/src/pdns/pdns/dnswriter.cc

Source
/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <boost/version.hpp>
#include <boost/container/static_vector.hpp>
#include "dnswriter.hh"
#include "misc.hh"
#include "dnsparser.hh"

#include <limits.h>

/* d_content:                                      <---- d_stuff ---->
                                      v d_truncatemarker
   dnsheader | qname | qtype | qclass | {recordname| dnsrecordheader | record }
                                        ^ d_rollbackmarker           ^ d_sor


*/

template <typename Container>
GenericDNSPacketWriter<Container>::GenericDNSPacketWriter(Container& content, const DNSName& qname, uint16_t qtype, uint16_t qclass, uint8_t opcode) :
  d_qname(qname), d_content(content)
{
  d_content.clear();
  dnsheader dnsheader;

  memset(&dnsheader, 0, sizeof(dnsheader));
  dnsheader.id=0;
  dnsheader.qdcount=htons(1);
  dnsheader.opcode=opcode;

  const uint8_t* ptr=(const uint8_t*)&dnsheader;
  d_content.reserve(sizeof(dnsheader) + qname.wirelength() + sizeof(qtype) + sizeof(qclass));
  d_content.resize(sizeof(dnsheader));
  uint8_t* dptr=(&*d_content.begin());

  memcpy(dptr, ptr, sizeof(dnsheader));
  d_namepositions.reserve(16);
  xfrName(qname, false);
  xfr16BitInt(qtype);
  xfr16BitInt(qclass);

  if (d_content.size() > std::numeric_limits<decltype(d_truncatemarker)>::max()) {
    throw std::range_error("Trying to build a packet larger than " + std::to_string(std::numeric_limits<decltype(d_truncatemarker)>::max()) + " bytes");
  }
  d_truncatemarker = d_content.size();
}

template <typename Container> dnsheader* GenericDNSPacketWriter<Container>::getHeader()
{
  return reinterpret_cast<dnsheader*>(&*d_content.begin());
}


template <typename Container> void GenericDNSPacketWriter<Container>::startRecord(const DNSName& name, uint16_t qtype, uint32_t ttl, uint16_t qclass, DNSResourceRecord::Place place, bool compress)
{
  d_compress = compress;
  commit();
  if (d_content.size() > std::numeric_limits<decltype(d_rollbackmarker)>::max()) {
    throw std::range_error("Trying to build a packet larger than " + std::to_string(std::numeric_limits<decltype(d_rollbackmarker)>::max()) + " bytes");
  }
  d_rollbackmarker = d_content.size();

  if (compress && !name.isRoot() && d_qname==name) {  // don't do the whole label compression thing if we *know* we can get away with "see question" - except when compressing the root
    static const std::array<unsigned char, 2> marker{0xc0, 0x0c};
    d_content.insert(d_content.end(), reinterpret_cast<const char *>(marker.begin()), reinterpret_cast<const char *>(marker.end()));
  }
  else {
    xfrName(name, compress);
  }
  xfr16BitInt(qtype);
  xfr16BitInt(qclass);
  xfr32BitInt(ttl);
  xfr16BitInt(0); // this will be the record size
  d_recordplace = place;

  d_sor = d_content.size(); // this will remind us where to stuff the record size
}

template <typename Container> void GenericDNSPacketWriter<Container>::addOpt(const uint16_t udpsize, const uint16_t extRCode, const uint16_t ednsFlags, const optvect_t& options, const uint8_t version)
{
  uint32_t ttl=0;

  EDNS0Record stuff;

  stuff.version = version;
  stuff.extFlags = htons(ednsFlags);

  /* RFC 6891 section 4 on the Extended RCode wire format
   *    EXTENDED-RCODE
   *        Forms the upper 8 bits of extended 12-bit RCODE (together with the
   *        4 bits defined in [RFC1035].  Note that EXTENDED-RCODE value 0
   *        indicates that an unextended RCODE is in use (values 0 through 15).
   */
  // XXX Should be check for extRCode > 1<<12 ?
  stuff.extRCode = extRCode>>4;
  if (extRCode != 0) { // As this trumps the existing RCODE
    getHeader()->rcode = extRCode;
  }

  static_assert(sizeof(EDNS0Record) == sizeof(ttl), "sizeof(EDNS0Record) must match sizeof(ttl)");
  memcpy(&ttl, &stuff, sizeof(stuff));

