Codebase list dnsdbq / HEAD asinfo.c
HEAD

Tree @HEAD (Download .tar.gz)

asinfo.c @HEADraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
/*
 * Copyright (c) 2014-2020 by Farsight Security, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/* Note that cygwin has a crippled libresolv that does not
 * include the not so recent ns_initparse() function, etc.
 * This AS info functionality is thus not available
 * in cygwin.
 */

/* external. */

/* asprintf() does not appear on linux without this */
#define _GNU_SOURCE

#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <netinet/in.h>
#include <errno.h>
#include <netdb.h>
#include <resolv.h>
#include <stdlib.h>
#include <string.h>
#include "globals.h"

#ifndef CRIPPLED_LIBC  /* must be after globals.h - which includes defs.h */

#include "asinfo.h"

/* private. */

static struct __res_state res;

/* forward. */

static char *asinfo_from_ipv4(const char *, char **, char **);
#ifdef asinfo_ipv6
static const char *asinfo_from_ipv6(const char *, char **, char **);
#endif
static char *asinfo_from_dns(const char *, char **, char **);
static const char *keep_best(char **, char **, char *, char *);

/* public. */

/* asinfo_from_rr(rrtype, rdata, asnum, cidr) -- find ASINFO for A/AAAA string
 *
 * return NULL on success, or else, reason (malloc'd string) for failure.
 *
 * side effect: on success, *asnum and *cidr will be heap-allocated strings.
 */
char *
asinfo_from_rr(const char *rrtype, const char *rdata,
	       char **asnum, char **cidr)
{
	if (asinfo_lookup) {
		if (strcmp(rrtype, "A") == 0)
			return asinfo_from_ipv4(rdata, asnum, cidr);
#ifdef asinfo_ipv6
		if (strcmp(rrtype, "AAAA") == 0)
			return asinfo_from_ipv6(rdata, asnum, cidr);
#endif
	}
	return NULL;
}

/* asinfo_domain_exists(domain) -- verify DNS-level existence of a domain
 *
 * return boolean -- does this domain exist in some form?
 */
bool
asinfo_domain_exists(const char *domain) {
	u_char buf[NS_PACKETSZ];

	return res_query(domain, ns_c_in, ns_t_txt, buf, sizeof buf) > 0 ||
		_res.res_h_errno != HOST_NOT_FOUND;
}

/* asinfo_shutdown() -- deallocate underlying library's heap resources
 */
void
asinfo_shutdown(void) {
	if ((res.options & RES_INIT) != 0)
		res_nclose(&res);
}

/* static. */

/* asinfo_from_ipv4(addr, asnum, cidr) -- prepare and use ASINFO IPv4 name
 *
 * return NULL on success, or else, reason (malloc'd string) for failure.
 *
 * side effect: on success, *asnum and *cidr will be heap-allocated strings.
 */
static char *
asinfo_from_ipv4(const char *addr, char **asnum, char **cidr) {
	u_char a4[32/8];
	char *dname;

	if (inet_pton(AF_INET, addr, a4) < 0)
		return strdup(strerror(errno));
	int n = asprintf(&dname, "%d.%d.%d.%d.%s",
			 a4[3], a4[2], a4[1], a4[0], asinfo_domain);
	if (n < 0)
		return strdup(strerror(errno));
	char *result = asinfo_from_dns(dname, asnum, cidr);
	free(dname);
	return result;
}

#ifdef asinfo_ipv6
/* asinfo_from_ipv6(addr, asnum, cidr) -- prepare and use ASINFO IPv6 name
 *
 * return NULL on success, or else, reason (malloc'd string) for failure.
 *
 * side effect: on success, *asnum and *cidr will be heap-allocated strings.
 *
 * NOTE WELL: this is a placeholder, since no ASINFO source has working IPv6.
 */
static char *
asinfo_from_ipv6(const char *addr, char **asnum, char **cidr) {
	char *result, *dname, *p;
	u_char a6[128/8];
	int i;

	if (inet_pton(AF_INET6, addr, &a6) < 0)
		return strdup(strerror(errno));
	dname = malloc(strlen(asinfo_domain) + (128/4)*2);
	if (dname == NULL)
		return strdup(strerror(errno));
	result = NULL;
	p = dname;
	for (i = (128/8) - 1; i >= 0; i--) {
		int n = sprintf(p, "%x.%x.", a6[i] & 0xf, a6[i] >> 4);
		if (n < 0) {
			result = strdup(strerror(errno));
			break;
		}
		p += n;
	}
	if (result == NULL) {
		strcpy(p, asinfo_domain);
		result = asinfo_from_dns(dname, asnum, cidr);
	}
	p = NULL;
	free(dname);
	return result;
}
#endif

/* asinfo_from_dns(dname, asnum, cidr) -- retrieve and parse a ASINFO DNS TXT
 *
 * return NULL on success, or else, reason (malloc'd string) for failure.
 *
 * side effect: on success, *asnum and *cidr will be heap-allocated strings.
 */
static char *
asinfo_from_dns(const char *dname, char **asnum, char **cidr) {
	u_char buf[NS_PACKETSZ];
	int n, an, rrn, rcode;
	char *result;
	ns_msg msg;
	ns_rr rr;

