Commit Diff
Diff:
0afcc5acafa2254021262cc8a8d7e06407794f40
8ebb7ace130a119774e64d09855b4bffd4236c28
Commit:
8ebb7ace130a119774e64d09855b4bffd4236c28
Tree:
e9129c345e8307380ccab033edb67311c2f4a2be
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Tue Jun 30 07:09:46 2020 UTC
Message:
- add stub files/functionality for forwarding - hack around lookup_zone() if forwarding to short circuit for . - nothing is replied if a forward "" {} define exists the global variable forward is set to true and behaviour changes (so far dropping packets)
blob - 571e71ffae03b20bf07853f252c30c753ef9b833
blob + 3bffca2348cb3047bd2ecdd6e9e3ee73b001d5dc
--- Makefile.linux
+++ Makefile.linux
@@ -8,8 +8,8 @@ AR=ar
all: delphinusdnsd dddctl
-delphinusdnsd: imsg-buffer.o imsg.o additional.o parse.o delphinusdnsd.o reply.o region.o log.o axfr.o filter.o ratelimit.o whitelist.o base64.o dnssec.o util.o ent.o db.o tsig.o raxfr.o
- $(CC) $(CFLAGS) -o delphinusdnsd/delphinusdnsd additional.o imsg-buffer.o imsg.o delphinusdnsd.o parse.o reply.o region.o log.o axfr.o filter.o ratelimit.o whitelist.o base64.o dnssec.o util.o ent.o db.o tsig.o raxfr.o $(LDADD)
+delphinusdnsd: imsg-buffer.o imsg.o additional.o parse.o delphinusdnsd.o reply.o region.o log.o axfr.o filter.o ratelimit.o whitelist.o base64.o dnssec.o util.o ent.o db.o tsig.o raxfr.o forward.o
+ $(CC) $(CFLAGS) -o delphinusdnsd/delphinusdnsd additional.o imsg-buffer.o imsg.o delphinusdnsd.o parse.o reply.o region.o log.o axfr.o filter.o ratelimit.o whitelist.o base64.o dnssec.o util.o ent.o db.o tsig.o raxfr.o forward.o $(LDADD)
dddctl: dddctl.o util.o dnssec.o parse.o base64.o ent.o raxfr.o tsig.o region.o imsg-buffer.o imsg.o sign.o query.o
$(CC) $(CFLAGS) -o dddctl/dddctl dddctl.o util.o dnssec.o base64.o parse.o ent.o db.o raxfr.o tsig.o region.o imsg-buffer.o imsg.o sign.o query.o $(LDADD)
@@ -83,6 +83,8 @@ ent.o: ent.c
raxfr.o: raxfr.c
$(CC) $(CFLAGS) -c raxfr.c
+forward.o: forward.c
+ $(CC) $(CFLAGS) -c forward.c
install: install-delphinusdnsd install-dddctl
blob - 567b789a7a16aacb3fc1f107958fcfea9701dc8d
blob + 74d9c8f4cef5e8d45ce00e4aa9450816387dc260
--- ddd-db.h
+++ ddd-db.h
@@ -27,7 +27,7 @@
*/
/*
- * $Id: ddd-db.h,v 1.34 2020/06/29 16:22:05 pjp Exp $
+ * $Id: ddd-db.h,v 1.35 2020/06/30 07:09:46 pjp Exp $
*/
#ifndef _DB_H
@@ -68,6 +68,7 @@
#define ERR_REFUSED 0x8
#define ERR_NODATA 0x10
#define ERR_DELEGATE 0x20
+#define ERR_FORWARD 0x40
#define RECORD_COUNT 20
#define NEGATIVE_CACHE_TIME 600 /* DNS & Bind 3rd edition page 35 */
@@ -345,7 +346,8 @@ struct cfg {
#define MY_IMSG_MASTER 5
#define MY_IMSG_UNIXCONTROL 6
#define MY_IMSG_UDP 7
-#define MY_IMSG_MAX 8
+#define MY_IMSG_FORWARD 8
+#define MY_IMSG_MAX 9
int recurse; /* recurse socket */
int sockcount; /* set sockets */
int nth;
blob - a8db0f368953c606610fe25a234101464781a5d2
blob + 7ed0a03adb41a2f293cb161608191d360077173c
--- dddctl.c
+++ dddctl.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: dddctl.c,v 1.106 2020/06/25 10:01:10 pjp Exp $
+ * $Id: dddctl.c,v 1.107 2020/06/30 07:09:46 pjp Exp $
*/
#include <sys/types.h>
@@ -81,6 +81,7 @@
int debug = 0;
int verbose = 0;
+int forward = 0;
extern int dnssec;
extern int bytes_received;
blob - 4405ee9792d0ba15fdf39268c4822c0977792f1d
blob + 524b5efd609e8e88606570befedcf2a06d0116ce
--- delphinusdnsd/Makefile.freebsd
+++ delphinusdnsd/Makefile.freebsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c forward.c
CFLAGS= -Wall -g
CFLAGS+= -I${.CURDIR}/..
