1 /* 2 * testcode/dohclient.c - debug program. Perform multiple DNS queries using DoH. 3 * 4 * Copyright (c) 2020, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * Simple DNS-over-HTTPS client. For testing and debugging purposes. 40 * No authentication of TLS cert. 41 */ 42 43 #include "config.h" 44 #ifdef HAVE_GETOPT_H 45 #include <getopt.h> 46 #endif 47 #include "sldns/wire2str.h" 48 #include "sldns/sbuffer.h" 49 #include "sldns/str2wire.h" 50 #include "sldns/parseutil.h" 51 #include "util/data/msgencode.h" 52 #include "util/data/msgreply.h" 53 #include "util/data/msgparse.h" 54 #include "util/net_help.h" 55 #include <openssl/ssl.h> 56 #include <openssl/err.h> 57 #ifdef HAVE_NGHTTP2 58 #include <nghttp2/nghttp2.h> 59 60 struct http2_session { 61 nghttp2_session* session; 62 SSL* ssl; 63 int fd; 64 int query_count; 65 /* Use POST :method if 1 */ 66 int post; 67 int block_select; 68 const char* authority; 69 const char* endpoint; 70 const char* content_type; 71 }; 72 73 struct http2_stream { 74 int32_t stream_id; 75 int res_status; 76 struct sldns_buffer* buf; 77 char* path; 78 }; 79 80 static void usage(char* argv[]) 81 { 82 printf("usage: %s [options] name type class ...\n", argv[0]); 83 printf(" sends the name-type-class queries over " 84 "DNS-over-HTTPS.\n"); 85 printf("-s server IP address to send the queries to, " 86 "default: 127.0.0.1\n"); 87 printf("-p Port to connect to, default: %d\n", 88 UNBOUND_DNS_OVER_HTTPS_PORT); 89 printf("-P Use POST method instead of default GET\n"); 90 printf("-e HTTP endpoint, default: /dns-query\n"); 91 printf("-c Content-type in request, default: " 92 "application/dns-message\n"); 93 printf("-n no-tls, TLS is disabled\n"); 94 printf("-h This help text\n"); 95 exit(1); 96 } 97 98 /** open TCP socket to svr */ 99 static int 100 open_svr(const char* svr, int port) 101 { 102 struct sockaddr_storage addr; 103 socklen_t addrlen; 104 int fd = -1; 105 int r; 106 if(!ipstrtoaddr(svr, port, &addr, &addrlen)) { 107 printf("fatal: bad server specs '%s'\n", svr); 108 exit(1); 109 } 110 111 fd = socket(addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET, 112 SOCK_STREAM, 0); 113 if(fd == -1) { 114 perror("socket() error"); 115 exit(1); 116 } 117 r = connect(fd, (struct sockaddr*)&addr, addrlen); 118 if(r < 0 && r != EINPROGRESS) { 119 perror("connect() error"); 120 exit(1); 121 } 122 return fd; 123 } 124 125 static ssize_t http2_submit_request_read_cb( 126 nghttp2_session* ATTR_UNUSED(session), 127 int32_t ATTR_UNUSED(stream_id), uint8_t* buf, size_t length, 128 uint32_t* data_flags, nghttp2_data_source* source, 129 void* ATTR_UNUSED(cb_arg)) 130 { 131 if(length > sldns_buffer_remaining(source->ptr)) 132 length = sldns_buffer_remaining(source->ptr); 133 134 memcpy(buf, sldns_buffer_current(source->ptr), length); 135 sldns_buffer_skip(source->ptr, length); 136 137 if(sldns_buffer_remaining(source->ptr) == 0) { 138 *data_flags |= NGHTTP2_DATA_FLAG_EOF; 139 } 140 141 return length; 142 } 143 144 static void 145 submit_query(struct http2_session* h2_session, struct sldns_buffer* buf) 146 { 147 int32_t stream_id; 148 struct http2_stream* h2_stream; 149 nghttp2_nv headers[5]; 150 char* qb64; 151 size_t qb64_size; 152 size_t qb64_expected_size; 153 size_t i; 154 nghttp2_data_provider data_prd; 155 156 h2_stream = calloc(1, sizeof(*h2_stream)); 157 if(!h2_stream) 158 fatal_exit("could not malloc http2 stream"); 159 h2_stream->buf = buf; 160 161 if(h2_session->post) { 162 data_prd.source.ptr = buf; 163 data_prd.read_callback = http2_submit_request_read_cb; 164 h2_stream->path = (char*)h2_session->endpoint; 165 } else { 166 qb64_expected_size = sldns_b64_ntop_calculate_size( 167 sldns_buffer_remaining(buf)); 168 qb64 = malloc(qb64_expected_size); 169 if(!qb64) fatal_exit("out of memory"); 170 qb64_size = sldns_b64url_ntop(sldns_buffer_begin(buf), 171 sldns_buffer_remaining(buf), qb64, qb64_expected_size); 172 h2_stream->path = malloc(strlen( 173 h2_session->endpoint)+strlen("?dns=")+qb64_size+1); 174 if(!h2_stream->path) fatal_exit("out of memory"); 175 snprintf(h2_stream->path, strlen(h2_session->endpoint)+ 176 strlen("?dns=")+qb64_size+1, "%s?dns=%s", 177 h2_session->endpoint, qb64); 178 free(qb64); 179 } 180 181 headers[0].name = (uint8_t*)":method"; 182 if(h2_session->post) 183 headers[0].value = (uint8_t*)"POST"; 184 else 185 headers[0].value = (uint8_t*)"GET"; 186 headers[1].name = (uint8_t*)":path"; 187 headers[1].value = (uint8_t*)h2_stream->path; 188 headers[2].name = (uint8_t*)":scheme"; 189 if(h2_session->ssl) 190 headers[2].value = (uint8_t*)"https"; 191 else 192 headers[2].value = (uint8_t*)"http"; 193 headers[3].name = (uint8_t*)":authority"; 194 headers[3].value = (uint8_t*)h2_session->authority; 195 headers[4].name = (uint8_t*)"content-type"; 196 headers[4].value = (uint8_t*)h2_session->content_type; 197 198 printf("Request headers\n"); 199 for(i=0; i<sizeof(headers)/sizeof(headers[0]); i++) { 200 headers[i].namelen = strlen((char*)headers[i].name); 201 headers[i].valuelen = strlen((char*)headers[i].value); 202 headers[i].flags = NGHTTP2_NV_FLAG_NONE; 203 printf("%s: %s\n", headers[i].name, headers[i].value); 204 } 205 206 stream_id = nghttp2_submit_request(h2_session->session, NULL, headers, 207 sizeof(headers)/sizeof(headers[0]), 208 (h2_session->post) ? &data_prd : NULL, h2_stream); 209 if(stream_id < 0) { 210 printf("Failed to submit nghttp2 request"); 211 exit(1); 212 } 213 h2_session->query_count++; 214 h2_stream->stream_id = stream_id; 215 } 216 217 static sldns_buffer* 218 make_query(char* qname, char* qtype, char* qclass) 219 { 220 struct query_info qinfo; 221 struct edns_data edns; 222 sldns_buffer* buf = sldns_buffer_new(65553); 223 if(!buf) fatal_exit("out of memory"); 224 qinfo.qname = sldns_str2wire_dname(qname, &qinfo.qname_len); 225 if(!qinfo.qname) { 226 printf("cannot parse query name: '%s'\n", qname); 227 exit(1); 228 } 229 230 qinfo.qtype = sldns_get_rr_type_by_name(qtype); 231 qinfo.qclass = sldns_get_rr_class_by_name(qclass); 232 qinfo.local_alias = NULL; 233 234 qinfo_query_encode(buf, &qinfo); /* flips buffer */ 235 free(qinfo.qname); 236 sldns_buffer_write_u16_at(buf, 0, 0x0000); 237 sldns_buffer_write_u16_at(buf, 2, BIT_RD); 238 memset(&edns, 0, sizeof(edns)); 239 edns.edns_present = 1; 240 edns.bits = EDNS_DO; 241 edns.udp_size = 4096; 242 if(sldns_buffer_capacity(buf) >= 243 sldns_buffer_limit(buf)+calc_edns_field_size(&edns)) 244 attach_edns_record(buf, &edns); 245 return buf; 246 } 247 248 static ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), 249 uint8_t* buf, size_t len, int ATTR_UNUSED(flags), void* cb_arg) 250 { 251 struct http2_session* h2_session = (struct http2_session*)cb_arg; 252 int r; 253 ssize_t ret; 254 struct timeval tv, *waittv; 255 fd_set rfd; 256 ERR_clear_error(); 257 258 memset(&tv, 0, sizeof(tv)); 259 