parent
6a75e08368
commit
52c9c3f15e
|
@ -0,0 +1,5 @@
|
|||
; This is a zone-signing key, keyid 21798, for miek.nl.
|
||||
; Created: 20110122104659 (Sat Jan 22 11:46:59 2011)
|
||||
; Publish: 20110122104659 (Sat Jan 22 11:46:59 2011)
|
||||
; Activate: 20110122104659 (Sat Jan 22 11:46:59 2011)
|
||||
miek.nl. IN DNSKEY 256 3 5 AwEAAQGk589980oEiFs1AUicHq2YlHbE5n0DWgfgCqTfBZ1ZYRjn2mye mQotdt4Yzq97nBPy1nzxrZhKabhX9nZriVv8jurPLXeauW/NT1Drfrjz DQRidU+A1DvLDkEKeEl8O+kOyiIHK49kUrjbfar9yQuFZUAeo+24FRfH q9oGysW70Q==
|
|
@ -0,0 +1,13 @@
|
|||
Private-key-format: v1.3
|
||||
Algorithm: 5 (RSASHA1)
|
||||
Modulus: AaTnz33zSgSIWzUBSJwerZiUdsTmfQNaB+AKpN8FnVlhGOfabJ6ZCi123hjOr3ucE/LWfPGtmEppuFf2dmuJW/yO6s8td5q5b81PUOt+uPMNBGJ1T4DUO8sOQQp4SXw76Q7KIgcrj2RSuNt9qv3JC4VlQB6j7bgVF8er2gbKxbvR
|
||||
PublicExponent: AQAB
|
||||
PrivateExponent: /IkdBCupeEi7uHS5tPnvHAHPtNm5nf4xhWm9fBYpT0wjnlB+JTYbViXgoa+4uAhwK54nPvXxzovZz+UPLfwvFBoG3D0vYS+M9WWOBCnEuDK0MfcBWfTE2hlV13xDll1o7Pj/fvpRQ7paBhjpP6uBwlVI1vH6GR9kNXQRfWK1NQU=
|
||||
Prime1: AdG+8ixEeDzHKI2GRD7lGhrQ8EzN4Tc0mek1u6ioFZ0imohaPqtqNq7RWVo35cWuvYflhFQYzFn99HGRvfGfDv8=
|
||||
Prime2: 51psvlotBXuaqzrgfb5I6u7DG9JhU5WO68PZf1RMmq2e2xLvKvDGXCP5oFur9AOsHdbmahnzgFC1s18vg7kFLw==
|
||||
Exponent1: glXRJ5oxm7CQJKrCRmeOmpqF5Lhooi5SM/UZguUmx0Z7wFSg3Q9oJhvnyVuDLYLs/y63jWEzLqvm0DFc2lUMuQ==
|
||||
Exponent2: Aq3qan3y3Yhj7y28YdhtUcM4IT9bfzNRN2vKPg5E4Nm36EOc33twYKrN/kxxfl74hFPz0TDBwC+vGwe0LitbYw==
|
||||
Coefficient: AZX3xIGzo/3fw4ouA6nAjpiWGpTK+OdFRkZtvbmzwgqnFDQopB0SweVnd1shpKCXkPTkdvpLTdmhU/84CW5m7cQ=
|
||||
Created: 20110122104659
|
||||
Publish: 20110122104659
|
||||
Activate: 20110122104659
|
|
@ -4,7 +4,7 @@
|
|||
include $(GOROOT)/src/Make.inc
|
||||
TARG=funkensturm
|
||||
GOFILES=funkensturm.go\
|
||||
config.go\
|
||||
config_sign.go\
|
||||
|
||||
DEPS=../../
|
||||
include $(GOROOT)/src/Make.cmd
|
||||
|
|
|
@ -3,6 +3,7 @@ package main
|
|||
// This is a transparant proxy config. All recevied pkt are just forwarded to the
|
||||
// nameserver, hardcoded to 127.0.0.1 and then return to the original querier
|
||||
import (
|
||||
"fmt"
|
||||
"dns"
|
||||
"dns/resolver"
|
||||
)
|
||||
|
@ -11,6 +12,7 @@ func match(m *dns.Msg, d int) (*dns.Msg, bool) {
|
|||
// Matching criteria
|
||||
switch d {
|
||||
case IN:
|
||||
fmt.Printf("%v\n", m)
|
||||
// nothing
|
||||
case OUT:
|
||||
// Note that when sending back only the mangling is important
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
package main
|
||||
|
||||
// This is a transparant proxy config. All recevied pkt are just forwarded to the
|
||||
// nameserver, hardcoded to 127.0.0.1 and then return to the original querier
|
||||
import (
|
||||
"dns"
|
||||
"dns/resolver"
|
||||
)
|
||||
|
||||
func match(m *dns.Msg, d int) (*dns.Msg, bool) {
|
||||
// Matching criteria
|
||||
switch d {
|
||||
case IN:
|
||||
// nothing
|
||||
case OUT:
|
||||
// Note that when sending back only the mangling is important
|
||||
// the actual return code of these function isn't checked by