blob - bce0dabe58421032c169c28838b286709772caeb
blob + 8d05d097cb18d517f8a4dccc7913337fb59a3674
--- delphinusdnsd/Makefile.netbsd
+++ delphinusdnsd/Makefile.netbsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c forward.c
CFLAGS= -g
CFLAGS+= -I${.CURDIR}/.. -I/usr/pkg/libressl/include
blob - dd0c90393aa051deb63fcea397173ccd6fe91815
blob + 1b8c4e85a3248d8761e8ab8ae8c8adf9e354da2d
--- delphinusdnsd/Makefile.openbsd
+++ delphinusdnsd/Makefile.openbsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c tsig.c raxfr.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c tsig.c raxfr.c forward.c
#CFLAGS= -DDEBUG -g -Wall
CFLAGS= -Wall -g
blob - ec24ccf9cca63443b89ecb5f70655b42cd36db45
blob + e3a5c9df9aefd52e4920d8bff1ecb9d5476ace83
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.104 2020/06/29 16:22:05 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.105 2020/06/30 07:09:46 pjp Exp $
*/
@@ -104,6 +104,7 @@ extern void unpack(char *, char *, int);
extern void add_rrlimit(int, u_int16_t *, int, char *);
extern void axfrloop(int *, int, char **, ddDB *, struct imsgbuf *);
+extern void forwardloop(ddDB *, struct imsgbuf *);
extern void replicantloop(ddDB *, struct imsgbuf *);
extern struct question *build_fake_question(char *, int, u_int16_t, char *, int);
extern int check_ent(char *, int);
@@ -275,6 +276,7 @@ int lflag = 0;
int nflag = 0;
int bcount = 0;
int icount = 0;
+int forward = 0;
u_int16_t port = 53;
u_int32_t cachesize = 0;
char *bind_list[255];
@@ -885,6 +887,53 @@ main(int argc, char *argv[], char *environ[])
signal(SIGINT, ddd_signal);
signal(SIGQUIT, ddd_signal);
+ /* start our forwarding process */
+ if (forward) {
+ switch (pid = fork()) {
+ case -1:
+ dolog(LOG_ERR, "fork() failed: %s\n", strerror(errno));
+ ddd_shutdown();
+ exit(1);
+ case 0:
+ ibuf = register_cortex(&cortex_ibuf, MY_IMSG_FORWARD);
+ if (ibuf == NULL) {
+ ddd_shutdown();
+ exit(1);
+ }
+
+ /* chroot to the drop priv user home directory */
+#ifdef DEFAULT_LOCATION
+ if (drop_privs(DEFAULT_LOCATION, pw) < 0) {
+#else
+ if (drop_privs(pw->pw_dir, pw) < 0) {
+#endif
+ dolog(LOG_INFO, "forward dropping privileges\n", strerror(errno));
+ ddd_shutdown();
+ exit(1);
+ }
+#if __OpenBSD__
+ if (pledge("stdio inet proc id sendfd recvfd unveil", NULL) < 0) {
+ perror("pledge");
+ exit(1);
+ }
+#endif
+
+ /* close descriptors that we don't need */
+ for (j = 0; j < i; j++) {
+ close(tcp[j]);
+ close(udp[j]);
+ }
+
+ setproctitle("FORWARD engine");
+ forwardloop(db, ibuf);
+ /* NOTREACHED */
+ exit(1);
+ default:
+ break;
+ }
+
+ } /* forward */
+
/*
* start our axfr process
*/
@@ -1926,6 +1975,12 @@ axfrentry:
}
goto udpout;
break;
+
+ case ERR_FORWARD:
+ snprintf(replystring, DNS_MAXNAME, "FORWARD");
+ /* send query to forward process/cortex */
+ goto udpout;
+ break;
case ERR_NOERROR:
/*
@@ -2892,6 +2947,13 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
slen = reply_nxdomain(&sreply, cfg->db);
