UDP truncation feature

Author: baranyaib90

src/dns_server.c

@@ -1,8 +1,9 @@
-#include <ares.h>           // NOLINT(llvmlibc-restrict-system-libc-headers)
-#include <errno.h>          // NOLINT(llvmlibc-restrict-system-libc-headers)
+#include <ares.h>            // NOLINT(llvmlibc-restrict-system-libc-headers)
+#include <ares_dns_record.h> // NOLINT(llvmlibc-restrict-system-libc-headers)
+#include <errno.h>           // NOLINT(llvmlibc-restrict-system-libc-headers)
 #include <stdint.h>
-#include <string.h>         // NOLINT(llvmlibc-restrict-system-libc-headers)
-#include <unistd.h>         // NOLINT(llvmlibc-restrict-system-libc-headers)
+#include <string.h>          // NOLINT(llvmlibc-restrict-system-libc-headers)
+#include <unistd.h>          // NOLINT(llvmlibc-restrict-system-libc-headers)
 
 #include "dns_server.h"
 #include "logging.h"
@@ -51,7 +52,7 @@ static void watcher_cb(struct ev_loop __attribute__((unused)) *loop,
     return;
   }
 
-  if (len < (int)sizeof(uint16_t)) {
+  if (len < DNS_HEADER_LENGTH) {
     WLOG("Malformed request received, too short: %d", len);
     return;
   }
@@ -80,9 +81,127 @@ void dns_server_init(dns_server_t *d, struct ev_loop *loop,
   ev_io_start(d->loop, &d->watcher);
 }
 