  ttl=ntohl(ttl); // will be reversed later on

  startRecord(g_rootdnsname, QType::OPT, ttl, udpsize, DNSResourceRecord::ADDITIONAL, false);
  for(auto const &option : options) {
    xfr16BitInt(option.first);
    xfr16BitInt(option.second.length());
    xfrBlob(option.second);
  }
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfr48BitInt(uint64_t val)
{
  if ((val >> 48) != 0) {
    throw runtime_error("Value too large to fit in 48 bits");
  }
  std::array<unsigned char, 6> bytes;
  uint16_t theLeft = htons((val >> 32)&0xffffU);
  uint32_t theRight = htonl(val & 0xffffffffU);
  memcpy(&bytes[0], (void*)&theLeft, sizeof(theLeft));
  memcpy(&bytes[2], (void*)&theRight, sizeof(theRight));

  d_content.insert(d_content.end(), bytes.begin(), bytes.end());
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfrNodeOrLocatorID(const NodeOrLocatorID& val)
{
  d_content.insert(d_content.end(), val.content, val.content + sizeof(val.content));
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfr32BitInt(uint64_t val)
{
  if (val > std::numeric_limits<uint32_t>::max()) {
    throw runtime_error("Value too large to fit in 32 bits");
  }
  uint32_t rval=htonl(static_cast<uint32_t>(val));
  uint8_t* ptr=reinterpret_cast<uint8_t*>(&rval);
  d_content.insert(d_content.end(), ptr, ptr+4);
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfr16BitInt(uint64_t val)
{
  if (val > std::numeric_limits<uint16_t>::max()) {
    throw runtime_error("Value too large to fit in 16 bits");
  }
  uint16_t rval=htons(static_cast<uint16_t>(val));
  uint8_t* ptr=reinterpret_cast<uint8_t*>(&rval);
  d_content.insert(d_content.end(), ptr, ptr+2);
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfr8BitInt(uint64_t val)
{
  if (val > std::numeric_limits<uint8_t>::max()) {
    throw runtime_error("Value too large to fit in 8 bits");
  }
  d_content.push_back(static_cast<uint8_t>(val));
}


/* input:
 if lenField is true
  "" -> 0
  "blah" -> 4blah
  "blah" "blah" -> output 4blah4blah
  "verylongstringlongerthan256....characters" \xffverylongstring\x23characters (autosplit)
  "blah\"blah" -> 9blah"blah
  "blah\97" -> 5blahb

 if lenField is false
  "blah" -> blah
  "blah\"blah" -> blah"blah
  */
template <typename Container> void GenericDNSPacketWriter<Container>::xfrText(const string& text, bool, bool lenField)
{
  if(text.empty()) {
    d_content.push_back(0);
    return;
  }
  vector<string> segments = segmentDNSText(text);
  for(const string& str :  segments) {
    if(lenField)
      d_content.push_back(str.length());
    d_content.insert(d_content.end(), str.c_str(), str.c_str() + str.length());
  }
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfrUnquotedText(const string& text, bool lenField)
{
  if(text.empty()) {
    d_content.push_back(0);
    return;
  }
  if (lenField) {
    if (text.length() > 255) {
      throw runtime_error("invalid unquoted text length");
    }
    d_content.push_back(text.length());
  }
  d_content.insert(d_content.end(), text.c_str(), text.c_str() + text.length());
}


static constexpr bool l_verbose=false;
static constexpr uint16_t maxCompressionOffset=16384;
template <typename Container> uint16_t GenericDNSPacketWriter<Container>::lookupName(const DNSName& name, uint16_t* matchLen)
{
  // iterate over the written labels, see if we find a match
  const auto& raw = name.getStorage();

  /* name might be a.root-servers.net, we need to be able to benefit from finding:
     b.root-servers.net, or even:
     b\xc0\x0c
  */
  unsigned int bestpos=0;
  *matchLen = 0;

