123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197 |
- // DNS packet assembly, see RFC 1035. Converting from - Unpack() -
- // and to - Pack() - wire format.
- // All the packers and unpackers take a (msg []byte, off int)
- // and return (off1 int, ok bool). If they return ok==false, they
- // also return off1==len(msg), so that the next unpacker will
- // also fail. This lets us avoid checks of ok until the end of a
- // packing sequence.
-
- package dns
-
- //go:generate go run msg_generate.go
-
- import (
- "crypto/rand"
- "encoding/binary"
- "fmt"
- "math/big"
- "strconv"
- "strings"
- )
-
- const (
- maxCompressionOffset = 2 << 13 // We have 14 bits for the compression pointer
- maxDomainNameWireOctets = 255 // See RFC 1035 section 2.3.4
-
- // This is the maximum number of compression pointers that should occur in a
- // semantically valid message. Each label in a domain name must be at least one
- // octet and is separated by a period. The root label won't be represented by a
- // compression pointer to a compression pointer, hence the -2 to exclude the
- // smallest valid root label.
- //
- // It is possible to construct a valid message that has more compression pointers
- // than this, and still doesn't loop, by pointing to a previous pointer. This is
- // not something a well written implementation should ever do, so we leave them
- // to trip the maximum compression pointer check.
- maxCompressionPointers = (maxDomainNameWireOctets+1)/2 - 2
-
- // This is the maximum length of a domain name in presentation format. The
- // maximum wire length of a domain name is 255 octets (see above), with the
- // maximum label length being 63. The wire format requires one extra byte over
- // the presentation format, reducing the number of octets by 1. Each label in
- // the name will be separated by a single period, with each octet in the label
- // expanding to at most 4 bytes (\DDD). If all other labels are of the maximum
- // length, then the final label can only be 61 octets long to not exceed the
- // maximum allowed wire length.
- maxDomainNamePresentationLength = 61*4 + 1 + 63*4 + 1 + 63*4 + 1 + 63*4 + 1
- )
-
- // Errors defined in this package.
- var (
- ErrAlg error = &Error{err: "bad algorithm"} // ErrAlg indicates an error with the (DNSSEC) algorithm.
- ErrAuth error = &Error{err: "bad authentication"} // ErrAuth indicates an error in the TSIG authentication.
- ErrBuf error = &Error{err: "buffer size too small"} // ErrBuf indicates that the buffer used is too small for the message.
- ErrConnEmpty error = &Error{err: "conn has no connection"} // ErrConnEmpty indicates a connection is being used before it is initialized.
- ErrExtendedRcode error = &Error{err: "bad extended rcode"} // ErrExtendedRcode ...
- ErrFqdn error = &Error{err: "domain must be fully qualified"} // ErrFqdn indicates that a domain name does not have a closing dot.
- ErrId error = &Error{err: "id mismatch"} // ErrId indicates there is a mismatch with the message's ID.
- ErrKeyAlg error = &Error{err: "bad key algorithm"} // ErrKeyAlg indicates that the algorithm in the key is not valid.
- ErrKey error = &Error{err: "bad key"}
- ErrKeySize error = &Error{err: "bad key size"}
- ErrLongDomain error = &Error{err: fmt.Sprintf("domain name exceeded %d wire-format octets", maxDomainNameWireOctets)}
- ErrNoSig error = &Error{err: "no signature found"}
- ErrPrivKey error = &Error{err: "bad private key"}
- ErrRcode error = &Error{err: "bad rcode"}
- ErrRdata error = &Error{err: "bad rdata"}
- ErrRRset error = &Error{err: "bad rrset"}
- ErrSecret error = &Error{err: "no secrets defined"}
- ErrShortRead error = &Error{err: "short read"}
- ErrSig error = &Error{err: "bad signature"} // ErrSig indicates that a signature can not be cryptographically validated.
- ErrSoa error = &Error{err: "no SOA"} // ErrSOA indicates that no SOA RR was seen when doing zone transfers.
- ErrTime error = &Error{err: "bad time"} // ErrTime indicates a timing error in TSIG authentication.
- )
-
- // Id by default returns a 16-bit random number to be used as a message id. The
- // number is drawn from a cryptographically secure random number generator.
- // This being a variable the function can be reassigned to a custom function.
- // For instance, to make it return a static value for testing:
- //
- // dns.Id = func() uint16 { return 3 }
- var Id = id
-
- // id returns a 16 bits random number to be used as a
- // message id. The random provided should be good enough.
- func id() uint16 {
- var output uint16
- err := binary.Read(rand.Reader, binary.BigEndian, &output)
- if err != nil {
- panic("dns: reading random id failed: " + err.Error())
- }
- return output
- }
-
- // MsgHdr is a a manually-unpacked version of (id, bits).