	DEBUG(1, true, "asinfo_from_dns(%s)\n", dname);
	if ((res.options & RES_INIT) == 0) {
		res_ninit(&res);
		/* use a TCP connection and keep it open */
		res.options |= RES_USEVC|RES_STAYOPEN;
	}
	n = res_nquery(&res, dname, ns_c_in, ns_t_txt, buf, sizeof buf);
	if (n < 0) {
		if (res.res_h_errno == HOST_NOT_FOUND)
			return NULL;
		else
			return strdup(hstrerror(res.res_h_errno));
	}
	if (ns_initparse(buf, n, &msg) < 0)
		return strdup(strerror(errno));
	rcode = ns_msg_getflag(msg, ns_f_rcode);
	if (rcode != ns_r_noerror) {
		if (asprintf(&result, "DNS RCODE 0x%x", rcode) < 0)
			return strdup(strerror(errno));
		return result;
	}
	an = ns_msg_count(msg, ns_s_an);
	if (an == 0)
		return strdup("ANCOUNT == 0");
	/* some ASINFO data sources return multiple TXT RR's, each having
	 * a prefix length measured in bits. we will select the best
	 * (longest match) prefix offered.
	 */
	for (result = NULL, rrn = 0; result == NULL && rrn < an; rrn++) {
		const u_char *rdata;
		int rdlen, ntxt;
		char *txt[3];

		if (ns_parserr(&msg, ns_s_an, rrn, &rr) < 0) {
			result = strdup(strerror(errno));
			break;
		}
		rdata = ns_rr_rdata(rr);
		rdlen = ns_rr_rdlen(rr);
		ntxt = 0;
		while (rdlen > 0) {
			/* no current ASINFO source has a TXT schema having
			 * more than three TXT segments (<character-strings>).
			 */
			if (ntxt == 3) {
				result = strdup("len(TXT[]) > 3");
				break;
			}
			n = *rdata++;
			rdlen--;
			if (n > rdlen) {
				result = strdup("TXT overrun");
				break;
			}
			txt[ntxt] = strndup((const char *)rdata, (size_t)n);
			if (txt[ntxt] == NULL) {
				result = strdup("strndup FAIL");
				break;
			}
			DEBUG(2, true, "TXT[%d] \"%s\"\n", ntxt, txt[ntxt]);
			rdata += n;
			rdlen -= n;
			ntxt++;
		}

		if (result == NULL) {
			const int seplen = sizeof " | " - 1;
			const char *t1 = NULL, *t2 = NULL;

			if (ntxt == 1 &&
			    (t1 = strstr(txt[0], " | ")) != NULL &&
			    (t2 = strstr(t1 + seplen, " | ")) != NULL)
			{
				/* team-cymru.com format:
				 *
				 * one TXT segment per TXT RR, having
				 * internal structure of vertical bar (|)
				 * separated fields, of which the first
				 * two are our desired output values
				 * (AS number or path or set; CIDR prefix).
				 */
				char *new_asnum, *new_cidr;
				new_asnum = strndup(txt[0], (size_t)
						    (t1 - txt[0]));
				new_cidr = strndup(t1 + seplen, (size_t)
						   (t2 - (t1 + seplen)));
				t1 = t2 = NULL;
				const char *t = keep_best(asnum, cidr,
							  new_asnum,
							  new_cidr);
				if (t != NULL)
					result = strdup(t);
			} else if (ntxt == 3) {
				/* routeviews.org format:
				 *
				 * three TXT segments per TXT RR, which are
				 * the AS number or path or set, and the
				 * prefix mantissa, and the prefix length.
				 * we use the first directly, and combine
				 * the second and third to form CIDR prefix.
				 */
				char *new_asnum, *new_cidr;
				if (asprintf(&new_cidr, "%s/%s",
					     txt[1], txt[2]) >= 0)
				{
					new_asnum = strdup(txt[0]);
					const char *t = keep_best(asnum, cidr,
								  new_asnum,
								  new_cidr);
					if (t != NULL)
						result = strdup(t);
				} else {
					result = strdup(strerror(errno));
				}
			} else {
				result = strdup("unrecognized TXT format");
			}
		}
		for (n = 0; n < ntxt; n++) {
			free(txt[n]);
			txt[n] = NULL;
		}
	}
	return result;
}

/* keep_best(asnum, cidr, new_asnum, new_cidr) -- select/keep "best" ASINFO
 *
 * return NULL on success, or else, reason (string) for failure.
 *
 * side effect: on success, *asnum and *cidr will be heap-allocated strings.
 */
static const char *
keep_best(char **asnum, char **cidr, char *new_asnum, char *new_cidr) {
	if (*asnum != NULL && *cidr != NULL) {
		int pfxlen = -1, new_pfxlen = -1;
		char *cp;

		if ((cp = strchr(*cidr, '/')) == NULL ||
		    (pfxlen = atoi(cp+1)) <= 0 || pfxlen > 128)
			return "bad CIDR syntax (old)";
		if ((cp = strchr(new_cidr, '/')) == NULL ||
		    (new_pfxlen = atoi(cp+1)) <= 0 || new_pfxlen > 128)
			return "bad CIDR syntax (new)";
		if (new_pfxlen <= pfxlen) {
			free(new_asnum);
			free(new_cidr);
			return NULL;
		}
		free(*asnum);
		*asnum = NULL;
		free(*cidr);
		*cidr = NULL;
	}
	if (strcmp(new_asnum, "4294967295") == 0) {
		/* in routeviews.org, this is how they signal "unknown". */
		free(new_asnum);
		free(new_cidr);
	} else {
		*asnum = new_asnum;
		*cidr = new_cidr;
	}
	return NULL;
}
#endif /*CRIPPLED_LIBC*/