8 require IO::Socket::INET;
9 require Net::DNS::Packet;
11 use Carp qw(cluck confess);
18 my $opt_forward_addr="localhost";
19 my $opt_forward_port=53;
20 my $opt_spoof_ip="192.196.60.1";
22 "a|addr=s",\$opt_addr,
23 "p|port=s",\$opt_port,
24 "forward-addr=s",\$opt_forward_addr,
25 "forward-port=s",\$opt_forward_port,
26 "i|spoof-ip=s",\$opt_spoof_ip,
29 my $forward_host=gethostbyname($opt_forward_addr) or die "resolving $opt_forward_addr: $!";
30 my $forward_addr=sockaddr_in($opt_forward_port,$forward_host) or die "assembling $opt_forward_addr:$opt_forward_port";
32 my $sock_udp=IO::Socket::INET->new(
36 ) or die "socket(): $!";
37 my $sock_udp_priv=IO::Socket::INET->new(
39 ) or die "socket(): $!";
40 ###fcntl($sock_udp,F_SETFL,O_NONBLOCK) or die "fnctl(sock_udp,F_SETFL,O_NONBLOCK)";
45 $id=int(rand(0x10000)) if !defined $id;
55 my($msg,$from_addr)=@_;
57 my $query=Net::DNS::Packet->new(\$msg);
58 my $query_id_orig=$query->header()->id();
59 my $query_id=id_next();
60 $query->header()->id($query_id);
61 my $msg_forward=$query->data();
62 $query->header()->id($query_id_orig); # fix-up back
65 "from_addr"=>$from_addr,
68 warn "registered pending query id $query_id..." if $D;
69 warn "sending forwarded DNS query (mapped id $query_id_orig -> $query_id)..." if $D;
70 send $sock_udp_priv,$msg_forward,0,$forward_addr or cluck "send(): $!";
73 sub check_spoofable($$)
77 warn "checking packet spoofability from the reply... (non-spoofable if silent)" if $D;
78 my @questions=$query->question();
79 return 0 if 1!=@questions;
80 my $question=$questions[0];
81 return 0 if $question->qtype() ne "A"
82 && $question->qtype() ne "ANY";
83 return 0 if $reply->header()->rcode() ne "NXDOMAIN";
84 warn "packet considered as spoofable." if $D;
90 my($query_from_addr,$query)=@_;
92 warn "assembling spoof reply..." if $D;
93 my $question=($query->question())[0];
94 my $spoof=Net::DNS::Packet->new($question->qname(),$question->qclass(),$question->qtype());
95 $spoof->push("answer",Net::DNS::RR->new(join(" ",
100 $opt_spoof_ip, # rdata
102 $spoof->header()->rcode("NOERROR");
103 $spoof->header()->aa(0);
104 $spoof->header()->qr(1);
105 $spoof->header()->ra(1);
106 $spoof->header()->rd($query->header()->rd());
107 $spoof->header()->id($query->header()->id());
108 my $msg_spoof=$spoof->data();
109 warn "sending spoof reply..." if $D;
110 send $sock_udp,$msg_spoof,0,$query_from_addr or cluck "send(): $!";
113 sub got_forward_reply($)
117 warn "parsing reply from our forwarded DNS..." if $D;
118 my $reply=Net::DNS::Packet->new(\$msg);
119 my $reply_id=$reply->header()->id();
120 my($query_msg,$query_from_addr,$query);
121 if (my $hash=$sent{$reply_id}) {
122 delete $sent{$reply_id};
123 $query_msg =$hash->{"msg"};
124 $query_from_addr=$hash->{"from_addr"};
125 $query =$hash->{"query"};
126 warn "deleted pending record with id $reply_id." if $D;
129 warn "Got DNS reply for unknown packet id $reply_id";
132 if (check_spoofable($reply,$query)) {
133 reply_spoof $query_from_addr,$query;
136 $reply->header()->id($query->header()->id());
137 my $reply_back=$reply->data();
138 warn "parsing reply back to the original query host..." if $D;
139 send $sock_udp,$reply_back,0,$query_from_addr or cluck "send(): $!";
144 vec($rfds,fileno($sock_udp),1)=1;
145 vec($rfds,fileno($sock_udp_priv),1)=1;
146 warn "select(2)..." if $D;
147 my $got=select $rfds,undef(),undef(),undef();
148 warn "got from select." if $D;
149 die "Invalid select(2): ".Dumper($got) if !defined $got || $got<0;
151 for my $sock ($sock_udp,$sock_udp_priv) {
153 defined(my $from_addr=recv $sock,$msg,0x1000,0) or do { cluck "recv(): $!"; next; };
154 warn "got packet." if $D;
155 my($from_addr_port,$from_addr_host)=sockaddr_in($from_addr);
157 if ($from_addr_host eq $forward_host && $from_addr_port eq $opt_forward_port) {
158 warn "packet returned from forwarding DNS..." if $D;
159 if ($sock eq $sock_udp) {
160 warn "packet returned from forwarding DNS forbidden from the main listening socket";
163 got_forward_reply $msg;
166 warn "original query..." if $D;
167 if ($sock eq $sock_udp_priv) {
168 warn "original query forbidden from the private forwarding socket";
171 got_query $msg,$from_addr;