_QUERY) ||
+ (f & DNS::ZERO) || DNS_HAS_ERR(f, DNS::ERR_FORMAT) ||
+ DNS_HAS_ERR(f, DNS::ERR_NOT_IMPLEMENTED) || DNS_HAS_ERR(f, DNS::ERR_REFUSED))
+ return;
+
+ if (DNS_HAS_ERR(f, DNS::ERR_NAME))
+ {
+ sockaddr_storage discard;
+ if(process_result(discard, "", ACTION_FINISHED, p.id))
+ {
+ if (o.debugging >= TRACE_DEBUG_LEVEL)
+ log_write(LOG_STDOUT, "mass_rdns: NXDOMAIN <id = %d>\n", p.id);
+ output_summary();
+ stat_nx++;
+ }
+
+ return;
+ }
+
+ if (DNS_HAS_ERR(f, DNS::ERR_SERVFAIL))
+ {
+ sockaddr_storage discard;
+ if (process_result(discard, "", ACTION_TIMEOUT, p.id))
+ {
+ if (o.debugging >= TRACE_DEBUG_LEVEL)
+ log_write(LOG_STDOUT, "mass_rdns: SERVFAIL <id = %d>\n", p.id);
+ stat_sf++;
+ }
+
+ return;
+ }
+
+ bool processing_successful = false;
+
+ sockaddr_storage ip;
+ ip.ss_family = AF_UNSPEC;
+ std::string alias;
+
+ for(std::list<DNS::Answer>::const_iterator it = p.answers.begin();
+ it != p.answers.end() && !processing_successful; ++it )
+ {
+ const DNS::Answer &a = *it;
+ if(a.record_class == DNS::CLASS_IN)
+ {
+ switch(a.record_type)
+ {
+ case DNS::PTR:
+ {
+ DNS::PTR_Record * ptr = static_cast<DNS::PTR_Record *>(a.record);
+
+ if(
+ // If CNAME answer filled in ip with a matching alias
+ (ip.ss_family != AF_UNSPEC && a.name == alias )
+ // Or if we can get an IP from reversing the .arpa PTR address
+ || DNS::Factory::ptrToIp(a.name, ip))
+ {
+ if ((processing_successful = process_result(ip, ptr->value, ACTION_FINISHED, p.id)))
+ {
+ if (o.debugging >= TRACE_DEBUG_LEVEL)
+ {
+ char ipstr[INET6_ADDRSTRLEN];
+ sockaddr_storage_iptop(&ip, ipstr);
+ log_write(LOG_STDOUT, "mass_rdns: OK MATCHED <%s> to <%s>\n",
+ ipstr,
+ ptr->value.c_str());
+ }
+ output_summary();
+ stat_ok++;
+ }
+ }
+ break;
+ }
+ case DNS::CNAME:
+ {
+ if(DNS::Factory::ptrToIp(a.name, ip))
+ {
+ DNS::CNAME_Record * cname = static_cast<DNS::CNAME_Record *>(a.record);
+ alias = cname->value;
+ if (o.debugging >= TRACE_DEBUG_LEVEL)
+ {
+ char ipstr[INET6_ADDRSTRLEN];
+ sockaddr_storage_iptop(&ip, ipstr);
+ log_write(LOG_STDOUT, "mass_rdns: CNAME found for <%s> to <%s>\n", ipstr, alias.c_str());
+ }
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ }
+
+ if (!processing_successful) {
+ if (DNS_HAS_FLAG(f, DNS::TRUNCATED)) {
+ // TODO: TCP fallback, or only use system resolver if user didn't specify --dns-servers
+ process_result(ip, "", ACTION_SYSTEM_RESOLVE, p.id);
+ }
+ else if (!alias.empty()) {
+ if (o.debugging >= TRACE_DEBUG_LEVEL)
+ {
+ char ipstr[INET6_ADDRSTRLEN];
+ sockaddr_storage_iptop(&ip, ipstr);
+ log_write(LOG_STDOUT, "mass_rdns: CNAME for <%s> not processed.\n", ipstr);
+ }
+ // TODO: Send a PTR request for alias instead. Meanwhile, we'll just fall
+ // back to using system resolver. Alternative: report the canonical name
+ // (alias), but that's not very useful.
+ process_result(ip, "", ACTION_SYSTEM_RESOLVE, p.id);
+ }
+ else {
+ if (o.debugging >= TRACE_DEBUG_LEVEL) {
+ log_write(LOG_STDOUT, "mass_rdns: Unable to process the response\n");
+ }
+ }
+ }
+}
+
+
+// nsock connect handler - Empty because it doesn't really need to do anything...