-void dns_server_respond(dns_server_t *d, struct sockaddr *raddr, char *buf,
-                        size_t blen) {
-  ssize_t len = sendto(d->sock, buf, blen, 0, raddr, d->addrlen);
+static uint16_t get_edns_udp_size(const char *dns_req, const size_t dns_req_len) {
+  ares_dns_record_t *dnsrec = NULL;
+  ares_status_t parse_status = ares_dns_parse((const unsigned char *)dns_req, dns_req_len, 0, &dnsrec);
+  if (parse_status != ARES_SUCCESS) {
+    WLOG("Failed to parse DNS request: %s", ares_strerror(parse_status));
+    return DNS_SIZE_LIMIT;
+  }
+  const uint16_t tx_id = ares_dns_record_get_id(dnsrec);
+  uint16_t udp_size = 0;
+  const size_t record_count = ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_ADDITIONAL);
+  for (size_t i = 0; i < record_count; ++i) {
+    const ares_dns_rr_t *rr = ares_dns_record_rr_get(dnsrec, ARES_SECTION_ADDITIONAL, i);
+    if (ares_dns_rr_get_type(rr) == ARES_REC_TYPE_OPT) {
+      udp_size = ares_dns_rr_get_u16(rr, ARES_RR_OPT_UDP_SIZE);
+      if (udp_size > 0) {
+        DLOG("%04hX: Found EDNS0 UDP buffer size: %u", tx_id, udp_size);
+      }
+      break;
+    }
+  }
+  ares_dns_record_destroy(dnsrec);
+  if (udp_size < DNS_SIZE_LIMIT) {
+    DLOG("%04hX: EDNS0 UDP buffer size %u overruled to %d", tx_id, udp_size, DNS_SIZE_LIMIT);
+    return DNS_SIZE_LIMIT;  // RFC6891 4.3 "Values lower than 512 MUST be treated as equal to 512."
+  }
+  return udp_size;
+}
+
+static void truncate_dns_response(char *buf, size_t *buflen, const uint16_t size_limit) {
+  const size_t old_size = *buflen;
+  buf[2] |= 0x02;  // anyway: set truncation flag
+
+  ares_dns_record_t *dnsrec = NULL;
+  ares_status_t status = ares_dns_parse((const unsigned char *)buf, *buflen, 0, &dnsrec);
+  if (status != ARES_SUCCESS) {
+    WLOG("Failed to parse DNS response: %s", ares_strerror(status));
+    return;
+  }
+  const uint16_t tx_id = ares_dns_record_get_id(dnsrec);
+
+  // NOTE: according to current c-ares implementation, removing first or last elements are the fastest!
+
+  // remove every additional and authority record
+  while (ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_ADDITIONAL) > 0) {
+    status = ares_dns_record_rr_del(dnsrec, ARES_SECTION_ADDITIONAL, 0);
+    if (status != ARES_SUCCESS) {
+      WLOG("%04hX: Could not remove additional record: %s", tx_id, ares_strerror(status));
+    }
+  }
+  while (ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_AUTHORITY) > 0) {
+    status = ares_dns_record_rr_del(dnsrec, ARES_SECTION_AUTHORITY, 0);
+    if (status != ARES_SUCCESS) {
+      WLOG("%04hX: Could not remove authority record: %s", tx_id, ares_strerror(status));
+    }
+  }
+
+  // rough estimate to reach size limit
+  size_t answers = ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_ANSWER);
+  size_t answers_to_keep = (size_limit - DNS_HEADER_LENGTH) / (old_size / answers);
+  answers_to_keep = answers_to_keep > 0 ? answers_to_keep : 1;  // try to keep 1 answer
+
+  // remove answer records until fit size limit or running out of answers
+  unsigned char *new_resp = NULL;
+  size_t new_resp_len = 0;
+  for (uint8_t g = 0; g < UINT8_MAX; ++g) {  // endless loop guard
+    status = ares_dns_write(dnsrec, &new_resp, &new_resp_len);
+    if (status != ARES_SUCCESS) {
+      WLOG("%04hX: Failed to create truncated DNS response: %s", tx_id, ares_strerror(status));
+      new_resp = NULL;  // just to be sure
+      break;
+    }
+    if (new_resp_len < size_limit || answers == 0) {
+      break;
+    }
+    if (new_resp_len >= old_size) {
+      WLOG("%04hX: Truncated DNS response size larger or equal to original: %u >= %u",
+           tx_id, new_resp_len, old_size);  // impossible?
+    }
+    ares_free_string(new_resp);
+    new_resp = NULL;
+
+    DLOG("%04hX: DNS response size truncated from %u to %u but to keep %u limit reducing answers from %u to %u",
+         tx_id, old_size, new_resp_len, size_limit, answers, answers_to_keep);
+
+    while (answers > answers_to_keep) {
+      status = ares_dns_record_rr_del(dnsrec, ARES_SECTION_ANSWER, answers - 1);
+      if (status != ARES_SUCCESS) {
+        WLOG("%04hX: Could not remove answer record: %s", tx_id, ares_strerror(status));
+        break;
+      }
+      --answers;
+    }
+    answers = ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_ANSWER);  // update to be sure!
+    answers_to_keep /= 2;
+  }
+  ares_dns_record_destroy(dnsrec);
+
+  if (new_resp != NULL && new_resp_len < old_size) {
+    memcpy(buf, new_resp, new_resp_len);  // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
+    *buflen = new_resp_len;
+    buf[2] |= 0x02;  // set truncation flag
+    ILOG("%04hX: DNS response size truncated from %u to %u to keep %u limit",
+         tx_id, old_size, new_resp_len, size_limit);
+    ares_free_string(new_resp);
+  }
+}
+
+void dns_server_respond(dns_server_t *d, struct sockaddr *raddr,
+    const char *dns_req, const size_t dns_req_len, char *dns_resp, size_t dns_resp_len) {
+  if (dns_resp_len > DNS_SIZE_LIMIT) {
+    const uint16_t udp_size = get_edns_udp_size(dns_req, dns_req_len);
+    if (dns_resp_len > udp_size) {
+      truncate_dns_response(dns_resp, &dns_resp_len, udp_size);
+    } else {
+      uint16_t tx_id = ntohs(*((uint16_t*)dns_req));
+      DLOG("%04hX: DNS response size %u larger than %d but EDNS0 UDP buffer size %u allows it",
+           tx_id, dns_resp_len, DNS_SIZE_LIMIT, udp_size);
+    }
+  }
+
+  ssize_t len = sendto(d->sock, dns_resp, dns_resp_len, 0, raddr, d->addrlen);
   if(len == -1) {
     DLOG("sendto failed: %s", strerror(errno));
   }

src/dns_server.h

@@ -8,6 +8,11 @@
 #include <stdint.h>
 #include <ev.h>
 
+enum {
+  DNS_HEADER_LENGTH = 12,  // RFC1035 4.1.1 header size
+  DNS_SIZE_LIMIT = 512
+};
+
 struct dns_server_s;
 
 typedef void (*dns_req_received_cb)(void *dns_server, uint8_t is_tcp, void *data,
@@ -27,8 +32,8 @@ void dns_server_init(dns_server_t *d, struct ev_loop *loop,
                      dns_req_received_cb cb, void *data);
 
