lost and found ( for me ? )

build querytcp on fedora 18 64bit

querytcp is a tool which can send TCP queries instead of UDP queries.
Please note that querytcp sends only TCP queries. ( tcpquery does not support TCP fallback as of now.)

# cat /etc/fedora-release
Fedora release 18 (Spherical Cow)

# uname -ri
3.9.2-200.fc18.x86_64 x86_64

# gcc --version
gcc (GCC) 4.7.2 20121109 (Red Hat 4.7.2-8)

[ build querytcp ]

build querytcp from git.
# git clone https://github.com/kfujiwara/querytcp.git
# cd querytcp/
# gcc -D_LINUX -Wall -O2 -g -lm -o querytcp querytcp.c

# ./querytcp --help
./querytcp: invalid option -- '-'
querytcp [-d datafile] [-s server_addr] [-p port] [-q num_queries] [-t timeout] [l limit] [-4] [-6] [-h]
 -d specifies the input data file (default: stdin)
 -s sets the server to query (default: 127.0.0.1)
 -p sets the port on which to query the server (default: 53)
 -q specifies the maximum number of queries outstanding (default: 120)
 -t specifies the timeout for query completion in seconds (default: 10)
 -l specifies how a limit for how long to run tests in seconds (no default)
 -e enable EDNS0
 -D set DO bit
 -r set RD bit



 -c print the number of packets with each rcode
 -v verbose: report the RCODE of each response on stdout
 -h print this usage

or

knot DNS source code includes querytcp.
so you can build tcpquery from knot DNS source code as well.
get knot DNS from https://www.knot-dns.cz/.
# tar xzvf knot-1.2.0.tar.gz
# cd knot-1.2.0/tests/
# gcc -D_LINUX -Wall -O2 -g -lm -o querytcp querytcp.c

# ./querytcp -h
dnsheader size: 12
querytcp [-d datafile] [-s server_addr] [-p port] [-q num_queries] [-t timeout] [l limit] [-4] [-6] [-h]
 -d specifies the input data file (default: stdin)
 -s sets the server to query (default: 127.0.0.1)
 -p sets the port on which to query the server (default: 53)
 -q specifies the maximum number of queries outstanding (default: 120)
 -t specifies the timeout for query completion in seconds (default: 10)
 -l specifies how a limit for how long to run tests in seconds (no default)
 -e enable EDNS0
 -D set DO bit
 -r set RD bit



 -c print the number of packets with each rcode
 -v verbose: report the RCODE of each response on stdout
 -h print this usage

In my environment ,I saw the following warning messges when compiling querytcp.
But it seems that querytcp  works well without problems as of now.

# gcc -Wall -O2 -g -lm -o querytcp querytcp.c
querytcp.c: In function ‘register_response’:
querytcp.c:231:7: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
querytcp.c:256:4: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 3 has type ‘timediff_t’ [-Wformat]
querytcp.c: In function ‘output’:
querytcp.c:276:2: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 2 has type ‘uint64_t’ [-Wformat]
querytcp.c:278:4: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 2 has type ‘uint64_t’ [-Wformat]
querytcp.c:280:4: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 2 has type ‘uint64_t’ [-Wformat]
querytcp.c:282:4: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 2 has type ‘uint64_t’ [-Wformat]
querytcp.c:284:4: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 2 has type ‘uint64_t’ [-Wformat]
querytcp.c:293:5: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 3 has type ‘uint64_t’ [-Wformat]
querytcp.c: In function ‘send_query’:
querytcp.c:416:9: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
querytcp.c:421:4: warning: pointer targets in passing argument 1 of ‘fgets’ differ in signedness [-Wpointer-sign]
In file included from querytcp.c:28:0:
/usr/include/stdio.h:624:14: note: expected ‘char * __restrict__’ but argument is of type ‘u_char *’
querytcp.c:432:5: warning: pointer targets in passing argument 1 of ‘fgets’ differ in signedness [-Wpointer-sign]
In file included from querytcp.c:28:0:
/usr/include/stdio.h:624:14: note: expected ‘char * __restrict__’ but argument is of type ‘u_char *’
querytcp.c:437:3: warning: pointer targets in passing argument 1 of ‘strtok’ differ in signedness [-Wpointer-sign]
In file included from querytcp.c:30:0:
/usr/include/string.h:344:14: note: expected ‘char * __restrict__’ but argument is of type ‘u_char *’
querytcp.c:437:9: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
querytcp.c:438:5: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
querytcp.c:441:5: warning: pointer targets in passing argument 2 of ‘strcasecmp’ differ in signedness [-Wpointer-sign]
In file included from querytcp.c:30:0:
/usr/include/string.h:532:12: note: expected ‘const char *’ but argument is of type ‘u_char *’
querytcp.c:463:3: warning: pointer targets in passing argument 1 of ‘send_query_error’ differ in signedness [-Wpointer-sign]
querytcp.c:391:6: note: expected ‘char *’ but argument is of type ‘u_char *’
querytcp.c:486:5: warning: assignment from incompatible pointer type [enabled by default]
querytcp.c:495:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
querytcp.c: In function ‘tcp_receive’:
querytcp.c:591:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
querytcp.c:609:1: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
querytcp.c: In function ‘query’:
querytcp.c:625:9: warning: variable ‘n’ set but not used [-Wunused-but-set-variable]
#