+static void connect_evt_handler(nsock_pool, nsock_event, void *) {}
+
+
+// Adds DNS servers to the dns_server list. They can be separated by
+// commas or spaces - NOTE this doesn't actually do any connecting!
+static void add_dns_server(char *ipaddrs) {
+ std::list<dns_server>::iterator servI;
+ const char *hostname;
+ struct sockaddr_storage addr;
+ size_t addr_len = sizeof(addr);
+
+ for (hostname = strtok(ipaddrs, " ,"); hostname != NULL; hostname = strtok(NULL, " ,")) {
+
+ if (resolve(hostname, 0, (struct sockaddr_storage *) &addr, &addr_len,
+ o.spoofsource ? o.af() : PF_UNSPEC) != 0)
+ continue;
+
+ for(servI = servs.begin(); servI != servs.end(); servI++) {
+ // Already added!
+ if (memcmp(&addr, &servI->addr, sizeof(addr)) == 0) break;
+ }
+
+ // If it hasn't already been added, add it!
+ if (servI == servs.end()) {
+ dns_server tpserv;
+
+ tpserv.hostname = hostname;
+ memcpy(&tpserv.addr, &addr, sizeof(addr));
+ tpserv.addr_len = addr_len;
+
+ servs.push_front(tpserv);
+
+ if (o.debugging) log_write(LOG_STDOUT, "mass_rdns: Using DNS server %s\n", hostname);
+ }
+
+ }
+
+}
+
+// Creates a new nsi for each DNS server
+static void connect_dns_servers() {
+ std::list<dns_server>::iterator serverI;
+ for(serverI = servs.begin(); serverI != servs.end(); serverI++) {
+ serverI->nsd = nsock_iod_new(dnspool, NULL);
+ if (o.spoofsource) {
+ struct sockaddr_storage ss;
+ size_t sslen;
+ o.SourceSockAddr(&ss, &sslen);
+ nsock_iod_set_localaddr(serverI->nsd, &ss, sslen);
+ }
+ if (o.ipoptionslen)
+ nsock_iod_set_ipoptions(serverI->nsd, o.ipoptions, o.ipoptionslen);
+ serverI->reqs_on_wire = 0;
+ serverI->capacity = CAPACITY_MIN;
+ serverI->write_busy = 0;
+
+ nsock_connect_udp(dnspool, serverI->nsd, connect_evt_handler, NULL, (struct sockaddr *) &serverI->addr, serverI->addr_len, 53);
+ nsock_read(dnspool, serverI->nsd, read_evt_handler, -1, NULL);
+ serverI->connected = 1;
+ }
+
+}
+
+
+#ifdef WIN32
+static bool interface_is_known_by_guid(const char *guid) {
+ const struct interface_info *iflist;
+ int i, n;
+
+ iflist = getinterfaces(&n, NULL, 0);
+ if (iflist == NULL)
+ return false;
+
+ for (i = 0; i < n; i++) {
+ char pcap_name[1024];
+ const char *pcap_guid;
+
+ if (!DnetName2PcapName(iflist[i].devname, pcap_name, sizeof(pcap_name)))
+ continue;
+ pcap_guid = strchr(pcap_name, '{');
+ if (pcap_guid == NULL)
+ continue;
+ if (strcasecmp(guid, pcap_guid) == 0)
+ return true;
+ }
+
+ return false;
+}
+
+// Reads the Windows registry and adds all the nameservers found via the
+// add_dns_server() function.
+void win32_read_registry() {
+ HKEY hKey;
+ HKEY hKey2;
+ char keybasebuf[2048];
+ char buf[2048], keyname[2048], *p;
+ DWORD sz, i;
+
+ Snprintf(keybasebuf, sizeof(keybasebuf), "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters");
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, keybasebuf,
+ 0, KEY_READ, &hKey) != ERROR_SUCCESS) {
+ if (firstrun) error("mass_dns: warning: Error opening registry to read DNS servers. Try using --system-dns or specify valid servers with --dns-servers");
+ return;
+ }
+
+ sz = sizeof(buf);
+ if (RegQueryValueEx(hKey, "NameServer", NULL, NULL, (LPBYTE) buf, (LPDWORD) &sz) == ERROR_SUCCESS)
+ add_dns_server(buf);
+
+ sz = sizeof(buf);
+ if (RegQueryValueEx(hKey, "DhcpNameServer", NULL, NULL, (LPBYTE) buf, (LPDWORD) &sz) == ERROR_SUCCESS)
+ add_dns_server(buf);
+
+ RegCloseKey(hKey);
+
+ Snprintf(keybasebuf, sizeof(keybasebuf), "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces");
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, keybasebuf,
+ 0, KEY_ENUMERATE_SUB_KEYS, &hKey) == ERROR_SUCCESS) {
+
+ for (i=0; sz = sizeof(buf), RegEnumKeyEx(hKey, i, buf, &sz, NULL, NULL, NULL, NULL) != ERROR_NO_MORE_ITEMS; i++) {
+
+ // If we don't have pcap, interface_is_known_by_guid will crash. Just use any servers we can find.