- type MsgHdr struct {
- Id uint16
- Response bool
- Opcode int
- Authoritative bool
- Truncated bool
- RecursionDesired bool
- RecursionAvailable bool
- Zero bool
- AuthenticatedData bool
- CheckingDisabled bool
- Rcode int
- }
-
- // Msg contains the layout of a DNS message.
- type Msg struct {
- MsgHdr
- Compress bool `json:"-"` // If true, the message will be compressed when converted to wire format.
- Question []Question // Holds the RR(s) of the question section.
- Answer []RR // Holds the RR(s) of the answer section.
- Ns []RR // Holds the RR(s) of the authority section.
- Extra []RR // Holds the RR(s) of the additional section.
- }
-
- // ClassToString is a maps Classes to strings for each CLASS wire type.
- var ClassToString = map[uint16]string{
- ClassINET: "IN",
- ClassCSNET: "CS",
- ClassCHAOS: "CH",
- ClassHESIOD: "HS",
- ClassNONE: "NONE",
- ClassANY: "ANY",
- }
-
- // OpcodeToString maps Opcodes to strings.
- var OpcodeToString = map[int]string{
- OpcodeQuery: "QUERY",
- OpcodeIQuery: "IQUERY",
- OpcodeStatus: "STATUS",
- OpcodeNotify: "NOTIFY",
- OpcodeUpdate: "UPDATE",
- }
-
- // RcodeToString maps Rcodes to strings.
- var RcodeToString = map[int]string{
- RcodeSuccess: "NOERROR",
- RcodeFormatError: "FORMERR",
- RcodeServerFailure: "SERVFAIL",
- RcodeNameError: "NXDOMAIN",
- RcodeNotImplemented: "NOTIMP",
- RcodeRefused: "REFUSED",
- RcodeYXDomain: "YXDOMAIN", // See RFC 2136
- RcodeYXRrset: "YXRRSET",
- RcodeNXRrset: "NXRRSET",
- RcodeNotAuth: "NOTAUTH",
- RcodeNotZone: "NOTZONE",
- RcodeBadSig: "BADSIG", // Also known as RcodeBadVers, see RFC 6891
- // RcodeBadVers: "BADVERS",
- RcodeBadKey: "BADKEY",
- RcodeBadTime: "BADTIME",
- RcodeBadMode: "BADMODE",
- RcodeBadName: "BADNAME",
- RcodeBadAlg: "BADALG",
- RcodeBadTrunc: "BADTRUNC",
- RcodeBadCookie: "BADCOOKIE",
- }
-
- // compressionMap is used to allow a more efficient compression map
- // to be used for internal packDomainName calls without changing the
- // signature or functionality of public API.
- //
- // In particular, map[string]uint16 uses 25% less per-entry memory
- // than does map[string]int.
- type compressionMap struct {
- ext map[string]int // external callers
- int map[string]uint16 // internal callers
- }
-
- func (m compressionMap) valid() bool {
- return m.int != nil || m.ext != nil
- }
-
- func (m compressionMap) insert(s string, pos int) {
- if m.ext != nil {
- m.ext[s] = pos
- } else {
- m.int[s] = uint16(pos)
- }
- }
-
- func (m compressionMap) find(s string) (int, bool) {
- if m.ext != nil {
- pos, ok := m.ext[s]
- return pos, ok
- }
-
- pos, ok := m.int[s]
- return int(pos), ok
- }
-
- // Domain names are a sequence of counted strings
- // split at the dots. They end with a zero-length string.
-
- // PackDomainName packs a domain name s into msg[off:].
- // If compression is wanted compress must be true and the compression
- // map needs to hold a mapping between domain names and offsets
- // pointing into msg.
- func PackDomainName(s string, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error) {
- return packDomainName(s, msg, off, compressionMap{ext: compression}, compress)
- }
-
- func packDomainName(s string, msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
- // XXX: A logical copy of this function exists in IsDomainName and
- // should be kept in sync with this function.
-
- ls := len(s)
- if ls == 0 { // Ok, for instance when dealing with update RR without any rdata.
- return off, nil
- }
-
- // If not fully qualified, error out.
- if !IsFqdn(s) {
- return len(msg), ErrFqdn
- }
-
- // Each dot ends a segment of the name.
- // We trade each dot byte for a length byte.
- // Except for escaped dots (\.), which are normal dots.
- // There is also a trailing zero.
-
- // Compression
- pointer := -1
-
- // Emit sequence of counted strings, chopping at dots.
