aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/services
diff options
context:
space:
mode:
authorRiccardo Spagni <ric@spagni.net>2018-03-18 18:50:21 +0200
committerRiccardo Spagni <ric@spagni.net>2018-03-18 18:50:21 +0200
commit1f6e6001ed37b48788ef071f3297b7e9d67586a5 (patch)
tree7ff391303a4b5643294bc4f91d1c493791f98879 /external/unbound/services
parentMerge pull request #3426 (diff)
parentUnbound: add git submodule for unbound (diff)
downloadmonero-1f6e6001ed37b48788ef071f3297b7e9d67586a5.tar.xz
Merge pull request #2133
efe70a15 Unbound: add git submodule for unbound (anonimal) 84c5a9ba Unbound: remove unbound from in-tree source (anonimal)
Diffstat (limited to 'external/unbound/services')
m---------external/unbound0
-rw-r--r--external/unbound/services/cache/dns.c910
-rw-r--r--external/unbound/services/cache/dns.h211
-rw-r--r--external/unbound/services/cache/infra.c997
-rw-r--r--external/unbound/services/cache/infra.h462
-rw-r--r--external/unbound/services/cache/rrset.c419
-rw-r--r--external/unbound/services/cache/rrset.h231
-rw-r--r--external/unbound/services/listen_dnsport.c1435
-rw-r--r--external/unbound/services/listen_dnsport.h236
-rw-r--r--external/unbound/services/localzone.c1846
-rw-r--r--external/unbound/services/localzone.h500
-rw-r--r--external/unbound/services/mesh.c1502
-rw-r--r--external/unbound/services/mesh.h607
-rw-r--r--external/unbound/services/modstack.c236
-rw-r--r--external/unbound/services/modstack.h113
-rw-r--r--external/unbound/services/outbound_list.c89
-rw-r--r--external/unbound/services/outbound_list.h105
-rw-r--r--external/unbound/services/outside_network.c2183
-rw-r--r--external/unbound/services/outside_network.h567
-rw-r--r--external/unbound/services/view.c212
-rw-r--r--external/unbound/services/view.h137
21 files changed, 0 insertions, 12998 deletions
diff --git a/external/unbound b/external/unbound
new file mode 160000
+Subproject 193bdc4ee3fe2b0d17e547e86512528c2614483
diff --git a/external/unbound/services/cache/dns.c b/external/unbound/services/cache/dns.c
deleted file mode 100644
index a8fde9f28..000000000
--- a/external/unbound/services/cache/dns.c
+++ /dev/null
@@ -1,910 +0,0 @@
-/*
- * services/cache/dns.c - Cache services for DNS using msg and rrset caches.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains the DNS cache.
- */
-#include "config.h"
-#include "iterator/iter_delegpt.h"
-#include "validator/val_nsec.h"
-#include "services/cache/dns.h"
-#include "services/cache/rrset.h"
-#include "util/data/msgreply.h"
-#include "util/data/packed_rrset.h"
-#include "util/data/dname.h"
-#include "util/module.h"
-#include "util/net_help.h"
-#include "util/regional.h"
-#include "util/config_file.h"
-#include "sldns/sbuffer.h"
-
-/** store rrsets in the rrset cache.
- * @param env: module environment with caches.
- * @param rep: contains list of rrsets to store.
- * @param now: current time.
- * @param leeway: during prefetch how much leeway to update TTLs.
- * This makes rrsets (other than type NS) timeout sooner so they get
- * updated with a new full TTL.
- * Type NS does not get this, because it must not be refreshed from the
- * child domain, but keep counting down properly.
- * @param pside: if from parentside discovered NS, so that its NS is okay
- * in a prefetch situation to be updated (without becoming sticky).
- * @param qrep: update rrsets here if cache is better
- * @param region: for qrep allocs.
- */
-static void
-store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,
- time_t leeway, int pside, struct reply_info* qrep,
- struct regional* region)
-{
- size_t i;
- /* see if rrset already exists in cache, if not insert it. */
- for(i=0; i<rep->rrset_count; i++) {
- rep->ref[i].key = rep->rrsets[i];
- rep->ref[i].id = rep->rrsets[i]->id;
- /* update ref if it was in the cache */
- switch(rrset_cache_update(env->rrset_cache, &rep->ref[i],
- env->alloc, now + ((ntohs(rep->ref[i].key->rk.type)==
- LDNS_RR_TYPE_NS && !pside)?0:leeway))) {
- case 0: /* ref unchanged, item inserted */
- break;
- case 2: /* ref updated, cache is superior */
- if(region) {
- struct ub_packed_rrset_key* ck;
- lock_rw_rdlock(&rep->ref[i].key->entry.lock);
- /* if deleted rrset, do not copy it */
- if(rep->ref[i].key->id == 0)
- ck = NULL;
- else ck = packed_rrset_copy_region(
- rep->ref[i].key, region, now);
- lock_rw_unlock(&rep->ref[i].key->entry.lock);
- if(ck) {
- /* use cached copy if memory allows */
- qrep->rrsets[i] = ck;
- }
- }
- /* no break: also copy key item */
- case 1: /* ref updated, item inserted */
- rep->rrsets[i] = rep->ref[i].key;
- }
- }
-}
-
-void
-dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
- hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside,
- struct reply_info* qrep, struct regional* region)
-{
- struct msgreply_entry* e;
- time_t ttl = rep->ttl;
- size_t i;
-
- /* store RRsets */
- for(i=0; i<rep->rrset_count; i++) {
- rep->ref[i].key = rep->rrsets[i];
- rep->ref[i].id = rep->rrsets[i]->id;
- }
-
- /* there was a reply_info_sortref(rep) here but it seems to be
- * unnecessary, because the cache gets locked per rrset. */
- reply_info_set_ttls(rep, *env->now);
- store_rrsets(env, rep, *env->now, leeway, pside, qrep, region);
- if(ttl == 0) {
- /* we do not store the message, but we did store the RRs,
- * which could be useful for delegation information */
- verbose(VERB_ALGO, "TTL 0: dropped msg from cache");
- free(rep);
- return;
- }
-
- /* store msg in the cache */
- reply_info_sortref(rep);
- if(!(e = query_info_entrysetup(qinfo, rep, hash))) {
- log_err("store_msg: malloc failed");
- return;
- }
- slabhash_insert(env->msg_cache, hash, &e->entry, rep, env->alloc);
-}
-
-/** find closest NS or DNAME and returns the rrset (locked) */
-static struct ub_packed_rrset_key*
-find_closest_of_type(struct module_env* env, uint8_t* qname, size_t qnamelen,
- uint16_t qclass, time_t now, uint16_t searchtype, int stripfront)
-{
- struct ub_packed_rrset_key *rrset;
- uint8_t lablen;
-
- if(stripfront) {
- /* strip off so that DNAMEs have strict subdomain match */
- lablen = *qname;
- qname += lablen + 1;
- qnamelen -= lablen + 1;
- }
-
- /* snip off front part of qname until the type is found */
- while(qnamelen > 0) {
- if((rrset = rrset_cache_lookup(env->rrset_cache, qname,
- qnamelen, searchtype, qclass, 0, now, 0)))
- return rrset;
-
- /* snip off front label */
- lablen = *qname;
- qname += lablen + 1;
- qnamelen -= lablen + 1;
- }
- return NULL;
-}
-
-/** add addr to additional section */
-static void
-addr_to_additional(struct ub_packed_rrset_key* rrset, struct regional* region,
- struct dns_msg* msg, time_t now)
-{
- if((msg->rep->rrsets[msg->rep->rrset_count] =
- packed_rrset_copy_region(rrset, region, now))) {
- msg->rep->ar_numrrsets++;
- msg->rep->rrset_count++;
- }
-}
-
-/** lookup message in message cache */
-static struct msgreply_entry*
-msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen,
- uint16_t qtype, uint16_t qclass, uint16_t flags, time_t now, int wr)
-{
- struct lruhash_entry* e;
- struct query_info k;
- hashvalue_type h;
-
- k.qname = qname;
- k.qname_len = qnamelen;
- k.qtype = qtype;
- k.qclass = qclass;
- k.local_alias = NULL;
- h = query_info_hash(&k, flags);
- e = slabhash_lookup(env->msg_cache, h, &k, wr);
-
- if(!e) return NULL;
- if( now > ((struct reply_info*)e->data)->ttl ) {
- lock_rw_unlock(&e->lock);
- return NULL;
- }
- return (struct msgreply_entry*)e->key;
-}
-
-/** find and add A and AAAA records for nameservers in delegpt */
-static int
-find_add_addrs(struct module_env* env, uint16_t qclass,
- struct regional* region, struct delegpt* dp, time_t now,
- struct dns_msg** msg)
-{
- struct delegpt_ns* ns;
- struct msgreply_entry* neg;
- struct ub_packed_rrset_key* akey;
- for(ns = dp->nslist; ns; ns = ns->next) {
- akey = rrset_cache_lookup(env->rrset_cache, ns->name,
- ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
- if(akey) {
- if(!delegpt_add_rrset_A(dp, region, akey, 0)) {
- lock_rw_unlock(&akey->entry.lock);
- return 0;
- }
- if(msg)
- addr_to_additional(akey, region, *msg, now);
- lock_rw_unlock(&akey->entry.lock);
- } else {
- /* BIT_CD on false because delegpt lookup does
- * not use dns64 translation */
- neg = msg_cache_lookup(env, ns->name, ns->namelen,
- LDNS_RR_TYPE_A, qclass, 0, now, 0);
- if(neg) {
- delegpt_add_neg_msg(dp, neg);
- lock_rw_unlock(&neg->entry.lock);
- }
- }
- akey = rrset_cache_lookup(env->rrset_cache, ns->name,
- ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
- if(akey) {
- if(!delegpt_add_rrset_AAAA(dp, region, akey, 0)) {
- lock_rw_unlock(&akey->entry.lock);
- return 0;
- }
- if(msg)
- addr_to_additional(akey, region, *msg, now);
- lock_rw_unlock(&akey->entry.lock);
- } else {
- /* BIT_CD on false because delegpt lookup does
- * not use dns64 translation */
- neg = msg_cache_lookup(env, ns->name, ns->namelen,
- LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
- if(neg) {
- delegpt_add_neg_msg(dp, neg);
- lock_rw_unlock(&neg->entry.lock);
- }
- }
- }
- return 1;
-}
-
-/** find and add A and AAAA records for missing nameservers in delegpt */
-int
-cache_fill_missing(struct module_env* env, uint16_t qclass,
- struct regional* region, struct delegpt* dp)
-{
- struct delegpt_ns* ns;
- struct msgreply_entry* neg;
- struct ub_packed_rrset_key* akey;
- time_t now = *env->now;
- for(ns = dp->nslist; ns; ns = ns->next) {
- akey = rrset_cache_lookup(env->rrset_cache, ns->name,
- ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
- if(akey) {
- if(!delegpt_add_rrset_A(dp, region, akey, ns->lame)) {
- lock_rw_unlock(&akey->entry.lock);
- return 0;
- }
- log_nametypeclass(VERB_ALGO, "found in cache",
- ns->name, LDNS_RR_TYPE_A, qclass);
- lock_rw_unlock(&akey->entry.lock);
- } else {
- /* BIT_CD on false because delegpt lookup does
- * not use dns64 translation */
- neg = msg_cache_lookup(env, ns->name, ns->namelen,
- LDNS_RR_TYPE_A, qclass, 0, now, 0);
- if(neg) {
- delegpt_add_neg_msg(dp, neg);
- lock_rw_unlock(&neg->entry.lock);
- }
- }
- akey = rrset_cache_lookup(env->rrset_cache, ns->name,
- ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
- if(akey) {
- if(!delegpt_add_rrset_AAAA(dp, region, akey, ns->lame)) {
- lock_rw_unlock(&akey->entry.lock);
- return 0;
- }
- log_nametypeclass(VERB_ALGO, "found in cache",
- ns->name, LDNS_RR_TYPE_AAAA, qclass);
- lock_rw_unlock(&akey->entry.lock);
- } else {
- /* BIT_CD on false because delegpt lookup does
- * not use dns64 translation */
- neg = msg_cache_lookup(env, ns->name, ns->namelen,
- LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
- if(neg) {
- delegpt_add_neg_msg(dp, neg);
- lock_rw_unlock(&neg->entry.lock);
- }
- }
- }
- return 1;
-}
-
-/** find and add DS or NSEC to delegation msg */
-static void
-find_add_ds(struct module_env* env, struct regional* region,
- struct dns_msg* msg, struct delegpt* dp, time_t now)
-{
- /* Lookup the DS or NSEC at the delegation point. */
- struct ub_packed_rrset_key* rrset = rrset_cache_lookup(
- env->rrset_cache, dp->name, dp->namelen, LDNS_RR_TYPE_DS,
- msg->qinfo.qclass, 0, now, 0);
- if(!rrset) {
- /* NOTE: this won't work for alternate NSEC schemes
- * (opt-in, NSEC3) */
- rrset = rrset_cache_lookup(env->rrset_cache, dp->name,
- dp->namelen, LDNS_RR_TYPE_NSEC, msg->qinfo.qclass,
- 0, now, 0);
- /* Note: the PACKED_RRSET_NSEC_AT_APEX flag is not used.
- * since this is a referral, we need the NSEC at the parent
- * side of the zone cut, not the NSEC at apex side. */
- if(rrset && nsec_has_type(rrset, LDNS_RR_TYPE_DS)) {
- lock_rw_unlock(&rrset->entry.lock);
- rrset = NULL; /* discard wrong NSEC */
- }
- }
- if(rrset) {
- /* add it to auth section. This is the second rrset. */
- if((msg->rep->rrsets[msg->rep->rrset_count] =
- packed_rrset_copy_region(rrset, region, now))) {
- msg->rep->ns_numrrsets++;
- msg->rep->rrset_count++;
- }
- lock_rw_unlock(&rrset->entry.lock);
- }
-}
-
-struct dns_msg*
-dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype,
- uint16_t qclass, struct regional* region, size_t capacity)
-{
- struct dns_msg* msg = (struct dns_msg*)regional_alloc(region,
- sizeof(struct dns_msg));
- if(!msg)
- return NULL;
- msg->qinfo.qname = regional_alloc_init(region, qname, qnamelen);
- if(!msg->qinfo.qname)
- return NULL;
- msg->qinfo.qname_len = qnamelen;
- msg->qinfo.qtype = qtype;
- msg->qinfo.qclass = qclass;
- msg->qinfo.local_alias = NULL;
- /* non-packed reply_info, because it needs to grow the array */
- msg->rep = (struct reply_info*)regional_alloc_zero(region,
- sizeof(struct reply_info)-sizeof(struct rrset_ref));
- if(!msg->rep)
- return NULL;
- if(capacity > RR_COUNT_MAX)
- return NULL; /* integer overflow protection */
- msg->rep->flags = BIT_QR; /* with QR, no AA */
- msg->rep->qdcount = 1;
- msg->rep->rrsets = (struct ub_packed_rrset_key**)
- regional_alloc(region,
- capacity*sizeof(struct ub_packed_rrset_key*));
- if(!msg->rep->rrsets)
- return NULL;
- return msg;
-}
-
-int
-dns_msg_authadd(struct dns_msg* msg, struct regional* region,
- struct ub_packed_rrset_key* rrset, time_t now)
-{
- if(!(msg->rep->rrsets[msg->rep->rrset_count++] =
- packed_rrset_copy_region(rrset, region, now)))
- return 0;
- msg->rep->ns_numrrsets++;
- return 1;
-}
-
-/** add rrset to answer section */
-static int
-dns_msg_ansadd(struct dns_msg* msg, struct regional* region,
- struct ub_packed_rrset_key* rrset, time_t now)
-{
- if(!(msg->rep->rrsets[msg->rep->rrset_count++] =
- packed_rrset_copy_region(rrset, region, now)))
- return 0;
- msg->rep->an_numrrsets++;
- return 1;
-}
-
-struct delegpt*
-dns_cache_find_delegation(struct module_env* env, uint8_t* qname,
- size_t qnamelen, uint16_t qtype, uint16_t qclass,
- struct regional* region, struct dns_msg** msg, time_t now)
-{
- /* try to find closest NS rrset */
- struct ub_packed_rrset_key* nskey;
- struct packed_rrset_data* nsdata;
- struct delegpt* dp;
-
- nskey = find_closest_of_type(env, qname, qnamelen, qclass, now,
- LDNS_RR_TYPE_NS, 0);
- if(!nskey) /* hope the caller has hints to prime or something */
- return NULL;
- nsdata = (struct packed_rrset_data*)nskey->entry.data;
- /* got the NS key, create delegation point */
- dp = delegpt_create(region);
- if(!dp || !delegpt_set_name(dp, region, nskey->rk.dname)) {
- lock_rw_unlock(&nskey->entry.lock);
- log_err("find_delegation: out of memory");
- return NULL;
- }
- /* create referral message */
- if(msg) {
- /* allocate the array to as much as we could need:
- * NS rrset + DS/NSEC rrset +
- * A rrset for every NS RR
- * AAAA rrset for every NS RR
- */
- *msg = dns_msg_create(qname, qnamelen, qtype, qclass, region,
- 2 + nsdata->count*2);
- if(!*msg || !dns_msg_authadd(*msg, region, nskey, now)) {
- lock_rw_unlock(&nskey->entry.lock);
- log_err("find_delegation: out of memory");
- return NULL;
- }
- }
- if(!delegpt_rrset_add_ns(dp, region, nskey, 0))
- log_err("find_delegation: addns out of memory");
- lock_rw_unlock(&nskey->entry.lock); /* first unlock before next lookup*/
- /* find and add DS/NSEC (if any) */
- if(msg)
- find_add_ds(env, region, *msg, dp, now);
- /* find and add A entries */
- if(!find_add_addrs(env, qclass, region, dp, now, msg))
- log_err("find_delegation: addrs out of memory");
- return dp;
-}
-
-/** allocate dns_msg from query_info and reply_info */
-static struct dns_msg*
-gen_dns_msg(struct regional* region, struct query_info* q, size_t num)
-{
- struct dns_msg* msg = (struct dns_msg*)regional_alloc(region,
- sizeof(struct dns_msg));
- if(!msg)
- return NULL;
- memcpy(&msg->qinfo, q, sizeof(struct query_info));
- msg->qinfo.qname = regional_alloc_init(region, q->qname, q->qname_len);
- if(!msg->qinfo.qname)
- return NULL;
- /* allocate replyinfo struct and rrset key array separately */
- msg->rep = (struct reply_info*)regional_alloc(region,
- sizeof(struct reply_info) - sizeof(struct rrset_ref));
- if(!msg->rep)
- return NULL;
- if(num > RR_COUNT_MAX)
- return NULL; /* integer overflow protection */
- msg->rep->rrsets = (struct ub_packed_rrset_key**)
- regional_alloc(region,
- num * sizeof(struct ub_packed_rrset_key*));
- if(!msg->rep->rrsets)
- return NULL;
- return msg;
-}
-
-struct dns_msg*
-tomsg(struct module_env* env, struct query_info* q, struct reply_info* r,
- struct regional* region, time_t now, struct regional* scratch)
-{
- struct dns_msg* msg;
- size_t i;
- if(now > r->ttl)
- return NULL;
- msg = gen_dns_msg(region, q, r->rrset_count);
- if(!msg)
- return NULL;
- msg->rep->flags = r->flags;
- msg->rep->qdcount = r->qdcount;
- msg->rep->ttl = r->ttl - now;
- if(r->prefetch_ttl > now)
- msg->rep->prefetch_ttl = r->prefetch_ttl - now;
- else msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
- msg->rep->security = r->security;
- msg->rep->an_numrrsets = r->an_numrrsets;
- msg->rep->ns_numrrsets = r->ns_numrrsets;
- msg->rep->ar_numrrsets = r->ar_numrrsets;
- msg->rep->rrset_count = r->rrset_count;
- msg->rep->authoritative = r->authoritative;
- if(!rrset_array_lock(r->ref, r->rrset_count, now))
- return NULL;
- if(r->an_numrrsets > 0 && (r->rrsets[0]->rk.type == htons(
- LDNS_RR_TYPE_CNAME) || r->rrsets[0]->rk.type == htons(
- LDNS_RR_TYPE_DNAME)) && !reply_check_cname_chain(q, r)) {
- /* cname chain is now invalid, reconstruct msg */
- rrset_array_unlock(r->ref, r->rrset_count);
- return NULL;
- }
- if(r->security == sec_status_secure && !reply_all_rrsets_secure(r)) {
- /* message rrsets have changed status, revalidate */
- rrset_array_unlock(r->ref, r->rrset_count);
- return NULL;
- }
- for(i=0; i<msg->rep->rrset_count; i++) {
- msg->rep->rrsets[i] = packed_rrset_copy_region(r->rrsets[i],
- region, now);
- if(!msg->rep->rrsets[i]) {
- rrset_array_unlock(r->ref, r->rrset_count);
- return NULL;
- }
- }
- if(env)
- rrset_array_unlock_touch(env->rrset_cache, scratch, r->ref,
- r->rrset_count);
- else
- rrset_array_unlock(r->ref, r->rrset_count);
- return msg;
-}
-
-/** synthesize RRset-only response from cached RRset item */
-static struct dns_msg*
-rrset_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
- time_t now, struct query_info* q)
-{
- struct dns_msg* msg;
- struct packed_rrset_data* d = (struct packed_rrset_data*)
- rrset->entry.data;
- if(now > d->ttl)
- return NULL;
- msg = gen_dns_msg(region, q, 1); /* only the CNAME (or other) RRset */
- if(!msg)
- return NULL;
- msg->rep->flags = BIT_QR; /* reply, no AA, no error */
- msg->rep->authoritative = 0; /* reply stored in cache can't be authoritative */
- msg->rep->qdcount = 1;
- msg->rep->ttl = d->ttl - now;
- msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
- msg->rep->security = sec_status_unchecked;
- msg->rep->an_numrrsets = 1;
- msg->rep->ns_numrrsets = 0;
- msg->rep->ar_numrrsets = 0;
- msg->rep->rrset_count = 1;
- msg->rep->rrsets[0] = packed_rrset_copy_region(rrset, region, now);
- if(!msg->rep->rrsets[0]) /* copy CNAME */
- return NULL;
- return msg;
-}
-
-/** synthesize DNAME+CNAME response from cached DNAME item */
-static struct dns_msg*
-synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
- time_t now, struct query_info* q)
-{
- struct dns_msg* msg;
- struct ub_packed_rrset_key* ck;
- struct packed_rrset_data* newd, *d = (struct packed_rrset_data*)
- rrset->entry.data;
- uint8_t* newname, *dtarg = NULL;
- size_t newlen, dtarglen;
- if(now > d->ttl)
- return NULL;
- /* only allow validated (with DNSSEC) DNAMEs used from cache
- * for insecure DNAMEs, query again. */
- if(d->security != sec_status_secure)
- return NULL;
- msg = gen_dns_msg(region, q, 2); /* DNAME + CNAME RRset */
- if(!msg)
- return NULL;
- msg->rep->flags = BIT_QR; /* reply, no AA, no error */
- msg->rep->authoritative = 0; /* reply stored in cache can't be authoritative */
- msg->rep->qdcount = 1;
- msg->rep->ttl = d->ttl - now;
- msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
- msg->rep->security = sec_status_unchecked;
- msg->rep->an_numrrsets = 1;
- msg->rep->ns_numrrsets = 0;
- msg->rep->ar_numrrsets = 0;
- msg->rep->rrset_count = 1;
- msg->rep->rrsets[0] = packed_rrset_copy_region(rrset, region, now);
- if(!msg->rep->rrsets[0]) /* copy DNAME */
- return NULL;
- /* synth CNAME rrset */
- get_cname_target(rrset, &dtarg, &dtarglen);
- if(!dtarg)
- return NULL;
- newlen = q->qname_len + dtarglen - rrset->rk.dname_len;
- if(newlen > LDNS_MAX_DOMAINLEN) {
- msg->rep->flags |= LDNS_RCODE_YXDOMAIN;
- return msg;
- }
- newname = (uint8_t*)regional_alloc(region, newlen);
- if(!newname)
- return NULL;
- /* new name is concatenation of qname front (without DNAME owner)
- * and DNAME target name */
- memcpy(newname, q->qname, q->qname_len-rrset->rk.dname_len);
- memmove(newname+(q->qname_len-rrset->rk.dname_len), dtarg, dtarglen);
- /* create rest of CNAME rrset */
- ck = (struct ub_packed_rrset_key*)regional_alloc(region,
- sizeof(struct ub_packed_rrset_key));
- if(!ck)
- return NULL;
- memset(&ck->entry, 0, sizeof(ck->entry));
- msg->rep->rrsets[1] = ck;
- ck->entry.key = ck;
- ck->rk.type = htons(LDNS_RR_TYPE_CNAME);
- ck->rk.rrset_class = rrset->rk.rrset_class;
- ck->rk.flags = 0;
- ck->rk.dname = regional_alloc_init(region, q->qname, q->qname_len);
- if(!ck->rk.dname)
- return NULL;
- ck->rk.dname_len = q->qname_len;
- ck->entry.hash = rrset_key_hash(&ck->rk);
- newd = (struct packed_rrset_data*)regional_alloc_zero(region,
- sizeof(struct packed_rrset_data) + sizeof(size_t) +
- sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t)
- + newlen);
- if(!newd)
- return NULL;
- ck->entry.data = newd;
- newd->ttl = 0; /* 0 for synthesized CNAME TTL */
- newd->count = 1;
- newd->rrsig_count = 0;
- newd->trust = rrset_trust_ans_noAA;
- newd->rr_len = (size_t*)((uint8_t*)newd +
- sizeof(struct packed_rrset_data));
- newd->rr_len[0] = newlen + sizeof(uint16_t);
- packed_rrset_ptr_fixup(newd);
- newd->rr_ttl[0] = newd->ttl;
- msg->rep->ttl = newd->ttl;
- msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(newd->ttl);
- sldns_write_uint16(newd->rr_data[0], newlen);
- memmove(newd->rr_data[0] + sizeof(uint16_t), newname, newlen);
- msg->rep->an_numrrsets ++;
- msg->rep->rrset_count ++;
- return msg;
-}
-
-/** Fill TYPE_ANY response with some data from cache */
-static struct dns_msg*
-fill_any(struct module_env* env,
- uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
- struct regional* region)
-{
- time_t now = *env->now;
- struct dns_msg* msg = NULL;
- uint16_t lookup[] = {LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA,
- LDNS_RR_TYPE_MX, LDNS_RR_TYPE_SOA, LDNS_RR_TYPE_NS,
- LDNS_RR_TYPE_DNAME, 0};
- int i, num=6; /* number of RR types to look up */
- log_assert(lookup[num] == 0);
-
- for(i=0; i<num; i++) {
- /* look up this RR for inclusion in type ANY response */
- struct ub_packed_rrset_key* rrset = rrset_cache_lookup(
- env->rrset_cache, qname, qnamelen, lookup[i],
- qclass, 0, now, 0);
- struct packed_rrset_data *d;
- if(!rrset)
- continue;
-
- /* only if rrset from answer section */
- d = (struct packed_rrset_data*)rrset->entry.data;
- if(d->trust == rrset_trust_add_noAA ||
- d->trust == rrset_trust_auth_noAA ||
- d->trust == rrset_trust_add_AA ||
- d->trust == rrset_trust_auth_AA) {
- lock_rw_unlock(&rrset->entry.lock);
- continue;
- }
-
- /* create msg if none */
- if(!msg) {
- msg = dns_msg_create(qname, qnamelen, qtype, qclass,
- region, (size_t)(num-i));
- if(!msg) {
- lock_rw_unlock(&rrset->entry.lock);
- return NULL;
- }
- }
-
- /* add RRset to response */
- if(!dns_msg_ansadd(msg, region, rrset, now)) {
- lock_rw_unlock(&rrset->entry.lock);
- return NULL;
- }
- lock_rw_unlock(&rrset->entry.lock);
- }
- return msg;
-}
-
-struct dns_msg*
-dns_cache_lookup(struct module_env* env,
- uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
- uint16_t flags, struct regional* region, struct regional* scratch)
-{
- struct lruhash_entry* e;
- struct query_info k;
- hashvalue_type h;
- time_t now = *env->now;
- struct ub_packed_rrset_key* rrset;
-
- /* lookup first, this has both NXdomains and ANSWER responses */
- k.qname = qname;
- k.qname_len = qnamelen;
- k.qtype = qtype;
- k.qclass = qclass;
- k.local_alias = NULL;
- h = query_info_hash(&k, flags);
- e = slabhash_lookup(env->msg_cache, h, &k, 0);
- if(e) {
- struct msgreply_entry* key = (struct msgreply_entry*)e->key;
- struct reply_info* data = (struct reply_info*)e->data;
- struct dns_msg* msg = tomsg(env, &key->key, data, region, now,
- scratch);
- if(msg) {
- lock_rw_unlock(&e->lock);
- return msg;
- }
- /* could be msg==NULL; due to TTL or not all rrsets available */
- lock_rw_unlock(&e->lock);
- }
-
- /* see if a DNAME exists. Checked for first, to enforce that DNAMEs
- * are more important, the CNAME is resynthesized and thus
- * consistent with the DNAME */
- if( (rrset=find_closest_of_type(env, qname, qnamelen, qclass, now,
- LDNS_RR_TYPE_DNAME, 1))) {
- /* synthesize a DNAME+CNAME message based on this */
- struct dns_msg* msg = synth_dname_msg(rrset, region, now, &k);
- if(msg) {
- lock_rw_unlock(&rrset->entry.lock);
- return msg;
- }
- lock_rw_unlock(&rrset->entry.lock);
- }
-
- /* see if we have CNAME for this domain,
- * but not for DS records (which are part of the parent) */
- if( qtype != LDNS_RR_TYPE_DS &&
- (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
- LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) {
- struct dns_msg* msg = rrset_msg(rrset, region, now, &k);
- if(msg) {
- lock_rw_unlock(&rrset->entry.lock);
- return msg;
- }
- lock_rw_unlock(&rrset->entry.lock);
- }
-
- /* construct DS, DNSKEY, DLV messages from rrset cache. */
- if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY ||
- qtype == LDNS_RR_TYPE_DLV) &&
- (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
- qtype, qclass, 0, now, 0))) {
- /* if the rrset is from the additional section, and the
- * signatures have fallen off, then do not synthesize a msg
- * instead, allow a full query for signed results to happen.
- * Forego all rrset data from additional section, because
- * some signatures may not be present and cause validation
- * failure.
- */
- struct packed_rrset_data *d = (struct packed_rrset_data*)
- rrset->entry.data;
- if(d->trust != rrset_trust_add_noAA &&
- d->trust != rrset_trust_add_AA &&
- (qtype == LDNS_RR_TYPE_DS ||
- (d->trust != rrset_trust_auth_noAA
- && d->trust != rrset_trust_auth_AA) )) {
- struct dns_msg* msg = rrset_msg(rrset, region, now, &k);
- if(msg) {
- lock_rw_unlock(&rrset->entry.lock);
- return msg;
- }
- }
- lock_rw_unlock(&rrset->entry.lock);
- }
-
- /* stop downwards cache search on NXDOMAIN.
- * Empty nonterminals are NOERROR, so an NXDOMAIN for foo
- * means bla.foo also does not exist. The DNSSEC proofs are
- * the same. We search upwards for NXDOMAINs. */
- if(env->cfg->harden_below_nxdomain)
- while(!dname_is_root(k.qname)) {
- dname_remove_label(&k.qname, &k.qname_len);
- h = query_info_hash(&k, flags);
- e = slabhash_lookup(env->msg_cache, h, &k, 0);
- if(!e && k.qtype != LDNS_RR_TYPE_A &&
- env->cfg->qname_minimisation) {
- k.qtype = LDNS_RR_TYPE_A;
- h = query_info_hash(&k, flags);
- e = slabhash_lookup(env->msg_cache, h, &k, 0);
- }
- if(e) {
- struct reply_info* data = (struct reply_info*)e->data;
- struct dns_msg* msg;
- if(FLAGS_GET_RCODE(data->flags) == LDNS_RCODE_NXDOMAIN
- && data->security == sec_status_secure
- && (msg=tomsg(env, &k, data, region, now, scratch))){
- lock_rw_unlock(&e->lock);
- msg->qinfo.qname=qname;
- msg->qinfo.qname_len=qnamelen;
- /* check that DNSSEC really works out */
- msg->rep->security = sec_status_unchecked;
- return msg;
- }
- lock_rw_unlock(&e->lock);
- }
- k.qtype = qtype;
- }
-
- /* fill common RR types for ANY response to avoid requery */
- if(qtype == LDNS_RR_TYPE_ANY) {
- return fill_any(env, qname, qnamelen, qtype, qclass, region);
- }
-
- return NULL;
-}
-
-int
-dns_cache_store(struct module_env* env, struct query_info* msgqinf,
- struct reply_info* msgrep, int is_referral, time_t leeway, int pside,
- struct regional* region, uint16_t flags)
-{
- struct reply_info* rep = NULL;
- /* alloc, malloc properly (not in region, like msg is) */
- rep = reply_info_copy(msgrep, env->alloc, NULL);
- if(!rep)
- return 0;
- /* ttl must be relative ;i.e. 0..86400 not time(0)+86400.
- * the env->now is added to message and RRsets in this routine. */
- /* the leeway is used to invalidate other rrsets earlier */
-
- if(is_referral) {
- /* store rrsets */
- struct rrset_ref ref;
- size_t i;
- for(i=0; i<rep->rrset_count; i++) {
- packed_rrset_ttl_add((struct packed_rrset_data*)
- rep->rrsets[i]->entry.data, *env->now);
- ref.key = rep->rrsets[i];
- ref.id = rep->rrsets[i]->id;
- /*ignore ret: it was in the cache, ref updated */
- /* no leeway for typeNS */
- (void)rrset_cache_update(env->rrset_cache, &ref,
- env->alloc, *env->now +
- ((ntohs(ref.key->rk.type)==LDNS_RR_TYPE_NS
- && !pside) ? 0:leeway));
- }
- free(rep);
- return 1;
- } else {
- /* store msg, and rrsets */
- struct query_info qinf;
- hashvalue_type h;
-
- qinf = *msgqinf;
- qinf.qname = memdup(msgqinf->qname, msgqinf->qname_len);
- if(!qinf.qname) {
- reply_info_parsedelete(rep, env->alloc);
- return 0;
- }
- /* fixup flags to be sensible for a reply based on the cache */
- /* this module means that RA is available. It is an answer QR.
- * Not AA from cache. Not CD in cache (depends on client bit). */
- rep->flags |= (BIT_RA | BIT_QR);
- rep->flags &= ~(BIT_AA | BIT_CD);
- h = query_info_hash(&qinf, flags);
- dns_cache_store_msg(env, &qinf, h, rep, leeway, pside, msgrep,
- region);
- /* qname is used inside query_info_entrysetup, and set to
- * NULL. If it has not been used, free it. free(0) is safe. */
- free(qinf.qname);
- }
- return 1;
-}
-
-int
-dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo,
- time_t adjust, uint16_t flags)
-{
- struct msgreply_entry* msg;
- msg = msg_cache_lookup(env, qinfo->qname, qinfo->qname_len,
- qinfo->qtype, qinfo->qclass, flags, *env->now, 1);
- if(msg) {
- struct reply_info* rep = (struct reply_info*)msg->entry.data;
- if(rep) {
- rep->prefetch_ttl += adjust;
- lock_rw_unlock(&msg->entry.lock);
- return 1;
- }
- lock_rw_unlock(&msg->entry.lock);
- }
- return 0;
-}
diff --git a/external/unbound/services/cache/dns.h b/external/unbound/services/cache/dns.h
deleted file mode 100644
index 0dfb68874..000000000
--- a/external/unbound/services/cache/dns.h
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * services/cache/dns.h - Cache services for DNS using msg and rrset caches.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains the DNS cache.
- */
-
-#ifndef SERVICES_CACHE_DNS_H
-#define SERVICES_CACHE_DNS_H
-#include "util/storage/lruhash.h"
-#include "util/data/msgreply.h"
-struct module_env;
-struct query_info;
-struct reply_info;
-struct regional;
-struct delegpt;
-
-/**
- * Region allocated message reply
- */
-struct dns_msg {
- /** query info */
- struct query_info qinfo;
- /** reply info - ptr to packed repinfo structure */
- struct reply_info *rep;
-};
-
-/**
- * Allocate a dns_msg with malloc/alloc structure and store in dns cache.
- *
- * @param env: environment, with alloc structure and dns cache.
- * @param qinf: query info, the query for which answer is stored.
- * this is allocated in a region, and will be copied to malloc area
- * before insertion.
- * @param rep: reply in dns_msg from dns_alloc_msg for example.
- * this is allocated in a region, and will be copied to malloc area
- * before insertion.
- * @param is_referral: If true, then the given message to be stored is a
- * referral. The cache implementation may use this as a hint.
- * It will store only the RRsets, not the message.
- * @param leeway: TTL value, if not 0, other rrsets are considered expired
- * that many seconds before actual TTL expiry.
- * @param pside: if true, information came from a server which was fetched
- * from the parentside of the zonecut. This means that the type NS
- * can be updated to full TTL even in prefetch situations.
- * @param region: region to allocate better entries from cache into.
- * (used when is_referral is false).
- * @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
- * @return 0 on alloc error (out of memory).
- */
-int dns_cache_store(struct module_env* env, struct query_info* qinf,
- struct reply_info* rep, int is_referral, time_t leeway, int pside,
- struct regional* region, uint16_t flags);
-
-/**
- * Store message in the cache. Stores in message cache and rrset cache.
- * Both qinfo and rep should be malloced and are put in the cache.
- * They should not be used after this call, as they are then in shared cache.
- * Does not return errors, they are logged and only lead to less cache.
- *
- * @param env: module environment with the DNS cache.
- * @param qinfo: query info
- * @param hash: hash over qinfo.
- * @param rep: reply info, together with qinfo makes up the message.
- * Adjusts the reply info TTLs to absolute time.
- * @param leeway: TTL value, if not 0, other rrsets are considered expired
- * that many seconds before actual TTL expiry.
- * @param pside: if true, information came from a server which was fetched
- * from the parentside of the zonecut. This means that the type NS
- * can be updated to full TTL even in prefetch situations.
- * @param qrep: message that can be altered with better rrs from cache.
- * @param region: to allocate into for qmsg.
- */
-void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
- hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside,
- struct reply_info* qrep, struct regional* region);
-
-/**
- * Find a delegation from the cache.
- * @param env: module environment with the DNS cache.
- * @param qname: query name.
- * @param qnamelen: length of qname.
- * @param qtype: query type.
- * @param qclass: query class.
- * @param region: where to allocate result delegation.
- * @param msg: if not NULL, delegation message is returned here, synthesized
- * from the cache.
- * @param timenow: the time now, for checking if TTL on cache entries is OK.
- * @return new delegation or NULL on error or if not found in cache.
- */
-struct delegpt* dns_cache_find_delegation(struct module_env* env,
- uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
- struct regional* region, struct dns_msg** msg, time_t timenow);
-
-/**
- * generate dns_msg from cached message
- * @param env: module environment with the DNS cache. NULL if the LRU from cache
- * does not need to be touched.
- * @param q: query info, contains qname that will make up the dns message.
- * @param r: reply info that, together with qname, will make up the dns message.
- * @param region: where to allocate dns message.
- * @param now: the time now, for check if TTL on cache entry is ok.
- * @param scratch: where to allocate temporary data.
- * */
-struct dns_msg* tomsg(struct module_env* env, struct query_info* q,
- struct reply_info* r, struct regional* region, time_t now,
- struct regional* scratch);
-
-/**
- * Find cached message
- * @param env: module environment with the DNS cache.
- * @param qname: query name.
- * @param qnamelen: length of qname.
- * @param qtype: query type.
- * @param qclass: query class.
- * @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
- * @param region: where to allocate result.
- * @param scratch: where to allocate temporary data.
- * @return new response message (alloced in region, rrsets do not have IDs).
- * or NULL on error or if not found in cache.
- * TTLs are made relative to the current time.
- */
-struct dns_msg* dns_cache_lookup(struct module_env* env,
- uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
- uint16_t flags, struct regional* region, struct regional* scratch);
-
-/**
- * find and add A and AAAA records for missing nameservers in delegpt
- * @param env: module environment with rrset cache
- * @param qclass: which class to look in.
- * @param region: where to store new dp info.
- * @param dp: delegation point to fill missing entries.
- * @return false on alloc failure.
- */
-int cache_fill_missing(struct module_env* env, uint16_t qclass,
- struct regional* region, struct delegpt* dp);
-
-/**
- * Utility, create new, unpacked data structure for cache response.
- * QR bit set, no AA. Query set as indicated. Space for number of rrsets.
- * @param qname: query section name
- * @param qnamelen: len of qname
- * @param qtype: query section type
- * @param qclass: query section class
- * @param region: where to alloc.
- * @param capacity: number of rrsets space to create in the array.
- * @return new dns_msg struct or NULL on mem fail.
- */
-struct dns_msg* dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype,
- uint16_t qclass, struct regional* region, size_t capacity);
-
-/**
- * Add rrset to authority section in unpacked dns_msg message. Must have enough
- * space left, does not grow the array.
- * @param msg: msg to put it in.
- * @param region: region to alloc in
- * @param rrset: to add in authority section
- * @param now: now.
- * @return true if worked, false on fail
- */
-int dns_msg_authadd(struct dns_msg* msg, struct regional* region,
- struct ub_packed_rrset_key* rrset, time_t now);
-
-/**
- * Adjust the prefetch_ttl for a cached message. This adds a value to the
- * prefetch ttl - postponing the time when it will be prefetched for future
- * incoming queries.
- * @param env: module environment with caches and time.
- * @param qinfo: query info for the query that needs adjustment.
- * @param adjust: time in seconds to add to the prefetch_leeway.
- * @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
- * @return false if not in cache. true if added.
- */
-int dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo,
- time_t adjust, uint16_t flags);
-
-#endif /* SERVICES_CACHE_DNS_H */
diff --git a/external/unbound/services/cache/infra.c b/external/unbound/services/cache/infra.c
deleted file mode 100644
index 314c85ef5..000000000
--- a/external/unbound/services/cache/infra.c
+++ /dev/null
@@ -1,997 +0,0 @@
-/*
- * services/cache/infra.c - infrastructure cache, server rtt and capabilities
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains the infrastructure cache.
- */
-#include "config.h"
-#include "sldns/rrdef.h"
-#include "sldns/str2wire.h"
-#include "services/cache/infra.h"
-#include "util/storage/slabhash.h"
-#include "util/storage/lookup3.h"
-#include "util/data/dname.h"
-#include "util/log.h"
-#include "util/net_help.h"
-#include "util/config_file.h"
-#include "iterator/iterator.h"
-
-/** Timeout when only a single probe query per IP is allowed. */
-#define PROBE_MAXRTO 12000 /* in msec */
-
-/** number of timeouts for a type when the domain can be blocked ;
- * even if another type has completely rtt maxed it, the different type
- * can do this number of packets (until those all timeout too) */
-#define TIMEOUT_COUNT_MAX 3
-
-/** ratelimit value for delegation point */
-int infra_dp_ratelimit = 0;
-
-/** ratelimit value for client ip addresses,
- * in queries per second. */
-int infra_ip_ratelimit = 0;
-
-size_t
-infra_sizefunc(void* k, void* ATTR_UNUSED(d))
-{
- struct infra_key* key = (struct infra_key*)k;
- return sizeof(*key) + sizeof(struct infra_data) + key->namelen
- + lock_get_mem(&key->entry.lock);
-}
-
-int
-infra_compfunc(void* key1, void* key2)
-{
- struct infra_key* k1 = (struct infra_key*)key1;
- struct infra_key* k2 = (struct infra_key*)key2;
- int r = sockaddr_cmp(&k1->addr, k1->addrlen, &k2->addr, k2->addrlen);
- if(r != 0)
- return r;
- if(k1->namelen != k2->namelen) {
- if(k1->namelen < k2->namelen)
- return -1;
- return 1;
- }
- return query_dname_compare(k1->zonename, k2->zonename);
-}
-
-void
-infra_delkeyfunc(void* k, void* ATTR_UNUSED(arg))
-{
- struct infra_key* key = (struct infra_key*)k;
- if(!key)
- return;
- lock_rw_destroy(&key->entry.lock);
- free(key->zonename);
- free(key);
-}
-
-void
-infra_deldatafunc(void* d, void* ATTR_UNUSED(arg))
-{
- struct infra_data* data = (struct infra_data*)d;
- free(data);
-}
-
-size_t
-rate_sizefunc(void* k, void* ATTR_UNUSED(d))
-{
- struct rate_key* key = (struct rate_key*)k;
- return sizeof(*key) + sizeof(struct rate_data) + key->namelen
- + lock_get_mem(&key->entry.lock);
-}
-
-int
-rate_compfunc(void* key1, void* key2)
-{
- struct rate_key* k1 = (struct rate_key*)key1;
- struct rate_key* k2 = (struct rate_key*)key2;
- if(k1->namelen != k2->namelen) {
- if(k1->namelen < k2->namelen)
- return -1;
- return 1;
- }
- return query_dname_compare(k1->name, k2->name);
-}
-
-void
-rate_delkeyfunc(void* k, void* ATTR_UNUSED(arg))
-{
- struct rate_key* key = (struct rate_key*)k;
- if(!key)
- return;
- lock_rw_destroy(&key->entry.lock);
- free(key->name);
- free(key);
-}
-
-void
-rate_deldatafunc(void* d, void* ATTR_UNUSED(arg))
-{
- struct rate_data* data = (struct rate_data*)d;
- free(data);
-}
-
-/** find or create element in domainlimit tree */
-static struct domain_limit_data* domain_limit_findcreate(
- struct infra_cache* infra, char* name)
-{
- uint8_t* nm;
- int labs;
- size_t nmlen;
- struct domain_limit_data* d;
-
- /* parse name */
- nm = sldns_str2wire_dname(name, &nmlen);
- if(!nm) {
- log_err("could not parse %s", name);
- return NULL;
- }
- labs = dname_count_labels(nm);
-
- /* can we find it? */
- d = (struct domain_limit_data*)name_tree_find(&infra->domain_limits,
- nm, nmlen, labs, LDNS_RR_CLASS_IN);
- if(d) {
- free(nm);
- return d;
- }
-
- /* create it */
- d = (struct domain_limit_data*)calloc(1, sizeof(*d));
- if(!d) {
- free(nm);
- return NULL;
- }
- d->node.node.key = &d->node;
- d->node.name = nm;
- d->node.len = nmlen;
- d->node.labs = labs;
- d->node.dclass = LDNS_RR_CLASS_IN;
- d->lim = -1;
- d->below = -1;
- if(!name_tree_insert(&infra->domain_limits, &d->node, nm, nmlen,
- labs, LDNS_RR_CLASS_IN)) {
- log_err("duplicate element in domainlimit tree");
- free(nm);
- free(d);
- return NULL;
- }
- return d;
-}
-
-/** insert rate limit configuration into lookup tree */
-static int infra_ratelimit_cfg_insert(struct infra_cache* infra,
- struct config_file* cfg)
-{
- struct config_str2list* p;
- struct domain_limit_data* d;
- for(p = cfg->ratelimit_for_domain; p; p = p->next) {
- d = domain_limit_findcreate(infra, p->str);
- if(!d)
- return 0;
- d->lim = atoi(p->str2);
- }
- for(p = cfg->ratelimit_below_domain; p; p = p->next) {
- d = domain_limit_findcreate(infra, p->str);
- if(!d)
- return 0;
- d->below = atoi(p->str2);
- }
- return 1;
-}
-
-struct infra_cache*
-infra_create(struct config_file* cfg)
-{
- struct infra_cache* infra = (struct infra_cache*)calloc(1,
- sizeof(struct infra_cache));
- size_t maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
- sizeof(struct infra_data)+INFRA_BYTES_NAME);
- infra->hosts = slabhash_create(cfg->infra_cache_slabs,
- INFRA_HOST_STARTSIZE, maxmem, &infra_sizefunc, &infra_compfunc,
- &infra_delkeyfunc, &infra_deldatafunc, NULL);
- if(!infra->hosts) {
- free(infra);
- return NULL;
- }
- infra->host_ttl = cfg->host_ttl;
- name_tree_init(&infra->domain_limits);
- infra_dp_ratelimit = cfg->ratelimit;
- if(cfg->ratelimit != 0) {
- infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
- INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
- &rate_sizefunc, &rate_compfunc, &rate_delkeyfunc,
- &rate_deldatafunc, NULL);
- if(!infra->domain_rates) {
- infra_delete(infra);
- return NULL;
- }
- /* insert config data into ratelimits */
- if(!infra_ratelimit_cfg_insert(infra, cfg)) {
- infra_delete(infra);
- return NULL;
- }
- name_tree_init_parents(&infra->domain_limits);
- }
- infra_ip_ratelimit = cfg->ip_ratelimit;
- infra->client_ip_rates = slabhash_create(cfg->ratelimit_slabs,
- INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc,
- &ip_rate_compfunc, &ip_rate_delkeyfunc, &ip_rate_deldatafunc, NULL);
- if(!infra->client_ip_rates) {
- infra_delete(infra);
- return NULL;
- }
- return infra;
-}
-
-/** delete domain_limit entries */
-static void domain_limit_free(rbnode_type* n, void* ATTR_UNUSED(arg))
-{
- if(n) {
- free(((struct domain_limit_data*)n)->node.name);
- free(n);
- }
-}
-
-void
-infra_delete(struct infra_cache* infra)
-{
- if(!infra)
- return;
- slabhash_delete(infra->hosts);
- slabhash_delete(infra->domain_rates);
- traverse_postorder(&infra->domain_limits, domain_limit_free, NULL);
- slabhash_delete(infra->client_ip_rates);
- free(infra);
-}
-
-struct infra_cache*
-infra_adjust(struct infra_cache* infra, struct config_file* cfg)
-{
- size_t maxmem;
- if(!infra)
- return infra_create(cfg);
- infra->host_ttl = cfg->host_ttl;
- maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
- sizeof(struct infra_data)+INFRA_BYTES_NAME);
- if(maxmem != slabhash_get_size(infra->hosts) ||
- cfg->infra_cache_slabs != infra->hosts->size) {
- infra_delete(infra);
- infra = infra_create(cfg);
- }
- return infra;
-}
-
-/** calculate the hash value for a host key
- * set use_port to a non-0 number to use the port in
- * the hash calculation; 0 to ignore the port.*/
-static hashvalue_type
-hash_addr(struct sockaddr_storage* addr, socklen_t addrlen,
- int use_port)
-{
- hashvalue_type h = 0xab;
- /* select the pieces to hash, some OS have changing data inside */
- if(addr_is_ip6(addr, addrlen)) {
- struct sockaddr_in6* in6 = (struct sockaddr_in6*)addr;
- h = hashlittle(&in6->sin6_family, sizeof(in6->sin6_family), h);
- if(use_port){
- h = hashlittle(&in6->sin6_port, sizeof(in6->sin6_port), h);
- }
- h = hashlittle(&in6->sin6_addr, INET6_SIZE, h);
- } else {
- struct sockaddr_in* in = (struct sockaddr_in*)addr;
- h = hashlittle(&in->sin_family, sizeof(in->sin_family), h);
- if(use_port){
- h = hashlittle(&in->sin_port, sizeof(in->sin_port), h);
- }
- h = hashlittle(&in->sin_addr, INET_SIZE, h);
- }
- return h;
-}
-
-/** calculate infra hash for a key */
-static hashvalue_type
-hash_infra(struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name)
-{
- return dname_query_hash(name, hash_addr(addr, addrlen, 1));
-}
-
-/** lookup version that does not check host ttl (you check it) */
-struct lruhash_entry*
-infra_lookup_nottl(struct infra_cache* infra, struct sockaddr_storage* addr,
- socklen_t addrlen, uint8_t* name, size_t namelen, int wr)
-{
- struct infra_key k;
- k.addrlen = addrlen;
- memcpy(&k.addr, addr, addrlen);
- k.namelen = namelen;
- k.zonename = name;
- k.entry.hash = hash_infra(addr, addrlen, name);
- k.entry.key = (void*)&k;
- k.entry.data = NULL;
- return slabhash_lookup(infra->hosts, k.entry.hash, &k, wr);
-}
-
-/** init the data elements */
-static void
-data_entry_init(struct infra_cache* infra, struct lruhash_entry* e,
- time_t timenow)
-{
- struct infra_data* data = (struct infra_data*)e->data;
- data->ttl = timenow + infra->host_ttl;
- rtt_init(&data->rtt);
- data->edns_version = 0;
- data->edns_lame_known = 0;
- data->probedelay = 0;
- data->isdnsseclame = 0;
- data->rec_lame = 0;
- data->lame_type_A = 0;
- data->lame_other = 0;
- data->timeout_A = 0;
- data->timeout_AAAA = 0;
- data->timeout_other = 0;
-}
-
-/**
- * Create and init a new entry for a host
- * @param infra: infra structure with config parameters.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: name of zone
- * @param namelen: length of name.
