diff options
Diffstat (limited to 'external/unbound/util/data')
-rw-r--r-- | external/unbound/util/data/dname.c | 782 | ||||
-rw-r--r-- | external/unbound/util/data/dname.h | 304 | ||||
-rw-r--r-- | external/unbound/util/data/msgencode.c | 841 | ||||
-rw-r--r-- | external/unbound/util/data/msgencode.h | 131 | ||||
-rw-r--r-- | external/unbound/util/data/msgparse.c | 1022 | ||||
-rw-r--r-- | external/unbound/util/data/msgparse.h | 301 | ||||
-rw-r--r-- | external/unbound/util/data/msgreply.c | 830 | ||||
-rw-r--r-- | external/unbound/util/data/msgreply.h | 438 | ||||
-rw-r--r-- | external/unbound/util/data/packed_rrset.c | 389 | ||||
-rw-r--r-- | external/unbound/util/data/packed_rrset.h | 428 |
10 files changed, 5466 insertions, 0 deletions
diff --git a/external/unbound/util/data/dname.c b/external/unbound/util/data/dname.c new file mode 100644 index 000000000..76f2e6458 --- /dev/null +++ b/external/unbound/util/data/dname.c @@ -0,0 +1,782 @@ +/* + * util/data/dname.h - domain name handling + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains domain name handling functions. + */ + +#include "config.h" +#include <ctype.h> +#include "util/data/dname.h" +#include "util/data/msgparse.h" +#include "util/log.h" +#include "util/storage/lookup3.h" +#include "ldns/sbuffer.h" + +/* determine length of a dname in buffer, no compression pointers allowed */ +size_t +query_dname_len(sldns_buffer* query) +{ + size_t len = 0; + size_t labellen; + while(1) { + if(sldns_buffer_remaining(query) < 1) + return 0; /* parse error, need label len */ + labellen = sldns_buffer_read_u8(query); + if(labellen&0xc0) + return 0; /* no compression allowed in queries */ + len += labellen + 1; + if(len > LDNS_MAX_DOMAINLEN) + return 0; /* too long */ + if(labellen == 0) + return len; + if(sldns_buffer_remaining(query) < labellen) + return 0; /* parse error, need content */ + sldns_buffer_skip(query, (ssize_t)labellen); + } +} + +size_t +dname_valid(uint8_t* dname, size_t maxlen) +{ + size_t len = 0; + size_t labellen; + labellen = *dname++; + while(labellen) { + if(labellen&0xc0) + return 0; /* no compression ptrs allowed */ + len += labellen + 1; + if(len >= LDNS_MAX_DOMAINLEN) + return 0; /* too long */ + if(len > maxlen) + return 0; /* does not fit in memory allocation */ + dname += labellen; + labellen = *dname++; + } + len += 1; + if(len > maxlen) + return 0; /* does not fit in memory allocation */ + return len; +} + +/** compare uncompressed, noncanonical, registers are hints for speed */ +int +query_dname_compare(register uint8_t* d1, register uint8_t* d2) +{ + register uint8_t lab1, lab2; + log_assert(d1 && d2); + lab1 = *d1++; + lab2 = *d2++; + while( lab1 != 0 || lab2 != 0 ) { + /* compare label length */ + /* if one dname ends, it has labellength 0 */ + if(lab1 != lab2) { + if(lab1 < lab2) + return -1; + return 1; + } + log_assert(lab1 == lab2 && lab1 != 0); + /* compare lowercased labels. */ + while(lab1--) { + /* compare bytes first for speed */ + if(*d1 != *d2 && + tolower((int)*d1) != tolower((int)*d2)) { + if(tolower((int)*d1) < tolower((int)*d2)) + return -1; + return 1; + } + d1++; + d2++; + } + /* next pair of labels. */ + lab1 = *d1++; + lab2 = *d2++; + } + return 0; +} + +void +query_dname_tolower(uint8_t* dname) +{ + /* the dname is stored uncompressed */ + uint8_t labellen; + labellen = *dname; + while(labellen) { + dname++; + while(labellen--) { + *dname = (uint8_t)tolower((int)*dname); + dname++; + } + labellen = *dname; + } +} + +void +pkt_dname_tolower(sldns_buffer* pkt, uint8_t* dname) +{ + uint8_t lablen; + int count = 0; + if(dname >= sldns_buffer_end(pkt)) + return; + lablen = *dname++; + while(lablen) { + if(LABEL_IS_PTR(lablen)) { + if((size_t)PTR_OFFSET(lablen, *dname) + >= sldns_buffer_limit(pkt)) + return; + dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); + lablen = *dname++; + if(count++ > MAX_COMPRESS_PTRS) + return; + continue; + } + if(dname+lablen >= sldns_buffer_end(pkt)) + return; + while(lablen--) { + *dname = (uint8_t)tolower((int)*dname); + dname++; + } + if(dname >= sldns_buffer_end(pkt)) + return; + lablen = *dname++; + } +} + + +size_t +pkt_dname_len(sldns_buffer* pkt) +{ + size_t len = 0; + int ptrcount = 0; + uint8_t labellen; + size_t endpos = 0; + + /* read dname and determine length */ + /* check compression pointers, loops, out of bounds */ + while(1) { + /* read next label */ + if(sldns_buffer_remaining(pkt) < 1) + return 0; + labellen = sldns_buffer_read_u8(pkt); + if(LABEL_IS_PTR(labellen)) { + /* compression ptr */ + uint16_t ptr; + if(sldns_buffer_remaining(pkt) < 1) + return 0; + ptr = PTR_OFFSET(labellen, sldns_buffer_read_u8(pkt)); + if(ptrcount++ > MAX_COMPRESS_PTRS) + return 0; /* loop! */ + if(sldns_buffer_limit(pkt) <= ptr) + return 0; /* out of bounds! */ + if(!endpos) + endpos = sldns_buffer_position(pkt); + sldns_buffer_set_position(pkt, ptr); + } else { + /* label contents */ + if(labellen > 0x3f) + return 0; /* label too long */ + len += 1 + labellen; + if(len > LDNS_MAX_DOMAINLEN) + return 0; + if(labellen == 0) { + /* end of dname */ + break; + } + if(sldns_buffer_remaining(pkt) < labellen) + return 0; + sldns_buffer_skip(pkt, (ssize_t)labellen); + } + } + if(endpos) + sldns_buffer_set_position(pkt, endpos); + + return len; +} + +int +dname_pkt_compare(sldns_buffer* pkt, uint8_t* d1, uint8_t* d2) +{ + uint8_t len1, len2; + log_assert(pkt && d1 && d2); + len1 = *d1++; + len2 = *d2++; + while( len1 != 0 || len2 != 0 ) { + /* resolve ptrs */ + if(LABEL_IS_PTR(len1)) { + d1 = sldns_buffer_at(pkt, PTR_OFFSET(len1, *d1)); + len1 = *d1++; + continue; + } + if(LABEL_IS_PTR(len2)) { + d2 = sldns_buffer_at(pkt, PTR_OFFSET(len2, *d2)); + len2 = *d2++; + continue; + } + /* check label length */ + log_assert(len1 <= LDNS_MAX_LABELLEN); + log_assert(len2 <= LDNS_MAX_LABELLEN); + if(len1 != len2) { + if(len1 < len2) return -1; + return 1; + } + log_assert(len1 == len2 && len1 != 0); + /* compare labels */ + while(len1--) { + if(tolower((int)*d1++) != tolower((int)*d2++)) { + if(tolower((int)d1[-1]) < tolower((int)d2[-1])) + return -1; + return 1; + } + } + len1 = *d1++; + len2 = *d2++; + } + return 0; +} + +hashvalue_t +dname_query_hash(uint8_t* dname, hashvalue_t h) +{ + uint8_t labuf[LDNS_MAX_LABELLEN+1]; + uint8_t lablen; + int i; + + /* preserve case of query, make hash label by label */ + lablen = *dname++; + while(lablen) { + log_assert(lablen <= LDNS_MAX_LABELLEN); + labuf[0] = lablen; + i=0; + while(lablen--) + labuf[++i] = (uint8_t)tolower((int)*dname++); + h = hashlittle(labuf, labuf[0] + 1, h); + lablen = *dname++; + } + + return h; +} + +hashvalue_t +dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_t h) +{ + uint8_t labuf[LDNS_MAX_LABELLEN+1]; + uint8_t lablen; + int i; + + /* preserve case of query, make hash label by label */ + lablen = *dname++; + while(lablen) { + if(LABEL_IS_PTR(lablen)) { + /* follow pointer */ + dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); + lablen = *dname++; + continue; + } + log_assert(lablen <= LDNS_MAX_LABELLEN); + labuf[0] = lablen; + i=0; + while(lablen--) + labuf[++i] = (uint8_t)tolower((int)*dname++); + h = hashlittle(labuf, labuf[0] + 1, h); + lablen = *dname++; + } + + return h; +} + +void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) +{ + /* copy over the dname and decompress it at the same time */ + size_t len = 0; + uint8_t lablen; + lablen = *dname++; + while(lablen) { + if(LABEL_IS_PTR(lablen)) { + /* follow pointer */ + dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); + lablen = *dname++; + continue; + } + log_assert(lablen <= LDNS_MAX_LABELLEN); + len += (size_t)lablen+1; + if(len >= LDNS_MAX_DOMAINLEN) { + *to = 0; /* end the result prematurely */ + log_err("bad dname in dname_pkt_copy"); + return; + } + *to++ = lablen; + memmove(to, dname, lablen); + dname += lablen; + to += lablen; + lablen = *dname++; + } + /* copy last \0 */ + *to = 0; +} + +void dname_print(FILE* out, struct sldns_buffer* pkt, uint8_t* dname) +{ + uint8_t lablen; + if(!out) out = stdout; + if(!dname) return; + + lablen = *dname++; + if(!lablen) + fputc('.', out); + while(lablen) { + if(LABEL_IS_PTR(lablen)) { + /* follow pointer */ + if(!pkt) { + fputs("??compressionptr??", out); + return; + } + dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); + lablen = *dname++; + continue; + } + if(lablen > LDNS_MAX_LABELLEN) { + fputs("??extendedlabel??", out); + return; + } + while(lablen--) + fputc((int)*dname++, out); + fputc('.', out); + lablen = *dname++; + } +} + +int +dname_count_labels(uint8_t* dname) +{ + uint8_t lablen; + int labs = 1; + + lablen = *dname++; + while(lablen) { + labs++; + dname += lablen; + lablen = *dname++; + } + return labs; +} + +int +dname_count_size_labels(uint8_t* dname, size_t* size) +{ + uint8_t lablen; + int labs = 1; + size_t sz = 1; + + lablen = *dname++; + while(lablen) { + labs++; + sz += lablen+1; + dname += lablen; + lablen = *dname++; + } + *size = sz; + return labs; +} + +/** + * Compare labels in memory, lowercase while comparing. + * @param p1: label 1 + * @param p2: label 2 + * @param len: number of bytes to compare. + * @return: 0, -1, +1 comparison result. + */ +static int +memlowercmp(uint8_t* p1, uint8_t* p2, uint8_t len) +{ + while(len--) { + if(*p1 != *p2 && tolower((int)*p1) != tolower((int)*p2)) { + if(tolower((int)*p1) < tolower((int)*p2)) + return -1; + return 1; + } + p1++; + p2++; + } + return 0; +} + +int +dname_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, int* mlabs) +{ + uint8_t len1, len2; + int atlabel = labs1; + int lastmlabs; + int lastdiff = 0; + /* first skip so that we compare same label. */ + if(labs1 > labs2) { + while(atlabel > labs2) { + len1 = *d1++; + d1 += len1; + atlabel--; + } + log_assert(atlabel == labs2); + } else if(labs1 < labs2) { + atlabel = labs2; + while(atlabel > labs1) { + len2 = *d2++; + d2 += len2; + atlabel--; + } + log_assert(atlabel == labs1); + } + lastmlabs = atlabel+1; + /* now at same label in d1 and d2, atlabel */ + /* www.example.com. */ + /* 4 3 2 1 atlabel number */ + /* repeat until at root label (which is always the same) */ + while(atlabel > 1) { + len1 = *d1++; + len2 = *d2++; + if(len1 != len2) { + log_assert(len1 != 0 && len2 != 0); + if(len1<len2) + lastdiff = -1; + else lastdiff = 1; + lastmlabs = atlabel; + d1 += len1; + d2 += len2; + } else { + /* memlowercmp is inlined here; or just like + * if((c=memlowercmp(d1, d2, len1)) != 0) { + * lastdiff = c; + * lastmlabs = atlabel; } apart from d1++,d2++ */ + while(len1) { + if(*d1 != *d2 && tolower((int)*d1) + != tolower((int)*d2)) { + if(tolower((int)*d1) < + tolower((int)*d2)) { + lastdiff = -1; + lastmlabs = atlabel; + d1 += len1; + d2 += len1; + break; + } + lastdiff = 1; + lastmlabs = atlabel; + d1 += len1; + d2 += len1; + break; /* out of memlowercmp */ + } + d1++; + d2++; + len1--; + } + } + atlabel--; + } + /* last difference atlabel number, so number of labels matching, + * at the right side, is one less. */ + *mlabs = lastmlabs-1; + if(lastdiff == 0) { + /* all labels compared were equal, check if one has more + * labels, so that example.com. > com. */ + if(labs1 > labs2) + return 1; + else if(labs1 < labs2) + return -1; + } + return lastdiff; +} + +int +dname_buffer_write(sldns_buffer* pkt, uint8_t* dname) +{ + uint8_t lablen; + + if(sldns_buffer_remaining(pkt) < 1) + return 0; + lablen = *dname++; + sldns_buffer_write_u8(pkt, lablen); + while(lablen) { + if(sldns_buffer_remaining(pkt) < (size_t)lablen+1) + return 0; + sldns_buffer_write(pkt, dname, lablen); + dname += lablen; + lablen = *dname++; + sldns_buffer_write_u8(pkt, lablen); + } + return 1; +} + +void dname_str(uint8_t* dname, char* str) +{ + size_t len = 0; + uint8_t lablen = 0; + char* s = str; + if(!dname || !*dname) { + *s++ = '.'; + *s = 0; + return; + } + lablen = *dname++; + while(lablen) { + if(lablen > LDNS_MAX_LABELLEN) { + *s++ = '#'; + *s = 0; + return; + } + len += lablen+1; + if(len >= LDNS_MAX_DOMAINLEN-1) { + *s++ = '&'; + *s = 0; + return; + } + while(lablen--) { + if(isalnum((int)*dname) + || *dname == '-' || *dname == '_' + || *dname == '*') + *s++ = *(char*)dname++; + else { + *s++ = '?'; + dname++; + } + } + *s++ = '.'; + lablen = *dname++; + } + *s = 0; +} + +int +dname_strict_subdomain(uint8_t* d1, int labs1, uint8_t* d2, int labs2) +{ + int m; + /* check subdomain: d1: www.example.com. and d2: example.com. */ + if(labs2 >= labs1) + return 0; + if(dname_lab_cmp(d1, labs1, d2, labs2, &m) > 0) { + /* subdomain if all labels match */ + return (m == labs2); + } + return 0; +} + +int +dname_strict_subdomain_c(uint8_t* d1, uint8_t* d2) +{ + return dname_strict_subdomain(d1, dname_count_labels(d1), d2, + dname_count_labels(d2)); +} + +int +dname_subdomain_c(uint8_t* d1, uint8_t* d2) +{ + int m; + /* check subdomain: d1: www.example.com. and d2: example.com. */ + /* or d1: example.com. and d2: example.com. */ + int labs1 = dname_count_labels(d1); + int labs2 = dname_count_labels(d2); + if(labs2 > labs1) + return 0; + if(dname_lab_cmp(d1, labs1, d2, labs2, &m) < 0) { + /* must have been example.com , www.example.com - wrong */ + /* or otherwise different dnames */ + return 0; + } + return (m == labs2); +} + +int +dname_is_root(uint8_t* dname) +{ + uint8_t len; + log_assert(dname); + len = dname[0]; + log_assert(!LABEL_IS_PTR(len)); + return (len == 0); +} + +void +dname_remove_label(uint8_t** dname, size_t* len) +{ + size_t lablen; + log_assert(dname && *dname && len); + lablen = (*dname)[0]; + log_assert(!LABEL_IS_PTR(lablen)); + log_assert(*len > lablen); + if(lablen == 0) + return; /* do not modify root label */ + *len -= lablen+1; + *dname += lablen+1; +} + +void +dname_remove_labels(uint8_t** dname, size_t* len, int n) +{ + int i; + for(i=0; i<n; i++) + dname_remove_label(dname, len); +} + +int +dname_signame_label_count(uint8_t* dname) +{ + uint8_t lablen; + int count = 0; + if(!*dname) + return 0; + if(dname[0] == 1 && dname[1] == '*') + dname += 2; + lablen = dname[0]; + while(lablen) { + count++; + dname += lablen; + dname += 1; + lablen = dname[0]; + } + return count; +} + +int +dname_is_wild(uint8_t* dname) +{ + return (dname[0] == 1 && dname[1] == '*'); +} + +/** + * Compare labels in memory, lowercase while comparing. + * Returns canonical order for labels. If all is equal, the + * shortest is first. + * + * @param p1: label 1 + * @param len1: length of label 1. + * @param p2: label 2 + * @param len2: length of label 2. + * @return: 0, -1, +1 comparison result. + */ +static int +memcanoncmp(uint8_t* p1, uint8_t len1, uint8_t* p2, uint8_t len2) +{ + uint8_t min = (len1<len2)?len1:len2; + int c = memlowercmp(p1, p2, min); + if(c != 0) + return c; + /* equal, see who is shortest */ + if(len1 < len2) + return -1; + if(len1 > len2) + return 1; + return 0; +} + + +int +dname_canon_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, int* mlabs) +{ + /* like dname_lab_cmp, but with different label comparison, + * empty character sorts before \000. + * So ylyly is before z. */ + uint8_t len1, len2; + int atlabel = labs1; + int lastmlabs; + int lastdiff = 0; + int c; + /* first skip so that we compare same label. */ + if(labs1 > labs2) { + while(atlabel > labs2) { + len1 = *d1++; + d1 += len1; + atlabel--; + } + log_assert(atlabel == labs2); + } else if(labs1 < labs2) { + atlabel = labs2; + while(atlabel > labs1) { + len2 = *d2++; + d2 += len2; + atlabel--; + } + log_assert(atlabel == labs1); + } + lastmlabs = atlabel+1; + /* now at same label in d1 and d2, atlabel */ + /* www.example.com. */ + /* 4 3 2 1 atlabel number */ + /* repeat until at root label (which is always the same) */ + while(atlabel > 1) { + len1 = *d1++; + len2 = *d2++; + + if((c=memcanoncmp(d1, len1, d2, len2)) != 0) { + if(c<0) + lastdiff = -1; + else lastdiff = 1; + lastmlabs = atlabel; + } + + d1 += len1; + d2 += len2; + atlabel--; + } + /* last difference atlabel number, so number of labels matching, + * at the right side, is one less. */ + *mlabs = lastmlabs-1; + if(lastdiff == 0) { + /* all labels compared were equal, check if one has more + * labels, so that example.com. > com. */ + if(labs1 > labs2) + return 1; + else if(labs1 < labs2) + return -1; + } + return lastdiff; +} + +int +dname_canonical_compare(uint8_t* d1, uint8_t* d2) +{ + int labs1, labs2, m; + labs1 = dname_count_labels(d1); + labs2 = dname_count_labels(d2); + return dname_canon_lab_cmp(d1, labs1, d2, labs2, &m); +} + +uint8_t* dname_get_shared_topdomain(uint8_t* d1, uint8_t* d2) +{ + int labs1, labs2, m; + size_t len = LDNS_MAX_DOMAINLEN; + labs1 = dname_count_labels(d1); + labs2 = dname_count_labels(d2); + (void)dname_lab_cmp(d1, labs1, d2, labs2, &m); + dname_remove_labels(&d1, &len, labs1-m); + return d1; +} diff --git a/external/unbound/util/data/dname.h b/external/unbound/util/data/dname.h new file mode 100644 index 000000000..ae2fbadc1 --- /dev/null +++ b/external/unbound/util/data/dname.h @@ -0,0 +1,304 @@ +/* + * util/data/dname.h - domain name routines + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions to deal with domain names (dnames). + * + * Some of the functions deal with domain names as a wireformat buffer, + * with a length. + */ + +#ifndef UTIL_DATA_DNAME_H +#define UTIL_DATA_DNAME_H +#include "util/storage/lruhash.h" +struct sldns_buffer; + +/** max number of compression ptrs to follow */ +#define MAX_COMPRESS_PTRS 256 + +/** + * Determine length of dname in buffer, no compression ptrs allowed, + * @param query: the ldns buffer, current position at start of dname. + * at end, position is at end of the dname. + * @return: 0 on parse failure, or length including ending 0 of dname. + */ +size_t query_dname_len(struct sldns_buffer* query); + +/** + * Determine if dname in memory is correct. no compression ptrs allowed. + * @param dname: where dname starts in memory. + * @param len: dname is not allowed to exceed this length (i.e. of allocation). + * @return length of dname if dname is ok, 0 on a parse error. + */ +size_t dname_valid(uint8_t* dname, size_t len); + +/** lowercase query dname */ +void query_dname_tolower(uint8_t* dname); + +/** + * lowercase pkt dname (follows compression pointers) + * @param pkt: the packet, used to follow compression pointers. Position + * is unchanged. + * @param dname: start of dname in packet. + */ +void pkt_dname_tolower(struct sldns_buffer* pkt, uint8_t* dname); + +/** + * Compare query dnames (uncompressed storage). The Dnames passed do not + * have to be lowercased, comparison routine does this. + * + * This routine is special, in that the comparison that it does corresponds + * with the canonical comparison needed when comparing dnames inside rdata + * for RR types that need canonicalization. That means that the first byte + * that is smaller (possibly after lowercasing) makes an RR smaller, or the + * shortest name makes an RR smaller. + * + * This routine does not compute the canonical order needed for NSEC + * processing. + * + * Dnames have to be valid format. + * @param d1: dname to compare + * @param d2: dname to compare + * @return: -1, 0, or +1 depending on comparison results. + * Sort order is first difference found. not the canonical ordering. + */ +int query_dname_compare(uint8_t* d1, uint8_t* d2); + +/** + * Determine correct, compressed, dname present in packet. + * Checks