2023-04-23 23:08:30 +10:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace App\Classes\Protocol\DNS;
|
|
|
|
|
|
|
|
use Illuminate\Support\Collection;
|
2023-06-12 21:51:55 +10:00
|
|
|
use Illuminate\Support\Facades\Log;
|
2023-04-23 23:08:30 +10:00
|
|
|
|
|
|
|
final class Query
|
|
|
|
{
|
2023-06-12 21:51:55 +10:00
|
|
|
private const LOGKEY = 'PDQ';
|
|
|
|
|
2023-04-23 23:08:30 +10:00
|
|
|
private string $buf;
|
|
|
|
private int $class;
|
2023-06-12 21:51:55 +10:00
|
|
|
private string $dns;
|
2023-04-23 23:08:30 +10:00
|
|
|
private int $id;
|
|
|
|
private int $type;
|
|
|
|
|
2023-06-12 21:51:55 +10:00
|
|
|
private int $arcount;
|
|
|
|
private int $qdcount;
|
|
|
|
|
|
|
|
private RR $additional;
|
|
|
|
|
2023-04-23 23:08:30 +10:00
|
|
|
private Collection $labels;
|
|
|
|
|
|
|
|
// https://github.com/guyinatuxedo/dns-fuzzer/blob/master/dns.md
|
|
|
|
private const header = [ // Struct of a DNS query
|
|
|
|
'id' => [0x00,'n',1], // ID
|
|
|
|
'header' => [0x01,'n',1], // Header
|
|
|
|
'qdcount' => [0x02,'n',1], // Entries in the question
|
|
|
|
'ancount' => [0x03,'n',1], // Resource Records in the answer
|
|
|
|
'nscount' => [0x04,'n',1], // Server Resource Records in the answer
|
|
|
|
'arcount' => [0x05,'n',1], // Resource Records in the addition records section
|
|
|
|
];
|
|
|
|
|
2023-09-20 22:26:35 +10:00
|
|
|
public function __construct(string $buf)
|
|
|
|
{
|
2023-04-23 23:08:30 +10:00
|
|
|
$this->buf = $buf;
|
|
|
|
$rx_ptr = 0;
|
|
|
|
|
|
|
|
// DNS Query header
|
|
|
|
$header = unpack(self::unpackheader(self::header),$buf);
|
|
|
|
$rx_ptr += $this->header_len();
|
|
|
|
|
|
|
|
$this->id = $header['id'];
|
|
|
|
$this->qdcount = $header['qdcount'];
|
2023-06-12 21:51:55 +10:00
|
|
|
$this->arcount = $header['arcount'];
|
|
|
|
$this->header = $header['header'];
|
2023-04-23 23:08:30 +10:00
|
|
|
|
|
|
|
// Get the domain elements
|
|
|
|
$this->labels = collect();
|
|
|
|
|
|
|
|
while (($len=ord(substr($this->buf,$rx_ptr++,1))) !== 0x00) {
|
2023-10-03 20:58:23 +11:00
|
|
|
$this->labels->push(strtolower(substr($this->buf,$rx_ptr,$len)));
|
2023-04-23 23:08:30 +10:00
|
|
|
$rx_ptr += $len;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the query type/class
|
2023-09-20 22:26:35 +10:00
|
|
|
try {
|
|
|
|
$result = unpack('ntype/nclass',substr($this->buf,$rx_ptr,4));
|
|
|
|
|
|
|
|
} catch (\Exception $e) {
|
|
|
|
Log::error(sprintf('%s:! Unpack failed: Buffer: [%s] (%d), RXPTR [%d]',self::LOGKEY,hex_dump($this->buf),strlen($this->buf),$rx_ptr));
|
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-04-23 23:08:30 +10:00
|
|
|
$rx_ptr += 4;
|
|
|
|
$this->type = $result['type'];
|
|
|
|
$this->class = $result['class'];
|
|
|
|
|
2023-06-12 21:51:55 +10:00
|
|
|
$this->dns = substr($this->buf,$this->header_len(),$rx_ptr-$this->header_len());
|
|
|
|
|
|
|
|
// Do we have additional records
|
|
|
|
if ($this->arcount) {
|
|
|
|
// Additional records, EDNS: https://datatracker.ietf.org/doc/html/rfc6891
|
|
|
|
if (($haystack = strstr(substr($this->buf,$rx_ptr+1+10),"\x00",true)) !== FALSE) {
|
2023-10-03 20:58:23 +11:00
|
|
|
Log::error(sprintf('%s:! DNS additional record format error?',self::LOGKEY),['buf'=>hex_dump($this->buf)]);
|
|
|
|
return;
|
2023-06-12 21:51:55 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
$this->additional = new RR(substr($this->buf,$rx_ptr,(strlen($haystack) === 0) ? NULL : strlen($haystack)));
|
|
|
|
$rx_ptr += $this->additional->length;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strlen($this->buf) !== $rx_ptr) {
|
|
|
|
dd(['query remaining'=>strlen($this->buf)-$rx_ptr,'hex'=>hex_dump(substr($this->buf,$rx_ptr))]);
|
|
|
|
}
|
2023-04-23 23:08:30 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
public function __get($key)
|
|
|
|
{
|
|
|
|
switch ($key) {
|
|
|
|
case 'class':
|
2023-06-12 21:51:55 +10:00
|
|
|
case 'dns':
|
2023-04-23 23:08:30 +10:00
|
|
|
case 'id':
|
|
|
|
case 'labels':
|
|
|
|
case 'qdcount':
|
2023-06-12 21:51:55 +10:00
|
|
|
case 'arcount':
|
|
|
|
case 'header':
|
2023-04-23 23:08:30 +10:00
|
|
|
case 'type':
|
|
|
|
return $this->{$key};
|
2023-06-12 21:51:55 +10:00
|
|
|
|
|
|
|
case 'domain':
|
|
|
|
return $this->labels->join('.');
|
2023-04-23 23:08:30 +10:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-09-20 22:26:35 +10:00
|
|
|
public static function header_len()
|
|
|
|
{
|
2023-04-23 23:08:30 +10:00
|
|
|
return collect(self::header)->sum(function($item) { return $item[2]*2; });
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Unpack our configured DNS header
|
|
|
|
*
|
|
|
|
* @param array $pack
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected static function unpackheader(array $pack): string
|
|
|
|
{
|
|
|
|
return join('/',
|
|
|
|
collect($pack)
|
|
|
|
->sortBy(function($k,$v) {return $k[0];})
|
|
|
|
->transform(function($k,$v) {return $k[1].$v;})
|
|
|
|
->values()
|
|
|
|
->toArray()
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|