}
goto tcpout;
+
+ case ERR_FORWARD:
+ snprintf(replystring, DNS_MAXNAME, "FORWARD");
+ /* send query to forward process/cortex */
+ goto tcpout;
+ break;
+
case ERR_NOERROR:
/*
* this is hackish not sure if this should be here
blob - /dev/null
blob + 14739fa13440e7032da1e70aeb89c3ef85995794 (mode 644)
--- /dev/null
+++ forward.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2020 Peter J. Philipp
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * $Id: forward.c,v 1.1 2020/06/30 07:09:46 pjp Exp $
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/queue.h>
+#include <sys/uio.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <errno.h>
+#include <syslog.h>
+
+#include <unistd.h>
+#include <imsg.h>
+
+#ifdef __linux__
+#include <grp.h>
+#define __USE_BSD 1
+#include <endian.h>
+#include <bsd/stdlib.h>
+#include <bsd/string.h>
+#include <bsd/unistd.h>
+#include <bsd/sys/queue.h>
+#define __unused
+#include <bsd/sys/tree.h>
+#include <bsd/sys/endian.h>
+#include "imsg.h"
+#else /* not linux */
+#include <sys/queue.h>
+#include <sys/tree.h>
+#ifdef __FreeBSD__
+#include <sys/endian.h>
+#include "imsg.h"
+#else
+#include <imsg.h>
+#endif /* __FreeBSD__ */
+#endif /* __linux__ */
+
+#ifndef NTOHS
+#include "endian.h"
+#endif
+
+#include "ddd-dns.h"
+#include "ddd-db.h"
+
+void init_forward(void);
+int insert_forward(void);
+void forwardloop(ddDB *, struct imsgbuf *);
+
+extern void dolog(int, char *, ...);
+
+extern int debug, verbose;
+
+SLIST_HEAD(, forwardentry) forwardhead;
+
+static struct forwardentry {
+ char name[INET6_ADDRSTRLEN];
+ int family;
+ struct sockaddr_storage hostmask;
+ struct sockaddr_storage netmask;
+ u_int8_t prefixlen;
+ uint16_t destport;
+ char *tsigkey;
+ SLIST_ENTRY(forwardentry) forward_entry;
+} *fw2, *fwp;
+
+
+/*
+ * INIT_FORWARD - initialize the forward singly linked list
+ */
+
+void
+init_forward(void)
+{
+ SLIST_INIT(&forwardhead);
+ return;
+}
+
+/*
+ * INSERT_FORWARD - insert into the forward slist
+ */
+
+int
+insert_forward(void)
+{
+ /* SLIST_INSERT_HEAD(&forwardhead, fw2, forward_entry); */
+
+ return (0);
+}
+
+void
+forwardloop(ddDB *db, struct imsgbuf *ibuf)
+{
+
+ while (1)
+ sleep(10);
+
+ /* NOTREACHED */
+
+}
blob - 16641c6affa360543a8d2bd431b2db887435288a
blob + 20c8b245785fd3d5126ae837502bf0701e0b9fd4
--- parse.y
+++ parse.y
@@ -21,7 +21,7 @@
*/
/*
- * $Id: parse.y,v 1.98 2020/06/25 10:01:11 pjp Exp $
+ * $Id: parse.y,v 1.99 2020/06/30 07:09:46 pjp Exp $
*/
%{
@@ -111,6 +111,7 @@ extern int tsig;
extern int notify;
extern int errno;
extern int debug;
+extern int forward;
extern int verbose;
extern int bflag;
extern int iflag;
@@ -248,7 +249,8 @@ int drop_privs(char *, struct passwd *);
%token DOT COLON TEXT WOF INCLUDE ZONE COMMA CRLF
%token ERROR AXFRPORT OPTIONS FILTER MZONE
%token WHITELIST ZINCLUDE MASTER MASTERPORT TSIGAUTH
-%token TSIG NOTIFYDEST NOTIFYBIND PORT
+%token TSIG NOTIFYDEST NOTIFYBIND PORT FORWARD