- var (
- begin int
- compBegin int
- compOff int
- bs []byte
- wasDot bool
- )
- loop:
- for i := 0; i < ls; i++ {
- var c byte
- if bs == nil {
- c = s[i]
- } else {
- c = bs[i]
- }
-
- switch c {
- case '\\':
- if off+1 > len(msg) {
- return len(msg), ErrBuf
- }
-
- if bs == nil {
- bs = []byte(s)
- }
-
- // check for \DDD
- if i+3 < ls && isDigit(bs[i+1]) && isDigit(bs[i+2]) && isDigit(bs[i+3]) {
- bs[i] = dddToByte(bs[i+1:])
- copy(bs[i+1:ls-3], bs[i+4:])
- ls -= 3
- compOff += 3
- } else {
- copy(bs[i:ls-1], bs[i+1:])
- ls--
- compOff++
- }
-
- wasDot = false
- case '.':
- if wasDot {
- // two dots back to back is not legal
- return len(msg), ErrRdata
- }
- wasDot = true
-
- labelLen := i - begin
- if labelLen >= 1<<6 { // top two bits of length must be clear
- return len(msg), ErrRdata
- }
-
- // off can already (we're in a loop) be bigger than len(msg)
- // this happens when a name isn't fully qualified
- if off+1+labelLen > len(msg) {
- return len(msg), ErrBuf
- }
-
- // Don't try to compress '.'
- // We should only compress when compress is true, but we should also still pick
- // up names that can be used for *future* compression(s).
- if compression.valid() && !isRootLabel(s, bs, begin, ls) {
- if p, ok := compression.find(s[compBegin:]); ok {
- // The first hit is the longest matching dname
- // keep the pointer offset we get back and store
- // the offset of the current name, because that's
- // where we need to insert the pointer later
-
- // If compress is true, we're allowed to compress this dname
- if compress {
- pointer = p // Where to point to
- break loop
- }
- } else if off < maxCompressionOffset {
- // Only offsets smaller than maxCompressionOffset can be used.
- compression.insert(s[compBegin:], off)
- }
- }
-
- // The following is covered by the length check above.
- msg[off] = byte(labelLen)
-
- if bs == nil {
- copy(msg[off+1:], s[begin:i])
- } else {
- copy(msg[off+1:], bs[begin:i])
- }
- off += 1 + labelLen
-
- begin = i + 1
- compBegin = begin + compOff
- default:
- wasDot = false
- }
- }
-
- // Root label is special
- if isRootLabel(s, bs, 0, ls) {
- return off, nil
- }
-
- // If we did compression and we find something add the pointer here
- if pointer != -1 {
- // We have two bytes (14 bits) to put the pointer in
- binary.BigEndian.PutUint16(msg[off:], uint16(pointer^0xC000))
- return off + 2, nil
- }
-
- if off < len(msg) {
- msg[off] = 0
- }
-
- return off + 1, nil
- }
-
- // isRootLabel returns whether s or bs, from off to end, is the root
- // label ".".
- //
- // If bs is nil, s will be checked, otherwise bs will be checked.
- func isRootLabel(s string, bs []byte, off, end int) bool {
- if bs == nil {
- return s[off:end] == "."
- }
-
- return end-off == 1 && bs[off] == '.'
- }
-
- // Unpack a domain name.
- // In addition to the simple sequences of counted strings above,
- // domain names are allowed to refer to strings elsewhere in the
- // packet, to avoid repeating common suffixes when returning
- // many entries in a single domain. The pointers are marked
- // by a length byte with the top two bits set. Ignoring those
- // two bits, that byte and the next give a 14 bit offset from msg[0]
- // where we should pick up the trail.
- // Note that if we jump elsewhere in the packet,
- // we return off1 == the offset after the first pointer we found,
- // which is where the next record will start.
- // In theory, the pointers are only allowed to jump backward.
- // We let them jump anywhere and stop jumping after a while.
-
- // UnpackDomainName unpacks a domain name into a string. It returns
- // the name, the new offset into msg and any error that occurred.
- //
- // When an error is encountered, the unpacked name will be discarded
- // and len(msg) will be returned as the offset.
- func UnpackDomainName(msg []byte, off int) (string, int, error) {
- s := make([]byte, 0, maxDomainNamePresentationLength)
- off1 := 0
- lenmsg := len(msg)
- budget := maxDomainNameWireOctets
- ptr := 0 // number of pointers followed
- Loop:
- for {
- if off >= lenmsg {
- return "", lenmsg, ErrBuf
- }
- c := int(msg[off])
- off++
- switch c & 0xC0 {
- case 0x00:
- if c == 0x00 {
- // end of name
- break Loop
- }
- // literal string
- if off+c > lenmsg {
- return "", lenmsg, ErrBuf
- }
- budget -= c + 1 // +1 for the label separator
- if budget <= 0 {
- return "", lenmsg, ErrLongDomain
- }
- for _, b := range msg[off : off+c] {
- if isDomainNameLabelSpecial(b) {
- s = append(s, '\\', b)
- } else if b < ' ' || b > '~' {
- s = append(s, escapeByte(b)...)
- } else {
- s = append(s, b)
- }
- }
- s = append(s, '.')
- off += c
- case 0xC0:
- // pointer to somewhere else in msg.