+ if (o.have_pcap && !interface_is_known_by_guid(buf)) {
+ if (o.debugging > 1)
+ log_write(LOG_PLAIN, "Interface %s is not known; ignoring its nameservers.\n", buf);
+ continue;
+ }
+
+ Snprintf(keyname, sizeof(keyname), "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\%s", buf);
+
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname,
+ 0, KEY_READ, &hKey2) == ERROR_SUCCESS) {
+
+ sz = sizeof(buf);
+ if (RegQueryValueEx(hKey2, "DhcpNameServer", NULL, NULL, (LPBYTE) buf, (LPDWORD) &sz) == ERROR_SUCCESS)
+ add_dns_server(buf);
+
+ sz = sizeof(buf);
+ if (RegQueryValueEx(hKey2, "NameServer", NULL, NULL, (LPBYTE) buf, (LPDWORD) &sz) == ERROR_SUCCESS)
+ add_dns_server(buf);
+
+ RegCloseKey(hKey2);
+ }
+ }
+
+ RegCloseKey(hKey);
+
+ }
+
+}
+#endif // WIN32
+
+
+
+// Parses /etc/resolv.conf (unix) and adds all the nameservers found via the
+// add_dns_server() function.
+static void parse_resolvdotconf() {
+ FILE *fp;
+ char buf[2048], *tp;
+ char fmt[32];
+ char ipaddr[INET6_ADDRSTRLEN+1];
+
+ fp = fopen("/etc/resolv.conf", "r");
+ if (fp == NULL) {
+ if (firstrun) gh_perror("mass_dns: warning: Unable to open /etc/resolv.conf. Try using --system-dns or specify valid servers with --dns-servers");
+ return;
+ }
+
+ Snprintf(fmt, sizeof(fmt), "nameserver %%%us", INET6_ADDRSTRLEN);
+
+ while (fgets(buf, sizeof(buf), fp)) {
+ tp = buf;
+
+ // Clip off comments #, \r, \n
+ while (*tp != '\r' && *tp != '\n' && *tp != '#' && *tp) tp++;
+ *tp = '\0';
+
+ tp = buf;
+ // Skip any leading whitespace
+ while (*tp == ' ' || *tp == '\t') tp++;
+
+ if (sscanf(tp, fmt, ipaddr) == 1) add_dns_server(ipaddr);
+ }
+
+ fclose(fp);
+}
+
+
+static void parse_etchosts(const char *fname) {
+ FILE *fp;
+ char buf[2048], hname[256], ipaddrstr[INET6_ADDRSTRLEN+1], *tp;
+ sockaddr_storage ia;
+
+ fp = fopen(fname, "r");
+ if (fp == NULL) return; // silently is OK
+
+ while (fgets(buf, sizeof(buf), fp)) {
+ tp = buf;
+
+ // Clip off comments #, \r, \n
+ while (*tp != '\r' && *tp != '\n' && *tp != '#' && *tp) tp++;
+ *tp = '\0';
+
+ tp = buf;
+ // Skip any leading whitespace
+ while (*tp == ' ' || *tp == '\t') tp++;
+
+ std::stringstream pattern;
+ pattern << "%" << INET6_ADDRSTRLEN << "s %255s";
+ if (sscanf(tp, pattern.str().c_str(), ipaddrstr, hname) == 2)
+ if (sockaddr_storage_inet_pton(ipaddrstr, &ia))
+ {
+ const std::string hname_ = hname;
+ host_cache.add(ia, hname_);
+ }
+ }
+
+ fclose(fp);
+}
+
+static void etchosts_init(void) {
+ static int initialized = 0;
+ if (initialized) return;
+ initialized = 1;
+
+#ifdef WIN32
+ char windows_dir[1024];
+ char tpbuf[2048];
+ int has_backslash;
+
+ if (!GetWindowsDirectory(windows_dir, sizeof(windows_dir)))
+ fatal("Failed to determine your windows directory");
+
+ // If it has a backslash it's C:\, otherwise something like C:\WINNT
+ has_backslash = (windows_dir[strlen(windows_dir)-1] == '\\');
+
+ // Windows NT/2000/XP/2K3:
+ Snprintf(tpbuf, sizeof(tpbuf), "%s%ssystem32\\drivers\\etc\\hosts", windows_dir, has_backslash ? "" : "\\");
+ parse_etchosts(tpbuf);
+
+#else
+ parse_etchosts("/etc/hosts");
+#endif // WIN32
+}
+
+/* Initialize the global servs list of DNS servers. If the --dns-servers option
+ * was given, use the listed servers; otherwise get the list from resolv.conf or
+ * the Windows registry. If o.mass_dns is false, the list of servers is empty.