260 if(h2_session->block_select && h2_session->query_count <= 0) { 261 return NGHTTP2_ERR_WOULDBLOCK; 262 } 263 if(h2_session->block_select) 264 waittv = NULL; 265 else 266 waittv = &tv; 267 memset(&rfd, 0, sizeof(rfd)); 268 FD_ZERO(&rfd); 269 FD_SET(h2_session->fd, &rfd); 270 r = select(h2_session->fd+1, &rfd, NULL, NULL, waittv); 271 if(r <= 0) { 272 return NGHTTP2_ERR_WOULDBLOCK; 273 } 274 275 if(h2_session->ssl) { 276 r = SSL_read(h2_session->ssl, buf, len); 277 if(r <= 0) { 278 int want = SSL_get_error(h2_session->ssl, r); 279 if(want == SSL_ERROR_ZERO_RETURN) { 280 return NGHTTP2_ERR_EOF; 281 } 282 log_crypto_err("could not SSL_read"); 283 return NGHTTP2_ERR_EOF; 284 } 285 return r; 286 } 287 288 ret = read(h2_session->fd, buf, len); 289 if(ret == 0) { 290 return NGHTTP2_ERR_EOF; 291 } else if(ret < 0) { 292 log_err("could not http2 read: %s", strerror(errno)); 293 return NGHTTP2_ERR_EOF; 294 } 295 return ret; 296 } 297 298 static ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), 299 const uint8_t* buf, size_t len, int ATTR_UNUSED(flags), void* cb_arg) 300 { 301 struct http2_session* h2_session = (struct http2_session*)cb_arg; 302 ssize_t ret; 303 304 if(h2_session->ssl) { 305 int r; 306 ERR_clear_error(); 307 r = SSL_write(h2_session->ssl, buf, len); 308 if(r <= 0) { 309 int want = SSL_get_error(h2_session->ssl, r); 310 if(want == SSL_ERROR_ZERO_RETURN) { 311 return NGHTTP2_ERR_CALLBACK_FAILURE; 312 } 313 log_crypto_err("could not SSL_write"); 314 return NGHTTP2_ERR_CALLBACK_FAILURE; 315 } 316 return r; 317 } 318 319 ret = write(h2_session->fd, buf, len); 320 if(ret == 0) { 321 return NGHTTP2_ERR_CALLBACK_FAILURE; 322 } else if(ret < 0) { 323 log_err("could not http2 write: %s", strerror(errno)); 324 return NGHTTP2_ERR_CALLBACK_FAILURE; 325 } 326 return ret; 327 } 328 329 static int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session), 330 int32_t ATTR_UNUSED(stream_id), 331 nghttp2_error_code ATTR_UNUSED(error_code), void *cb_arg) 332 { 333 struct http2_session* h2_session = (struct http2_session*)cb_arg; 334 struct http2_stream* h2_stream; 335 if(!(h2_stream = nghttp2_session_get_stream_user_data( 336 h2_session->session, stream_id))) { 337 return 0; 338 } 339 h2_session->query_count--; 340 sldns_buffer_free(h2_stream->buf); 341 if(!h2_session->post) 342 free(h2_stream->path); 343 free(h2_stream); 344 h2_stream = NULL; 345 return 0; 346 } 347 348 static int http2_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session), 349 uint8_t ATTR_UNUSED(flags), int32_t stream_id, const uint8_t* data, 350 size_t len, void* cb_arg) 351 { 352 struct http2_session* h2_session = (struct http2_session*)cb_arg; 353 struct http2_stream* h2_stream; 354 355 if(!(h2_stream = nghttp2_session_get_stream_user_data( 356 h2_session->session, stream_id))) { 357 return 0; 358 } 359 360 if(sldns_buffer_remaining(h2_stream->buf) < len) { 361 log_err("received data chunck does not fit into buffer"); 362 return NGHTTP2_ERR_CALLBACK_FAILURE; 363 } 364 365 sldns_buffer_write(h2_stream->buf, data, len); 366 367 return 0; 368 } 369 370 static int http2_frame_recv_cb(nghttp2_session *session, 371 const nghttp2_frame *frame, void* ATTR_UNUSED(cb_arg)) 372 { 373 struct http2_stream* h2_stream; 374 375 if(!