- // remember location after first ptr,
- // since that's how many bytes we consumed.
- // also, don't follow too many pointers --
- // maybe there's a loop.
- if off >= lenmsg {
- return "", lenmsg, ErrBuf
- }
- c1 := msg[off]
- off++
- if ptr == 0 {
- off1 = off
- }
- if ptr++; ptr > maxCompressionPointers {
- return "", lenmsg, &Error{err: "too many compression pointers"}
- }
- // pointer should guarantee that it advances and points forwards at least
- // but the condition on previous three lines guarantees that it's
- // at least loop-free
- off = (c^0xC0)<<8 | int(c1)
- default:
- // 0x80 and 0x40 are reserved
- return "", lenmsg, ErrRdata
- }
- }
- if ptr == 0 {
- off1 = off
- }
- if len(s) == 0 {
- return ".", off1, nil
- }
- return string(s), off1, nil
- }
-
- func packTxt(txt []string, msg []byte, offset int, tmp []byte) (int, error) {
- if len(txt) == 0 {
- if offset >= len(msg) {
- return offset, ErrBuf
- }
- msg[offset] = 0
- return offset, nil
- }
- var err error
- for _, s := range txt {
- if len(s) > len(tmp) {
- return offset, ErrBuf
- }
- offset, err = packTxtString(s, msg, offset, tmp)
- if err != nil {
- return offset, err
- }
- }
- return offset, nil
- }
-
- func packTxtString(s string, msg []byte, offset int, tmp []byte) (int, error) {
- lenByteOffset := offset
- if offset >= len(msg) || len(s) > len(tmp) {
- return offset, ErrBuf
- }
- offset++
- bs := tmp[:len(s)]
- copy(bs, s)
- for i := 0; i < len(bs); i++ {
- if len(msg) <= offset {
- return offset, ErrBuf
- }
- if bs[i] == '\\' {
- i++
- if i == len(bs) {
- break
- }
- // check for \DDD
- if i+2 < len(bs) && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) {
- msg[offset] = dddToByte(bs[i:])
- i += 2
- } else {
- msg[offset] = bs[i]
- }
- } else {
- msg[offset] = bs[i]
- }
- offset++
- }
- l := offset - lenByteOffset - 1
- if l > 255 {
- return offset, &Error{err: "string exceeded 255 bytes in txt"}
- }
- msg[lenByteOffset] = byte(l)
- return offset, nil
- }
-
- func packOctetString(s string, msg []byte, offset int, tmp []byte) (int, error) {
- if offset >= len(msg) || len(s) > len(tmp) {
- return offset, ErrBuf
- }
- bs := tmp[:len(s)]
- copy(bs, s)
- for i := 0; i < len(bs); i++ {
- if len(msg) <= offset {
- return offset, ErrBuf
- }
- if bs[i] == '\\' {
- i++
- if i == len(bs) {
- break
- }
- // check for \DDD
- if i+2 < len(bs) && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) {
- msg[offset] = dddToByte(bs[i:])
- i += 2
- } else {
- msg[offset] = bs[i]
- }
- } else {
- msg[offset] = bs[i]
- }
- offset++
- }
- return offset, nil
- }
-
- func unpackTxt(msg []byte, off0 int) (ss []string, off int, err error) {
- off = off0
- var s string
- for off < len(msg) && err == nil {
- s, off, err = unpackString(msg, off)
- if err == nil {
- ss = append(ss, s)
- }
- }
- return
- }
-
- // Helpers for dealing with escaped bytes
- func isDigit(b byte) bool { return b >= '0' && b <= '9' }
-
- func dddToByte(s []byte) byte {
- _ = s[2] // bounds check hint to compiler; see golang.org/issue/14808
- return byte((s[0]-'0')*100 + (s[1]-'0')*10 + (s[2] - '0'))
- }
-
- func dddStringToByte(s string) byte {
- _ = s[2] // bounds check hint to compiler; see golang.org/issue/14808
- return byte((s[0]-'0')*100 + (s[1]-'0')*10 + (s[2] - '0'))
- }
-
- // Helper function for packing and unpacking
- func intToBytes(i *big.Int, length int) []byte {
- buf := i.Bytes()
- if len(buf) < length {
- b := make([]byte, length)
- copy(b[length-len(buf):], buf)
- return b
- }
- return buf
- }
-
- // PackRR packs a resource record rr into msg[off:].
- // See PackDomainName for documentation about the compression.
- func PackRR(rr RR, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error) {
- headerEnd, off1, err := packRR(rr, msg, off, compressionMap{ext: compression}, compress)
- if err == nil {
- // packRR no longer sets the Rdlength field on the rr, but
- // callers might be expecting it so we set it here.
