Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add client support for multiple domain names.

For fun, support multiple domain names:

    sdt sshdns.a.example.com sshdns.b.example.com \
        sshdns.a.example1.com sshdns.b.example1.com

Update server to check a list of domain names. The server checks domain
names to prevent responding to random queries/scans. This can be disabled
by using the keyword "any" as a domain name, i.e.:

    sods any
  • Loading branch information...
commit 728463479073207dff47e5df616e98fb5228f6e9 1 parent 6508a9d
@msantos authored
View
26 sdt/sdt.c
@@ -40,6 +40,7 @@ main(int argc, char *argv[])
pid_t pid = 0;
int nd = 0;
int ch = 0;
+ int di = 0;
IS_NULL(ss = (SDT_STATE *)calloc(1, sizeof(SDT_STATE)));
@@ -57,7 +58,9 @@ main(int argc, char *argv[])
ss->type = ns_t_txt;
ss->verbose_lines = 100;
- while ( (ch = getopt(argc, argv, "A:B:b:dF:hM:m:R:r:S:s:T:t:vx:")) != -1) {
+ ss->dname_next = &sdt_dns_dn_roundrobin;
+
+ while ( (ch = getopt(argc, argv, "A:B:b:dF:hM:m:n:R:r:S:s:T:t:vx:")) != -1) {
switch (ch) {
case 'A': /* alarm, delay buf */
ss->delay = (u_int32_t)atoi(optarg);
@@ -80,6 +83,14 @@ main(int argc, char *argv[])
case 'm':
ss->sleep = (u_int32_t)atoi(optarg);
break;
+ case 'n': /* strategy for shuffling domain name list */
+ if (strcasecmp(optarg, "roundrobin") == 0)
+ ss->dname_next = &sdt_dns_dn_roundrobin;
+ else if (strcasecmp(optarg, "random") == 0)
+ ss->dname_next = &sdt_dns_dn_random;
+ else
+ usage(ss);
+ break;
case 'R': /* Retry lookup */
sdt_dns_setopt(SDT_RES_RETRY, (u_int32_t)atoi(optarg));
break;
@@ -129,10 +140,16 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
- if ( (argc != 1) || (strlen(argv[0]) > NS_MAXCDNAME - 1))
+ if ( (argc == 0) || (argc >= MAXDNAMELIST))
usage(ss);
- IS_NULL(ss->dname = strdup(argv[0]));
+ ss->dname_max = argc;
+ IS_NULL(ss->dname = (char **)calloc(argc, 1));
+ for ( di = 0; di < argc; di++) {
+ if (strlen(argv[di]) > NS_MAXCDNAME - 1)
+ usage(ss);
+ IS_NULL(ss->dname[di] = strdup(argv[di]));
+ }
IS_ERR(nd = open("/dev/null", O_RDWR, 0));
@@ -390,8 +407,9 @@ usage(SDT_STATE *ss)
(void)fprintf(stderr, "-F <num>\tFast start, number of small packets to pass w/out buffering (0 to disable) [default: %d]\n", ss->faststart);
(void)fprintf(stderr, "-M\tMaximum number of polling query failures [default: %d]\n", ss->maxpollfail);
(void)fprintf(stderr, "-m\tMinimum time to sleep between nameserver queries [default: %d us]\n", ss->sleep);
+ (void)fprintf(stderr, "-n <roundrobin|random>\tStrategy for shuffling domain names [default: roundrobin]\n");
(void)fprintf(stderr, "-R <number>\tNumber of retries for lookup\n");
- (void)fprintf(stderr, "-r\tNameserver (or keyword: random, opendns, verizon, speakeasy)\n");
+ (void)fprintf(stderr, "-r\tNameserver (or keyword: random, opendns, verizon, speakeasy, google)\n");
(void)fprintf(stderr, "-S [rotate|blast]\tResolver strategy\n");
(void)fprintf(stderr, "-T <number>\tUse TCP [0 = new connection for each request, 1 = pipeline requests]\n");
(void)fprintf(stderr, "-t <DNS type>\tTXT, CNAME [Default = TXT]\n");
View
17 sdt/sdt.h
@@ -98,6 +98,8 @@
#define MAXBACKOFF 3000 /* 3000 * 20000 = 60,000,000 (1/minute) */
#define MAXPOLLFAIL 10 /* Number of TXT record failures before giving up */
+#define MAXDNAMELIST 256 /* arbitrary cutoff for number of domains */
+
typedef union _SDT_ID {
struct {
@@ -109,7 +111,9 @@ typedef union _SDT_ID {
} SDT_ID;
typedef struct _SDT_STATE {
- char *dname;
+ char **dname;
+ int dname_max;
+ int dname_iterator;
SDT_ID sess;
size_t sum;
size_t sum_up;
@@ -125,6 +129,8 @@ typedef struct _SDT_STATE {
pid_t child;
int verbose;
int verbose_lines;
+
+ char *(*dname_next)(void *state);
} SDT_STATE;
/* Resolver options */
@@ -151,10 +157,13 @@ int sdt_dns_parsens(SDT_STATE *ss, char *buf);
int sdt_dns_A(SDT_STATE *ss, char *buf, ssize_t n);