  // positions of each label in the name we are trying to compress
  boost::container::static_vector<uint16_t, 34> positionsInName;
  // positions of labels in the packet we are building
  boost::container::static_vector<uint16_t, 34> positionsInPacket;

  try {
    for(auto riter= raw.cbegin(); riter < raw.cend(); ) {
      if (*riter == 0) {
        break;
      }
      positionsInName.push_back(riter - raw.cbegin());
      riter += *riter + 1;
    }
  }
  catch (const std::bad_alloc& ba) {
    if (l_verbose) {
      cout << "Domain " << name << " too large to compress" << endl;
    }
    return 0;
  }

  if (l_verbose) {
    cout<<"Input vector for lookup "<<name<<": ";
    for (const auto n : positionsInName) {
      cout << n << " ";
    }
    cout<<endl;
    cout<<makeHexDump(string(raw.c_str(), raw.c_str()+raw.size()))<<endl;
  }

  if (l_verbose) {
    cout << "Have " << d_namepositions.size() << " to ponder" << endl;
  }

  int counter=1;
  for (const auto positionInPacket : d_namepositions) {
    // here it's a bit tricky because the names might be compressed,
    // so we will gather all labels composing the name, following
    // pointers if needed
    // for example if there is an uncompressed \1a\1b\1c\0 we will store
    // the position of \1a, \1b, \1c
    // if there is instead \1a followed by a pointer to \1b\1c\0 earlier
    // in the packet we will store the position of \1a, \1b, \1c as well
    // they will just be disjoint
    if (l_verbose) {
      cout<<"Pos: "<<positionInPacket<<", "<<d_content.size()<<endl;
      DNSName pname(reinterpret_cast<const char*>(d_content.data()), d_content.size(), positionInPacket, true); // only for debugging
      cout<<"Looking at '"<<pname<<"' in packet at position "<<positionInPacket<<"/"<<d_content.size()<<", option "<<counter<<"/"<<d_namepositions.size()<<endl;
      ++counter;
    }
    size_t pointerQuota = 50U;
    // memcmp here makes things _slower_
    positionsInPacket.clear();
    try {
      for (auto iter = d_content.cbegin() + positionInPacket; iter < d_content.cend() && pointerQuota > 0;) {
        uint8_t labelLength = *iter;
        const uint16_t currentPos = (iter - d_content.cbegin());
        if (l_verbose) {
          cout << "Found label length: " << std::to_string(labelLength) << " at " << currentPos << endl;
        }
        if (labelLength & 0xc0) {
          uint16_t npos = 0x100*(labelLength & (~0xc0)) + *++iter;
          // check against going forward
          if (npos >= currentPos || npos < sizeof(dnsheader)) {
            /* something is not right */
            break;
          }

          // jump to the target of the pointer
          iter = d_content.begin() + npos;
          if (l_verbose) {
            cout << "Is compressed label to newpos " << npos << ", going there" << endl;
          }

          if (pointerQuota >= 1) {
            pointerQuota--;
            continue;
          }

          // out of pointer quota, let's stop there
          break;
        }

        if (labelLength == 0) {
          break;
        }

        if (currentPos >= maxCompressionOffset) {
          break; // compression pointers cannot point here
        }

        positionsInPacket.push_back(currentPos);
        // jump to the next label
        iter += labelLength + 1;
      }
    }
    catch (const std::bad_alloc& ba) {
      if (l_verbose) {
        cout << "Domain " << name << " too large to compress" << endl;
      }
      continue;
    }

    if (l_verbose) {
      cout<<"Packet vector: "<<endl;
      for (const auto n : positionsInPacket) {
        cout << n << " ";
      }
      cout<<endl;
    }

    auto positionInNameIter = positionsInName.crbegin();
    auto positionInPacketIter = positionsInPacket.crbegin();
    unsigned int cmatchlen=1;
    for(; positionInNameIter != positionsInName.crend() && positionInPacketIter != positionsInPacket.crend(); ++positionInNameIter, ++positionInPacketIter) {
      // positionInNameIter is an offset in raw, pvect an offset in packet
      uint8_t nlen = raw[*positionInNameIter];
      uint8_t plen = d_content[*positionInPacketIter];

      if (l_verbose) {
        cout << "nlnen=" << (int)nlen << ", plen=" << (int)plen << endl;
      }

      if (nlen != plen) {
        break;
      }

      if (strncasecmp(raw.c_str() + *positionInNameIter + 1, (const char*)&d_content[*positionInPacketIter] + 1, nlen)) {
        if (l_verbose) {
          cout << "Mismatch: " << string(raw.c_str() + *positionInNameIter + 1, raw.c_str() + *positionInNameIter + nlen + 1) << " != " << string((const char*)&d_content[*positionInPacketIter] + 1, (const char*)&d_content[*positionInPacketIter] + nlen + 1) << endl;
        }
        break;
      }

      cmatchlen += nlen + 1;
      if (cmatchlen == raw.length()) { // have matched all of it, can't improve
        if (l_verbose) {
          cout << "Stopping search, matched whole name" << endl;
        }