- rr.Header().Rdlength = uint16(off1 - headerEnd)
- }
- return off1, err
- }
-
- func packRR(rr RR, msg []byte, off int, compression compressionMap, compress bool) (headerEnd int, off1 int, err error) {
- if rr == nil {
- return len(msg), len(msg), &Error{err: "nil rr"}
- }
-
- headerEnd, err = rr.Header().packHeader(msg, off, compression, compress)
- if err != nil {
- return headerEnd, len(msg), err
- }
-
- off1, err = rr.pack(msg, headerEnd, compression, compress)
- if err != nil {
- return headerEnd, len(msg), err
- }
-
- rdlength := off1 - headerEnd
- if int(uint16(rdlength)) != rdlength { // overflow
- return headerEnd, len(msg), ErrRdata
- }
-
- // The RDLENGTH field is the last field in the header and we set it here.
- binary.BigEndian.PutUint16(msg[headerEnd-2:], uint16(rdlength))
- return headerEnd, off1, nil
- }
-
- // UnpackRR unpacks msg[off:] into an RR.
- func UnpackRR(msg []byte, off int) (rr RR, off1 int, err error) {
- h, off, msg, err := unpackHeader(msg, off)
- if err != nil {
- return nil, len(msg), err
- }
-
- return UnpackRRWithHeader(h, msg, off)
- }
-
- // UnpackRRWithHeader unpacks the record type specific payload given an existing
- // RR_Header.
- func UnpackRRWithHeader(h RR_Header, msg []byte, off int) (rr RR, off1 int, err error) {
- if newFn, ok := TypeToRR[h.Rrtype]; ok {
- rr = newFn()
- *rr.Header() = h
- } else {
- rr = &RFC3597{Hdr: h}
- }
-
- if off < 0 || off > len(msg) {
- return &h, off, &Error{err: "bad off"}
- }
-
- end := off + int(h.Rdlength)
- if end < off || end > len(msg) {
- return &h, end, &Error{err: "bad rdlength"}
- }
-
- if noRdata(h) {
- return rr, off, nil
- }
-
- off, err = rr.unpack(msg, off)
- if err != nil {
- return nil, end, err
- }
- if off != end {
- return &h, end, &Error{err: "bad rdlength"}
- }
-
- return rr, off, nil
- }
-
- // unpackRRslice unpacks msg[off:] into an []RR.
- // If we cannot unpack the whole array, then it will return nil
- func unpackRRslice(l int, msg []byte, off int) (dst1 []RR, off1 int, err error) {
- var r RR
- // Don't pre-allocate, l may be under attacker control
- var dst []RR
- for i := 0; i < l; i++ {
- off1 := off
- r, off, err = UnpackRR(msg, off)
- if err != nil {
- off = len(msg)
- break
- }
- // If offset does not increase anymore, l is a lie
- if off1 == off {
- break
- }
- dst = append(dst, r)
- }
- if err != nil && off == len(msg) {
- dst = nil
- }
- return dst, off, err
- }
-
- // Convert a MsgHdr to a string, with dig-like headers:
- //
- //;; opcode: QUERY, status: NOERROR, id: 48404
- //
- //;; flags: qr aa rd ra;
- func (h *MsgHdr) String() string {
- if h == nil {
- return "<nil> MsgHdr"
- }
-
- s := ";; opcode: " + OpcodeToString[h.Opcode]
- s += ", status: " + RcodeToString[h.Rcode]
- s += ", id: " + strconv.Itoa(int(h.Id)) + "\n"
-
- s += ";; flags:"
- if h.Response {
- s += " qr"
- }
- if h.Authoritative {
- s += " aa"
- }
- if h.Truncated {
- s += " tc"
- }
- if h.RecursionDesired {
- s += " rd"
- }
- if h.RecursionAvailable {
- s += " ra"
- }
- if h.Zero { // Hmm
- s += " z"
- }
- if h.AuthenticatedData {
- s += " ad"
- }
- if h.CheckingDisabled {
- s += " cd"
- }
-
- s += ";"
- return s
- }
-
- // Pack packs a Msg: it is converted to to wire format.
- // If the dns.Compress is true the message will be in compressed wire format.
- func (dns *Msg) Pack() (msg []byte, err error) {
- return dns.PackBuffer(nil)
- }
-
- // PackBuffer packs a Msg, using the given buffer buf. If buf is too small a new buffer is allocated.
- func (dns *Msg) PackBuffer(buf []byte) (msg []byte, err error) {
- // If this message can't be compressed, avoid filling the
- // compression map and creating garbage.
- if dns.Compress && dns.isCompressible() {
- compression := make(map[string]uint16) // Compression pointer mappings.
- return dns.packBufferWithCompressionMap(buf, compressionMap{int: compression}, true)
- }
-
- return dns.packBufferWithCompressionMap(buf, compressionMap{}, false)
- }
-
- // packBufferWithCompressionMap packs a Msg, using the given buffer buf.