(h2_stream = nghttp2_session_get_stream_user_data( 376 session, frame->hd.stream_id))) 377 return 0; 378 if(frame->hd.type == NGHTTP2_HEADERS && 379 frame->headers.cat == NGHTTP2_HCAT_RESPONSE) { 380 sldns_buffer_clear(h2_stream->buf); 381 } 382 if(((frame->hd.type != NGHTTP2_DATA && 383 frame->hd.type != NGHTTP2_HEADERS) || 384 frame->hd.flags & NGHTTP2_FLAG_END_STREAM) && 385 h2_stream->res_status == 200) { 386 char* pktstr; 387 sldns_buffer_flip(h2_stream->buf); 388 pktstr = sldns_wire2str_pkt( 389 sldns_buffer_begin(h2_stream->buf), 390 sldns_buffer_limit(h2_stream->buf)); 391 printf("%s\n", pktstr); 392 free(pktstr); 393 return 0; 394 } 395 return 0; 396 } 397 static int http2_header_cb(nghttp2_session* ATTR_UNUSED(session), 398 const nghttp2_frame* frame, const uint8_t* name, size_t namelen, 399 const uint8_t* value, size_t ATTR_UNUSED(valuelen), 400 uint8_t ATTR_UNUSED(flags), void* cb_arg) 401 { 402 struct http2_stream* h2_stream; 403 struct http2_session* h2_session = (struct http2_session*)cb_arg; 404 printf("%s %s\n", name, value); 405 if(namelen == 7 && memcmp(":status", name, namelen) == 0) { 406 if(!(h2_stream = nghttp2_session_get_stream_user_data( 407 h2_session->session, frame->hd.stream_id))) { 408 return 0; 409 } 410 h2_stream->res_status = atoi((char*)value); 411 } 412 return 0; 413 } 414 415 static struct http2_session* 416 http2_session_create() 417 { 418 struct http2_session* h2_session = calloc(1, 419 sizeof(struct http2_session)); 420 nghttp2_session_callbacks* callbacks; 421 if(!h2_session) 422 fatal_exit("out of memory"); 423 424 if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) { 425 log_err("failed to initialize nghttp2 callback"); 426 return NULL; 427 } 428 nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb); 429 nghttp2_session_callbacks_set_send_callback(callbacks, http2_send_cb); 430 nghttp2_session_callbacks_set_on_stream_close_callback(callbacks, 431 http2_stream_close_cb); 432 nghttp2_session_callbacks_set_on_data_chunk_recv_callback(callbacks, 433 http2_data_chunk_recv_cb); 434 nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks, 435 http2_frame_recv_cb); 436 nghttp2_session_callbacks_set_on_header_callback(callbacks, 437 http2_header_cb); 438 nghttp2_session_client_new(&h2_session->session, callbacks, h2_session); 439 nghttp2_session_callbacks_del(callbacks); 440 return h2_session; 441 } 442 443 static void 444 http2_session_delete(struct http2_session* h2_session) 445 { 446 nghttp2_session_del(h2_session->session); 447 free(h2_session); 448 } 449 450 static void 451 http2_submit_setting(struct http2_session* h2_session) 452 { 453 int ret; 454 nghttp2_settings_entry settings[1] = { 455 {NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 456 100}}; 457 458 ret = nghttp2_submit_settings(h2_session->session, NGHTTP2_FLAG_NONE, 459 settings, 1); 460 if(ret) { 461 printf("http2: submit_settings failed, " 462 "error: %s\n", nghttp2_strerror(ret)); 463 exit(1); 464 } 465 } 466 467 static void 468 http2_write(struct http2_session* h2_session) 469 { 470 if(nghttp2_session_want_write(h2_session->session)) { 471 if(nghttp2_session_send(h2_session->session)) { 472 printf("nghttp2 session send failed\n"); 473 exit(1); 474 } 475 } 476 } 477 478 static void 479 http2_read(struct http2_session* h2_session) 480 { 481 if(nghttp2_session_want_read(h2_session->session)) { 482 if(nghttp2_session_recv(h2_session->session)) { 483 printf("nghttp2 session mem_recv failed\n"); 484 exit(1); 485 } 486 } 487 } 488 489 static void 490 run(struct http2_session* h2_session, int port, int