+ * This function caches the results from the first time it is run. */
+static void init_servs(void) {
+ static bool initialized = false;
+
+ if (initialized)
+ return;
+
+ initialized = true;
+
+ if (!o.mass_dns)
+ return;
+
+ if (o.dns_servers) {
+ add_dns_server(o.dns_servers);
+ } else {
+#ifndef WIN32
+ parse_resolvdotconf();
+#else
+ win32_read_registry();
+#endif
+ }
+}
+
+//------------------- Main loops ---------------------
+
+
+// Actual main loop
+static void nmap_mass_rdns_core(Target **targets, int num_targets) {
+
+ Target **hostI;
+ std::list<request *>::iterator reqI;
+ request *tpreq;
+ int timeout;
+ const char *tpname;
+ int i;
+ char spmobuf[1024];
+
+ // If necessary, set up the dns server list
+ init_servs();
+
+ if (servs.size() == 0 && firstrun) error("mass_dns: warning: Unable to "
+ "determine any DNS servers. Reverse"
+ " DNS is disabled. Try using "
+ "--system-dns or specify valid "
+ "servers with --dns-servers");
+
+
+ // If necessary, read /etc/hosts and put entries into the hashtable
+ etchosts_init();
+
+
+ total_reqs = 0;
+
+ // Set up the request structure
+ for(hostI = targets; hostI < targets+num_targets; hostI++)
+ {
+ if (!((*hostI)->flags & HOST_UP) && !o.always_resolve) continue;
+
+ // See if it's cached
+ std::string res;
+ if (host_cache.lookup(*(*hostI)->TargetSockAddr(), res)) {
+ tpname = res.c_str();
+ (*hostI)->setHostName(tpname);
+ continue;
+ }
+
+ tpreq = new request;
+ tpreq->targ = *hostI;
+ tpreq->tries = 0;
+ tpreq->servers_tried = 0;
+
+ new_reqs.push_back(tpreq);
+
+ stat_actual++;
+ total_reqs++;
+ }
+
+ if (total_reqs == 0 || servs.size() == 0) return;
+
+ // And finally, do it!
+
+ if ((dnspool = nsock_pool_new(NULL)) == NULL)
+ fatal("Unable to create nsock pool in %s()", __func__);
+
+ nmap_set_nsock_logger();
+ nmap_adjust_loglevel(o.packetTrace());
+
+ nsock_pool_set_device(dnspool, o.device);
+
+ if (o.proxy_chain)
+ nsock_pool_set_proxychain(dnspool, o.proxy_chain);
+
+ connect_dns_servers();
+
+ deferred_reqs.clear();
+
+ read_timeout_index = MIN(sizeof(read_timeouts)/sizeof(read_timeouts[0]), servs.size()) - 1;
+
+ Snprintf(spmobuf, sizeof(spmobuf), "Parallel DNS resolution of %d host%s.", stat_actual, stat_actual-1 ? "s" : "");
+ SPM = new ScanProgressMeter(spmobuf);
+
+ while (total_reqs > 0) {
+ timeout = deal_with_timedout_reads();
+
+ do_possible_writes();
+
+ if (total_reqs <= 0) break;
+
+ /* Because this can change with runtime interaction */
+ nmap_adjust_loglevel(o.packetTrace());
+
+ nsock_loop(dnspool, timeout);
+ }
+
+ SPM->endTask(NULL, NULL);
+ delete SPM;
+
+ close_dns_servers();
+
+ nsock_pool_delete(dnspool);
+
+ if (deferred_reqs.size() && o.debugging)
+ log_write(LOG_STDOUT, "Performing system-dns for %d domain names that were deferred\n", (int) deferred_reqs.size());
+
+ if (deferred_reqs.size()) {
+ Snprintf(spmobuf, sizeof(spmobuf), "System DNS resolution of %u host%s.", (unsigned) deferred_reqs.size(), deferred_reqs.size()-1 ? "s" : "");
+ SPM = new ScanProgressMeter(spmobuf);
+
+ for(i=0, reqI = deferred_reqs.begin(); reqI != deferred_reqs.end(); reqI++, i++) {
+ char hostname[FQDN_LEN + 1] = "";