- func (dns *Msg) packBufferWithCompressionMap(buf []byte, compression compressionMap, compress bool) (msg []byte, err error) {
- if dns.Rcode < 0 || dns.Rcode > 0xFFF {
- return nil, ErrRcode
- }
-
- // Set extended rcode unconditionally if we have an opt, this will allow
- // resetting the extended rcode bits if they need to.
- if opt := dns.IsEdns0(); opt != nil {
- opt.SetExtendedRcode(uint16(dns.Rcode))
- } else if dns.Rcode > 0xF {
- // If Rcode is an extended one and opt is nil, error out.
- return nil, ErrExtendedRcode
- }
-
- // Convert convenient Msg into wire-like Header.
- var dh Header
- dh.Id = dns.Id
- dh.Bits = uint16(dns.Opcode)<<11 | uint16(dns.Rcode&0xF)
- if dns.Response {
- dh.Bits |= _QR
- }
- if dns.Authoritative {
- dh.Bits |= _AA
- }
- if dns.Truncated {
- dh.Bits |= _TC
- }
- if dns.RecursionDesired {
- dh.Bits |= _RD
- }
- if dns.RecursionAvailable {
- dh.Bits |= _RA
- }
- if dns.Zero {
- dh.Bits |= _Z
- }
- if dns.AuthenticatedData {
- dh.Bits |= _AD
- }
- if dns.CheckingDisabled {
- dh.Bits |= _CD
- }
-
- dh.Qdcount = uint16(len(dns.Question))
- dh.Ancount = uint16(len(dns.Answer))
- dh.Nscount = uint16(len(dns.Ns))
- dh.Arcount = uint16(len(dns.Extra))
-
- // We need the uncompressed length here, because we first pack it and then compress it.
- msg = buf
- uncompressedLen := msgLenWithCompressionMap(dns, nil)
- if packLen := uncompressedLen + 1; len(msg) < packLen {
- msg = make([]byte, packLen)
- }
-
- // Pack it in: header and then the pieces.
- off := 0
- off, err = dh.pack(msg, off, compression, compress)
- if err != nil {
- return nil, err
- }
- for _, r := range dns.Question {
- off, err = r.pack(msg, off, compression, compress)
- if err != nil {
- return nil, err
- }
- }
- for _, r := range dns.Answer {
- _, off, err = packRR(r, msg, off, compression, compress)
- if err != nil {
- return nil, err
- }
- }
- for _, r := range dns.Ns {
- _, off, err = packRR(r, msg, off, compression, compress)
- if err != nil {
- return nil, err
- }
- }
- for _, r := range dns.Extra {
- _, off, err = packRR(r, msg, off, compression, compress)
- if err != nil {
- return nil, err
- }
- }
- return msg[:off], nil
- }
-
- func (dns *Msg) unpack(dh Header, msg []byte, off int) (err error) {
- // If we are at the end of the message we should return *just* the
- // header. This can still be useful to the caller. 9.9.9.9 sends these
- // when responding with REFUSED for instance.
- if off == len(msg) {
- // reset sections before returning
- dns.Question, dns.Answer, dns.Ns, dns.Extra = nil, nil, nil, nil
- return nil
- }
-
- // Qdcount, Ancount, Nscount, Arcount can't be trusted, as they are
- // attacker controlled. This means we can't use them to pre-allocate
- // slices.
- dns.Question = nil
- for i := 0; i < int(dh.Qdcount); i++ {
- off1 := off
- var q Question
- q, off, err = unpackQuestion(msg, off)
- if err != nil {
- return err
- }
- if off1 == off { // Offset does not increase anymore, dh.Qdcount is a lie!
- dh.Qdcount = uint16(i)
- break
- }
- dns.Question = append(dns.Question, q)
- }
-
- dns.Answer, off, err = unpackRRslice(int(dh.Ancount), msg, off)
- // The header counts might have been wrong so we need to update it
- dh.Ancount = uint16(len(dns.Answer))
- if err == nil {
- dns.Ns, off, err = unpackRRslice(int(dh.Nscount), msg, off)
- }
- // The header counts might have been wrong so we need to update it
- dh.Nscount = uint16(len(dns.Ns))
- if err == nil {
- dns.Extra, off, err = unpackRRslice(int(dh.Arcount), msg, off)
- }
- // The header counts might have been wrong so we need to update it
- dh.Arcount = uint16(len(dns.Extra))
-
- // Set extended Rcode
- if opt := dns.IsEdns0(); opt != nil {
- dns.Rcode |= opt.ExtendedRcode()
- }
-
- if off != len(msg) {
- // TODO(miek) make this an error?
- // use PackOpt to let people tell how detailed the error reporting should be?
- // println("dns: extra bytes in dns packet", off, "<", len(msg))
- }
- return err
-
- }
-
- // Unpack unpacks a binary message to a Msg structure.