- * @param tm: time now.
- * @return: the new entry or NULL on malloc failure.
- */
-static struct lruhash_entry*
-new_entry(struct infra_cache* infra, struct sockaddr_storage* addr,
- socklen_t addrlen, uint8_t* name, size_t namelen, time_t tm)
-{
- struct infra_data* data;
- struct infra_key* key = (struct infra_key*)malloc(sizeof(*key));
- if(!key)
- return NULL;
- data = (struct infra_data*)malloc(sizeof(struct infra_data));
- if(!data) {
- free(key);
- return NULL;
- }
- key->zonename = memdup(name, namelen);
- if(!key->zonename) {
- free(key);
- free(data);
- return NULL;
- }
- key->namelen = namelen;
- lock_rw_init(&key->entry.lock);
- key->entry.hash = hash_infra(addr, addrlen, name);
- key->entry.key = (void*)key;
- key->entry.data = (void*)data;
- key->addrlen = addrlen;
- memcpy(&key->addr, addr, addrlen);
- data_entry_init(infra, &key->entry, tm);
- return &key->entry;
-}
-
-int
-infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
- socklen_t addrlen, uint8_t* nm, size_t nmlen, time_t timenow,
- int* edns_vs, uint8_t* edns_lame_known, int* to)
-{
- struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
- nm, nmlen, 0);
- struct infra_data* data;
- int wr = 0;
- if(e && ((struct infra_data*)e->data)->ttl < timenow) {
- /* it expired, try to reuse existing entry */
- int old = ((struct infra_data*)e->data)->rtt.rto;
- uint8_t tA = ((struct infra_data*)e->data)->timeout_A;
- uint8_t tAAAA = ((struct infra_data*)e->data)->timeout_AAAA;
- uint8_t tother = ((struct infra_data*)e->data)->timeout_other;
- lock_rw_unlock(&e->lock);
- e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 1);
- if(e) {
- /* if its still there we have a writelock, init */
- /* re-initialise */
- /* do not touch lameness, it may be valid still */
- data_entry_init(infra, e, timenow);
- wr = 1;
- /* TOP_TIMEOUT remains on reuse */
- if(old >= USEFUL_SERVER_TOP_TIMEOUT) {
- ((struct infra_data*)e->data)->rtt.rto
- = USEFUL_SERVER_TOP_TIMEOUT;
- ((struct infra_data*)e->data)->timeout_A = tA;
- ((struct infra_data*)e->data)->timeout_AAAA = tAAAA;
- ((struct infra_data*)e->data)->timeout_other = tother;
- }
- }
- }
- if(!e) {
- /* insert new entry */
- if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow)))
- return 0;
- data = (struct infra_data*)e->data;
- *edns_vs = data->edns_version;
- *edns_lame_known = data->edns_lame_known;
- *to = rtt_timeout(&data->rtt);
- slabhash_insert(infra->hosts, e->hash, e, data, NULL);
- return 1;
- }
- /* use existing entry */
- data = (struct infra_data*)e->data;
- *edns_vs = data->edns_version;
- *edns_lame_known = data->edns_lame_known;
- *to = rtt_timeout(&data->rtt);
- if(*to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)*4 <= *to) {
- /* delay other queries, this is the probe query */
- if(!wr) {
- lock_rw_unlock(&e->lock);
- e = infra_lookup_nottl(infra, addr,addrlen,nm,nmlen, 1);
- if(!e) { /* flushed from cache real fast, no use to
- allocate just for the probedelay */
- return 1;
- }
- data = (struct infra_data*)e->data;
- }
- /* add 999 to round up the timeout value from msec to sec,
- * then add a whole second so it is certain that this probe
- * has timed out before the next is allowed */
- data->probedelay = timenow + ((*to)+1999)/1000;
- }
- lock_rw_unlock(&e->lock);
- return 1;
-}
-
-int
-infra_set_lame(struct infra_cache* infra, struct sockaddr_storage* addr,
- socklen_t addrlen, uint8_t* nm, size_t nmlen, time_t timenow,
- int dnsseclame, int reclame, uint16_t qtype)
-{
- struct infra_data* data;
- struct lruhash_entry* e;
- int needtoinsert = 0;
- e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 1);
- if(!e) {
- /* insert it */
- if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow))) {
- log_err("set_lame: malloc failure");
- return 0;
- }
- needtoinsert = 1;
- } else if( ((struct infra_data*)e->data)->ttl < timenow) {
- /* expired, reuse existing entry */
- data_entry_init(infra, e, timenow);
- }
- /* got an entry, now set the zone lame */
- data = (struct infra_data*)e->data;
- /* merge data (if any) */
- if(dnsseclame)
- data->isdnsseclame = 1;
- if(reclame)
- data->rec_lame = 1;
- if(!dnsseclame && !reclame && qtype == LDNS_RR_TYPE_A)
- data->lame_type_A = 1;
- if(!dnsseclame && !reclame && qtype != LDNS_RR_TYPE_A)
- data->lame_other = 1;
- /* done */
- if(needtoinsert)
- slabhash_insert(infra->hosts, e->hash, e, e->data, NULL);
- else { lock_rw_unlock(&e->lock); }
- return 1;
-}
-
-void
-infra_update_tcp_works(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* nm,
- size_t nmlen)
-{
- struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
- nm, nmlen, 1);
- struct infra_data* data;
- if(!e)
- return; /* doesn't exist */
- data = (struct infra_data*)e->data;
- if(data->rtt.rto >= RTT_MAX_TIMEOUT)
- /* do not disqualify this server altogether, it is better
- * than nothing */
- data->rtt.rto = RTT_MAX_TIMEOUT-1000;
- lock_rw_unlock(&e->lock);
-}
-
-int
-infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr,
- socklen_t addrlen, uint8_t* nm, size_t nmlen, int qtype,
- int roundtrip, int orig_rtt, time_t timenow)
-{
- struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
- nm, nmlen, 1);
- struct infra_data* data;
- int needtoinsert = 0;
- int rto = 1;
- if(!e) {
- if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow)))
- return 0;
- needtoinsert = 1;
- } else if(((struct infra_data*)e->data)->ttl < timenow) {
- data_entry_init(infra, e, timenow);
- }
- /* have an entry, update the rtt */
- data = (struct infra_data*)e->data;
- if(roundtrip == -1) {
- rtt_lost(&data->rtt, orig_rtt);
- if(qtype == LDNS_RR_TYPE_A) {
- if(data->timeout_A < TIMEOUT_COUNT_MAX)
- data->timeout_A++;
- } else if(qtype == LDNS_RR_TYPE_AAAA) {
- if(data->timeout_AAAA < TIMEOUT_COUNT_MAX)
- data->timeout_AAAA++;
- } else {
- if(data->timeout_other < TIMEOUT_COUNT_MAX)
- data->timeout_other++;
- }
- } else {
- /* if we got a reply, but the old timeout was above server
- * selection height, delete the timeout so the server is
- * fully available again */
- if(rtt_unclamped(&data->rtt) >= USEFUL_SERVER_TOP_TIMEOUT)
- rtt_init(&data->rtt);
- rtt_update(&data->rtt, roundtrip);
- data->probedelay = 0;
- if(qtype == LDNS_RR_TYPE_A)
- data->timeout_A = 0;
- else if(qtype == LDNS_RR_TYPE_AAAA)
- data->timeout_AAAA = 0;
- else data->timeout_other = 0;
- }
- if(data->rtt.rto > 0)
- rto = data->rtt.rto;
-
- if(needtoinsert)
- slabhash_insert(infra->hosts, e->hash, e, e->data, NULL);
- else { lock_rw_unlock(&e->lock); }
- return rto;
-}
-
-long long infra_get_host_rto(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* nm,
- size_t nmlen, struct rtt_info* rtt, int* delay, time_t timenow,
- int* tA, int* tAAAA, int* tother)
-{
- struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
- nm, nmlen, 0);
- struct infra_data* data;
- long long ttl = -2;
- if(!e) return -1;
- data = (struct infra_data*)e->data;
- if(data->ttl >= timenow) {
- ttl = (long long)(data->ttl - timenow);
- memmove(rtt, &data->rtt, sizeof(*rtt));
- if(timenow < data->probedelay)
- *delay = (int)(data->probedelay - timenow);
- else *delay = 0;
- }
- *tA = (int)data->timeout_A;
- *tAAAA = (int)data->timeout_AAAA;
- *tother = (int)data->timeout_other;
- lock_rw_unlock(&e->lock);
- return ttl;
-}
-
-int
-infra_edns_update(struct infra_cache* infra, struct sockaddr_storage* addr,
- socklen_t addrlen, uint8_t* nm, size_t nmlen, int edns_version,
- time_t timenow)
-{
- struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
- nm, nmlen, 1);
- struct infra_data* data;
- int needtoinsert = 0;
- if(!e) {
- if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow)))
- return 0;
- needtoinsert = 1;
- } else if(((struct infra_data*)e->data)->ttl < timenow) {
- data_entry_init(infra, e, timenow);
- }
- /* have an entry, update the rtt, and the ttl */
- data = (struct infra_data*)e->data;
- /* do not update if noEDNS and stored is yesEDNS */
- if(!(edns_version == -1 && (data->edns_version != -1 &&
- data->edns_lame_known))) {
- data->edns_version = edns_version;
- data->edns_lame_known = 1;
- }
-
- if(needtoinsert)
- slabhash_insert(infra->hosts, e->hash, e, e->data, NULL);
- else { lock_rw_unlock(&e->lock); }
- return 1;
-}
-
-int
-infra_get_lame_rtt(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen,
- uint8_t* name, size_t namelen, uint16_t qtype,
- int* lame, int* dnsseclame, int* reclame, int* rtt, time_t timenow)
-{
- struct infra_data* host;
- struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
- name, namelen, 0);
- if(!e)
- return 0;
- host = (struct infra_data*)e->data;
- *rtt = rtt_unclamped(&host->rtt);
- if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
- && rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) {
- /* single probe for this domain, and we are not probing */
- /* unless the query type allows a probe to happen */
- if(qtype == LDNS_RR_TYPE_A) {
- if(host->timeout_A >= TIMEOUT_COUNT_MAX)
- *rtt = USEFUL_SERVER_TOP_TIMEOUT;
- else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
- } else if(qtype == LDNS_RR_TYPE_AAAA) {
- if(host->timeout_AAAA >= TIMEOUT_COUNT_MAX)
- *rtt = USEFUL_SERVER_TOP_TIMEOUT;
- else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
- } else {
- if(host->timeout_other >= TIMEOUT_COUNT_MAX)
- *rtt = USEFUL_SERVER_TOP_TIMEOUT;
- else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
- }
- }
- if(timenow > host->ttl) {
- /* expired entry */
- /* see if this can be a re-probe of an unresponsive server */
- /* minus 1000 because that is outside of the RTTBAND, so
- * blacklisted servers stay blacklisted if this is chosen */
- if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
- lock_rw_unlock(&e->lock);
- *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
- *lame = 0;
- *dnsseclame = 0;
- *reclame = 0;
- return 1;
- }
- lock_rw_unlock(&e->lock);
- return 0;
- }
- /* check lameness first */
- if(host->lame_type_A && qtype == LDNS_RR_TYPE_A) {
- lock_rw_unlock(&e->lock);
- *lame = 1;
- *dnsseclame = 0;
- *reclame = 0;
- return 1;
- } else if(host->lame_other && qtype != LDNS_RR_TYPE_A) {
- lock_rw_unlock(&e->lock);
- *lame = 1;
- *dnsseclame = 0;
- *reclame = 0;
- return 1;
- } else if(host->isdnsseclame) {
- lock_rw_unlock(&e->lock);
- *lame = 0;
- *dnsseclame = 1;
- *reclame = 0;
- return 1;
- } else if(host->rec_lame) {
- lock_rw_unlock(&e->lock);
- *lame = 0;
- *dnsseclame = 0;
- *reclame = 1;
- return 1;
- }
- /* no lameness for this type of query */
- lock_rw_unlock(&e->lock);
- *lame = 0;
- *dnsseclame = 0;
- *reclame = 0;
- return 1;
-}
-
-int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
- size_t namelen)
-{
- int labs = dname_count_labels(name);
- struct domain_limit_data* d = (struct domain_limit_data*)
- name_tree_lookup(&infra->domain_limits, name, namelen, labs,
- LDNS_RR_CLASS_IN);
- if(!d) return infra_dp_ratelimit;
-
- if(d->node.labs == labs && d->lim != -1)
- return d->lim; /* exact match */
-
- /* find 'below match' */
- if(d->node.labs == labs)
- d = (struct domain_limit_data*)d->node.parent;
- while(d) {
- if(d->below != -1)
- return d->below;
- d = (struct domain_limit_data*)d->node.parent;
- }
- return infra_dp_ratelimit;
-}
-
-size_t ip_rate_sizefunc(void* k, void* ATTR_UNUSED(d))
-{
- struct ip_rate_key* key = (struct ip_rate_key*)k;
- return sizeof(*key) + sizeof(struct ip_rate_data)
- + lock_get_mem(&key->entry.lock);
-}
-
-int ip_rate_compfunc(void* key1, void* key2)
-{
- struct ip_rate_key* k1 = (struct ip_rate_key*)key1;
- struct ip_rate_key* k2 = (struct ip_rate_key*)key2;
- return sockaddr_cmp_addr(&k1->addr, k1->addrlen,
- &k2->addr, k2->addrlen);
-}
-
-void ip_rate_delkeyfunc(void* k, void* ATTR_UNUSED(arg))
-{
- struct ip_rate_key* key = (struct ip_rate_key*)k;
- if(!key)
- return;
- lock_rw_destroy(&key->entry.lock);
- free(key);
-}
-
-/** find data item in array, for write access, caller unlocks */
-static struct lruhash_entry* infra_find_ratedata(struct infra_cache* infra,
- uint8_t* name, size_t namelen, int wr)
-{
- struct rate_key key;
- hashvalue_type h = dname_query_hash(name, 0xab);
- memset(&key, 0, sizeof(key));
- key.name = name;
- key.namelen = namelen;
- key.entry.hash = h;
- return slabhash_lookup(infra->domain_rates, h, &key, wr);
-}
-
-/** find data item in array for ip addresses */
-struct lruhash_entry* infra_find_ip_ratedata(struct infra_cache* infra,
- struct comm_reply* repinfo, int wr)
-{
- struct ip_rate_key key;
- hashvalue_type h = hash_addr(&(repinfo->addr),
- repinfo->addrlen, 0);
- memset(&key, 0, sizeof(key));
- key.addr = repinfo->addr;
- key.addrlen = repinfo->addrlen;
- key.entry.hash = h;
- return slabhash_lookup(infra->client_ip_rates, h, &key, wr);
-}
-
-/** create rate data item for name, number 1 in now */
-static void infra_create_ratedata(struct infra_cache* infra,
- uint8_t* name, size_t namelen, time_t timenow)
-{
- hashvalue_type h = dname_query_hash(name, 0xab);
- struct rate_key* k = (struct rate_key*)calloc(1, sizeof(*k));
- struct rate_data* d = (struct rate_data*)calloc(1, sizeof(*d));
- if(!k || !d) {
- free(k);
- free(d);
- return; /* alloc failure */
- }
- k->namelen = namelen;
- k->name = memdup(name, namelen);
- if(!k->name) {
- free(k);
- free(d);
- return; /* alloc failure */
- }
- lock_rw_init(&k->entry.lock);
- k->entry.hash = h;
- k->entry.key = k;
- k->entry.data = d;
- d->qps[0] = 1;
- d->timestamp[0] = timenow;
- slabhash_insert(infra->domain_rates, h, &k->entry, d, NULL);
-}
-
-/** create rate data item for ip address */
-static void infra_ip_create_ratedata(struct infra_cache* infra,
- struct comm_reply* repinfo, time_t timenow)
-{
- hashvalue_type h = hash_addr(&(repinfo->addr),
- repinfo->addrlen, 0);
- struct ip_rate_key* k = (struct ip_rate_key*)calloc(1, sizeof(*k));
- struct ip_rate_data* d = (struct ip_rate_data*)calloc(1, sizeof(*d));
- if(!k || !d) {
- free(k);
- free(d);
- return; /* alloc failure */
- }
- k->addr = repinfo->addr;
- k->addrlen = repinfo->addrlen;
- lock_rw_init(&k->entry.lock);
- k->entry.hash = h;
- k->entry.key = k;
- k->entry.data = d;
- d->qps[0] = 1;
- d->timestamp[0] = timenow;
- slabhash_insert(infra->client_ip_rates, h, &k->entry, d, NULL);
-}
-
-/** find the second and return its rate counter, if none, remove oldest */
-static int* infra_rate_find_second(void* data, time_t t)
-{
- struct rate_data* d = (struct rate_data*)data;
- int i, oldest;
- for(i=0; i<RATE_WINDOW; i++) {
- if(d->timestamp[i] == t)
- return &(d->qps[i]);
- }
- /* remove oldest timestamp, and insert it at t with 0 qps */
- oldest = 0;
- for(i=0; i<RATE_WINDOW; i++) {
- if(d->timestamp[i] < d->timestamp[oldest])
- oldest = i;
- }
- d->timestamp[oldest] = t;
- d->qps[oldest] = 0;
- return &(d->qps[oldest]);
-}
-
-int infra_rate_max(void* data, time_t now)
-{
- struct rate_data* d = (struct rate_data*)data;
- int i, max = 0;
- for(i=0; i<RATE_WINDOW; i++) {
- if(now-d->timestamp[i] <= RATE_WINDOW) {
- if(d->qps[i] > max)
- max = d->qps[i];
- }
- }
- return max;
-}
-
-int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
- size_t namelen, time_t timenow)
-{
- int lim, max;
- struct lruhash_entry* entry;
-
- if(!infra_dp_ratelimit)
- return 1; /* not enabled */
-
- /* find ratelimit */
- lim = infra_find_ratelimit(infra, name, namelen);
-
- /* find or insert ratedata */
- entry = infra_find_ratedata(infra, name, namelen, 1);
- if(entry) {
- int premax = infra_rate_max(entry->data, timenow);
- int* cur = infra_rate_find_second(entry->data, timenow);
- (*cur)++;
- max = infra_rate_max(entry->data, timenow);
- lock_rw_unlock(&entry->lock);
-
- if(premax < lim && max >= lim) {
- char buf[257];
- dname_str(name, buf);
- verbose(VERB_OPS, "ratelimit exceeded %s %d", buf, lim);
- }
- return (max < lim);
- }
-
- /* create */
- infra_create_ratedata(infra, name, namelen, timenow);
- return (1 < lim);
-}
-
-void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name,
- size_t namelen, time_t timenow)
-{
- struct lruhash_entry* entry;
- int* cur;
- if(!infra_dp_ratelimit)
- return; /* not enabled */
- entry = infra_find_ratedata(infra, name, namelen, 1);
- if(!entry) return; /* not cached */
- cur = infra_rate_find_second(entry->data, timenow);
- if((*cur) > 0)
- (*cur)--;
- lock_rw_unlock(&entry->lock);
-}
-
-int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
- size_t namelen, time_t timenow)
-{
- struct lruhash_entry* entry;
- int lim, max;
- if(!infra_dp_ratelimit)
- return 0; /* not enabled */
-
- /* find ratelimit */
- lim = infra_find_ratelimit(infra, name, namelen);
-
- /* find current rate */
- entry = infra_find_ratedata(infra, name, namelen, 0);
- if(!entry)
- return 0; /* not cached */
- max = infra_rate_max(entry->data, timenow);
- lock_rw_unlock(&entry->lock);
-
- return (max >= lim);
-}
-
-size_t
-infra_get_mem(struct infra_cache* infra)
-{
- size_t s = sizeof(*infra) + slabhash_get_mem(infra->hosts);
- if(infra->domain_rates) s += slabhash_get_mem(infra->domain_rates);
- if(infra->client_ip_rates) s += slabhash_get_mem(infra->client_ip_rates);
- /* ignore domain_limits because walk through tree is big */
- return s;
-}
-
-int infra_ip_ratelimit_inc(struct infra_cache* infra,
- struct comm_reply* repinfo, time_t timenow)
-{
- int max;
- struct lruhash_entry* entry;
-
- /* not enabled */
- if(!infra_ip_ratelimit) {
- return 1;
- }
- /* find or insert ratedata */
- entry = infra_find_ip_ratedata(infra, repinfo, 1);
- if(entry) {
- int premax = infra_rate_max(entry->data, timenow);
- int* cur = infra_rate_find_second(entry->data, timenow);
- (*cur)++;
- max = infra_rate_max(entry->data, timenow);
- lock_rw_unlock(&entry->lock);
-
- if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) {
- char client_ip[128];
- addr_to_str((struct sockaddr_storage *)&repinfo->addr,
- repinfo->addrlen, client_ip, sizeof(client_ip));
- verbose(VERB_OPS, "ratelimit exceeded %s %d", client_ip,
- infra_ip_ratelimit);
- }
- return (max <= infra_ip_ratelimit);
- }
-
- /* create */
- infra_ip_create_ratedata(infra, repinfo, timenow);
- return 1;
-}
diff --git a/external/unbound/services/cache/infra.h b/external/unbound/services/cache/infra.h
deleted file mode 100644
index 6f9471a39..000000000
--- a/external/unbound/services/cache/infra.h
+++ /dev/null
@@ -1,462 +0,0 @@
-/*
- * services/cache/infra.h - infrastructure cache, server rtt and capabilities
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains the infrastructure cache, as well as rate limiting.
- * Note that there are two sorts of rate-limiting here:
- * - Pre-cache, per-query rate limiting (query ratelimits)
- * - Post-cache, per-domain name rate limiting (infra-ratelimits)
- */
-
-#ifndef SERVICES_CACHE_INFRA_H
-#define SERVICES_CACHE_INFRA_H
-#include "util/storage/lruhash.h"
-#include "util/storage/dnstree.h"
-#include "util/rtt.h"
-#include "util/netevent.h"
-#include "util/data/msgreply.h"
-struct slabhash;
-struct config_file;
-
-/**
- * Host information kept for every server, per zone.
- */
-struct infra_key {
- /** the host address. */
- struct sockaddr_storage addr;
- /** length of addr. */
- socklen_t addrlen;
- /** zone name in wireformat */
- uint8_t* zonename;
- /** length of zonename */
- size_t namelen;
- /** hash table entry, data of type infra_data. */
- struct lruhash_entry entry;
-};
-
-/**
- * Host information encompasses host capabilities and retransmission timeouts.
- * And lameness information (notAuthoritative, noEDNS, Recursive)
- */
-struct infra_data {
- /** TTL value for this entry. absolute time. */
- time_t ttl;
-
- /** time in seconds (absolute) when probing re-commences, 0 disabled */
- time_t probedelay;
- /** round trip times for timeout calculation */
- struct rtt_info rtt;
-
- /** edns version that the host supports, -1 means no EDNS */
- int edns_version;
- /** if the EDNS lameness is already known or not.
- * EDNS lame is when EDNS queries or replies are dropped,
- * and cause a timeout */
- uint8_t edns_lame_known;
-
- /** is the host lame (does not serve the zone authoritatively),
- * or is the host dnssec lame (does not serve DNSSEC data) */
- uint8_t isdnsseclame;
- /** is the host recursion lame (not AA, but RA) */
- uint8_t rec_lame;
- /** the host is lame (not authoritative) for A records */
- uint8_t lame_type_A;
- /** the host is lame (not authoritative) for other query types */
- uint8_t lame_other;
-
- /** timeouts counter for type A */
- uint8_t timeout_A;
- /** timeouts counter for type AAAA */
- uint8_t timeout_AAAA;
- /** timeouts counter for others */
- uint8_t timeout_other;
-};
-
-/**
- * Infra cache
- */
-struct infra_cache {
- /** The hash table with hosts */
- struct slabhash* hosts;
- /** TTL value for host information, in seconds */
- int host_ttl;
- /** hash table with query rates per name: rate_key, rate_data */
- struct slabhash* domain_rates;
- /** ratelimit settings for domains, struct domain_limit_data */
- rbtree_type domain_limits;
- /** hash table with query rates per client ip: ip_rate_key, ip_rate_data */
- struct slabhash* client_ip_rates;
-};
-
-/** ratelimit, unless overridden by domain_limits, 0 is off */
-extern int infra_dp_ratelimit;
-
-/**
- * ratelimit settings for domains
- */
-struct domain_limit_data {
- /** key for rbtree, must be first in struct, name of domain */
- struct name_tree_node node;
- /** ratelimit for exact match with this name, -1 if not set */
- int lim;
- /** ratelimit for names below this name, -1 if not set */
- int below;
-};
-
-/**
- * key for ratelimit lookups, a domain name
- */
-struct rate_key {
- /** lruhash key entry */
- struct lruhash_entry entry;
- /** domain name in uncompressed wireformat */
- uint8_t* name;
- /** length of name */
- size_t namelen;
-};
-
-/** ip ratelimit, 0 is off */
-extern int infra_ip_ratelimit;
-
-/**
- * key for ip_ratelimit lookups, a source IP.
- */
-struct ip_rate_key {
- /** lruhash key entry */
- struct lruhash_entry entry;
- /** client ip information */
- struct sockaddr_storage addr;
- /** length of address */
- socklen_t addrlen;
-};
-
-/** number of seconds to track qps rate */
-#define RATE_WINDOW 2
-
-/**
- * Data for ratelimits per domain name
- * It is incremented when a non-cache-lookup happens for that domain name.
- * The name is the delegation point we have for the name.
- * If a new delegation point is found (a referral reply), the previous
- * delegation point is decremented, and the new one is charged with the query.
- */
-struct rate_data {
- /** queries counted, for that second. 0 if not in use. */
- int qps[RATE_WINDOW];
- /** what the timestamp is of the qps array members, counter is
- * valid for that timestamp. Usually now and now-1. */
- time_t timestamp[RATE_WINDOW];
-};
-
-#define ip_rate_data rate_data
-
-/** infra host cache default hash lookup size */
-#define INFRA_HOST_STARTSIZE 32
-/** bytes per zonename reserved in the hostcache, dnamelen(zonename.com.) */
-#define INFRA_BYTES_NAME 14
-
-/**
- * Create infra cache.
- * @param cfg: config parameters or NULL for defaults.
- * @return: new infra cache, or NULL.
- */
-struct infra_cache* infra_create(struct config_file* cfg);
-
-/**
- * Delete infra cache.
- * @param infra: infrastructure cache to delete.
- */
-void infra_delete(struct infra_cache* infra);
-
-/**
- * Adjust infra cache to use updated configuration settings.
- * This may clean the cache. Operates a bit like realloc.
- * There may be no threading or use by other threads.
- * @param infra: existing cache. If NULL a new infra cache is returned.
- * @param cfg: config options.
- * @return the new infra cache pointer or NULL on error.
- */
-struct infra_cache* infra_adjust(struct infra_cache* infra,
- struct config_file* cfg);
-
-/**
- * Plain find infra data function (used by the the other functions)
- * @param infra: infrastructure cache.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: domain name of zone.
- * @param namelen: length of domain name.
- * @param wr: if true, writelock, else readlock.
- * @return the entry, could be expired (this is not checked) or NULL.
- */
-struct lruhash_entry* infra_lookup_nottl(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name,
- size_t namelen, int wr);
-
-/**
- * Find host information to send a packet. Creates new entry if not found.
- * Lameness is empty. EDNS is 0 (try with first), and rtt is returned for
- * the first message to it.
- * Use this to send a packet only, because it also locks out others when
- * probing is restricted.
- * @param infra: infrastructure cache.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: domain name of zone.
- * @param namelen: length of domain name.
- * @param timenow: what time it is now.
- * @param edns_vs: edns version it supports, is returned.
- * @param edns_lame_known: if EDNS lame (EDNS is dropped in transit) has
- * already been probed, is returned.
- * @param to: timeout to use, is returned.
- * @return: 0 on error.
- */
-int infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
- socklen_t addrlen, uint8_t* name, size_t namelen,
- time_t timenow, int* edns_vs, uint8_t* edns_lame_known, int* to);
-
-/**
- * Set a host to be lame for the given zone.
- * @param infra: infrastructure cache.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: domain name of zone apex.
- * @param namelen: length of domain name.
- * @param timenow: what time it is now.
- * @param dnsseclame: if true the host is set dnssec lame.
- * if false, the host is marked lame (not serving the zone).
- * @param reclame: if true host is a recursor not AA server.
- * if false, dnsseclame or marked lame.
- * @param qtype: the query type for which it is lame.
- * @return: 0 on error.
- */
-int infra_set_lame(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen,
- uint8_t* name, size_t namelen, time_t timenow, int dnsseclame,
- int reclame, uint16_t qtype);
-
-/**
- * Update rtt information for the host.
- * @param infra: infrastructure cache.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: zone name
- * @param namelen: zone name length
- * @param qtype: query type.
- * @param roundtrip: estimate of roundtrip time in milliseconds or -1 for
- * timeout.
- * @param orig_rtt: original rtt for the query that timed out (roundtrip==-1).
- * ignored if roundtrip != -1.
- * @param timenow: what time it is now.
- * @return: 0 on error. new rto otherwise.
- */
-int infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr,
- socklen_t addrlen, uint8_t* name, size_t namelen, int qtype,
- int roundtrip, int orig_rtt, time_t timenow);
-
-/**
- * Update information for the host, store that a TCP transaction works.
- * @param infra: infrastructure cache.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: name of zone
- * @param namelen: length of name
- */
-void infra_update_tcp_works(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen,
- uint8_t* name, size_t namelen);
-
-/**
- * Update edns information for the host.
- * @param infra: infrastructure cache.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: name of zone
- * @param namelen: length of name
- * @param edns_version: the version that it publishes.
- * If it is known to support EDNS then no-EDNS is not stored over it.
- * @param timenow: what time it is now.
- * @return: 0 on error.
- */
-int infra_edns_update(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen,
- uint8_t* name, size_t namelen, int edns_version, time_t timenow);
-
-/**
- * Get Lameness information and average RTT if host is in the cache.
- * This information is to be used for server selection.
- * @param infra: infrastructure cache.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: zone name.
- * @param namelen: zone name length.
- * @param qtype: the query to be made.
- * @param lame: if function returns true, this returns lameness of the zone.
- * @param dnsseclame: if function returns true, this returns if the zone
- * is dnssec-lame.
- * @param reclame: if function returns true, this is if it is recursion lame.
- * @param rtt: if function returns true, this returns avg rtt of the server.
- * The rtt value is unclamped and reflects recent timeouts.
- * @param timenow: what time it is now.
- * @return if found in cache, or false if not (or TTL bad).
- */
-int infra_get_lame_rtt(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen,
- uint8_t* name, size_t namelen, uint16_t qtype,
- int* lame, int* dnsseclame, int* reclame, int* rtt, time_t timenow);
-
-/**
- * Get additional (debug) info on timing.
- * @param infra: infra cache.
- * @param addr: host address.
- * @param addrlen: length of addr.
- * @param name: zone name
- * @param namelen: zone name length
- * @param rtt: the rtt_info is copied into here (caller alloced return struct).
- * @param delay: probe delay (if any).
- * @param timenow: what time it is now.
- * @param tA: timeout counter on type A.
- * @param tAAAA: timeout counter on type AAAA.
- * @param tother: timeout counter on type other.
- * @return TTL the infra host element is valid for. If -1: not found in cache.
- * TTL -2: found but expired.
- */
-long long infra_get_host_rto(struct infra_cache* infra,
- struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name,
- size_t namelen, struct rtt_info* rtt, int* delay, time_t timenow,
- int* tA, int* tAAAA, int* tother);
-
-/**
- * Increment the query rate counter for a delegation point.
- * @param infra: infra cache.
- * @param name: zone name
- * @param namelen: zone name length
- * @param timenow: what time it is now.
- * @return 1 if it could be incremented. 0 if the increment overshot the
- * ratelimit or if in the previous second the ratelimit was exceeded.
- * Failures like alloc failures are not returned (probably as 1).
- */
-int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
- size_t namelen, time_t timenow);
-
-/**
- * Decrement the query rate counter for a delegation point.
- * Because the reply received for the delegation point was pleasant,
- * we do not charge this delegation point with it (i.e. it was a referral).
- * Should call it with same second as when inc() was called.
- * @param infra: infra cache.
- * @param name: zone name
- * @param namelen: zone name length
- * @param timenow: what time it is now.
- */
-void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name,
- size_t namelen, time_t timenow);
-
-/**
- * See if the query rate counter for a delegation point is exceeded.
- * So, no queries are going to be allowed.
- * @param infra: infra cache.
- * @param name: zone name
- * @param namelen: zone name length
- * @param timenow: what time it is now.
- * @return true if exceeded.
- */
-int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
- size_t namelen, time_t timenow);
-
-/** find the maximum rate stored, not too old. 0 if no information. */
-int infra_rate_max(void* data, time_t now);
-
-/** find the ratelimit in qps for a domain */
-int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
- size_t namelen);
-
-/** Update query ratelimit hash and decide
- * whether or not a query should be dropped.
- * @param infra: infra cache
- * @param repinfo: information about client
- * @param timenow: what time it is now.
- * @return 1 if it could be incremented. 0 if the increment overshot the
- * ratelimit and the query should be dropped. */
-int infra_ip_ratelimit_inc(struct infra_cache* infra,
- struct comm_reply* repinfo, time_t timenow);
-
-/**
- * Get memory used by the infra cache.
- * @param infra: infrastructure cache.
- * @return memory in use in bytes.
- */
-size_t infra_get_mem(struct infra_cache* infra);
-
-/** calculate size for the hashtable, does not count size of lameness,
- * so the hashtable is a fixed number of items */
-size_t infra_sizefunc(void* k, void* d);
-
-/** compare two addresses, returns -1, 0, or +1 */
-int infra_compfunc(void* key1, void* key2);
-
-/** delete key, and destroy the lock */
-void infra_delkeyfunc(void* k, void* arg);
-
-/** delete data and destroy the lameness hashtable */
-void infra_deldatafunc(void* d, void* arg);
-
-/** calculate size for the hashtable */
-size_t rate_sizefunc(void* k, void* d);
-
-/** compare two names, returns -1, 0, or +1 */
-int rate_compfunc(void* key1, void* key2);
-
-/** delete key, and destroy the lock */
-void rate_delkeyfunc(void* k, void* arg);
-
-/** delete data */
-void rate_deldatafunc(void* d, void* arg);
-
-/* calculate size for the client ip hashtable */
-size_t ip_rate_sizefunc(void* k, void* d);
-
-/* compare two addresses */
-int ip_rate_compfunc(void* key1, void* key2);
-
-/* delete key, and destroy the lock */
-void ip_rate_delkeyfunc(void* d, void* arg);
-
-/* delete data */
-#define ip_rate_deldatafunc rate_deldatafunc
-
-#endif /* SERVICES_CACHE_INFRA_H */
diff --git a/external/unbound/services/cache/rrset.c b/external/unbound/services/cache/rrset.c
deleted file mode 100644
index 7e5732b76..000000000
--- a/external/unbound/services/cache/rrset.c
+++ /dev/null
@@ -1,419 +0,0 @@
-/*
- * services/cache/rrset.c - Resource record set cache.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains the rrset cache.
- */
-#include "config.h"
-#include "services/cache/rrset.h"
-#include "sldns/rrdef.h"
-#include "util/storage/slabhash.h"
-#include "util/config_file.h"
-#include "util/data/packed_rrset.h"
-#include "util/data/msgreply.h"
-#include "util/regional.h"
-#include "util/alloc.h"
-
-void
-rrset_markdel(void* key)
-{
- struct ub_packed_rrset_key* r = (struct ub_packed_rrset_key*)key;
- r->id = 0;
-}
-
-struct rrset_cache* rrset_cache_create(struct config_file* cfg,
- struct alloc_cache* alloc)
-{
- size_t slabs = (cfg?cfg->rrset_cache_slabs:HASH_DEFAULT_SLABS);
- size_t startarray = HASH_DEFAULT_STARTARRAY;
- size_t maxmem = (cfg?cfg->rrset_cache_size:HASH_DEFAULT_MAXMEM);
-
- struct rrset_cache *r = (struct rrset_cache*)slabhash_create(slabs,
- startarray, maxmem, ub_rrset_sizefunc, ub_rrset_compare,
- ub_rrset_key_delete, rrset_data_delete, alloc);
- slabhash_setmarkdel(&r->table, &rrset_markdel);
- return r;
-}
-
-void rrset_cache_delete(struct rrset_cache* r)
-{
- if(!r)
- return;
- slabhash_delete(&r->table);
- /* slabhash delete also does free(r), since table is first in struct*/
-}
-
-struct rrset_cache* rrset_cache_adjust(struct rrset_cache *r,
- struct config_file* cfg, struct alloc_cache* alloc)
-{
- if(!r || !cfg || cfg->rrset_cache_slabs != r->table.size ||
- cfg->rrset_cache_size != slabhash_get_size(&r->table))
- {
- rrset_cache_delete(r);
- r = rrset_cache_create(cfg, alloc);
- }
- return r;
-}
-
-void
-rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key,
- hashvalue_type hash, rrset_id_type id)
-{
- struct lruhash* table = slabhash_gettable(&r->table, hash);
- /*
- * This leads to locking problems, deadlocks, if the caller is
- * holding any other rrset lock.
- * Because a lookup through the hashtable does:
- * tablelock -> entrylock (for that entry caller holds)
- * And this would do
- * entrylock(already held) -> tablelock
- * And if two threads do this, it results in deadlock.
- * So, the caller must not hold entrylock.
- */
- lock_quick_lock(&table->lock);
- /* we have locked the hash table, the item can still be deleted.
- * because it could already have been reclaimed, but not yet set id=0.
- * This is because some lruhash routines have lazy deletion.
- * so, we must acquire a lock on the item to verify the id != 0.
- * also, with hash not changed, we are using the right slab.
- */
- lock_rw_rdlock(&key->entry.lock);
- if(key->id == id && key->entry.hash == hash) {
- lru_touch(table, &key->entry);
- }
- lock_rw_unlock(&key->entry.lock);
- lock_quick_unlock(&table->lock);
-}
-
-/** see if rrset needs to be updated in the cache */
-static int
-need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns)
-{
- struct packed_rrset_data* newd = (struct packed_rrset_data*)nd;
- struct packed_rrset_data* cached = (struct packed_rrset_data*)cd;
- /* o store if rrset has been validated
- * everything better than bogus data
- * secure is preferred */
- if( newd->security == sec_status_secure &&
- cached->security != sec_status_secure)
- return 1;
- if( cached->security == sec_status_bogus &&
- newd->security != sec_status_bogus && !equal)
- return 1;
- /* o if current RRset is more trustworthy - insert it */
- if( newd->trust > cached->trust ) {
- /* if the cached rrset is bogus, and this one equal,
- * do not update the TTL - let it expire. */
- if(equal && cached->ttl >= timenow &&
- cached->security == sec_status_bogus)
- return 0;
- return 1;
- }
- /* o item in cache has expired */
- if( cached->ttl < timenow )
- return 1;
- /* o same trust, but different in data - insert it */
- if( newd->trust == cached->trust && !equal ) {
- /* if this is type NS, do not 'stick' to owner that changes
- * the NS RRset, but use the old TTL for the new data, and
- * update to fetch the latest data. ttl is not expired, because
- * that check was before this one. */
- if(ns) {
- size_t i;
- newd->ttl = cached->ttl;
- for(i=0; i<(newd->count+newd->rrsig_count); i++)
- if(newd->rr_ttl[i] > newd->ttl)
- newd->rr_ttl[i] = newd->ttl;
- }
- return 1;
- }
- return 0;
-}
-
-/** Update RRSet special key ID */
-static void
-rrset_update_id(struct rrset_ref* ref, struct alloc_cache* alloc)
-{
- /* this may clear the cache and invalidate lock below */
- uint64_t newid = alloc_get_id(alloc);
- /* obtain writelock */
- lock_rw_wrlock(&ref->key->entry.lock);
- /* check if it was deleted in the meantime, if so, skip update */
- if(ref->key->id == ref->id) {
- ref->key->id = newid;
- ref->id = newid;
- }
- lock_rw_unlock(&ref->key->entry.lock);
-}
-
-int
-rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref,
- struct alloc_cache* alloc, time_t timenow)
-{
- struct lruhash_entry* e;
- struct ub_packed_rrset_key* k = ref->key;
- hashvalue_type h = k->entry.hash;
- uint16_t rrset_type = ntohs(k->rk.type);
- int equal = 0;
- log_assert(ref->id != 0 && k->id != 0);
- log_assert(k->rk.dname != NULL);
- /* looks up item with a readlock - no editing! */
- if((e=slabhash_lookup(&r->table, h, k, 0)) != 0) {
- /* return id and key as they will be used in the cache
- * since the lruhash_insert, if item already exists, deallocs
- * the passed key in favor of the already stored key.
- * because of the small gap (see below) this key ptr and id
- * may prove later to be already deleted, which is no problem
- * as it only makes a cache miss.
- */
- ref->key = (struct ub_packed_rrset_key*)e->key;
- ref->id = ref->key->id;
- equal = rrsetdata_equal((struct packed_rrset_data*)k->entry.
- data, (struct packed_rrset_data*)e->data);
- if(!need_to_update_rrset(k->entry.data, e->data, timenow,
- equal, (rrset_type==LDNS_RR_TYPE_NS))) {
- /* cache is superior, return that value */
- lock_rw_unlock(&e->lock);
- ub_packed_rrset_parsedelete(k, alloc);
- if(equal) return 2;
- return 1;
- }
- lock_rw_unlock(&e->lock);
- /* Go on and insert the passed item.
- * small gap here, where entry is not locked.
- * possibly entry is updated with something else.
- * we then overwrite that with our data.
- * this is just too bad, its cache anyway. */
- /* use insert to update entry to manage lruhash
- * cache size values nicely. */
- }
- log_assert(ref->key->id != 0);
- slabhash_insert(&r->table, h, &k->entry, k->entry.data, alloc);
- if(e) {
- /* For NSEC, NSEC3, DNAME, when rdata is updated, update
- * the ID number so that proofs in message cache are
- * invalidated */
- if((rrset_type == LDNS_RR_TYPE_NSEC
- || rrset_type == LDNS_RR_TYPE_NSEC3
- || rrset_type == LDNS_RR_TYPE_DNAME) && !equal) {
- rrset_update_id(ref, alloc);
- }
- return 1;
- }
- return 0;
-}
-
-struct ub_packed_rrset_key*
-rrset_cache_lookup(struct rrset_cache* r, uint8_t* qname, size_t qnamelen,
- uint16_t qtype, uint16_t qclass, uint32_t flags, time_t timenow,
- int wr)
-{
- struct lruhash_entry* e;
- struct ub_packed_rrset_key key;
-
- key.entry.key = &key;
- key.entry.data = NULL;
- key.rk.dname = qname;
- key.rk.dname_len = qnamelen;
- key.rk.type = htons(qtype);
- key.rk.rrset_class = htons(qclass);
- key.rk.flags = flags;
-
- key.entry.hash = rrset_key_hash(&key.rk);
-
- if((e = slabhash_lookup(&r->table, key.entry.hash, &key, wr))) {
- /* check TTL */
- struct packed_rrset_data* data =
- (struct packed_rrset_data*)e->data;
- if(timenow > data->ttl) {
- lock_rw_unlock(&e->lock);
- return NULL;
- }
- /* we're done */
- return (struct ub_packed_rrset_key*)e->key;
- }
- return NULL;
-}
-
-int
-rrset_array_lock(struct rrset_ref* ref, size_t count, time_t timenow)
-{
- size_t i;
- for(i=0; i<count; i++) {
- if(i>0 && ref[i].key == ref[i-1].key)
- continue; /* only lock items once */
- lock_rw_rdlock(&ref[i].key->entry.lock);
- if(ref[i].id != ref[i].key->id || timenow >
- ((struct packed_rrset_data*)(ref[i].key->entry.data))
- ->ttl) {
- /* failure! rollback our readlocks */
- rrset_array_unlock(ref, i+1);
- return 0;
- }
- }
- return 1;
-}
-
-void
-rrset_array_unlock(struct rrset_ref* ref, size_t count)
-{
- size_t i;
- for(i=0; i<count; i++) {
- if(i>0 && ref[i].key == ref[i-1].key)
- continue; /* only unlock items once */
- lock_rw_unlock(&ref[i].key->entry.lock);
- }
-}
-
-void
-rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch,
- struct rrset_ref* ref, size_t count)
-{
- hashvalue_type* h;
- size_t i;
- if(count > RR_COUNT_MAX || !(h = (hashvalue_type*)regional_alloc(
- scratch, sizeof(hashvalue_type)*count))) {
- log_warn("rrset LRU: memory allocation failed");
- h = NULL;
- } else /* store hash values */
- for(i=0; i<count; i++)
- h[i] = ref[i].key->entry.hash;
- /* unlock */
- for(i=0; i<count; i++) {
- if(i>0 && ref[i].key == ref[i-1].key)
- continue; /* only unlock items once */
- lock_rw_unlock(&ref[i].key->entry.lock);
- }
- if(h) {
- /* LRU touch, with no rrset locks held */
- for(i=0; i<count; i++) {
- if(i>0 && ref[i].key == ref[i-1].key)
- continue; /* only touch items once */
- rrset_cache_touch(r, ref[i].key, h[i], ref[i].id);
- }
- }
-}
-
-void
-rrset_update_sec_status(struct rrset_cache* r,
- struct ub_packed_rrset_key* rrset, time_t now)
-{
- struct packed_rrset_data* updata =
- (struct packed_rrset_data*)rrset->entry.data;
- struct lruhash_entry* e;
- struct packed_rrset_data* cachedata;
-
- /* hash it again to make sure it has a hash */
- rrset->entry.hash = rrset_key_hash(&rrset->rk);
-
- e = slabhash_lookup(&r->table, rrset->entry.hash, rrset, 1);
- if(!e)
- return; /* not in the cache anymore */
- cachedata = (struct packed_rrset_data*)e->data;
- if(!rrsetdata_equal(updata, cachedata)) {
- lock_rw_unlock(&e->lock);
- return; /* rrset has changed in the meantime */
- }
- /* update the cached rrset */
- if(updata->security > cachedata->security) {
- size_t i;
- if(updata->trust > cachedata->trust)
- cachedata->trust = updata->trust;
- cachedata->security = updata->security;
- /* for NS records only shorter TTLs, other types: update it */
- if(ntohs(rrset->rk.type) != LDNS_RR_TYPE_NS ||
- updata->ttl+now < cachedata->ttl ||
- cachedata->ttl < now ||
- updata->security == sec_status_bogus) {
- cachedata->ttl = updata->ttl + now;
- for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
- cachedata->rr_ttl[i] = updata->rr_ttl[i]+now;
- }
- }
- lock_rw_unlock(&e->lock);
-}
-
-void
-rrset_check_sec_status(struct rrset_cache* r,
- struct ub_packed_rrset_key* rrset, time_t now)
-{
- struct packed_rrset_data* updata =
- (struct packed_rrset_data*)rrset->entry.data;
- struct lruhash_entry* e;
- struct packed_rrset_data* cachedata;
-
- /* hash it again to make sure it has a hash */
- rrset->entry.hash = rrset_key_hash(&rrset->rk);
-
- e = slabhash_lookup(&r->table, rrset->entry.hash, rrset, 0);
- if(!e)
- return; /* not in the cache anymore */
- cachedata = (struct packed_rrset_data*)e->data;
- if(now > cachedata->ttl || !rrsetdata_equal(updata, cachedata)) {
- lock_rw_unlock(&e->lock);
- return; /* expired, or rrset has changed in the meantime */
- }
- if(cachedata->security > updata->security) {
- updata->security = cachedata->security;
- if(cachedata->security == sec_status_bogus) {
- size_t i;
- updata->ttl = cachedata->ttl - now;
- for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
- if(cachedata->rr_ttl[i] < now)
- updata->rr_ttl[i] = 0;
- else updata->rr_ttl[i] =
- cachedata->rr_ttl[i]-now;
- }
- if(cachedata->trust > updata->trust)
- updata->trust = cachedata->trust;
- }
- lock_rw_unlock(&e->lock);
-}
-
-void rrset_cache_remove(struct rrset_cache* r, uint8_t* nm, size_t nmlen,
- uint16_t type, uint16_t dclass, uint32_t flags)
-{
- struct ub_packed_rrset_key key;
- key.entry.key = &key;
- key.rk.dname = nm;
- key.rk.dname_len = nmlen;
- key.rk.rrset_class = htons(dclass);
- key.rk.type = htons(type);
- key.rk.flags = flags;
- key.entry.hash = rrset_key_hash(&key.rk);
- slabhash_remove(&r->table, key.entry.hash, &key);
-}
diff --git a/external/unbound/services/cache/rrset.h b/external/unbound/services/cache/rrset.h
deleted file mode 100644
index d5439ef08..000000000
--- a/external/unbound/services/cache/rrset.h
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * services/cache/rrset.h - Resource record set cache.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains the rrset cache.
- */
-
-#ifndef SERVICES_CACHE_RRSET_H
-#define SERVICES_CACHE_RRSET_H
-#include "util/storage/lruhash.h"
-#include "util/storage/slabhash.h"
-#include "util/data/packed_rrset.h"
-struct config_file;
-struct alloc_cache;
-struct rrset_ref;
-struct regional;
-
-/**
- * The rrset cache
- * Thin wrapper around hashtable, like a typedef.
- */
-struct rrset_cache {
- /** uses partitioned hash table */
- struct slabhash table;
-};
-
-/**
- * Create rrset cache
- * @param cfg: config settings or NULL for defaults.
- * @param alloc: initial default rrset key allocation.
- * @return: NULL on error.
- */
-struct rrset_cache* rrset_cache_create(struct config_file* cfg,
- struct alloc_cache* alloc);
-
-/**
- * Delete rrset cache
- * @param r: rrset cache to delete.
- */
-void rrset_cache_delete(struct rrset_cache* r);
-
-/**
- * Adjust settings of the cache to settings from the config file.
- * May purge the cache. May recreate the cache.
- * There may be no threading or use by other threads.
- * @param r: rrset cache to adjust (like realloc).
- * @param cfg: config settings or NULL for defaults.
- * @param alloc: initial default rrset key allocation.
- * @return 0 on error, or new rrset cache pointer on success.
- */
-struct rrset_cache* rrset_cache_adjust(struct rrset_cache* r,
- struct config_file* cfg, struct alloc_cache* alloc);
-
-/**
- * Touch rrset, with given pointer and id.
- * Caller may not hold a lock on ANY rrset, this could give deadlock.
- *
- * This routine is faster than a hashtable lookup:
- * o no bin_lock is acquired.
- * o no walk through the bin-overflow-list.
- * o no comparison of the entry key to find it.
- *
- * @param r: rrset cache.
- * @param key: rrset key. Marked recently used (if it was not deleted
- * before the lock is acquired, in that case nothing happens).
- * @param hash: hash value of the item. Please read it from the key when
- * you have it locked. Used to find slab from slabhash.
- * @param id: used to check that the item is unchanged and not deleted.
- */
-void rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key,
- hashvalue_type hash, rrset_id_type id);
-
-/**
- * Update an rrset in the rrset cache. Stores the information for later use.
- * Will lookup if the rrset is in the cache and perform an update if necessary.
- * If the item was present, and superior, references are returned to that.
- * The passed item is then deallocated with rrset_parsedelete.
- *
- * A superior rrset is:
- * o rrset with better trust value.
- * o same trust value, different rdata, newly passed rrset is inserted.
- * If rdata is the same, TTL in the cache is updated.