for parse errors. + * @param pkt: packet to read from (from current start position). + * @return: 0 on parse error. + * At exit the position is right after the (compressed) dname. + * Compression pointers are followed and checked for loops. + * The uncompressed wireformat length is returned. + */ +size_t pkt_dname_len(struct sldns_buffer* pkt); + +/** + * Compare dnames in packet (compressed). Dnames must be valid. + * routine performs lowercasing, so the packet casing is preserved. + * @param pkt: packet, used to resolve compression pointers. + * @param d1: dname to compare + * @param d2: dname to compare + * @return: -1, 0, or +1 depending on comparison results. + * Sort order is first difference found. not the canonical ordering. + */ +int dname_pkt_compare(struct sldns_buffer* pkt, uint8_t* d1, uint8_t* d2); + +/** + * Hash dname, label by label, lowercasing, into hashvalue. + * Dname in query format (not compressed). + * @param dname: dname to hash. + * @param h: initial hash value. + * @return: result hash value. + */ +hashvalue_t dname_query_hash(uint8_t* dname, hashvalue_t h); + +/** + * Hash dname, label by label, lowercasing, into hashvalue. + * Dname in pkt format (compressed). + * @param pkt: packet, for resolving compression pointers. + * @param dname: dname to hash, pointer to the pkt buffer. + * Must be valid format. No loops, etc. + * @param h: initial hash value. + * @return: result hash value. + * Result is the same as dname_query_hash, even if compression is used. + */ +hashvalue_t dname_pkt_hash(struct sldns_buffer* pkt, uint8_t* dname, hashvalue_t h); + +/** + * Copy over a valid dname and decompress it. + * @param pkt: packet to resolve compression pointers. + * @param to: buffer of size from pkt_len function to hold result. + * @param dname: pointer into packet where dname starts. + */ +void dname_pkt_copy(struct sldns_buffer* pkt, uint8_t* to, uint8_t* dname); + +/** + * Copy over a valid dname to a packet. + * @param pkt: packet to copy to. + * @param dname: dname to copy. + * @return: 0 if not enough space in buffer. + */ +int dname_buffer_write(struct sldns_buffer* pkt, uint8_t* dname); + +/** + * Count the number of labels in an uncompressed dname in memory. + * @param dname: pointer to uncompressed dname. + * @return: count of labels, including root label, "com." has 2 labels. + */ +int dname_count_labels(uint8_t* dname); + +/** + * Count labels and dname length both, for uncompressed dname in memory. + * @param dname: pointer to uncompressed dname. + * @param size: length of dname, including root label. + * @return: count of labels, including root label, "com." has 2 labels. + */ +int dname_count_size_labels(uint8_t* dname, size_t* size); + +/** + * Compare dnames, sorted not canonical, but by label. + * Such that zone contents follows zone apex. + * @param d1: first dname. pointer to uncompressed wireformat. + * @param labs1: number of labels in first dname. + * @param d2: second dname. pointer to uncompressed wireformat. + * @param labs2: number of labels in second dname. + * @param mlabs: number of labels that matched exactly (the shared topdomain). + * @return: 0 for equal, -1 smaller, or +1 d1 larger than d2. + */ +int dname_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, int* mlabs); + +/** + * See if domain name d1 is a strict subdomain of d2. + * That is a subdomain, but not equal. + * @param d1: domain name, uncompressed wireformat + * @param labs1: number of labels in d1, including root label. + * @param d2: domain name, uncompressed wireformat + * @param labs2: number of labels in d2, including root label. + * @return true if d1 is a subdomain of d2, but not equal to d2. + */ +int dname_strict_subdomain(uint8_t* d1, int labs1, uint8_t* d2, int labs2); + +/** + * Like dname_strict_subdomain but counts labels + * @param d1: domain name, uncompressed wireformat + * @param d2: domain name, uncompressed wireformat + * @return true if d1 is a subdomain of d2, but not equal to d2. + */ +int dname_strict_subdomain_c(uint8_t* d1, uint8_t* d2); + +/** + * Counts labels. Tests is d1 is a subdomain of d2. + * @param d1: domain name, uncompressed wireformat + * @param d2: domain name, uncompressed wireformat + * @return true if d1 is a subdomain of d2. + */ +int dname_subdomain_c(uint8_t* d1, uint8_t* d2); + +/** + * Debug helper. Print wireformat dname to output. + * @param out: like stdout or a file. + * @param pkt: if not NULL, the packet for resolving compression ptrs. + * @param dname: pointer to (start of) dname. + */ +void dname_print(FILE* out, struct sldns_buffer* pkt, uint8_t* dname); + +/** + * Debug helper. Print dname to given string buffer (string buffer must + * be at least 255 chars + 1 for the 0, in printable form. + * This may lose information (? for nonprintable characters, or & if + * the name is too long, # for a bad label length). + * @param dname: uncompressed wireformat. + * @param str: buffer of 255+1 length. + */ +void dname_str(uint8_t* dname, char* str); + +/** + * Returns true if the uncompressed wireformat dname is the root "." + * @param dname: the dname to check + * @return true if ".", false if not. + */ +int dname_is_root(uint8_t* dname); + +/** + * Snip off first label from a dname, returning the parent zone. + * @param dname: from what to strip off. uncompressed wireformat. + * @param len: length, adjusted to become less. + * @return stripped off, or "." if input was ".". + */ +void dname_remove_label(uint8_t** dname, size_t* len); + +/** + * Snip off first N labels from a dname, returning the parent zone. + * @param dname: from what to strip off. uncompressed wireformat. + * @param len: length, adjusted to become less. + * @param n: number of labels to strip off (from the left). + * if 0, nothing happens. + * @return stripped off, or "." if input was ".". + */ +void dname_remove_labels(uint8_t** dname, size_t* len, int n); + +/** + * Count labels for the RRSIG signature label field. + * Like a normal labelcount, but "*" wildcard and "." root are not counted. + * @param dname: valid uncompressed wireformat. + * @return number of labels like in RRSIG; '*' and '.' are not counted. + */ +int dname_signame_label_count(uint8_t* dname); + +/** + * Return true if the label is a wildcard, *.example.com. + * @param dname: valid uncompressed wireformat. + * @return true if wildcard, or false. + */ +int dname_is_wild(uint8_t* dname); + +/** + * Compare dnames, Canonical in rfc4034 sense, but by label. + * Such that zone contents follows zone apex. + * + * @param d1: first dname. pointer to uncompressed wireformat. + * @param labs1: number of labels in first dname. + * @param d2: second dname. pointer to uncompressed wireformat. + * @param labs2: number of labels in second dname. + * @param mlabs: number of labels that matched exactly (the shared topdomain). + * @return: 0 for equal, -1 smaller, or +1 d1 larger than d2. + */ +int dname_canon_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, + int* mlabs); + +/** + * Canonical dname compare. Takes care of counting labels. + * Per rfc 4034 canonical order. + * + * @param d1: first dname. pointer to uncompressed wireformat. + * @param d2: second dname. pointer to uncompressed wireformat. + * @return: 0 for equal, -1 smaller, or +1 d1 larger than d2. + */ +int dname_canonical_compare(uint8_t* d1, uint8_t* d2); + +/** + * Get the shared topdomain between two names. Root "." or longer. + * @param d1: first dname. pointer to uncompressed wireformat. + * @param d2: second dname. pointer to uncompressed wireformat. + * @return pointer to shared topdomain. Ptr to a part of d1. + */ +uint8_t* dname_get_shared_topdomain(uint8_t* d1, uint8_t* d2); + +#endif /* UTIL_DATA_DNAME_H */ diff --git a/external/unbound/util/data/msgencode.c b/external/unbound/util/data/msgencode.c new file mode 100644 index 000000000..26b5deabe --- /dev/null +++ b/external/unbound/util/data/msgencode.c @@ -0,0 +1,841 @@ +/* + * util/data/msgencode.c - Encode DNS messages, queries and replies. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains a routines to encode DNS messages. + */ + +#include "config.h" +#include "util/data/msgencode.h" +#include "util/data/msgreply.h" +#include "util/data/msgparse.h" +#include "util/data/dname.h" +#include "util/log.h" +#include "util/regional.h" +#include "util/net_help.h" +#include "ldns/sbuffer.h" + +/** return code that means the function ran out of memory. negative so it does + * not conflict with DNS rcodes. */ +#define RETVAL_OUTMEM -2 +/** return code that means the data did not fit (completely) in the packet */ +#define RETVAL_TRUNC -4 +/** return code that means all is peachy keen. Equal to DNS rcode NOERROR */ +#define RETVAL_OK 0 + +/** + * Data structure to help domain name compression in outgoing messages. + * A tree of dnames and their offsets in the packet is kept. + * It is kept sorted, not canonical, but by label at least, so that after + * a lookup of a name you know its closest match, and the parent from that + * closest match. These are possible compression targets. + * + * It is a binary tree, not a rbtree or balanced tree, as the effort + * of keeping it balanced probably outweighs usefulness (given typical + * DNS packet size). + */ +struct compress_tree_node { + /** left node in tree, all smaller to this */ + struct compress_tree_node* left; + /** right node in tree, all larger than this */ + struct compress_tree_node* right; + + /** the parent node - not for tree, but zone parent. One less label */ + struct compress_tree_node* parent; + /** the domain name for this node. Pointer to uncompressed memory. */ + uint8_t* dname; + /** number