+%token INCOMINGKEY DESTINATION
%token <v.string> POUND
%token <v.string> SEMICOLON
@@ -283,6 +285,7 @@ cmd :
| whitelist CRLF
| tsig CRLF
| filter CRLF
+ | forward CRLF
| comment CRLF
| options
;
@@ -1400,6 +1403,43 @@ whiteliststatement : ipcidr SEMICOLON CRLF
| comment CRLF
;
+/* forward "these hosts" { .. } */
+
+forward:
+ FORWARD forwardlabel forwardcontent
+ {
+ if ((confstatus & CONFIG_VERSION) != CONFIG_VERSION) {
+ dolog(LOG_INFO, "There must be a version at the top of the first configfile\n");
+ return (-1);
+ }
+
+ forward = 1;
+ }
+ ;
+
+forwardlabel:
+ QUOTEDSTRING
+ ;
+
+forwardcontent:
+ OBRACE forwardstatements EBRACE
+ | OBRACE CRLF forwardstatements EBRACE
+ ;
+
+forwardstatements :
+ forwardstatements forwardstatement
+ | forwardstatement
+ ;
+
+forwardstatement : INCOMINGKEY STRING SEMICOLON CRLF
+ {
+ }
+ | DESTINATION ipcidr PORT NUMBER STRING STRING SEMICOLON CRLF
+ {
+ }
+ | comment CRLF
+ ;
+
/* filter "these hosts" { .. } */
filter:
@@ -1580,9 +1620,11 @@ struct tab {
struct tab cmdtab[] = {
{ "axfrport", AXFRPORT, 0},
{ "axfr-for", AXFRFOR, STATE_IP },
- { "whitelist", WHITELIST, STATE_IP },
+ { "destination", DESTINATION, 0 },
{ "filter", FILTER, STATE_IP },
+ { "forward", FORWARD, 0 },
{ "include", INCLUDE, 0 },
+ { "incoming-key", INCOMINGKEY, 0 },
{ "master", MASTER, 0 },
{ "masterport", MASTERPORT, 0 },
{ "mzone", MZONE, 0},
@@ -1594,6 +1636,7 @@ struct tab cmdtab[] = {
{ "rzone", RZONE, 0 },
{ "tsig", TSIG, 0 },
{ "tsig-auth", TSIGAUTH, 0 },
+ { "whitelist", WHITELIST, STATE_IP },
{ "wildcard-only-for", WOF, STATE_IP },
{ "version", VERSION, 0 },
{ "zinclude", ZINCLUDE, 0 },
blob - a2df870656bd1a68c38bca83c877c31033e6662c
blob + 67318e281179501b9bcd6317b5dbb48ede3820fc
--- util.c
+++ util.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: util.c,v 1.62 2020/06/25 10:01:11 pjp Exp $
+ * $Id: util.c,v 1.63 2020/06/30 07:09:46 pjp Exp $
*/
#include <sys/types.h>
@@ -123,6 +123,7 @@ int bytes_received;
extern int debug;
extern int *ptr;
extern int tsig;
+extern int forward;
extern void dolog(int, char *, ...);
@@ -357,6 +358,20 @@ lookup_zone(ddDB *db, struct question *question, int *
plen = question->hdr->namelen;
*returnval = 0;
+
+ if (forward) {
+ /*
+ * We short circuit forwarded lookups to the root, which
+ * would usually come out as ERR_NODATA for some reason
+ * I don't know why exactly, XXX.
+ */
+ if (plen == 1 && *p == '\0') {
+ *lzerrno = ERR_FORWARD;
+ *returnval = -1;
+
+ return NULL;
+ }
+ }
/* if the find_rrset fails, the find_rr will not get questioned */
if ((rbt = find_rrset(db, p, plen)) == NULL ||
((ntohs(question->hdr->qtype) != DNS_TYPE_DS) &&
@@ -443,7 +458,10 @@ lookup_zone(ddDB *db, struct question *question, int *
free(rbt);
}
}
- *lzerrno = ERR_REFUSED;
+ if (forward)
+ *lzerrno = ERR_FORWARD;
+ else
+ *lzerrno = ERR_REFUSED;
*returnval = -1;
return (NULL);
}
repomaster@centroid.eu