- *
- * @param r: the rrset cache.
- * @param ref: reference (ptr and id) to the rrset. Pass reference setup for
- * the new rrset. The reference may be changed if the cached rrset is
- * superior.
- * Before calling the rrset is presumed newly allocated and changeable.
- * Afer calling you do not hold a lock, and the rrset is inserted in
- * the hashtable so you need a lock to change it.
- * @param alloc: how to allocate (and deallocate) the special rrset key.
- * @param timenow: current time (to see if ttl in cache is expired).
- * @return: true if the passed reference is updated, false if it is unchanged.
- * 0: reference unchanged, inserted in cache.
- * 1: reference updated, item is inserted in cache.
- * 2: reference updated, item in cache is considered superior.
- * also the rdata is equal (but other parameters in cache are superior).
- */
-int rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref,
- struct alloc_cache* alloc, time_t timenow);
-
-/**
- * Lookup rrset. You obtain read/write lock. You must unlock before lookup
- * anything of else.
- * @param r: the rrset cache.
- * @param qname: name of rrset to lookup.
- * @param qnamelen: length of name of rrset to lookup.
- * @param qtype: type of rrset to lookup (host order).
- * @param qclass: class of rrset to lookup (host order).
- * @param flags: rrset flags, or 0.
- * @param timenow: used to compare with TTL.
- * @param wr: set true to get writelock.
- * @return packed rrset key pointer. Remember to unlock the key.entry.lock.
- * or NULL if could not be found or it was timed out.
- */
-struct ub_packed_rrset_key* rrset_cache_lookup(struct rrset_cache* r,
- uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
- uint32_t flags, time_t timenow, int wr);
-
-/**
- * Obtain readlock on a (sorted) list of rrset references.
- * Checks TTLs and IDs of the rrsets and rollbacks locking if not Ok.
- * @param ref: array of rrset references (key pointer and ID value).
- * duplicate references are allowed and handled.
- * @param count: size of array.
- * @param timenow: used to compare with TTL.
- * @return true on success, false on a failure, which can be that some
- * RRsets have timed out, or that they do not exist any more, the
- * RRsets have been purged from the cache.
- * If true, you hold readlocks on all the ref items.
- */
-int rrset_array_lock(struct rrset_ref* ref, size_t count, time_t timenow);
-
-/**
- * Unlock array (sorted) of rrset references.
- * @param ref: array of rrset references (key pointer and ID value).
- * duplicate references are allowed and handled.
- * @param count: size of array.
- */
-void rrset_array_unlock(struct rrset_ref* ref, size_t count);
-
-/**
- * Unlock array (sorted) of rrset references and at the same time
- * touch LRU on the rrsets. It needs the scratch region for temporary
- * storage as it uses the initial locks to obtain hash values.
- * @param r: the rrset cache. In this cache LRU is updated.
- * @param scratch: region for temporary storage of hash values.
- * if memory allocation fails, the lru touch fails silently,
- * but locks are released. memory errors are logged.
- * @param ref: array of rrset references (key pointer and ID value).
- * duplicate references are allowed and handled.
- * @param count: size of array.
- */
-void rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch,
- struct rrset_ref* ref, size_t count);
-
-/**
- * Update security status of an rrset. Looks up the rrset.
- * If found, checks if rdata is equal.
- * If so, it will update the security, trust and rrset-ttl values.
- * The values are only updated if security is increased (towards secure).
- * @param r: the rrset cache.
- * @param rrset: which rrset to attempt to update. This rrset is left
- * untouched. The rrset in the cache is updated in-place.
- * @param now: current time.
- */
-void rrset_update_sec_status(struct rrset_cache* r,
- struct ub_packed_rrset_key* rrset, time_t now);
-
-/**
- * Looks up security status of an rrset. Looks up the rrset.
- * If found, checks if rdata is equal, and entry did not expire.
- * If so, it will update the security, trust and rrset-ttl values.
- * @param r: the rrset cache.
- * @param rrset: This rrset may change security status due to the cache.
- * But its status will only improve, towards secure.
- * @param now: current time.
- */
-void rrset_check_sec_status(struct rrset_cache* r,
- struct ub_packed_rrset_key* rrset, time_t now);
-
-/**
- * Remove an rrset from the cache, by name and type and flags
- * @param r: rrset cache
- * @param nm: name of rrset
- * @param nmlen: length of name
- * @param type: type of rrset
- * @param dclass: class of rrset, host order
- * @param flags: flags of rrset, host order
- */
-void rrset_cache_remove(struct rrset_cache* r, uint8_t* nm, size_t nmlen,
- uint16_t type, uint16_t dclass, uint32_t flags);
-
-/** mark rrset to be deleted, set id=0 */
-void rrset_markdel(void* key);
-
-#endif /* SERVICES_CACHE_RRSET_H */
diff --git a/external/unbound/services/listen_dnsport.c b/external/unbound/services/listen_dnsport.c
deleted file mode 100644
index 37ee9a6b9..000000000
--- a/external/unbound/services/listen_dnsport.c
+++ /dev/null
@@ -1,1435 +0,0 @@
-/*
- * services/listen_dnsport.c - listen on port 53 for incoming DNS queries.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file has functions to get queries from clients.
- */
-#include "config.h"
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#include <sys/time.h>
-#ifdef USE_TCP_FASTOPEN
-#include <netinet/tcp.h>
-#endif
-#include "services/listen_dnsport.h"
-#include "services/outside_network.h"
-#include "util/netevent.h"
-#include "util/log.h"
-#include "util/config_file.h"
-#include "util/net_help.h"
-#include "sldns/sbuffer.h"
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#include <fcntl.h>
-
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-
-#ifdef HAVE_SYSTEMD
-#include <systemd/sd-daemon.h>
-#endif
-
-/** number of queued TCP connections for listen() */
-#define TCP_BACKLOG 256
-
-/**
- * Debug print of the getaddrinfo returned address.
- * @param addr: the address returned.
- */
-static void
-verbose_print_addr(struct addrinfo *addr)
-{
- if(verbosity >= VERB_ALGO) {
- char buf[100];
- void* sinaddr = &((struct sockaddr_in*)addr->ai_addr)->sin_addr;
-#ifdef INET6
- if(addr->ai_family == AF_INET6)
- sinaddr = &((struct sockaddr_in6*)addr->ai_addr)->
- sin6_addr;
-#endif /* INET6 */
- if(inet_ntop(addr->ai_family, sinaddr, buf,
- (socklen_t)sizeof(buf)) == 0) {
- (void)strlcpy(buf, "(null)", sizeof(buf));
- }
- buf[sizeof(buf)-1] = 0;
- verbose(VERB_ALGO, "creating %s%s socket %s %d",
- addr->ai_socktype==SOCK_DGRAM?"udp":
- addr->ai_socktype==SOCK_STREAM?"tcp":"otherproto",
- addr->ai_family==AF_INET?"4":
- addr->ai_family==AF_INET6?"6":
- "_otherfam", buf,
- ntohs(((struct sockaddr_in*)addr->ai_addr)->sin_port));
- }
-}
-
-#ifdef HAVE_SYSTEMD
-static int
-systemd_get_activated(int family, int socktype, int listen,
- struct sockaddr *addr, socklen_t addrlen,
- const char *path)
-{
- int i = 0;
- int r = 0;
- int s = -1;
- const char* listen_pid, *listen_fds;
-
- /* We should use "listen" option only for stream protocols. For UDP it should be -1 */
-
- if((r = sd_booted()) < 1) {
- if(r == 0)
- log_warn("systemd is not running");
- else
- log_err("systemd sd_booted(): %s", strerror(-r));
- return -1;
- }
-
- listen_pid = getenv("LISTEN_PID");
- listen_fds = getenv("LISTEN_FDS");
-
- if (!listen_pid) {
- log_warn("Systemd mandatory ENV variable is not defined: LISTEN_PID");
- return -1;
- }
-
- if (!listen_fds) {
- log_warn("Systemd mandatory ENV variable is not defined: LISTEN_FDS");
- return -1;
- }
-
- if((r = sd_listen_fds(0)) < 1) {
- if(r == 0)
- log_warn("systemd: did not return socket, check unit configuration");
- else
- log_err("systemd sd_listen_fds(): %s", strerror(-r));
- return -1;
- }
-
- for(i = 0; i < r; i++) {
- if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) {
- s = SD_LISTEN_FDS_START + i;
- break;
- }
- }
- if (s == -1) {
- if (addr)
- log_err_addr("systemd sd_listen_fds()",
- "no such socket",
- (struct sockaddr_storage *)addr, addrlen);
- else
- log_err("systemd sd_listen_fds(): %s", path);
- }
- return s;
-}
-#endif
-
-int
-create_udp_sock(int family, int socktype, struct sockaddr* addr,
- socklen_t addrlen, int v6only, int* inuse, int* noproto,
- int rcv, int snd, int listen, int* reuseport, int transparent,
- int freebind, int use_systemd)
-{
- int s;
-#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND)
- int on=1;
-#endif
-#ifdef IPV6_MTU
- int mtu = IPV6_MIN_MTU;
-#endif
-#if !defined(SO_RCVBUFFORCE) && !defined(SO_RCVBUF)
- (void)rcv;
-#endif
-#if !defined(SO_SNDBUFFORCE) && !defined(SO_SNDBUF)
- (void)snd;
-#endif
-#ifndef IPV6_V6ONLY
- (void)v6only;
-#endif
-#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY)
- (void)transparent;
-#endif
-#if !defined(IP_FREEBIND)
- (void)freebind;
-#endif
-#ifdef HAVE_SYSTEMD
- int got_fd_from_systemd = 0;
-
- if (!use_systemd
- || (use_systemd
- && (s = systemd_get_activated(family, socktype, -1, addr,
- addrlen, NULL)) == -1)) {
-#else
- (void)use_systemd;
-#endif
- if((s = socket(family, socktype, 0)) == -1) {
- *inuse = 0;
-#ifndef USE_WINSOCK
- if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) {
- *noproto = 1;
- return -1;
- }
- log_err("can't create socket: %s", strerror(errno));
-#else
- if(WSAGetLastError() == WSAEAFNOSUPPORT ||
- WSAGetLastError() == WSAEPROTONOSUPPORT) {
- *noproto = 1;
- return -1;
- }
- log_err("can't create socket: %s",
- wsa_strerror(WSAGetLastError()));
-#endif
- *noproto = 0;
- return -1;
- }
-#ifdef HAVE_SYSTEMD
- } else {
- got_fd_from_systemd = 1;
- }
-#endif
- if(listen) {
-#ifdef SO_REUSEADDR
- if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
- (socklen_t)sizeof(on)) < 0) {
-#ifndef USE_WINSOCK
- log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
- strerror(errno));
- if(errno != ENOSYS) {
- close(s);
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
-#else
- log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
- *noproto = 0;
- *inuse = 0;
- return -1;
-#endif
- }
-#endif /* SO_REUSEADDR */
-#ifdef SO_REUSEPORT
- /* try to set SO_REUSEPORT so that incoming
- * queries are distributed evenly among the receiving threads.
- * Each thread must have its own socket bound to the same port,
- * with SO_REUSEPORT set on each socket.
- */
- if (reuseport && *reuseport &&
- setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on,
- (socklen_t)sizeof(on)) < 0) {
-#ifdef ENOPROTOOPT
- if(errno != ENOPROTOOPT || verbosity >= 3)
- log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s",
- strerror(errno));
-#endif
- /* this option is not essential, we can continue */
- *reuseport = 0;
- }
-#else
- (void)reuseport;
-#endif /* defined(SO_REUSEPORT) */
-#ifdef IP_TRANSPARENT
- if (transparent &&
- setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on,
- (socklen_t)sizeof(on)) < 0) {
- log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s",
- strerror(errno));
- }
-#elif defined(IP_BINDANY)
- if (transparent &&
- setsockopt(s, (family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP),
- (family == AF_INET6? IPV6_BINDANY:IP_BINDANY),
- (void*)&on, (socklen_t)sizeof(on)) < 0) {
- log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s",
- (family==AF_INET6?"V6":""), strerror(errno));
- }
-#endif /* IP_TRANSPARENT || IP_BINDANY */
- }
-#ifdef IP_FREEBIND
- if(freebind &&
- setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on,
- (socklen_t)sizeof(on)) < 0) {
- log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s",
- strerror(errno));
- }
-#endif /* IP_FREEBIND */
- if(rcv) {
-#ifdef SO_RCVBUF
- int got;
- socklen_t slen = (socklen_t)sizeof(got);
-# ifdef SO_RCVBUFFORCE
- /* Linux specific: try to use root permission to override
- * system limits on rcvbuf. The limit is stored in
- * /proc/sys/net/core/rmem_max or sysctl net.core.rmem_max */
- if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv,
- (socklen_t)sizeof(rcv)) < 0) {
- if(errno != EPERM) {
-# ifndef USE_WINSOCK
- log_err("setsockopt(..., SO_RCVBUFFORCE, "
- "...) failed: %s", strerror(errno));
- close(s);
-# else
- log_err("setsockopt(..., SO_RCVBUFFORCE, "
- "...) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
-# endif /* SO_RCVBUFFORCE */
- if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv,
- (socklen_t)sizeof(rcv)) < 0) {
-# ifndef USE_WINSOCK
- log_err("setsockopt(..., SO_RCVBUF, "
- "...) failed: %s", strerror(errno));
- close(s);
-# else
- log_err("setsockopt(..., SO_RCVBUF, "
- "...) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
- /* check if we got the right thing or if system
- * reduced to some system max. Warn if so */
- if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got,
- &slen) >= 0 && got < rcv/2) {
- log_warn("so-rcvbuf %u was not granted. "
- "Got %u. To fix: start with "
- "root permissions(linux) or sysctl "
- "bigger net.core.rmem_max(linux) or "
- "kern.ipc.maxsockbuf(bsd) values.",
- (unsigned)rcv, (unsigned)got);
- }
-# ifdef SO_RCVBUFFORCE
- }
-# endif
-#endif /* SO_RCVBUF */
- }
- /* first do RCVBUF as the receive buffer is more important */
- if(snd) {
-#ifdef SO_SNDBUF
- int got;
- socklen_t slen = (socklen_t)sizeof(got);
-# ifdef SO_SNDBUFFORCE
- /* Linux specific: try to use root permission to override
- * system limits on sndbuf. The limit is stored in
- * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */
- if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd,
- (socklen_t)sizeof(snd)) < 0) {
- if(errno != EPERM) {
-# ifndef USE_WINSOCK
- log_err("setsockopt(..., SO_SNDBUFFORCE, "
- "...) failed: %s", strerror(errno));
- close(s);
-# else
- log_err("setsockopt(..., SO_SNDBUFFORCE, "
- "...) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
-# endif /* SO_SNDBUFFORCE */
- if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd,
- (socklen_t)sizeof(snd)) < 0) {
-# ifndef USE_WINSOCK
- log_err("setsockopt(..., SO_SNDBUF, "
- "...) failed: %s", strerror(errno));
- close(s);
-# else
- log_err("setsockopt(..., SO_SNDBUF, "
- "...) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
- /* check if we got the right thing or if system
- * reduced to some system max. Warn if so */
- if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got,
- &slen) >= 0 && got < snd/2) {
- log_warn("so-sndbuf %u was not granted. "
- "Got %u. To fix: start with "
- "root permissions(linux) or sysctl "
- "bigger net.core.wmem_max(linux) or "
- "kern.ipc.maxsockbuf(bsd) values.",
- (unsigned)snd, (unsigned)got);
- }
-# ifdef SO_SNDBUFFORCE
- }
-# endif
-#endif /* SO_SNDBUF */
- }
- if(family == AF_INET6) {
-# if defined(IPV6_V6ONLY)
- if(v6only) {
- int val=(v6only==2)?0:1;
- if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
- (void*)&val, (socklen_t)sizeof(val)) < 0) {
-#ifndef USE_WINSOCK
- log_err("setsockopt(..., IPV6_V6ONLY"
- ", ...) failed: %s", strerror(errno));
- close(s);
-#else
- log_err("setsockopt(..., IPV6_V6ONLY"
- ", ...) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-#endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
- }
-# endif
-# if defined(IPV6_USE_MIN_MTU)
- /*
- * There is no fragmentation of IPv6 datagrams
- * during forwarding in the network. Therefore
- * we do not send UDP datagrams larger than
- * the minimum IPv6 MTU of 1280 octets. The
- * EDNS0 message length can be larger if the
- * network stack supports IPV6_USE_MIN_MTU.
- */
- if (setsockopt(s, IPPROTO_IPV6, IPV6_USE_MIN_MTU,
- (void*)&on, (socklen_t)sizeof(on)) < 0) {
-# ifndef USE_WINSOCK
- log_err("setsockopt(..., IPV6_USE_MIN_MTU, "
- "...) failed: %s", strerror(errno));
- close(s);
-# else
- log_err("setsockopt(..., IPV6_USE_MIN_MTU, "
- "...) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
-# elif defined(IPV6_MTU)
- /*
- * On Linux, to send no larger than 1280, the PMTUD is
- * disabled by default for datagrams anyway, so we set
- * the MTU to use.
- */
- if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU,
- (void*)&mtu, (socklen_t)sizeof(mtu)) < 0) {
-# ifndef USE_WINSOCK
- log_err("setsockopt(..., IPV6_MTU, ...) failed: %s",
- strerror(errno));
- close(s);
-# else
- log_err("setsockopt(..., IPV6_MTU, ...) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
-# endif /* IPv6 MTU */
- } else if(family == AF_INET) {
-# if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
-/* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that
- * PMTU information is not accepted, but fragmentation is allowed
- * if and only if the packet size exceeds the outgoing interface MTU
- * (and also uses the interface mtu to determine the size of the packets).
- * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks.
- * FreeBSD already has same semantics without setting the option. */
- int omit_set = 0;
- int action;
-# if defined(IP_PMTUDISC_OMIT)
- action = IP_PMTUDISC_OMIT;
- if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
- &action, (socklen_t)sizeof(action)) < 0) {
-
- if (errno != EINVAL) {
- log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s",
- strerror(errno));
-
-# ifndef USE_WINSOCK
- close(s);
-# else
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
- }
- else
- {
- omit_set = 1;
- }
-# endif
- if (omit_set == 0) {
- action = IP_PMTUDISC_DONT;
- if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
- &action, (socklen_t)sizeof(action)) < 0) {
- log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s",
- strerror(errno));
-# ifndef USE_WINSOCK
- close(s);
-# else
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
- }
-# elif defined(IP_DONTFRAG)
- int off = 0;
- if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG,
- &off, (socklen_t)sizeof(off)) < 0) {
- log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s",
- strerror(errno));
-# ifndef USE_WINSOCK
- close(s);
-# else
- closesocket(s);
-# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
- }
-# endif /* IPv4 MTU */
- }
- if(
-#ifdef HAVE_SYSTEMD
- !got_fd_from_systemd &&
-#endif
- bind(s, (struct sockaddr*)addr, addrlen) != 0) {
- *noproto = 0;
- *inuse = 0;
-#ifndef USE_WINSOCK
-#ifdef EADDRINUSE
- *inuse = (errno == EADDRINUSE);
- /* detect freebsd jail with no ipv6 permission */
- if(family==AF_INET6 && errno==EINVAL)
- *noproto = 1;
- else if(errno != EADDRINUSE) {
- log_err_addr("can't bind socket", strerror(errno),
- (struct sockaddr_storage*)addr, addrlen);
- }
-#endif /* EADDRINUSE */
- close(s);
-#else /* USE_WINSOCK */
- if(WSAGetLastError() != WSAEADDRINUSE &&
- WSAGetLastError() != WSAEADDRNOTAVAIL) {
- log_err_addr("can't bind socket",
- wsa_strerror(WSAGetLastError()),
- (struct sockaddr_storage*)addr, addrlen);
- }
- closesocket(s);
-#endif /* USE_WINSOCK */
- return -1;
- }
- if(!fd_set_nonblock(s)) {
- *noproto = 0;
- *inuse = 0;
-#ifndef USE_WINSOCK
- close(s);
-#else
- closesocket(s);
-#endif
- return -1;
- }
- return s;
-}
-
-int
-create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
- int* reuseport, int transparent, int mss, int freebind, int use_systemd)
-{
- int s;
-#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND)
- int on = 1;
-#endif
-#ifdef HAVE_SYSTEMD
- int got_fd_from_systemd = 0;
-#endif
-#ifdef USE_TCP_FASTOPEN
- int qlen;
-#endif
-#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY)
- (void)transparent;
-#endif
-#if !defined(IP_FREEBIND)
- (void)freebind;
-#endif
- verbose_print_addr(addr);
- *noproto = 0;
-#ifdef HAVE_SYSTEMD
- if (!use_systemd ||
- (use_systemd
- && (s = systemd_get_activated(addr->ai_family, addr->ai_socktype, 1,
- addr->ai_addr, addr->ai_addrlen,
- NULL)) == -1)) {
-#else
- (void)use_systemd;
-#endif
- if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) {
-#ifndef USE_WINSOCK
- if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) {
- *noproto = 1;
- return -1;
- }
- log_err("can't create socket: %s", strerror(errno));
-#else
- if(WSAGetLastError() == WSAEAFNOSUPPORT ||
- WSAGetLastError() == WSAEPROTONOSUPPORT) {
- *noproto = 1;
- return -1;
- }
- log_err("can't create socket: %s",
- wsa_strerror(WSAGetLastError()));
-#endif
- return -1;
- }
- if (mss > 0) {
-#if defined(IPPROTO_TCP) && defined(TCP_MAXSEG)
- if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, (void*)&mss,
- (socklen_t)sizeof(mss)) < 0) {
- #ifndef USE_WINSOCK
- log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s",
- strerror(errno));
- #else
- log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s",
- wsa_strerror(WSAGetLastError()));
- #endif
- } else {
- verbose(VERB_ALGO,
- " tcp socket mss set to %d", mss);
- }
-#else
- log_warn(" setsockopt(TCP_MAXSEG) unsupported");
-#endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */
- }
-#ifdef HAVE_SYSTEMD
- } else {
- got_fd_from_systemd = 1;
- }
-#endif
-#ifdef SO_REUSEADDR
- if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
- (socklen_t)sizeof(on)) < 0) {
-#ifndef USE_WINSOCK
- log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
- strerror(errno));
- close(s);
-#else
- log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-#endif
- return -1;
- }
-#endif /* SO_REUSEADDR */
-#ifdef IP_FREEBIND
- if (freebind && setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on,
- (socklen_t)sizeof(on)) < 0) {
- log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s",
- strerror(errno));
- }
-#endif /* IP_FREEBIND */
-#ifdef SO_REUSEPORT
- /* try to set SO_REUSEPORT so that incoming
- * connections are distributed evenly among the receiving threads.
- * Each thread must have its own socket bound to the same port,
- * with SO_REUSEPORT set on each socket.
- */
- if (reuseport && *reuseport &&
- setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on,
- (socklen_t)sizeof(on)) < 0) {
-#ifdef ENOPROTOOPT
- if(errno != ENOPROTOOPT || verbosity >= 3)
- log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s",
- strerror(errno));
-#endif
- /* this option is not essential, we can continue */
- *reuseport = 0;
- }
-#else
- (void)reuseport;
-#endif /* defined(SO_REUSEPORT) */
-#if defined(IPV6_V6ONLY)
- if(addr->ai_family == AF_INET6 && v6only) {
- if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
- (void*)&on, (socklen_t)sizeof(on)) < 0) {
-#ifndef USE_WINSOCK
- log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s",
- strerror(errno));
- close(s);
-#else
- log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-#endif
- return -1;
- }
- }
-#else
- (void)v6only;
-#endif /* IPV6_V6ONLY */
-#ifdef IP_TRANSPARENT
- if (transparent &&
- setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on,
- (socklen_t)sizeof(on)) < 0) {
- log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s",
- strerror(errno));
- }
-#elif defined(IP_BINDANY)
- if (transparent &&
- setsockopt(s, (addr->ai_family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP),
- (addr->ai_family == AF_INET6? IPV6_BINDANY:IP_BINDANY),
- (void*)&on, (socklen_t)sizeof(on)) < 0) {
- log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s",
- (addr->ai_family==AF_INET6?"V6":""), strerror(errno));
- }
-#endif /* IP_TRANSPARENT || IP_BINDANY */
- if(
-#ifdef HAVE_SYSTEMD
- !got_fd_from_systemd &&
-#endif
- bind(s, addr->ai_addr, addr->ai_addrlen) != 0) {
-#ifndef USE_WINSOCK
- /* detect freebsd jail with no ipv6 permission */
- if(addr->ai_family==AF_INET6 && errno==EINVAL)
- *noproto = 1;
- else {
- log_err_addr("can't bind socket", strerror(errno),
- (struct sockaddr_storage*)addr->ai_addr,
- addr->ai_addrlen);
- }
- close(s);
-#else
- log_err_addr("can't bind socket",
- wsa_strerror(WSAGetLastError()),
- (struct sockaddr_storage*)addr->ai_addr,
- addr->ai_addrlen);
- closesocket(s);
-#endif
- return -1;
- }
- if(!fd_set_nonblock(s)) {
-#ifndef USE_WINSOCK
- close(s);
-#else
- closesocket(s);
-#endif
- return -1;
- }
- if(listen(s, TCP_BACKLOG) == -1) {
-#ifndef USE_WINSOCK
- log_err("can't listen: %s", strerror(errno));
- close(s);
-#else
- log_err("can't listen: %s", wsa_strerror(WSAGetLastError()));
- closesocket(s);
-#endif
- return -1;
- }
-#ifdef USE_TCP_FASTOPEN
- /* qlen specifies how many outstanding TFO requests to allow. Limit is a defense
- against IP spoofing attacks as suggested in RFC7413 */
-#ifdef __APPLE__
- /* OS X implementation only supports qlen of 1 via this call. Actual
- value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */
- qlen = 1;
-#else
- /* 5 is recommended on linux */
- qlen = 5;
-#endif
- if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen,
- sizeof(qlen))) == -1 ) {
- log_err("Setting TCP Fast Open as server failed: %s", strerror(errno));
- }
-#endif
- return s;
-}
-
-int
-create_local_accept_sock(const char *path, int* noproto, int use_systemd)
-{
-#ifdef HAVE_SYSTEMD
- int ret;
-
- if (use_systemd && (ret = systemd_get_activated(AF_LOCAL, SOCK_STREAM, 1, NULL, 0, path)) != -1)
- return ret;
- else {
-#endif
-#ifdef HAVE_SYS_UN_H
- int s;
- struct sockaddr_un usock;
-#ifndef HAVE_SYSTEMD
- (void)use_systemd;
-#endif
-
- verbose(VERB_ALGO, "creating unix socket %s", path);
-#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
- /* this member exists on BSDs, not Linux */
- usock.sun_len = (unsigned)sizeof(usock);
-#endif
- usock.sun_family = AF_LOCAL;
- /* length is 92-108, 104 on FreeBSD */
- (void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path));
-
- if ((s = socket(AF_LOCAL, SOCK_STREAM, 0)) == -1) {
- log_err("Cannot create local socket %s (%s)",
- path, strerror(errno));
- return -1;
- }
-
- if (unlink(path) && errno != ENOENT) {
- /* The socket already exists and cannot be removed */
- log_err("Cannot remove old local socket %s (%s)",
- path, strerror(errno));
- goto err;
- }
-
- if (bind(s, (struct sockaddr *)&usock,
- (socklen_t)sizeof(struct sockaddr_un)) == -1) {
- log_err("Cannot bind local socket %s (%s)",
- path, strerror(errno));
- goto err;
- }
-
- if (!fd_set_nonblock(s)) {
- log_err("Cannot set non-blocking mode");
- goto err;
- }
-
- if (listen(s, TCP_BACKLOG) == -1) {
- log_err("can't listen: %s", strerror(errno));
- goto err;
- }
-
- (void)noproto; /*unused*/
- return s;
-
-err:
-#ifndef USE_WINSOCK
- close(s);
-#else
- closesocket(s);
-#endif
- return -1;
-
-#ifdef HAVE_SYSTEMD
- }
-#endif
-#else
- (void)use_systemd;
- (void)path;
- log_err("Local sockets are not supported");
- *noproto = 1;
- return -1;
-#endif
-}
-
-
-/**
- * Create socket from getaddrinfo results
- */
-static int
-make_sock(int stype, const char* ifname, const char* port,
- struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
- int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd)
-{
- struct addrinfo *res = NULL;
- int r, s, inuse, noproto;
- hints->ai_socktype = stype;
- *noip6 = 0;
- if((r=getaddrinfo(ifname, port, hints, &res)) != 0 || !res) {
-#ifdef USE_WINSOCK
- if(r == EAI_NONAME && hints->ai_family == AF_INET6){
- *noip6 = 1; /* 'Host not found' for IP6 on winXP */
- return -1;
- }
-#endif
- log_err("node %s:%s getaddrinfo: %s %s",
- ifname?ifname:"default", port, gai_strerror(r),
-#ifdef EAI_SYSTEM
- r==EAI_SYSTEM?(char*)strerror(errno):""
-#else
- ""
-#endif
- );
- return -1;
- }
- if(stype == SOCK_DGRAM) {
- verbose_print_addr(res);
- s = create_udp_sock(res->ai_family, res->ai_socktype,
- (struct sockaddr*)res->ai_addr, res->ai_addrlen,
- v6only, &inuse, &noproto, (int)rcv, (int)snd, 1,
- reuseport, transparent, freebind, use_systemd);
- if(s == -1 && inuse) {
- log_err("bind: address already in use");
- } else if(s == -1 && noproto && hints->ai_family == AF_INET6){
- *noip6 = 1;
- }
- } else {
- s = create_tcp_accept_sock(res, v6only, &noproto, reuseport,
- transparent, tcp_mss, freebind, use_systemd);
- if(s == -1 && noproto && hints->ai_family == AF_INET6){
- *noip6 = 1;
- }
- }
- freeaddrinfo(res);
- return s;
-}
-
-/** make socket and first see if ifname contains port override info */
-static int
-make_sock_port(int stype, const char* ifname, const char* port,
- struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
- int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd)
-{
- char* s = strchr(ifname, '@');
- if(s) {
- /* override port with ifspec@port */
- char p[16];
- char newif[128];
- if((size_t)(s-ifname) >= sizeof(newif)) {
- log_err("ifname too long: %s", ifname);
- *noip6 = 0;
- return -1;
- }
- if(strlen(s+1) >= sizeof(p)) {
- log_err("portnumber too long: %s", ifname);
- *noip6 = 0;
- return -1;
- }
- (void)strlcpy(newif, ifname, sizeof(newif));
- newif[s-ifname] = 0;
- (void)strlcpy(p, s+1, sizeof(p));
- p[strlen(s+1)]=0;
- return make_sock(stype, newif, p, hints, v6only, noip6,
- rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd);
- }
- return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd,
- reuseport, transparent, tcp_mss, freebind, use_systemd);
-}
-
-/**
- * Add port to open ports list.
- * @param list: list head. changed.
- * @param s: fd.
- * @param ftype: if fd is UDP.
- * @return false on failure. list in unchanged then.
- */
-static int
-port_insert(struct listen_port** list, int s, enum listen_type ftype)
-{
- struct listen_port* item = (struct listen_port*)malloc(
- sizeof(struct listen_port));
- if(!item)
- return 0;
- item->next = *list;
- item->fd = s;
- item->ftype = ftype;
- *list = item;
- return 1;
-}
-
-/** set fd to receive source address packet info */
-static int
-set_recvpktinfo(int s, int family)
-{
-#if defined(IPV6_RECVPKTINFO) || defined(IPV6_PKTINFO) || (defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)) || defined(IP_PKTINFO)
- int on = 1;
-#else
- (void)s;
-#endif
- if(family == AF_INET6) {
-# ifdef IPV6_RECVPKTINFO
- if(setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO,
- (void*)&on, (socklen_t)sizeof(on)) < 0) {
- log_err("setsockopt(..., IPV6_RECVPKTINFO, ...) failed: %s",
- strerror(errno));
- return 0;
- }
-# elif defined(IPV6_PKTINFO)
- if(setsockopt(s, IPPROTO_IPV6, IPV6_PKTINFO,
- (void*)&on, (socklen_t)sizeof(on)) < 0) {
- log_err("setsockopt(..., IPV6_PKTINFO, ...) failed: %s",
- strerror(errno));
- return 0;
- }
-# else
- log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please "
- "disable interface-automatic or do-ip6 in config");
- return 0;
-# endif /* defined IPV6_RECVPKTINFO */
-
- } else if(family == AF_INET) {
-# ifdef IP_PKTINFO
- if(setsockopt(s, IPPROTO_IP, IP_PKTINFO,
- (void*)&on, (socklen_t)sizeof(on)) < 0) {
- log_err("setsockopt(..., IP_PKTINFO, ...) failed: %s",
- strerror(errno));
- return 0;
- }
-# elif defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)
- if(setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR,
- (void*)&on, (socklen_t)sizeof(on)) < 0) {
- log_err("setsockopt(..., IP_RECVDSTADDR, ...) failed: %s",
- strerror(errno));
- return 0;
- }
-# else
- log_err("no IP_SENDSRCADDR or IP_PKTINFO option, please disable "
- "interface-automatic or do-ip4 in config");
- return 0;
-# endif /* IP_PKTINFO */
-
- }
- return 1;
-}
-
-/**
- * Helper for ports_open. Creates one interface (or NULL for default).
- * @param ifname: The interface ip address.
- * @param do_auto: use automatic interface detection.
- * If enabled, then ifname must be the wildcard name.
- * @param do_udp: if udp should be used.
- * @param do_tcp: if udp should be used.
- * @param hints: for getaddrinfo. family and flags have to be set by caller.
- * @param port: Port number to use (as string).
- * @param list: list of open ports, appended to, changed to point to list head.
- * @param rcv: receive buffer size for UDP
- * @param snd: send buffer size for UDP
- * @param ssl_port: ssl service port number
- * @param reuseport: try to set SO_REUSEPORT if nonNULL and true.
- * set to false on exit if reuseport failed due to no kernel support.
- * @param transparent: set IP_TRANSPARENT socket option.
- * @param tcp_mss: maximum segment size of tcp socket. default if zero.
- * @param freebind: set IP_FREEBIND socket option.
- * @param use_systemd: if true, fetch sockets from systemd.
- * @param dnscrypt_port: dnscrypt service port number
- * @return: returns false on error.
- */
-static int
-ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
- struct addrinfo *hints, const char* port, struct listen_port** list,
- size_t rcv, size_t snd, int ssl_port, int* reuseport, int transparent,
- int tcp_mss, int freebind, int use_systemd, int dnscrypt_port)
-{
- int s, noip6=0;
-#ifdef USE_DNSCRYPT
- int is_dnscrypt = ((strchr(ifname, '@') &&
- atoi(strchr(ifname, '@')+1) == dnscrypt_port) ||
- (!strchr(ifname, '@') && atoi(port) == dnscrypt_port));
-#else
- int is_dnscrypt = 0;
- (void)dnscrypt_port;
-#endif
-
- if(!do_udp && !do_tcp)
- return 0;
- if(do_auto) {
- if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
- &noip6, rcv, snd, reuseport, transparent,
- tcp_mss, freebind, use_systemd)) == -1) {
- if(noip6) {
- log_warn("IPv6 protocol not available");
- return 1;
- }
- return 0;
- }
- /* getting source addr packet info is highly non-portable */
- if(!set_recvpktinfo(s, hints->ai_family)) {
-#ifndef USE_WINSOCK
- close(s);
-#else
- closesocket(s);
-#endif
- return 0;
- }
- if(!port_insert(list, s,
- is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) {
-#ifndef USE_WINSOCK
- close(s);
-#else
- closesocket(s);
-#endif
- return 0;
- }
- } else if(do_udp) {
- /* regular udp socket */
- if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
- &noip6, rcv, snd, reuseport, transparent,
- tcp_mss, freebind, use_systemd)) == -1) {
- if(noip6) {
- log_warn("IPv6 protocol not available");
- return 1;
- }
- return 0;
- }
- if(!port_insert(list, s,
- is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) {
-#ifndef USE_WINSOCK
- close(s);
-#else
- closesocket(s);
-#endif
- return 0;
- }
- }
- if(do_tcp) {
- int is_ssl = ((strchr(ifname, '@') &&
- atoi(strchr(ifname, '@')+1) == ssl_port) ||
- (!strchr(ifname, '@') && atoi(port) == ssl_port));
- if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
- &noip6, 0, 0, reuseport, transparent, tcp_mss,
- freebind, use_systemd)) == -1) {
- if(noip6) {
- /*log_warn("IPv6 protocol not available");*/
- return 1;
- }
- return 0;
- }
- if(is_ssl)
- verbose(VERB_ALGO, "setup TCP for SSL service");
- if(!port_insert(list, s, is_ssl?listen_type_ssl:
- (is_dnscrypt?listen_type_tcp_dnscrypt:listen_type_tcp))) {
-#ifndef USE_WINSOCK
- close(s);
-#else
- closesocket(s);
-#endif
- return 0;
- }
- }
- return 1;
-}
-
-/**
- * Add items to commpoint list in front.
- * @param c: commpoint to add.
- * @param front: listen struct.
- * @return: false on failure.
- */
-static int
-listen_cp_insert(struct comm_point* c, struct listen_dnsport* front)
-{
- struct listen_list* item = (struct listen_list*)malloc(
- sizeof(struct listen_list));
- if(!item)
- return 0;
- item->com = c;
- item->next = front->cps;
- front->cps = item;
- return 1;
-}
-
-struct listen_dnsport*
-listen_create(struct comm_base* base, struct listen_port* ports,
- size_t bufsize, int tcp_accept_count, void* sslctx,
- struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg)
-{
- struct listen_dnsport* front = (struct listen_dnsport*)
- malloc(sizeof(struct listen_dnsport));
- if(!front)
- return NULL;
- front->cps = NULL;
- front->udp_buff = sldns_buffer_new(bufsize);
-#ifdef USE_DNSCRYPT
- front->dnscrypt_udp_buff = NULL;
-#endif
- if(!front->udp_buff) {
- free(front);
- return NULL;
- }
-
- /* create comm points as needed */
- while(ports) {
- struct comm_point* cp = NULL;
- if(ports->ftype == listen_type_udp ||
- ports->ftype == listen_type_udp_dnscrypt)
- cp = comm_point_create_udp(base, ports->fd,
- front->udp_buff, cb, cb_arg);
- else if(ports->ftype == listen_type_tcp ||
- ports->ftype == listen_type_tcp_dnscrypt)
- cp = comm_point_create_tcp(base, ports->fd,
- tcp_accept_count, bufsize, cb, cb_arg);
- else if(ports->ftype == listen_type_ssl) {
- cp = comm_point_create_tcp(base, ports->fd,
- tcp_accept_count, bufsize, cb, cb_arg);
- cp->ssl = sslctx;
- } else if(ports->ftype == listen_type_udpancil ||
- ports->ftype == listen_type_udpancil_dnscrypt)
- cp = comm_point_create_udp_ancil(base, ports->fd,
- front->udp_buff, cb, cb_arg);
- if(!cp) {
- log_err("can't create commpoint");
- listen_delete(front);
- return NULL;
- }
- cp->dtenv = dtenv;
- cp->do_not_close = 1;
-#ifdef USE_DNSCRYPT
- if (ports->ftype == listen_type_udp_dnscrypt ||
- ports->ftype == listen_type_tcp_dnscrypt ||
- ports->ftype == listen_type_udpancil_dnscrypt) {
- cp->dnscrypt = 1;
- cp->dnscrypt_buffer = sldns_buffer_new(bufsize);
- if(!cp->dnscrypt_buffer) {
- log_err("can't alloc dnscrypt_buffer");
- comm_point_delete(cp);
- listen_delete(front);
- return NULL;
- }
- front->dnscrypt_udp_buff = cp->dnscrypt_buffer;
- }
-#endif
- if(!listen_cp_insert(cp, front)) {
- log_err("malloc failed");
- comm_point_delete(cp);
- listen_delete(front);
- return NULL;
- }
- ports = ports->next;
- }
- if(!front->cps) {
- log_err("Could not open sockets to accept queries.");
- listen_delete(front);
- return NULL;
- }
-
- return front;
-}
-
-void
-listen_list_delete(struct listen_list* list)
-{
- struct listen_list *p = list, *pn;
- while(p) {
- pn = p->next;
- comm_point_delete(p->com);
- free(p);
- p = pn;
- }
-}
-
-void
-listen_delete(struct listen_dnsport* front)
-{
- if(!front)
- return;
- listen_list_delete(front->cps);
-#ifdef USE_DNSCRYPT
- if(front->dnscrypt_udp_buff &&
- front->udp_buff != front->dnscrypt_udp_buff) {
- sldns_buffer_free(front->dnscrypt_udp_buff);
- }
-#endif
- sldns_buffer_free(front->udp_buff);
- free(front);
-}
-
-struct listen_port*
-listening_ports_open(struct config_file* cfg, int* reuseport)
-{
- struct listen_port* list = NULL;
- struct addrinfo hints;
- int i, do_ip4, do_ip6;
- int do_tcp, do_auto;
- char portbuf[32];
- snprintf(portbuf, sizeof(portbuf), "%d", cfg->port);
- do_ip4 = cfg->do_ip4;
- do_ip6 = cfg->do_ip6;
- do_tcp = cfg->do_tcp;
- do_auto = cfg->if_automatic && cfg->do_udp;
- if(cfg->incoming_num_tcp == 0)
- do_tcp = 0;
-
- /* getaddrinfo */
- memset(&hints, 0, sizeof(hints));
- hints.ai_flags = AI_PASSIVE;
- /* no name lookups on our listening ports */
- if(cfg->num_ifs > 0)
- hints.ai_flags |= AI_NUMERICHOST;
- hints.ai_family = AF_UNSPEC;
-#ifndef INET6
- do_ip6 = 0;
-#endif
- if(!do_ip4 && !do_ip6) {
- return NULL;
- }
- /* create ip4 and ip6 ports so that return addresses are nice. */
- if(do_auto || cfg->num_ifs == 0) {
- if(do_ip6) {
- hints.ai_family = AF_INET6;
- if(!ports_create_if(do_auto?"::0":"::1",
- do_auto, cfg->do_udp, do_tcp,
- &hints, portbuf, &list,
- cfg->so_rcvbuf, cfg->so_sndbuf,
- cfg->ssl_port, reuseport,
- cfg->ip_transparent,
- cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
- cfg->dnscrypt_port)) {
- listening_ports_free(list);
- return NULL;
- }
- }
- if(do_ip4) {
- hints.ai_family = AF_INET;
- if(!ports_create_if(do_auto?"0.0.0.0":"127.0.0.1",
- do_auto, cfg->do_udp, do_tcp,
- &hints, portbuf, &list,
- cfg->so_rcvbuf, cfg->so_sndbuf,
- cfg->ssl_port, reuseport,
- cfg->ip_transparent,
- cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
- cfg->dnscrypt_port)) {
- listening_ports_free(list);
- return NULL;
- }
- }
- } else for(i = 0; i<cfg->num_ifs; i++) {
- if(str_is_ip6(cfg->ifs[i])) {
- if(!do_ip6)
- continue;
- hints.ai_family = AF_INET6;
- if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
- do_tcp, &hints, portbuf, &list,
- cfg->so_rcvbuf, cfg->so_sndbuf,
- cfg->ssl_port, reuseport,
- cfg->ip_transparent,
- cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
- cfg->dnscrypt_port)) {
- listening_ports_free(list);
- return NULL;
- }
- } else {
- if(!do_ip4)
- continue;
- hints.ai_family = AF_INET;
- if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
- do_tcp, &hints, portbuf, &list,
- cfg->so_rcvbuf, cfg->so_sndbuf,
- cfg->ssl_port, reuseport,
- cfg->ip_transparent,
- cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
- cfg->dnscrypt_port)) {
- listening_ports_free(list);
- return NULL;
- }
- }
- }
- return list;
-}
-
-void listening_ports_free(struct listen_port* list)
-{
- struct listen_port* nx;
- while(list) {
- nx = list->next;
- if(list->fd != -1) {
-#ifndef USE_WINSOCK
- close(list->fd);
-#else
- closesocket(list->fd);
-#endif
- }
- free(list);
- list = nx;
- }
-}
-
-size_t listen_get_mem(struct listen_dnsport* listen)
-{
- struct listen_list* p;
- size_t s = sizeof(*listen) + sizeof(*listen->base) +
- sizeof(*listen->udp_buff) +
- sldns_buffer_capacity(listen->udp_buff);
-#ifdef USE_DNSCRYPT
- s += sizeof(*listen->dnscrypt_udp_buff);
- if(listen->udp_buff != listen->dnscrypt_udp_buff){
- s += sldns_buffer_capacity(listen->dnscrypt_udp_buff);
- }
-#endif
- for(p = listen->cps; p; p = p->next) {
- s += sizeof(*p);
- s += comm_point_get_mem(p->com);
- }
- return s;
-}
-
-void listen_stop_accept(struct listen_dnsport* listen)
-{
- /* do not stop the ones that have no tcp_free list
- * (they have already stopped listening) */
- struct listen_list* p;
- for(p=listen->cps; p; p=p->next) {
- if(p->com->type == comm_tcp_accept &&
- p->com->tcp_free != NULL) {
- comm_point_stop_listening(p->com);
- }
- }
-}
-
-void listen_start_accept(struct listen_dnsport* listen)
-{
- /* do not start the ones that have no tcp_free list, it is no
- * use to listen to them because they have no free tcp handlers */
- struct listen_list* p;
- for(p=listen->cps; p; p=p->next) {
- if(p->com->type == comm_tcp_accept &&
- p->com->tcp_free != NULL) {
- comm_point_start_listening(p->com, -1, -1);
- }
- }
-}
-
diff --git a/external/unbound/services/listen_dnsport.h b/external/unbound/services/listen_dnsport.h
deleted file mode 100644
index fac0f7970..000000000
--- a/external/unbound/services/listen_dnsport.h
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * services/listen_dnsport.h - listen on port 53 for incoming DNS queries.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file has functions to get queries from clients.
- */
-
-#ifndef LISTEN_DNSPORT_H
-#define LISTEN_DNSPORT_H
-
-#include "util/netevent.h"
-struct listen_list;
-struct config_file;
-struct addrinfo;
-struct sldns_buffer;
-
-/**
- * Listening for queries structure.
- * Contains list of query-listen sockets.
- */
-struct listen_dnsport {
- /** Base for select calls */
- struct comm_base* base;
-
- /** buffer shared by UDP connections, since there is only one
- datagram at any time. */
- struct sldns_buffer* udp_buff;
-#ifdef USE_DNSCRYPT
- struct sldns_buffer* dnscrypt_udp_buff;
-#endif
- /** list of comm points used to get incoming events */
- struct listen_list* cps;
-};
-
-/**
- * Single linked list to store event points.
- */
-struct listen_list {
- /** next in list */
- struct listen_list* next;
- /** event info */
- struct comm_point* com;
-};
-
-/**
- * type of ports
- */
-enum listen_type {
- /** udp type */
- listen_type_udp,
- /** tcp type */
- listen_type_tcp,
- /** udp ipv6 (v4mapped) for use with ancillary data */
- listen_type_udpancil,
- /** ssl over tcp type */
- listen_type_ssl,
- /** udp type + dnscrypt*/
- listen_type_udp_dnscrypt,
- /** tcp type + dnscrypt */
- listen_type_tcp_dnscrypt,
- /** udp ipv6 (v4mapped) for use with ancillary data + dnscrypt*/
- listen_type_udpancil_dnscrypt
-
-};
-
-/**
- * Single linked list to store shared ports that have been
- * opened for use by all threads.
- */
-struct listen_port {
- /** next in list */
- struct listen_port* next;
- /** file descriptor, open and ready for use */
- int fd;
- /** type of file descriptor, udp or tcp */
- enum listen_type ftype;
-};
-
-/**
- * Create shared listening ports
- * Getaddrinfo, create socket, bind and listen to zero or more
- * interfaces for IP4 and/or IP6, for UDP and/or TCP.
- * On the given port number. It creates the sockets.
- * @param cfg: settings on what ports to open.
- * @param reuseport: set to true if you want reuseport, or NULL to not have it,
- * set to false on exit if reuseport failed to apply (because of no
- * kernel support).
- * @return: linked list of ports or NULL on error.
- */
-struct listen_port* listening_ports_open(struct config_file* cfg,
- int* reuseport);
-
-/**
- * Close and delete the (list of) listening ports.
- */
-void listening_ports_free(struct listen_port* list);
-
-/**
- * Create commpoints with for this thread for the shared ports.
- * @param base: the comm_base that provides event functionality.
- * for default all ifs.
- * @param ports: the list of shared ports.
- * @param bufsize: size of datagram buffer.
- * @param tcp_accept_count: max number of simultaneous TCP connections
- * from clients.
- * @param sslctx: nonNULL if ssl context.
- * @param dtenv: nonNULL if dnstap enabled.
- * @param cb: callback function when a request arrives. It is passed
- * the packet and user argument. Return true to send a reply.
- * @param cb_arg: user data argument for callback function.
- * @return: the malloced listening structure, ready for use. NULL on error.
- */
-struct listen_dnsport* listen_create(struct comm_base* base,
- struct listen_port* ports, size_t bufsize, int tcp_accept_count,
- void* sslctx, struct dt_env *dtenv, comm_point_callback_type* cb,
- void* cb_arg);
-
-/**
- * delete the listening structure
- * @param listen: listening structure.
- */
-void listen_delete(struct listen_dnsport* listen);
-
-/**
- * delete listen_list of commpoints. Calls commpointdelete() on items.
- * This may close the fds or not depending on flags.
- * @param list: to delete.
- */
-void listen_list_delete(struct listen_list* list);
-
-/**
- * get memory size used by the listening structs
- * @param listen: listening structure.
- * @return: size in bytes.
- */
-size_t listen_get_mem(struct listen_dnsport* listen);
-
-/**
- * stop accept handlers for TCP (until enabled again)
- * @param listen: listening structure.
- */
-void listen_stop_accept(struct listen_dnsport* listen);
-
-/**
- * start accept handlers for TCP (was stopped before)
- * @param listen: listening structure.
- */
-void listen_start_accept(struct listen_dnsport* listen);
-
-/**
- * Create and bind nonblocking UDP socket
- * @param family: for socket call.
- * @param socktype: for socket call.
- * @param addr: for bind call.
- * @param addrlen: for bind call.
- * @param v6only: if enabled, IP6 sockets get IP6ONLY option set.
- * if enabled with value 2 IP6ONLY option is disabled.
- * @param inuse: on error, this is set true if the port was in use.
- * @param noproto: on error, this is set true if cause is that the
- IPv6 proto (family) is not available.
- * @param rcv: set size on rcvbuf with socket option, if 0 it is not set.
- * @param snd: set size on sndbuf with socket option, if 0 it is not set.
- * @param listen: if true, this is a listening UDP port, eg port 53, and
- * set SO_REUSEADDR on it.
- * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on
- * listening UDP port. Set to false on return if it failed to do so.
- * @param transparent: set IP_TRANSPARENT socket option.
- * @param freebind: set IP_FREEBIND socket option.
- * @param use_systemd: if true, fetch sockets from systemd.
- * @return: the socket. -1 on error.
- */
-int create_udp_sock(int family, int socktype, struct sockaddr* addr,
- socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv,
- int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd);
-
-/**
- * Create and bind TCP listening socket
- * @param addr: address info ready to make socket.
- * @param v6only: enable ip6 only flag on ip6 sockets.
- * @param noproto: if error caused by lack of protocol support.
- * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on
- * listening UDP port. Set to false on return if it failed to do so.
- * @param transparent: set IP_TRANSPARENT socket option.
- * @param mss: maximum segment size of the socket. if zero, leaves the default.
- * @param freebind: set IP_FREEBIND socket option.
- * @param use_systemd: if true, fetch sockets from systemd.
- * @return: the socket. -1 on error.
- */
-int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
- int* reuseport, int transparent, int mss, int freebind, int use_systemd);
-
-/**
- * Create and bind local listening socket
- * @param path: path to the socket.
- * @param noproto: on error, this is set true if cause is that local sockets
- * are not supported.
- * @param use_systemd: if true, fetch sockets from systemd.
- * @return: the socket. -1 on error.