|
||||
// funkensturm
|
||||
}
|
||||
|
||||
// Packet Mangling functions
|
||||
switch d {
|
||||
case IN:
|
||||
// nothing
|
||||
case OUT:
|
||||
// nothing
|
||||
}
|
||||
return m, true
|
||||
}
|
||||
|
||||
func send(m *dns.Msg, ok bool) (*dns.Msg, bool) {
|
||||
switch ok {
|
||||
case true, false:
|
||||
qr <- resolver.Msg{m, nil, nil}
|
||||
in := <-qr
|
||||
return in.Dns, true
|
||||
}
|
||||
return nil, false // Bug in Go, yes BUG IN GO
|
||||
}
|
||||
|
||||
// qr is global and started by Funkensturm. If you
|
||||
// need 2 or more resolvers, you'll need to start
|
||||
// them yourself. This needs to be a global variable
|
||||
//var qr1 chan resolver.Msg
|
||||
|
||||
// Return the configration
|
||||
func funkensturm() *Funkensturm {
|
||||
f := new(Funkensturm)
|
||||
|
||||
f.Setup = func() bool { return true }
|
||||
|
||||
f.Matches = make([]Match, 1)
|
||||
f.Matches[0].Op = AND
|
||||
f.Matches[0].Func = match
|
||||
|
||||
f.Actions = make([]Action, 1)
|
||||
f.Actions[0].Func = send
|
||||
return f
|
||||
}
|
|
@ -0,0 +1,111 @@
|
|||
package main
|
||||
|
||||
// This is a transparant proxy config. All recevied pkt are just forwarded to the
|
||||
// nameserver, hardcoded to 127.0.0.1 and then return to the original querier
|
||||
import (
|
||||
"dns"
|
||||
"dns/resolver"
|
||||
"crypto/rsa"
|
||||
)
|
||||
|
||||
func sign(m *dns.Msg) *dns.Msg {
|
||||
// Assume miek.nl, just for testing, example.com???
|
||||
sg := new(dns.RR_RRSIG)
|
||||
sg.Hdr = dns.RR_Header{"miek.nl.", dns.TypeRRSIG, dns.ClassINET, 14400, 0}
|
||||
sg.Expiration = 1296534305 // date -u '+%s' -d"2011-02-01 04:25:05"
|
||||
sg.Inception = 1293942305 // date -u '+%s' -d"2011-01-02 04:25:05"
|
||||
sg.KeyTag = pubkey.KeyTag() // Get the keyfrom the Key
|
||||
sg.SignerName = pubkey.Hdr.Name
|
||||
sg.Algorithm = dns.AlgRSASHA256
|
||||
|
||||
if len(m.Answer) > 0 {
|
||||
// sign the first record
|
||||
an := m.Answer[0]
|
||||
sg.TypeCovered = an.Header().Rrtype
|
||||
sg.Labels = dns.LabelCount(an.Header().Name)
|
||||
sg.OrigTtl = an.Header().Ttl
|
||||
switch p:=privkey.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
sg.Sign(p, []dns.RR{an})
|
||||
}
|
||||
}
|
||||
m.Answer = append(m.Answer, sg)
|
||||
return m
|
||||
}
|
||||
|
||||
func match(m *dns.Msg, d int) (*dns.Msg, bool) {
|
||||
// Matching criteria
|
||||
switch d {
|
||||
case IN:
|
||||
// nothing
|
||||
case OUT:
|
||||
// Note that when sending back only the mangling is important
|
||||
// the actual return code of these function isn't checked by
|
||||
// funkensturm
|
||||
}
|
||||
|
||||
// Packet Mangling functions
|
||||
switch d {
|
||||
case IN:
|
||||
// nothing
|
||||
case OUT:
|
||||
// On the way out sign the packet
|
||||
m = sign(m) // keys are global
|
||||
}
|
||||
return m, true
|
||||
}
|
||||
|
||||
func send(m *dns.Msg, ok bool) (*dns.Msg, bool) {
|
||||
switch ok {
|
||||
case true, false:
|
||||
qr <- resolver.Msg{m, nil, nil}