        *matchLen = cmatchlen;
        return *positionInPacketIter;
      }
    }
    if (positionInPacketIter != positionsInPacket.crbegin() && *matchLen < cmatchlen) {
      *matchLen = cmatchlen;
      bestpos = *--positionInPacketIter;
    }
  }
  return bestpos;
}
// this is the absolute hottest function in the pdns recursor
template <typename Container> void GenericDNSPacketWriter<Container>::xfrName(const DNSName& name, bool compress)
{
  if(l_verbose)
    cout<<"Wants to write "<<name<<", compress="<<compress<<", canonic="<<d_canonic<<", LC="<<d_lowerCase<<endl;
  if(d_canonic || d_lowerCase)   // d_lowerCase implies canonic
    compress=false;

  if(name.empty() || name.isRoot()) { // for speed
    d_content.push_back(0);
    return;
  }

  uint16_t li=0;
  uint16_t matchlen=0;
  if(d_compress && compress && (li=lookupName(name, &matchlen)) && li < maxCompressionOffset) {
    const auto& dns=name.getStorage();
    if(l_verbose)
      cout<<"Found a substring of "<<matchlen<<" bytes from the back, offset: "<<li<<", dnslen: "<<dns.size()<<endl;
    // found a substring, if www.powerdns.com matched powerdns.com, we get back matchlen = 13

    unsigned int pos=d_content.size();
    if(pos < maxCompressionOffset && matchlen != dns.size()) {
      if(l_verbose)
        cout<<"Inserting pos "<<pos<<" for "<<name<<" for compressed case"<<endl;
      d_namepositions.push_back(pos);
    }

    if(l_verbose)
      cout<<"Going to write unique part: '"<<makeHexDump(string(dns.c_str(), dns.c_str() + dns.size() - matchlen)) <<"'"<<endl;
    d_content.insert(d_content.end(), (const unsigned char*)dns.c_str(), (const unsigned char*)dns.c_str() + dns.size() - matchlen);
    uint16_t offset=li;
    offset|=0xc000;

    d_content.push_back((char)(offset >> 8));
    d_content.push_back((char)(offset & 0xff));
  }
  else {
    unsigned int pos=d_content.size();
    if(l_verbose)
      cout<<"Found nothing, we are at pos "<<pos<<", inserting whole name"<<endl;
    if(pos < maxCompressionOffset) {
      if(l_verbose)
        cout<<"Inserting pos "<<pos<<" for "<<name<<" for uncompressed case"<<endl;
      d_namepositions.push_back(pos);
    }

    std::unique_ptr<DNSName> lc;
    if(d_lowerCase)
      lc = make_unique<DNSName>(name.makeLowerCase());

    const DNSName::string_t& raw = (lc ? *lc : name).getStorage();
    if(l_verbose)
      cout<<"Writing out the whole thing "<<makeHexDump(string(raw.c_str(),  raw.c_str() + raw.length()))<<endl;
    d_content.insert(d_content.end(), raw.c_str(), raw.c_str() + raw.size());
  }
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfrBlob(const string& blob, int  )
{
  const uint8_t* ptr=reinterpret_cast<const uint8_t*>(blob.c_str());
  d_content.insert(d_content.end(), ptr, ptr+blob.size());
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfrBlob(const std::vector<uint8_t>& blob)
{
  d_content.insert(d_content.end(), blob.begin(), blob.end());
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfrBlobNoSpaces(const string& blob, int  )
{
  xfrBlob(blob);
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfrHexBlob(const string& blob, bool /* keepReading */)
{
  xfrBlob(blob);
}

template <typename Container> void GenericDNSPacketWriter<Container>::xfrSvcParamKeyVals(const std::set<SvcParam> &kvs)
{
  for (auto const &param : kvs) {
    // Key first!
    xfr16BitInt(param.getKey());