- */
-int create_local_accept_sock(const char* path, int* noproto, int use_systemd);
-
-#endif /* LISTEN_DNSPORT_H */
diff --git a/external/unbound/services/localzone.c b/external/unbound/services/localzone.c
deleted file mode 100644
index dcce46e86..000000000
--- a/external/unbound/services/localzone.c
+++ /dev/null
@@ -1,1846 +0,0 @@
-/*
- * services/localzone.c - local zones authority service.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to enable local zone authority service.
- */
-#include "config.h"
-#include "services/localzone.h"
-#include "sldns/str2wire.h"
-#include "sldns/sbuffer.h"
-#include "util/regional.h"
-#include "util/config_file.h"
-#include "util/data/dname.h"
-#include "util/data/packed_rrset.h"
-#include "util/data/msgencode.h"
-#include "util/net_help.h"
-#include "util/netevent.h"
-#include "util/data/msgreply.h"
-#include "util/data/msgparse.h"
-#include "util/as112.h"
-#include "util/config_file.h"
-
-/* maximum RRs in an RRset, to cap possible 'endless' list RRs.
- * with 16 bytes for an A record, a 64K packet has about 4000 max */
-#define LOCALZONE_RRSET_COUNT_MAX 4096
-
-struct local_zones*
-local_zones_create(void)
-{
- struct local_zones* zones = (struct local_zones*)calloc(1,
- sizeof(*zones));
- if(!zones)
- return NULL;
- rbtree_init(&zones->ztree, &local_zone_cmp);
- lock_rw_init(&zones->lock);
- lock_protect(&zones->lock, &zones->ztree, sizeof(zones->ztree));
- /* also lock protects the rbnode's in struct local_zone */
- return zones;
-}
-
-/** helper traverse to delete zones */
-static void
-lzdel(rbnode_type* n, void* ATTR_UNUSED(arg))
-{
- struct local_zone* z = (struct local_zone*)n->key;
- local_zone_delete(z);
-}
-
-void
-local_zones_delete(struct local_zones* zones)
-{
- if(!zones)
- return;
- lock_rw_destroy(&zones->lock);
- /* walk through zones and delete them all */
- traverse_postorder(&zones->ztree, lzdel, NULL);
- free(zones);
-}
-
-void
-local_zone_delete(struct local_zone* z)
-{
- if(!z)
- return;
- lock_rw_destroy(&z->lock);
- regional_destroy(z->region);
- free(z->name);
- free(z->taglist);
- free(z);
-}
-
-int
-local_zone_cmp(const void* z1, const void* z2)
-{
- /* first sort on class, so that hierarchy can be maintained within
- * a class */
- struct local_zone* a = (struct local_zone*)z1;
- struct local_zone* b = (struct local_zone*)z2;
- int m;
- if(a->dclass != b->dclass) {
- if(a->dclass < b->dclass)
- return -1;
- return 1;
- }
- return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
-}
-
-int
-local_data_cmp(const void* d1, const void* d2)
-{
- struct local_data* a = (struct local_data*)d1;
- struct local_data* b = (struct local_data*)d2;
- int m;
- return dname_canon_lab_cmp(a->name, a->namelabs, b->name,
- b->namelabs, &m);
-}
-
-/* form wireformat from text format domain name */
-int
-parse_dname(const char* str, uint8_t** res, size_t* len, int* labs)
-{
- *res = sldns_str2wire_dname(str, len);
- *labs = 0;
- if(!*res) {
- log_err("cannot parse name %s", str);
- return 0;
- }
- *labs = dname_count_size_labels(*res, len);
- return 1;
-}
-
-/** create a new localzone */
-static struct local_zone*
-local_zone_create(uint8_t* nm, size_t len, int labs,
- enum localzone_type t, uint16_t dclass)
-{
- struct local_zone* z = (struct local_zone*)calloc(1, sizeof(*z));
- if(!z) {
- return NULL;
- }
- z->node.key = z;
- z->dclass = dclass;
- z->type = t;
- z->name = nm;
- z->namelen = len;
- z->namelabs = labs;
- lock_rw_init(&z->lock);
- z->region = regional_create_custom(sizeof(struct regional));
- if(!z->region) {
- free(z);
- return NULL;
- }
- rbtree_init(&z->data, &local_data_cmp);
- lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_type));
- /* also the zones->lock protects node, parent, name*, class */
- return z;
-}
-
-/** enter a new zone with allocated dname returns with WRlock */
-static struct local_zone*
-lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len,
- int labs, enum localzone_type t, uint16_t c)
-{
- struct local_zone* z = local_zone_create(nm, len, labs, t, c);
- if(!z) {
- free(nm);
- log_err("out of memory");
- return NULL;
- }
-
- /* add to rbtree */
- lock_rw_wrlock(&zones->lock);
- lock_rw_wrlock(&z->lock);
- if(!rbtree_insert(&zones->ztree, &z->node)) {
- struct local_zone* oldz;
- log_warn("duplicate local-zone");
- lock_rw_unlock(&z->lock);
- /* save zone name locally before deallocation,
- * otherwise, nm is gone if we zone_delete now. */
- oldz = z;
- /* find the correct zone, so not an error for duplicate */
- z = local_zones_find(zones, nm, len, labs, c);
- lock_rw_wrlock(&z->lock);
- lock_rw_unlock(&zones->lock);
- local_zone_delete(oldz);
- return z;
- }
- lock_rw_unlock(&zones->lock);
- return z;
-}
-
-/** enter a new zone */
-static struct local_zone*
-lz_enter_zone(struct local_zones* zones, const char* name, const char* type,
- uint16_t dclass)
-{
- struct local_zone* z;
- enum localzone_type t;
- uint8_t* nm;
- size_t len;
- int labs;
- if(!parse_dname(name, &nm, &len, &labs)) {
- log_err("bad zone name %s %s", name, type);
- return NULL;
- }
- if(!local_zone_str2type(type, &t)) {
- log_err("bad lz_enter_zone type %s %s", name, type);
- free(nm);
- return NULL;
- }
- if(!(z=lz_enter_zone_dname(zones, nm, len, labs, t, dclass))) {
- log_err("could not enter zone %s %s", name, type);
- return NULL;
- }
- return z;
-}
-
-int
-rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type,
- uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len,
- uint8_t** rdata, size_t* rdata_len)
-{
- size_t dname_len = 0;
- int e = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600,
- NULL, 0, NULL, 0);
- if(e) {
- log_err("error parsing local-data at %d: '%s': %s",
- LDNS_WIREPARSE_OFFSET(e), str,
- sldns_get_errorstr_parse(e));
- return 0;
- }
- *nm = memdup(rr, dname_len);
- if(!*nm) {
- log_err("out of memory");
- return 0;
- }
- *dclass = sldns_wirerr_get_class(rr, len, dname_len);
- *type = sldns_wirerr_get_type(rr, len, dname_len);
- *ttl = (time_t)sldns_wirerr_get_ttl(rr, len, dname_len);
- *rdata = sldns_wirerr_get_rdatawl(rr, len, dname_len);
- *rdata_len = sldns_wirerr_get_rdatalen(rr, len, dname_len)+2;
- return 1;
-}
-
-/** return name and class of rr; parses string */
-static int
-get_rr_nameclass(const char* str, uint8_t** nm, uint16_t* dclass)
-{
- uint8_t rr[LDNS_RR_BUF_SIZE];
- size_t len = sizeof(rr), dname_len = 0;
- int s = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600,
- NULL, 0, NULL, 0);
- if(s != 0) {
- log_err("error parsing local-data at %d '%s': %s",
- LDNS_WIREPARSE_OFFSET(s), str,
- sldns_get_errorstr_parse(s));
- return 0;
- }
- *nm = memdup(rr, dname_len);
- *dclass = sldns_wirerr_get_class(rr, len, dname_len);
- if(!*nm) {
- log_err("out of memory");
- return 0;
- }
- return 1;
-}
-
-/**
- * Find an rrset in local data structure.
- * @param data: local data domain name structure.
- * @param type: type to look for (host order).
- * @param alias_ok: 1 if matching a non-exact, alias type such as CNAME is
- * allowed. otherwise 0.
- * @return rrset pointer or NULL if not found.
- */
-static struct local_rrset*
-local_data_find_type(struct local_data* data, uint16_t type, int alias_ok)
-{
- struct local_rrset* p;
- type = htons(type);
- for(p = data->rrsets; p; p = p->next) {
- if(p->rrset->rk.type == type)
- return p;
- if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME))
- return p;
- }
- return NULL;
-}
-
-/** check for RR duplicates */
-static int
-rr_is_duplicate(struct packed_rrset_data* pd, uint8_t* rdata, size_t rdata_len)
-{
- size_t i;
- for(i=0; i<pd->count; i++) {
- if(pd->rr_len[i] == rdata_len &&
- memcmp(pd->rr_data[i], rdata, rdata_len) == 0)
- return 1;
- }
- return 0;
-}
-
-/** new local_rrset */
-static struct local_rrset*
-new_local_rrset(struct regional* region, struct local_data* node,
- uint16_t rrtype, uint16_t rrclass)
-{
- struct packed_rrset_data* pd;
- struct local_rrset* rrset = (struct local_rrset*)
- regional_alloc_zero(region, sizeof(*rrset));
- if(!rrset) {
- log_err("out of memory");
- return NULL;
- }
- rrset->next = node->rrsets;
- node->rrsets = rrset;
- rrset->rrset = (struct ub_packed_rrset_key*)
- regional_alloc_zero(region, sizeof(*rrset->rrset));
- if(!rrset->rrset) {
- log_err("out of memory");
- return NULL;
- }
- rrset->rrset->entry.key = rrset->rrset;
- pd = (struct packed_rrset_data*)regional_alloc_zero(region,
- sizeof(*pd));
- if(!pd) {
- log_err("out of memory");
- return NULL;
- }
- pd->trust = rrset_trust_prim_noglue;
- pd->security = sec_status_insecure;
- rrset->rrset->entry.data = pd;
- rrset->rrset->rk.dname = node->name;
- rrset->rrset->rk.dname_len = node->namelen;
- rrset->rrset->rk.type = htons(rrtype);
- rrset->rrset->rk.rrset_class = htons(rrclass);
- return rrset;
-}
-
-/** insert RR into RRset data structure; Wastes a couple of bytes */
-int
-rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd,
- uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr)
-{
- size_t* oldlen = pd->rr_len;
- time_t* oldttl = pd->rr_ttl;
- uint8_t** olddata = pd->rr_data;
-
- /* add RR to rrset */
- if(pd->count > LOCALZONE_RRSET_COUNT_MAX) {
- log_warn("RRset '%s' has more than %d records, record ignored",
- rrstr, LOCALZONE_RRSET_COUNT_MAX);
- return 1;
- }
- pd->count++;
- pd->rr_len = regional_alloc(region, sizeof(*pd->rr_len)*pd->count);
- pd->rr_ttl = regional_alloc(region, sizeof(*pd->rr_ttl)*pd->count);
- pd->rr_data = regional_alloc(region, sizeof(*pd->rr_data)*pd->count);
- if(!pd->rr_len || !pd->rr_ttl || !pd->rr_data) {
- log_err("out of memory");
- return 0;
- }
- if(pd->count > 1) {
- memcpy(pd->rr_len+1, oldlen,
- sizeof(*pd->rr_len)*(pd->count-1));
- memcpy(pd->rr_ttl+1, oldttl,
- sizeof(*pd->rr_ttl)*(pd->count-1));
- memcpy(pd->rr_data+1, olddata,
- sizeof(*pd->rr_data)*(pd->count-1));
- }
- pd->rr_len[0] = rdata_len;
- pd->rr_ttl[0] = ttl;
- pd->rr_data[0] = regional_alloc_init(region, rdata, rdata_len);
- if(!pd->rr_data[0]) {
- log_err("out of memory");
- return 0;
- }
- return 1;
-}
-
-/** find a data node by exact name */
-static struct local_data*
-lz_find_node(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs)
-{
- struct local_data key;
- key.node.key = &key;
- key.name = nm;
- key.namelen = nmlen;
- key.namelabs = nmlabs;
- return (struct local_data*)rbtree_search(&z->data, &key.node);
-}
-
-/** find a node, create it if not and all its empty nonterminal parents */
-static int
-lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen,
- int nmlabs, struct local_data** res)
-{
- struct local_data* ld = lz_find_node(z, nm, nmlen, nmlabs);
- if(!ld) {
- /* create a domain name to store rr. */
- ld = (struct local_data*)regional_alloc_zero(z->region,
- sizeof(*ld));
- if(!ld) {
- log_err("out of memory adding local data");
- return 0;
- }
- ld->node.key = ld;
- ld->name = regional_alloc_init(z->region, nm, nmlen);
- if(!ld->name) {
- log_err("out of memory");
- return 0;
- }
- ld->namelen = nmlen;
- ld->namelabs = nmlabs;
- if(!rbtree_insert(&z->data, &ld->node)) {
- log_assert(0); /* duplicate name */
- }
- /* see if empty nonterminals need to be created */
- if(nmlabs > z->namelabs) {
- dname_remove_label(&nm, &nmlen);
- if(!lz_find_create_node(z, nm, nmlen, nmlabs-1, res))
- return 0;
- }
- }
- *res = ld;
- return 1;
-}
-
-/** enter data RR into auth zone */
-static int
-lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr)
-{
- uint8_t* nm;
- size_t nmlen;
- int nmlabs;
- struct local_data* node;
- struct local_rrset* rrset;
- struct packed_rrset_data* pd;
- uint16_t rrtype = 0, rrclass = 0;
- time_t ttl = 0;
- uint8_t rr[LDNS_RR_BUF_SIZE];
- uint8_t* rdata;
- size_t rdata_len;
- if(!rrstr_get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr,
- sizeof(rr), &rdata, &rdata_len)) {
- log_err("bad local-data: %s", rrstr);
- return 0;
- }
- log_assert(z->dclass == rrclass);
- if(z->type == local_zone_redirect &&
- query_dname_compare(z->name, nm) != 0) {
- log_err("local-data in redirect zone must reside at top of zone"
- ", not at %s", rrstr);
- free(nm);
- return 0;
- }
- nmlabs = dname_count_size_labels(nm, &nmlen);
- if(!lz_find_create_node(z, nm, nmlen, nmlabs, &node)) {
- free(nm);
- return 0;
- }
- log_assert(node);
- free(nm);
-
- /* Reject it if we would end up having CNAME and other data (including
- * another CNAME) for a redirect zone. */
- if(z->type == local_zone_redirect && node->rrsets) {
- const char* othertype = NULL;
- if (rrtype == LDNS_RR_TYPE_CNAME)
- othertype = "other";
- else if (node->rrsets->rrset->rk.type ==
- htons(LDNS_RR_TYPE_CNAME)) {
- othertype = "CNAME";
- }
- if(othertype) {
- log_err("local-data '%s' in redirect zone must not "
- "coexist with %s local-data", rrstr, othertype);
- return 0;
- }
- }
- rrset = local_data_find_type(node, rrtype, 0);
- if(!rrset) {
- rrset = new_local_rrset(z->region, node, rrtype, rrclass);
- if(!rrset)
- return 0;
- if(query_dname_compare(node->name, z->name) == 0) {
- if(rrtype == LDNS_RR_TYPE_NSEC)
- rrset->rrset->rk.flags = PACKED_RRSET_NSEC_AT_APEX;
- if(rrtype == LDNS_RR_TYPE_SOA)
- z->soa = rrset->rrset;
- }
- }
- pd = (struct packed_rrset_data*)rrset->rrset->entry.data;
- log_assert(rrset && pd);
-
- /* check for duplicate RR */
- if(rr_is_duplicate(pd, rdata, rdata_len)) {
- verbose(VERB_ALGO, "ignoring duplicate RR: %s", rrstr);
- return 1;
- }
- return rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr);
-}
-
-/** enter a data RR into auth data; a zone for it must exist */
-static int
-lz_enter_rr_str(struct local_zones* zones, const char* rr)
-{
- uint8_t* rr_name;
- uint16_t rr_class;
- size_t len;
- int labs;
- struct local_zone* z;
- int r;
- if(!get_rr_nameclass(rr, &rr_name, &rr_class)) {
- log_err("bad rr %s", rr);
- return 0;
- }
- labs = dname_count_size_labels(rr_name, &len);
- lock_rw_rdlock(&zones->lock);
- z = local_zones_lookup(zones, rr_name, len, labs, rr_class);
- if(!z) {
- lock_rw_unlock(&zones->lock);
- fatal_exit("internal error: no zone for rr %s", rr);
- }
- lock_rw_wrlock(&z->lock);
- lock_rw_unlock(&zones->lock);
- free(rr_name);
- r = lz_enter_rr_into_zone(z, rr);
- lock_rw_unlock(&z->lock);
- return r;
-}
-
-/** enter tagstring into zone */
-static int
-lz_enter_zone_tag(struct local_zones* zones, char* zname, uint8_t* list,
- size_t len, uint16_t rr_class)
-{
- uint8_t dname[LDNS_MAX_DOMAINLEN+1];
- size_t dname_len = sizeof(dname);
- int dname_labs, r = 0;
- struct local_zone* z;
-
- if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) {
- log_err("cannot parse zone name in local-zone-tag: %s", zname);
- return 0;
- }
- dname_labs = dname_count_labels(dname);
-
- lock_rw_rdlock(&zones->lock);
- z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class);
- if(!z) {
- lock_rw_unlock(&zones->lock);
- log_err("no local-zone for tag %s", zname);
- return 0;
- }
- lock_rw_wrlock(&z->lock);
- lock_rw_unlock(&zones->lock);
- free(z->taglist);
- z->taglist = memdup(list, len);
- z->taglen = len;
- if(z->taglist)
- r = 1;
- lock_rw_unlock(&z->lock);
- return r;
-}
-
-/** enter override into zone */
-static int
-lz_enter_override(struct local_zones* zones, char* zname, char* netblock,
- char* type, uint16_t rr_class)
-{
- uint8_t dname[LDNS_MAX_DOMAINLEN+1];
- size_t dname_len = sizeof(dname);
- int dname_labs;
- struct sockaddr_storage addr;
- int net;
- socklen_t addrlen;
- struct local_zone* z;
- enum localzone_type t;
-
- /* parse zone name */
- if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) {
- log_err("cannot parse zone name in local-zone-override: %s %s",
- zname, netblock);
- return 0;
- }
- dname_labs = dname_count_labels(dname);
-
- /* parse netblock */
- if(!netblockstrtoaddr(netblock, UNBOUND_DNS_PORT, &addr, &addrlen,
- &net)) {
- log_err("cannot parse netblock in local-zone-override: %s %s",
- zname, netblock);
- return 0;
- }
-
- /* parse zone type */
- if(!local_zone_str2type(type, &t)) {
- log_err("cannot parse type in local-zone-override: %s %s %s",
- zname, netblock, type);
- return 0;
- }
-
- /* find localzone entry */
- lock_rw_rdlock(&zones->lock);
- z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class);
- if(!z) {
- lock_rw_unlock(&zones->lock);
- log_err("no local-zone for local-zone-override %s", zname);
- return 0;
- }
- lock_rw_wrlock(&z->lock);
- lock_rw_unlock(&zones->lock);
-
- /* create netblock addr_tree if not present yet */
- if(!z->override_tree) {
- z->override_tree = (struct rbtree_type*)regional_alloc_zero(
- z->region, sizeof(*z->override_tree));
- if(!z->override_tree) {
- lock_rw_unlock(&z->lock);
- log_err("out of memory");
- return 0;
- }
- addr_tree_init(z->override_tree);
- }
- /* add new elem to tree */
- if(z->override_tree) {
- struct local_zone_override* n;
- n = (struct local_zone_override*)regional_alloc_zero(
- z->region, sizeof(*n));
- if(!n) {
- lock_rw_unlock(&z->lock);
- log_err("out of memory");
- return 0;
- }
- n->type = t;
- if(!addr_tree_insert(z->override_tree,
- (struct addr_tree_node*)n, &addr, addrlen, net)) {
- lock_rw_unlock(&z->lock);
- log_err("duplicate local-zone-override %s %s",
- zname, netblock);
- return 1;
- }
- }
-
- lock_rw_unlock(&z->lock);
- return 1;
-}
-
-/** parse local-zone: statements */
-static int
-lz_enter_zones(struct local_zones* zones, struct config_file* cfg)
-{
- struct config_str2list* p;
- struct local_zone* z;
- for(p = cfg->local_zones; p; p = p->next) {
- if(!(z=lz_enter_zone(zones, p->str, p->str2,
- LDNS_RR_CLASS_IN)))
- return 0;
- lock_rw_unlock(&z->lock);
- }
- return 1;
-}
-
-/** lookup a zone in rbtree; exact match only; SLOW due to parse */
-static int
-lz_exists(struct local_zones* zones, const char* name)
-{
- struct local_zone z;
- z.node.key = &z;
- z.dclass = LDNS_RR_CLASS_IN;
- if(!parse_dname(name, &z.name, &z.namelen, &z.namelabs)) {
- log_err("bad name %s", name);
- return 0;
- }
- lock_rw_rdlock(&zones->lock);
- if(rbtree_search(&zones->ztree, &z.node)) {
- lock_rw_unlock(&zones->lock);
- free(z.name);
- return 1;
- }
- lock_rw_unlock(&zones->lock);
- free(z.name);
- return 0;
-}
-
-/** lookup a zone in cfg->nodefault list */
-static int
-lz_nodefault(struct config_file* cfg, const char* name)
-{
- struct config_strlist* p;
- size_t len = strlen(name);
- if(len == 0) return 0;
- if(name[len-1] == '.') len--;
-
- for(p = cfg->local_zones_nodefault; p; p = p->next) {
- /* compare zone name, lowercase, compare without ending . */
- if(strncasecmp(p->str, name, len) == 0 &&
- (strlen(p->str) == len || (strlen(p->str)==len+1 &&
- p->str[len] == '.')))
- return 1;
- }
- return 0;
-}
-
-/** enter AS112 default zone */
-static int
-add_as112_default(struct local_zones* zones, struct config_file* cfg,
- const char* name)
-{
- struct local_zone* z;
- char str[1024]; /* known long enough */
- if(lz_exists(zones, name) || lz_nodefault(cfg, name))
- return 1; /* do not enter default content */
- if(!(z=lz_enter_zone(zones, name, "static", LDNS_RR_CLASS_IN)))
- return 0;
- snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. "
- "nobody.invalid. 1 3600 1200 604800 10800", name);
- if(!lz_enter_rr_into_zone(z, str)) {
- lock_rw_unlock(&z->lock);
- return 0;
- }
- snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name);
- if(!lz_enter_rr_into_zone(z, str)) {
- lock_rw_unlock(&z->lock);
- return 0;
- }
- lock_rw_unlock(&z->lock);
- return 1;
-}
-
-/** enter default zones */
-static int
-lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
-{
- struct local_zone* z;
- const char** zstr;
-
- /* this list of zones is from RFC 6303 and RFC 7686 */
-
- /* block localhost level zones first, then onion and later the LAN zones */
-
- /* localhost. zone */
- if(!lz_exists(zones, "localhost.") &&
- !lz_nodefault(cfg, "localhost.")) {
- if(!(z=lz_enter_zone(zones, "localhost.", "static",
- LDNS_RR_CLASS_IN)) ||
- !lz_enter_rr_into_zone(z,
- "localhost. 10800 IN NS localhost.") ||
- !lz_enter_rr_into_zone(z,
- "localhost. 10800 IN SOA localhost. nobody.invalid. "
- "1 3600 1200 604800 10800") ||
- !lz_enter_rr_into_zone(z,
- "localhost. 10800 IN A 127.0.0.1") ||
- !lz_enter_rr_into_zone(z,
- "localhost. 10800 IN AAAA ::1")) {
- log_err("out of memory adding default zone");
- if(z) { lock_rw_unlock(&z->lock); }
- return 0;
- }
- lock_rw_unlock(&z->lock);
- }
- /* reverse ip4 zone */
- if(!lz_exists(zones, "127.in-addr.arpa.") &&
- !lz_nodefault(cfg, "127.in-addr.arpa.")) {
- if(!(z=lz_enter_zone(zones, "127.in-addr.arpa.", "static",
- LDNS_RR_CLASS_IN)) ||
- !lz_enter_rr_into_zone(z,
- "127.in-addr.arpa. 10800 IN NS localhost.") ||
- !lz_enter_rr_into_zone(z,
- "127.in-addr.arpa. 10800 IN SOA localhost. "
- "nobody.invalid. 1 3600 1200 604800 10800") ||
- !lz_enter_rr_into_zone(z,
- "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.")) {
- log_err("out of memory adding default zone");
- if(z) { lock_rw_unlock(&z->lock); }
- return 0;
- }
- lock_rw_unlock(&z->lock);
- }
- /* reverse ip6 zone */
- if(!lz_exists(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") &&
- !lz_nodefault(cfg, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.")) {
- if(!(z=lz_enter_zone(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", "static",
- LDNS_RR_CLASS_IN)) ||
- !lz_enter_rr_into_zone(z,
- "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost.") ||
- !lz_enter_rr_into_zone(z,
- "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. "
- "nobody.invalid. 1 3600 1200 604800 10800") ||
- !lz_enter_rr_into_zone(z,
- "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.")) {
- log_err("out of memory adding default zone");
- if(z) { lock_rw_unlock(&z->lock); }
- return 0;
- }
- lock_rw_unlock(&z->lock);
- }
- /* onion. zone (RFC 7686) */
- if(!lz_exists(zones, "onion.") &&
- !lz_nodefault(cfg, "onion.")) {
- if(!(z=lz_enter_zone(zones, "onion.", "static",
- LDNS_RR_CLASS_IN)) ||
- !lz_enter_rr_into_zone(z,
- "onion. 10800 IN NS localhost.") ||
- !lz_enter_rr_into_zone(z,
- "onion. 10800 IN SOA localhost. nobody.invalid. "
- "1 3600 1200 604800 10800")) {
- log_err("out of memory adding default zone");
- if(z) { lock_rw_unlock(&z->lock); }
- return 0;
- }
- lock_rw_unlock(&z->lock);
- }
-
- /* block AS112 zones, unless asked not to */
- if(!cfg->unblock_lan_zones) {
- for(zstr = as112_zones; *zstr; zstr++) {
- if(!add_as112_default(zones, cfg, *zstr)) {
- log_err("out of memory adding default zone");
- return 0;
- }
- }
- }
- return 1;
-}
-
-/** parse local-zone-override: statements */
-static int
-lz_enter_overrides(struct local_zones* zones, struct config_file* cfg)
-{
- struct config_str3list* p;
- for(p = cfg->local_zone_overrides; p; p = p->next) {
- if(!lz_enter_override(zones, p->str, p->str2, p->str3,
- LDNS_RR_CLASS_IN))
- return 0;
- }
- return 1;
-}
-
-/** setup parent pointers, so that a lookup can be done for closest match */
-static void
-init_parents(struct local_zones* zones)
-{
- struct local_zone* node, *prev = NULL, *p;
- int m;
- lock_rw_wrlock(&zones->lock);
- RBTREE_FOR(node, struct local_zone*, &zones->ztree) {
- lock_rw_wrlock(&node->lock);
- node->parent = NULL;
- if(!prev || prev->dclass != node->dclass) {
- prev = node;
- lock_rw_unlock(&node->lock);
- continue;
- }
- (void)dname_lab_cmp(prev->name, prev->namelabs, node->name,
- node->namelabs, &m); /* we know prev is smaller */
- /* sort order like: . com. bla.com. zwb.com. net. */
- /* find the previous, or parent-parent-parent */
- for(p = prev; p; p = p->parent)
- /* looking for name with few labels, a parent */
- if(p->namelabs <= m) {
- /* ==: since prev matched m, this is closest*/
- /* <: prev matches more, but is not a parent,
- * this one is a (grand)parent */
- node->parent = p;
- break;
- }
- prev = node;
-
- if(node->override_tree)
- addr_tree_init_parents(node->override_tree);
- lock_rw_unlock(&node->lock);
- }
- lock_rw_unlock(&zones->lock);
-}
-
-/** enter implicit transparent zone for local-data: without local-zone: */
-static int
-lz_setup_implicit(struct local_zones* zones, struct config_file* cfg)
-{
- /* walk over all items that have no parent zone and find
- * the name that covers them all (could be the root) and
- * add that as a transparent zone */
- struct config_strlist* p;
- int have_name = 0;
- int have_other_classes = 0;
- uint16_t dclass = 0;
- uint8_t* nm = 0;
- size_t nmlen = 0;
- int nmlabs = 0;
- int match = 0; /* number of labels match count */
-
- init_parents(zones); /* to enable local_zones_lookup() */
- for(p = cfg->local_data; p; p = p->next) {
- uint8_t* rr_name;
- uint16_t rr_class;
- size_t len;
- int labs;
- if(!get_rr_nameclass(p->str, &rr_name, &rr_class)) {
- log_err("Bad local-data RR %s", p->str);
- return 0;
- }
- labs = dname_count_size_labels(rr_name, &len);
- lock_rw_rdlock(&zones->lock);
- if(!local_zones_lookup(zones, rr_name, len, labs, rr_class)) {
- if(!have_name) {
- dclass = rr_class;
- nm = rr_name;
- nmlen = len;
- nmlabs = labs;
- match = labs;
- have_name = 1;
- } else {
- int m;
- if(rr_class != dclass) {
- /* process other classes later */
- free(rr_name);
- have_other_classes = 1;
- lock_rw_unlock(&zones->lock);
- continue;
- }
- /* find smallest shared topdomain */
- (void)dname_lab_cmp(nm, nmlabs,
- rr_name, labs, &m);
- free(rr_name);
- if(m < match)
- match = m;
- }
- } else free(rr_name);
- lock_rw_unlock(&zones->lock);
- }
- if(have_name) {
- uint8_t* n2;
- struct local_zone* z;
- /* allocate zone of smallest shared topdomain to contain em */
- n2 = nm;
- dname_remove_labels(&n2, &nmlen, nmlabs - match);
- n2 = memdup(n2, nmlen);
- free(nm);
- if(!n2) {
- log_err("out of memory");
- return 0;
- }
- log_nametypeclass(VERB_ALGO, "implicit transparent local-zone",
- n2, 0, dclass);
- if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match,
- local_zone_transparent, dclass))) {
- return 0;
- }
- lock_rw_unlock(&z->lock);
- }
- if(have_other_classes) {
- /* restart to setup other class */
- return lz_setup_implicit(zones, cfg);
- }
- return 1;
-}
-
-/** enter local-zone-tag info */
-static int
-lz_enter_zone_tags(struct local_zones* zones, struct config_file* cfg)
-{
- struct config_strbytelist* p;
- int c = 0;
- for(p = cfg->local_zone_tags; p; p = p->next) {
- if(!lz_enter_zone_tag(zones, p->str, p->str2, p->str2len,
- LDNS_RR_CLASS_IN))
- return 0;
- c++;
- }
- if(c) verbose(VERB_ALGO, "applied tags to %d local zones", c);
- return 1;
-}
-
-/** enter auth data */
-static int
-lz_enter_data(struct local_zones* zones, struct config_file* cfg)
-{
- struct config_strlist* p;
- for(p = cfg->local_data; p; p = p->next) {
- if(!lz_enter_rr_str(zones, p->str))
- return 0;
- }
- return 1;
-}
-
-/** free memory from config */
-static void
-lz_freeup_cfg(struct config_file* cfg)
-{
- config_deldblstrlist(cfg->local_zones);
- cfg->local_zones = NULL;
- config_delstrlist(cfg->local_zones_nodefault);
- cfg->local_zones_nodefault = NULL;
- config_delstrlist(cfg->local_data);
- cfg->local_data = NULL;
-}
-
-int
-local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg)
-{
- /* create zones from zone statements. */
- if(!lz_enter_zones(zones, cfg)) {
- return 0;
- }
- /* apply default zones+content (unless disabled, or overridden) */
- if(!lz_enter_defaults(zones, cfg)) {
- return 0;
- }
- /* enter local zone overrides */
- if(!lz_enter_overrides(zones, cfg)) {
- return 0;
- }
- /* create implicit transparent zone from data. */
- if(!lz_setup_implicit(zones, cfg)) {
- return 0;
- }
-
- /* setup parent ptrs for lookup during data entry */
- init_parents(zones);
- /* insert local zone tags */
- if(!lz_enter_zone_tags(zones, cfg)) {
- return 0;
- }
- /* insert local data */
- if(!lz_enter_data(zones, cfg)) {
- return 0;
- }
- /* freeup memory from cfg struct. */
- lz_freeup_cfg(cfg);
- return 1;
-}
-
-struct local_zone*
-local_zones_lookup(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass)
-{
- return local_zones_tags_lookup(zones, name, len, labs,
- dclass, NULL, 0, 1);
-}
-
-struct local_zone*
-local_zones_tags_lookup(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass,
- uint8_t* taglist, size_t taglen, int ignoretags)
-{
- rbnode_type* res = NULL;
- struct local_zone *result;
- struct local_zone key;
- int m;
- key.node.key = &key;
- key.dclass = dclass;
- key.name = name;
- key.namelen = len;
- key.namelabs = labs;
- rbtree_find_less_equal(&zones->ztree, &key, &res);
- result = (struct local_zone*)res;
- /* exact or smaller element (or no element) */
- if(!result || result->dclass != dclass)
- return NULL;
- /* count number of labels matched */
- (void)dname_lab_cmp(result->name, result->namelabs, key.name,
- key.namelabs, &m);
- while(result) { /* go up until qname is zone or subdomain of zone */
- if(result->namelabs <= m)
- if(ignoretags || !result->taglist ||
- taglist_intersect(result->taglist,
- result->taglen, taglist, taglen))
- break;
- result = result->parent;
- }
- return result;
-}
-
-struct local_zone*
-local_zones_find(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass)
-{
- struct local_zone key;
- key.node.key = &key;
- key.dclass = dclass;
- key.name = name;
- key.namelen = len;
- key.namelabs = labs;
- /* exact */
- return (struct local_zone*)rbtree_search(&zones->ztree, &key);
-}
-
-/** print all RRsets in local zone */
-static void
-local_zone_out(struct local_zone* z)
-{
- struct local_data* d;
- struct local_rrset* p;
- RBTREE_FOR(d, struct local_data*, &z->data) {
- for(p = d->rrsets; p; p = p->next) {
- log_nametypeclass(0, "rrset", d->name,
- ntohs(p->rrset->rk.type),
- ntohs(p->rrset->rk.rrset_class));
- }
- }
-}
-
-void local_zones_print(struct local_zones* zones)
-{
- struct local_zone* z;
- lock_rw_rdlock(&zones->lock);
- log_info("number of auth zones %u", (unsigned)zones->ztree.count);
- RBTREE_FOR(z, struct local_zone*, &zones->ztree) {
- lock_rw_rdlock(&z->lock);
- switch(z->type) {
- case local_zone_deny:
- log_nametypeclass(0, "deny zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_refuse:
- log_nametypeclass(0, "refuse zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_redirect:
- log_nametypeclass(0, "redirect zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_transparent:
- log_nametypeclass(0, "transparent zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_typetransparent:
- log_nametypeclass(0, "typetransparent zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_static:
- log_nametypeclass(0, "static zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_inform:
- log_nametypeclass(0, "inform zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_inform_deny:
- log_nametypeclass(0, "inform_deny zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_always_transparent:
- log_nametypeclass(0, "always_transparent zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_always_refuse:
- log_nametypeclass(0, "always_refuse zone",
- z->name, 0, z->dclass);
- break;
- case local_zone_always_nxdomain:
- log_nametypeclass(0, "always_nxdomain zone",
- z->name, 0, z->dclass);
- break;
- default:
- log_nametypeclass(0, "badtyped zone",
- z->name, 0, z->dclass);
- break;
- }
- local_zone_out(z);
- lock_rw_unlock(&z->lock);
- }
- lock_rw_unlock(&zones->lock);
-}
-
-/** encode answer consisting of 1 rrset */
-static int
-local_encode(struct query_info* qinfo, struct module_env* env,
- struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
- struct ub_packed_rrset_key* rrset, int ansec, int rcode)
-{
- struct reply_info rep;
- uint16_t udpsize;
- /* make answer with time=0 for fixed TTL values */
- memset(&rep, 0, sizeof(rep));
- rep.flags = (uint16_t)((BIT_QR | BIT_AA | BIT_RA) | rcode);
- rep.qdcount = 1;
- if(ansec)
- rep.an_numrrsets = 1;
- else rep.ns_numrrsets = 1;
- rep.rrset_count = 1;
- rep.rrsets = &rrset;
- udpsize = edns->udp_size;
- edns->edns_version = EDNS_ADVERTISED_VERSION;
- edns->udp_size = EDNS_ADVERTISED_SIZE;
- edns->ext_rcode = 0;
- edns->bits &= EDNS_DO;
- if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns, temp)
- || !reply_info_answer_encode(qinfo, &rep,
- *(uint16_t*)sldns_buffer_begin(buf),
- sldns_buffer_read_u16_at(buf, 2),
- buf, 0, 0, temp, udpsize, edns,
- (int)(edns->bits&EDNS_DO), 0))
- error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
- *(uint16_t*)sldns_buffer_begin(buf),
- sldns_buffer_read_u16_at(buf, 2), edns);
- return 1;
-}
-
-/** encode local error answer */
-static void
-local_error_encode(struct query_info* qinfo, struct module_env* env,
- struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
- int rcode, int r)
-{
- edns->edns_version = EDNS_ADVERTISED_VERSION;
- edns->udp_size = EDNS_ADVERTISED_SIZE;
- edns->ext_rcode = 0;
- edns->bits &= EDNS_DO;
-
- if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
- rcode, edns, temp))
- edns->opt_list = NULL;
- error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
- sldns_buffer_read_u16_at(buf, 2), edns);
-}
-
-/** find local data tag string match for the given type in the list */
-int
-local_data_find_tag_datas(const struct query_info* qinfo,
- struct config_strlist* list, struct ub_packed_rrset_key* r,
- struct regional* temp)
-{
- struct config_strlist* p;
- char buf[65536];
- uint8_t rr[LDNS_RR_BUF_SIZE];
- size_t len;
- int res;
- struct packed_rrset_data* d;
- for(p=list; p; p=p->next) {
- uint16_t rdr_type;
-
- len = sizeof(rr);
- /* does this element match the type? */
- snprintf(buf, sizeof(buf), ". %s", p->str);
- res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600,
- NULL, 0, NULL, 0);
- if(res != 0)
- /* parse errors are already checked before, in
- * acllist check_data, skip this for robustness */
- continue;
- if(len < 1 /* . */ + 8 /* typeclassttl*/ + 2 /*rdatalen*/)
- continue;
- rdr_type = sldns_wirerr_get_type(rr, len, 1);
- if(rdr_type != qinfo->qtype && rdr_type != LDNS_RR_TYPE_CNAME)
- continue;
-
- /* do we have entries already? if not setup key */
- if(r->rk.dname == NULL) {
- r->entry.key = r;
- r->rk.dname = qinfo->qname;
- r->rk.dname_len = qinfo->qname_len;
- r->rk.type = htons(rdr_type);
- r->rk.rrset_class = htons(qinfo->qclass);
- r->rk.flags = 0;
- d = (struct packed_rrset_data*)regional_alloc_zero(
- temp, sizeof(struct packed_rrset_data)
- + sizeof(size_t) + sizeof(uint8_t*) +
- sizeof(time_t));
- if(!d) return 0; /* out of memory */
- r->entry.data = d;
- d->ttl = sldns_wirerr_get_ttl(rr, len, 1);
- d->rr_len = (size_t*)((uint8_t*)d +
- sizeof(struct packed_rrset_data));
- d->rr_data = (uint8_t**)&(d->rr_len[1]);
- d->rr_ttl = (time_t*)&(d->rr_data[1]);
- }
- d = (struct packed_rrset_data*)r->entry.data;
- /* add entry to the data */
- if(d->count != 0) {
- size_t* oldlen = d->rr_len;
- uint8_t** olddata = d->rr_data;
- time_t* oldttl = d->rr_ttl;
- /* increase arrays for lookup */
- /* this is of course slow for very many records,
- * but most redirects are expected with few records */
- d->rr_len = (size_t*)regional_alloc_zero(temp,
- (d->count+1)*sizeof(size_t));
- d->rr_data = (uint8_t**)regional_alloc_zero(temp,
- (d->count+1)*sizeof(uint8_t*));
- d->rr_ttl = (time_t*)regional_alloc_zero(temp,
- (d->count+1)*sizeof(time_t));
- if(!d->rr_len || !d->rr_data || !d->rr_ttl)
- return 0; /* out of memory */
- /* first one was allocated after struct d, but new
- * ones get their own array increment alloc, so
- * copy old content */
- memmove(d->rr_len, oldlen, d->count*sizeof(size_t));
- memmove(d->rr_data, olddata, d->count*sizeof(uint8_t*));
- memmove(d->rr_ttl, oldttl, d->count*sizeof(time_t));
- }
-
- d->rr_len[d->count] = sldns_wirerr_get_rdatalen(rr, len, 1)+2;
- d->rr_ttl[d->count] = sldns_wirerr_get_ttl(rr, len, 1);
- d->rr_data[d->count] = regional_alloc_init(temp,
- sldns_wirerr_get_rdatawl(rr, len, 1),
- d->rr_len[d->count]);
- if(!d->rr_data[d->count])
- return 0; /* out of memory */
- d->count++;
- }
- if(r->rk.dname)
- return 1;
- return 0;
-}
-
-static int
-find_tag_datas(struct query_info* qinfo, struct config_strlist* list,
- struct ub_packed_rrset_key* r, struct regional* temp)
-{
- int result = local_data_find_tag_datas(qinfo, list, r, temp);
-
- /* If we've found a non-exact alias type of local data, make a shallow
- * copy of the RRset and remember it in qinfo to complete the alias
- * chain later. */
- if(result && qinfo->qtype != LDNS_RR_TYPE_CNAME &&
- r->rk.type == htons(LDNS_RR_TYPE_CNAME)) {
- qinfo->local_alias =
- regional_alloc_zero(temp, sizeof(struct local_rrset));
- if(!qinfo->local_alias)
- return 0; /* out of memory */
- qinfo->local_alias->rrset =
- regional_alloc_init(temp, r, sizeof(*r));
- if(!qinfo->local_alias->rrset)
- return 0; /* out of memory */
- }
- return result;
-}
-
-/** answer local data match */
-static int
-local_data_answer(struct local_zone* z, struct module_env* env,
- struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
- struct regional* temp, int labs, struct local_data** ldp,
- enum localzone_type lz_type, int tag, struct config_strlist** tag_datas,
- size_t tag_datas_size, char** tagname, int num_tags)
-{
- struct local_data key;
- struct local_data* ld;
- struct local_rrset* lr;
- key.node.key = &key;
- key.name = qinfo->qname;
- key.namelen = qinfo->qname_len;
- key.namelabs = labs;
- if(lz_type == local_zone_redirect) {
- key.name = z->name;
- key.namelen = z->namelen;
- key.namelabs = z->namelabs;
- if(tag != -1 && (size_t)tag<tag_datas_size && tag_datas[tag]) {
- struct ub_packed_rrset_key r;
- memset(&r, 0, sizeof(r));
- if(find_tag_datas(qinfo, tag_datas[tag], &r, temp)) {
- verbose(VERB_ALGO, "redirect with tag data [%d] %s",
- tag, (tag<num_tags?tagname[tag]:"null"));
-
- /* If we found a matching alias, we should
- * use it as part of the answer, but we can't
- * encode it until we complete the alias
- * chain. */
- if(qinfo->local_alias)
- return 1;
- return local_encode(qinfo, env, edns, buf, temp,
- &r, 1, LDNS_RCODE_NOERROR);
- }
- }
- }
- ld = (struct local_data*)rbtree_search(&z->data, &key.node);
- *ldp = ld;
- if(!ld) {
- return 0;
- }
- lr = local_data_find_type(ld, qinfo->qtype, 1);
- if(!lr)
- return 0;
-
- /* Special case for alias matching. See local_data_answer(). */
- if(lz_type == local_zone_redirect &&
- qinfo->qtype != LDNS_RR_TYPE_CNAME &&
- lr->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) {
- qinfo->local_alias =
- regional_alloc_zero(temp, sizeof(struct local_rrset));
- if(!qinfo->local_alias)
- return 0; /* out of memory */
- qinfo->local_alias->rrset =
- regional_alloc_init(temp, lr->rrset, sizeof(*lr->rrset));
- if(!qinfo->local_alias->rrset)
- return 0; /* out of memory */
- qinfo->local_alias->rrset->rk.dname = qinfo->qname;
- qinfo->local_alias->rrset->rk.dname_len = qinfo->qname_len;
- return 1;
- }
- if(lz_type == local_zone_redirect) {
- /* convert rrset name to query name; like a wildcard */
- struct ub_packed_rrset_key r = *lr->rrset;
- r.rk.dname = qinfo->qname;
- r.rk.dname_len = qinfo->qname_len;
- return local_encode(qinfo, env, edns, buf, temp, &r, 1,
- LDNS_RCODE_NOERROR);
- }
- return local_encode(qinfo, env, edns, buf, temp, lr->rrset, 1,
- LDNS_RCODE_NOERROR);
-}
-
-/**
- * answer in case where no exact match is found
- * @param z: zone for query
- * @param env: module environment
- * @param qinfo: query
- * @param edns: edns from query
- * @param buf: buffer for answer.
- * @param temp: temp region for encoding
- * @param ld: local data, if NULL, no such name exists in localdata.
- * @param lz_type: type of the local zone
- * @return 1 if a reply is to be sent, 0 if not.
- */
-static int
-lz_zone_answer(struct local_zone* z, struct module_env* env,
- struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
- struct regional* temp, struct local_data* ld, enum localzone_type lz_type)
-{
- if(lz_type == local_zone_deny || lz_type == local_zone_inform_deny) {
- /** no reply at all, signal caller by clearing buffer. */
- sldns_buffer_clear(buf);
- sldns_buffer_flip(buf);
- return 1;
- } else if(lz_type == local_zone_refuse
- || lz_type == local_zone_always_refuse) {
- local_error_encode(qinfo, env, edns, buf, temp,
- LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA));
- return 1;
- } else if(lz_type == local_zone_static ||
- lz_type == local_zone_redirect ||
- lz_type == local_zone_always_nxdomain) {
- /* for static, reply nodata or nxdomain
- * for redirect, reply nodata */
- /* no additional section processing,
- * cname, dname or wildcard processing,
- * or using closest match for NSEC.
- * or using closest match for returning delegation downwards
- */
- int rcode = (ld || lz_type == local_zone_redirect)?
- LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN;
- if(z->soa)
- return local_encode(qinfo, env, edns, buf, temp,
- z->soa, 0, rcode);
- local_error_encode(qinfo, env, edns, buf, temp, rcode,
- (rcode|BIT_AA));
- return 1;
- } else if(lz_type == local_zone_typetransparent
- || lz_type == local_zone_always_transparent) {
- /* no NODATA or NXDOMAINS for this zone type */
- return 0;
- }
- /* else lz_type == local_zone_transparent */
-
- /* if the zone is transparent and the name exists, but the type
- * does not, then we should make this noerror/nodata */
- if(ld && ld->rrsets) {
- int rcode = LDNS_RCODE_NOERROR;
- if(z->soa)
- return local_encode(qinfo, env, edns, buf, temp,
- z->soa, 0, rcode);
- local_error_encode(qinfo, env, edns, buf, temp, rcode,
- (rcode|BIT_AA));
- return 1;
- }
-
- /* stop here, and resolve further on */
- return 0;
-}
-
-/** print log information for an inform zone query */
-static void
-lz_inform_print(struct local_zone* z, struct query_info* qinfo,
- struct comm_reply* repinfo)
-{
- char ip[128], txt[512];
- char zname[LDNS_MAX_DOMAINLEN+1];
- uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
- dname_str(z->name, zname);
- addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
- snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip,
- (unsigned)port);
- log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass);
-}
-
-static enum localzone_type
-lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2,
- uint8_t *tagactions, size_t tagactionssize, enum localzone_type lzt,
- struct comm_reply* repinfo, struct rbtree_type* override_tree,
- int* tag, char** tagname, int num_tags)
-{
- struct local_zone_override* lzo;
- if(repinfo && override_tree) {
- lzo = (struct local_zone_override*)addr_tree_lookup(
- override_tree, &repinfo->addr, repinfo->addrlen);
- if(lzo && lzo->type) {
- verbose(VERB_ALGO, "local zone override to type %s",
- local_zone_type2str(lzo->type));
- return lzo->type;
- }
- }
- if(!taglist || !taglist2)
- return lzt;
- return local_data_find_tag_action(taglist, taglen, taglist2, taglen2,
- tagactions, tagactionssize, lzt, tag, tagname, num_tags);
-}
-
-enum localzone_type
-local_data_find_tag_action(const uint8_t* taglist, size_t taglen,
- const uint8_t* taglist2, size_t taglen2, const uint8_t* tagactions,
- size_t tagactionssize, enum localzone_type lzt, int* tag,
- char* const* tagname, int num_tags)
-{
- size_t i, j;
- uint8_t tagmatch;
-
- for(i=0; i<taglen && i<taglen2; i++) {
- tagmatch = (taglist[i] & taglist2[i]);
- for(j=0; j<8 && tagmatch>0; j++) {
- if((tagmatch & 0x1)) {
- *tag = (int)(i*8+j);
- verbose(VERB_ALGO, "matched tag [%d] %s",
- *tag, (*tag<num_tags?tagname[*tag]:"null"));
- /* does this tag have a tag action? */
- if(i*8+j < tagactionssize && tagactions
- && tagactions[i*8+j] != 0) {
- verbose(VERB_ALGO, "tag action [%d] %s to type %s",
- *tag, (*tag<num_tags?tagname[*tag]:"null"),
- local_zone_type2str(
- (enum localzone_type)
- tagactions[i*8+j]));
- return (enum localzone_type)tagactions[i*8+j];
- }
- return lzt;
- }
- tagmatch >>= 1;
- }
- }
- return lzt;
-}
-
-int
-local_zones_answer(struct local_zones* zones, struct module_env* env,
- struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
- struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist,
- size_t taglen, uint8_t* tagactions, size_t tagactionssize,
- struct config_strlist** tag_datas, size_t tag_datas_size,
- char** tagname, int num_tags, struct view* view)
-{
- /* see if query is covered by a zone,
- * if so: - try to match (exact) local data
- * - look at zone type for negative response. */
- int labs = dname_count_labels(qinfo->qname);
- struct local_data* ld = NULL;
- struct local_zone* z = NULL;
- enum localzone_type lzt = local_zone_transparent;
- int r, tag = -1;
-
- if(view) {
- lock_rw_rdlock(&view->lock);
- if(view->local_zones &&
- (z = local_zones_lookup(view->local_zones,
- qinfo->qname, qinfo->qname_len, labs,
- qinfo->qclass))) {
- verbose(VERB_ALGO,
- "using localzone from view: %s",
- view->name);
- lock_rw_rdlock(&z->lock);
- lzt = z->type;
- }
- if(!z && !view->isfirst){
- lock_rw_unlock(&view->lock);
- return 0;
- }
- lock_rw_unlock(&view->lock);
- }
- if(!z) {
- /* try global local_zones tree */
- lock_rw_rdlock(&zones->lock);
- if(!(z = local_zones_tags_lookup(zones, qinfo->qname,
- qinfo->qname_len, labs, qinfo->qclass, taglist,
- taglen, 0))) {
- lock_rw_unlock(&zones->lock);
- return 0;
- }
- lock_rw_rdlock(&z->lock);
-
- lzt = lz_type(taglist, taglen, z->taglist, z->taglen,
- tagactions, tagactionssize, z->type, repinfo,
- z->override_tree, &tag, tagname, num_tags);
- lock_rw_unlock(&zones->lock);
- }
- if((lzt == local_zone_inform || lzt == local_zone_inform_deny)
- && repinfo)
- lz_inform_print(z, qinfo, repinfo);
-
- if(lzt != local_zone_always_refuse
- && lzt != local_zone_always_transparent
- && lzt != local_zone_always_nxdomain
- && local_data_answer(z, env, qinfo, edns, buf, temp, labs, &ld, lzt,
- tag, tag_datas, tag_datas_size, tagname, num_tags)) {
- lock_rw_unlock(&z->lock);
- /* We should tell the caller that encode is deferred if we found
- * a local alias. */
- return !qinfo->local_alias;
- }
- r = lz_zone_answer(z, env, qinfo, edns, buf, temp, ld, lzt);
- lock_rw_unlock(&z->lock);
- return r && !qinfo->local_alias; /* see above */
-}
-
-const char* local_zone_type2str(enum localzone_type t)
-{
- switch(t) {
- case local_zone_unset: return "unset";
- case local_zone_deny: return "deny";
- case local_zone_refuse: return "refuse";
- case local_zone_redirect: return "redirect";
- case local_zone_transparent: return "transparent";
- case local_zone_typetransparent: return "typetransparent";
- case local_zone_static: return "static";
- case local_zone_nodefault: return "nodefault";
- case local_zone_inform: return "inform";
- case local_zone_inform_deny: return "inform_deny";
- case local_zone_always_transparent: return "always_transparent";
- case local_zone_always_refuse: return "always_refuse";
- case local_zone_always_nxdomain: return "always_nxdomain";
- }
- return "badtyped";
-}
-
-int local_zone_str2type(const char* type, enum localzone_type* t)
-{
- if(strcmp(type, "deny") == 0)
- *t = local_zone_deny;
- else if(strcmp(type, "refuse") == 0)
- *t = local_zone_refuse;
- else if(strcmp(type, "static") == 0)
- *t = local_zone_static;
- else if(strcmp(type, "transparent") == 0)
- *t = local_zone_transparent;
- else if(strcmp(type, "typetransparent") == 0)
- *t = local_zone_typetransparent;
- else if(strcmp(type, "redirect") == 0)
- *t = local_zone_redirect;
- else if(strcmp(type, "inform") == 0)
- *t = local_zone_inform;
- else if(strcmp(type, "inform_deny") == 0)
- *t = local_zone_inform_deny;
- else if(strcmp(type, "always_transparent") == 0)
- *t = local_zone_always_transparent;
- else if(strcmp(type, "always_refuse") == 0)
- *t = local_zone_always_refuse;
- else if(strcmp(type, "always_nxdomain") == 0)
- *t = local_zone_always_nxdomain;
- else return 0;
- return 1;
-}
-
-/** iterate over the kiddies of the given name and set their parent ptr */
-static void
-set_kiddo_parents(struct local_zone* z, struct local_zone* match,
- struct local_zone* newp)
-{
- /* both zones and z are locked already */
- /* in the sorted rbtree, the kiddies of z are located after z */
- /* z must be present in the tree */
- struct local_zone* p = z;
- p = (struct local_zone*)rbtree_next(&p->node);
- while(p!=(struct local_zone*)RBTREE_NULL &&
- p->dclass == z->dclass && dname_strict_subdomain(p->name,
- p->namelabs, z->name, z->namelabs)) {
- /* update parent ptr */
- /* only when matches with existing parent pointer, so that
- * deeper child structures are not touched, i.e.