|
||||
in := <-qr
|
||||
return in.Dns, true
|
||||
}
|
||||
return nil, false // Bug in Go, yes BUG IN GO
|
||||
}
|
||||
|
||||
// qr is global and started by Funkensturm. If you
|
||||
// need 2 or more resolvers, you'll need to start
|
||||
// them yourself. This needs to be a global variable
|
||||
//var qr1 chan resolver.Msg
|
||||
|
||||
var pubkey *dns.RR_DNSKEY
|
||||
var privkey dns.PrivateKey
|
||||
|
||||
func setup() bool {
|
||||
privdata := `Private-key-format: v1.3
|
||||
Algorithm: 5 (RSASHA1)
|
||||
Modulus: AaTnz33zSgSIWzUBSJwerZiUdsTmfQNaB+AKpN8FnVlhGOfabJ6ZCi123hjOr3ucE/LWfPGtmEppuFf2dmuJW/yO6s8td5q5b81PUOt+uPMNBGJ1T4DUO8sOQQp4SXw76Q7KIgcrj2RSuNt9qv3JC4VlQB6j7bgVF8er2gbKxbvR
|
||||
PublicExponent: AQAB
|
||||
PrivateExponent: /IkdBCupeEi7uHS5tPnvHAHPtNm5nf4xhWm9fBYpT0wjnlB+JTYbViXgoa+4uAhwK54nPvXxzovZz+UPLfwvFBoG3D0vYS+M9WWOBCnEuDK0MfcBWfTE2hlV13xDll1o7Pj/fvpRQ7paBhjpP6uBwlVI1vH6GR9kNXQRfWK1NQU=
|
||||
Prime1: AdG+8ixEeDzHKI2GRD7lGhrQ8EzN4Tc0mek1u6ioFZ0imohaPqtqNq7RWVo35cWuvYflhFQYzFn99HGRvfGfDv8=
|
||||
Prime2: 51psvlotBXuaqzrgfb5I6u7DG9JhU5WO68PZf1RMmq2e2xLvKvDGXCP5oFur9AOsHdbmahnzgFC1s18vg7kFLw==
|
||||
Exponent1: glXRJ5oxm7CQJKrCRmeOmpqF5Lhooi5SM/UZguUmx0Z7wFSg3Q9oJhvnyVuDLYLs/y63jWEzLqvm0DFc2lUMuQ==
|
||||
Exponent2: Aq3qan3y3Yhj7y28YdhtUcM4IT9bfzNRN2vKPg5E4Nm36EOc33twYKrN/kxxfl74hFPz0TDBwC+vGwe0LitbYw==
|
||||
Coefficient: AZX3xIGzo/3fw4ouA6nAjpiWGpTK+OdFRkZtvbmzwgqnFDQopB0SweVnd1shpKCXkPTkdvpLTdmhU/84CW5m7cQ=
|
||||
Created: 20110122104659
|
||||
Publish: 20110122104659
|
||||
Activate: 20110122104659`
|
||||
pubkey = new(dns.RR_DNSKEY)
|
||||
privkey, _ = pubkey.PrivateKeySetString(privdata)
|
||||
pubkey.Hdr = dns.RR_Header{"miek.nl.", dns.TypeDNSKEY, dns.ClassINET, 3600, 0}
|
||||
pubkey.Protocol = 3
|
||||
pubkey.Flags = 256
|
||||
return true
|
||||
}
|
||||
|
||||
// Return the configration
|
||||
func funkensturm() *Funkensturm {
|
||||
f := new(Funkensturm)
|
||||
|
||||
f.Setup = setup
|
||||
|
||||
f.Matches = make([]Match, 1)
|
||||
f.Matches[0].Op = AND
|
||||
f.Matches[0].Func = match
|
||||
|
||||
f.Actions = make([]Action, 1)
|
||||
f.Actions[0].Func = send
|
||||
return f
|
||||
}
|
|
@ -88,10 +88,11 @@ func (s *server) ResponderUDP(c *net.UDPConn, a net.Addr, i []byte) {
|
|||
|
||||
// loop again for matching, but now with OUT, this is done
|
||||
// for some last minute packet changing. Note the boolean return
|
||||
// code isn't used any more
|
||||
// code isn't used any more, i.e No more actions are allowed
|
||||
// anymore
|
||||
pkt1 = resultpkt
|
||||
for _, m := range f.Matches {
|
||||
pkt1, _ = m.Func(pkt1, IN)
|
||||
pkt1, _ = m.Func(pkt1, OUT)
|
||||
}
|
||||
|
||||
out, ok1 := pkt1.Pack()
|
||||
|
@ -103,6 +104,7 @@ func (s *server) ResponderUDP(c *net.UDPConn, a net.Addr, i []byte) {
|
|||
}
|
||||
|
||||
func (s *server) ResponderTCP(c *net.TCPConn, in []byte) {
|
||||
/* todo */
|
||||
}
|
||||
|
||||
// Small helper function
|
||||
|
|
Loading…
Reference in New Issue