def test_ignore_garbage(kresd_sock, garbage_lengths, single_buffer, query_before):
"""Send chunk of garbage, prefixed by garbage length. It should be ignored."""
buff = b''
if query_before: # optionally send initial query
msg_buff_before, msgid_before = utils.get_msgbuff()
if single_buffer:
buff += msg_buff_before
else:
kresd_sock.sendall(msg_buff_before)
for glength in garbage_lengths: # prepare garbage data
if glength is None:
continue
garbage_buff = utils.get_prefixed_garbage(glength)
if single_buffer:
buff += garbage_buff
else:
kresd_sock.sendall(garbage_buff)
msg_buff, msgid = utils.get_msgbuff() # final query
buff += msg_buff
kresd_sock.sendall(buff)
if query_before:
answer_before = utils.receive_parse_answer(kresd_sock)
assert answer_before.id == msgid_before
answer = utils.receive_parse_answer(kresd_sock)
assert answer.id == msgid
def resolve_hint(sock, qname):
buff, msgid = utils.get_msgbuff(qname)
sock.sendall(buff)
answer = utils.receive_parse_answer(sock)
assert answer.id == msgid
assert answer.rcode() == dns.rcode.NOERROR
assert answer.answer[0][0].address == HINTS[qname]
def rsa_cannon(sock, duration, domain='test.', qps=QPS):
end_time = time.time() + duration
while time.time() < end_time:
next_time = time.time() + 1/qps
buff, _ = utils.get_msgbuff('{}.{}'.format(random_string(), domain))
sock.sendall(buff)
time_left = next_time - time.time()
if time_left > 0:
time.sleep(time_left)
def flood_buffer(msgcount):
flood_buff = bytes()
msgbuff, _ = utils.get_msgbuff()
noid_msgbuff = msgbuff[2:]
def gen_msg(msgid):
return struct.pack("!H", len(msgbuff)) + struct.pack("!H", msgid) + noid_msgbuff
for i in range(msgcount):
flood_buff += gen_msg(i)
return flood_buff
def query_before(sock, buff, single_buffer=False):
"""Send an initial query and expect a response."""
msg_buff, msgid = utils.get_msgbuff()
if single_buffer:
sock.sendall(msg_buff + buff)
else:
sock.sendall(msg_buff)
sock.sendall(buff)
answer = utils.receive_parse_answer(sock)
assert answer.id == msgid
def test_pipelining(kresd_sock):
"""
First query takes longer to resolve - answer to second query should arrive sooner.
This test requires internet connection.
"""
# initialization (to avoid issues with net.ipv6=true)
buff_pre, msgid_pre = utils.get_msgbuff('0.delay.getdnsapi.net.')
kresd_sock.sendall(buff_pre)
msg_answer = utils.receive_parse_answer(kresd_sock)
assert msg_answer.id == msgid_pre
# test
buff1, msgid1 = utils.get_msgbuff('1500.delay.getdnsapi.net.', msgid=1)
buff2, msgid2 = utils.get_msgbuff('1.delay.getdnsapi.net.', msgid=2)
buff = buff1 + buff2
kresd_sock.sendall(buff)
msg_answer = utils.receive_parse_answer(kresd_sock)
assert msg_answer.id == msgid2
msg_answer = utils.receive_parse_answer(kresd_sock)
assert msg_answer.id == msgid1
def test_slow_lorris(kresd_sock, query_before):
"""Simulate slow-lorris attack by sending byte after byte with delays in between."""
if query_before:
utils.ping_alive(kresd_sock)
buff, _ = utils.get_msgbuff()
end_time = time.time() + utils.MAX_TIMEOUT
with utils.expect_kresd_close():
for i in range(len(buff)):
b = buff[i:i+1]
kresd_sock.send(b)
if time.time() > end_time:
break
time.sleep(1)
def test_oob(kresd, sock_func_name):
"""TCP out-of-band (urgent) data must not crash resolver."""
make_sock = getattr(kresd, sock_func_name)
sock = make_sock()
msg_buff, msgid = utils.get_msgbuff()
sock.sendall(msg_buff, socket.MSG_OOB)
try:
msg_answer = utils.receive_parse_answer(sock)
assert msg_answer.id == msgid
except ConnectionError:
pass # TODO kresd responds with TCP RST, this should be fixed
# check kresd is alive
sock2 = make_sock()
utils.ping_alive(sock2)
def test_prefix_greater_than_message(kresd_sock, send_query):
"""Prefix is greater than the length of the entire DNS message."""
wire, invalid_msgid = utils.prepare_wire()
datalen = len(wire) + 16
invalid_buff = utils.prepare_buffer(wire, datalen)
send_query(kresd_sock, invalid_buff)
valid_buff, _ = utils.get_msgbuff()
kresd_sock.sendall(valid_buff)
# invalid_buff is answered (treats additional data as trailing garbage)
answer = utils.receive_parse_answer(kresd_sock)
assert answer.id == invalid_msgid
# parsing stream is broken by the invalid_buff, valid query is never answered
with utils.expect_kresd_close():
utils.receive_parse_answer(kresd_sock)