- * update of x, and a.x, b.x, f.b.x, g.b.x, c.x, y
- * gets to update a.x, b.x and c.x */
- lock_rw_wrlock(&p->lock);
- if(p->parent == match)
- p->parent = newp;
- lock_rw_unlock(&p->lock);
- p = (struct local_zone*)rbtree_next(&p->node);
- }
-}
-
-struct local_zone* local_zones_add_zone(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass,
- enum localzone_type tp)
-{
- /* create */
- struct local_zone* z = local_zone_create(name, len, labs, tp, dclass);
- if(!z) {
- free(name);
- return NULL;
- }
- lock_rw_wrlock(&z->lock);
-
- /* find the closest parent */
- z->parent = local_zones_find(zones, name, len, labs, dclass);
-
- /* insert into the tree */
- if(!rbtree_insert(&zones->ztree, &z->node)) {
- /* duplicate entry! */
- lock_rw_unlock(&z->lock);
- local_zone_delete(z);
- log_err("internal: duplicate entry in local_zones_add_zone");
- return NULL;
- }
-
- /* set parent pointers right */
- set_kiddo_parents(z, z->parent, z);
-
- lock_rw_unlock(&z->lock);
- return z;
-}
-
-void local_zones_del_zone(struct local_zones* zones, struct local_zone* z)
-{
- /* fix up parents in tree */
- lock_rw_wrlock(&z->lock);
- set_kiddo_parents(z, z, z->parent);
-
- /* remove from tree */
- (void)rbtree_delete(&zones->ztree, z);
-
- /* delete the zone */
- lock_rw_unlock(&z->lock);
- local_zone_delete(z);
-}
-
-int
-local_zones_add_RR(struct local_zones* zones, const char* rr)
-{
- uint8_t* rr_name;
- uint16_t rr_class;
- size_t len;
- int labs;
- struct local_zone* z;
- int r;
- if(!get_rr_nameclass(rr, &rr_name, &rr_class)) {
- return 0;
- }
- labs = dname_count_size_labels(rr_name, &len);
- /* could first try readlock then get writelock if zone does not exist,
- * but we do not add enough RRs (from multiple threads) to optimize */
- lock_rw_wrlock(&zones->lock);
- z = local_zones_lookup(zones, rr_name, len, labs, rr_class);
- if(!z) {
- z = local_zones_add_zone(zones, rr_name, len, labs, rr_class,
- local_zone_transparent);
- if(!z) {
- lock_rw_unlock(&zones->lock);
- return 0;
- }
- } else {
- free(rr_name);
- }
- lock_rw_wrlock(&z->lock);
- lock_rw_unlock(&zones->lock);
- r = lz_enter_rr_into_zone(z, rr);
- lock_rw_unlock(&z->lock);
- return r;
-}
-
-/** returns true if the node is terminal so no deeper domain names exist */
-static int
-is_terminal(struct local_data* d)
-{
- /* for empty nonterminals, the deeper domain names are sorted
- * right after them, so simply check the next name in the tree
- */
- struct local_data* n = (struct local_data*)rbtree_next(&d->node);
- if(n == (struct local_data*)RBTREE_NULL)
- return 1; /* last in tree, no deeper node */
- if(dname_strict_subdomain(n->name, n->namelabs, d->name, d->namelabs))
- return 0; /* there is a deeper node */
- return 1;
-}
-
-/** delete empty terminals from tree when final data is deleted */
-static void
-del_empty_term(struct local_zone* z, struct local_data* d,
- uint8_t* name, size_t len, int labs)
-{
- while(d && d->rrsets == NULL && is_terminal(d)) {
- /* is this empty nonterminal? delete */
- /* note, no memory recycling in zone region */
- (void)rbtree_delete(&z->data, d);
-
- /* go up and to the next label */
- if(dname_is_root(name))
- return;
- dname_remove_label(&name, &len);
- labs--;
- d = lz_find_node(z, name, len, labs);
- }
-}
-
-void local_zones_del_data(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass)
-{
- /* find zone */
- struct local_zone* z;
- struct local_data* d;
- lock_rw_rdlock(&zones->lock);
- z = local_zones_lookup(zones, name, len, labs, dclass);
- if(!z) {
- /* no such zone, we're done */
- lock_rw_unlock(&zones->lock);
- return;
- }
- lock_rw_wrlock(&z->lock);
- lock_rw_unlock(&zones->lock);
-
- /* find the domain */
- d = lz_find_node(z, name, len, labs);
- if(d) {
- /* no memory recycling for zone deletions ... */
- d->rrsets = NULL;
- /* did we delete the soa record ? */
- if(query_dname_compare(d->name, z->name) == 0)
- z->soa = NULL;
-
- /* cleanup the empty nonterminals for this name */
- del_empty_term(z, d, name, len, labs);
- }
-
- lock_rw_unlock(&z->lock);
-}
diff --git a/external/unbound/services/localzone.h b/external/unbound/services/localzone.h
deleted file mode 100644
index 658f28024..000000000
--- a/external/unbound/services/localzone.h
+++ /dev/null
@@ -1,500 +0,0 @@
-/*
- * services/localzone.h - local zones authority service.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to enable local zone authority service.
- */
-
-#ifndef SERVICES_LOCALZONE_H
-#define SERVICES_LOCALZONE_H
-#include "util/rbtree.h"
-#include "util/locks.h"
-#include "util/storage/dnstree.h"
-#include "util/module.h"
-#include "services/view.h"
-struct packed_rrset_data;
-struct ub_packed_rrset_key;
-struct regional;
-struct config_file;
-struct edns_data;
-struct query_info;
-struct sldns_buffer;
-struct comm_reply;
-struct config_strlist;
-
-/**
- * Local zone type
- * This type determines processing for queries that did not match
- * local-data directly.
- */
-enum localzone_type {
- /** unset type, used for unset tag_action elements */
- local_zone_unset = 0,
- /** drop query */
- local_zone_deny,
- /** answer with error */
- local_zone_refuse,
- /** answer nxdomain or nodata */
- local_zone_static,
- /** resolve normally */
- local_zone_transparent,
- /** do not block types at localdata names */
- local_zone_typetransparent,
- /** answer with data at zone apex */
- local_zone_redirect,
- /** remove default AS112 blocking contents for zone
- * nodefault is used in config not during service. */
- local_zone_nodefault,
- /** log client address, but no block (transparent) */
- local_zone_inform,
- /** log client address, and block (drop) */
- local_zone_inform_deny,
- /** resolve normally, even when there is local data */
- local_zone_always_transparent,
- /** answer with error, even when there is local data */
- local_zone_always_refuse,
- /** answer with nxdomain, even when there is local data */
- local_zone_always_nxdomain
-};
-
-/**
- * Authoritative local zones storage, shared.
- */
-struct local_zones {
- /** lock on the localzone tree */
- lock_rw_type lock;
- /** rbtree of struct local_zone */
- rbtree_type ztree;
-};
-
-/**
- * Local zone. A locally served authoritative zone.
- */
-struct local_zone {
- /** rbtree node, key is name and class */
- rbnode_type node;
- /** parent zone, if any. */
- struct local_zone* parent;
-
- /** zone name, in uncompressed wireformat */
- uint8_t* name;
- /** length of zone name */
- size_t namelen;
- /** number of labels in zone name */
- int namelabs;
- /** the class of this zone.
- * uses 'dclass' to not conflict with c++ keyword class. */
- uint16_t dclass;
-
- /** lock on the data in the structure
- * For the node, parent, name, namelen, namelabs, dclass, you
- * need to also hold the zones_tree lock to change them (or to
- * delete this zone) */
- lock_rw_type lock;
-
- /** how to process zone */
- enum localzone_type type;
- /** tag bitlist */
- uint8_t* taglist;
- /** length of the taglist (in bytes) */
- size_t taglen;
- /** netblock addr_tree with struct local_zone_override information
- * or NULL if there are no override elements */
- struct rbtree_type* override_tree;
-
- /** in this region the zone's data is allocated.
- * the struct local_zone itself is malloced. */
- struct regional* region;
- /** local data for this zone
- * rbtree of struct local_data */
- rbtree_type data;
- /** if data contains zone apex SOA data, this is a ptr to it. */
- struct ub_packed_rrset_key* soa;
-};
-
-/**
- * Local data. One domain name, and the RRs to go with it.
- */
-struct local_data {
- /** rbtree node, key is name only */
- rbnode_type node;
- /** domain name */
- uint8_t* name;
- /** length of name */
- size_t namelen;
- /** number of labels in name */
- int namelabs;
- /** the data rrsets, with different types, linked list.
- * If this list is NULL, the node is an empty non-terminal. */
- struct local_rrset* rrsets;
-};
-
-/**
- * A local data RRset
- */
-struct local_rrset {
- /** next in list */
- struct local_rrset* next;
- /** RRset data item */
- struct ub_packed_rrset_key* rrset;
-};
-
-/**
- * Local zone override information
- */
-struct local_zone_override {
- /** node in addrtree */
- struct addr_tree_node node;
- /** override for local zone type */
- enum localzone_type type;
-};
-
-/**
- * Create local zones storage
- * @return new struct or NULL on error.
- */
-struct local_zones* local_zones_create(void);
-
-/**
- * Delete local zones storage
- * @param zones: to delete.
- */
-void local_zones_delete(struct local_zones* zones);
-
-/**
- * Apply config settings; setup the local authoritative data.
- * Takes care of locking.
- * @param zones: is set up.
- * @param cfg: config data.
- * @return false on error.
- */
-int local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg);
-
-/**
- * Compare two local_zone entries in rbtree. Sort hierarchical but not
- * canonical
- * @param z1: zone 1
- * @param z2: zone 2
- * @return: -1, 0, +1 comparison value.
- */
-int local_zone_cmp(const void* z1, const void* z2);
-
-/**
- * Compare two local_data entries in rbtree. Sort canonical.
- * @param d1: data 1
- * @param d2: data 2
- * @return: -1, 0, +1 comparison value.
- */
-int local_data_cmp(const void* d1, const void* d2);
-
-/**
- * Delete one zone
- * @param z: to delete.
- */
-void local_zone_delete(struct local_zone* z);
-
-/**
- * Lookup zone that contains the given name, class and taglist.
- * User must lock the tree or result zone.
- * @param zones: the zones tree
- * @param name: dname to lookup
- * @param len: length of name.
- * @param labs: labelcount of name.
- * @param dclass: class to lookup.
- * @param taglist: taglist to lookup.
- * @param taglen: lenth of taglist.
- * @param ignoretags: lookup zone by name and class, regardless the
- * local-zone's tags.
- * @return closest local_zone or NULL if no covering zone is found.
- */
-struct local_zone* local_zones_tags_lookup(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass,
- uint8_t* taglist, size_t taglen, int ignoretags);
-
-/**
- * Lookup zone that contains the given name, class.
- * User must lock the tree or result zone.
- * @param zones: the zones tree
- * @param name: dname to lookup
- * @param len: length of name.
- * @param labs: labelcount of name.
- * @param dclass: class to lookup.
- * @return closest local_zone or NULL if no covering zone is found.
- */
-struct local_zone* local_zones_lookup(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass);
-
-/**
- * Debug helper. Print all zones
- * Takes care of locking.
- * @param zones: the zones tree
- */
-void local_zones_print(struct local_zones* zones);
-
-/**
- * Answer authoritatively for local zones.
- * Takes care of locking.
- * @param zones: the stored zones (shared, read only).
- * @param env: the module environment.
- * @param qinfo: query info (parsed).
- * @param edns: edns info (parsed).
- * @param buf: buffer with query ID and flags, also for reply.
- * @param temp: temporary storage region.
- * @param repinfo: source address for checks. may be NULL.
- * @param taglist: taglist for checks. May be NULL.
- * @param taglen: length of the taglist.
- * @param tagactions: local zone actions for tags. May be NULL.
- * @param tagactionssize: length of the tagactions.
- * @param tag_datas: array per tag of strlist with rdata strings. or NULL.
- * @param tag_datas_size: size of tag_datas array.
- * @param tagname: array of tag name strings (for debug output).
- * @param num_tags: number of items in tagname array.
- * @param view: answer using this view. May be NULL.
- * @return true if answer is in buffer. false if query is not answered
- * by authority data. If the reply should be dropped altogether, the return
- * value is true, but the buffer is cleared (empty).
- * It can also return true if a non-exact alias answer is found. In this
- * case qinfo->local_alias points to the corresponding alias RRset but the
- * answer is NOT encoded in buffer. It's the caller's responsibility to
- * complete the alias chain (if needed) and encode the final set of answer.
- * Data pointed to by qinfo->local_alias is allocated in 'temp' or refers to
- * configuration data. So the caller will need to make a deep copy of it
- * if it needs to keep it beyond the lifetime of 'temp' or a dynamic update
- * to local zone data.
- */
-int local_zones_answer(struct local_zones* zones, struct module_env* env,
- struct query_info* qinfo, struct edns_data* edns, struct sldns_buffer* buf,
- struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist,
- size_t taglen, uint8_t* tagactions, size_t tagactionssize,
- struct config_strlist** tag_datas, size_t tag_datas_size,
- char** tagname, int num_tags, struct view* view);
-
-/**
- * Parse the string into localzone type.
- *
- * @param str: string to parse
- * @param t: local zone type returned here.
- * @return 0 on parse error.
- */
-int local_zone_str2type(const char* str, enum localzone_type* t);
-
-/**
- * Print localzone type to a string. Pointer to a constant string.
- *
- * @param t: local zone type.
- * @return constant string that describes type.
- */
-const char* local_zone_type2str(enum localzone_type t);
-
-/**
- * Find zone that with exactly given name, class.
- * User must lock the tree or result zone.
- * @param zones: the zones tree
- * @param name: dname to lookup
- * @param len: length of name.
- * @param labs: labelcount of name.
- * @param dclass: class to lookup.
- * @return the exact local_zone or NULL.
- */
-struct local_zone* local_zones_find(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass);
-
-/**
- * Add a new zone. Caller must hold the zones lock.
- * Adjusts the other zones as well (parent pointers) after insertion.
- * The zone must NOT exist (returns NULL and logs error).
- * @param zones: the zones tree
- * @param name: dname to add
- * @param len: length of name.
- * @param labs: labelcount of name.
- * @param dclass: class to add.
- * @param tp: type.
- * @return local_zone or NULL on error, caller must printout memory error.
- */
-struct local_zone* local_zones_add_zone(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass,
- enum localzone_type tp);
-
-/**
- * Delete a zone. Caller must hold the zones lock.
- * Adjusts the other zones as well (parent pointers) after insertion.
- * @param zones: the zones tree
- * @param zone: the zone to delete from tree. Also deletes zone from memory.
- */
-void local_zones_del_zone(struct local_zones* zones, struct local_zone* zone);
-
-/**
- * Add RR data into the localzone data.
- * Looks up the zone, if no covering zone, a transparent zone with the
- * name of the RR is created.
- * @param zones: the zones tree. Not locked by caller.
- * @param rr: string with on RR.
- * @return false on failure.
- */
-int local_zones_add_RR(struct local_zones* zones, const char* rr);
-
-/**
- * Remove data from domain name in the tree.
- * All types are removed. No effect if zone or name does not exist.
- * @param zones: zones tree.
- * @param name: dname to remove
- * @param len: length of name.
- * @param labs: labelcount of name.
- * @param dclass: class to remove.
- */
-void local_zones_del_data(struct local_zones* zones,
- uint8_t* name, size_t len, int labs, uint16_t dclass);
-
-
-/**
- * Form wireformat from text format domain name.
- * @param str: the domain name in text "www.example.com"
- * @param res: resulting wireformat is stored here with malloc.
- * @param len: length of resulting wireformat.
- * @param labs: number of labels in resulting wireformat.
- * @return false on error, syntax or memory. Also logged.
- */
-int parse_dname(const char* str, uint8_t** res, size_t* len, int* labs);
-
-/**
- * Find local data tag string match for the given type (in qinfo) in the list.
- * If found, 'r' will be filled with corresponding rrset information.
- * @param qinfo: contains name, type, and class for the data
- * @param list: stores local tag data to be searched
- * @param r: rrset key to be filled for matched data
- * @param temp: region to allocate rrset in 'r'
- * @return 1 if a match is found and rrset is built; otherwise 0 including
- * errors.
- */
-int local_data_find_tag_datas(const struct query_info* qinfo,
- struct config_strlist* list, struct ub_packed_rrset_key* r,
- struct regional* temp);
-
-/**
- * See if two sets of tag lists (in the form of bitmap) have the same tag that
- * has an action. If so, '*tag' will be set to the found tag index, and the
- * corresponding action will be returned in the form of local zone type.
- * Otherwise the passed type (lzt) will be returned as the default action.
- * Pointers except tagactions must not be NULL.
- * @param taglist: 1st list of tags
- * @param taglen: size of taglist in bytes
- * @param taglist2: 2nd list of tags
- * @param taglen2: size of taglist2 in bytes
- * @param tagactions: local data actions for tags. May be NULL.
- * @param tagactionssize: length of the tagactions.
- * @param lzt: default action (local zone type) if no tag action is found.
- * @param tag: see above.
- * @param tagname: array of tag name strings (for debug output).
- * @param num_tags: number of items in tagname array.
- * @return found tag action or the default action.
- */
-enum localzone_type local_data_find_tag_action(const uint8_t* taglist,
- size_t taglen, const uint8_t* taglist2, size_t taglen2,
- const uint8_t* tagactions, size_t tagactionssize,
- enum localzone_type lzt, int* tag, char* const* tagname, int num_tags);
-
-/**
- * Parses resource record string into wire format, also returning its field values.
- * @param str: input resource record
- * @param nm: domain name field
- * @param type: record type field
- * @param dclass: record class field
- * @param ttl: ttl field
- * @param rr: buffer for the parsed rr in wire format
- * @param len: buffer length
- * @param rdata: rdata field
- * @param rdata_len: rdata field length
- * @return 1 on success; 0 otherwise.
- */
-int rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type,
- uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len,
- uint8_t** rdata, size_t* rdata_len);
-
-/**
- * Insert specified rdata into the specified resource record.
- * @param region: allocator
- * @param pd: data portion of the destination resource record
- * @param rdata: source rdata
- * @param rdata_len: source rdata length
- * @param ttl: time to live
- * @param rrstr: resource record in text form (for logging)
- * @return 1 on success; 0 otherwise.
- */
-int rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd,
- uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr);
-
-/**
- * Valid response ip actions for the IP-response-driven-action feature;
- * defined here instead of in the respip module to enable sharing of enum
- * values with the localzone_type enum.
- * Note that these values except 'none' are the same as localzone types of
- * the 'same semantics'. It's intentional as we use these values via
- * access-control-tags, which can be shared for both response ip actions and
- * local zones.
- */
-enum respip_action {
- /** no respip action */
- respip_none = local_zone_unset,
- /** don't answer */
- respip_deny = local_zone_deny,
- /** redirect as per provided data */
- respip_redirect = local_zone_redirect,
- /** log query source and answer query */
- respip_inform = local_zone_inform,
- /** log query source and don't answer query */
- respip_inform_deny = local_zone_inform_deny,
- /** resolve normally, even when there is response-ip data */
- respip_always_transparent = local_zone_always_transparent,
- /** answer with 'refused' response */
- respip_always_refuse = local_zone_always_refuse,
- /** answer with 'no such domain' response */
- respip_always_nxdomain = local_zone_always_nxdomain,
-
- /* The rest of the values are only possible as
- * access-control-tag-action */
-
- /** serves response data (if any), else, drops queries. */
- respip_refuse = local_zone_refuse,
- /** serves response data, else, nodata answer. */
- respip_static = local_zone_static,
- /** gives response data (if any), else nodata answer. */
- respip_transparent = local_zone_transparent,
- /** gives response data (if any), else nodata answer. */
- respip_typetransparent = local_zone_typetransparent,
-};
-
-#endif /* SERVICES_LOCALZONE_H */
diff --git a/external/unbound/services/mesh.c b/external/unbound/services/mesh.c
deleted file mode 100644
index 0cb134ade..000000000
--- a/external/unbound/services/mesh.c
+++ /dev/null
@@ -1,1502 +0,0 @@
-/*
- * services/mesh.c - deal with mesh of query states and handle events for that.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to assist in dealing with a mesh of
- * query states. This mesh is supposed to be thread-specific.
- * It consists of query states (per qname, qtype, qclass) and connections
- * between query states and the super and subquery states, and replies to
- * send back to clients.
- */
-#include "config.h"
-#include "services/mesh.h"
-#include "services/outbound_list.h"
-#include "services/cache/dns.h"
-#include "util/log.h"
-#include "util/net_help.h"
-#include "util/module.h"
-#include "util/regional.h"
-#include "util/data/msgencode.h"
-#include "util/timehist.h"
-#include "util/fptr_wlist.h"
-#include "util/alloc.h"
-#include "util/config_file.h"
-#include "sldns/sbuffer.h"
-#include "sldns/wire2str.h"
-#include "services/localzone.h"
-#include "util/data/dname.h"
-#include "respip/respip.h"
-
-/** subtract timers and the values do not overflow or become negative */
-static void
-timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start)
-{
-#ifndef S_SPLINT_S
- time_t end_usec = end->tv_usec;
- d->tv_sec = end->tv_sec - start->tv_sec;
- if(end_usec < start->tv_usec) {
- end_usec += 1000000;
- d->tv_sec--;
- }
- d->tv_usec = end_usec - start->tv_usec;
-#endif
-}
-
-/** add timers and the values do not overflow or become negative */
-static void
-timeval_add(struct timeval* d, const struct timeval* add)
-{
-#ifndef S_SPLINT_S
- d->tv_sec += add->tv_sec;
- d->tv_usec += add->tv_usec;
- if(d->tv_usec > 1000000 ) {
- d->tv_usec -= 1000000;
- d->tv_sec++;
- }
-#endif
-}
-
-/** divide sum of timers to get average */
-static void
-timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
-{
-#ifndef S_SPLINT_S
- size_t leftover;
- if(d == 0) {
- avg->tv_sec = 0;
- avg->tv_usec = 0;
- return;
- }
- avg->tv_sec = sum->tv_sec / d;
- avg->tv_usec = sum->tv_usec / d;
- /* handle fraction from seconds divide */
- leftover = sum->tv_sec - avg->tv_sec*d;
- avg->tv_usec += (leftover*1000000)/d;
-#endif
-}
-
-/** histogram compare of time values */
-static int
-timeval_smaller(const struct timeval* x, const struct timeval* y)
-{
-#ifndef S_SPLINT_S
- if(x->tv_sec < y->tv_sec)
- return 1;
- else if(x->tv_sec == y->tv_sec) {
- if(x->tv_usec <= y->tv_usec)
- return 1;
- else return 0;
- }
- else return 0;
-#endif
-}
-
-/*
- * Compare two response-ip client info entries for the purpose of mesh state
- * compare. It returns 0 if ci_a and ci_b are considered equal; otherwise
- * 1 or -1 (they mean 'ci_a is larger/smaller than ci_b', respectively, but
- * in practice it should be only used to mean they are different).
- * We cannot share the mesh state for two queries if different response-ip
- * actions can apply in the end, even if those queries are otherwise identical.
- * For this purpose we compare tag lists and tag action lists; they should be
- * identical to share the same state.
- * For tag data, we don't look into the data content, as it can be
- * expensive; unless tag data are not defined for both or they point to the
- * exact same data in memory (i.e., they come from the same ACL entry), we
- * consider these data different.
- * Likewise, if the client info is associated with views, we don't look into
- * the views. They are considered different unless they are exactly the same
- * even if the views only differ in the names.
- */
-static int
-client_info_compare(const struct respip_client_info* ci_a,
- const struct respip_client_info* ci_b)
-{
- int cmp;
-
- if(!ci_a && !ci_b)
- return 0;
- if(ci_a && !ci_b)
- return -1;
- if(!ci_a && ci_b)
- return 1;
- if(ci_a->taglen != ci_b->taglen)
- return (ci_a->taglen < ci_b->taglen) ? -1 : 1;
- cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen);
- if(cmp != 0)
- return cmp;
- if(ci_a->tag_actions_size != ci_b->tag_actions_size)
- return (ci_a->tag_actions_size < ci_b->tag_actions_size) ?
- -1 : 1;
- cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions,
- ci_a->tag_actions_size);
- if(cmp != 0)
- return cmp;
- if(ci_a->tag_datas != ci_b->tag_datas)
- return ci_a->tag_datas < ci_b->tag_datas ? -1 : 1;
- if(ci_a->view != ci_b->view)
- return ci_a->view < ci_b->view ? -1 : 1;
- /* For the unbound daemon these should be non-NULL and identical,
- * but we check that just in case. */
- if(ci_a->respip_set != ci_b->respip_set)
- return ci_a->respip_set < ci_b->respip_set ? -1 : 1;
- return 0;
-}
-
-int
-mesh_state_compare(const void* ap, const void* bp)
-{
- struct mesh_state* a = (struct mesh_state*)ap;
- struct mesh_state* b = (struct mesh_state*)bp;
- int cmp;
-
- if(a->unique < b->unique)
- return -1;
- if(a->unique > b->unique)
- return 1;
-
- if(a->s.is_priming && !b->s.is_priming)
- return -1;
- if(!a->s.is_priming && b->s.is_priming)
- return 1;
-
- if(a->s.is_valrec && !b->s.is_valrec)
- return -1;
- if(!a->s.is_valrec && b->s.is_valrec)
- return 1;
-
- if((a->s.query_flags&BIT_RD) && !(b->s.query_flags&BIT_RD))
- return -1;
- if(!(a->s.query_flags&BIT_RD) && (b->s.query_flags&BIT_RD))
- return 1;
-
- if((a->s.query_flags&BIT_CD) && !(b->s.query_flags&BIT_CD))
- return -1;
- if(!(a->s.query_flags&BIT_CD) && (b->s.query_flags&BIT_CD))
- return 1;
-
- cmp = query_info_compare(&a->s.qinfo, &b->s.qinfo);
- if(cmp != 0)
- return cmp;
- return client_info_compare(a->s.client_info, b->s.client_info);
-}
-
-int
-mesh_state_ref_compare(const void* ap, const void* bp)
-{
- struct mesh_state_ref* a = (struct mesh_state_ref*)ap;
- struct mesh_state_ref* b = (struct mesh_state_ref*)bp;
- return mesh_state_compare(a->s, b->s);
-}
-
-struct mesh_area*
-mesh_create(struct module_stack* stack, struct module_env* env)
-{
- struct mesh_area* mesh = calloc(1, sizeof(struct mesh_area));
- if(!mesh) {
- log_err("mesh area alloc: out of memory");
- return NULL;
- }
- mesh->histogram = timehist_setup();
- mesh->qbuf_bak = sldns_buffer_new(env->cfg->msg_buffer_size);
- if(!mesh->histogram || !mesh->qbuf_bak) {
- free(mesh);
- log_err("mesh area alloc: out of memory");
- return NULL;
- }
- mesh->mods = *stack;
- mesh->env = env;
- rbtree_init(&mesh->run, &mesh_state_compare);
- rbtree_init(&mesh->all, &mesh_state_compare);
- mesh->num_reply_addrs = 0;
- mesh->num_reply_states = 0;
- mesh->num_detached_states = 0;
- mesh->num_forever_states = 0;
- mesh->stats_jostled = 0;
- mesh->stats_dropped = 0;
- mesh->max_reply_states = env->cfg->num_queries_per_thread;
- mesh->max_forever_states = (mesh->max_reply_states+1)/2;
-#ifndef S_SPLINT_S
- mesh->jostle_max.tv_sec = (time_t)(env->cfg->jostle_time / 1000);
- mesh->jostle_max.tv_usec = (time_t)((env->cfg->jostle_time % 1000)
- *1000);
-#endif
- return mesh;
-}
-
-/** help mesh delete delete mesh states */
-static void
-mesh_delete_helper(rbnode_type* n)
-{
- struct mesh_state* mstate = (struct mesh_state*)n->key;
- /* perform a full delete, not only 'cleanup' routine,
- * because other callbacks expect a clean state in the mesh.
- * For 're-entrant' calls */
- mesh_state_delete(&mstate->s);
- /* but because these delete the items from the tree, postorder
- * traversal and rbtree rebalancing do not work together */
-}
-
-void
-mesh_delete(struct mesh_area* mesh)
-{
- if(!mesh)
- return;
- /* free all query states */
- while(mesh->all.count)
- mesh_delete_helper(mesh->all.root);
- timehist_delete(mesh->histogram);
- sldns_buffer_free(mesh->qbuf_bak);
- free(mesh);
-}
-
-void
-mesh_delete_all(struct mesh_area* mesh)
-{
- /* free all query states */
- while(mesh->all.count)
- mesh_delete_helper(mesh->all.root);
- mesh->stats_dropped += mesh->num_reply_addrs;
- /* clear mesh area references */
- rbtree_init(&mesh->run, &mesh_state_compare);
- rbtree_init(&mesh->all, &mesh_state_compare);
- mesh->num_reply_addrs = 0;
- mesh->num_reply_states = 0;
- mesh->num_detached_states = 0;
- mesh->num_forever_states = 0;
- mesh->forever_first = NULL;
- mesh->forever_last = NULL;
- mesh->jostle_first = NULL;
- mesh->jostle_last = NULL;
-}
-
-int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf)
-{
- struct mesh_state* m = mesh->jostle_first;
- /* free space is available */
- if(mesh->num_reply_states < mesh->max_reply_states)
- return 1;
- /* try to kick out a jostle-list item */
- if(m && m->reply_list && m->list_select == mesh_jostle_list) {
- /* how old is it? */
- struct timeval age;
- timeval_subtract(&age, mesh->env->now_tv,
- &m->reply_list->start_time);
- if(timeval_smaller(&mesh->jostle_max, &age)) {
- /* its a goner */
- log_nametypeclass(VERB_ALGO, "query jostled out to "
- "make space for a new one",
- m->s.qinfo.qname, m->s.qinfo.qtype,
- m->s.qinfo.qclass);
- /* backup the query */
- if(qbuf) sldns_buffer_copy(mesh->qbuf_bak, qbuf);
- /* notify supers */
- if(m->super_set.count > 0) {
- verbose(VERB_ALGO, "notify supers of failure");
- m->s.return_msg = NULL;
- m->s.return_rcode = LDNS_RCODE_SERVFAIL;
- mesh_walk_supers(mesh, m);
- }
- mesh->stats_jostled ++;
- mesh_state_delete(&m->s);
- /* restore the query - note that the qinfo ptr to
- * the querybuffer is then correct again. */
- if(qbuf) sldns_buffer_copy(qbuf, mesh->qbuf_bak);
- return 1;
- }
- }
- /* no space for new item */
- return 0;
-}
-
-void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
- struct respip_client_info* cinfo, uint16_t qflags,
- struct edns_data* edns, struct comm_reply* rep, uint16_t qid)
-{
- struct mesh_state* s = NULL;
- int unique = unique_mesh_state(edns->opt_list, mesh->env);
- int was_detached = 0;
- int was_noreply = 0;
- int added = 0;
- if(!unique)
- s = mesh_area_find(mesh, cinfo, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
- /* does this create a new reply state? */
- if(!s || s->list_select == mesh_no_list) {
- if(!mesh_make_new_space(mesh, rep->c->buffer)) {
- verbose(VERB_ALGO, "Too many queries. dropping "
- "incoming query.");
- comm_point_drop_reply(rep);
- mesh->stats_dropped ++;
- return;
- }
- /* for this new reply state, the reply address is free,
- * so the limit of reply addresses does not stop reply states*/
- } else {
- /* protect our memory usage from storing reply addresses */
- if(mesh->num_reply_addrs > mesh->max_reply_states*16) {
- verbose(VERB_ALGO, "Too many requests queued. "
- "dropping incoming query.");
- mesh->stats_dropped++;
- comm_point_drop_reply(rep);
- return;
- }
- }
- /* see if it already exists, if not, create one */
- if(!s) {
-#ifdef UNBOUND_DEBUG
- struct rbnode_type* n;
-#endif
- s = mesh_state_create(mesh->env, qinfo, cinfo,
- qflags&(BIT_RD|BIT_CD), 0, 0);
- if(!s) {
- log_err("mesh_state_create: out of memory; SERVFAIL");
- if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL,
- LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch))
- edns->opt_list = NULL;
- error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL,
- qinfo, qid, qflags, edns);
- comm_point_send_reply(rep);
- return;
- }
- if(unique)
- mesh_state_make_unique(s);
- /* copy the edns options we got from the front */
- if(edns->opt_list) {
- s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list,
- s->s.region);
- if(!s->s.edns_opts_front_in) {
- log_err("mesh_state_create: out of memory; SERVFAIL");
- if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL,
- NULL, LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch))
- edns->opt_list = NULL;
- error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL,
- qinfo, qid, qflags, edns);
- comm_point_send_reply(rep);
- return;
- }
- }
-
-#ifdef UNBOUND_DEBUG
- n =
-#else
- (void)
-#endif
- rbtree_insert(&mesh->all, &s->node);
- log_assert(n != NULL);
- /* set detached (it is now) */
- mesh->num_detached_states++;
- added = 1;
- }
- if(!s->reply_list && !s->cb_list && s->super_set.count == 0)
- was_detached = 1;
- if(!s->reply_list && !s->cb_list)
- was_noreply = 1;
- /* add reply to s */
- if(!mesh_state_add_reply(s, edns, rep, qid, qflags, qinfo)) {
- log_err("mesh_new_client: out of memory; SERVFAIL");
- if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, &s->s,
- NULL, LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch))
- edns->opt_list = NULL;
- error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL,
- qinfo, qid, qflags, edns);
- comm_point_send_reply(rep);
- if(added)
- mesh_state_delete(&s->s);
- return;
- }
- /* update statistics */
- if(was_detached) {
- log_assert(mesh->num_detached_states > 0);
- mesh->num_detached_states--;
- }
- if(was_noreply) {
- mesh->num_reply_states ++;
- }
- mesh->num_reply_addrs++;
- if(s->list_select == mesh_no_list) {
- /* move to either the forever or the jostle_list */
- if(mesh->num_forever_states < mesh->max_forever_states) {
- mesh->num_forever_states ++;
- mesh_list_insert(s, &mesh->forever_first,
- &mesh->forever_last);
- s->list_select = mesh_forever_list;
- } else {
- mesh_list_insert(s, &mesh->jostle_first,
- &mesh->jostle_last);
- s->list_select = mesh_jostle_list;
- }
- }
- if(added)
- mesh_run(mesh, s, module_event_new, NULL);
-}
-
-int
-mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo,
- uint16_t qflags, struct edns_data* edns, sldns_buffer* buf,
- uint16_t qid, mesh_cb_func_type cb, void* cb_arg)
-{
- struct mesh_state* s = NULL;
- int unique = unique_mesh_state(edns->opt_list, mesh->env);
- int was_detached = 0;
- int was_noreply = 0;
- int added = 0;
- if(!unique)
- s = mesh_area_find(mesh, NULL, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
-
- /* there are no limits on the number of callbacks */
-
- /* see if it already exists, if not, create one */
- if(!s) {
-#ifdef UNBOUND_DEBUG
- struct rbnode_type* n;
-#endif
- s = mesh_state_create(mesh->env, qinfo, NULL,
- qflags&(BIT_RD|BIT_CD), 0, 0);
- if(!s) {
- return 0;
- }
- if(unique)
- mesh_state_make_unique(s);
- if(edns->opt_list) {
- s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list,
- s->s.region);
- if(!s->s.edns_opts_front_in) {
- return 0;
- }
- }
-#ifdef UNBOUND_DEBUG
- n =
-#else
- (void)
-#endif
- rbtree_insert(&mesh->all, &s->node);
- log_assert(n != NULL);
- /* set detached (it is now) */
- mesh->num_detached_states++;
- added = 1;
- }
- if(!s->reply_list && !s->cb_list && s->super_set.count == 0)
- was_detached = 1;
- if(!s->reply_list && !s->cb_list)
- was_noreply = 1;
- /* add reply to s */
- if(!mesh_state_add_cb(s, edns, buf, cb, cb_arg, qid, qflags)) {
- if(added)
- mesh_state_delete(&s->s);
- return 0;
- }
- /* update statistics */
- if(was_detached) {
- log_assert(mesh->num_detached_states > 0);
- mesh->num_detached_states--;
- }
- if(was_noreply) {
- mesh->num_reply_states ++;
- }
- mesh->num_reply_addrs++;
- if(added)
- mesh_run(mesh, s, module_event_new, NULL);
- return 1;
-}
-
-void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo,
- uint16_t qflags, time_t leeway)
-{
- struct mesh_state* s = mesh_area_find(mesh, NULL, qinfo,
- qflags&(BIT_RD|BIT_CD), 0, 0);
-#ifdef UNBOUND_DEBUG
- struct rbnode_type* n;
-#endif
- /* already exists, and for a different purpose perhaps.
- * if mesh_no_list, keep it that way. */
- if(s) {
- /* make it ignore the cache from now on */
- if(!s->s.blacklist)
- sock_list_insert(&s->s.blacklist, NULL, 0, s->s.region);
- if(s->s.prefetch_leeway < leeway)
- s->s.prefetch_leeway = leeway;
- return;
- }
- if(!mesh_make_new_space(mesh, NULL)) {
- verbose(VERB_ALGO, "Too many queries. dropped prefetch.");
- mesh->stats_dropped ++;
- return;
- }
-
- s = mesh_state_create(mesh->env, qinfo, NULL,
- qflags&(BIT_RD|BIT_CD), 0, 0);
- if(!s) {
- log_err("prefetch mesh_state_create: out of memory");
- return;
- }
-#ifdef UNBOUND_DEBUG
- n =
-#else
- (void)
-#endif
- rbtree_insert(&mesh->all, &s->node);
- log_assert(n != NULL);
- /* set detached (it is now) */
- mesh->num_detached_states++;
- /* make it ignore the cache */
- sock_list_insert(&s->s.blacklist, NULL, 0, s->s.region);
- s->s.prefetch_leeway = leeway;
-
- if(s->list_select == mesh_no_list) {
- /* move to either the forever or the jostle_list */
- if(mesh->num_forever_states < mesh->max_forever_states) {
- mesh->num_forever_states ++;
- mesh_list_insert(s, &mesh->forever_first,
- &mesh->forever_last);
- s->list_select = mesh_forever_list;
- } else {
- mesh_list_insert(s, &mesh->jostle_first,
- &mesh->jostle_last);
- s->list_select = mesh_jostle_list;
- }
- }
- mesh_run(mesh, s, module_event_new, NULL);
-}
-
-void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e,
- struct comm_reply* reply, int what)
-{
- enum module_ev event = module_event_reply;
- e->qstate->reply = reply;
- if(what != NETEVENT_NOERROR) {
- event = module_event_noreply;
- if(what == NETEVENT_CAPSFAIL)
- event = module_event_capsfail;
- }
- mesh_run(mesh, e->qstate->mesh_info, event, e);
-}
-
-struct mesh_state*
-mesh_state_create(struct module_env* env, struct query_info* qinfo,
- struct respip_client_info* cinfo, uint16_t qflags, int prime,
- int valrec)
-{
- struct regional* region = alloc_reg_obtain(env->alloc);
- struct mesh_state* mstate;
- int i;
- if(!region)
- return NULL;
- mstate = (struct mesh_state*)regional_alloc(region,
- sizeof(struct mesh_state));
- if(!mstate) {
- alloc_reg_release(env->alloc, region);
- return NULL;
- }
- memset(mstate, 0, sizeof(*mstate));
- mstate->node = *RBTREE_NULL;
- mstate->run_node = *RBTREE_NULL;
- mstate->node.key = mstate;
- mstate->run_node.key = mstate;
- mstate->reply_list = NULL;
- mstate->list_select = mesh_no_list;
- mstate->replies_sent = 0;
- rbtree_init(&mstate->super_set, &mesh_state_ref_compare);
- rbtree_init(&mstate->sub_set, &mesh_state_ref_compare);
- mstate->num_activated = 0;
- mstate->unique = NULL;
- /* init module qstate */
- mstate->s.qinfo.qtype = qinfo->qtype;
- mstate->s.qinfo.qclass = qinfo->qclass;
- mstate->s.qinfo.local_alias = NULL;
- mstate->s.qinfo.qname_len = qinfo->qname_len;
- mstate->s.qinfo.qname = regional_alloc_init(region, qinfo->qname,
- qinfo->qname_len);
- if(!mstate->s.qinfo.qname) {
- alloc_reg_release(env->alloc, region);
- return NULL;
- }
- if(cinfo) {
- mstate->s.client_info = regional_alloc_init(region, cinfo,
- sizeof(*cinfo));
- if(!mstate->s.client_info) {
- alloc_reg_release(env->alloc, region);
- return NULL;
- }
- }
- /* remove all weird bits from qflags */
- mstate->s.query_flags = (qflags & (BIT_RD|BIT_CD));
- mstate->s.is_priming = prime;
- mstate->s.is_valrec = valrec;
- mstate->s.reply = NULL;
- mstate->s.region = region;
- mstate->s.curmod = 0;
- mstate->s.return_msg = 0;
- mstate->s.return_rcode = LDNS_RCODE_NOERROR;
- mstate->s.env = env;
- mstate->s.mesh_info = mstate;
- mstate->s.prefetch_leeway = 0;
- mstate->s.no_cache_lookup = 0;
- mstate->s.no_cache_store = 0;
- /* init modules */
- for(i=0; i<env->mesh->mods.num; i++) {
- mstate->s.minfo[i] = NULL;
- mstate->s.ext_state[i] = module_state_initial;
- }
- /* init edns option lists */
- mstate->s.edns_opts_front_in = NULL;
- mstate->s.edns_opts_back_out = NULL;
- mstate->s.edns_opts_back_in = NULL;
- mstate->s.edns_opts_front_out = NULL;
-
- return mstate;
-}
-
-int
-mesh_state_is_unique(struct mesh_state* mstate)
-{
- return mstate->unique != NULL;
-}
-
-void
-mesh_state_make_unique(struct mesh_state* mstate)
-{
- mstate->unique = mstate;
-}
-
-void
-mesh_state_cleanup(struct mesh_state* mstate)
-{
- struct mesh_area* mesh;
- int i;
- if(!mstate)
- return;
- mesh = mstate->s.env->mesh;
- /* drop unsent replies */
- if(!mstate->replies_sent) {
- struct mesh_reply* rep;
- struct mesh_cb* cb;
- for(rep=mstate->reply_list; rep; rep=rep->next) {
- comm_point_drop_reply(&rep->query_reply);
- mesh->num_reply_addrs--;
- }
- for(cb=mstate->cb_list; cb; cb=cb->next) {
- fptr_ok(fptr_whitelist_mesh_cb(cb->cb));
- (*cb->cb)(cb->cb_arg, LDNS_RCODE_SERVFAIL, NULL,
- sec_status_unchecked, NULL);
- mesh->num_reply_addrs--;
- }
- }
-
- /* de-init modules */
- for(i=0; i<mesh->mods.num; i++) {
- fptr_ok(fptr_whitelist_mod_clear(mesh->mods.mod[i]->clear));
- (*mesh->mods.mod[i]->clear)(&mstate->s, i);
- mstate->s.minfo[i] = NULL;
- mstate->s.ext_state[i] = module_finished;
- }
- alloc_reg_release(mstate->s.env->alloc, mstate->s.region);
-}
-
-void
-mesh_state_delete(struct module_qstate* qstate)
-{
- struct mesh_area* mesh;
- struct mesh_state_ref* super, ref;
- struct mesh_state* mstate;
- if(!qstate)
- return;
- mstate = qstate->mesh_info;
- mesh = mstate->s.env->mesh;
- mesh_detach_subs(&mstate->s);
- if(mstate->list_select == mesh_forever_list) {
- mesh->num_forever_states --;
- mesh_list_remove(mstate, &mesh->forever_first,
- &mesh->forever_last);
- } else if(mstate->list_select == mesh_jostle_list) {
- mesh_list_remove(mstate, &mesh->jostle_first,
- &mesh->jostle_last);
- }
- if(!mstate->reply_list && !mstate->cb_list
- && mstate->super_set.count == 0) {
- log_assert(mesh->num_detached_states > 0);
- mesh->num_detached_states--;
- }
- if(mstate->reply_list || mstate->cb_list) {
- log_assert(mesh->num_reply_states > 0);
- mesh->num_reply_states--;
- }
- ref.node.key = &ref;
- ref.s = mstate;
- RBTREE_FOR(super, struct mesh_state_ref*, &mstate->super_set) {
- (void)rbtree_delete(&super->s->sub_set, &ref);
- }
- (void)rbtree_delete(&mesh->run, mstate);
- (void)rbtree_delete(&mesh->all, mstate);
- mesh_state_cleanup(mstate);
-}
-
-/** helper recursive rbtree find routine */
-static int
-find_in_subsub(struct mesh_state* m, struct mesh_state* tofind, size_t *c)
-{
- struct mesh_state_ref* r;
- if((*c)++ > MESH_MAX_SUBSUB)
- return 1;
- RBTREE_FOR(r, struct mesh_state_ref*, &m->sub_set) {
- if(r->s == tofind || find_in_subsub(r->s, tofind, c))
- return 1;
- }
- return 0;
-}
-
-/** find cycle for already looked up mesh_state */
-static int
-mesh_detect_cycle_found(struct module_qstate* qstate, struct mesh_state* dep_m)
-{
- struct mesh_state* cyc_m = qstate->mesh_info;
- size_t counter = 0;
- if(!dep_m)
- return 0;
- if(dep_m == cyc_m || find_in_subsub(dep_m, cyc_m, &counter)) {
- if(counter > MESH_MAX_SUBSUB)
- return 2;
- return 1;
- }
- return 0;
-}
-
-void mesh_detach_subs(struct module_qstate* qstate)
-{
- struct mesh_area* mesh = qstate->env->mesh;
- struct mesh_state_ref* ref, lookup;
-#ifdef UNBOUND_DEBUG
- struct rbnode_type* n;
-#endif
- lookup.node.key = &lookup;
- lookup.s = qstate->mesh_info;
- RBTREE_FOR(ref, struct mesh_state_ref*, &qstate->mesh_info->sub_set) {
-#ifdef UNBOUND_DEBUG
- n =
-#else
- (void)
-#endif
- rbtree_delete(&ref->s->super_set, &lookup);
- log_assert(n != NULL); /* must have been present */
- if(!ref->s->reply_list && !ref->s->cb_list
- && ref->s->super_set.count == 0) {
- mesh->num_detached_states++;
- log_assert(mesh->num_detached_states +
- mesh->num_reply_states <= mesh->all.count);
- }
- }
- rbtree_init(&qstate->mesh_info->sub_set, &mesh_state_ref_compare);
-}
-
-int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
- uint16_t qflags, int prime, int valrec, struct module_qstate** newq)
-{
- /* find it, if not, create it */
- struct mesh_area* mesh = qstate->env->mesh;
- struct mesh_state* sub = mesh_area_find(mesh, NULL, qinfo, qflags,
- prime, valrec);
- int was_detached;
- if(mesh_detect_cycle_found(qstate, sub)) {
- verbose(VERB_ALGO, "attach failed, cycle detected");
- return 0;
- }
- if(!sub) {
-#ifdef UNBOUND_DEBUG
- struct rbnode_type* n;
-#endif
- /* create a new one */
- sub = mesh_state_create(qstate->env, qinfo, NULL, qflags, prime,
- valrec);
- if(!sub) {
- log_err("mesh_attach_sub: out of memory");
- return 0;
- }
-#ifdef UNBOUND_DEBUG
- n =
-#else
- (void)
-#endif
- rbtree_insert(&mesh->all, &sub->node);
- log_assert(n != NULL);
- /* set detached (it is now) */
- mesh->num_detached_states++;
- /* set new query state to run */
-#ifdef UNBOUND_DEBUG
- n =
-#else
- (void)
-#endif
- rbtree_insert(&mesh->run, &sub->run_node);
- log_assert(n != NULL);
- *newq = &sub->s;
- } else
- *newq = NULL;
- was_detached = (sub->super_set.count == 0);
- if(!mesh_state_attachment(qstate->mesh_info, sub))
- return 0;
- /* if it was a duplicate attachment, the count was not zero before */
- if(!sub->reply_list && !sub->cb_list && was_detached &&
- sub->super_set.count == 1) {
- /* it used to be detached, before this one got added */
- log_assert(mesh->num_detached_states > 0);
- mesh->num_detached_states--;
- }
- /* *newq will be run when inited after the current module stops */
- return 1;
-}
-
-int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub)
-{
-#ifdef UNBOUND_DEBUG
- struct rbnode_type* n;
-#endif
- struct mesh_state_ref* subref; /* points to sub, inserted in super */
- struct mesh_state_ref* superref; /* points to super, inserted in sub */
- if( !(subref = regional_alloc(super->s.region,
- sizeof(struct mesh_state_ref))) ||
- !(superref = regional_alloc(sub->s.region,
- sizeof(struct mesh_state_ref))) ) {
- log_err("mesh_state_attachment: out of memory");
- return 0;
- }
- superref->node.key = superref;
- superref->s = super;
- subref->node.key = subref;
- subref->s = sub;
- if(!rbtree_insert(&sub->super_set, &superref->node)) {
- /* this should not happen, iterator and validator do not
- * attach subqueries that are identical. */
- /* already attached, we are done, nothing todo.