+
+ if (keyWasPressed())
+ SPM->printStats((double) i / deferred_reqs.size(), NULL);
+
+ tpreq = *reqI;
+
+ if (getnameinfo((const struct sockaddr *)tpreq->targ->TargetSockAddr(),
+ sizeof(struct sockaddr_storage), hostname,
+ sizeof(hostname), NULL, 0, NI_NAMEREQD) == 0) {
+ stat_ok++;
+ stat_cname++;
+ tpreq->targ->setHostName(hostname);
+ }
+
+ delete tpreq;
+
+ }
+
+ SPM->endTask(NULL, NULL);
+ delete SPM;
+ }
+
+ deferred_reqs.clear();
+
+}
+
+static void nmap_system_rdns_core(Target **targets, int num_targets) {
+ Target **hostI;
+ Target *currenths;
+ char hostname[FQDN_LEN + 1] = "";
+ char spmobuf[1024];
+ int i;
+
+ for(hostI = targets; hostI < targets+num_targets; hostI++) {
+ currenths = *hostI;
+
+ if (((currenths->flags & HOST_UP) || o.always_resolve) && !o.noresolve) stat_actual++;
+ }
+
+ Snprintf(spmobuf, sizeof(spmobuf), "System DNS resolution of %d host%s.", stat_actual, stat_actual-1 ? "s" : "");
+ SPM = new ScanProgressMeter(spmobuf);
+
+ for(i=0, hostI = targets; hostI < targets+num_targets; hostI++, i++) {
+ currenths = *hostI;
+
+ if (keyWasPressed())
+ SPM->printStats((double) i / stat_actual, NULL);
+
+ if (((currenths->flags & HOST_UP) || o.always_resolve) && !o.noresolve) {
+ if (getnameinfo((struct sockaddr *)currenths->TargetSockAddr(),
+ sizeof(sockaddr_storage), hostname,
+ sizeof(hostname), NULL, 0, NI_NAMEREQD) == 0) {
+ stat_ok++;
+ currenths->setHostName(hostname);
+ }
+ }
+ }
+
+ SPM->endTask(NULL, NULL);
+ delete SPM;
+}
+
+
+// Publicly available function. Basically just a wrapper so we
+// can record time information, restart statistics, etc.
+void nmap_mass_rdns(Target **targets, int num_targets) {
+
+ struct timeval now;
+
+ gettimeofday(&starttv, NULL);
+
+ stat_actual = stat_ok = stat_nx = stat_sf = stat_trans = stat_dropped = stat_cname = 0;
+
+ if (o.mass_dns)
+ nmap_mass_rdns_core(targets, num_targets);
+ else
+ nmap_system_rdns_core(targets, num_targets);
+
+ gettimeofday(&now, NULL);
+
+ if (stat_actual > 0) {
+ if (o.debugging || o.verbose >= 3) {
+ if (o.mass_dns) {
+ // #: Number of DNS servers used
+ // OK: Number of fully reverse resolved queries
+ // NX: Number of confirmations of 'No such reverse domain eXists'
+ // DR: Dropped IPs (no valid responses were received)
+ // SF: Number of IPs that got 'Server Failure's
+ // TR: Total number of transmissions necessary. The number of domains is ideal, higher is worse
+ log_write(LOG_STDOUT, "DNS resolution of %d IPs took %.2fs. Mode: Async [#: %lu, OK: %d, NX: %d, DR: %d, SF: %d, TR: %d, CN: %d]\n",
+ stat_actual, TIMEVAL_MSEC_SUBTRACT(now, starttv) / 1000.0,
+ (unsigned long) servs.size(), stat_ok, stat_nx, stat_dropped, stat_sf, stat_trans, stat_cname);
+ } else {
+ log_write(LOG_STDOUT, "DNS resolution of %d IPs took %.2fs. Mode: System [OK: %d, ??: %d]\n",
+ stat_actual, TIMEVAL_MSEC_SUBTRACT(now, starttv) / 1000.0,
+ stat_ok, stat_actual - stat_ok);
+ }
+ }
+ }
+
+ firstrun=0;
+}
+
+
+// Returns a list of known DNS servers
+std::list<std::string> get_dns_servers() {
+ init_servs();
+
+ // If the user said --system-dns (!o.mass_dns), we should never return a list
+ // of servers.