no_tls, int count, char** q) 491 { 492 int i; 493 SSL_CTX* ctx = NULL; 494 SSL* ssl = NULL; 495 int fd; 496 struct sldns_buffer* buf = NULL; 497 498 fd = open_svr(h2_session->authority, port); 499 h2_session->fd = fd; 500 501 if(!no_tls) { 502 ctx = connect_sslctx_create(NULL, NULL, NULL, 0); 503 if(!ctx) fatal_exit("cannot create ssl ctx"); 504 SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3); 505 ssl = outgoing_ssl_fd(ctx, fd); 506 if(!ssl) { 507 printf("cannot create ssl\n"); 508 exit(1); 509 } 510 h2_session->ssl = ssl; 511 while(1) { 512 int r; 513 ERR_clear_error(); 514 if( (r=SSL_do_handshake(ssl)) == 1) 515 break; 516 r = SSL_get_error(ssl, r); 517 if(r != SSL_ERROR_WANT_READ && 518 r != SSL_ERROR_WANT_WRITE) { 519 log_crypto_err("could not ssl_handshake"); 520 exit(1); 521 } 522 } 523 } 524 525 http2_submit_setting(h2_session); 526 http2_write(h2_session); 527 http2_read(h2_session); /* Read setting from remote peer */ 528 529 h2_session->block_select = 1; 530 531 /* hande query */ 532 for(i=0; i<count; i+=3) { 533 buf = make_query(q[i], q[i+1], q[i+2]); 534 submit_query(h2_session, buf); 535 } 536 http2_write(h2_session); 537 while(h2_session->query_count) { 538 http2_read(h2_session); 539 http2_write(h2_session); 540 } 541 542 /* shutdown */ 543 http2_session_delete(h2_session); 544 if(ssl) { 545 SSL_shutdown(ssl); 546 SSL_free(ssl); 547 } 548 if(ctx) { 549 SSL_CTX_free(ctx); 550 } 551 close(fd); 552 } 553 554 /** getopt global, in case header files fail to declare it. */ 555 extern int optind; 556 /** getopt global, in case header files fail to declare it. */ 557 extern char* optarg; 558 int main(int argc, char** argv) 559 { 560 int c; 561 int port = UNBOUND_DNS_OVER_HTTPS_PORT, no_tls = 0; 562 struct http2_session* h2_session; 563 564 #ifdef USE_WINSOCK 565 WSADATA wsa_data; 566 if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) { 567 printf("WSAStartup failed\n"); 568 return 1; 569 } 570 #endif 571 log_init(0, 0, 0); 572 checklock_start(); 573 574 h2_session = http2_session_create(); 575 if(!h2_session) fatal_exit("out of memory"); 576 if(argc == 1) { 577 usage(argv); 578 } 579 580 h2_session->authority = "127.0.0.1"; 581 h2_session->post = 0; 582 h2_session->endpoint = "/dns-query"; 583 h2_session->content_type = "application/dns-message"; 584 585 while((c=getopt(argc, argv, "c:e:hns:p:P")) != -1) { 586 switch(c) { 587 case 'c': 588 h2_session->content_type = optarg; 589 break; 590 case 'e': 591 h2_session->endpoint = optarg; 592 break; 593 case 'n': 594 no_tls = 1; 595 break; 596 case 'p': 597 if(atoi(optarg)==0 && strcmp(optarg,"0")!=0) { 598 printf("error parsing port, " 599 "number expected: %s\n", optarg); 600 return 1; 601 } 602 port = atoi(optarg); 603 break; 604 case 'P': 605 h2_session->post = 1; 606 break; 607 case 's': 608 h2_session->authority = optarg; 609 break; 610 case 'h': 611 case '?': 612 default: 613 usage(argv); 614 } 615 } 616 argc -= optind; 617 argv += optind; 618 if(argc%3!=0) { 619 printf("Invalid input. Specify qname, qtype, and qclass.\n"); 620 return 1; 621 } 622 623 624 run(h2_session, port, no_tls, argc, argv); 625 626 checklock_stop(); 627 #ifdef USE_WINSOCK 628 WSACleanup(); 629 #endif 630 return 0; 631 } 632 #else 633 int main(int ATTR_UNUSED(argc), char** ATTR_UNUSED(argv)) 634 { 635 printf("Compiled without nghttp2, cannot run test.\n"); 636 return 1; 637 } 638 #endif /* HAVE_NGHTTP2 */ 639