- * since superref and subref already allocated in region,
- * we cannot free them */
- return 1;
- }
-#ifdef UNBOUND_DEBUG
- n =
-#else
- (void)
-#endif
- rbtree_insert(&super->sub_set, &subref->node);
- log_assert(n != NULL); /* we checked above if statement, the reverse
- administration should not fail now, unless they are out of sync */
- return 1;
-}
-
-/**
- * callback results to mesh cb entry
- * @param m: mesh state to send it for.
- * @param rcode: if not 0, error code.
- * @param rep: reply to send (or NULL if rcode is set).
- * @param r: callback entry
- */
-static void
-mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
- struct mesh_cb* r)
-{
- int secure;
- char* reason = NULL;
- /* bogus messages are not made into servfail, sec_status passed
- * to the callback function */
- if(rep && rep->security == sec_status_secure)
- secure = 1;
- else secure = 0;
- if(!rep && rcode == LDNS_RCODE_NOERROR)
- rcode = LDNS_RCODE_SERVFAIL;
- if(!rcode && rep->security == sec_status_bogus) {
- if(!(reason = errinf_to_str(&m->s)))
- rcode = LDNS_RCODE_SERVFAIL;
- }
- /* send the reply */
- if(rcode) {
- if(rcode == LDNS_RCODE_SERVFAIL) {
- if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
- rep, rcode, &r->edns, m->s.region))
- r->edns.opt_list = NULL;
- } else {
- if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
- &r->edns, m->s.region))
- r->edns.opt_list = NULL;
- }
- fptr_ok(fptr_whitelist_mesh_cb(r->cb));
- (*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL);
- } else {
- size_t udp_size = r->edns.udp_size;
- sldns_buffer_clear(r->buf);
- r->edns.edns_version = EDNS_ADVERTISED_VERSION;
- r->edns.udp_size = EDNS_ADVERTISED_SIZE;
- r->edns.ext_rcode = 0;
- r->edns.bits &= EDNS_DO;
-
- if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep,
- LDNS_RCODE_NOERROR, &r->edns, m->s.region) ||
- !reply_info_answer_encode(&m->s.qinfo, rep, r->qid,
- r->qflags, r->buf, 0, 1,
- m->s.env->scratch, udp_size, &r->edns,
- (int)(r->edns.bits & EDNS_DO), secure))
- {
- fptr_ok(fptr_whitelist_mesh_cb(r->cb));
- (*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf,
- sec_status_unchecked, NULL);
- } else {
- fptr_ok(fptr_whitelist_mesh_cb(r->cb));
- (*r->cb)(r->cb_arg, LDNS_RCODE_NOERROR, r->buf,
- rep->security, reason);
- }
- }
- free(reason);
- m->s.env->mesh->num_reply_addrs--;
-}
-
-/**
- * Send reply to mesh reply entry
- * @param m: mesh state to send it for.
- * @param rcode: if not 0, error code.
- * @param rep: reply to send (or NULL if rcode is set).
- * @param r: reply entry
- * @param prev: previous reply, already has its answer encoded in buffer.
- */
-static void
-mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
- struct mesh_reply* r, struct mesh_reply* prev)
-{
- struct timeval end_time;
- struct timeval duration;
- int secure;
- /* Copy the client's EDNS for later restore, to make sure the edns
- * compare is with the correct edns options. */
- struct edns_data edns_bak = r->edns;
- /* examine security status */
- if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) ||
- m->s.env->cfg->ignore_cd) && rep &&
- rep->security <= sec_status_bogus) {
- rcode = LDNS_RCODE_SERVFAIL;
- if(m->s.env->cfg->stat_extended)
- m->s.env->mesh->ans_bogus++;
- }
- if(rep && rep->security == sec_status_secure)
- secure = 1;
- else secure = 0;
- if(!rep && rcode == LDNS_RCODE_NOERROR)
- rcode = LDNS_RCODE_SERVFAIL;
- /* send the reply */
- /* We don't reuse the encoded answer if either the previous or current
- * response has a local alias. We could compare the alias records
- * and still reuse the previous answer if they are the same, but that
- * would be complicated and error prone for the relatively minor case.
- * So we err on the side of safety. */
- if(prev && prev->qflags == r->qflags &&
- !prev->local_alias && !r->local_alias &&
- prev->edns.edns_present == r->edns.edns_present &&
- prev->edns.bits == r->edns.bits &&
- prev->edns.udp_size == r->edns.udp_size &&
- edns_opt_list_compare(prev->edns.opt_list, r->edns.opt_list)
- == 0) {
- /* if the previous reply is identical to this one, fix ID */
- if(prev->query_reply.c->buffer != r->query_reply.c->buffer)
- sldns_buffer_copy(r->query_reply.c->buffer,
- prev->query_reply.c->buffer);
- sldns_buffer_write_at(r->query_reply.c->buffer, 0,
- &r->qid, sizeof(uint16_t));
- sldns_buffer_write_at(r->query_reply.c->buffer, 12,
- r->qname, m->s.qinfo.qname_len);
- comm_point_send_reply(&r->query_reply);
- } else if(rcode) {
- m->s.qinfo.qname = r->qname;
- m->s.qinfo.local_alias = r->local_alias;
- if(rcode == LDNS_RCODE_SERVFAIL) {
- if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
- rep, rcode, &r->edns, m->s.region))
- r->edns.opt_list = NULL;
- } else {
- if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
- &r->edns, m->s.region))
- r->edns.opt_list = NULL;
- }
- error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo,
- r->qid, r->qflags, &r->edns);
- comm_point_send_reply(&r->query_reply);
- } else {
- size_t udp_size = r->edns.udp_size;
- r->edns.edns_version = EDNS_ADVERTISED_VERSION;
- r->edns.udp_size = EDNS_ADVERTISED_SIZE;
- r->edns.ext_rcode = 0;
- r->edns.bits &= EDNS_DO;
- m->s.qinfo.qname = r->qname;
- m->s.qinfo.local_alias = r->local_alias;
- if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep,
- LDNS_RCODE_NOERROR, &r->edns, m->s.region) ||
- !reply_info_answer_encode(&m->s.qinfo, rep, r->qid,
- r->qflags, r->query_reply.c->buffer, 0, 1,
- m->s.env->scratch, udp_size, &r->edns,
- (int)(r->edns.bits & EDNS_DO), secure))
- {
- if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
- rep, LDNS_RCODE_SERVFAIL, &r->edns, m->s.region))
- r->edns.opt_list = NULL;
- error_encode(r->query_reply.c->buffer,
- LDNS_RCODE_SERVFAIL, &m->s.qinfo, r->qid,
- r->qflags, &r->edns);
- }
- r->edns = edns_bak;
- comm_point_send_reply(&r->query_reply);
- }
- /* account */
- m->s.env->mesh->num_reply_addrs--;
- end_time = *m->s.env->now_tv;
- timeval_subtract(&duration, &end_time, &r->start_time);
- verbose(VERB_ALGO, "query took " ARG_LL "d.%6.6d sec",
- (long long)duration.tv_sec, (int)duration.tv_usec);
- m->s.env->mesh->replies_sent++;
- timeval_add(&m->s.env->mesh->replies_sum_wait, &duration);
- timehist_insert(m->s.env->mesh->histogram, &duration);
- if(m->s.env->cfg->stat_extended) {
- uint16_t rc = FLAGS_GET_RCODE(sldns_buffer_read_u16_at(r->
- query_reply.c->buffer, 2));
- if(secure) m->s.env->mesh->ans_secure++;
- m->s.env->mesh->ans_rcode[ rc ] ++;
- if(rc == 0 && LDNS_ANCOUNT(sldns_buffer_begin(r->
- query_reply.c->buffer)) == 0)
- m->s.env->mesh->ans_nodata++;
- }
- /* Log reply sent */
- if(m->s.env->cfg->log_replies) {
- log_reply_info(0, &m->s.qinfo, &r->query_reply.addr,
- r->query_reply.addrlen, duration, 0,
- r->query_reply.c->buffer);
- }
-}
-
-void mesh_query_done(struct mesh_state* mstate)
-{
- struct mesh_reply* r;
- struct mesh_reply* prev = NULL;
- struct mesh_cb* c;
- struct reply_info* rep = (mstate->s.return_msg?
- mstate->s.return_msg->rep:NULL);
- for(r = mstate->reply_list; r; r = r->next) {
- /* if a response-ip address block has been stored the
- * information should be logged for each client. */
- if(mstate->s.respip_action_info &&
- mstate->s.respip_action_info->addrinfo) {
- respip_inform_print(mstate->s.respip_action_info->addrinfo,
- r->qname, mstate->s.qinfo.qtype,
- mstate->s.qinfo.qclass, r->local_alias,
- &r->query_reply);
- }
-
- /* if this query is determined to be dropped during the
- * mesh processing, this is the point to take that action. */
- if(mstate->s.is_drop)
- comm_point_drop_reply(&r->query_reply);
- else {
- mesh_send_reply(mstate, mstate->s.return_rcode, rep,
- r, prev);
- prev = r;
- }
- }
- mstate->replies_sent = 1;
- for(c = mstate->cb_list; c; c = c->next) {
- mesh_do_callback(mstate, mstate->s.return_rcode, rep, c);
- }
-}
-
-void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate)
-{
- struct mesh_state_ref* ref;
- RBTREE_FOR(ref, struct mesh_state_ref*, &mstate->super_set)
- {
- /* make super runnable */
- (void)rbtree_insert(&mesh->run, &ref->s->run_node);
- /* callback the function to inform super of result */
- fptr_ok(fptr_whitelist_mod_inform_super(
- mesh->mods.mod[ref->s->s.curmod]->inform_super));
- (*mesh->mods.mod[ref->s->s.curmod]->inform_super)(&mstate->s,
- ref->s->s.curmod, &ref->s->s);
- }
-}
-
-struct mesh_state* mesh_area_find(struct mesh_area* mesh,
- struct respip_client_info* cinfo, struct query_info* qinfo,
- uint16_t qflags, int prime, int valrec)
-{
- struct mesh_state key;
- struct mesh_state* result;
-
- key.node.key = &key;
- key.s.is_priming = prime;
- key.s.is_valrec = valrec;
- key.s.qinfo = *qinfo;
- key.s.query_flags = qflags;
- /* We are searching for a similar mesh state when we DO want to
- * aggregate the state. Thus unique is set to NULL. (default when we
- * desire aggregation).*/
- key.unique = NULL;
- key.s.client_info = cinfo;
-
- result = (struct mesh_state*)rbtree_search(&mesh->all, &key);
- return result;
-}
-
-int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns,
- sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg,
- uint16_t qid, uint16_t qflags)
-{
- struct mesh_cb* r = regional_alloc(s->s.region,
- sizeof(struct mesh_cb));
- if(!r)
- return 0;
- r->buf = buf;
- log_assert(fptr_whitelist_mesh_cb(cb)); /* early failure ifmissing*/
- r->cb = cb;
- r->cb_arg = cb_arg;
- r->edns = *edns;
- if(edns->opt_list) {
- r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
- s->s.region);
- if(!r->edns.opt_list)
- return 0;
- }
- r->qid = qid;
- r->qflags = qflags;
- r->next = s->cb_list;
- s->cb_list = r;
- return 1;
-
-}
-
-int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns,
- struct comm_reply* rep, uint16_t qid, uint16_t qflags,
- const struct query_info* qinfo)
-{
- struct mesh_reply* r = regional_alloc(s->s.region,
- sizeof(struct mesh_reply));
- if(!r)
- return 0;
- r->query_reply = *rep;
- r->edns = *edns;
- if(edns->opt_list) {
- r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
- s->s.region);
- if(!r->edns.opt_list)
- return 0;
- }
- r->qid = qid;
- r->qflags = qflags;
- r->start_time = *s->s.env->now_tv;
- r->next = s->reply_list;
- r->qname = regional_alloc_init(s->s.region, qinfo->qname,
- s->s.qinfo.qname_len);
- if(!r->qname)
- return 0;
-
- /* Data related to local alias stored in 'qinfo' (if any) is ephemeral
- * and can be different for different original queries (even if the
- * replaced query name is the same). So we need to make a deep copy
- * and store the copy for each reply info. */
- if(qinfo->local_alias) {
- struct packed_rrset_data* d;
- struct packed_rrset_data* dsrc;
- r->local_alias = regional_alloc_zero(s->s.region,
- sizeof(*qinfo->local_alias));
- if(!r->local_alias)
- return 0;
- r->local_alias->rrset = regional_alloc_init(s->s.region,
- qinfo->local_alias->rrset,
- sizeof(*qinfo->local_alias->rrset));
- if(!r->local_alias->rrset)
- return 0;
- dsrc = qinfo->local_alias->rrset->entry.data;
-
- /* In the current implementation, a local alias must be
- * a single CNAME RR (see worker_handle_request()). */
- log_assert(!qinfo->local_alias->next && dsrc->count == 1 &&
- qinfo->local_alias->rrset->rk.type ==
- htons(LDNS_RR_TYPE_CNAME));
- /* Technically, we should make a local copy for the owner
- * name of the RRset, but in the case of the first (and
- * currently only) local alias RRset, the owner name should
- * point to the qname of the corresponding query, which should
- * be valid throughout the lifetime of this mesh_reply. So
- * we can skip copying. */
- log_assert(qinfo->local_alias->rrset->rk.dname ==
- sldns_buffer_at(rep->c->buffer, LDNS_HEADER_SIZE));
-
- d = regional_alloc_init(s->s.region, dsrc,
- sizeof(struct packed_rrset_data)
- + sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t));
- if(!d)
- return 0;
- r->local_alias->rrset->entry.data = d;
- d->rr_len = (size_t*)((uint8_t*)d +
- sizeof(struct packed_rrset_data));
- d->rr_data = (uint8_t**)&(d->rr_len[1]);
- d->rr_ttl = (time_t*)&(d->rr_data[1]);
- d->rr_len[0] = dsrc->rr_len[0];
- d->rr_ttl[0] = dsrc->rr_ttl[0];
- d->rr_data[0] = regional_alloc_init(s->s.region,
- dsrc->rr_data[0], d->rr_len[0]);
- if(!d->rr_data[0])
- return 0;
- } else
- r->local_alias = NULL;
-
- s->reply_list = r;
- return 1;
-}
-
-/**
- * Continue processing the mesh state at another module.
- * Handles module to modules tranfer of control.
- * Handles module finished.
- * @param mesh: the mesh area.
- * @param mstate: currently active mesh state.
- * Deleted if finished, calls _done and _supers to
- * send replies to clients and inform other mesh states.
- * This in turn may create additional runnable mesh states.
- * @param s: state at which the current module exited.
- * @param ev: the event sent to the module.
- * returned is the event to send to the next module.
- * @return true if continue processing at the new module.
- * false if not continued processing is needed.
- */
-static int
-mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate,
- enum module_ext_state s, enum module_ev* ev)
-{
- mstate->num_activated++;
- if(mstate->num_activated > MESH_MAX_ACTIVATION) {
- /* module is looping. Stop it. */
- log_err("internal error: looping module stopped");
- log_query_info(VERB_QUERY, "pass error for qstate",
- &mstate->s.qinfo);
- s = module_error;
- }
- if(s == module_wait_module || s == module_restart_next) {
- /* start next module */
- mstate->s.curmod++;
- if(mesh->mods.num == mstate->s.curmod) {
- log_err("Cannot pass to next module; at last module");
- log_query_info(VERB_QUERY, "pass error for qstate",
- &mstate->s.qinfo);
- mstate->s.curmod--;
- return mesh_continue(mesh, mstate, module_error, ev);
- }
- if(s == module_restart_next) {
- int curmod = mstate->s.curmod;
- for(; mstate->s.curmod < mesh->mods.num;
- mstate->s.curmod++) {
- fptr_ok(fptr_whitelist_mod_clear(
- mesh->mods.mod[mstate->s.curmod]->clear));
- (*mesh->mods.mod[mstate->s.curmod]->clear)
- (&mstate->s, mstate->s.curmod);
- mstate->s.minfo[mstate->s.curmod] = NULL;
- }
- mstate->s.curmod = curmod;
- }
- *ev = module_event_pass;
- return 1;
- }
- if(s == module_wait_subquery && mstate->sub_set.count == 0) {
- log_err("module cannot wait for subquery, subquery list empty");
- log_query_info(VERB_QUERY, "pass error for qstate",
- &mstate->s.qinfo);
- s = module_error;
- }
- if(s == module_error && mstate->s.return_rcode == LDNS_RCODE_NOERROR) {
- /* error is bad, handle pass back up below */
- mstate->s.return_rcode = LDNS_RCODE_SERVFAIL;
- }
- if(s == module_error || s == module_finished) {
- if(mstate->s.curmod == 0) {
- mesh_query_done(mstate);
- mesh_walk_supers(mesh, mstate);
- mesh_state_delete(&mstate->s);
- return 0;
- }
- /* pass along the locus of control */
- mstate->s.curmod --;
- *ev = module_event_moddone;
- return 1;
- }
- return 0;
-}
-
-void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate,
- enum module_ev ev, struct outbound_entry* e)
-{
- enum module_ext_state s;
- verbose(VERB_ALGO, "mesh_run: start");
- while(mstate) {
- /* run the module */
- fptr_ok(fptr_whitelist_mod_operate(
- mesh->mods.mod[mstate->s.curmod]->operate));
- (*mesh->mods.mod[mstate->s.curmod]->operate)
- (&mstate->s, ev, mstate->s.curmod, e);
-
- /* examine results */
- mstate->s.reply = NULL;
- regional_free_all(mstate->s.env->scratch);
- s = mstate->s.ext_state[mstate->s.curmod];
- verbose(VERB_ALGO, "mesh_run: %s module exit state is %s",
- mesh->mods.mod[mstate->s.curmod]->name, strextstate(s));
- e = NULL;
- if(mesh_continue(mesh, mstate, s, &ev))
- continue;
-
- /* run more modules */
- ev = module_event_pass;
- if(mesh->run.count > 0) {
- /* pop random element off the runnable tree */
- mstate = (struct mesh_state*)mesh->run.root->key;
- (void)rbtree_delete(&mesh->run, mstate);
- } else mstate = NULL;
- }
- if(verbosity >= VERB_ALGO) {
- mesh_stats(mesh, "mesh_run: end");
- mesh_log_list(mesh);
- }
-}
-
-void
-mesh_log_list(struct mesh_area* mesh)
-{
- char buf[30];
- struct mesh_state* m;
- int num = 0;
- RBTREE_FOR(m, struct mesh_state*, &mesh->all) {
- snprintf(buf, sizeof(buf), "%d%s%s%s%s%s%s mod%d %s%s",
- num++, (m->s.is_priming)?"p":"", /* prime */
- (m->s.is_valrec)?"v":"", /* prime */
- (m->s.query_flags&BIT_RD)?"RD":"",
- (m->s.query_flags&BIT_CD)?"CD":"",
- (m->super_set.count==0)?"d":"", /* detached */
- (m->sub_set.count!=0)?"c":"", /* children */
- m->s.curmod, (m->reply_list)?"rep":"", /*hasreply*/
- (m->cb_list)?"cb":"" /* callbacks */
- );
- log_query_info(VERB_ALGO, buf, &m->s.qinfo);
- }
-}
-
-void
-mesh_stats(struct mesh_area* mesh, const char* str)
-{
- verbose(VERB_DETAIL, "%s %u recursion states (%u with reply, "
- "%u detached), %u waiting replies, %u recursion replies "
- "sent, %d replies dropped, %d states jostled out",
- str, (unsigned)mesh->all.count,
- (unsigned)mesh->num_reply_states,
- (unsigned)mesh->num_detached_states,
- (unsigned)mesh->num_reply_addrs,
- (unsigned)mesh->replies_sent,
- (unsigned)mesh->stats_dropped,
- (unsigned)mesh->stats_jostled);
- if(mesh->replies_sent > 0) {
- struct timeval avg;
- timeval_divide(&avg, &mesh->replies_sum_wait,
- mesh->replies_sent);
- log_info("average recursion processing time "
- ARG_LL "d.%6.6d sec",
- (long long)avg.tv_sec, (int)avg.tv_usec);
- log_info("histogram of recursion processing times");
- timehist_log(mesh->histogram, "recursions");
- }
-}
-
-void
-mesh_stats_clear(struct mesh_area* mesh)
-{
- if(!mesh)
- return;
- mesh->replies_sent = 0;
- mesh->replies_sum_wait.tv_sec = 0;
- mesh->replies_sum_wait.tv_usec = 0;
- mesh->stats_jostled = 0;
- mesh->stats_dropped = 0;
- timehist_clear(mesh->histogram);
- mesh->ans_secure = 0;
- mesh->ans_bogus = 0;
- memset(&mesh->ans_rcode[0], 0, sizeof(size_t)*16);
- mesh->ans_nodata = 0;
-}
-
-size_t
-mesh_get_mem(struct mesh_area* mesh)
-{
- struct mesh_state* m;
- size_t s = sizeof(*mesh) + sizeof(struct timehist) +
- sizeof(struct th_buck)*mesh->histogram->num +
- sizeof(sldns_buffer) + sldns_buffer_capacity(mesh->qbuf_bak);
- RBTREE_FOR(m, struct mesh_state*, &mesh->all) {
- /* all, including m itself allocated in qstate region */
- s += regional_get_mem(m->s.region);
- }
- return s;
-}
-
-int
-mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo,
- uint16_t flags, int prime, int valrec)
-{
- struct mesh_area* mesh = qstate->env->mesh;
- struct mesh_state* dep_m = NULL;
- if(!mesh_state_is_unique(qstate->mesh_info))
- dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec);
- return mesh_detect_cycle_found(qstate, dep_m);
-}
-
-void mesh_list_insert(struct mesh_state* m, struct mesh_state** fp,
- struct mesh_state** lp)
-{
- /* insert as last element */
- m->prev = *lp;
- m->next = NULL;
- if(*lp)
- (*lp)->next = m;
- else *fp = m;
- *lp = m;
-}
-
-void mesh_list_remove(struct mesh_state* m, struct mesh_state** fp,
- struct mesh_state** lp)
-{
- if(m->next)
- m->next->prev = m->prev;
- else *lp = m->prev;
- if(m->prev)
- m->prev->next = m->next;
- else *fp = m->next;
-}
diff --git a/external/unbound/services/mesh.h b/external/unbound/services/mesh.h
deleted file mode 100644
index 1c7794532..000000000
--- a/external/unbound/services/mesh.h
+++ /dev/null
@@ -1,607 +0,0 @@
-/*
- * services/mesh.h - deal with mesh of query states and handle events for that.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to assist in dealing with a mesh of
- * query states. This mesh is supposed to be thread-specific.
- * It consists of query states (per qname, qtype, qclass) and connections
- * between query states and the super and subquery states, and replies to
- * send back to clients.
- */
-
-#ifndef SERVICES_MESH_H
-#define SERVICES_MESH_H
-
-#include "util/rbtree.h"
-#include "util/netevent.h"
-#include "util/data/msgparse.h"
-#include "util/module.h"
-#include "services/modstack.h"
-struct sldns_buffer;
-struct mesh_state;
-struct mesh_reply;
-struct mesh_cb;
-struct query_info;
-struct reply_info;
-struct outbound_entry;
-struct timehist;
-struct respip_client_info;
-
-/**
- * Maximum number of mesh state activations. Any more is likely an
- * infinite loop in the module. It is then terminated.
- */
-#define MESH_MAX_ACTIVATION 3000
-
-/**
- * Max number of references-to-references-to-references.. search size.
- * Any more is treated like 'too large', and the creation of a new
- * dependency is failed (so that no loops can be created).
- */
-#define MESH_MAX_SUBSUB 1024
-
-/**
- * Mesh of query states
- */
-struct mesh_area {
- /** active module stack */
- struct module_stack mods;
- /** environment for new states */
- struct module_env* env;
-
- /** set of runnable queries (mesh_state.run_node) */
- rbtree_type run;
- /** rbtree of all current queries (mesh_state.node)*/
- rbtree_type all;
-
- /** count of the total number of mesh_reply entries */
- size_t num_reply_addrs;
- /** count of the number of mesh_states that have mesh_replies
- * Because a state can send results to multiple reply addresses,
- * this number must be equal or lower than num_reply_addrs. */
- size_t num_reply_states;
- /** number of mesh_states that have no mesh_replies, and also
- * an empty set of super-states, thus are 'toplevel' or detached
- * internal opportunistic queries */
- size_t num_detached_states;
- /** number of reply states in the forever list */
- size_t num_forever_states;
-
- /** max total number of reply states to have */
- size_t max_reply_states;
- /** max forever number of reply states to have */
- size_t max_forever_states;
-
- /** stats, cumulative number of reply states jostled out */
- size_t stats_jostled;
- /** stats, cumulative number of incoming client msgs dropped */
- size_t stats_dropped;
- /** number of replies sent */
- size_t replies_sent;
- /** sum of waiting times for the replies */
- struct timeval replies_sum_wait;
- /** histogram of time values */
- struct timehist* histogram;
- /** (extended stats) secure replies */
- size_t ans_secure;
- /** (extended stats) bogus replies */
- size_t ans_bogus;
- /** (extended stats) rcodes in replies */
- size_t ans_rcode[16];
- /** (extended stats) rcode nodata in replies */
- size_t ans_nodata;
-
- /** backup of query if other operations recurse and need the
- * network buffers */
- struct sldns_buffer* qbuf_bak;
-
- /** double linked list of the run-to-completion query states.
- * These are query states with a reply */
- struct mesh_state* forever_first;
- /** last entry in run forever list */
- struct mesh_state* forever_last;
-
- /** double linked list of the query states that can be jostled out
- * by new queries if too old. These are query states with a reply */
- struct mesh_state* jostle_first;
- /** last entry in jostle list - this is the entry that is newest */
- struct mesh_state* jostle_last;
- /** timeout for jostling. if age is lower, it does not get jostled. */
- struct timeval jostle_max;
-};
-
-/**
- * A mesh query state
- * Unique per qname, qtype, qclass (from the qstate).
- * And RD / CD flag; in case a client turns it off.
- * And priming queries are different from ordinary queries (because of hints).
- *
- * The entire structure is allocated in a region, this region is the qstate
- * region. All parts (rbtree nodes etc) are also allocated in the region.
- */
-struct mesh_state {
- /** node in mesh_area all tree, key is this struct. Must be first. */
- rbnode_type node;
- /** node in mesh_area runnable tree, key is this struct */
- rbnode_type run_node;
- /** the query state. Note that the qinfo and query_flags
- * may not change. */
- struct module_qstate s;
- /** the list of replies to clients for the results */
- struct mesh_reply* reply_list;
- /** the list of callbacks for the results */
- struct mesh_cb* cb_list;
- /** set of superstates (that want this state's result)
- * contains struct mesh_state_ref* */
- rbtree_type super_set;
- /** set of substates (that this state needs to continue)
- * contains struct mesh_state_ref* */
- rbtree_type sub_set;
- /** number of activations for the mesh state */
- size_t num_activated;
-
- /** previous in linked list for reply states */
- struct mesh_state* prev;
- /** next in linked list for reply states */
- struct mesh_state* next;
- /** if this state is in the forever list, jostle list, or neither */
- enum mesh_list_select { mesh_no_list, mesh_forever_list,
- mesh_jostle_list } list_select;
- /** pointer to this state for uniqueness or NULL */
- struct mesh_state* unique;
-
- /** true if replies have been sent out (at end for alignment) */
- uint8_t replies_sent;
-};
-
-/**
- * Rbtree reference to a mesh_state.
- * Used in super_set and sub_set.
- */
-struct mesh_state_ref {
- /** node in rbtree for set, key is this structure */
- rbnode_type node;
- /** the mesh state */
- struct mesh_state* s;
-};
-
-/**
- * Reply to a client
- */
-struct mesh_reply {
- /** next in reply list */
- struct mesh_reply* next;
- /** the query reply destination, packet buffer and where to send. */
- struct comm_reply query_reply;
- /** edns data from query */
- struct edns_data edns;
- /** the time when request was entered */
- struct timeval start_time;
- /** id of query, in network byteorder. */
- uint16_t qid;
- /** flags of query, for reply flags */
- uint16_t qflags;
- /** qname from this query. len same as mesh qinfo. */
- uint8_t* qname;
- /** same as that in query_info. */
- struct local_rrset* local_alias;
-};
-
-/**
- * Mesh result callback func.
- * called as func(cb_arg, rcode, buffer_with_reply, security, why_bogus);
- */
-typedef void (*mesh_cb_func_type)(void*, int, struct sldns_buffer*, enum sec_status,
- char*);
-
-/**
- * Callback to result routine
- */
-struct mesh_cb {
- /** next in list */
- struct mesh_cb* next;
- /** edns data from query */
- struct edns_data edns;
- /** id of query, in network byteorder. */
- uint16_t qid;
- /** flags of query, for reply flags */
- uint16_t qflags;
- /** buffer for reply */
- struct sldns_buffer* buf;
-
- /** callback routine for results. if rcode != 0 buf has message.
- * called as cb(cb_arg, rcode, buf, sec_state);
- */
- mesh_cb_func_type cb;
- /** user arg for callback */
- void* cb_arg;
-};
-
-/* ------------------- Functions for worker -------------------- */
-
-/**
- * Allocate mesh, to empty.
- * @param stack: module stack to activate, copied (as readonly reference).
- * @param env: environment for new queries.
- * @return mesh: the new mesh or NULL on error.
- */
-struct mesh_area* mesh_create(struct module_stack* stack,
- struct module_env* env);
-
-/**
- * Delete mesh, and all query states and replies in it.
- * @param mesh: the mesh to delete.
- */
-void mesh_delete(struct mesh_area* mesh);
-
-/**
- * New query incoming from clients. Create new query state if needed, and
- * add mesh_reply to it. Returns error to client on malloc failures.
- * Will run the mesh area queries to process if a new query state is created.
- *
- * @param mesh: the mesh.
- * @param qinfo: query from client.
- * @param cinfo: additional information associated with the query client.
- * 'cinfo' itself is ephemeral but data pointed to by its members
- * can be assumed to be valid and unchanged until the query processing is
- * completed.
- * @param qflags: flags from client query.
- * @param edns: edns data from client query.
- * @param rep: where to reply to.
- * @param qid: query id to reply with.
- */
-void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
- struct respip_client_info* cinfo, uint16_t qflags,
- struct edns_data* edns, struct comm_reply* rep, uint16_t qid);
-
-/**
- * New query with callback. Create new query state if needed, and
- * add mesh_cb to it.
- * Will run the mesh area queries to process if a new query state is created.
- *
- * @param mesh: the mesh.
- * @param qinfo: query from client.
- * @param qflags: flags from client query.
- * @param edns: edns data from client query.
- * @param buf: buffer for reply contents.
- * @param qid: query id to reply with.
- * @param cb: callback function.
- * @param cb_arg: callback user arg.
- * @return 0 on error.
- */
-int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo,
- uint16_t qflags, struct edns_data* edns, struct sldns_buffer* buf,
- uint16_t qid, mesh_cb_func_type cb, void* cb_arg);
-
-/**
- * New prefetch message. Create new query state if needed.
- * Will run the mesh area queries to process if a new query state is created.
- *
- * @param mesh: the mesh.
- * @param qinfo: query from client.
- * @param qflags: flags from client query.
- * @param leeway: TTL leeway what to expire earlier for this update.
- */
-void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo,
- uint16_t qflags, time_t leeway);
-
-/**
- * Handle new event from the wire. A serviced query has returned.
- * The query state will be made runnable, and the mesh_area will process
- * query states until processing is complete.
- *
- * @param mesh: the query mesh.
- * @param e: outbound entry, with query state to run and reply pointer.
- * @param reply: the comm point reply info.
- * @param what: NETEVENT_* error code (if not 0, what is wrong, TIMEOUT).
- */
-void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e,
- struct comm_reply* reply, int what);
-
-/* ------------------- Functions for module environment --------------- */
-
-/**
- * Detach-subqueries.
- * Remove all sub-query references from this query state.
- * Keeps super-references of those sub-queries correct.
- * Updates stat items in mesh_area structure.
- * @param qstate: used to find mesh state.
- */
-void mesh_detach_subs(struct module_qstate* qstate);
-
-/**
- * Attach subquery.
- * Creates it if it does not exist already.
- * Keeps sub and super references correct.
- * Performs a cycle detection - for double check - and fails if there is one.
- * Also fails if the sub-sub-references become too large.
- * Updates stat items in mesh_area structure.
- * Pass if it is priming query or not.
- * return:
- * o if error (malloc) happened.
- * o need to initialise the new state (module init; it is a new state).
- * so that the next run of the query with this module is successful.
- * o no init needed, attachment successful.
- *
- * @param qstate: the state to find mesh state, and that wants to receive
- * the results from the new subquery.
- * @param qinfo: what to query for (copied).
- * @param qflags: what flags to use (RD / CD flag or not).
- * @param prime: if it is a (stub) priming query.
- * @param valrec: if it is a validation recursion query (lookup of key, DS).
- * @param newq: If the new subquery needs initialisation, it is returned,
- * otherwise NULL is returned.
- * @return: false on error, true if success (and init may be needed).
- */
-int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
- uint16_t qflags, int prime, int valrec, struct module_qstate** newq);
-
-/**
- * Query state is done, send messages to reply entries.
- * Encode messages using reply entry values and the querystate (with original
- * qinfo), using given reply_info.
- * Pass errcode != 0 if an error reply is needed.
- * If no reply entries, nothing is done.
- * Must be called before a module can module_finished or return module_error.
- * The module must handle the super query states itself as well.
- *
- * @param mstate: mesh state that is done. return_rcode and return_msg
- * are used for replies.
- * return_rcode: if not 0 (NOERROR) an error is sent back (and
- * return_msg is ignored).
- * return_msg: reply to encode and send back to clients.
- */
-void mesh_query_done(struct mesh_state* mstate);
-
-/**
- * Call inform_super for the super query states that are interested in the
- * results from this query state. These can then be changed for error
- * or results.
- * Called when a module is module_finished or returns module_error.
- * The super query states become runnable with event module_event_pass,
- * it calls the current module for the super with the inform_super event.
- *
- * @param mesh: mesh area to add newly runnable modules to.
- * @param mstate: the state that has results, used to find mesh state.
- */
-void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate);
-
-/**
- * Delete mesh state, cleanup and also rbtrees and so on.
- * Will detach from all super/subnodes.
- * @param qstate: to remove.
- */
-void mesh_state_delete(struct module_qstate* qstate);
-
-/* ------------------- Functions for mesh -------------------- */
-
-/**
- * Create and initialize a new mesh state and its query state
- * Does not put the mesh state into rbtrees and so on.
- * @param env: module environment to set.
- * @param qinfo: query info that the mesh is for.
- * @param cinfo: control info for the query client (can be NULL).
- * @param qflags: flags for query (RD / CD flag).
- * @param prime: if true, it is a priming query, set is_priming on mesh state.
- * @param valrec: if true, it is a validation recursion query, and sets
- * is_valrec on the mesh state.
- * @return: new mesh state or NULL on allocation error.
- */
-struct mesh_state* mesh_state_create(struct module_env* env,
- struct query_info* qinfo, struct respip_client_info* cinfo,
- uint16_t qflags, int prime, int valrec);
-
-/**
- * Check if the mesh state is unique.
- * A unique mesh state uses it's unique member to point to itself, else NULL.
- * @param mstate: mesh state to check.
- * @return true if the mesh state is unique, false otherwise.
- */
-int mesh_state_is_unique(struct mesh_state* mstate);
-
-/**
- * Make a mesh state unique.
- * A unique mesh state uses it's unique member to point to itself.
- * @param mstate: mesh state to check.
- */
-void mesh_state_make_unique(struct mesh_state* mstate);
-
-/**
- * Cleanup a mesh state and its query state. Does not do rbtree or
- * reference cleanup.
- * @param mstate: mesh state to cleanup. Its pointer may no longer be used
- * afterwards. Cleanup rbtrees before calling this function.
- */
-void mesh_state_cleanup(struct mesh_state* mstate);
-
-/**
- * Delete all mesh states from the mesh.
- * @param mesh: the mesh area to clear
- */
-void mesh_delete_all(struct mesh_area* mesh);
-
-/**
- * Find a mesh state in the mesh area. Pass relevant flags.
- *
- * @param mesh: the mesh area to look in.
- * @param cinfo: if non-NULL client specific info that may affect IP-based
- * actions that apply to the query result.
- * @param qinfo: what query
- * @param qflags: if RD / CD bit is set or not.
- * @param prime: if it is a priming query.
- * @param valrec: if it is a validation-recursion query.
- * @return: mesh state or NULL if not found.
- */
-struct mesh_state* mesh_area_find(struct mesh_area* mesh,
- struct respip_client_info* cinfo, struct query_info* qinfo,
- uint16_t qflags, int prime, int valrec);
-
-/**
- * Setup attachment super/sub relation between super and sub mesh state.
- * The relation must not be present when calling the function.
- * Does not update stat items in mesh_area.
- * @param super: super state.
- * @param sub: sub state.
- * @return: 0 on alloc error.
- */
-int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub);
-
-/**
- * Create new reply structure and attach it to a mesh state.
- * Does not update stat items in mesh area.
- * @param s: the mesh state.
- * @param edns: edns data for reply (bufsize).
- * @param rep: comm point reply info.
- * @param qid: ID of reply.
- * @param qflags: original query flags.
- * @param qinfo: original query info.
- * @return: 0 on alloc error.
- */
-int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns,
- struct comm_reply* rep, uint16_t qid, uint16_t qflags,
- const struct query_info* qinfo);
-
-/**
- * Create new callback structure and attach it to a mesh state.
- * Does not update stat items in mesh area.
- * @param s: the mesh state.
- * @param edns: edns data for reply (bufsize).
- * @param buf: buffer for reply
- * @param cb: callback to call with results.
- * @param cb_arg: callback user arg.
- * @param qid: ID of reply.
- * @param qflags: original query flags.
- * @return: 0 on alloc error.
- */
-int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns,
- struct sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg,
- uint16_t qid, uint16_t qflags);
-
-/**
- * Run the mesh. Run all runnable mesh states. Which can create new
- * runnable mesh states. Until completion. Automatically called by
- * mesh_report_reply and mesh_new_client as needed.
- * @param mesh: mesh area.
- * @param mstate: first mesh state to run.
- * @param ev: event the mstate. Others get event_pass.
- * @param e: if a reply, its outbound entry.
- */
-void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate,
- enum module_ev ev, struct outbound_entry* e);
-
-/**
- * Print some stats about the mesh to the log.
- * @param mesh: the mesh to print it for.
- * @param str: descriptive string to go with it.
- */
-void mesh_stats(struct mesh_area* mesh, const char* str);
-
-/**
- * Clear the stats that the mesh keeps (number of queries serviced)
- * @param mesh: the mesh
- */
-void mesh_stats_clear(struct mesh_area* mesh);
-
-/**
- * Print all the states in the mesh to the log.
- * @param mesh: the mesh to print all states of.
- */
-void mesh_log_list(struct mesh_area* mesh);
-
-/**
- * Calculate memory size in use by mesh and all queries inside it.
- * @param mesh: the mesh to examine.
- * @return size in bytes.
- */
-size_t mesh_get_mem(struct mesh_area* mesh);
-
-/**
- * Find cycle; see if the given mesh is in the targets sub, or sub-sub, ...
- * trees.
- * If the sub-sub structure is too large, it returns 'a cycle'=2.
- * @param qstate: given mesh querystate.
- * @param qinfo: query info for dependency.
- * @param flags: query flags of dependency.
- * @param prime: if dependency is a priming query or not.
- * @param valrec: if it is a validation recursion query (lookup of key, DS).
- * @return true if the name,type,class exists and the given qstate mesh exists
- * as a dependency of that name. Thus if qstate becomes dependent on
- * name,type,class then a cycle is created, this is return value 1.
- * Too large to search is value 2 (also true).
- */
-int mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo,
- uint16_t flags, int prime, int valrec);
-
-/** compare two mesh_states */
-int mesh_state_compare(const void* ap, const void* bp);
-
-/** compare two mesh references */
-int mesh_state_ref_compare(const void* ap, const void* bp);
-
-/**
- * Make space for another recursion state for a reply in the mesh
- * @param mesh: mesh area
- * @param qbuf: query buffer to save if recursion is invoked to make space.
- * This buffer is necessary, because the following sequence in calls
- * can result in an overwrite of the incoming query:
- * delete_other_mesh_query - iter_clean - serviced_delete - waiting
- * udp query is sent - on error callback - callback sends SERVFAIL reply
- * over the same network channel, and shared UDP buffer is overwritten.
- * You can pass NULL if there is no buffer that must be backed up.
- * @return false if no space is available.
- */
-int mesh_make_new_space(struct mesh_area* mesh, struct sldns_buffer* qbuf);
-
-/**
- * Insert mesh state into a double linked list. Inserted at end.
- * @param m: mesh state.
- * @param fp: pointer to the first-elem-pointer of the list.
- * @param lp: pointer to the last-elem-pointer of the list.
- */
-void mesh_list_insert(struct mesh_state* m, struct mesh_state** fp,
- struct mesh_state** lp);
-
-/**
- * Remove mesh state from a double linked list. Remove from any position.
- * @param m: mesh state.
- * @param fp: pointer to the first-elem-pointer of the list.
- * @param lp: pointer to the last-elem-pointer of the list.
- */
-void mesh_list_remove(struct mesh_state* m, struct mesh_state** fp,
- struct mesh_state** lp);
-
-#endif /* SERVICES_MESH_H */
diff --git a/external/unbound/services/modstack.c b/external/unbound/services/modstack.c
deleted file mode 100644
index 9bebd3a56..000000000
--- a/external/unbound/services/modstack.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * services/modstack.c - stack of modules
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to help maintain a stack of modules.
- */
-#include "config.h"
-#include <ctype.h>
-#include "services/modstack.h"
-#include "util/module.h"
-#include "util/fptr_wlist.h"
-#include "dns64/dns64.h"
-#include "iterator/iterator.h"
-#include "validator/validator.h"
-#include "respip/respip.h"
-
-#ifdef WITH_PYTHONMODULE
-#include "pythonmod/pythonmod.h"
-#endif
-#ifdef USE_CACHEDB
-#include "cachedb/cachedb.h"
-#endif
-#ifdef CLIENT_SUBNET
-#include "edns-subnet/subnetmod.h"
-#endif
-
-/** count number of modules (words) in the string */
-static int
-count_modules(const char* s)
-{
- int num = 0;
- if(!s)
- return 0;
- while(*s) {
- /* skip whitespace */
- while(*s && isspace((unsigned char)*s))
- s++;
- if(*s && !isspace((unsigned char)*s)) {
- /* skip identifier */
- num++;
- while(*s && !isspace((unsigned char)*s))
- s++;
- }
- }
- return num;
-}
-
-void
-modstack_init(struct module_stack* stack)
-{
- stack->num = 0;
- stack->mod = NULL;
-}
-
-int
-modstack_config(struct module_stack* stack, const char* module_conf)
-{
- int i;
- verbose(VERB_QUERY, "module config: \"%s\"", module_conf);
- stack->num = count_modules(module_conf);
- if(stack->num == 0) {
- log_err("error: no modules specified");
- return 0;
- }
- if(stack->num > MAX_MODULE) {
- log_err("error: too many modules (%d max %d)",
- stack->num, MAX_MODULE);
- return 0;
- }
- stack->mod = (struct module_func_block**)calloc((size_t)
- stack->num, sizeof(struct module_func_block*));
- if(!stack->mod) {
- log_err("out of memory");
- return 0;
- }
- for(i=0; i<stack->num; i++) {
- stack->mod[i] = module_factory(&module_conf);
- if(!stack->mod[i]) {
- log_err("Unknown value for next module: '%s'",
- module_conf);
- return 0;
- }
- }
- return 1;
-}
-
-/** The list of module names */
-const char**
-module_list_avail(void)
-{
- /* these are the modules available */
- static const char* names[] = {
- "dns64",
-#ifdef WITH_PYTHONMODULE
- "python",
-#endif
-#ifdef USE_CACHEDB
- "cachedb",
-#endif
-#ifdef CLIENT_SUBNET
- "subnetcache",
-#endif
- "respip",
- "validator",
- "iterator",
- NULL};
- return names;
-}
-
-/** func block get function type */
-typedef struct module_func_block* (*fbgetfunctype)(void);
-
-/** The list of module func blocks */
-static fbgetfunctype*
-module_funcs_avail(void)
-{
- static struct module_func_block* (*fb[])(void) = {
- &dns64_get_funcblock,
-#ifdef WITH_PYTHONMODULE
- &pythonmod_get_funcblock,
-#endif
-#ifdef USE_CACHEDB
- &cachedb_get_funcblock,
-#endif
-#ifdef CLIENT_SUBNET
- &subnetmod_get_funcblock,
-#endif
- &respip_get_funcblock,
- &val_get_funcblock,
- &iter_get_funcblock,
- NULL};
- return fb;
-}
-
-struct
-module_func_block* module_factory(const char** str)
-{
- int i = 0;
- const char* s = *str;
- const char** names = module_list_avail();
- fbgetfunctype* fb = module_funcs_avail();
- while(*s && isspace((unsigned char)*s))
- s++;
- while(names[i]) {
- if(strncmp(names[i], s, strlen(names[i])) == 0) {
- s += strlen(names[i]);
- *str = s;
- return (*fb[i])();
- }
- i++;
- }
- return NULL;
-}
-
-int
-modstack_setup(struct module_stack* stack, const char* module_conf,
- struct module_env* env)
-{
- int i;
- if(stack->num != 0)
- modstack_desetup(stack, env);
- /* fixed setup of the modules */
- if(!modstack_config(stack, module_conf)) {
- return 0;
- }
- env->need_to_validate = 0; /* set by module init below */
- for(i=0; i<stack->num; i++) {
- verbose(VERB_OPS, "init module %d: %s",
- i, stack->mod[i]->name);
- fptr_ok(fptr_whitelist_mod_init(stack->mod[i]->init));
- if(!(*stack->mod[i]->init)(env, i)) {
- log_err("module init for module %s failed",
- stack->mod[i]->name);
- return 0;
- }
- }
- return 1;
-}
-
-void
-modstack_desetup(struct module_stack* stack, struct module_env* env)
-{
- int i;
- for(i=0; i<stack->num; i++) {
- fptr_ok(fptr_whitelist_mod_deinit(stack->mod[i]->deinit));
- (*stack->mod[i]->deinit)(env, i);
- }
- stack->num = 0;
- free(stack->mod);
- stack->mod = NULL;
-}
-
-int
-modstack_find(struct module_stack* stack, const char* name)
-{
- int i;
- for(i=0; i<stack->num; i++) {
- if(strcmp(stack->mod[i]->name, name) == 0)
- return i;
- }
- return -1;
-}
diff --git a/external/unbound/services/modstack.h b/external/unbound/services/modstack.h
deleted file mode 100644
index cb8613299..000000000
--- a/external/unbound/services/modstack.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * services/modstack.h - stack of modules
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to help maintain a stack of modules.
- */
-
-#ifndef SERVICES_MODSTACK_H
-#define SERVICES_MODSTACK_H
-struct module_func_block;
-struct module_env;
-
-/**
- * Stack of modules.
- */
-struct module_stack {
- /** the number of modules */
- int num;
- /** the module callbacks, array of num_modules length (ref only) */
- struct module_func_block** mod;
-};
-
-/**
- * Init a stack of modules
- * @param stack: initialised as empty.
- */
-void modstack_init(struct module_stack* stack);
-
-/**
- * Read config file module settings and set up the modfunc block
- * @param stack: the stack of modules (empty before call).
- * @param module_conf: string what modules to insert.
- * @return false on error
- */
-int modstack_config(struct module_stack* stack, const char* module_conf);
-
-/**
- * Get funcblock for module name
- * @param str: string with module name. Advanced to next value on success.
- * The string is assumed whitespace separated list of module names.
- * @return funcblock or NULL on error.
- */
-struct module_func_block* module_factory(const char** str);
-
-/**
- * Get list of modules available.
- * @return list of modules available. Static strings, ends with NULL.
- */
-const char** module_list_avail(void);
-
-/**
- * Setup modules. Assigns ids and calls module_init.
- * @param stack: if not empty beforehand, it will be desetup()ed.
- * It is then modstack_configged().
- * @param module_conf: string what modules to insert.
- * @param env: module environment which is inited by the modules.
- * environment should have a superalloc, cfg,
- * env.need_to_validate is set by the modules.
- * @return on false a module init failed.
- */
-int modstack_setup(struct module_stack* stack, const char* module_conf,
- struct module_env* env);
-
-/**
- * Desetup the modules, deinit, delete.
- * @param stack: made empty.
- * @param env: module env for module deinit() calls.
- */
-void modstack_desetup(struct module_stack* stack, struct module_env* env);
-
-/**
- * Find index of module by name.
- * @param stack: to look in
- * @param name: the name to look for
- * @return -1 on failure, otherwise index number.
- */
-int modstack_find(struct module_stack* stack, const char* name);
-
-#endif /* SERVICES_MODSTACK_H */
diff --git a/external/unbound/services/outbound_list.c b/external/unbound/services/outbound_list.c
deleted file mode 100644
index ad73380bc..000000000
--- a/external/unbound/services/outbound_list.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * services/outbound_list.c - keep list of outbound serviced queries.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to help a module keep track of the
- * queries it has outstanding to authoritative servers.
- */
-#include "config.h"
-#include <sys/time.h>
-#include "services/outbound_list.h"
-#include "services/outside_network.h"
-
-void
-outbound_list_init(struct outbound_list* list)
-{
- list->first = NULL;
-}
-
-void
-outbound_list_clear(struct outbound_list* list)
-{
- struct outbound_entry *p, *np;
- p = list->first;
- while(p) {
- np = p->next;
- outnet_serviced_query_stop(p->qsent, p);
- /* in region, no free needed */
- p = np;
- }
- outbound_list_init(list);
-}
-
-void
-outbound_list_insert(struct outbound_list* list, struct outbound_entry* e)
-{
- if(list->first)
- list->first->prev = e;
- e->next = list->first;
- e->prev = NULL;
- list->first = e;
-}
-
-void
-outbound_list_remove(struct outbound_list* list, struct outbound_entry* e)
-{
- if(!e)
- return;
- outnet_serviced_query_stop(e->qsent, e);
- if(e->next)
- e->next->prev = e->prev;
- if(e->prev)
- e->prev->next = e->next;
- else list->first = e->next;
- /* in region, no free needed */
-}
diff --git a/external/unbound/services/outbound_list.h b/external/unbound/services/outbound_list.h
deleted file mode 100644
index ad59e42d1..000000000
--- a/external/unbound/services/outbound_list.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * services/outbound_list.h - keep list of outbound serviced queries.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to help a module keep track of the
- * queries it has outstanding to authoritative servers.
- */
-#ifndef SERVICES_OUTBOUND_LIST_H
-#define SERVICES_OUTBOUND_LIST_H
-struct outbound_entry;
-struct serviced_query;
-struct module_qstate;
-
-/**
- * The outbound list. This structure is part of the module specific query
- * state.
- */
-struct outbound_list {
- /** The linked list of outbound query entries. */
- struct outbound_entry* first;
-};
-
-/**
- * Outbound list entry. A serviced query sent by a module processing the
- * query from the qstate. Double linked list to aid removal.
- */
-struct outbound_entry {
- /** next in list */
- struct outbound_entry* next;
- /** prev in list */
- struct outbound_entry* prev;
- /** The query that was sent out */
- struct serviced_query* qsent;
- /** the module query state that sent it */
- struct module_qstate* qstate;
-};
-
-/**
- * Init the user allocated outbound list structure
- * @param list: the list structure.
- */
-void outbound_list_init(struct outbound_list* list);
-
-/**
- * Clear the user owner outbound list structure.
- * Deletes serviced queries.
- * @param list: the list structure. It is cleared, but the list struct itself
- * is callers responsability to delete.
- */
-void outbound_list_clear(struct outbound_list* list);
-
-/**
- * Insert new entry into the list. Caller must allocate the entry with malloc.
- * qstate and qsent are set by caller.
- * @param list: the list to add to.
- * @param e: entry to add, it is only half initialised at call start, fully
- * initialised at call end.
- */
-void outbound_list_insert(struct outbound_list* list,
- struct outbound_entry* e);
-
-/**
- * Remove an entry from the list, and deletes it.
- * Deletes serviced query in the entry.
- * @param list: the list to remove from.
- * @param e: the entry to remove.