char *sdt_dns_poll(SDT_STATE *ss, size_t *len);
char *sdt_dns_parse(SDT_STATE *ss, char *pkt, int *pktlen);
-char * sdt_dns_dec_CNAME(SDT_STATE *ss, u_char *data, u_int16_t *n);
-char * sdt_dns_dec_TXT(SDT_STATE *ss, u_char *data, u_int16_t *n);
-char * sdt_dns_dec_NULL(SDT_STATE *ss, u_char *data, u_int16_t *n);
+char *sdt_dns_dec_CNAME(SDT_STATE *ss, u_char *data, u_int16_t *n);
+char *sdt_dns_dec_TXT(SDT_STATE *ss, u_char *data, u_int16_t *n);
+char *sdt_dns_dec_NULL(SDT_STATE *ss, u_char *data, u_int16_t *n);
void sdt_dns_print_servers(SDT_STATE *ss);
+char *sdt_dns_dn_roundrobin(void *state);
+char *sdt_dns_dn_random(void *state);
+
void sdt_rand_init(void);
#ifndef HAVE_ARC4RANDOM
View
22 sdt/sdt_dns.c
@@ -136,7 +136,7 @@ sdt_dns_A(SDT_STATE *ss, char *buf, ssize_t n)
* $temp_payload.$nonce-$sum_up.id-$id.up.$extension
*/
(void)snprintf(query, sizeof(query), "%s.%u-%u.id-%u.up.%s",
- dn, nonce, (u_int32_t)ss->sum_up, htonl(ss->sess.id), ss->dname);
+ dn, nonce, (u_int32_t)ss->sum_up, htonl(ss->sess.id), ss->dname_next(ss));
VERBOSE(2, "A:%s\n", query);
if (res_search(query, ns_c_in, ns_t_a, (u_char *)&pkt, sizeof(pkt)) < 0) {
@@ -166,7 +166,7 @@ sdt_dns_poll(SDT_STATE *ss, size_t *len)
* $sum-$nonce.id-$id.down.$extension
*/
(void)snprintf(query, sizeof(query), "%u-%u.id-%u.down.%s",
- (u_int32_t)ss->sum, nonce, htonl(ss->sess.id), ss->dname);
+ (u_int32_t)ss->sum, nonce, htonl(ss->sess.id), ss->dname_next(ss));
VERBOSE(2, "POLL:%s\n", query);
@@ -415,3 +415,21 @@ sdt_dns_print_servers(SDT_STATE *ss)
}
}
+
+/* Strategies for iterating through multiple
+ * domain names */
+ char *
+sdt_dns_dn_roundrobin(void *state)
+{
+ SDT_STATE *ss = state;
+ return (ss->dname[ss->dname_iterator++ % ss->dname_max]);
+}
+
+ char *
+sdt_dns_dn_random(void *state)
+{
+ SDT_STATE *ss = state;
+ return (ss->dname[sdt_rand() % ss->dname_max]);
+}
+
+
View
11 sods/sods.c
@@ -39,6 +39,7 @@ main (int argc, char *argv[])
SDS_STATE *ss = NULL;
int ch = 0;
+ int di = 0;
IS_NULL(ss = (SDS_STATE *)calloc(1, sizeof(SDS_STATE)));
@@ -102,10 +103,16 @@ main (int argc, char *argv[])
argc -= optind;
argv += optind;
- if ( (argc != 1) || (strlen(argv[0]) > NS_MAXDNAME - 1))
+ if ( (argc == 0) || (argc >= MAXDNAMELIST))
usage(ss);
- IS_NULL(ss->dn = strdup(argv[0]));
+ ss->dn_max = argc;
+ IS_NULL(ss->dn = (char **)calloc(argc, 1));
+ for ( di = 0; di < argc; di++) {
+ if (strlen(argv[di]) > NS_MAXCDNAME - 1)
+ usage(ss);
+ IS_NULL(ss->dn[di] = strdup(argv[di]));
+ }
if (ss->fwd == NULL)
(void)sds_parse_forward(ss, "127.0.0.1:22");
View
6 sods/sods.h
@@ -80,7 +80,8 @@
#define BUFLEN 110
#define NS_TXTREC 65535 /* see http://www.zeroconf.org/Rendezvous/txtrecords.html */
-#define MAXFWDS 32 /* Maximum number of allowed forwarders */
+#define MAXFWDS 32 /* Maximum number of allowed forwarders */
+#define MAXDNAMELIST 256 /* Maximum number of domain names */
typedef struct _SDS_FWD {
u_int8_t sess; /* Unused */
@@ -89,7 +90,8 @@ typedef struct _SDS_FWD {
typedef struct _SDS_STATE {
int s;
- char *dn;
+ char **dn;
+ int dn_max;
char *func; /* sshdns, socket ... */
SDS_FWD *fwd;
size_t fwds; /* number of forwarded sessions */
View
13 sods/sods_dns.c
@@ -408,6 +408,7 @@ sds_dns_packet(SDS_PKT *pkt, void *data, size_t len)
sds_dns_checkdn(SDS_STATE *ss, char *domain)
{
char *p = NULL;
+ int i = 0;
p = strchr(domain, '.');
*p++ = '\0';
@@ -417,11 +418,15 @@ sds_dns_checkdn(SDS_STATE *ss, char *domain)
return (-1);
#endif
- if (strncmp(ss->dn, p, strlen(ss->dn)+1) != 0) {
- VERBOSE(1, "rejecting request for domain: %s\n", p);
- return (-1);
+ if (strcmp(ss->dn[0], "any") == 0)
+ return (0);
+
+ for ( i = 0; i < ss->dn_max; i++) {
+ if (strncmp(ss->dn[i], p, strlen(ss->dn[i])+1) == 0)
+ return (0);
}
- return (0);
+ VERBOSE(1, "rejecting request for domain: %s\n", p);
+ return (-1);
}
Please sign in to comment.
Something went wrong with that request. Please try again.