+ assert(o.mass_dns || servs.empty());
+
+ std::list<dns_server>::iterator servI;
+ std::list<std::string> serverList;
+ for(servI = servs.begin(); servI != servs.end(); servI++) {
+ serverList.push_back(inet_socktop((struct sockaddr_storage *) &servI->addr));
+ }
+ return serverList;
+}
+
+bool DNS::Factory::ipToPtr(const sockaddr_storage &ip, std::string &ptr)
+{
+ switch (ip.ss_family) {
+ case AF_INET:
+ {
+ ptr.clear();
+ char ipv4_c[INET_ADDRSTRLEN];
+ if(!sockaddr_storage_iptop(&ip, ipv4_c)) return false;
+
+ std::string ipv4 = ipv4_c;
+ std::string octet;
+ std::string::const_reverse_iterator crend = ipv4.rend();
+ for (std::string::const_reverse_iterator c=ipv4.rbegin(); c != crend; ++c)
+ if((*c)=='.')
+ {
+ ptr += octet + ".";
+ octet.clear();
+ }
+ else
+ octet = (*c) + octet;
+
+ ptr += octet + IPV4_PTR_DOMAIN;
+
+ break;
+ }
+ case AF_INET6:
+ {
+ ptr.clear();
+ const struct sockaddr_in6 &s6 = (const struct sockaddr_in6 &) ip;
+ const u8 * ipv6 = s6.sin6_addr.s6_addr;
+ for (short i=15; i>=0; --i)
+ {
+ char tmp[3];
+ sprintf(tmp, "%02x", ipv6[i]);
+ ptr += '.';
+ ptr += tmp[1];
+ ptr += '.';
+ ptr += tmp[0];
+ }
+ ptr.erase(ptr.begin());
+ ptr += IPV6_PTR_DOMAIN;
+ break;
+ }
+ default:
+ return false;
+ }
+ return true;
+}
+
+bool DNS::Factory::ptrToIp(const std::string &ptr, sockaddr_storage &ip)
+{
+ const char *cptr = ptr.c_str();
+ const char *p = NULL;
+
+ memset(&ip, 0, sizeof(sockaddr_storage));
+
+ // Check whether the name ends with the IPv4 PTR domain
+ if (NULL != (p = strcasestr(cptr + ptr.length() + 1 - sizeof(C_IPV4_PTR_DOMAIN), C_IPV4_PTR_DOMAIN)))
+ {
+ struct sockaddr_in *ip4 = (struct sockaddr_in *)&ip;
+ static const u8 place_value[] = {1, 10, 100};
+ u8 *v = (u8 *) &(ip4->sin_addr.s_addr);
+ size_t place = 0;
+ size_t i = 0;
+
+ p--;
+ while (p >= cptr && i < sizeof(ip4->sin_addr.s_addr))
+ {
+ if (*p == '.')
+ {
+ place = 0;
+ p--;
+ i++;
+ }
+ if (p < cptr)
+ {
+ break;
+ }
+ u8 n = *p;
+ if (n >= '0' && n <= '9') { // 0-9
+ n -= 0x30;
+ }
+ else { // invalid
+ return false;
+ }
+ v[i] += n * place_value[place];
+ place++;
+ p--;
+ }
+ ip.ss_family = AF_INET;
+ }
+ // If not, check IPv6
+ else if (NULL != (p = strcasestr(cptr + ptr.length() + 1 - sizeof(C_IPV6_PTR_DOMAIN), C_IPV6_PTR_DOMAIN)))
+ {
+ struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)&ip;
+ u8 alt = 0;
+ size_t i=0;
+
+ p--;
+ while (p >= cptr && i < sizeof(ip6->sin6_addr.s6_addr))
+ {
+ if (*p == '.')