- func (dns *Msg) Unpack(msg []byte) (err error) {
- dh, off, err := unpackMsgHdr(msg, 0)
- if err != nil {
- return err
- }
-
- dns.setHdr(dh)
- return dns.unpack(dh, msg, off)
- }
-
- // Convert a complete message to a string with dig-like output.
- func (dns *Msg) String() string {
- if dns == nil {
- return "<nil> MsgHdr"
- }
- s := dns.MsgHdr.String() + " "
- s += "QUERY: " + strconv.Itoa(len(dns.Question)) + ", "
- s += "ANSWER: " + strconv.Itoa(len(dns.Answer)) + ", "
- s += "AUTHORITY: " + strconv.Itoa(len(dns.Ns)) + ", "
- s += "ADDITIONAL: " + strconv.Itoa(len(dns.Extra)) + "\n"
- if len(dns.Question) > 0 {
- s += "\n;; QUESTION SECTION:\n"
- for _, r := range dns.Question {
- s += r.String() + "\n"
- }
- }
- if len(dns.Answer) > 0 {
- s += "\n;; ANSWER SECTION:\n"
- for _, r := range dns.Answer {
- if r != nil {
- s += r.String() + "\n"
- }
- }
- }
- if len(dns.Ns) > 0 {
- s += "\n;; AUTHORITY SECTION:\n"
- for _, r := range dns.Ns {
- if r != nil {
- s += r.String() + "\n"
- }
- }
- }
- if len(dns.Extra) > 0 {
- s += "\n;; ADDITIONAL SECTION:\n"
- for _, r := range dns.Extra {
- if r != nil {
- s += r.String() + "\n"
- }
- }
- }
- return s
- }
-
- // isCompressible returns whether the msg may be compressible.
- func (dns *Msg) isCompressible() bool {
- // If we only have one question, there is nothing we can ever compress.
- return len(dns.Question) > 1 || len(dns.Answer) > 0 ||
- len(dns.Ns) > 0 || len(dns.Extra) > 0
- }
-
- // Len returns the message length when in (un)compressed wire format.
- // If dns.Compress is true compression it is taken into account. Len()
- // is provided to be a faster way to get the size of the resulting packet,
- // than packing it, measuring the size and discarding the buffer.
- func (dns *Msg) Len() int {
- // If this message can't be compressed, avoid filling the
- // compression map and creating garbage.
- if dns.Compress && dns.isCompressible() {
- compression := make(map[string]struct{})
- return msgLenWithCompressionMap(dns, compression)
- }
-
- return msgLenWithCompressionMap(dns, nil)
- }
-
- func msgLenWithCompressionMap(dns *Msg, compression map[string]struct{}) int {
- l := headerSize
-
- for _, r := range dns.Question {
- l += r.len(l, compression)
- }
- for _, r := range dns.Answer {
- if r != nil {
- l += r.len(l, compression)
- }
- }
- for _, r := range dns.Ns {
- if r != nil {
- l += r.len(l, compression)
- }
- }
- for _, r := range dns.Extra {
- if r != nil {
- l += r.len(l, compression)
- }
- }
-
- return l
- }
-
- func domainNameLen(s string, off int, compression map[string]struct{}, compress bool) int {
- if s == "" || s == "." {
- return 1
- }
-
- escaped := strings.Contains(s, "\\")
-
- if compression != nil && (compress || off < maxCompressionOffset) {
- // compressionLenSearch will insert the entry into the compression
- // map if it doesn't contain it.
- if l, ok := compressionLenSearch(compression, s, off); ok && compress {
- if escaped {
- return escapedNameLen(s[:l]) + 2
- }
-
- return l + 2
- }
- }
-
- if escaped {
- return escapedNameLen(s) + 1
- }
-
- return len(s) + 1
- }
-
- func escapedNameLen(s string) int {
- nameLen := len(s)
- for i := 0; i < len(s); i++ {
- if s[i] != '\\' {
- continue
- }
-
- if i+3 < len(s) && isDigit(s[i+1]) && isDigit(s[i+2]) && isDigit(s[i+3]) {
- nameLen -= 3
- i += 3
- } else {
- nameLen--
- i++
- }
- }
-
- return nameLen
- }
-
- func compressionLenSearch(c map[string]struct{}, s string, msgOff int) (int, bool) {
- for off, end := 0, false; !end; off, end = NextLabel(s, off) {
- if _, ok := c[s[off:]]; ok {
- return off, true
- }
-
- if msgOff+off < maxCompressionOffset {
- c[s[off:]] = struct{}{}
- }
- }
-
- return 0, false
- }
-
- // Copy returns a new RR which is a deep-copy of r.
- func Copy(r RR) RR { return r.copy() }
-
- // Len returns the length (in octets) of the uncompressed RR in wire format.
- func Len(r RR) int { return r.len(0, nil) }
-
- // Copy returns a new *Msg which is a deep-copy of dns.