 // Sends a DNS response 'buf' of length 'blen' to 'raddr'.
-void dns_server_respond(dns_server_t *d, struct sockaddr *raddr, char *buf,
-                        size_t blen);
+void dns_server_respond(dns_server_t *d, struct sockaddr *raddr,
+    const char *dns_req, const size_t dns_req_len, char *dns_resp, size_t dns_resp_len);
 
 void dns_server_stop(dns_server_t *d);
 

src/dns_server_tcp.c

@@ -19,7 +19,6 @@
 
 enum {
   LISTEN_BACKLOG  =   5,
-  MIN_DNS_LENGTH  =  12,  // RFC1035 4.1.1 header size
   IDLE_TIMEOUT_S  = 120,  // "two minutes" according to RFC1035 4.2.2
   RESEND_DELAY_US = 500,  // 0.0005 sec
 };
@@ -159,7 +158,7 @@ static void read_cb(struct ev_loop __attribute__((unused)) *loop,
   uint16_t req_size = 0;
   uint8_t request_received = 0;
   while (get_dns_request(client, &dns_req, &req_size)) {
-    if (req_size < MIN_DNS_LENGTH) {
+    if (req_size < DNS_HEADER_LENGTH) {
       WLOG_CLIENT("Malformed request received, too short: %u", req_size);
       free(dns_req);
       remove_client(client);
@@ -305,7 +304,7 @@ dns_server_tcp_t * dns_server_tcp_create(
 void dns_server_tcp_respond(dns_server_tcp_t *d,
     struct sockaddr *raddr, char *resp, size_t resp_len)
 {
-  if (resp_len < MIN_DNS_LENGTH || resp_len > UINT16_MAX) {
+  if (resp_len < DNS_HEADER_LENGTH || resp_len > UINT16_MAX) {
     WLOG("Malformed request received, invalid length: %u", resp_len);
     return;
   }

src/main.c

@@ -33,6 +33,7 @@ typedef struct {
   void *dns_server;
   uint8_t is_tcp;
   char* dns_req;
+  size_t dns_req_len;
   stat_t *stat;
   ev_tstamp start_tstamp;
   uint16_t tx_id;
@@ -87,27 +88,28 @@ static void https_resp_cb(void *data, char *buf, size_t buflen) {
   if (req == NULL) {
     FLOG("%04hX: data NULL", req->tx_id);
   }
-  free((void*)req->dns_req);
   if (buf != NULL) { // May be NULL for timeout, DNS failure, or something similar.
-    if (buflen < (int)sizeof(uint16_t)) {
-      WLOG("%04hX: Malformed response received (too short)", req->tx_id);
+    if (buflen < DNS_HEADER_LENGTH) {
+      WLOG("%04hX: Malformed response received, too short: %u", req->tx_id, buflen);
     } else {
-      uint16_t response_id = ntohs(*((uint16_t*)buf));
+      const uint16_t response_id = ntohs(*((uint16_t*)buf));
       if (req->tx_id != response_id) {
         WLOG("DNS request and response IDs are not matching: %hX != %hX",
              req->tx_id, response_id);
       } else {
         if (req->is_tcp) {
           dns_server_tcp_respond((dns_server_tcp_t *)req->dns_server, (struct sockaddr*)&req->raddr, buf, buflen);
         } else {
-          dns_server_respond((dns_server_t *)req->dns_server, (struct sockaddr*)&req->raddr, buf, buflen);
+          dns_server_respond((dns_server_t *)req->dns_server, (struct sockaddr*)&req->raddr,
+            req->dns_req, req->dns_req_len, buf, buflen);
         }
         if (req->stat) {
           stat_request_end(req->stat, buflen, ev_now(req->stat->loop) - req->start_tstamp, req->is_tcp);
         }
       }
     }
   }
+  free((void*)req->dns_req);
   free(req);
 }
 
@@ -137,6 +139,7 @@ static void dns_server_cb(void *dns_server, uint8_t is_tcp, void *data,
   req->dns_server = dns_server;
   req->is_tcp = is_tcp;
   req->dns_req = dns_req;  // To free buffer after https request is complete.
+  req->dns_req_len = dns_req_len;
   req->stat = app->stat;
 
   if (req->stat) {

tests/robot/functional_tests.robot

@@ -31,6 +31,7 @@ Start Proxy
   Set Test Variable  ${dig_timeout}  2
   Set Test Variable  ${dig_retry}  0
   Sleep  0.5
+  Is Process Running  ${proxy}
   Common Test Setup
 