- */
-void outbound_list_remove(struct outbound_list* list,
- struct outbound_entry* e);
-
-#endif /* SERVICES_OUTBOUND_LIST_H */
diff --git a/external/unbound/services/outside_network.c b/external/unbound/services/outside_network.c
deleted file mode 100644
index 426e87b3e..000000000
--- a/external/unbound/services/outside_network.c
+++ /dev/null
@@ -1,2183 +0,0 @@
-/*
- * services/outside_network.c - implement sending of queries and wait answer.
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file has functions to send queries to authoritative servers and
- * wait for the pending answer events.
- */
-#include "config.h"
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#include <sys/time.h>
-#include "services/outside_network.h"
-#include "services/listen_dnsport.h"
-#include "services/cache/infra.h"
-#include "util/data/msgparse.h"
-#include "util/data/msgreply.h"
-#include "util/data/msgencode.h"
-#include "util/data/dname.h"
-#include "util/netevent.h"
-#include "util/log.h"
-#include "util/net_help.h"
-#include "util/random.h"
-#include "util/fptr_wlist.h"
-#include "sldns/sbuffer.h"
-#include "dnstap/dnstap.h"
-#ifdef HAVE_OPENSSL_SSL_H
-#include <openssl/ssl.h>
-#endif
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#include <fcntl.h>
-
-/** number of times to retry making a random ID that is unique. */
-#define MAX_ID_RETRY 1000
-/** number of times to retry finding interface, port that can be opened. */
-#define MAX_PORT_RETRY 10000
-/** number of retries on outgoing UDP queries */
-#define OUTBOUND_UDP_RETRY 1
-
-/** initiate TCP transaction for serviced query */
-static void serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff);
-/** with a fd available, randomize and send UDP */
-static int randomize_and_send_udp(struct pending* pend, sldns_buffer* packet,
- int timeout);
-
-/** remove waiting tcp from the outnet waiting list */
-static void waiting_list_remove(struct outside_network* outnet,
- struct waiting_tcp* w);
-
-int
-pending_cmp(const void* key1, const void* key2)
-{
- struct pending *p1 = (struct pending*)key1;
- struct pending *p2 = (struct pending*)key2;
- if(p1->id < p2->id)
- return -1;
- if(p1->id > p2->id)
- return 1;
- log_assert(p1->id == p2->id);
- return sockaddr_cmp(&p1->addr, p1->addrlen, &p2->addr, p2->addrlen);
-}
-
-int
-serviced_cmp(const void* key1, const void* key2)
-{
- struct serviced_query* q1 = (struct serviced_query*)key1;
- struct serviced_query* q2 = (struct serviced_query*)key2;
- int r;
- if(q1->qbuflen < q2->qbuflen)
- return -1;
- if(q1->qbuflen > q2->qbuflen)
- return 1;
- log_assert(q1->qbuflen == q2->qbuflen);
- log_assert(q1->qbuflen >= 15 /* 10 header, root, type, class */);
- /* alternate casing of qname is still the same query */
- if((r = memcmp(q1->qbuf, q2->qbuf, 10)) != 0)
- return r;
- if((r = memcmp(q1->qbuf+q1->qbuflen-4, q2->qbuf+q2->qbuflen-4, 4)) != 0)
- return r;
- if(q1->dnssec != q2->dnssec) {
- if(q1->dnssec < q2->dnssec)
- return -1;
- return 1;
- }
- if((r = query_dname_compare(q1->qbuf+10, q2->qbuf+10)) != 0)
- return r;
- if((r = edns_opt_list_compare(q1->opt_list, q2->opt_list)) != 0)
- return r;
- return sockaddr_cmp(&q1->addr, q1->addrlen, &q2->addr, q2->addrlen);
-}
-
-/** delete waiting_tcp entry. Does not unlink from waiting list.
- * @param w: to delete.
- */
-static void
-waiting_tcp_delete(struct waiting_tcp* w)
-{
- if(!w) return;
- if(w->timer)
- comm_timer_delete(w->timer);
- free(w);
-}
-
-/**
- * Pick random outgoing-interface of that family, and bind it.
- * port set to 0 so OS picks a port number for us.
- * if it is the ANY address, do not bind.
- * @param w: tcp structure with destination address.
- * @param s: socket fd.
- * @return false on error, socket closed.
- */
-static int
-pick_outgoing_tcp(struct waiting_tcp* w, int s)
-{
- struct port_if* pi = NULL;
- int num;
-#ifdef INET6
- if(addr_is_ip6(&w->addr, w->addrlen))
- num = w->outnet->num_ip6;
- else
-#endif
- num = w->outnet->num_ip4;
- if(num == 0) {
- log_err("no TCP outgoing interfaces of family");
- log_addr(VERB_OPS, "for addr", &w->addr, w->addrlen);
-#ifndef USE_WINSOCK
- close(s);
-#else
- closesocket(s);
-#endif
- return 0;
- }
-#ifdef INET6
- if(addr_is_ip6(&w->addr, w->addrlen))
- pi = &w->outnet->ip6_ifs[ub_random_max(w->outnet->rnd, num)];
- else
-#endif
- pi = &w->outnet->ip4_ifs[ub_random_max(w->outnet->rnd, num)];
- log_assert(pi);
- if(addr_is_any(&pi->addr, pi->addrlen)) {
- /* binding to the ANY interface is for listening sockets */
- return 1;
- }
- /* set port to 0 */
- if(addr_is_ip6(&pi->addr, pi->addrlen))
- ((struct sockaddr_in6*)&pi->addr)->sin6_port = 0;
- else ((struct sockaddr_in*)&pi->addr)->sin_port = 0;
- if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) {
-#ifndef USE_WINSOCK
- log_err("outgoing tcp: bind: %s", strerror(errno));
- close(s);
-#else
- log_err("outgoing tcp: bind: %s",
- wsa_strerror(WSAGetLastError()));
- closesocket(s);
-#endif
- return 0;
- }
- log_addr(VERB_ALGO, "tcp bound to src", &pi->addr, pi->addrlen);
- return 1;
-}
-
-/** use next free buffer to service a tcp query */
-static int
-outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
-{
- struct pending_tcp* pend = w->outnet->tcp_free;
- int s;
- log_assert(pend);
- log_assert(pkt);
- log_assert(w->addrlen > 0);
- /* open socket */
-#ifdef INET6
- if(addr_is_ip6(&w->addr, w->addrlen))
- s = socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP);
- else
-#endif
- s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
- if(s == -1) {
-#ifndef USE_WINSOCK
- log_err_addr("outgoing tcp: socket", strerror(errno),
- &w->addr, w->addrlen);
-#else
- log_err_addr("outgoing tcp: socket",
- wsa_strerror(WSAGetLastError()), &w->addr, w->addrlen);
-#endif
- return 0;
- }
-
- if (w->outnet->tcp_mss > 0) {
-#if defined(IPPROTO_TCP) && defined(TCP_MAXSEG)
- if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG,
- (void*)&w->outnet->tcp_mss,
- (socklen_t)sizeof(w->outnet->tcp_mss)) < 0) {
- verbose(VERB_ALGO, "outgoing tcp:"
- " setsockopt(.. SO_REUSEADDR ..) failed");
- }
-#else
- verbose(VERB_ALGO, "outgoing tcp:"
- " setsockopt(TCP_MAXSEG) unsupported");
-#endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */
- }
-
- if(!pick_outgoing_tcp(w, s))
- return 0;
-
- fd_set_nonblock(s);
-#ifdef USE_OSX_MSG_FASTOPEN
- /* API for fast open is different here. We use a connectx() function and
- then writes can happen as normal even using SSL.*/
- /* connectx requires that the len be set in the sockaddr struct*/
- struct sockaddr_in *addr_in = (struct sockaddr_in *)&w->addr;
- addr_in->sin_len = w->addrlen;
- sa_endpoints_t endpoints;
- endpoints.sae_srcif = 0;
- endpoints.sae_srcaddr = NULL;
- endpoints.sae_srcaddrlen = 0;
- endpoints.sae_dstaddr = (struct sockaddr *)&w->addr;
- endpoints.sae_dstaddrlen = w->addrlen;
- if (connectx(s, &endpoints, SAE_ASSOCID_ANY,
- CONNECT_DATA_IDEMPOTENT | CONNECT_RESUME_ON_READ_WRITE,
- NULL, 0, NULL, NULL) == -1) {
-#else /* USE_OSX_MSG_FASTOPEN*/
-#ifdef USE_MSG_FASTOPEN
- pend->c->tcp_do_fastopen = 1;
- /* Only do TFO for TCP in which case no connect() is required here.
- Don't combine client TFO with SSL, since OpenSSL can't
- currently support doing a handshake on fd that already isn't connected*/
- if (w->outnet->sslctx && w->ssl_upstream) {
- if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) {
-#else /* USE_MSG_FASTOPEN*/
- if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) {
-#endif /* USE_MSG_FASTOPEN*/
-#endif /* USE_OSX_MSG_FASTOPEN*/
-#ifndef USE_WINSOCK
-#ifdef EINPROGRESS
- if(errno != EINPROGRESS) {
-#else
- if(1) {
-#endif
- if(tcp_connect_errno_needs_log(
- (struct sockaddr*)&w->addr, w->addrlen))
- log_err_addr("outgoing tcp: connect",
- strerror(errno), &w->addr, w->addrlen);
- close(s);
-#else /* USE_WINSOCK */
- if(WSAGetLastError() != WSAEINPROGRESS &&
- WSAGetLastError() != WSAEWOULDBLOCK) {
- closesocket(s);
-#endif
- return 0;
- }
- }
-#ifdef USE_MSG_FASTOPEN
- }
-#endif /* USE_MSG_FASTOPEN */
- if(w->outnet->sslctx && w->ssl_upstream) {
- pend->c->ssl = outgoing_ssl_fd(w->outnet->sslctx, s);
- if(!pend->c->ssl) {
- pend->c->fd = s;
- comm_point_close(pend->c);
- return 0;
- }
-#ifdef USE_WINSOCK
- comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl);
-#endif
- pend->c->ssl_shake_state = comm_ssl_shake_write;
- }
- w->pkt = NULL;
- w->next_waiting = (void*)pend;
- pend->id = LDNS_ID_WIRE(pkt);
- w->outnet->num_tcp_outgoing++;
- w->outnet->tcp_free = pend->next_free;
- pend->next_free = NULL;
- pend->query = w;
- pend->c->repinfo.addrlen = w->addrlen;
- memcpy(&pend->c->repinfo.addr, &w->addr, w->addrlen);
- sldns_buffer_clear(pend->c->buffer);
- sldns_buffer_write(pend->c->buffer, pkt, pkt_len);
- sldns_buffer_flip(pend->c->buffer);
- pend->c->tcp_is_reading = 0;
- pend->c->tcp_byte_count = 0;
- comm_point_start_listening(pend->c, s, -1);
- return 1;
-}
-
-/** see if buffers can be used to service TCP queries */
-static void
-use_free_buffer(struct outside_network* outnet)
-{
- struct waiting_tcp* w;
- while(outnet->tcp_free && outnet->tcp_wait_first
- && !outnet->want_to_quit) {
- w = outnet->tcp_wait_first;
- outnet->tcp_wait_first = w->next_waiting;
- if(outnet->tcp_wait_last == w)
- outnet->tcp_wait_last = NULL;
- if(!outnet_tcp_take_into_use(w, w->pkt, w->pkt_len)) {
- comm_point_callback_type* cb = w->cb;
- void* cb_arg = w->cb_arg;
- waiting_tcp_delete(w);
- fptr_ok(fptr_whitelist_pending_tcp(cb));
- (void)(*cb)(NULL, cb_arg, NETEVENT_CLOSED, NULL);
- }
- }
-}
-
-/** decomission a tcp buffer, closes commpoint and frees waiting_tcp entry */
-static void
-decomission_pending_tcp(struct outside_network* outnet,
- struct pending_tcp* pend)
-{
- if(pend->c->ssl) {
-#ifdef HAVE_SSL
- SSL_shutdown(pend->c->ssl);
- SSL_free(pend->c->ssl);
- pend->c->ssl = NULL;
-#endif
- }
- comm_point_close(pend->c);
- pend->next_free = outnet->tcp_free;
- outnet->tcp_free = pend;
- waiting_tcp_delete(pend->query);
- pend->query = NULL;
- use_free_buffer(outnet);
-}
-
-int
-outnet_tcp_cb(struct comm_point* c, void* arg, int error,
- struct comm_reply *reply_info)
-{
- struct pending_tcp* pend = (struct pending_tcp*)arg;
- struct outside_network* outnet = pend->query->outnet;
- verbose(VERB_ALGO, "outnettcp cb");
- if(error != NETEVENT_NOERROR) {
- verbose(VERB_QUERY, "outnettcp got tcp error %d", error);
- /* pass error below and exit */
- } else {
- /* check ID */
- if(sldns_buffer_limit(c->buffer) < sizeof(uint16_t) ||
- LDNS_ID_WIRE(sldns_buffer_begin(c->buffer))!=pend->id) {
- log_addr(VERB_QUERY,
- "outnettcp: bad ID in reply, from:",
- &pend->query->addr, pend->query->addrlen);
- error = NETEVENT_CLOSED;
- }
- }
- fptr_ok(fptr_whitelist_pending_tcp(pend->query->cb));
- (void)(*pend->query->cb)(c, pend->query->cb_arg, error, reply_info);
- decomission_pending_tcp(outnet, pend);
- return 0;
-}
-
-/** lower use count on pc, see if it can be closed */
-static void
-portcomm_loweruse(struct outside_network* outnet, struct port_comm* pc)
-{
- struct port_if* pif;
- pc->num_outstanding--;
- if(pc->num_outstanding > 0) {
- return;
- }
- /* close it and replace in unused list */
- verbose(VERB_ALGO, "close of port %d", pc->number);
- comm_point_close(pc->cp);
- pif = pc->pif;
- log_assert(pif->inuse > 0);
- pif->avail_ports[pif->avail_total - pif->inuse] = pc->number;
- pif->inuse--;
- pif->out[pc->index] = pif->out[pif->inuse];
- pif->out[pc->index]->index = pc->index;
- pc->next = outnet->unused_fds;
- outnet->unused_fds = pc;
-}
-
-/** try to send waiting UDP queries */
-static void
-outnet_send_wait_udp(struct outside_network* outnet)
-{
- struct pending* pend;
- /* process waiting queries */
- while(outnet->udp_wait_first && outnet->unused_fds
- && !outnet->want_to_quit) {
- pend = outnet->udp_wait_first;
- outnet->udp_wait_first = pend->next_waiting;
- if(!pend->next_waiting) outnet->udp_wait_last = NULL;
- sldns_buffer_clear(outnet->udp_buff);
- sldns_buffer_write(outnet->udp_buff, pend->pkt, pend->pkt_len);
- sldns_buffer_flip(outnet->udp_buff);
- free(pend->pkt); /* freeing now makes get_mem correct */
- pend->pkt = NULL;
- pend->pkt_len = 0;
- if(!randomize_and_send_udp(pend, outnet->udp_buff,
- pend->timeout)) {
- /* callback error on pending */
- if(pend->cb) {
- fptr_ok(fptr_whitelist_pending_udp(pend->cb));
- (void)(*pend->cb)(outnet->unused_fds->cp, pend->cb_arg,
- NETEVENT_CLOSED, NULL);
- }
- pending_delete(outnet, pend);
- }
- }
-}
-
-int
-outnet_udp_cb(struct comm_point* c, void* arg, int error,
- struct comm_reply *reply_info)
-{
- struct outside_network* outnet = (struct outside_network*)arg;
- struct pending key;
- struct pending* p;
- verbose(VERB_ALGO, "answer cb");
-
- if(error != NETEVENT_NOERROR) {
- verbose(VERB_QUERY, "outnetudp got udp error %d", error);
- return 0;
- }
- if(sldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE) {
- verbose(VERB_QUERY, "outnetudp udp too short");
- return 0;
- }
- log_assert(reply_info);
-
- /* setup lookup key */
- key.id = (unsigned)LDNS_ID_WIRE(sldns_buffer_begin(c->buffer));
- memcpy(&key.addr, &reply_info->addr, reply_info->addrlen);
- key.addrlen = reply_info->addrlen;
- verbose(VERB_ALGO, "Incoming reply id = %4.4x", key.id);
- log_addr(VERB_ALGO, "Incoming reply addr =",
- &reply_info->addr, reply_info->addrlen);
-
- /* find it, see if this thing is a valid query response */
- verbose(VERB_ALGO, "lookup size is %d entries", (int)outnet->pending->count);
- p = (struct pending*)rbtree_search(outnet->pending, &key);
- if(!p) {
- verbose(VERB_QUERY, "received unwanted or unsolicited udp reply dropped.");
- log_buf(VERB_ALGO, "dropped message", c->buffer);
- outnet->unwanted_replies++;
- if(outnet->unwanted_threshold && ++outnet->unwanted_total
- >= outnet->unwanted_threshold) {
- log_warn("unwanted reply total reached threshold (%u)"
- " you may be under attack."
- " defensive action: clearing the cache",
- (unsigned)outnet->unwanted_threshold);
- fptr_ok(fptr_whitelist_alloc_cleanup(
- outnet->unwanted_action));
- (*outnet->unwanted_action)(outnet->unwanted_param);
- outnet->unwanted_total = 0;
- }
- return 0;
- }
-
- verbose(VERB_ALGO, "received udp reply.");
- log_buf(VERB_ALGO, "udp message", c->buffer);
- if(p->pc->cp != c) {
- verbose(VERB_QUERY, "received reply id,addr on wrong port. "
- "dropped.");
- outnet->unwanted_replies++;
- if(outnet->unwanted_threshold && ++outnet->unwanted_total
- >= outnet->unwanted_threshold) {
- log_warn("unwanted reply total reached threshold (%u)"
- " you may be under attack."
- " defensive action: clearing the cache",
- (unsigned)outnet->unwanted_threshold);
- fptr_ok(fptr_whitelist_alloc_cleanup(
- outnet->unwanted_action));
- (*outnet->unwanted_action)(outnet->unwanted_param);
- outnet->unwanted_total = 0;
- }
- return 0;
- }
- comm_timer_disable(p->timer);
- verbose(VERB_ALGO, "outnet handle udp reply");
- /* delete from tree first in case callback creates a retry */
- (void)rbtree_delete(outnet->pending, p->node.key);
- if(p->cb) {
- fptr_ok(fptr_whitelist_pending_udp(p->cb));
- (void)(*p->cb)(p->pc->cp, p->cb_arg, NETEVENT_NOERROR, reply_info);
- }
- portcomm_loweruse(outnet, p->pc);
- pending_delete(NULL, p);
- outnet_send_wait_udp(outnet);
- return 0;
-}
-
-/** calculate number of ip4 and ip6 interfaces*/
-static void
-calc_num46(char** ifs, int num_ifs, int do_ip4, int do_ip6,
- int* num_ip4, int* num_ip6)
-{
- int i;
- *num_ip4 = 0;
- *num_ip6 = 0;
- if(num_ifs <= 0) {
- if(do_ip4)
- *num_ip4 = 1;
- if(do_ip6)
- *num_ip6 = 1;
- return;
- }
- for(i=0; i<num_ifs; i++)
- {
- if(str_is_ip6(ifs[i])) {
- if(do_ip6)
- (*num_ip6)++;
- } else {
- if(do_ip4)
- (*num_ip4)++;
- }
- }
-
-}
-
-void
-pending_udp_timer_delay_cb(void* arg)
-{
- struct pending* p = (struct pending*)arg;
- struct outside_network* outnet = p->outnet;
- verbose(VERB_ALGO, "timeout udp with delay");
- portcomm_loweruse(outnet, p->pc);
- pending_delete(outnet, p);
- outnet_send_wait_udp(outnet);
-}
-
-void
-pending_udp_timer_cb(void *arg)
-{
- struct pending* p = (struct pending*)arg;
- struct outside_network* outnet = p->outnet;
- /* it timed out */
- verbose(VERB_ALGO, "timeout udp");
- if(p->cb) {
- fptr_ok(fptr_whitelist_pending_udp(p->cb));
- (void)(*p->cb)(p->pc->cp, p->cb_arg, NETEVENT_TIMEOUT, NULL);
- }
- /* if delayclose, keep port open for a longer time.
- * But if the udpwaitlist exists, then we are struggling to
- * keep up with demand for sockets, so do not wait, but service
- * the customer (customer service more important than portICMPs) */
- if(outnet->delayclose && !outnet->udp_wait_first) {
- p->cb = NULL;
- p->timer->callback = &pending_udp_timer_delay_cb;
- comm_timer_set(p->timer, &outnet->delay_tv);
- return;
- }
- portcomm_loweruse(outnet, p->pc);
- pending_delete(outnet, p);
- outnet_send_wait_udp(outnet);
-}
-
-/** create pending_tcp buffers */
-static int
-create_pending_tcp(struct outside_network* outnet, size_t bufsize)
-{
- size_t i;
- if(outnet->num_tcp == 0)
- return 1; /* no tcp needed, nothing to do */
- if(!(outnet->tcp_conns = (struct pending_tcp **)calloc(
- outnet->num_tcp, sizeof(struct pending_tcp*))))
- return 0;
- for(i=0; i<outnet->num_tcp; i++) {
- if(!(outnet->tcp_conns[i] = (struct pending_tcp*)calloc(1,
- sizeof(struct pending_tcp))))
- return 0;
- outnet->tcp_conns[i]->next_free = outnet->tcp_free;
- outnet->tcp_free = outnet->tcp_conns[i];
- outnet->tcp_conns[i]->c = comm_point_create_tcp_out(
- outnet->base, bufsize, outnet_tcp_cb,
- outnet->tcp_conns[i]);
- if(!outnet->tcp_conns[i]->c)
- return 0;
- }
- return 1;
-}
-
-/** setup an outgoing interface, ready address */
-static int setup_if(struct port_if* pif, const char* addrstr,
- int* avail, int numavail, size_t numfd)
-{
- pif->avail_total = numavail;
- pif->avail_ports = (int*)memdup(avail, (size_t)numavail*sizeof(int));
- if(!pif->avail_ports)
- return 0;
- if(!ipstrtoaddr(addrstr, UNBOUND_DNS_PORT, &pif->addr, &pif->addrlen) &&
- !netblockstrtoaddr(addrstr, UNBOUND_DNS_PORT,
- &pif->addr, &pif->addrlen, &pif->pfxlen))
- return 0;
- pif->maxout = (int)numfd;
- pif->inuse = 0;
- pif->out = (struct port_comm**)calloc(numfd,
- sizeof(struct port_comm*));
- if(!pif->out)
- return 0;
- return 1;
-}
-
-struct outside_network*
-outside_network_create(struct comm_base *base, size_t bufsize,
- size_t num_ports, char** ifs, int num_ifs, int do_ip4,
- int do_ip6, size_t num_tcp, struct infra_cache* infra,
- struct ub_randstate* rnd, int use_caps_for_id, int* availports,
- int numavailports, size_t unwanted_threshold, int tcp_mss,
- void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
- void* sslctx, int delayclose, struct dt_env* dtenv)
-{
- struct outside_network* outnet = (struct outside_network*)
- calloc(1, sizeof(struct outside_network));
- size_t k;
- if(!outnet) {
- log_err("malloc failed");
- return NULL;
- }
- comm_base_timept(base, &outnet->now_secs, &outnet->now_tv);
- outnet->base = base;
- outnet->num_tcp = num_tcp;
- outnet->num_tcp_outgoing = 0;
- outnet->infra = infra;
- outnet->rnd = rnd;
- outnet->sslctx = sslctx;
-#ifdef USE_DNSTAP
- outnet->dtenv = dtenv;
-#else
- (void)dtenv;
-#endif
- outnet->svcd_overhead = 0;
- outnet->want_to_quit = 0;
- outnet->unwanted_threshold = unwanted_threshold;
- outnet->unwanted_action = unwanted_action;
- outnet->unwanted_param = unwanted_param;
- outnet->use_caps_for_id = use_caps_for_id;
- outnet->do_udp = do_udp;
- outnet->tcp_mss = tcp_mss;
-#ifndef S_SPLINT_S
- if(delayclose) {
- outnet->delayclose = 1;
- outnet->delay_tv.tv_sec = delayclose/1000;
- outnet->delay_tv.tv_usec = (delayclose%1000)*1000;
- }
-#endif
- if(numavailports == 0) {
- log_err("no outgoing ports available");
- outside_network_delete(outnet);
- return NULL;
- }
-#ifndef INET6
- do_ip6 = 0;
-#endif
- calc_num46(ifs, num_ifs, do_ip4, do_ip6,
- &outnet->num_ip4, &outnet->num_ip6);
- if(outnet->num_ip4 != 0) {
- if(!(outnet->ip4_ifs = (struct port_if*)calloc(
- (size_t)outnet->num_ip4, sizeof(struct port_if)))) {
- log_err("malloc failed");
- outside_network_delete(outnet);
- return NULL;
- }
- }
- if(outnet->num_ip6 != 0) {
- if(!(outnet->ip6_ifs = (struct port_if*)calloc(
- (size_t)outnet->num_ip6, sizeof(struct port_if)))) {
- log_err("malloc failed");
- outside_network_delete(outnet);
- return NULL;
- }
- }
- if( !(outnet->udp_buff = sldns_buffer_new(bufsize)) ||
- !(outnet->pending = rbtree_create(pending_cmp)) ||
- !(outnet->serviced = rbtree_create(serviced_cmp)) ||
- !create_pending_tcp(outnet, bufsize)) {
- log_err("malloc failed");
- outside_network_delete(outnet);
- return NULL;
- }
-
- /* allocate commpoints */
- for(k=0; k<num_ports; k++) {
- struct port_comm* pc;
- pc = (struct port_comm*)calloc(1, sizeof(*pc));
- if(!pc) {
- log_err("malloc failed");
- outside_network_delete(outnet);
- return NULL;
- }
- pc->cp = comm_point_create_udp(outnet->base, -1,
- outnet->udp_buff, outnet_udp_cb, outnet);
- if(!pc->cp) {
- log_err("malloc failed");
- free(pc);
- outside_network_delete(outnet);
- return NULL;
- }
- pc->next = outnet->unused_fds;
- outnet->unused_fds = pc;
- }
-
- /* allocate interfaces */
- if(num_ifs == 0) {
- if(do_ip4 && !setup_if(&outnet->ip4_ifs[0], "0.0.0.0",
- availports, numavailports, num_ports)) {
- log_err("malloc failed");
- outside_network_delete(outnet);
- return NULL;
- }
- if(do_ip6 && !setup_if(&outnet->ip6_ifs[0], "::",
- availports, numavailports, num_ports)) {
- log_err("malloc failed");
- outside_network_delete(outnet);
- return NULL;
- }
- } else {
- size_t done_4 = 0, done_6 = 0;
- int i;
- for(i=0; i<num_ifs; i++) {
- if(str_is_ip6(ifs[i]) && do_ip6) {
- if(!setup_if(&outnet->ip6_ifs[done_6], ifs[i],
- availports, numavailports, num_ports)){
- log_err("malloc failed");
- outside_network_delete(outnet);
- return NULL;
- }
- done_6++;
- }
- if(!str_is_ip6(ifs[i]) && do_ip4) {
- if(!setup_if(&outnet->ip4_ifs[done_4], ifs[i],
- availports, numavailports, num_ports)){
- log_err("malloc failed");
- outside_network_delete(outnet);
- return NULL;
- }
- done_4++;
- }
- }
- }
- return outnet;
-}
-
-/** helper pending delete */
-static void
-pending_node_del(rbnode_type* node, void* arg)
-{
- struct pending* pend = (struct pending*)node;
- struct outside_network* outnet = (struct outside_network*)arg;
- pending_delete(outnet, pend);
-}
-
-/** helper serviced delete */
-static void
-serviced_node_del(rbnode_type* node, void* ATTR_UNUSED(arg))
-{
- struct serviced_query* sq = (struct serviced_query*)node;
- struct service_callback* p = sq->cblist, *np;
- free(sq->qbuf);
- free(sq->zone);
- edns_opt_list_free(sq->opt_list);
- while(p) {
- np = p->next;
- free(p);
- p = np;
- }
- free(sq);
-}
-
-void
-outside_network_quit_prepare(struct outside_network* outnet)
-{
- if(!outnet)
- return;
- /* prevent queued items from being sent */
- outnet->want_to_quit = 1;
-}
-
-void
-outside_network_delete(struct outside_network* outnet)
-{
- if(!outnet)
- return;
- outnet->want_to_quit = 1;
- /* check every element, since we can be called on malloc error */
- if(outnet->pending) {
- /* free pending elements, but do no unlink from tree. */
- traverse_postorder(outnet->pending, pending_node_del, NULL);
- free(outnet->pending);
- }
- if(outnet->serviced) {
- traverse_postorder(outnet->serviced, serviced_node_del, NULL);
- free(outnet->serviced);
- }
- if(outnet->udp_buff)
- sldns_buffer_free(outnet->udp_buff);
- if(outnet->unused_fds) {
- struct port_comm* p = outnet->unused_fds, *np;
- while(p) {
- np = p->next;
- comm_point_delete(p->cp);
- free(p);
- p = np;
- }
- outnet->unused_fds = NULL;
- }
- if(outnet->ip4_ifs) {
- int i, k;
- for(i=0; i<outnet->num_ip4; i++) {
- for(k=0; k<outnet->ip4_ifs[i].inuse; k++) {
- struct port_comm* pc = outnet->ip4_ifs[i].
- out[k];
- comm_point_delete(pc->cp);
- free(pc);
- }
- free(outnet->ip4_ifs[i].avail_ports);
- free(outnet->ip4_ifs[i].out);
- }
- free(outnet->ip4_ifs);
- }
- if(outnet->ip6_ifs) {
- int i, k;
- for(i=0; i<outnet->num_ip6; i++) {
- for(k=0; k<outnet->ip6_ifs[i].inuse; k++) {
- struct port_comm* pc = outnet->ip6_ifs[i].
- out[k];
- comm_point_delete(pc->cp);
- free(pc);
- }
- free(outnet->ip6_ifs[i].avail_ports);
- free(outnet->ip6_ifs[i].out);
- }
- free(outnet->ip6_ifs);
- }
- if(outnet->tcp_conns) {
- size_t i;
- for(i=0; i<outnet->num_tcp; i++)
- if(outnet->tcp_conns[i]) {
- comm_point_delete(outnet->tcp_conns[i]->c);
- waiting_tcp_delete(outnet->tcp_conns[i]->query);
- free(outnet->tcp_conns[i]);
- }
- free(outnet->tcp_conns);
- }
- if(outnet->tcp_wait_first) {
- struct waiting_tcp* p = outnet->tcp_wait_first, *np;
- while(p) {
- np = p->next_waiting;
- waiting_tcp_delete(p);
- p = np;
- }
- }
- if(outnet->udp_wait_first) {
- struct pending* p = outnet->udp_wait_first, *np;
- while(p) {
- np = p->next_waiting;
- pending_delete(NULL, p);
- p = np;
- }
- }
- free(outnet);
-}
-
-void
-pending_delete(struct outside_network* outnet, struct pending* p)
-{
- if(!p)
- return;
- if(outnet && outnet->udp_wait_first &&
- (p->next_waiting || p == outnet->udp_wait_last) ) {
- /* delete from waiting list, if it is in the waiting list */
- struct pending* prev = NULL, *x = outnet->udp_wait_first;
- while(x && x != p) {
- prev = x;
- x = x->next_waiting;
- }
- if(x) {
- log_assert(x == p);
- if(prev)
- prev->next_waiting = p->next_waiting;
- else outnet->udp_wait_first = p->next_waiting;
- if(outnet->udp_wait_last == p)
- outnet->udp_wait_last = prev;
- }
- }
- if(outnet) {
- (void)rbtree_delete(outnet->pending, p->node.key);
- }
- if(p->timer)
- comm_timer_delete(p->timer);
- free(p->pkt);
- free(p);
-}
-
-static void
-sai6_putrandom(struct sockaddr_in6 *sa, int pfxlen, struct ub_randstate *rnd)
-{
- int i, last;
- if(!(pfxlen > 0 && pfxlen < 128))
- return;
- for(i = 0; i < (128 - pfxlen) / 8; i++) {
- sa->sin6_addr.s6_addr[15-i] = (uint8_t)ub_random_max(rnd, 256);
- }
- last = pfxlen & 7;
- if(last != 0) {
- sa->sin6_addr.s6_addr[15-i] |=
- ((0xFF >> last) & ub_random_max(rnd, 256));
- }
-}
-
-/**
- * Try to open a UDP socket for outgoing communication.
- * Sets sockets options as needed.
- * @param addr: socket address.
- * @param addrlen: length of address.
- * @param pfxlen: length of network prefix (for address randomisation).
- * @param port: port override for addr.
- * @param inuse: if -1 is returned, this bool means the port was in use.
- * @param rnd: random state (for address randomisation).
- * @return fd or -1
- */
-static int
-udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int pfxlen,
- int port, int* inuse, struct ub_randstate* rnd)
-{
- int fd, noproto;
- if(addr_is_ip6(addr, addrlen)) {
- int freebind = 0;
- struct sockaddr_in6 sa = *(struct sockaddr_in6*)addr;
- sa.sin6_port = (in_port_t)htons((uint16_t)port);
- if(pfxlen != 0) {
- freebind = 1;
- sai6_putrandom(&sa, pfxlen, rnd);
- }
- fd = create_udp_sock(AF_INET6, SOCK_DGRAM,
- (struct sockaddr*)&sa, addrlen, 1, inuse, &noproto,
- 0, 0, 0, NULL, 0, freebind, 0);
- } else {
- struct sockaddr_in* sa = (struct sockaddr_in*)addr;
- sa->sin_port = (in_port_t)htons((uint16_t)port);
- fd = create_udp_sock(AF_INET, SOCK_DGRAM,
- (struct sockaddr*)addr, addrlen, 1, inuse, &noproto,
- 0, 0, 0, NULL, 0, 0, 0);
- }
- return fd;
-}
-
-/** Select random ID */
-static int
-select_id(struct outside_network* outnet, struct pending* pend,
- sldns_buffer* packet)
-{
- int id_tries = 0;
- pend->id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff;
- LDNS_ID_SET(sldns_buffer_begin(packet), pend->id);
-
- /* insert in tree */
- pend->node.key = pend;
- while(!rbtree_insert(outnet->pending, &pend->node)) {
- /* change ID to avoid collision */
- pend->id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff;
- LDNS_ID_SET(sldns_buffer_begin(packet), pend->id);
- id_tries++;
- if(id_tries == MAX_ID_RETRY) {
- pend->id=99999; /* non existant ID */
- log_err("failed to generate unique ID, drop msg");
- return 0;
- }
- }
- verbose(VERB_ALGO, "inserted new pending reply id=%4.4x", pend->id);
- return 1;
-}
-
-/** Select random interface and port */
-static int
-select_ifport(struct outside_network* outnet, struct pending* pend,
- int num_if, struct port_if* ifs)
-{
- int my_if, my_port, fd, portno, inuse, tries=0;
- struct port_if* pif;
- /* randomly select interface and port */
- if(num_if == 0) {
- verbose(VERB_QUERY, "Need to send query but have no "
- "outgoing interfaces of that family");
- return 0;
- }
- log_assert(outnet->unused_fds);
- tries = 0;
- while(1) {
- my_if = ub_random_max(outnet->rnd, num_if);
- pif = &ifs[my_if];
- my_port = ub_random_max(outnet->rnd, pif->avail_total);
- if(my_port < pif->inuse) {
- /* port already open */
- pend->pc = pif->out[my_port];
- verbose(VERB_ALGO, "using UDP if=%d port=%d",
- my_if, pend->pc->number);
- break;
- }
- /* try to open new port, if fails, loop to try again */
- log_assert(pif->inuse < pif->maxout);
- portno = pif->avail_ports[my_port - pif->inuse];
- fd = udp_sockport(&pif->addr, pif->addrlen, pif->pfxlen,
- portno, &inuse, outnet->rnd);
- if(fd == -1 && !inuse) {
- /* nonrecoverable error making socket */
- return 0;
- }
- if(fd != -1) {
- verbose(VERB_ALGO, "opened UDP if=%d port=%d",
- my_if, portno);
- /* grab fd */
- pend->pc = outnet->unused_fds;
- outnet->unused_fds = pend->pc->next;
-
- /* setup portcomm */
- pend->pc->next = NULL;
- pend->pc->number = portno;
- pend->pc->pif = pif;
- pend->pc->index = pif->inuse;
- pend->pc->num_outstanding = 0;
- comm_point_start_listening(pend->pc->cp, fd, -1);
-
- /* grab port in interface */
- pif->out[pif->inuse] = pend->pc;
- pif->avail_ports[my_port - pif->inuse] =
- pif->avail_ports[pif->avail_total-pif->inuse-1];
- pif->inuse++;
- break;
- }
- /* failed, already in use */
- verbose(VERB_QUERY, "port %d in use, trying another", portno);
- tries++;
- if(tries == MAX_PORT_RETRY) {
- log_err("failed to find an open port, drop msg");
- return 0;
- }
- }
- log_assert(pend->pc);
- pend->pc->num_outstanding++;
-
- return 1;
-}
-
-static int
-randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout)
-{
- struct timeval tv;
- struct outside_network* outnet = pend->sq->outnet;
-
- /* select id */
- if(!select_id(outnet, pend, packet)) {
- return 0;
- }
-
- /* select src_if, port */
- if(addr_is_ip6(&pend->addr, pend->addrlen)) {
- if(!select_ifport(outnet, pend,
- outnet->num_ip6, outnet->ip6_ifs))
- return 0;
- } else {
- if(!select_ifport(outnet, pend,
- outnet->num_ip4, outnet->ip4_ifs))
- return 0;
- }
- log_assert(pend->pc && pend->pc->cp);
-
- /* send it over the commlink */
- if(!comm_point_send_udp_msg(pend->pc->cp, packet,
- (struct sockaddr*)&pend->addr, pend->addrlen)) {
- portcomm_loweruse(outnet, pend->pc);
- return 0;
- }
-
- /* system calls to set timeout after sending UDP to make roundtrip
- smaller. */
-#ifndef S_SPLINT_S
- tv.tv_sec = timeout/1000;
- tv.tv_usec = (timeout%1000)*1000;
-#endif
- comm_timer_set(pend->timer, &tv);
-
-#ifdef USE_DNSTAP
- if(outnet->dtenv &&
- (outnet->dtenv->log_resolver_query_messages ||
- outnet->dtenv->log_forwarder_query_messages))
- dt_msg_send_outside_query(outnet->dtenv, &pend->addr, comm_udp,
- pend->sq->zone, pend->sq->zonelen, packet);
-#endif
- return 1;
-}
-
-struct pending*
-pending_udp_query(struct serviced_query* sq, struct sldns_buffer* packet,
- int timeout, comm_point_callback_type* cb, void* cb_arg)
-{
- struct pending* pend = (struct pending*)calloc(1, sizeof(*pend));
- if(!pend) return NULL;
- pend->outnet = sq->outnet;
- pend->sq = sq;
- pend->addrlen = sq->addrlen;
- memmove(&pend->addr, &sq->addr, sq->addrlen);
- pend->cb = cb;
- pend->cb_arg = cb_arg;
- pend->node.key = pend;
- pend->timer = comm_timer_create(sq->outnet->base, pending_udp_timer_cb,
- pend);
- if(!pend->timer) {
- free(pend);
- return NULL;
- }
-
- if(sq->outnet->unused_fds == NULL) {
- /* no unused fd, cannot create a new port (randomly) */
- verbose(VERB_ALGO, "no fds available, udp query waiting");
- pend->timeout = timeout;
- pend->pkt_len = sldns_buffer_limit(packet);
- pend->pkt = (uint8_t*)memdup(sldns_buffer_begin(packet),
- pend->pkt_len);
- if(!pend->pkt) {
- comm_timer_delete(pend->timer);
- free(pend);
- return NULL;
- }
- /* put at end of waiting list */
- if(sq->outnet->udp_wait_last)
- sq->outnet->udp_wait_last->next_waiting = pend;
- else
- sq->outnet->udp_wait_first = pend;
- sq->outnet->udp_wait_last = pend;
- return pend;
- }
- if(!randomize_and_send_udp(pend, packet, timeout)) {
- pending_delete(sq->outnet, pend);
- return NULL;
- }
- return pend;
-}
-
-void
-outnet_tcptimer(void* arg)
-{
- struct waiting_tcp* w = (struct waiting_tcp*)arg;
- struct outside_network* outnet = w->outnet;
- comm_point_callback_type* cb;
- void* cb_arg;
- if(w->pkt) {
- /* it is on the waiting list */
- waiting_list_remove(outnet, w);
- } else {
- /* it was in use */
- struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting;
- comm_point_close(pend->c);
- pend->query = NULL;
- pend->next_free = outnet->tcp_free;
- outnet->tcp_free = pend;
- }
- cb = w->cb;
- cb_arg = w->cb_arg;
- waiting_tcp_delete(w);
- fptr_ok(fptr_whitelist_pending_tcp(cb));
- (void)(*cb)(NULL, cb_arg, NETEVENT_TIMEOUT, NULL);
- use_free_buffer(outnet);
-}
-
-struct waiting_tcp*
-pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
- int timeout, comm_point_callback_type* callback, void* callback_arg)
-{
- struct pending_tcp* pend = sq->outnet->tcp_free;
- struct waiting_tcp* w;
- struct timeval tv;
- uint16_t id;
- /* if no buffer is free allocate space to store query */
- w = (struct waiting_tcp*)malloc(sizeof(struct waiting_tcp)
- + (pend?0:sldns_buffer_limit(packet)));
- if(!w) {
- return NULL;
- }
- if(!(w->timer = comm_timer_create(sq->outnet->base, outnet_tcptimer, w))) {
- free(w);
- return NULL;
- }
- w->pkt = NULL;
- w->pkt_len = 0;
- id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff;
- LDNS_ID_SET(sldns_buffer_begin(packet), id);
- memcpy(&w->addr, &sq->addr, sq->addrlen);
- w->addrlen = sq->addrlen;
- w->outnet = sq->outnet;
- w->cb = callback;
- w->cb_arg = callback_arg;
- w->ssl_upstream = sq->ssl_upstream;
-#ifndef S_SPLINT_S
- tv.tv_sec = timeout;
- tv.tv_usec = 0;
-#endif
- comm_timer_set(w->timer, &tv);
- if(pend) {
- /* we have a buffer available right now */
- if(!outnet_tcp_take_into_use(w, sldns_buffer_begin(packet),
- sldns_buffer_limit(packet))) {
- waiting_tcp_delete(w);
- return NULL;
- }
-#ifdef USE_DNSTAP
- if(sq->outnet->dtenv &&
- (sq->outnet->dtenv->log_resolver_query_messages ||
- sq->outnet->dtenv->log_forwarder_query_messages))
- dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr,
- comm_tcp, sq->zone, sq->zonelen, packet);
-#endif
- } else {
- /* queue up */
- w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp);
- w->pkt_len = sldns_buffer_limit(packet);
- memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len);
- w->next_waiting = NULL;
- if(sq->outnet->tcp_wait_last)
- sq->outnet->tcp_wait_last->next_waiting = w;
- else sq->outnet->tcp_wait_first = w;
- sq->outnet->tcp_wait_last = w;
- }
- return w;
-}
-
-/** create query for serviced queries */
-static void
-serviced_gen_query(sldns_buffer* buff, uint8_t* qname, size_t qnamelen,
- uint16_t qtype, uint16_t qclass, uint16_t flags)
-{
- sldns_buffer_clear(buff);
- /* skip id */
- sldns_buffer_write_u16(buff, flags);
- sldns_buffer_write_u16(buff, 1); /* qdcount */
- sldns_buffer_write_u16(buff, 0); /* ancount */
- sldns_buffer_write_u16(buff, 0); /* nscount */
- sldns_buffer_write_u16(buff, 0); /* arcount */
- sldns_buffer_write(buff, qname, qnamelen);
- sldns_buffer_write_u16(buff, qtype);
- sldns_buffer_write_u16(buff, qclass);
- sldns_buffer_flip(buff);
-}
-
-/** lookup serviced query in serviced query rbtree */
-static struct serviced_query*
-lookup_serviced(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
- struct sockaddr_storage* addr, socklen_t addrlen,
- struct edns_option* opt_list)
-{
- struct serviced_query key;
- key.node.key = &key;
- key.qbuf = sldns_buffer_begin(buff);
- key.qbuflen = sldns_buffer_limit(buff);
- key.dnssec = dnssec;
- memcpy(&key.addr, addr, addrlen);
- key.addrlen = addrlen;
- key.outnet = outnet;
- key.opt_list = opt_list;
- return (struct serviced_query*)rbtree_search(outnet->serviced, &key);
-}
-
-/** Create new serviced entry */
-static struct serviced_query*
-serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
- int want_dnssec, int nocaps, int tcp_upstream, int ssl_upstream,
- struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
- size_t zonelen, int qtype, struct edns_option* opt_list)
-{
- struct serviced_query* sq = (struct serviced_query*)malloc(sizeof(*sq));
-#ifdef UNBOUND_DEBUG
- rbnode_type* ins;
-#endif
- if(!sq)
- return NULL;
- sq->node.key = sq;
- sq->qbuf = memdup(sldns_buffer_begin(buff), sldns_buffer_limit(buff));
- if(!sq->qbuf) {
- free(sq);
- return NULL;
- }
- sq->qbuflen = sldns_buffer_limit(buff);
- sq->zone = memdup(zone, zonelen);
- if(!sq->zone) {
- free(sq->qbuf);
- free(sq);
- return NULL;
- }
- sq->zonelen = zonelen;
- sq->qtype = qtype;
- sq->dnssec = dnssec;
- sq->want_dnssec = want_dnssec;
- sq->nocaps = nocaps;
- sq->tcp_upstream = tcp_upstream;
- sq->ssl_upstream = ssl_upstream;
- memcpy(&sq->addr, addr, addrlen);
- sq->addrlen = addrlen;
- sq->opt_list = NULL;
- if(opt_list) {
- sq->opt_list = edns_opt_copy_alloc(opt_list);
- if(!sq->opt_list) {
- free(sq->zone);
- free(sq->qbuf);
- free(sq);
- return NULL;
- }
- }
- sq->outnet = outnet;
- sq->cblist = NULL;
- sq->pending = NULL;
- sq->status = serviced_initial;
- sq->retry = 0;
- sq->to_be_deleted = 0;
-#ifdef UNBOUND_DEBUG
- ins =
-#else
- (void)
-#endif
- rbtree_insert(outnet->serviced, &sq->node);
- log_assert(ins != NULL); /* must not be already present */
- return sq;
-}
-
-/** remove waiting tcp from the outnet waiting list */
-static void
-waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w)
-{
- struct waiting_tcp* p = outnet->tcp_wait_first, *prev = NULL;
- while(p) {
- if(p == w) {
- /* remove w */
- if(prev)
- prev->next_waiting = w->next_waiting;
- else outnet->tcp_wait_first = w->next_waiting;
- if(outnet->tcp_wait_last == w)
- outnet->tcp_wait_last = prev;
- return;
- }
- prev = p;
- p = p->next_waiting;
- }
-}
-
-/** cleanup serviced query entry */
-static void
-serviced_delete(struct serviced_query* sq)
-{
- if(sq->pending) {
- /* clear up the pending query */
- if(sq->status == serviced_query_UDP_EDNS ||
- sq->status == serviced_query_UDP ||
- sq->status == serviced_query_PROBE_EDNS ||
- sq->status == serviced_query_UDP_EDNS_FRAG ||
- sq->status == serviced_query_UDP_EDNS_fallback) {
- struct pending* p = (struct pending*)sq->pending;
- if(p->pc)
- portcomm_loweruse(sq->outnet, p->pc);
- pending_delete(sq->outnet, p);
- /* this call can cause reentrant calls back into the
- * mesh */
- outnet_send_wait_udp(sq->outnet);
- } else {
- struct waiting_tcp* p = (struct waiting_tcp*)
- sq->pending;
- if(p->pkt == NULL) {
- decomission_pending_tcp(sq->outnet,
- (struct pending_tcp*)p->next_waiting);
- } else {
- waiting_list_remove(sq->outnet, p);
- waiting_tcp_delete(p);
- }
- }
- }
- /* does not delete from tree, caller has to do that */
- serviced_node_del(&sq->node, NULL);
-}
-
-/** perturb a dname capitalization randomly */
-static void
-serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len)
-{
- uint8_t lablen;
- uint8_t* d = qbuf + 10;
- long int random = 0;
- int bits = 0;
- log_assert(len >= 10 + 5 /* offset qname, root, qtype, qclass */);
- (void)len;
- lablen = *d++;
- while(lablen) {
- while(lablen--) {
- /* only perturb A-Z, a-z */
- if(isalpha((unsigned char)*d)) {
- /* get a random bit */
- if(bits == 0) {
- random = ub_random(rnd);
- bits = 30;
- }
- if(random & 0x1) {
- *d = (uint8_t)toupper((unsigned char)*d);
- } else {
- *d = (uint8_t)tolower((unsigned char)*d);
- }
- random >>= 1;
- bits--;
- }
- d++;
- }
- lablen = *d++;
- }
- if(verbosity >= VERB_ALGO) {
- char buf[LDNS_MAX_DOMAINLEN+1];
- dname_str(qbuf+10, buf);
- verbose(VERB_ALGO, "qname perturbed to %s", buf);
- }
-}
-
-/** put serviced query into a buffer */
-static void
-serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)
-{
- /* if we are using 0x20 bits for ID randomness, perturb them */
- if(sq->outnet->use_caps_for_id && !sq->nocaps) {
- serviced_perturb_qname(sq->outnet->rnd, sq->qbuf, sq->qbuflen);
- }
- /* generate query */
- sldns_buffer_clear(buff);
- sldns_buffer_write_u16(buff, 0); /* id placeholder */
- sldns_buffer_write(buff, sq->qbuf, sq->qbuflen);
- sldns_buffer_flip(buff);
- if(with_edns) {
- /* add edns section */
- struct edns_data edns;
- edns.edns_present = 1;
- edns.ext_rcode = 0;
- edns.edns_version = EDNS_ADVERTISED_VERSION;
- edns.opt_list = sq->opt_list;
- if(sq->status == serviced_query_UDP_EDNS_FRAG) {
- if(addr_is_ip6(&sq->addr, sq->addrlen)) {
- if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE)
- edns.udp_size = EDNS_FRAG_SIZE_IP6;
- else edns.udp_size = EDNS_ADVERTISED_SIZE;
- } else {
- if(EDNS_FRAG_SIZE_IP4 < EDNS_ADVERTISED_SIZE)
- edns.udp_size = EDNS_FRAG_SIZE_IP4;
- else edns.udp_size = EDNS_ADVERTISED_SIZE;
- }
- } else {
- edns.udp_size = EDNS_ADVERTISED_SIZE;
- }
- edns.bits = 0;
- if(sq->dnssec & EDNS_DO)
- edns.bits = EDNS_DO;
- if(sq->dnssec & BIT_CD)
- LDNS_CD_SET(sldns_buffer_begin(buff));
- attach_edns_record(buff, &edns);
- }
-}
-
-/**
- * Perform serviced query UDP sending operation.
- * Sends UDP with EDNS, unless infra host marked non EDNS.
- * @param sq: query to send.
- * @param buff: buffer scratch space.
- * @return 0 on error.