- func (dns *Msg) Copy() *Msg { return dns.CopyTo(new(Msg)) }
-
- // CopyTo copies the contents to the provided message using a deep-copy and returns the copy.
- func (dns *Msg) CopyTo(r1 *Msg) *Msg {
- r1.MsgHdr = dns.MsgHdr
- r1.Compress = dns.Compress
-
- if len(dns.Question) > 0 {
- r1.Question = make([]Question, len(dns.Question))
- copy(r1.Question, dns.Question) // TODO(miek): Question is an immutable value, ok to do a shallow-copy
- }
-
- rrArr := make([]RR, len(dns.Answer)+len(dns.Ns)+len(dns.Extra))
- r1.Answer, rrArr = rrArr[:0:len(dns.Answer)], rrArr[len(dns.Answer):]
- r1.Ns, rrArr = rrArr[:0:len(dns.Ns)], rrArr[len(dns.Ns):]
- r1.Extra = rrArr[:0:len(dns.Extra)]
-
- for _, r := range dns.Answer {
- r1.Answer = append(r1.Answer, r.copy())
- }
-
- for _, r := range dns.Ns {
- r1.Ns = append(r1.Ns, r.copy())
- }
-
- for _, r := range dns.Extra {
- r1.Extra = append(r1.Extra, r.copy())
- }
-
- return r1
- }
-
- func (q *Question) pack(msg []byte, off int, compression compressionMap, compress bool) (int, error) {
- off, err := packDomainName(q.Name, msg, off, compression, compress)
- if err != nil {
- return off, err
- }
- off, err = packUint16(q.Qtype, msg, off)
- if err != nil {
- return off, err
- }
- off, err = packUint16(q.Qclass, msg, off)
- if err != nil {
- return off, err
- }
- return off, nil
- }
-
- func unpackQuestion(msg []byte, off int) (Question, int, error) {
- var (
- q Question
- err error
- )
- q.Name, off, err = UnpackDomainName(msg, off)
- if err != nil {
- return q, off, err
- }
- if off == len(msg) {
- return q, off, nil
- }
- q.Qtype, off, err = unpackUint16(msg, off)
- if err != nil {
- return q, off, err
- }
- if off == len(msg) {
- return q, off, nil
- }
- q.Qclass, off, err = unpackUint16(msg, off)
- if off == len(msg) {
- return q, off, nil
- }
- return q, off, err
- }
-
- func (dh *Header) pack(msg []byte, off int, compression compressionMap, compress bool) (int, error) {
- off, err := packUint16(dh.Id, msg, off)
- if err != nil {
- return off, err
- }
- off, err = packUint16(dh.Bits, msg, off)
- if err != nil {
- return off, err
- }
- off, err = packUint16(dh.Qdcount, msg, off)
- if err != nil {
- return off, err
- }
- off, err = packUint16(dh.Ancount, msg, off)
- if err != nil {
- return off, err
- }
- off, err = packUint16(dh.Nscount, msg, off)
- if err != nil {
- return off, err
- }
- off, err = packUint16(dh.Arcount, msg, off)
- if err != nil {
- return off, err
- }
- return off, nil
- }
-
- func unpackMsgHdr(msg []byte, off int) (Header, int, error) {
- var (
- dh Header
- err error
- )
- dh.Id, off, err = unpackUint16(msg, off)
- if err != nil {
- return dh, off, err
- }
- dh.Bits, off, err = unpackUint16(msg, off)
- if err != nil {
- return dh, off, err
- }
- dh.Qdcount, off, err = unpackUint16(msg, off)
- if err != nil {
- return dh, off, err
- }
- dh.Ancount, off, err = unpackUint16(msg, off)
- if err != nil {
- return dh, off, err
- }
- dh.Nscount, off, err = unpackUint16(msg, off)
- if err != nil {
- return dh, off, err
- }
- dh.Arcount, off, err = unpackUint16(msg, off)
- if err != nil {
- return dh, off, err
- }
- return dh, off, nil
- }
-
- // setHdr set the header in the dns using the binary data in dh.
- func (dns *Msg) setHdr(dh Header) {
- dns.Id = dh.Id
- dns.Response = dh.Bits&_QR != 0
- dns.Opcode = int(dh.Bits>>11) & 0xF
- dns.Authoritative = dh.Bits&_AA != 0
- dns.Truncated = dh.Bits&_TC != 0
- dns.RecursionDesired = dh.Bits&_RD != 0
- dns.RecursionAvailable = dh.Bits&_RA != 0
- dns.Zero = dh.Bits&_Z != 0 // _Z covers the zero bit, which should be zero; not sure why we set it to the opposite.
- dns.AuthenticatedData = dh.Bits&_AD != 0
- dns.CheckingDisabled = dh.Bits&_CD != 0
- dns.Rcode = int(dh.Bits & 0xF)
- }
|