Add code for proof of concept

Author: corny

README.md

@@ -0,0 +1,45 @@
+dynv6 SRV Updater
+=================
+
+This program sends signed UDP packets to dynv6 to keep the port of SRV records up to date.
+It only works with ed25519 keys.
+
+## Installation
+
+    go get github.com/dynv6/srv-updater
+
+If you don't have a ed25519 key, generate one:
+
+    openssh-keygen -t ed25519
+
+## Usage
+
+The SRV updater uses raw sockets. Therefore It needs root privilege or `CAP_NET_RAW` capability.
+
+### Command line arguments
+
+```
+  -dst-host string
+    	the destination host (default "dynv6.com")
+  -dst-port int
+    	the destination port (default 55)
+  -fqdn string
+    	the hostname of the record you want to update (default "_service._tcp.example.com")
+  -interval duration
+    	sending interval (default 1m)
+  -key string
+    	private key (default "~/.ssh/id_ed25519")
+  -priority uint
+    	the priority of the record you want to update (default 10)
+  -src-ip string
+    	the local ip address (default should be determined)
+  -src-port int
+    	the local port (default 10000)
+  -weight uint
+    	the weight of the record you want to update (default 1)
+```
+
+## Debugging
+
+If the server does not understand the packet, it responds with a UDP packet containing an error message.
+You can read it with network protocol analyzers like tcpdump or wireshark.

go.mod

@@ -0,0 +1,9 @@
+module github.com/dynv6/srv-updater
+
+go 1.15
+
+require (
+	github.com/google/gopacket v1.1.18
+	github.com/stretchr/testify v1.6.1
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+)

go.sum

@@ -0,0 +1,21 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/gopacket v1.1.18 h1:lum7VRA9kdlvBi7/v2p7/zcbkduHaCH/SVVyurs7OpY=
+github.com/google/gopacket v1.1.18/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

goreleaser.yml

@@ -0,0 +1,10 @@
+builds:
+  - main: .
+    binary: srv-updater
+    goos:
+      - darwin
+      - linux
+    goarch:
+      - amd64
+      - arm64
+      - arm

main.go

@@ -0,0 +1,113 @@
+package main
+
+import (
+	"encoding/base64"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net"
+	"os"
+	"strings"
+	"time"
+
+	"golang.org/x/crypto/ssh"
+)
+
+func main() {
+	packet := Packet{}
+	flag.StringVar(&packet.FQDN, "fqdn", "_service._tcp.example.com", "the hostname of the record you want to update")
+	flag.UintVar(&packet.Priority, "priority", 10, "the priority of the record you want to update")
+	flag.UintVar(&packet.Weight, "weight", 1, "the weight of the record you want to update")
+
+	interval := flag.Duration("interval", time.Minute, "sending interval")
+	keyPath := flag.String("key", "~/.ssh/id_ed25519", "private key")
+	dstPort := flag.Int("dst-port", 55, "the destination port")
+	dstHost := flag.String("dst-host", "dynv6.com", "the destination host")
+	srcPort := flag.Int("src-port", 10000, "the local port")
+	ip := flag.String("src-ip", defaultIP(), "the local ip address")
+
+	flag.Parse()
+
+	// No arguments given?
+	if len(os.Args) < 2 {
+		fmt.Printf("Usage of %s:\n", os.Args[0])
+		flag.PrintDefaults()
+		os.Exit(1)
+	}
+
+	// Expand home directory
+	if str := *keyPath; strings.HasPrefix(str, "~/") {
+		home, _ := os.UserHomeDir()
+		home += str[1:]
+		keyPath = &home
+	}
+
+	privKey := loadPrivateKey(*keyPath)
+
+	// Marshal JSON data
+	packet.Timestamp = time.Now().Unix()
+	packet.Key = base64.RawStdEncoding.EncodeToString(privKey.PublicKey().Marshal())
+	payload := packet.MarshalAndSign(privKey)
+
+	// Parse local IP address
+	srcIP := net.ParseIP(*ip)
+
+	// Resolve destination host
+	dstIP, err := net.ResolveIPAddr("ip", *dstHost)
+	if err != nil {
+		log.Panicln("unable to resolve destination host:", err)
+	}
+
+	// open raw socket
+	conn, err := openSocket()
+	if err != nil {
+		panic(err)
+	}
+	defer conn.Close()
+
+	srcAddr := net.UDPAddr{
+		IP:   srcIP,
+		Port: *srcPort,
+	}
+	dstAddr := net.UDPAddr{
+		IP:   dstIP.IP,
+		Port: *dstPort,
+	}
+
+	// send packet method
+	sendPacket := func() {
+		log.Printf("sending from %s to %s", srcAddr.String(), dstAddr.String())
+		b, err := buildUDPPacket(dstAddr, srcAddr, payload)
+		if err != nil {
+			panic(err)
+		}
+
+		_, err = conn.WriteTo(b, &net.IPAddr{IP: dstIP.IP})
+		if err != nil {
+			log.Println(err)
+		}
+	}
+
+	// start sending packets
+	sendPacket()
+	for range time.NewTicker(*interval).C {
+		sendPacket()
+	}
+}
+
+func loadPrivateKey(path string) ssh.Signer {
+	// Load private key
+	pemBytes, err := ioutil.ReadFile(path)
+	if err != nil {
+		panic(err)
+	}
+
+	// Parse private key
+	privKey, err := ssh.ParsePrivateKey(pemBytes)
+	if err != nil {
+		panic(err)
+	}
+
+	return privKey
+}