- */
-static int
-serviced_udp_send(struct serviced_query* sq, sldns_buffer* buff)
-{
- int rtt, vs;
- uint8_t edns_lame_known;
- time_t now = *sq->outnet->now_secs;
-
- if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone,
- sq->zonelen, now, &vs, &edns_lame_known, &rtt))
- return 0;
- sq->last_rtt = rtt;
- verbose(VERB_ALGO, "EDNS lookup known=%d vs=%d", edns_lame_known, vs);
- if(sq->status == serviced_initial) {
- if(edns_lame_known == 0 && rtt > 5000 && rtt < 10001) {
- /* perform EDNS lame probe - check if server is
- * EDNS lame (EDNS queries to it are dropped) */
- verbose(VERB_ALGO, "serviced query: send probe to see "
- " if use of EDNS causes timeouts");
- /* even 700 msec may be too small */
- rtt = 1000;
- sq->status = serviced_query_PROBE_EDNS;
- } else if(vs != -1) {
- sq->status = serviced_query_UDP_EDNS;
- } else {
- sq->status = serviced_query_UDP;
- }
- }
- serviced_encode(sq, buff, (sq->status == serviced_query_UDP_EDNS) ||
- (sq->status == serviced_query_UDP_EDNS_FRAG));
- sq->last_sent_time = *sq->outnet->now_tv;
- sq->edns_lame_known = (int)edns_lame_known;
- verbose(VERB_ALGO, "serviced query UDP timeout=%d msec", rtt);
- sq->pending = pending_udp_query(sq, buff, rtt,
- serviced_udp_callback, sq);
- if(!sq->pending)
- return 0;
- return 1;
-}
-
-/** check that perturbed qname is identical */
-static int
-serviced_check_qname(sldns_buffer* pkt, uint8_t* qbuf, size_t qbuflen)
-{
- uint8_t* d1 = sldns_buffer_at(pkt, 12);
- uint8_t* d2 = qbuf+10;
- uint8_t len1, len2;
- int count = 0;
- log_assert(qbuflen >= 15 /* 10 header, root, type, class */);
- len1 = *d1++;
- len2 = *d2++;
- if(sldns_buffer_limit(pkt) < 12+1+4) /* packet too small for qname */
- return 0;
- while(len1 != 0 || len2 != 0) {
- if(LABEL_IS_PTR(len1)) {
- d1 = sldns_buffer_begin(pkt)+PTR_OFFSET(len1, *d1);
- if(d1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt)))
- return 0;
- len1 = *d1++;
- if(count++ > MAX_COMPRESS_PTRS)
- return 0;
- continue;
- }
- if(d2 > qbuf+qbuflen)
- return 0;
- if(len1 != len2)
- return 0;
- if(len1 > LDNS_MAX_LABELLEN)
- return 0;
- log_assert(len1 <= LDNS_MAX_LABELLEN);
- log_assert(len2 <= LDNS_MAX_LABELLEN);
- log_assert(len1 == len2 && len1 != 0);
- /* compare the labels - bitwise identical */
- if(memcmp(d1, d2, len1) != 0)
- return 0;
- d1 += len1;
- d2 += len2;
- len1 = *d1++;
- len2 = *d2++;
- }
- return 1;
-}
-
-/** call the callbacks for a serviced query */
-static void
-serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
- struct comm_reply* rep)
-{
- struct service_callback* p;
- int dobackup = (sq->cblist && sq->cblist->next); /* >1 cb*/
- uint8_t *backup_p = NULL;
- size_t backlen = 0;
-#ifdef UNBOUND_DEBUG
- rbnode_type* rem =
-#else
- (void)
-#endif
- /* remove from tree, and schedule for deletion, so that callbacks
- * can safely deregister themselves and even create new serviced
- * queries that are identical to this one. */
- rbtree_delete(sq->outnet->serviced, sq);
- log_assert(rem); /* should have been present */
- sq->to_be_deleted = 1;
- verbose(VERB_ALGO, "svcd callbacks start");
- if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c &&
- !sq->nocaps && sq->qtype != LDNS_RR_TYPE_PTR) {
- /* for type PTR do not check perturbed name in answer,
- * compatibility with cisco dns guard boxes that mess up
- * reverse queries 0x20 contents */
- /* noerror and nxdomain must have a qname in reply */
- if(sldns_buffer_read_u16_at(c->buffer, 4) == 0 &&
- (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer))
- == LDNS_RCODE_NOERROR ||
- LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer))
- == LDNS_RCODE_NXDOMAIN)) {
- verbose(VERB_DETAIL, "no qname in reply to check 0x20ID");
- log_addr(VERB_DETAIL, "from server",
- &sq->addr, sq->addrlen);
- log_buf(VERB_DETAIL, "for packet", c->buffer);
- error = NETEVENT_CLOSED;
- c = NULL;
- } else if(sldns_buffer_read_u16_at(c->buffer, 4) > 0 &&
- !serviced_check_qname(c->buffer, sq->qbuf,
- sq->qbuflen)) {
- verbose(VERB_DETAIL, "wrong 0x20-ID in reply qname");
- log_addr(VERB_DETAIL, "from server",
- &sq->addr, sq->addrlen);
- log_buf(VERB_DETAIL, "for packet", c->buffer);
- error = NETEVENT_CAPSFAIL;
- /* and cleanup too */
- pkt_dname_tolower(c->buffer,
- sldns_buffer_at(c->buffer, 12));
- } else {
- verbose(VERB_ALGO, "good 0x20-ID in reply qname");
- /* cleanup caps, prettier cache contents. */
- pkt_dname_tolower(c->buffer,
- sldns_buffer_at(c->buffer, 12));
- }
- }
- if(dobackup && c) {
- /* make a backup of the query, since the querystate processing
- * may send outgoing queries that overwrite the buffer.
- * use secondary buffer to store the query.
- * This is a data copy, but faster than packet to server */
- backlen = sldns_buffer_limit(c->buffer);
- backup_p = memdup(sldns_buffer_begin(c->buffer), backlen);
- if(!backup_p) {
- log_err("malloc failure in serviced query callbacks");
- error = NETEVENT_CLOSED;
- c = NULL;
- }
- sq->outnet->svcd_overhead = backlen;
- }
- /* test the actual sq->cblist, because the next elem could be deleted*/
- while((p=sq->cblist) != NULL) {
- sq->cblist = p->next; /* remove this element */
- if(dobackup && c) {
- sldns_buffer_clear(c->buffer);
- sldns_buffer_write(c->buffer, backup_p, backlen);
- sldns_buffer_flip(c->buffer);
- }
- fptr_ok(fptr_whitelist_serviced_query(p->cb));
- (void)(*p->cb)(c, p->cb_arg, error, rep);
- free(p);
- }
- if(backup_p) {
- free(backup_p);
- sq->outnet->svcd_overhead = 0;
- }
- verbose(VERB_ALGO, "svcd callbacks end");
- log_assert(sq->cblist == NULL);
- serviced_delete(sq);
-}
-
-int
-serviced_tcp_callback(struct comm_point* c, void* arg, int error,
- struct comm_reply* rep)
-{
- struct serviced_query* sq = (struct serviced_query*)arg;
- struct comm_reply r2;
- sq->pending = NULL; /* removed after this callback */
- if(error != NETEVENT_NOERROR)
- log_addr(VERB_QUERY, "tcp error for address",
- &sq->addr, sq->addrlen);
- if(error==NETEVENT_NOERROR)
- infra_update_tcp_works(sq->outnet->infra, &sq->addr,
- sq->addrlen, sq->zone, sq->zonelen);
-#ifdef USE_DNSTAP
- if(error==NETEVENT_NOERROR && sq->outnet->dtenv &&
- (sq->outnet->dtenv->log_resolver_response_messages ||
- sq->outnet->dtenv->log_forwarder_response_messages))
- dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr,
- c->type, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen,
- &sq->last_sent_time, sq->outnet->now_tv, c->buffer);
-#endif
- if(error==NETEVENT_NOERROR && sq->status == serviced_query_TCP_EDNS &&
- (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) ==
- LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE(sldns_buffer_begin(
- c->buffer)) == LDNS_RCODE_NOTIMPL) ) {
- /* attempt to fallback to nonEDNS */
- sq->status = serviced_query_TCP_EDNS_fallback;
- serviced_tcp_initiate(sq, c->buffer);
- return 0;
- } else if(error==NETEVENT_NOERROR &&
- sq->status == serviced_query_TCP_EDNS_fallback &&
- (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) ==
- LDNS_RCODE_NOERROR || LDNS_RCODE_WIRE(
- sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NXDOMAIN
- || LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer))
- == LDNS_RCODE_YXDOMAIN)) {
- /* the fallback produced a result that looks promising, note
- * that this server should be approached without EDNS */
- /* only store noEDNS in cache if domain is noDNSSEC */
- if(!sq->want_dnssec)
- if(!infra_edns_update(sq->outnet->infra, &sq->addr,
- sq->addrlen, sq->zone, sq->zonelen, -1,
- *sq->outnet->now_secs))
- log_err("Out of memory caching no edns for host");
- sq->status = serviced_query_TCP;
- }
- if(sq->tcp_upstream || sq->ssl_upstream) {
- struct timeval now = *sq->outnet->now_tv;
- if(now.tv_sec > sq->last_sent_time.tv_sec ||
- (now.tv_sec == sq->last_sent_time.tv_sec &&
- now.tv_usec > sq->last_sent_time.tv_usec)) {
- /* convert from microseconds to milliseconds */
- int roundtime = ((int)(now.tv_sec - sq->last_sent_time.tv_sec))*1000
- + ((int)now.tv_usec - (int)sq->last_sent_time.tv_usec)/1000;
- verbose(VERB_ALGO, "measured TCP-time at %d msec", roundtime);
- log_assert(roundtime >= 0);
- /* only store if less then AUTH_TIMEOUT seconds, it could be
- * huge due to system-hibernated and we woke up */
- if(roundtime < TCP_AUTH_QUERY_TIMEOUT*1000) {
- if(!infra_rtt_update(sq->outnet->infra, &sq->addr,
- sq->addrlen, sq->zone, sq->zonelen, sq->qtype,
- roundtime, sq->last_rtt, (time_t)now.tv_sec))
- log_err("out of memory noting rtt.");
- }
- }
- }
- /* insert address into reply info */
- if(!rep) {
- /* create one if there isn't (on errors) */
- rep = &r2;
- r2.c = c;
- }
- memcpy(&rep->addr, &sq->addr, sq->addrlen);
- rep->addrlen = sq->addrlen;
- serviced_callbacks(sq, error, c, rep);
- return 0;
-}
-
-static void
-serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff)
-{
- verbose(VERB_ALGO, "initiate TCP query %s",
- sq->status==serviced_query_TCP_EDNS?"EDNS":"");
- serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS);
- sq->last_sent_time = *sq->outnet->now_tv;
- sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT,
- serviced_tcp_callback, sq);
- if(!sq->pending) {
- /* delete from tree so that a retry by above layer does not
- * clash with this entry */
- log_err("serviced_tcp_initiate: failed to send tcp query");
- serviced_callbacks(sq, NETEVENT_CLOSED, NULL, NULL);
- }
-}
-
-/** Send serviced query over TCP return false on initial failure */
-static int
-serviced_tcp_send(struct serviced_query* sq, sldns_buffer* buff)
-{
- int vs, rtt;
- uint8_t edns_lame_known;
- if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone,
- sq->zonelen, *sq->outnet->now_secs, &vs, &edns_lame_known,
- &rtt))
- return 0;
- if(vs != -1)
- sq->status = serviced_query_TCP_EDNS;
- else sq->status = serviced_query_TCP;
- serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS);
- sq->last_sent_time = *sq->outnet->now_tv;
- sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT,
- serviced_tcp_callback, sq);
- return sq->pending != NULL;
-}
-
-/* see if packet is edns malformed; got zeroes at start.
- * This is from servers that return malformed packets to EDNS0 queries,
- * but they return good packets for nonEDNS0 queries.
- * We try to detect their output; without resorting to a full parse or
- * check for too many bytes after the end of the packet. */
-static int
-packet_edns_malformed(struct sldns_buffer* buf, int qtype)
-{
- size_t len;
- if(sldns_buffer_limit(buf) < LDNS_HEADER_SIZE)
- return 1; /* malformed */
- /* they have NOERROR rcode, 1 answer. */
- if(LDNS_RCODE_WIRE(sldns_buffer_begin(buf)) != LDNS_RCODE_NOERROR)
- return 0;
- /* one query (to skip) and answer records */
- if(LDNS_QDCOUNT(sldns_buffer_begin(buf)) != 1 ||
- LDNS_ANCOUNT(sldns_buffer_begin(buf)) == 0)
- return 0;
- /* skip qname */
- len = dname_valid(sldns_buffer_at(buf, LDNS_HEADER_SIZE),
- sldns_buffer_limit(buf)-LDNS_HEADER_SIZE);
- if(len == 0)
- return 0;
- if(len == 1 && qtype == 0)
- return 0; /* we asked for '.' and type 0 */
- /* and then 4 bytes (type and class of query) */
- if(sldns_buffer_limit(buf) < LDNS_HEADER_SIZE + len + 4 + 3)
- return 0;
-
- /* and start with 11 zeroes as the answer RR */
- /* so check the qtype of the answer record, qname=0, type=0 */
- if(sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[0] == 0 &&
- sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[1] == 0 &&
- sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[2] == 0)
- return 1;
- return 0;
-}
-
-int
-serviced_udp_callback(struct comm_point* c, void* arg, int error,
- struct comm_reply* rep)
-{
- struct serviced_query* sq = (struct serviced_query*)arg;
- struct outside_network* outnet = sq->outnet;
- struct timeval now = *sq->outnet->now_tv;
- int fallback_tcp = 0;
-
- sq->pending = NULL; /* removed after callback */
- if(error == NETEVENT_TIMEOUT) {
- int rto = 0;
- if(sq->status == serviced_query_PROBE_EDNS) {
- /* non-EDNS probe failed; we do not know its status,
- * keep trying with EDNS, timeout may not be caused
- * by EDNS. */
- sq->status = serviced_query_UDP_EDNS;
- }
- if(sq->status == serviced_query_UDP_EDNS && sq->last_rtt < 5000) {
- /* fallback to 1480/1280 */
- sq->status = serviced_query_UDP_EDNS_FRAG;
- log_name_addr(VERB_ALGO, "try edns1xx0", sq->qbuf+10,
- &sq->addr, sq->addrlen);
- if(!serviced_udp_send(sq, c->buffer)) {
- serviced_callbacks(sq, NETEVENT_CLOSED, c, rep);
- }
- return 0;
- }
- if(sq->status == serviced_query_UDP_EDNS_FRAG) {
- /* fragmentation size did not fix it */
- sq->status = serviced_query_UDP_EDNS;
- }
- sq->retry++;
- if(!(rto=infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen,
- sq->zone, sq->zonelen, sq->qtype, -1, sq->last_rtt,
- (time_t)now.tv_sec)))
- log_err("out of memory in UDP exponential backoff");
- if(sq->retry < OUTBOUND_UDP_RETRY) {
- log_name_addr(VERB_ALGO, "retry query", sq->qbuf+10,
- &sq->addr, sq->addrlen);
- if(!serviced_udp_send(sq, c->buffer)) {
- serviced_callbacks(sq, NETEVENT_CLOSED, c, rep);
- }
- return 0;
- }
- if(rto >= RTT_MAX_TIMEOUT) {
- fallback_tcp = 1;
- /* UDP does not work, fallback to TCP below */
- } else {
- serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep);
- return 0;
- }
- } else if(error != NETEVENT_NOERROR) {
- /* udp returns error (due to no ID or interface available) */
- serviced_callbacks(sq, error, c, rep);
- return 0;
- }
-#ifdef USE_DNSTAP
- if(error == NETEVENT_NOERROR && outnet->dtenv &&
- (outnet->dtenv->log_resolver_response_messages ||
- outnet->dtenv->log_forwarder_response_messages))
- dt_msg_send_outside_response(outnet->dtenv, &sq->addr, c->type,
- sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen,
- &sq->last_sent_time, sq->outnet->now_tv, c->buffer);
-#endif
- if(!fallback_tcp) {
- if( (sq->status == serviced_query_UDP_EDNS
- ||sq->status == serviced_query_UDP_EDNS_FRAG)
- && (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer))
- == LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE(
- sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOTIMPL
- || packet_edns_malformed(c->buffer, sq->qtype)
- )) {
- /* try to get an answer by falling back without EDNS */
- verbose(VERB_ALGO, "serviced query: attempt without EDNS");
- sq->status = serviced_query_UDP_EDNS_fallback;
- sq->retry = 0;
- if(!serviced_udp_send(sq, c->buffer)) {
- serviced_callbacks(sq, NETEVENT_CLOSED, c, rep);
- }
- return 0;
- } else if(sq->status == serviced_query_PROBE_EDNS) {
- /* probe without EDNS succeeds, so we conclude that this
- * host likely has EDNS packets dropped */
- log_addr(VERB_DETAIL, "timeouts, concluded that connection to "
- "host drops EDNS packets", &sq->addr, sq->addrlen);
- /* only store noEDNS in cache if domain is noDNSSEC */
- if(!sq->want_dnssec)
- if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
- sq->zone, sq->zonelen, -1, (time_t)now.tv_sec)) {
- log_err("Out of memory caching no edns for host");
- }
- sq->status = serviced_query_UDP;
- } else if(sq->status == serviced_query_UDP_EDNS &&
- !sq->edns_lame_known) {
- /* now we know that edns queries received answers store that */
- log_addr(VERB_ALGO, "serviced query: EDNS works for",
- &sq->addr, sq->addrlen);
- if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
- sq->zone, sq->zonelen, 0, (time_t)now.tv_sec)) {
- log_err("Out of memory caching edns works");
- }
- sq->edns_lame_known = 1;
- } else if(sq->status == serviced_query_UDP_EDNS_fallback &&
- !sq->edns_lame_known && (LDNS_RCODE_WIRE(
- sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOERROR ||
- LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) ==
- LDNS_RCODE_NXDOMAIN || LDNS_RCODE_WIRE(sldns_buffer_begin(
- c->buffer)) == LDNS_RCODE_YXDOMAIN)) {
- /* the fallback produced a result that looks promising, note
- * that this server should be approached without EDNS */
- /* only store noEDNS in cache if domain is noDNSSEC */
- if(!sq->want_dnssec) {
- log_addr(VERB_ALGO, "serviced query: EDNS fails for",
- &sq->addr, sq->addrlen);
- if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
- sq->zone, sq->zonelen, -1, (time_t)now.tv_sec)) {
- log_err("Out of memory caching no edns for host");
- }
- } else {
- log_addr(VERB_ALGO, "serviced query: EDNS fails, but "
- "not stored because need DNSSEC for", &sq->addr,
- sq->addrlen);
- }
- sq->status = serviced_query_UDP;
- }
- if(now.tv_sec > sq->last_sent_time.tv_sec ||
- (now.tv_sec == sq->last_sent_time.tv_sec &&
- now.tv_usec > sq->last_sent_time.tv_usec)) {
- /* convert from microseconds to milliseconds */
- int roundtime = ((int)(now.tv_sec - sq->last_sent_time.tv_sec))*1000
- + ((int)now.tv_usec - (int)sq->last_sent_time.tv_usec)/1000;
- verbose(VERB_ALGO, "measured roundtrip at %d msec", roundtime);
- log_assert(roundtime >= 0);
- /* in case the system hibernated, do not enter a huge value,
- * above this value gives trouble with server selection */
- if(roundtime < 60000) {
- if(!infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen,
- sq->zone, sq->zonelen, sq->qtype, roundtime,
- sq->last_rtt, (time_t)now.tv_sec))
- log_err("out of memory noting rtt.");
- }
- }
- } /* end of if_!fallback_tcp */
- /* perform TC flag check and TCP fallback after updating our
- * cache entries for EDNS status and RTT times */
- if(LDNS_TC_WIRE(sldns_buffer_begin(c->buffer)) || fallback_tcp) {
- /* fallback to TCP */
- /* this discards partial UDP contents */
- if(sq->status == serviced_query_UDP_EDNS ||
- sq->status == serviced_query_UDP_EDNS_FRAG ||
- sq->status == serviced_query_UDP_EDNS_fallback)
- /* if we have unfinished EDNS_fallback, start again */
- sq->status = serviced_query_TCP_EDNS;
- else sq->status = serviced_query_TCP;
- serviced_tcp_initiate(sq, c->buffer);
- return 0;
- }
- /* yay! an answer */
- serviced_callbacks(sq, error, c, rep);
- return 0;
-}
-
-struct serviced_query*
-outnet_serviced_query(struct outside_network* outnet,
- struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec,
- int nocaps, int tcp_upstream, int ssl_upstream,
- struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
- size_t zonelen, struct module_qstate* qstate,
- comm_point_callback_type* callback, void* callback_arg, sldns_buffer* buff,
- struct module_env* env)
-{
- struct serviced_query* sq;
- struct service_callback* cb;
- if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen,
- qstate, qstate->region))
- return NULL;
- serviced_gen_query(buff, qinfo->qname, qinfo->qname_len, qinfo->qtype,
- qinfo->qclass, flags);
- sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen,
- qstate->edns_opts_back_out);
- /* duplicate entries are included in the callback list, because
- * there is a counterpart registration by our caller that needs to
- * be doubly-removed (with callbacks perhaps). */
- if(!(cb = (struct service_callback*)malloc(sizeof(*cb))))
- return NULL;
- if(!sq) {
- /* make new serviced query entry */
- sq = serviced_create(outnet, buff, dnssec, want_dnssec, nocaps,
- tcp_upstream, ssl_upstream, addr, addrlen, zone,
- zonelen, (int)qinfo->qtype, qstate->edns_opts_back_out);
- if(!sq) {
- free(cb);
- return NULL;
- }
- /* perform first network action */
- if(outnet->do_udp && !(tcp_upstream || ssl_upstream)) {
- if(!serviced_udp_send(sq, buff)) {
- (void)rbtree_delete(outnet->serviced, sq);
- free(sq->qbuf);
- free(sq->zone);
- free(sq);
- free(cb);
- return NULL;
- }
- } else {
- if(!serviced_tcp_send(sq, buff)) {
- (void)rbtree_delete(outnet->serviced, sq);
- free(sq->qbuf);
- free(sq->zone);
- free(sq);
- free(cb);
- return NULL;
- }
- }
- }
- /* add callback to list of callbacks */
- cb->cb = callback;
- cb->cb_arg = callback_arg;
- cb->next = sq->cblist;
- sq->cblist = cb;
- return sq;
-}
-
-/** remove callback from list */
-static void
-callback_list_remove(struct serviced_query* sq, void* cb_arg)
-{
- struct service_callback** pp = &sq->cblist;
- while(*pp) {
- if((*pp)->cb_arg == cb_arg) {
- struct service_callback* del = *pp;
- *pp = del->next;
- free(del);
- return;
- }
- pp = &(*pp)->next;
- }
-}
-
-void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg)
-{
- if(!sq)
- return;
- callback_list_remove(sq, cb_arg);
- /* if callbacks() routine scheduled deletion, let it do that */
- if(!sq->cblist && !sq->to_be_deleted) {
- (void)rbtree_delete(sq->outnet->serviced, sq);
- serviced_delete(sq);
- }
-}
-
-/** get memory used by waiting tcp entry (in use or not) */
-static size_t
-waiting_tcp_get_mem(struct waiting_tcp* w)
-{
- size_t s;
- if(!w) return 0;
- s = sizeof(*w) + w->pkt_len;
- if(w->timer)
- s += comm_timer_get_mem(w->timer);
- return s;
-}
-
-/** get memory used by port if */
-static size_t
-if_get_mem(struct port_if* pif)
-{
- size_t s;
- int i;
- s = sizeof(*pif) + sizeof(int)*pif->avail_total +
- sizeof(struct port_comm*)*pif->maxout;
- for(i=0; i<pif->inuse; i++)
- s += sizeof(*pif->out[i]) +
- comm_point_get_mem(pif->out[i]->cp);
- return s;
-}
-
-/** get memory used by waiting udp */
-static size_t
-waiting_udp_get_mem(struct pending* w)
-{
- size_t s;
- s = sizeof(*w) + comm_timer_get_mem(w->timer) + w->pkt_len;
- return s;
-}
-
-size_t outnet_get_mem(struct outside_network* outnet)
-{
- size_t i;
- int k;
- struct waiting_tcp* w;
- struct pending* u;
- struct serviced_query* sq;
- struct service_callback* sb;
- struct port_comm* pc;
- size_t s = sizeof(*outnet) + sizeof(*outnet->base) +
- sizeof(*outnet->udp_buff) +
- sldns_buffer_capacity(outnet->udp_buff);
- /* second buffer is not ours */
- for(pc = outnet->unused_fds; pc; pc = pc->next) {
- s += sizeof(*pc) + comm_point_get_mem(pc->cp);
- }
- for(k=0; k<outnet->num_ip4; k++)
- s += if_get_mem(&outnet->ip4_ifs[k]);
- for(k=0; k<outnet->num_ip6; k++)
- s += if_get_mem(&outnet->ip6_ifs[k]);
- for(u=outnet->udp_wait_first; u; u=u->next_waiting)
- s += waiting_udp_get_mem(u);
-
- s += sizeof(struct pending_tcp*)*outnet->num_tcp;
- for(i=0; i<outnet->num_tcp; i++) {
- s += sizeof(struct pending_tcp);
- s += comm_point_get_mem(outnet->tcp_conns[i]->c);
- if(outnet->tcp_conns[i]->query)
- s += waiting_tcp_get_mem(outnet->tcp_conns[i]->query);
- }
- for(w=outnet->tcp_wait_first; w; w = w->next_waiting)
- s += waiting_tcp_get_mem(w);
- s += sizeof(*outnet->pending);
- s += (sizeof(struct pending) + comm_timer_get_mem(NULL)) *
- outnet->pending->count;
- s += sizeof(*outnet->serviced);
- s += outnet->svcd_overhead;
- RBTREE_FOR(sq, struct serviced_query*, outnet->serviced) {
- s += sizeof(*sq) + sq->qbuflen;
- for(sb = sq->cblist; sb; sb = sb->next)
- s += sizeof(*sb);
- }
- return s;
-}
-
-size_t
-serviced_get_mem(struct serviced_query* sq)
-{
- struct service_callback* sb;
- size_t s;
- s = sizeof(*sq) + sq->qbuflen;
- for(sb = sq->cblist; sb; sb = sb->next)
- s += sizeof(*sb);
- if(sq->status == serviced_query_UDP_EDNS ||
- sq->status == serviced_query_UDP ||
- sq->status == serviced_query_PROBE_EDNS ||
- sq->status == serviced_query_UDP_EDNS_FRAG ||
- sq->status == serviced_query_UDP_EDNS_fallback) {
- s += sizeof(struct pending);
- s += comm_timer_get_mem(NULL);
- } else {
- /* does not have size of the pkt pointer */
- /* always has a timer except on malloc failures */
-
- /* these sizes are part of the main outside network mem */
- /*
- s += sizeof(struct waiting_tcp);
- s += comm_timer_get_mem(NULL);
- */
- }
- return s;
-}
-
diff --git a/external/unbound/services/outside_network.h b/external/unbound/services/outside_network.h
deleted file mode 100644
index befd512f0..000000000
--- a/external/unbound/services/outside_network.h
+++ /dev/null
@@ -1,567 +0,0 @@
-/*
- * services/outside_network.h - listen to answers from the network
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file has functions to send queries to authoritative servers,
- * and wait for the pending answer, with timeouts.
- */
-
-#ifndef OUTSIDE_NETWORK_H
-#define OUTSIDE_NETWORK_H
-
-#include "util/rbtree.h"
-#include "util/netevent.h"
-#include "dnstap/dnstap_config.h"
-struct pending;
-struct pending_timeout;
-struct ub_randstate;
-struct pending_tcp;
-struct waiting_tcp;
-struct waiting_udp;
-struct infra_cache;
-struct port_comm;
-struct port_if;
-struct sldns_buffer;
-struct serviced_query;
-struct dt_env;
-struct edns_option;
-struct module_env;
-struct module_qstate;
-struct query_info;
-
-/**
- * Send queries to outside servers and wait for answers from servers.
- * Contains answer-listen sockets.
- */
-struct outside_network {
- /** Base for select calls */
- struct comm_base* base;
- /** pointer to time in seconds */
- time_t* now_secs;
- /** pointer to time in microseconds */
- struct timeval* now_tv;
-
- /** buffer shared by UDP connections, since there is only one
- datagram at any time. */
- struct sldns_buffer* udp_buff;
- /** serviced_callbacks malloc overhead when processing multiple
- * identical serviced queries to the same server. */
- size_t svcd_overhead;
- /** use x20 bits to encode additional ID random bits */
- int use_caps_for_id;
- /** outside network wants to quit. Stop queued msgs from sent. */
- int want_to_quit;
-
- /** number of unwanted replies received (for statistics) */
- size_t unwanted_replies;
- /** cumulative total of unwanted replies (for defense) */
- size_t unwanted_total;
- /** threshold when to take defensive action. If 0 then never. */
- size_t unwanted_threshold;
- /** what action to take, called when defensive action is needed */
- void (*unwanted_action)(void*);
- /** user param for action */
- void* unwanted_param;
-
- /** linked list of available commpoints, unused file descriptors,
- * for use as outgoing UDP ports. cp.fd=-1 in them. */
- struct port_comm* unused_fds;
- /** if udp is done */
- int do_udp;
- /** if udp is delay-closed (delayed answers do not meet closed port)*/
- int delayclose;
- /** timeout for delayclose */
- struct timeval delay_tv;
-
- /** array of outgoing IP4 interfaces */
- struct port_if* ip4_ifs;
- /** number of outgoing IP4 interfaces */
- int num_ip4;
-
- /** array of outgoing IP6 interfaces */
- struct port_if* ip6_ifs;
- /** number of outgoing IP6 interfaces */
- int num_ip6;
-
- /** pending udp queries waiting to be sent out, waiting for fd */
- struct pending* udp_wait_first;
- /** last pending udp query in list */
- struct pending* udp_wait_last;
-
- /** pending udp answers. sorted by id, addr */
- rbtree_type* pending;
- /** serviced queries, sorted by qbuf, addr, dnssec */
- rbtree_type* serviced;
- /** host cache, pointer but not owned by outnet. */
- struct infra_cache* infra;
- /** where to get random numbers */
- struct ub_randstate* rnd;
- /** ssl context to create ssl wrapped TCP with DNS connections */
- void* sslctx;
-#ifdef USE_DNSTAP
- /** dnstap environment */
- struct dt_env* dtenv;
-#endif
- /** maximum segment size of tcp socket */
- int tcp_mss;
-
- /**
- * Array of tcp pending used for outgoing TCP connections.
- * Each can be used to establish a TCP connection with a server.
- * The file descriptors are -1 if they are free, and need to be
- * opened for the tcp connection. Can be used for ip4 and ip6.
- */
- struct pending_tcp **tcp_conns;
- /** number of tcp communication points. */
- size_t num_tcp;
- /** number of tcp communication points in use. */
- size_t num_tcp_outgoing;
- /** list of tcp comm points that are free for use */
- struct pending_tcp* tcp_free;
- /** list of tcp queries waiting for a buffer */
- struct waiting_tcp* tcp_wait_first;
- /** last of waiting query list */
- struct waiting_tcp* tcp_wait_last;
-};
-
-/**
- * Outgoing interface. Ports available and currently used are tracked
- * per interface
- */
-struct port_if {
- /** address ready to allocate new socket (except port no). */
- struct sockaddr_storage addr;
- /** length of addr field */
- socklen_t addrlen;
-
- /** prefix length of network address (in bits), for randomisation.
- * if 0, no randomisation. */
- int pfxlen;
-
- /** the available ports array. These are unused.
- * Only the first total-inuse part is filled. */
- int* avail_ports;
- /** the total number of available ports (size of the array) */
- int avail_total;
-
- /** array of the commpoints currently in use.
- * allocated for max number of fds, first part in use. */
- struct port_comm** out;
- /** max number of fds, size of out array */
- int maxout;
- /** number of commpoints (and thus also ports) in use */
- int inuse;
-};
-
-/**
- * Outgoing commpoint for UDP port.
- */
-struct port_comm {
- /** next in free list */
- struct port_comm* next;
- /** which port number (when in use) */
- int number;
- /** interface it is used in */
- struct port_if* pif;
- /** index in the out array of the interface */
- int index;
- /** number of outstanding queries on this port */
- int num_outstanding;
- /** UDP commpoint, fd=-1 if not in use */
- struct comm_point* cp;
-};
-
-/**
- * A query that has an answer pending for it.
- */
-struct pending {
- /** redblacktree entry, key is the pending struct(id, addr). */
- rbnode_type node;
- /** the ID for the query. int so that a value out of range can
- * be used to signify a pending that is for certain not present in
- * the rbtree. (and for which deletion is safe). */
- unsigned int id;
- /** remote address. */
- struct sockaddr_storage addr;
- /** length of addr field in use. */
- socklen_t addrlen;
- /** comm point it was sent on (and reply must come back on). */
- struct port_comm* pc;
- /** timeout event */
- struct comm_timer* timer;
- /** callback for the timeout, error or reply to the message */
- comm_point_callback_type* cb;
- /** callback user argument */
- void* cb_arg;
- /** the outside network it is part of */
- struct outside_network* outnet;
- /** the corresponding serviced_query */
- struct serviced_query* sq;
-
- /*---- filled if udp pending is waiting -----*/
- /** next in waiting list. */
- struct pending* next_waiting;
- /** timeout in msec */
- int timeout;
- /** The query itself, the query packet to send. */
- uint8_t* pkt;
- /** length of query packet. */
- size_t pkt_len;
-};
-
-/**
- * Pending TCP query to server.
- */
-struct pending_tcp {
- /** next in list of free tcp comm points, or NULL. */
- struct pending_tcp* next_free;
- /** the ID for the query; checked in reply */
- uint16_t id;
- /** tcp comm point it was sent on (and reply must come back on). */
- struct comm_point* c;
- /** the query being serviced, NULL if the pending_tcp is unused. */
- struct waiting_tcp* query;
-};
-
-/**
- * Query waiting for TCP buffer.
- */
-struct waiting_tcp {
- /**
- * next in waiting list.
- * if pkt==0, this points to the pending_tcp structure.
- */
- struct waiting_tcp* next_waiting;
- /** timeout event; timer keeps running whether the query is
- * waiting for a buffer or the tcp reply is pending */
- struct comm_timer* timer;
- /** the outside network it is part of */
- struct outside_network* outnet;
- /** remote address. */
- struct sockaddr_storage addr;
- /** length of addr field in use. */
- socklen_t addrlen;
- /**
- * The query itself, the query packet to send.
- * allocated after the waiting_tcp structure.
- * set to NULL when the query is serviced and it part of pending_tcp.
- * if this is NULL, the next_waiting points to the pending_tcp.
- */
- uint8_t* pkt;
- /** length of query packet. */
- size_t pkt_len;
- /** callback for the timeout, error or reply to the message */
- comm_point_callback_type* cb;
- /** callback user argument */
- void* cb_arg;
- /** if it uses ssl upstream */
- int ssl_upstream;
-};
-
-/**
- * Callback to party interested in serviced query results.
- */
-struct service_callback {
- /** next in callback list */
- struct service_callback* next;
- /** callback function */
- comm_point_callback_type* cb;
- /** user argument for callback function */
- void* cb_arg;
-};
-
-/** fallback size for fragmentation for EDNS in IPv4 */
-#define EDNS_FRAG_SIZE_IP4 1472
-/** fallback size for EDNS in IPv6, fits one fragment with ip6-tunnel-ids */
-#define EDNS_FRAG_SIZE_IP6 1232
-
-/**
- * Query service record.
- * Contains query and destination. UDP, TCP, EDNS are all tried.
- * complete with retries and timeouts. A number of interested parties can
- * receive a callback.
- */
-struct serviced_query {
- /** The rbtree node, key is this record */
- rbnode_type node;
- /** The query that needs to be answered. Starts with flags u16,
- * then qdcount, ..., including qname, qtype, qclass. Does not include
- * EDNS record. */
- uint8_t* qbuf;
- /** length of qbuf. */
- size_t qbuflen;
- /** If an EDNS section is included, the DO/CD bit will be turned on. */
- int dnssec;
- /** We want signatures, or else the answer is likely useless */
- int want_dnssec;
- /** ignore capsforid */
- int nocaps;
- /** tcp upstream used, use tcp, or ssl_upstream for SSL */
- int tcp_upstream, ssl_upstream;
- /** where to send it */
- struct sockaddr_storage addr;
- /** length of addr field in use. */
- socklen_t addrlen;
- /** zone name, uncompressed domain name in wireformat */
- uint8_t* zone;
- /** length of zone name */
- size_t zonelen;
- /** qtype */
- int qtype;
- /** current status */
- enum serviced_query_status {
- /** initial status */
- serviced_initial,
- /** UDP with EDNS sent */
- serviced_query_UDP_EDNS,
- /** UDP without EDNS sent */
- serviced_query_UDP,
- /** TCP with EDNS sent */
- serviced_query_TCP_EDNS,
- /** TCP without EDNS sent */
- serviced_query_TCP,
- /** probe to test EDNS lameness (EDNS is dropped) */
- serviced_query_PROBE_EDNS,
- /** probe to test noEDNS0 (EDNS gives FORMERRorNOTIMP) */
- serviced_query_UDP_EDNS_fallback,
- /** probe to test TCP noEDNS0 (EDNS gives FORMERRorNOTIMP) */
- serviced_query_TCP_EDNS_fallback,
- /** send UDP query with EDNS1480 (or 1280) */
- serviced_query_UDP_EDNS_FRAG
- }
- /** variable with current status */
- status;
- /** true if serviced_query is scheduled for deletion already */
- int to_be_deleted;
- /** number of UDP retries */
- int retry;
- /** time last UDP was sent */
- struct timeval last_sent_time;
- /** rtt of last (UDP) message */
- int last_rtt;
- /** do we know edns probe status already, for UDP_EDNS queries */
- int edns_lame_known;
- /** edns options to use for sending upstream packet */
- struct edns_option* opt_list;
- /** outside network this is part of */
- struct outside_network* outnet;
- /** list of interested parties that need callback on results. */
- struct service_callback* cblist;
- /** the UDP or TCP query that is pending, see status which */
- void* pending;
-};
-
-/**
- * Create outside_network structure with N udp ports.
- * @param base: the communication base to use for event handling.
- * @param bufsize: size for network buffers.
- * @param num_ports: number of udp ports to open per interface.
- * @param ifs: interface names (or NULL for default interface).
- * These interfaces must be able to access all authoritative servers.
- * @param num_ifs: number of names in array ifs.
- * @param do_ip4: service IP4.
- * @param do_ip6: service IP6.
- * @param num_tcp: number of outgoing tcp buffers to preallocate.
- * @param infra: pointer to infra cached used for serviced queries.
- * @param rnd: stored to create random numbers for serviced queries.
- * @param use_caps_for_id: enable to use 0x20 bits to encode id randomness.
- * @param availports: array of available ports.
- * @param numavailports: number of available ports in array.
- * @param unwanted_threshold: when to take defensive action.
- * @param unwanted_action: the action to take.
- * @param unwanted_param: user parameter to action.
- * @param tcp_mss: maximum segment size of tcp socket.
- * @param do_udp: if udp is done.
- * @param sslctx: context to create outgoing connections with (if enabled).
- * @param delayclose: if not 0, udp sockets are delayed before timeout closure.
- * msec to wait on timeouted udp sockets.
- * @param dtenv: environment to send dnstap events with (if enabled).
- * @return: the new structure (with no pending answers) or NULL on error.
- */
-struct outside_network* outside_network_create(struct comm_base* base,
- size_t bufsize, size_t num_ports, char** ifs, int num_ifs,
- int do_ip4, int do_ip6, size_t num_tcp, struct infra_cache* infra,
- struct ub_randstate* rnd, int use_caps_for_id, int* availports,
- int numavailports, size_t unwanted_threshold, int tcp_mss,
- void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
- void* sslctx, int delayclose, struct dt_env *dtenv);
-
-/**
- * Delete outside_network structure.
- * @param outnet: object to delete.
- */
-void outside_network_delete(struct outside_network* outnet);
-
-/**
- * Prepare for quit. Sends no more queries, even if queued up.
- * @param outnet: object to prepare for removal
- */
-void outside_network_quit_prepare(struct outside_network* outnet);
-
-/**
- * Send UDP query, create pending answer.
- * Changes the ID for the query to be random and unique for that destination.
- * @param sq: serviced query.
- * @param packet: wireformat query to send to destination.
- * @param timeout: in milliseconds from now.
- * @param callback: function to call on error, timeout or reply.
- * @param callback_arg: user argument for callback function.
- * @return: NULL on error for malloc or socket. Else the pending query object.
- */
-struct pending* pending_udp_query(struct serviced_query* sq,
- struct sldns_buffer* packet, int timeout, comm_point_callback_type* callback,
- void* callback_arg);
-
-/**
- * Send TCP query. May wait for TCP buffer. Selects ID to be random, and
- * checks id.
- * @param sq: serviced query.
- * @param packet: wireformat query to send to destination. copied from.
- * @param timeout: in seconds from now.
- * Timer starts running now. Timer may expire if all buffers are used,
- * without any query been sent to the server yet.
- * @param callback: function to call on error, timeout or reply.
- * @param callback_arg: user argument for callback function.
- * @return: false on error for malloc or socket. Else the pending TCP object.
- */
-struct waiting_tcp* pending_tcp_query(struct serviced_query* sq,
- struct sldns_buffer* packet, int timeout, comm_point_callback_type* callback,
- void* callback_arg);
-
-/**
- * Delete pending answer.
- * @param outnet: outside network the pending query is part of.
- * Internal feature: if outnet is NULL, p is not unlinked from rbtree.
- * @param p: deleted
- */
-void pending_delete(struct outside_network* outnet, struct pending* p);
-
-/**
- * Perform a serviced query to the authoritative servers.
- * Duplicate efforts are detected, and EDNS, TCP and UDP retry is performed.
- * @param outnet: outside network, with rbtree of serviced queries.
- * @param qinfo: query info.
- * @param flags: flags u16 (host format), includes opcode, CD bit.
- * @param dnssec: if set, DO bit is set in EDNS queries.
- * If the value includes BIT_CD, CD bit is set when in EDNS queries.
- * If the value includes BIT_DO, DO bit is set when in EDNS queries.
- * @param want_dnssec: signatures are needed, without EDNS the answer is
- * likely to be useless.
- * @param nocaps: ignore use_caps_for_id and use unperturbed qname.
- * @param tcp_upstream: use TCP for upstream queries.
- * @param ssl_upstream: use SSL for upstream queries.
- * @param addr: to which server to send the query.
- * @param addrlen: length of addr.
- * @param zone: name of the zone of the delegation point. wireformat dname.
- This is the delegation point name for which the server is deemed
- authoritative.
- * @param zonelen: length of zone.
- * @param qstate: module qstate. Mainly for inspecting the available
- * edns_opts_lists.
- * @param callback: callback function.
- * @param callback_arg: user argument to callback function.
- * @param buff: scratch buffer to create query contents in. Empty on exit.
- * @param env: the module environment.
- * @return 0 on error, or pointer to serviced query that is used to answer
- * this serviced query may be shared with other callbacks as well.
- */
-struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
- struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec,
- int nocaps, int tcp_upstream, int ssl_upstream,
- struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
- size_t zonelen, struct module_qstate* qstate,
- comm_point_callback_type* callback, void* callback_arg,
- struct sldns_buffer* buff, struct module_env* env);
-
-/**
- * Remove service query callback.
- * If that leads to zero callbacks, the query is completely cancelled.
- * @param sq: serviced query to adjust.
- * @param cb_arg: callback argument of callback that needs removal.
- * same as the callback_arg to outnet_serviced_query().
- */
-void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg);
-
-/**
- * Get memory size in use by outside network.
- * Counts buffers and outstanding query (serviced queries) malloced data.
- * @param outnet: outside network structure.
- * @return size in bytes.
- */
-size_t outnet_get_mem(struct outside_network* outnet);
-
-/**
- * Get memory size in use by serviced query while it is servicing callbacks.
- * This takes into account the pre-deleted status of it; it will be deleted
- * when the callbacks are done.
- * @param sq: serviced query.
- * @return size in bytes.
- */
-size_t serviced_get_mem(struct serviced_query* sq);
-
-/** callback for incoming udp answers from the network */
-int outnet_udp_cb(struct comm_point* c, void* arg, int error,
- struct comm_reply *reply_info);
-
-/** callback for pending tcp connections */
-int outnet_tcp_cb(struct comm_point* c, void* arg, int error,
- struct comm_reply *reply_info);
-
-/** callback for udp timeout */
-void pending_udp_timer_cb(void *arg);
-
-/** callback for udp delay for timeout */
-void pending_udp_timer_delay_cb(void *arg);
-
-/** callback for outgoing TCP timer event */
-void outnet_tcptimer(void* arg);
-
-/** callback for serviced query UDP answers */
-int serviced_udp_callback(struct comm_point* c, void* arg, int error,
- struct comm_reply* rep);
-
-/** TCP reply or error callback for serviced queries */
-int serviced_tcp_callback(struct comm_point* c, void* arg, int error,
- struct comm_reply* rep);
-
-/** compare function of pending rbtree */
-int pending_cmp(const void* key1, const void* key2);
-
-/** compare function of serviced query rbtree */
-int serviced_cmp(const void* key1, const void* key2);
-
-#endif /* OUTSIDE_NETWORK_H */
diff --git a/external/unbound/services/view.c b/external/unbound/services/view.c
deleted file mode 100644
index 33f4f4986..000000000
--- a/external/unbound/services/view.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * services/view.c - named views containing local zones authority service.
- *
- * Copyright (c) 2016, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to enable named views that can hold local zone
- * authority service.
- */
-#include "config.h"
-#include "services/view.h"
-#include "services/localzone.h"
-#include "util/config_file.h"
-
-int
-view_cmp(const void* v1, const void* v2)
-{
- struct view* a = (struct view*)v1;
- struct view* b = (struct view*)v2;
-
- return strcmp(a->name, b->name);
-}
-
-struct views*
-views_create(void)
-{
- struct views* v = (struct views*)calloc(1,
- sizeof(*v));
- if(!v)
- return NULL;
- rbtree_init(&v->vtree, &view_cmp);
- lock_rw_init(&v->lock);
- lock_protect(&v->lock, &v->vtree, sizeof(v->vtree));
- return v;
-}
-
-/** This prototype is defined in in respip.h, but we want to avoid
- * unnecessary dependencies */
-void respip_set_delete(struct respip_set *set);
-
-void
-view_delete(struct view* v)
-{
- if(!v)
- return;
- lock_rw_destroy(&v->lock);
- local_zones_delete(v->local_zones);
- respip_set_delete(v->respip_set);
- free(v->name);
- free(v);
-}
-
-static void
-delviewnode(rbnode_type* n, void* ATTR_UNUSED(arg))
-{
- struct view* v = (struct view*)n;
- view_delete(v);
-}
-
-void
-views_delete(struct views* v)
-{
- if(!v)
- return;
- lock_rw_destroy(&v->lock);
- traverse_postorder(&v->vtree, delviewnode, NULL);
- free(v);
-}
-
-/** create a new view */
-static struct view*
-view_create(char* name)
-{
- struct view* v = (struct view*)calloc(1, sizeof(*v));
- if(!v)
- return NULL;
- v->node.key = v;
- if(!(v->name = strdup(name))) {
- free(v);
- return NULL;
- }
- lock_rw_init(&v->lock);
- lock_protect(&v->lock, &v->name, sizeof(*v)-sizeof(rbnode_type));
- return v;
-}
-
-/** enter a new view returns with WRlock */
-static struct view*
-views_enter_view_name(struct views* vs, char* name)
-{
- struct view* v = view_create(name);
- if(!v) {
- log_err("out of memory");
- return NULL;
- }
-
- /* add to rbtree */
- lock_rw_wrlock(&vs->lock);
- lock_rw_wrlock(&v->lock);
- if(!rbtree_insert(&vs->vtree, &v->node)) {
- log_warn("duplicate view: %s", name);
- lock_rw_unlock(&v->lock);
- view_delete(v);
- lock_rw_unlock(&vs->lock);
- return NULL;
- }
- lock_rw_unlock(&vs->lock);
- return v;
-}
-
-int
-views_apply_cfg(struct views* vs, struct config_file* cfg)
-{
- struct config_view* cv;
- struct view* v;
- struct config_file lz_cfg;
- /* Check existence of name in first view (last in config). Rest of
- * views are already checked when parsing config. */
- if(cfg->views && !cfg->views->name) {
- log_err("view without a name");
- return 0;
- }
- for(cv = cfg->views; cv; cv = cv->next) {
- /* create and enter view */
- if(!(v = views_enter_view_name(vs, cv->name)))
- return 0;
- v->isfirst = cv->isfirst;
- if(cv->local_zones || cv->local_data) {
- if(!(v->local_zones = local_zones_create())){
- lock_rw_unlock(&v->lock);
- return 0;
- }
- memset(&lz_cfg, 0, sizeof(lz_cfg));
- lz_cfg.local_zones = cv->local_zones;
- lz_cfg.local_data = cv->local_data;
- lz_cfg.local_zones_nodefault =
- cv->local_zones_nodefault;
- if(!local_zones_apply_cfg(v->local_zones, &lz_cfg)){
- lock_rw_unlock(&v->lock);
- return 0;
- }
- /* local_zones, local_zones_nodefault and local_data
- * are free'd from config_view by local_zones_apply_cfg.
- * Set pointers to NULL. */
- cv->local_zones = NULL;
- cv->local_data = NULL;
- cv->local_zones_nodefault = NULL;
- }
- lock_rw_unlock(&v->lock);
- }
- return 1;
-}
-
-/** find a view by name */
-struct view*
-views_find_view(struct views* vs, const char* name, int write)
-{
- struct view* v;
- struct view key;
- key.node.key = &v;
- key.name = (char *)name;
- lock_rw_rdlock(&vs->lock);
- if(!(v = (struct view*)rbtree_search(&vs->vtree, &key.node))) {
- lock_rw_unlock(&vs->lock);
- return 0;
- }
- if(write) {
- lock_rw_wrlock(&v->lock);
- } else {
- lock_rw_rdlock(&v->lock);
- }
- lock_rw_unlock(&vs->lock);
- return v;
-}
-
-void views_print(struct views* v)
-{
- /* TODO implement print */
- (void)v;
-}
diff --git a/external/unbound/services/view.h b/external/unbound/services/view.h
deleted file mode 100644
index e0b346419..000000000
--- a/external/unbound/services/view.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * services/view.h - named views containing local zones authority service.
- *
- * Copyright (c) 2016, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains functions to enable named views that can hold local zone
- * authority service.
- */
-
-#ifndef SERVICES_VIEW_H
-#define SERVICES_VIEW_H
-#include "util/rbtree.h"
-#include "util/locks.h"
-struct regional;
-struct config_file;
-struct config_view;
-struct respip_set;
-
-
-/**
- * Views storage, shared.
- */
-struct views {
- /** lock on the view tree */
- lock_rw_type lock;
- /** rbtree of struct view */
- rbtree_type vtree;
-};
-
-/**
- * View. Named structure holding local authority zones.
- */
-struct view {
- /** rbtree node, key is name */
- rbnode_type node;
- /** view name.
- * Has to be right after rbnode_t due to pointer arithmatic in
- * view_create's lock protect */
- char* name;
- /** view specific local authority zones */
- struct local_zones* local_zones;
- /** response-ip configuration data for this view */
- struct respip_set* respip_set;
- /** Fallback to global local_zones when there is no match in the view
- * specific tree. 1 for yes, 0 for no */
- int isfirst;
- /** lock on the data in the structure
- * For the node and name you need to also hold the views_tree lock to
- * change them. */
- lock_rw_type lock;
-};
-
-
-/**
- * Create views storage
- * @return new struct or NULL on error.
- */
-struct views* views_create(void);
-
-/**
- * Delete views storage
- * @param v: views to delete.
- */
-void views_delete(struct views* v);
-
-/**
- * Apply config settings;
- * Takes care of locking.
- * @param v: view is set up.
- * @param cfg: config data.
- * @return false on error.
- */
-int views_apply_cfg(struct views* v, struct config_file* cfg);
-
-/**
- * Compare two view entries in rbtree. Sort canonical.
- * @param v1: view 1
- * @param v2: view 2
- * @return: negative, positive or 0 comparison value.
- */
-int view_cmp(const void* v1, const void* v2);
-
-/**
- * Delete one view
- * @param v: view to delete.
- */
-void view_delete(struct view* v);
-
-/**
- * Debug helper. Print all views
- * Takes care of locking.
- * @param v: the views tree
- */
-void views_print(struct views* v);
-
-/* Find a view by name.
- * @param vs: views
- * @param name: name of the view we are looking for
- * @param write: 1 for obtaining write lock on found view, 0 for read lock
- * @return: locked view or NULL.
- */
-struct view* views_find_view(struct views* vs, const char* name, int write);
-
-#endif /* SERVICES_VIEW_H */