 Start Proxy With Valgrind
@@ -46,6 +47,7 @@ Start Proxy With Valgrind
   Set Test Variable  ${dig_timeout}  10
   Set Test Variable  ${dig_retry}  2
   Sleep  6  # wait for valgrind to fire up the proxy
+  Is Process Running  ${proxy}
   Common Test Setup
 
 Stop Proxy
@@ -74,17 +76,18 @@ Start Dig
   RETURN  ${handle}
 
 Stop Dig
-  [Arguments]  ${handle}
+  [Arguments]  ${handle}  ${expect}=${None}
   ${result} =  Wait For Process  ${handle}  timeout=20 secs
   Log  ${result.stdout}
   Should Be Equal As Integers  ${result.rc}  0
-  Should Contain  ${result.stdout}  ANSWER SECTION
+  ${expect}=  Set Variable If  $expect is None  ANSWER SECTION  ${expect}
+  Should Contain  ${result.stdout}  ${expect}
   RETURN  ${result.stdout}
 
 Run Dig
-  [Arguments]  ${domain}=google.com
+  [Arguments]  ${domain}=google.com  ${expect}=${None}
   ${handle} =  Start Dig  ${domain}
-  ${dig_output} =  Stop Dig  ${handle}
+  ${dig_output} =  Stop Dig  ${handle}  ${expect}
   RETURN  ${dig_output}
 
 Run Dig Parallel
@@ -97,11 +100,24 @@ Run Dig Parallel
     Stop Dig  ${handle}
   END
 
+
 Large Response Test
   [Documentation]  https://dnscheck.tools/#more
-  Set Test Variable  @{dig_options}  @{dig_options}  -t  txt  #  ask for TXT response
+  # use large buffer not to fragment UDP response, and ask for TXT response
+  Set Test Variable  @{dig_options}  @{dig_options}  +bufsize=5000  -t  txt
   ${dig_output} =  Run Dig  txtfill4096.test.dnscheck.tools
-  Should Contain  ${dig_output}  MSG SIZE \ rcvd: 4185  # expecting more than 4k large response
+  Should Match Regexp  ${dig_output}  MSG SIZE\\s+rcvd: 4\\d{3}$  # expecting more than 4k large response
+
+Verify Truncation
+  [Arguments]  ${domain}  ${udp_buffer_size}  ${result_bytes_min}  ${result_bytes_max}  ${expect}=${None}
+  # ask for TXT response
+  Set Test Variable  @{dig_options}  +notcp  +ignore  +bufsize=${udp_buffer_size}  -t  txt
+  ${dig_output} =  Run Dig  ${domain}  ${expect}
+  Should Contain  ${dig_output}  flags: qr tc
+  # expecting response to be ${result_bytes_min} byte (could be flaky)
+  @{res} =  Should Match Regexp  ${dig_output}  MSG SIZE\\s+rcvd: (\\d+)$  # expecting more than 4k large response
+  Should Be True  ${res}[1] >= ${result_bytes_min}
+  Should Be True  ${res}[1] <= ${result_bytes_max}
 
 
 *** Test Cases ***
@@ -167,3 +183,21 @@ Send TCP Requests Fragmented
   Should Contain  ${dns_reply}  google
 
   Close Tcp Client Connection
+
+Truncate UDP Small
+  Start Proxy
+  Wait Until Keyword Succeeds  5x  200ms
+  # too small buffer will be overridden to 512, so expecting more than 300 bytes
+  ...  Verify Truncation  microsoft.com  256  300  512
+
+Truncate UDP Large
+  Start Proxy
+  Wait Until Keyword Succeeds  5x  200ms
+  # expecting more than 1500 byte large response
+  ...  Verify Truncation  microsoft.com  2000  1500  2000
+
+Truncate UDP Impossible
+  Start Proxy
+  Wait Until Keyword Succeeds  5x  200ms
+  # the only TXT answer record has to be dropped to met limit
+  ...  Verify Truncation  txtfill4096.test.dnscheck.tools  4096  12  100  ANSWER: 0