+ {
+ p--;
+ }
+ if (p < cptr)
+ {
+ break;
+ }
+ u8 n = *p;
+ // First subtract base regardless of underflow:
+ if (n < 0x3A) { // 0-9
+ n -= 0x30;
+ }
+ else if (n < 0x47) { // A-F
+ n -= 0x37;
+ }
+ else if (n < 0x67) { // a-f
+ n -= 0x57;
+ }
+ else { // invalid
+ return false;
+ }
+ // Now catch any of the underflow conditions above:
+ if (n > 0xf) { // invalid
+ return false;
+ }
+ if (alt == 0) { // high nibble
+ ip6->sin6_addr.s6_addr[i] += n << 4;
+ alt = 1;
+ }
+ else { // low nibble
+ ip6->sin6_addr.s6_addr[i] += n;
+ alt = 0;
+ i++;
+ }
+ p--;
+ }
+ ip.ss_family = AF_INET6;
+ }
+ return true;
+}
+
+size_t DNS::Factory::buildSimpleRequest(const std::string &name, RECORD_TYPE rt, u8 *buf, size_t maxlen)
+{
+ size_t ret=0 , tmp=0;
+ DNS_CHECK_ACCUMLATE(ret, tmp, putUnsignedShort(progressiveId++, buf, ID, maxlen)); // Postincrement inmportant here
+ DNS_CHECK_ACCUMLATE(ret, tmp, putUnsignedShort(OP_STANDARD_QUERY | RECURSION_DESIRED, buf, FLAGS_OFFSET, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, putUnsignedShort(1, buf, QDCOUNT, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, putUnsignedShort(0, buf, ANCOUNT, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, putUnsignedShort(0, buf, NSCOUNT, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, putUnsignedShort(0, buf, ARCOUNT, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, putDomainName(name, buf, DATA, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, putUnsignedShort(rt, buf, ret, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, putUnsignedShort(CLASS_IN, buf, ret, maxlen));
+
+ return ret;
+}
+
+size_t DNS::Factory::buildReverseRequest(const sockaddr_storage &ip, u8 *buf, size_t maxlen)
+{
+ std::string name;
+ if(ipToPtr(ip,name))
+ return buildSimpleRequest(name, PTR, buf, maxlen);
+ return 0;
+}
+
+size_t DNS::Factory::putUnsignedShort(u16 num, u8 *buf, size_t offset, size_t maxlen)
+{
+ size_t max_access = offset+1;
+ if(buf && (maxlen > max_access))
+ {
+ buf[offset] = (num >> 8) & 0xFF;
+ buf[max_access] = num & 0xFF;
+ return 2;
+ }
+
+ return 0;
+}
+
+size_t DNS::Factory::putDomainName(const std::string &name, u8 *buf, size_t offset, size_t maxlen)
+{
+ size_t ret=0;
+ if( !( buf && (maxlen > (offset + name.length() + 1))) ) return ret;
+
+ std::string namew = name + ".";
+ std::string accumulator;
+ for (std::string::const_iterator c=namew.begin(); c != namew.end(); ++c)
+ {
+ if((*c)=='.')
+ {
+ u8 length = accumulator.length();
+ *(buf+offset+ret) = length;
+ ret += 1;
+
+ memcpy(buf+offset+ret, accumulator.c_str(), length);
+ ret += length;
+ accumulator.clear();
+ }
+ else
+ accumulator += (*c);
+ }
+
+ *(buf+offset+ret) = 0;
+ ret += 1;
+
+ return ret;
+}
+
+size_t DNS::Factory::parseUnsignedShort(u16 &num, const u8 *buf, size_t offset, size_t maxlen)
+{
+ size_t max_access = offset+1;
+ if(buf && (maxlen > max_access))
+ {
+ const u8 * n = buf + offset;
+ num = n[1] + (n[0]<<8);
+ return 2;
+ }
+
+ return 0;
+}
+
+size_t DNS::Factory::parseUnsignedInt(u32 &num, const u8 *buf, size_t offset, size_t maxlen)
+{
+ size_t max_access = offset+3;
+ if(buf && (maxlen > max_access))
+ {
+ const u8 * n = buf + offset;
+ num = n[3] + (n[2]<<8) + (n[1]<<16) + (n[0]<<24);
+ return 4;
+ }
+
+ return 0;
+}
+
+size_t DNS::Factory::parseDomainName(std::string &name, const u8 *buf, size_t offset, size_t maxlen)
+{
+ size_t tmp = 0;
+ size_t max_offset = offset;
+ size_t curr_offset = offset;
+
+ name.clear();
+ while(u8 label_length = buf[curr_offset])
+ {
+ if((label_length & COMPRESSED_NAME) == COMPRESSED_NAME)
+ {
+ u16 real_offset;
+ tmp = parseUnsignedShort(real_offset, buf, curr_offset, maxlen);
+ if (tmp < 1) {
+ return 0;
+ }
+ if (curr_offset >= max_offset) {
+ max_offset = curr_offset + tmp;
+ }
+ real_offset -= COMPRESSED_NAME<<8;
+ if(real_offset < curr_offset)
+ {
+ curr_offset = real_offset;
+ continue;
+ }
+ else {
+ if (o.debugging) {
+ log_write(LOG_STDOUT, "DNS compression pointer is not backwards\n");
+ }
+ return 0;
+ }