[ usage ]

# ./querytcp -d query_list.txt -s 192.168.11.160
dnsheader size: 12
resolving: 192.168.11.160:53
elapsed time: 25.453
tcp qps: 653.638
sent: 18039
answer: 16637  92.2%
error: 1402  7.8%
zeroread: 0  0.0%
timeout: 0  0.0%
response size:        45/45.000/45/0.000 bytes



# head -1 query_list.txt
www.foo.bar a

# wc -l query_list.txt
10396 query_list.txt

here is a capture data which was collected on the DNS server.
querytcp : 192.168.11.100
DNS server : 192.168.11.160
# tshark -r zzz.pcap -R '(tcp.port==54243)'
 1   0.000000 192.168.11.100 -> 192.168.11.160 TCP 74 54243 > domain [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=30311093 TSecr=0 WS=128
 2   0.000062 192.168.11.160 -> 192.168.11.100 TCP 74 domain > 54243 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=93063 TSecr=30311093 WS=8
25   0.000461 192.168.11.100 -> 192.168.11.160 TCP 66 54243 > domain [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=30311094 TSecr=93063
57   0.003279 192.168.11.100 -> 192.168.11.160 DNS 97 Standard query A www.foo.bar
58   0.003292 192.168.11.160 -> 192.168.11.100 TCP 66 domain > 54243 [ACK] Seq=1 Ack=32 Win=14480 Len=0 TSval=93064 TSecr=30311097
137   0.004579 192.168.11.160 -> 192.168.11.100 DNS 113 Standard query response A 127.0.1.1
142   0.004880 192.168.11.100 -> 192.168.11.160 TCP 66 54243 > domain [ACK] Seq=32 Ack=48 Win=14720 Len=0 TSval=30311098 TSecr=93064
148   0.005084 192.168.11.100 -> 192.168.11.160 TCP 66 54243 > domain [FIN, ACK] Seq=32 Ack=48 Win=14720 Len=0 TSval=30311099 TSecr=93064
174   0.005686 192.168.11.160 -> 192.168.11.100 TCP 66 domain > 54243 [FIN, ACK] Seq=48 Ack=33 Win=14480 Len=0 TSval=93064 TSecr=30311099
221   0.007259 192.168.11.100 -> 192.168.11.160 TCP 66 54243 > domain [ACK] Seq=33 Ack=49 Win=14720 Len=0 TSval=30311100 TSecr=93064

on the DNS server
# lsof -ni:53
COMMAND PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
unbound 885 unbound    3u  IPv4   7856      0t0  UDP *:domain
unbound 885 unbound    4u  IPv4   7857      0t0  TCP *:domain (LISTEN)
unbound 885 unbound   12u  IPv4  67523      0t0  TCP 192.168.11.160:domain->192.168.11.100:52975 (ESTABLISHED)
unbound 885 unbound   13u  IPv4  67524      0t0  TCP 192.168.11.160:domain->192.168.11.100:52976 (ESTABLISHED)
unbound 885 unbound   14u  IPv4  67525      0t0  TCP 192.168.11.160:domain->192.168.11.100:52977 (ESTABLISHED)
unbound 885 unbound   15u  IPv4  67526      0t0  TCP 192.168.11.160:domain->192.168.11.100:52978 (ESTABLISHED)
unbound 885 unbound   16u  IPv4  67527      0t0  TCP 192.168.11.160:domain->192.168.11.100:52979 (ESTABLISHED)
unbound 885 unbound   18u  IPv4  67492      0t0  TCP 192.168.11.160:domain->192.168.11.100:52905 (ESTABLISHED)
unbound 885 unbound   19u  IPv4  67493      0t0  TCP 192.168.11.160:domain->192.168.11.100:51684 (ESTABLISHED)
unbound 885 unbound   20u  IPv4  67494      0t0  TCP 192.168.11.160:domain->192.168.11.100:51735 (ESTABLISHED)
unbound 885 unbound   21u  IPv4  67495      0t0  TCP 192.168.11.160:domain->192.168.11.100:51641 (ESTABLISHED)

while sending TCP queries , I saw the following message on the DNS server.
localhost kernel: [  672.255114] TCP: Possible SYN flooding on port 53. Sending cookies.  Check SNMP counters.

disable SYN cookie
# cat /proc/sys/net/ipv4/tcp_syncookies
1
# echo 0 >  /proc/sys/net/ipv4/tcp_syncookies

# cat /proc/sys/net/ipv4/tcp_syncookies
0

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.