net.go

@@ -0,0 +1,56 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"net"
+	"os"
+	"syscall"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+)
+
+func openSocket() (net.PacketConn, error) {
+	fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_RAW, syscall.IPPROTO_RAW)
+	if err != nil {
+		return nil, fmt.Errorf("failed open socket: %w", err)
+	}
+	syscall.SetsockoptInt(fd, syscall.IPPROTO_IP, syscall.IP_HDRINCL, 1)
+
+	return net.FilePacketConn(os.NewFile(uintptr(fd), fmt.Sprintf("fd %d", fd)))
+}
+
+func defaultIP() string {
+	conn, err := net.Dial("udp", "8.8.8.8:80")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer conn.Close()
+
+	return conn.LocalAddr().(*net.UDPAddr).IP.String()
+}
+
+func buildUDPPacket(dst, src net.UDPAddr, payload []byte) ([]byte, error) {
+	buffer := gopacket.NewSerializeBuffer()
+
+	ip := &layers.IPv4{
+		DstIP:    dst.IP,
+		SrcIP:    src.IP,
+		Version:  4,
+		TTL:      64,
+		Protocol: layers.IPProtocolUDP,
+	}
+	udp := &layers.UDP{
+		SrcPort: layers.UDPPort(src.Port),
+		DstPort: layers.UDPPort(dst.Port),
+	}
+	if err := udp.SetNetworkLayerForChecksum(ip); err != nil {
+		return nil, fmt.Errorf("failed calculate checksum: %w", err)
+	}
+	if err := gopacket.SerializeLayers(buffer, gopacket.SerializeOptions{ComputeChecksums: true, FixLengths: true}, ip, udp, gopacket.Payload(payload)); err != nil {
+		return nil, fmt.Errorf("failed to serialize packet: %w", err)
+	}
+
+	return buffer.Bytes(), nil
+}

packet.go

@@ -0,0 +1,33 @@
+package main
+
+import (
+	crand "crypto/rand"
+	"encoding/json"
+
+	"golang.org/x/crypto/ssh"
+)
+
+type Packet struct {
+	FQDN      string `json:"fqdn"`
+	Weight    uint   `json:"weight"`
+	Priority  uint   `json:"priority"`
+	Key       string `json:"key"`
+	Timestamp int64  `json:"ts"`
+}
+
+func (p *Packet) MarshalAndSign(signer ssh.Signer) []byte {
+	jsonBytes, _ := json.Marshal(p)
+
+	// Sign JSON data
+	signature, err := signer.Sign(crand.Reader, jsonBytes)
+	if err != nil {
+		panic(err)
+	}
+
+	// Build payload
+	payload := make([]byte, len(jsonBytes)+1+len(signature.Blob))
+	copy(payload, jsonBytes)
+	copy(payload[len(jsonBytes)+1:], signature.Blob)
+
+	return payload
+}