+ }
+
+ if (label_length > DNS_LABEL_MAX_LENGTH) {
+ if (o.debugging) {
+ log_write(LOG_STDOUT, "DNS label exceeds max length\n");
+ }
+ return 0;
+ }
+
+ curr_offset++;
+ DNS_CHECK_UPPER_BOUND(curr_offset + label_length, maxlen);
+ name.append(reinterpret_cast<const char *>(buf + curr_offset), label_length);
+ curr_offset += label_length;
+ if (curr_offset > max_offset) {
+ max_offset = curr_offset;
+ }
+ name += '.';
+
+ if (name.length() > DNS_NAME_MAX_LENGTH - 1) {
+ if (o.debugging) {
+ log_write(LOG_STDOUT, "DNS name exceeds max length\n");
+ }
+ return 0;
+ }
+ }
+
+ if (max_offset == curr_offset && buf[curr_offset] == '\0') {
+ max_offset++;
+ }
+
+ std::string::iterator it = name.end()-1;
+ if( *it == '.') name.erase(it);
+
+ return max_offset - offset;
+}
+
+size_t DNS::A_Record::parseFromBuffer(const u8 *buf, size_t offset, size_t maxlen)
+{
+ size_t tmp, ret = 0;
+ u32 num;
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedInt(num, buf, offset, maxlen));
+
+ memset(&value, 0, sizeof(value));
+ struct sockaddr_in * ip4addr = (sockaddr_in *) &value;
+ ip4addr->sin_family = AF_INET;
+ ip4addr->sin_addr.s_addr = htonl(num);
+
+ return ret;
+}
+
+size_t DNS::Query::parseFromBuffer(const u8 *buf, size_t offset, size_t maxlen)
+{
+ size_t ret=0;
+
+ if (buf && ((maxlen - offset) > 5))
+ {
+ size_t tmp=0;
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseDomainName(name, buf, offset+ret, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(record_type, buf, offset+ret, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(record_class, buf, offset+ret, maxlen));
+ }
+
+ return ret;
+}
+
+size_t DNS::Answer::parseFromBuffer(const u8 *buf, size_t offset, size_t maxlen)
+{
+ size_t ret=0;
+
+ if (buf && ((maxlen - offset) > 7))
+ {
+ size_t tmp;
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseDomainName(name, buf, offset+ret, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(record_type, buf, offset+ret, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(record_class, buf, offset+ret, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedInt(ttl, buf, offset+ret, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(length, buf, offset+ret, maxlen));
+
+ DNS_CHECK_UPPER_BOUND(offset+ret+length, maxlen);
+
+ switch(record_type)
+ {
+ case A:
+ {
+ record = new A_Record();
+ break;
+ }
+ case CNAME:
+ {
+ record = new CNAME_Record();
+ break;
+ }
+ case PTR:
+ {
+ record = new PTR_Record();
+ break;
+ }
+ default:
+ return 0;
+ }
+
+ DNS_CHECK_ACCUMLATE(ret, tmp, record->parseFromBuffer(buf, offset+ret, maxlen));
+ }
+
+ return ret;
+}
+
+DNS::Answer& DNS::Answer::operator=(const Answer &r)
+{
+ name = r.name;
+ record_type = r.record_type;
+ record_class = r.record_class;
+ ttl = r.ttl;
+ length = r.length;
+ record = r.record->clone();
+ return *this;
+}
+
+size_t DNS::Packet::parseFromBuffer(const u8 *buf, size_t maxlen)
+{
+ if( !buf || maxlen < DATA) return 0;
+
+ size_t tmp, ret = 0;
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(id, buf, ID, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(flags, buf, FLAGS_OFFSET, maxlen));
+
+ u16 queries_counter, answers_counter, authorities_counter, additionals_counter;
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(queries_counter, buf, QDCOUNT, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(answers_counter, buf, ANCOUNT, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(authorities_counter, buf, NSCOUNT, maxlen));
+ DNS_CHECK_ACCUMLATE(ret, tmp, Factory::parseUnsignedShort(additionals_counter, buf, ARCOUNT, maxlen));
+
+ queries.clear();
+ for(u16 i=0; i<queries_counter; ++i)
+ {
+ Query q;
+ DNS_CHECK_ACCUMLATE(ret, tmp, q.parseFromBuffer(buf, ret, maxlen));
+ queries.push_back(q);
+ }
+
+ answers.clear();
+ for(u16 i=0; i<answers_counter; ++i)
+ {
+ Answer a;
+ DNS_CHECK_ACCUMLATE(ret, tmp, a.parseFromBuffer(buf, ret, maxlen));
+ answers.push_back(a);
+ };
+
+ return ret;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-12 14:26:13 +0000