    switch (param.getKey())
    {
    case SvcParam::mandatory:
      xfr16BitInt(2 * param.getMandatory().size());
      for (auto const &m: param.getMandatory()) {
        xfr16BitInt(m);
      }
      break;
    case SvcParam::alpn:
    {
      size_t totalSize = param.getALPN().size(); // All 1 octet size headers for each value
      for (auto const &a : param.getALPN()) {
        totalSize += a.length();
      }
      if (totalSize > std::numeric_limits<uint16_t>::max()) {
        throw runtime_error("invalid total length of alpn parameters");
      }
      xfr16BitInt(static_cast<uint16_t>(totalSize));
      for (auto const &a : param.getALPN()) {
        xfrUnquotedText(a, true); // will add the 1-byte length field
      }
      break;
    }
    case SvcParam::no_default_alpn:
      xfr16BitInt(0); // no size :)
      break;
    case SvcParam::port:
      xfr16BitInt(2); // size
      xfr16BitInt(param.getPort());
      break;
    case SvcParam::ipv4hint:
      xfr16BitInt(param.getIPHints().size() * 4); // size
      for (const auto& a: param.getIPHints()) {
        xfrCAWithoutPort(param.getKey(), a);
      }
      break;
    case SvcParam::ipv6hint:
      xfr16BitInt(param.getIPHints().size() * 16); // size
      for (const auto& a: param.getIPHints()) {
        xfrCAWithoutPort(param.getKey(), a);
      }
      break;
    case SvcParam::ech:
      xfr16BitInt(param.getECH().size()); // size
      xfrBlobNoSpaces(param.getECH());
      break;
    case SvcParam::ohttp:
      xfr16BitInt(0); // no size
      break;
    case SvcParam::tls_supported_groups:
      xfr16BitInt(2 * param.getTLSSupportedGroups().size()); // size
      for (const auto& group: param.getTLSSupportedGroups()) {
        xfr16BitInt(group);
      }
      break;
    default:
      xfr16BitInt(param.getValue().size());
      xfrBlob(param.getValue());
      break;
    }
  }
}

// call __before commit__
template <typename Container> void GenericDNSPacketWriter<Container>::getRecordPayload(string& records)
{
  records.assign(d_content.begin() + d_sor, d_content.end());
}

// call __before commit__
template <typename Container> void GenericDNSPacketWriter<Container>::getWireFormatContent(string& record)
{
  record.assign(d_content.begin() + d_rollbackmarker, d_content.end());
}

template <typename Container> uint32_t GenericDNSPacketWriter<Container>::size() const
{
  return d_content.size();
}

template <typename Container> void GenericDNSPacketWriter<Container>::rollback()
{
  d_content.resize(d_rollbackmarker);
  d_sor = 0;
}

template <typename Container> void GenericDNSPacketWriter<Container>::truncate()
{
  d_content.resize(d_truncatemarker);
  dnsheader* dh=reinterpret_cast<dnsheader*>( &*d_content.begin());
  dh->ancount = dh->nscount = dh->arcount = 0;
}

template <typename Container> void GenericDNSPacketWriter<Container>::commit()
{
  if (d_sor == 0) {
    return;
  }

  if (d_sor < 2 || d_sor > d_content.size()) {
    throw std::range_error("Invalid start of record when trying to build a packet: " + std::to_string(d_sor) + " / " + std::to_string(d_content.size()));
  }

  if (d_content.size() > std::numeric_limits<uint16_t>::max()) {
    throw std::range_error("Trying to build a packet larger than " + std::to_string(std::numeric_limits<uint16_t>::max()) + " bytes");
  }

  uint16_t rlen = d_content.size() - d_sor;
  d_content.at(d_sor-2) = rlen >> 8;
  d_content.at(d_sor-1) = rlen & 0xff;
  d_sor = 0;
  auto* dh = reinterpret_cast<dnsheader*>( &*d_content.begin());
  switch(d_recordplace) {
  case DNSResourceRecord::QUESTION:
    dh->qdcount = htons(ntohs(dh->qdcount) + 1);
    break;
  case DNSResourceRecord::ANSWER:
    dh->ancount = htons(ntohs(dh->ancount) + 1);
    break;
  case DNSResourceRecord::AUTHORITY:
    dh->nscount = htons(ntohs(dh->nscount) + 1);
    break;
  case DNSResourceRecord::ADDITIONAL:
    dh->arcount = htons(ntohs(dh->arcount) + 1);
    break;
  }

}

template <typename Container> size_t GenericDNSPacketWriter<Container>::getSizeWithOpts(const optvect_t& options) const
{
  size_t result = size() + /* root */ 1 + DNS_TYPE_SIZE + DNS_CLASS_SIZE + DNS_TTL_SIZE + DNS_RDLENGTH_SIZE;

  for(auto const &option : options) {
    result += 4;
    result += option.second.size();
  }

  return result;
}

template class GenericDNSPacketWriter<std::vector<uint8_t>>;
#include "noinitvector.hh"
template class GenericDNSPacketWriter<PacketBuffer>;

Coverage Report

Created: 2026-05-24 06:25