of labels in domain name, kept to help compare func. */ + int labs; + /** offset in packet that points to this dname */ + size_t offset; +}; + +/** + * Find domain name in tree, returns exact and closest match. + * @param tree: root of tree. + * @param dname: pointer to uncompressed dname. + * @param labs: number of labels in domain name. + * @param match: closest or exact match. + * guaranteed to be smaller or equal to the sought dname. + * can be null if the tree is empty. + * @param matchlabels: number of labels that match with closest match. + * can be zero is there is no match. + * @param insertpt: insert location for dname, if not found. + * @return: 0 if no exact match. + */ +static int +compress_tree_search(struct compress_tree_node** tree, uint8_t* dname, + int labs, struct compress_tree_node** match, int* matchlabels, + struct compress_tree_node*** insertpt) +{ + int c, n, closen=0; + struct compress_tree_node* p = *tree; + struct compress_tree_node* close = 0; + struct compress_tree_node** prev = tree; + while(p) { + if((c = dname_lab_cmp(dname, labs, p->dname, p->labs, &n)) + == 0) { + *matchlabels = n; + *match = p; + return 1; + } + if(c<0) { + prev = &p->left; + p = p->left; + } else { + closen = n; + close = p; /* p->dname is smaller than dname */ + prev = &p->right; + p = p->right; + } + } + *insertpt = prev; + *matchlabels = closen; + *match = close; + return 0; +} + +/** + * Lookup a domain name in compression tree. + * @param tree: root of tree (not the node with '.'). + * @param dname: pointer to uncompressed dname. + * @param labs: number of labels in domain name. + * @param insertpt: insert location for dname, if not found. + * @return: 0 if not found or compress treenode with best compression. + */ +static struct compress_tree_node* +compress_tree_lookup(struct compress_tree_node** tree, uint8_t* dname, + int labs, struct compress_tree_node*** insertpt) +{ + struct compress_tree_node* p; + int m; + if(labs <= 1) + return 0; /* do not compress root node */ + if(compress_tree_search(tree, dname, labs, &p, &m, insertpt)) { + /* exact match */ + return p; + } + /* return some ancestor of p that compresses well. */ + if(m>1) { + /* www.example.com. (labs=4) matched foo.example.com.(labs=4) + * then matchcount = 3. need to go up. */ + while(p && p->labs > m) + p = p->parent; + return p; + } + return 0; +} + +/** + * Create node for domain name compression tree. + * @param dname: pointer to uncompressed dname (stored in tree). + * @param labs: number of labels in dname. + * @param offset: offset into packet for dname. + * @param region: how to allocate memory for new node. + * @return new node or 0 on malloc failure. + */ +static struct compress_tree_node* +compress_tree_newnode(uint8_t* dname, int labs, size_t offset, + struct regional* region) +{ + struct compress_tree_node* n = (struct compress_tree_node*) + regional_alloc(region, sizeof(struct compress_tree_node)); + if(!n) return 0; + n->left = 0; + n->right = 0; + n->parent = 0; + n->dname = dname; + n->labs = labs; + n->offset = offset; + return n; +} + +/** + * Store domain name and ancestors into compression tree. + * @param dname: pointer to uncompressed dname (stored in tree). + * @param labs: number of labels in dname. + * @param offset: offset into packet for dname. + * @param region: how to allocate memory for new node. + * @param closest: match from previous lookup, used to compress dname. + * may be NULL if no previous match. + * if the tree has an ancestor of dname already, this must be it. + * @param insertpt: where to insert the dname in tree. + * @return: 0 on memory error. + */ +static int +compress_tree_store(uint8_t* dname, int labs, size_t offset, + struct regional* region, struct compress_tree_node* closest, + struct compress_tree_node** insertpt) +{ + uint8_t lablen; + struct compress_tree_node* newnode; + struct compress_tree_node* prevnode = NULL; + int uplabs = labs-1; /* does not store root in tree */ + if(closest) uplabs = labs - closest->labs; + log_assert(uplabs >= 0); + /* algorithms builds up a vine of dname-labels to hang into tree */ + while(uplabs--) { + if(offset > PTR_MAX_OFFSET) { + /* insertion failed, drop vine */ + return 1; /* compression pointer no longer useful */ + } + if(!(newnode = compress_tree_newnode(dname, labs, offset, + region))) { + /* insertion failed, drop vine */ + return 0; + } + + if(prevnode) { + /* chain nodes together, last one has one label more, + * so is larger than newnode, thus goes right. */ + newnode->right = prevnode; + prevnode->parent = newnode; + } + + /* next label */ + lablen = *dname++; + dname += lablen; + offset += lablen+1; + prevnode = newnode; + labs--; + } + /* if we have a vine, hang the vine into the tree */ + if(prevnode) { + *insertpt = prevnode; + prevnode->parent = closest; + } + return 1; +} + +/** compress a domain name */ +static int +write_compressed_dname(sldns_buffer* pkt, uint8_t* dname, int labs, + struct compress_tree_node* p) +{ + /* compress it */ + int labcopy = labs - p->labs; + uint8_t lablen; + uint16_t ptr; + + if(labs == 1) { + /* write root label */ + if(sldns_buffer_remaining(pkt) < 1) + return 0; + sldns_buffer_write_u8(pkt, 0); + return 1; + } + + /* copy the first couple of labels */ + while(labcopy--) { + lablen = *dname++; + if(sldns_buffer_remaining(pkt) < (size_t)lablen+1) + return 0; + sldns_buffer_write_u8(pkt, lablen); + sldns_buffer_write(pkt, dname, lablen); + dname += lablen; + } + /* insert compression ptr */ + if(sldns_buffer_remaining(pkt) < 2) + return 0; + ptr = PTR_CREATE(p->offset); + sldns_buffer_write_u16(pkt, ptr); + return 1; +} + +/** compress owner name of RR, return RETVAL_OUTMEM RETVAL_TRUNC */ +static int +compress_owner(struct ub_packed_rrset_key* key, sldns_buffer* pkt, + struct regional* region, struct compress_tree_node** tree, + size_t owner_pos, uint16_t* owner_ptr, int owner_labs) +{ + struct compress_tree_node* p; + struct compress_tree_node** insertpt; + if(!*owner_ptr) { + /* compress first time dname */ + if((p = compress_tree_lookup(tree, key->rk.dname, + owner_labs, &insertpt))) { + if(p->labs == owner_labs) + /* avoid ptr chains, since some software is + * not capable of decoding ptr after a ptr. */ + *owner_ptr = htons(PTR_CREATE(p->offset)); + if(!write_compressed_dname(pkt, key->rk.dname, + owner_labs, p)) + return RETVAL_TRUNC; + /* check if typeclass+4 ttl + rdatalen is available */ + if(sldns_buffer_remaining(pkt) < 4+4+2) + return RETVAL_TRUNC; + } else { + /* no compress */ + if(sldns_buffer_remaining(pkt) < key->rk.dname_len+4+4+2) + return RETVAL_TRUNC; + sldns_buffer_write(pkt, key->rk.dname, + key->rk.dname_len); + if(owner_pos <= PTR_MAX_OFFSET) + *owner_ptr = htons(PTR_CREATE(owner_pos)); + } + if(!compress_tree_store(key->rk.dname, owner_labs, + owner_pos, region, p, insertpt)) + return RETVAL_OUTMEM; + } else { + /* always compress 2nd-further RRs in RRset */ + if(owner_labs == 1) { + if(sldns_buffer_remaining(pkt) < 1+4+4+2) + return RETVAL_TRUNC; + sldns_buffer_write_u8(pkt, 0); + } else { + if(sldns_buffer_remaining(pkt) < 2+4+4+2) + return RETVAL_TRUNC; + sldns_buffer_write(pkt, owner_ptr, 2); + } + } + return RETVAL_OK; +} + +/** compress any domain name to the packet, return RETVAL_* */ +static int +compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs, + struct regional* region, struct compress_tree_node** tree) +{ + struct compress_tree_node* p; + struct compress_tree_node** insertpt = NULL; + size_t pos = sldns_buffer_position(pkt); + if((p = compress_tree_lookup(tree, dname, labs, &insertpt))) { + if(!write_compressed_dname(pkt, dname, labs, p)) + return RETVAL_TRUNC; + } else { + if(!dname_buffer_write(pkt, dname)) + return RETVAL_TRUNC; + } + if(!compress_tree_store(dname, labs, pos, region, p, insertpt)) + return RETVAL_OUTMEM; + return RETVAL_OK; +} + +/** return true if type needs domain name compression in rdata */ +static const sldns_rr_descriptor* +type_rdata_compressable(struct ub_packed_rrset_key* key) +{ + uint16_t t = ntohs(key->rk.type); + if(sldns_rr_descript(t) && + sldns_rr_descript(t)->_compress == LDNS_RR_COMPRESS) + return sldns_rr_descript(t); + return 0; +} + +/** compress domain names in rdata, return RETVAL_* */ +static int +compress_rdata(sldns_buffer* pkt, uint8_t* rdata, size_t todolen, + struct regional* region, struct compress_tree_node** tree, + const sldns_rr_descriptor* desc) +{ + int labs, r, rdf = 0; + size_t dname_len, len, pos = sldns_buffer_position(pkt); + uint8_t count = desc->_dname_count; + + sldns_buffer_skip(pkt, 2); /* rdata len fill in later */ + /* space for rdatalen checked for already */ + rdata += 2; + todolen -= 2; + while(todolen > 0 && count) { + switch(desc->_wireformat[rdf]) { + case LDNS_RDF_TYPE_DNAME: + labs = dname_count_size_labels(rdata, &dname_len); + if((r=compress_any_dname(rdata, pkt, labs, region, + tree)) != RETVAL_OK) + return r; + rdata += dname_len; + todolen -= dname_len; + count--; + len = 0; + break; + case LDNS_RDF_TYPE_STR: + len = *rdata + 1; + break; + default: + len = get_rdf_size(desc->_wireformat[rdf]); + } + if(len) { + /* copy over */ + if(sldns_buffer_remaining(pkt) < len) + return RETVAL_TRUNC; + sldns_buffer_write(pkt, rdata, len); + todolen -= len; + rdata += len; + } + rdf++; + } + /* copy remainder */ + if(todolen > 0) { + if(sldns_buffer_remaining(pkt) < todolen) + return RETVAL_TRUNC; + sldns_buffer_write(pkt, rdata, todolen); + } + + /* set rdata len */ + sldns_buffer_write_u16_at(pkt, pos, sldns_buffer_position(pkt)-pos-2); + return RETVAL_OK; +} + +/** Returns true if RR type should be included */ +static int +rrset_belongs_in_reply(sldns_pkt_section s, uint16_t rrtype, uint16_t qtype, + int dnssec) +{ + if(dnssec) + return 1; + /* skip non DNSSEC types, except if directly queried for */ + if(s == LDNS_SECTION_ANSWER) { + if(qtype == LDNS_RR_TYPE_ANY || qtype == rrtype) + return 1; + } + /* check DNSSEC-ness */ + switch(rrtype) { + case LDNS_RR_TYPE_SIG: + case LDNS_RR_TYPE_KEY: + case LDNS_RR_TYPE_NXT: + case LDNS_RR_TYPE_DS: + case LDNS_RR_TYPE_RRSIG: + case LDNS_RR_TYPE_NSEC: + case LDNS_RR_TYPE_DNSKEY: + case LDNS_RR_TYPE_NSEC3: + case LDNS_RR_TYPE_NSEC3PARAMS: + return 0; + } + return 1; +} + +/** store rrset in buffer in wireformat, return RETVAL_* */ +static int +packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt, + uint16_t* num_rrs, time_t timenow, struct regional* region, + int do_data, int do_sig, struct compress_tree_node** tree, + sldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset) +{ + size_t i, j, owner_pos; + int r, owner_labs; + uint16_t owner_ptr = 0; + struct packed_rrset_data* data = (struct packed_rrset_data*) + key->entry.data; + + /* does this RR type belong in the answer? */ + if(!rrset_belongs_in_reply(s, ntohs(key->rk.type), qtype, dnssec)) + return RETVAL_OK; + + owner_labs = dname_count_labels(key->rk.dname); + owner_pos = sldns_buffer_position(pkt); + + if(do_data) { + const sldns_rr_descriptor* c = type_rdata_compressable(key); + for(i=0; i<data->count; i++) { + /* rrset roundrobin */ + j = (i + rr_offset) % data->count; + if((r=compress_owner(key, pkt, region, tree, + owner_pos, &owner_ptr, owner_labs)) + != RETVAL_OK) + return r; + sldns_buffer_write(pkt, &key->rk.type, 2); + sldns_buffer_write(pkt, &key->rk.rrset_class, 2); + if(data->rr_ttl[j] < timenow) + sldns_buffer_write_u32(pkt, 0); + else sldns_buffer_write_u32(pkt, + data->rr_ttl[j]-timenow); + if(c) { + if((r=compress_rdata(pkt, data->rr_data[j], + data->rr_len[j], region, tree, c)) + != RETVAL_OK) + return r; + } else { + if(sldns_buffer_remaining(pkt) < data->rr_len[j]) + return RETVAL_TRUNC; + sldns_buffer_write(pkt, data->rr_data[j], + data->rr_len[j]); + } + } + } + /* insert rrsigs */ + if(do_sig && dnssec) { + size_t total = data->count+data->rrsig_count; + for(i=data->count; i<total; i++) { + if(owner_ptr && owner_labs != 1) { + if(sldns_buffer_remaining(pkt) < + 2+4+4+data->rr_len[i]) + return RETVAL_TRUNC; + sldns_buffer_write(pkt, &owner_ptr, 2); + } else { + if((r=compress_any_dname(key->rk.dname, + pkt, owner_labs, region, tree)) + != RETVAL_OK) + return r; + if(sldns_buffer_remaining(pkt) < + 4+4+data->rr_len[i]) + return RETVAL_TRUNC; + } + sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_RRSIG); + sldns_buffer_write(pkt, &key->rk.rrset_class, 2); + if(data->rr_ttl[i] < timenow) + sldns_buffer_write_u32(pkt, 0); + else sldns_buffer_write_u32(pkt, + data->rr_ttl[i]-timenow); + /* rrsig rdata cannot be compressed, perform 100+ byte + * memcopy. */ + sldns_buffer_write(pkt, data->rr_data[i], + data->rr_len[i]); + } + } + /* change rrnum only after we are sure it fits */ + if(do_data) + *num_rrs += data->count; + if(do_sig && dnssec) + *num_rrs += data->rrsig_count; + + return RETVAL_OK; +} + +/** store msg section in wireformat buffer, return RETVAL_* */ +static int +insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, + sldns_buffer* pkt, size_t rrsets_before, time_t timenow, + struct regional* region, struct compress_tree_node** tree, + sldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset) +{ + int r; + size_t i, setstart; + *num_rrs = 0; + if(s != LDNS_SECTION_ADDITIONAL) { + if(s == LDNS_SECTION_ANSWER && qtype == LDNS_RR_TYPE_ANY) + dnssec = 1; /* include all types in ANY answer */ + for(i=0; i<num_rrsets; i++) { + setstart = sldns_buffer_position(pkt); + if((r=packed_rrset_encode(rep->rrsets[rrsets_before+i], + pkt, num_rrs, timenow, region, 1, 1, tree, + s, qtype, dnssec, rr_offset)) + != RETVAL_OK) { + /* Bad, but if due to size must set TC bit */ + /* trim off the rrset neatly. */ + sldns_buffer_set_position(pkt, setstart); + return r; + } + } + } else { + for(i=0; i<num_rrsets; i++) { + setstart = sldns_buffer_position(pkt); + if((r=packed_rrset_encode(rep->rrsets[rrsets_before+i], + pkt, num_rrs, timenow, region, 1, 0, tree, + s, qtype, dnssec, rr_offset)) + != RETVAL_OK) { + sldns_buffer_set_position(pkt, setstart); + return r; + } + } + if(dnssec) + for(i=0; i<num_rrsets; i++) { + setstart = sldns_buffer_position(pkt); + if((r=packed_rrset_encode(rep->rrsets[rrsets_before+i], + pkt, num_rrs, timenow, region, 0, 1, tree, + s, qtype, dnssec, rr_offset)) + != RETVAL_OK) { + sldns_buffer_set_position(pkt, setstart); + return r; + } + } + } + return RETVAL_OK; +} + +/** store query section in wireformat buffer, return RETVAL */ +static int +insert_query(struct query_info* qinfo, struct compress_tree_node** tree, + sldns_buffer* buffer, struct regional* region) +{ + if(sldns_buffer_remaining(buffer) < + qinfo->qname_len+sizeof(uint16_t)*2) + return RETVAL_TRUNC; /* buffer too small */ + /* the query is the first name inserted into the tree */ + if(!compress_tree_store(qinfo->qname, + dname_count_labels(qinfo->qname), + sldns_buffer_position(buffer), region, NULL, tree)) + return RETVAL_OUTMEM; + if(sldns_buffer_current(buffer) == qinfo->qname) + sldns_buffer_skip(buffer, (ssize_t)qinfo->qname_len); + else sldns_buffer_write(buffer, qinfo->qname, qinfo->qname_len); + sldns_buffer_write_u16(buffer, qinfo->qtype); + sldns_buffer_write_u16(buffer, qinfo->qclass); + return RETVAL_OK; +} + +static int +positive_answer(struct reply_info* rep, uint16_t qtype) { + size_t i; + if (FLAGS_GET_RCODE(rep->flags) != LDNS_RCODE_NOERROR) + return 0; + + for(i=0;i<rep->an_numrrsets; i++) { + if(ntohs(rep->rrsets[i]->rk.type) == qtype) { + /* in case it is a wildcard with DNSSEC, there will + * be NSEC/NSEC3 records in the authority section + * that we cannot remove */ + for(i=rep->an_numrrsets; i<rep->an_numrrsets+ + rep->ns_numrrsets; i++) { + if(ntohs(rep->rrsets[i]->rk.type) == + LDNS_RR_TYPE_NSEC || + ntohs(rep->rrsets[i]->rk.type) == + LDNS_RR_TYPE_NSEC3) + return 0; + } + return 1; + } + } + return 0; +} + +int +reply_info_encode(struct query_info* qinfo, struct reply_info* rep, + uint16_t id, uint16_t flags, sldns_buffer* buffer, time_t timenow, + struct regional* region, uint16_t udpsize, int dnssec) +{ + uint16_t ancount=0, nscount=0, arcount=0; + struct compress_tree_node* tree = 0; + int r; + size_t rr_offset; + + sldns_buffer_clear(buffer); + if(udpsize < sldns_buffer_limit(buffer)) + sldns_buffer_set_limit(buffer, udpsize); + if(sldns_buffer_remaining(buffer) < LDNS_HEADER_SIZE) + return 0; + + sldns_buffer_write(buffer, &id, sizeof(uint16_t)); + sldns_buffer_write_u16(buffer, flags); + sldns_buffer_write_u16(buffer, rep->qdcount); + /* set an, ns, ar counts to zero in case of small packets */ + sldns_buffer_write(buffer, "\000\000\000\000\000\000", 6); + + /* insert query section */ + if(rep->qdcount) { + if((r=insert_query(qinfo, &tree, buffer, region)) != + RETVAL_OK) { + if(r == RETVAL_TRUNC) { + /* create truncated message */ + sldns_buffer_write_u16_at(buffer, 4, 0); + LDNS_TC_SET(sldns_buffer_begin(buffer)); + sldns_buffer_flip(buffer); + return 1; + } + return 0; + } + } + /* roundrobin offset. using query id for random number. With ntohs + * for different roundrobins for sequential id client senders. */ + rr_offset = RRSET_ROUNDROBIN?ntohs(id):0; + + /* insert answer section */ + if((r=insert_section(rep, rep->an_numrrsets, &ancount, buffer, + 0, timenow, region, &tree, LDNS_SECTION_ANSWER, qinfo->qtype, + dnssec, rr_offset)) != RETVAL_OK) { + if(r == RETVAL_TRUNC) { + /* create truncated message */ + sldns_buffer_write_u16_at(buffer, 6, ancount); + LDNS_TC_SET(sldns_buffer_begin(buffer)); + sldns_buffer_flip(buffer); + return 1; + } + return 0; + } + sldns_buffer_write_u16_at(buffer, 6, ancount); + + /* if response is positive answer, auth/add sections are not required */ + if( ! (MINIMAL_RESPONSES && positive_answer(rep, qinfo->qtype)) ) { + /* insert auth section */ + if((r=insert_section(rep, rep->ns_numrrsets, &nscount, buffer, + rep->an_numrrsets, timenow, region, &tree, + LDNS_SECTION_AUTHORITY, qinfo->qtype, + dnssec, rr_offset)) != RETVAL_OK) { + if(r == RETVAL_TRUNC) { + /* create truncated message */ + sldns_buffer_write_u16_at(buffer, 8, nscount); + LDNS_TC_SET(sldns_buffer_begin(buffer)); + sldns_buffer_flip(buffer); + return 1; + } + return 0; + } + sldns_buffer_write_u16_at(buffer, 8, nscount); + + /* insert add section */ + if((r=insert_section(rep, rep->ar_numrrsets, &arcount, buffer, + rep->an_numrrsets + rep->ns_numrrsets, timenow, region, + &tree, LDNS_SECTION_ADDITIONAL, qinfo->qtype, + dnssec, rr_offset)) != RETVAL_OK) { + if(r == RETVAL_TRUNC) { + /* no need to set TC bit, this is the additional */ + sldns_buffer_write_u16_at(buffer, 10, arcount); + sldns_buffer_flip(buffer); + return 1; + } + return 0; + } + sldns_buffer_write_u16_at(buffer, 10, arcount); + } + sldns_buffer_flip(buffer); + return 1; +} + +uint16_t +calc_edns_field_size(struct edns_data* edns) +{ + if(!edns || !edns->edns_present) + return 0; + /* domain root '.' + type + class + ttl + rdatalen(=0) */ + return 1 + 2 + 2 + 4 + 2; +} + +void +attach_edns_record(sldns_buffer* pkt, struct edns_data* edns) +{ + size_t len; + if(!edns || !edns->edns_present) + return; + /* inc additional count */ + sldns_buffer_write_u16_at(pkt, 10, + sldns_buffer_read_u16_at(pkt, 10) + 1); + len = sldns_buffer_limit(pkt); + sldns_buffer_clear(pkt); + sldns_buffer_set_position(pkt, len); + /* write EDNS record */ + sldns_buffer_write_u8(pkt, 0); /* '.' label */ + sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_OPT); /* type */ + sldns_buffer_write_u16(pkt, edns->udp_size); /* class */ + sldns_buffer_write_u8(pkt, edns->ext_rcode); /* ttl */ + sldns_buffer_write_u8(pkt, edns->edns_version); + sldns_buffer_write_u16(pkt, edns->bits); + sldns_buffer_write_u16(pkt, 0); /* rdatalen */ + sldns_buffer_flip(pkt); +} + +int +reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, + uint16_t id, uint16_t qflags, sldns_buffer* pkt, time_t timenow, + int cached, struct regional* region, uint16_t udpsize, + struct edns_data* edns, int dnssec, int secure) +{ + uint16_t flags; + int attach_edns = 1; + + if(!cached || rep->authoritative) { + /* original flags, copy RD and CD bits from query. */ + flags = rep->flags | (qflags & (BIT_RD|BIT_CD)); + } else { + /* remove AA bit, copy RD and CD bits from query. */ + flags = (rep->flags & ~BIT_AA) | (qflags & (BIT_RD|BIT_CD)); + } + if(secure && (dnssec || (qflags&BIT_AD))) + flags |= BIT_AD; + log_assert(flags & BIT_QR); /* QR bit must be on in our replies */ + if(udpsize < LDNS_HEADER_SIZE) + return 0; + if(udpsize < LDNS_HEADER_SIZE + calc_edns_field_size(edns)) { + /* packet too small to contain edns, omit it. */ + attach_edns = 0; + } else { + /* reserve space for edns record */ + udpsize -= calc_edns_field_size(edns); + } + + if(!reply_info_encode(qinf, rep, id, flags, pkt, timenow, region, + udpsize, dnssec)) { + log_err("reply encode: out of memory"); + return 0; + } + if(attach_edns) + attach_edns_record(pkt, edns); + return 1; +} + +void +qinfo_query_encode(sldns_buffer* pkt, struct query_info* qinfo) +{ + uint16_t flags = 0; /* QUERY, NOERROR */ + sldns_buffer_clear(pkt); + log_assert(sldns_buffer_remaining(pkt) >= 12+255+4/*max query*/); + sldns_buffer_skip(pkt, 2); /* id done later */ + sldns_buffer_write_u16(pkt, flags); + sldns_buffer_write_u16(pkt, 1); /* query count */ + sldns_buffer_write(pkt, "\000\000\000\000\000\000", 6); /* counts */ + sldns_buffer_write(pkt, qinfo->qname, qinfo->qname_len); + sldns_buffer_write_u16(pkt, qinfo->qtype); + sldns_buffer_write_u16(pkt, qinfo->qclass); + sldns_buffer_flip(pkt); +} + +void +error_encode(sldns_buffer* buf, int r, struct query_info* qinfo, + uint16_t qid, uint16_t qflags, struct edns_data* edns) +{ + uint16_t flags; + + sldns_buffer_clear(buf); + sldns_buffer_write(buf, &qid, sizeof(uint16_t)); + flags = (uint16_t)(BIT_QR | BIT_RA | r); /* QR and retcode*/ + flags |= (qflags & (BIT_RD|BIT_CD)); /* copy RD and CD bit */ + sldns_buffer_write_u16(buf, flags); + if(qinfo) flags = 1; + else flags = 0; + sldns_buffer_write_u16(buf, flags); + flags = 0; + sldns_buffer_write(buf, &flags, sizeof(uint16_t)); + sldns_buffer_write(buf, &flags, sizeof(uint16_t)); + sldns_buffer_write(buf, &flags, sizeof(uint16_t)); + if(qinfo) { + if(sldns_buffer_current(buf) == qinfo->qname) + sldns_buffer_skip(buf, (ssize_t)qinfo->qname_len); + else sldns_buffer_write(buf, qinfo->qname, qinfo->qname_len); + sldns_buffer_write_u16(buf, qinfo->qtype); + sldns_buffer_write_u16(buf, qinfo->qclass); + } + sldns_buffer_flip(buf); + if(edns) { + struct edns_data es = *edns; + es.edns_version = EDNS_ADVERTISED_VERSION; + es.udp_size = EDNS_ADVERTISED_SIZE; + es.ext_rcode = 0; + es.bits &= EDNS_DO; + if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) > + edns->udp_size) + return; + attach_edns_record(buf, &es); + } +} diff --git a/external/unbound/util/data/msgencode.h b/external/unbound/util/data/msgencode.h new file mode 100644 index 000000000..eea129d98 --- /dev/null +++ b/external/unbound/util/data/msgencode.h @@ -0,0 +1,131 @@ +/* + * util/data/msgencode.h - encode compressed DNS messages. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains temporary data structures and routines to create + * compressed DNS messages. + */ + +#ifndef UTIL_DATA_MSGENCODE_H +#define UTIL_DATA_MSGENCODE_H +struct sldns_buffer; +struct query_info; +struct reply_info; +struct regional; +struct edns_data; + +/** + * Generate answer from reply_info. + * @param qinf: query information that provides query section in packet. + * @param rep: reply to fill in. + * @param id: id word from the query. + * @param qflags: flags word from the query. + * @param dest: buffer to put message into; will truncate if it does not fit. + * @param timenow: time to subtract. + * @param cached: set true if a cached reply (so no AA bit). + * set false for the first reply. + * @param region: where to allocate temp variables (for compression). + * @param udpsize: size of the answer, 512, from EDNS, or 64k for TCP. + * @param edns: EDNS data included in the answer, NULL for none. + * or if edns_present = 0, it is not included. + * @param dnssec: if 0 DNSSEC records are omitted from the answer. + * @param secure: if 1, the AD bit is set in the reply. + * @return: 0 on error (server failure). + */ +int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, + uint16_t id, uint16_t qflags, struct sldns_buffer* dest, time_t timenow, + int cached, struct regional* region, uint16_t udpsize, + struct edns_data* edns, int dnssec, int secure); + +/** + * Regenerate the wireformat from the stored msg reply. + * If the buffer is too small then the message is truncated at a whole + * rrset and the TC bit set, or whole rrsets are left out of the additional + * and the TC bit is not set. + * @param qinfo: query info to store. + * @param rep: reply to store. + * @param id: id value to store, network order. + * @param flags: flags value to store, host order. + * @param buffer: buffer to store the packet into. + * @param timenow: time now, to adjust ttl values. + * @param region: to store temporary data in. + * @param udpsize: size of the answer, 512, from EDNS, or 64k for TCP. + * @param dnssec: if 0 DNSSEC records are omitted from the answer. + * @return: nonzero is success, or + * 0 on error: malloc failure (no log_err has been done). + */ +int reply_info_encode(struct query_info* qinfo, struct reply_info* rep, + uint16_t id, uint16_t flags, struct sldns_buffer* buffer, time_t timenow, + struct regional* region, uint16_t udpsize, int dnssec); + +/** + * Encode query packet. Assumes the buffer is large enough. + * @param pkt: where to store the packet. + * @param qinfo: query info. + */ +void qinfo_query_encode(struct sldns_buffer* pkt, struct query_info* qinfo); + +/** + * Estimate size of EDNS record in packet. EDNS record will be no larger. + * @param edns: edns data or NULL. + * @return octets to reserve for EDNS. + */ +uint16_t calc_edns_field_size(struct edns_data* edns); + +/** + * Attach EDNS record to buffer. Buffer has complete packet. There must + * be enough room left for the EDNS record. + * @param pkt: packet added to. + * @param edns: if NULL or present=0, nothing is added to the packet. + */ +void attach_edns_record(struct sldns_buffer* pkt, struct edns_data* edns); + +/** + * Encode an error. With QR and RA set. + * + * @param pkt: where to store the packet. + * @param r: RCODE value to encode. + * @param qinfo: if not NULL, the query is included. + * @param qid: query ID to set in packet. network order. + * @param qflags: original query flags (to copy RD and CD bits). host order. + * @param edns: if not NULL, this is the query edns info, + * and an edns reply is attached. Only attached if EDNS record fits reply. + */ +void error_encode(struct sldns_buffer* pkt, int r, struct query_info* qinfo, + uint16_t qid, uint16_t qflags, struct edns_data* edns); + +#endif /* UTIL_DATA_MSGENCODE_H */ diff --git a/external/unbound/util/data/msgparse.c b/external/unbound/util/data/msgparse.c new file mode 100644 index 000000000..abe778a89 --- /dev/null +++ b/external/unbound/util/data/msgparse.c @@ -0,0 +1,1022 @@ +/* + * util/data/msgparse.c - parse wireformat DNS messages. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * Routines for message parsing a packet buffer to a descriptive structure. + */ +#include "config.h" +#include "util/data/msgparse.h" +#include "util/data/dname.h" +#include "util/data/packed_rrset.h" +#include "util/storage/lookup3.h" +#include "util/regional.h" +#include "ldns/rrdef.h" +#include "ldns/sbuffer.h" +#include "ldns/parseutil.h" +#include "ldns/wire2str.h" + +/** smart comparison of (compressed, valid) dnames from packet */ +static int +smart_compare(sldns_buffer* pkt, uint8_t* dnow, + uint8_t* dprfirst, uint8_t* dprlast) +{ + if(LABEL_IS_PTR(*dnow)) { + /* ptr points to a previous dname */ + uint8_t* p = sldns_buffer_at(pkt, PTR_OFFSET(dnow[0], dnow[1])); + if( p == dprfirst || p == dprlast ) + return 0; + /* prev dname is also a ptr, both ptrs are the same. */ + if(LABEL_IS_PTR(*dprlast) && + dprlast[0] == dnow[0] && dprlast[1] == dnow[1]) + return 0; + } + return dname_pkt_compare(pkt, dnow, dprlast); +} + +/** + * Allocate new rrset in region, fill with data. + */ +static struct rrset_parse* +new_rrset(struct msg_parse* msg, uint8_t* dname, size_t dnamelen, + uint16_t type, uint16_t dclass, hashvalue_t hash, + uint32_t rrset_flags, sldns_pkt_section section, + struct regional* region) +{ + struct rrset_parse* p = regional_alloc(region, sizeof(*p)); + if(!p) return NULL; + p->rrset_bucket_next = msg->hashtable[hash & (PARSE_TABLE_SIZE-1)]; + msg->hashtable[hash & (PARSE_TABLE_SIZE-1)] = p; + p->rrset_all_next = 0; + if(msg->rrset_last) + msg->rrset_last->rrset_all_next = p; + else msg->rrset_first = p; + msg->rrset_last = p; + p->hash = hash; + p->section = section; + p->dname = dname; + p->dname_len = dnamelen; + p->type = type; + p->rrset_class = dclass; + p->flags = rrset_flags; + p->rr_count = 0; + p->size = 0; + p->rr_first = 0; + p->rr_last = 0; + p->rrsig_count = 0; + p->rrsig_first = 0; + p->rrsig_last = 0; + return p; +} + +/** See if next rrset is nsec at zone apex */ +static int +nsec_at_apex(sldns_buffer* pkt) +{ + /* we are at ttl position in packet. */ + size_t pos = sldns_buffer_position(pkt); + uint16_t rdatalen; + if(sldns_buffer_remaining(pkt) < 7) /* ttl+len+root */ + return 0; /* eek! */ + sldns_buffer_skip(pkt, 4); /* ttl */; + rdatalen = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < rdatalen) { + sldns_buffer_set_position(pkt, pos); + return 0; /* parse error happens later */ + } + /* must validate the nsec next domain name format */ + if(pkt_dname_len(pkt) == 0) { + sldns_buffer_set_position(pkt, pos); + return 0; /* parse error */ + } + + /* see if SOA bit is set. */ + if(sldns_buffer_position(pkt) < pos+4+rdatalen) { + /* nsec type bitmap contains items */ + uint8_t win, blen, bits; + /* need: windownum, bitmap len, firstbyte */ + if(sldns_buffer_position(pkt)+3 > pos+4+rdatalen) { + sldns_buffer_set_position(pkt, pos); + return 0; /* malformed nsec */ + } + win = sldns_buffer_read_u8(pkt); + blen = sldns_buffer_read_u8(pkt); + bits = sldns_buffer_read_u8(pkt); + /* 0window always first window. bitlen >=1 or parse + error really. bit 0x2 is SOA. */ + if(win == 0 && blen >= 1 && (bits & 0x02)) { + sldns_buffer_set_position(pkt, pos); + return 1; + } + } + + sldns_buffer_set_position(pkt, pos); + return 0; +} + +/** Calculate rrset flags */ +static uint32_t +pkt_rrset_flags(sldns_buffer* pkt, uint16_t type, sldns_pkt_section sec) +{ + uint32_t f = 0; + if(type == LDNS_RR_TYPE_NSEC && nsec_at_apex(pkt)) { + f |= PACKED_RRSET_NSEC_AT_APEX; + } else if(type == LDNS_RR_TYPE_SOA && sec == LDNS_SECTION_AUTHORITY) { + f |= PACKED_RRSET_SOA_NEG; + } + return f; +} + +hashvalue_t +pkt_hash_rrset(sldns_buffer* pkt, uint8_t* dname, uint16_t type, + uint16_t dclass, uint32_t rrset_flags) +{ + /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ + /* this routine handles compressed names */ + hashvalue_t h = 0xab; + h = dname_pkt_hash(pkt, dname, h); + h = hashlittle(&type, sizeof(type), h); /* host order */ + h = hashlittle(&dclass, sizeof(dclass), h); /* netw order */ + h = hashlittle(&rrset_flags, sizeof(uint32_t), h); + return h; +} + +/** create partial dname hash for rrset hash */ +static hashvalue_t +pkt_hash_rrset_first(sldns_buffer* pkt, uint8_t* dname) +{ + /* works together with pkt_hash_rrset_rest */ + /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ + /* this routine handles compressed names */ + hashvalue_t h = 0xab; + h = dname_pkt_hash(pkt, dname, h); + return h; +} + +/** create a rrset hash from a partial dname hash */ +static hashvalue_t +pkt_hash_rrset_rest(hashvalue_t dname_h, uint16_t type, uint16_t dclass, + uint32_t rrset_flags) +{ + /* works together with pkt_hash_rrset_first */ + /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ + hashvalue_t h; + h = hashlittle(&type, sizeof(type), dname_h); /* host order */ + h = hashlittle(&dclass, sizeof(dclass), h); /* netw order */ + h = hashlittle(&rrset_flags, sizeof(uint32_t), h); + return h; +} + +/** compare rrset_parse with data */ +static int +rrset_parse_equals(struct rrset_parse* p, sldns_buffer* pkt, hashvalue_t h, + uint32_t rrset_flags, uint8_t* dname, size_t dnamelen, + uint16_t type, uint16_t dclass) +{ + if(p->hash == h && p->dname_len == dnamelen && p->type == type && + p->rrset_class == dclass && p->flags == rrset_flags && + dname_pkt_compare(pkt, dname, p->dname) == 0) + return 1; + return 0; +} + + +struct rrset_parse* +msgparse_hashtable_lookup(struct msg_parse* msg, sldns_buffer* pkt, + hashvalue_t h, uint32_t rrset_flags, uint8_t* dname, size_t dnamelen, + uint16_t type, uint16_t dclass) +{ + struct rrset_parse* p = msg->hashtable[h & (PARSE_TABLE_SIZE-1)]; + while(p) { + if(rrset_parse_equals(p, pkt, h, rrset_flags, dname, dnamelen, + type, dclass)) + return p; + p = p->rrset_bucket_next; + } + return NULL; +} + +/** return type networkformat that rrsig in packet covers */ +static int +pkt_rrsig_covered(sldns_buffer* pkt, uint8_t* here, uint16_t* type) +{ + size_t pos = sldns_buffer_position(pkt); + sldns_buffer_set_position(pkt, (size_t)(here-sldns_buffer_begin(pkt))); + /* ttl + len + size of small rrsig(rootlabel, no signature) */ + if(sldns_buffer_remaining(pkt) < 4+2+19) + return 0; + sldns_buffer_skip(pkt, 4); /* ttl */ + if(sldns_buffer_read_u16(pkt) < 19) /* too short */ { + sldns_buffer_set_position(pkt, pos); + return 0; + } + *type = sldns_buffer_read_u16(pkt); + sldns_buffer_set_position(pkt, pos); + return 1; +} + +/** true if covered type equals prevtype */ +static int +pkt_rrsig_covered_equals(sldns_buffer* pkt, uint8_t* here, uint16_t type) +{ + uint16_t t; + if(pkt_rrsig_covered(pkt, here, &t) && t == type) + return 1; + return 0; +} + +void +msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset) +{ + struct rrset_parse** p; + p = &msg->hashtable[ rrset->hash & (PARSE_TABLE_SIZE-1) ]; + while(*p) { + if(*p == rrset) { + *p = rrset->rrset_bucket_next; + return; + } + p = &( (*p)->rrset_bucket_next ); + } +} + +/** change section of rrset from previous to current section */ +static void +change_section(struct msg_parse* msg, struct rrset_parse* rrset, + sldns_pkt_section section) +{ + struct rrset_parse *p, *prev; + /* remove from list */ + if(section == rrset->section) + return; + p = msg->rrset_first; + prev = 0; + while(p) { + if(p == rrset) { + if(prev) prev->rrset_all_next = p->rrset_all_next; + else msg->rrset_first = p->rrset_all_next; + if(msg->rrset_last == rrset) + msg->rrset_last = prev; + break; + } + prev = p; + p = p->rrset_all_next; + } + /* remove from count */ + switch(rrset->section) { + case LDNS_SECTION_ANSWER: msg->an_rrsets--; break; + case LDNS_SECTION_AUTHORITY: msg->ns_rrsets--; break; + case LDNS_SECTION_ADDITIONAL: msg->ar_rrsets--; break; + default: log_assert(0); + } + /* insert at end of list */ + rrset->rrset_all_next = 0; + if(msg->rrset_last) + msg->rrset_last->rrset_all_next = rrset; + else msg->rrset_first = rrset; + msg->rrset_last = rrset; + /* up count of new section */ + switch(section) { + case LDNS_SECTION_AUTHORITY: msg->ns_rrsets++; break; + case LDNS_SECTION_ADDITIONAL: msg->ar_rrsets++; break; + default: log_assert(0); + } + rrset->section = section; +} + +/** see if rrset of type RRSIG contains sig over given type */ +static int +rrset_has_sigover(sldns_buffer* pkt, struct rrset_parse* rrset, uint16_t type, + int* hasother) +{ + int res = 0; + struct rr_parse* rr = rrset->rr_first; + log_assert( rrset->type == LDNS_RR_TYPE_RRSIG ); + while(rr) { + if(pkt_rrsig_covered_equals(pkt, rr->ttl_data, type)) + res = 1; + else *hasother = 1; + rr = rr->next; + } + return res; +} + +/** move rrsigs from sigset to dataset */ +static int +moveover_rrsigs(sldns_buffer* pkt, struct regional* region, + struct rrset_parse* sigset, struct rrset_parse* dataset, int duplicate) +{ + struct rr_parse* sig = sigset->rr_first; + struct rr_parse* prev = NULL; + struct rr_parse* insert; + struct rr_parse* nextsig; + while(sig) { + nextsig = sig->next; + if(pkt_rrsig_covered_equals(pkt, sig->ttl_data, + dataset->type)) { + if(duplicate) { + /* new */ + insert = (struct rr_parse*)regional_alloc( + region, sizeof(struct rr_parse)); + if(!insert) return 0; + insert->outside_packet = 0; + insert->ttl_data = sig->ttl_data; + insert->size = sig->size; + /* prev not used */ + } else { + /* remove from sigset */ + if(prev) prev->next = sig->next; + else sigset->rr_first = sig->next; + if(sigset->rr_last == sig) + sigset->rr_last = prev; + sigset->rr_count--; + sigset->size -= sig->size; + insert = sig; + /* prev not changed */ + } + /* add to dataset */ + dataset->rrsig_count++; + insert->next = 0; + if(dataset->rrsig_last) + dataset->rrsig_last->next = insert; + else dataset->rrsig_first = insert; + dataset->rrsig_last = insert; + dataset->size += insert->size; + } else { + prev = sig; + } + sig = nextsig; + } + return 1; +} + +/** change an rrsig rrset for use as data rrset */ +static struct rrset_parse* +change_rrsig_rrset(struct rrset_parse* sigset, struct msg_parse* msg, + sldns_buffer* pkt, uint16_t datatype, uint32_t rrset_flags, + int hasother, sldns_pkt_section section, struct regional* region) +{ + struct rrset_parse* dataset = sigset; + hashvalue_t hash = pkt_hash_rrset(pkt, sigset->dname, datatype, + sigset->rrset_class, rrset_flags); + log_assert( sigset->type == LDNS_RR_TYPE_RRSIG ); + log_assert( datatype != LDNS_RR_TYPE_RRSIG ); + if(hasother) { + /* need to make new rrset to hold data type */ + dataset = new_rrset(msg, sigset->dname, sigset->dname_len, + datatype, sigset->rrset_class, hash, rrset_flags, + section, region); + if(!dataset) + return NULL; + switch(section) { + case LDNS_SECTION_ANSWER: msg->an_rrsets++; break; + case LDNS_SECTION_AUTHORITY: msg->ns_rrsets++; break; + case LDNS_SECTION_ADDITIONAL: msg->ar_rrsets++; break; + default: log_assert(0); + } + if(!moveover_rrsigs(pkt, region, sigset, dataset, + msg->qtype == LDNS_RR_TYPE_RRSIG || + (msg->qtype == LDNS_RR_TYPE_ANY && + section != LDNS_SECTION_ANSWER) )) + return NULL; + return dataset; + } + /* changeover the type of the rrset to data set */ + msgparse_bucket_remove(msg, dataset); + /* insert into new hash bucket */ + dataset->rrset_bucket_next = msg->hashtable[hash&(PARSE_TABLE_SIZE-1)]; + msg->hashtable[hash&(PARSE_TABLE_SIZE-1)] = dataset; + dataset->hash = hash; + /* use section of data item for result */ + change_section(msg, dataset, section); + dataset->type = datatype; + dataset->flags = rrset_flags; + dataset->rrsig_count += dataset->rr_count; + dataset->rr_count = 0; + /* move sigs to end of siglist */ + if(dataset->rrsig_last) + dataset->rrsig_last->next = dataset->rr_first; + else dataset->rrsig_first = dataset->rr_first; + dataset->rrsig_last = dataset->rr_last; + dataset->rr_first = 0; + dataset->rr_last = 0; + return dataset; +} + +/** Find rrset. If equal to previous it is fast. hash if not so. + * @param msg: the message with hash table. + * @param pkt: the packet in wireformat (needed for compression ptrs). + * @param dname: pointer to start of dname (compressed) in packet. + * @param dnamelen: uncompressed wirefmt length of dname. + * @param type: type of current rr. + * @param dclass: class of current rr. + * @param hash: hash value is returned if the rrset could not be found. + * @param rrset_flags: is returned if the rrset could not be found. + * @param prev_dname_first: dname of last seen RR. First seen dname. + * @param prev_dname_last: dname of last seen RR. Last seen dname. + * @param prev_dnamelen: dname len of last seen RR. + * @param prev_type: type of last seen RR. + * @param prev_dclass: class of last seen RR. + * @param rrset_prev: last seen RRset. + * @param section: the current section in the packet. + * @param region: used to allocate temporary parsing data. + * @return 0 on out of memory. + */ +static int +find_rrset(struct msg_parse* msg, sldns_buffer* pkt, uint8_t* dname, + size_t dnamelen, uint16_t type, uint16_t dclass, hashvalue_t* hash, + uint32_t* rrset_flags, + uint8_t** prev_dname_first, uint8_t** prev_dname_last, + size_t* prev_dnamelen, uint16_t* prev_type, + uint16_t* prev_dclass, struct rrset_parse** rrset_prev, + sldns_pkt_section section, struct regional* region) +{ + hashvalue_t dname_h = pkt_hash_rrset_first(pkt, dname); + uint16_t covtype; + if(*rrset_prev) { + /* check if equal to previous item */ + if(type == *prev_type && dclass == *prev_dclass && + dnamelen == *prev_dnamelen && + smart_compare(pkt, dname, *prev_dname_first, + *prev_dname_last) == 0 && + type != LDNS_RR_TYPE_RRSIG) { + /* same as previous */ + *prev_dname_last = dname; + return 1; + } + /* check if rrsig over previous item */ + if(type == LDNS_RR_TYPE_RRSIG && dclass == *prev_dclass && + pkt_rrsig_covered_equals(pkt, sldns_buffer_current(pkt), + *prev_type) && + smart_compare(pkt, dname, *prev_dname_first, + *prev_dname_last) == 0) { + /* covers previous */ + *prev_dname_last = dname; + return 1; + } + } + /* find by hashing and lookup in hashtable */ + *rrset_flags = pkt_rrset_flags(pkt, type, section); + + /* if rrsig - try to lookup matching data set first */ + if(type == LDNS_RR_TYPE_RRSIG && pkt_rrsig_covered(pkt, + sldns_buffer_current(pkt), &covtype)) { + *hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, + *rrset_flags); + *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, + *rrset_flags, dname, dnamelen, covtype, dclass); + if(!*rrset_prev && covtype == LDNS_RR_TYPE_NSEC) { + /* if NSEC try with NSEC apex bit twiddled */ + *rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX; + *hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, + *rrset_flags); + *rrset_prev = msgparse_hashtable_lookup(msg, pkt, + *hash, *rrset_flags, dname, dnamelen, covtype, + dclass); + if(!*rrset_prev) /* untwiddle if not found */ + *rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX; + } + if(!*rrset_prev && covtype == LDNS_RR_TYPE_SOA) { + /* if SOA try with SOA neg flag twiddled */ + *rrset_flags ^= PACKED_RRSET_SOA_NEG; + *hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, + *rrset_flags); + *rrset_prev = msgparse_hashtable_lookup(msg, pkt, + *hash, *rrset_flags, dname, dnamelen, covtype, + dclass); + if(!*rrset_prev) /* untwiddle if not found */ + *rrset_flags ^= PACKED_RRSET_SOA_NEG; + } + if(*rrset_prev) { + *prev_dname_first = (*rrset_prev)->dname; + *prev_dname_last = dname; + *prev_dnamelen = dnamelen; + *prev_type = covtype; + *prev_dclass = dclass; + return 1; + } + } + if(type != LDNS_RR_TYPE_RRSIG) { + int hasother = 0; + /* find matching rrsig */ + *hash = pkt_hash_rrset_rest(dname_h, LDNS_RR_TYPE_RRSIG, + dclass, 0); + *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, + 0, dname, dnamelen, LDNS_RR_TYPE_RRSIG, + dclass); + if(*rrset_prev && rrset_has_sigover(pkt, *rrset_prev, type, + &hasother)) { + /* yes! */ + *prev_dname_first = (*rrset_prev)->dname; + *prev_dname_last = dname; + *prev_dnamelen = dnamelen; + *prev_type = type; + *prev_dclass = dclass; + *rrset_prev = change_rrsig_rrset(*rrset_prev, msg, + pkt, type, *rrset_flags, hasother, section, + region); + if(!*rrset_prev) return 0; + return 1; + } + } + + *hash = pkt_hash_rrset_rest(dname_h, type, dclass, *rrset_flags); + *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, *rrset_flags, + dname, dnamelen, type, dclass); + if(*rrset_prev) + *prev_dname_first = (*rrset_prev)->dname; + else *prev_dname_first = dname; + *prev_dname_last = dname; + *prev_dnamelen = dnamelen; + *prev_type = type; + *prev_dclass = dclass; + return 1; +} + +/** + * Parse query section. + * @param pkt: packet, position at call must be at start of query section. + * at end position is after query section. + * @param msg: store results here. + * @return: 0 if OK, or rcode on error. + */ +static int +parse_query_section(sldns_buffer* pkt, struct msg_parse* msg) +{ + if(msg->qdcount == 0) + return 0; + if(msg->qdcount > 1) + return LDNS_RCODE_FORMERR; + log_assert(msg->qdcount == 1); + if(sldns_buffer_remaining(pkt) <= 0) + return LDNS_RCODE_FORMERR; + msg->qname = sldns_buffer_current(pkt); + if((msg->qname_len = pkt_dname_len(pkt)) == 0) + return LDNS_RCODE_FORMERR; + if(sldns_buffer_remaining(pkt) < sizeof(uint16_t)*2) + return LDNS_RCODE_FORMERR; + msg->qtype = sldns_buffer_read_u16(pkt); + msg->qclass = sldns_buffer_read_u16(pkt); + return 0; +} + +size_t +get_rdf_size(sldns_rdf_type rdf) +{ + switch(rdf) { + case LDNS_RDF_TYPE_CLASS: + case LDNS_RDF_TYPE_ALG: + case LDNS_RDF_TYPE_INT8: + return 1; + break; + case LDNS_RDF_TYPE_INT16: + case LDNS_RDF_TYPE_TYPE: + case LDNS_RDF_TYPE_CERT_ALG: + return 2; + break; + case LDNS_RDF_TYPE_INT32: + case LDNS_RDF_TYPE_TIME: + case LDNS_RDF_TYPE_A: + case LDNS_RDF_TYPE_PERIOD: + return 4; + break; + case LDNS_RDF_TYPE_TSIGTIME: + return 6; + break; + case LDNS_RDF_TYPE_AAAA: + return 16; + break; + default: + log_assert(0); /* add type above */ + /* only types that appear before a domain * + * name are needed. rest is simply copied. */ + } + return 0; +} + +/** calculate the size of one rr */ +static int +calc_size(sldns_buffer* pkt, uint16_t type, struct rr_parse* rr) +{ + const sldns_rr_descriptor* desc; + uint16_t pkt_len; /* length of rr inside the packet */ + rr->size = sizeof(uint16_t); /* the rdatalen */ + sldns_buffer_skip(pkt, 4); /* skip ttl */ + pkt_len = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < pkt_len) + return 0; + desc = sldns_rr_descript(type); + if(pkt_len > 0 && desc && desc->_dname_count > 0) { + int count = (int)desc->_dname_count; + int rdf = 0; + size_t len; + size_t oldpos; + /* skip first part. */ + while(pkt_len > 0 && count) { + switch(desc->_wireformat[rdf]) { + case LDNS_RDF_TYPE_DNAME: + /* decompress every domain name */ + oldpos = sldns_buffer_position(pkt); + if((len = pkt_dname_len(pkt)) == 0) + return 0; /* malformed dname */ + if(sldns_buffer_position(pkt)-oldpos > pkt_len) + return 0; /* dname exceeds rdata */ + pkt_len -= sldns_buffer_position(pkt)-oldpos; + rr->size += len; + count--; + len = 0; + break; + case LDNS_RDF_TYPE_STR: + if(pkt_len < 1) { + /* NOTREACHED, due to 'while(>0)' */ + return 0; /* len byte exceeds rdata */ + } + len = sldns_buffer_current(pkt)[0] + 1; + break; + default: + len = get_rdf_size(desc->_wireformat[rdf]); + } + if(len) { + if(pkt_len < len) + return 0; /* exceeds rdata */ + pkt_len -= len; + sldns_buffer_skip(pkt, (ssize_t)len); + rr->size += len; + } + rdf++; + } + } + /* remaining rdata */ + rr->size += pkt_len; + sldns_buffer_skip(pkt, (ssize_t)pkt_len); + return 1; +} + +/** skip rr ttl and rdata */ +static int +skip_ttl_rdata(sldns_buffer* pkt) +{ + uint16_t rdatalen; + if(sldns_buffer_remaining(pkt) < 6) /* ttl + rdatalen */ + return 0; + sldns_buffer_skip(pkt, 4); /* ttl */ + rdatalen = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < rdatalen) + return 0; + sldns_buffer_skip(pkt, (ssize_t)rdatalen); + return 1; +} + +/** see if RRSIG is a duplicate of another */ +static int +sig_is_double(sldns_buffer* pkt, struct rrset_parse* rrset, uint8_t* ttldata) +{ + uint16_t rlen, siglen; + size_t pos = sldns_buffer_position(pkt); + struct rr_parse* sig; + if(sldns_buffer_remaining(pkt) < 6) + return 0; + sldns_buffer_skip(pkt, 4); /* ttl */ + rlen = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < rlen) { + sldns_buffer_set_position(pkt, pos); + return 0; + } + sldns_buffer_set_position(pkt, pos); + + sig = rrset->rrsig_first; + while(sig) { + /* check if rdatalen is same */ + memmove(&siglen, sig->ttl_data+4, sizeof(siglen)); + siglen = ntohs(siglen); + /* checks if data in packet is exactly the same, this means + * also dname in rdata is the same, but rrsig is not allowed + * to have compressed dnames anyway. If it is compressed anyway + * it will lead to duplicate rrs for qtype=RRSIG. (or ANY). + * + * Cannot use sig->size because size of the other one is not + * calculated yet. + */ + if(siglen == rlen) { + if(siglen>0 && memcmp(sig->ttl_data+6, ttldata+6, + siglen) == 0) { + /* same! */ + return 1; + } + } + sig = sig->next; + } + return 0; +} + +/** Add rr (from packet here) to rrset, skips rr */ +static int +add_rr_to_rrset(struct rrset_parse* rrset, sldns_buffer* pkt, + struct msg_parse* msg, struct regional* region, + sldns_pkt_section section, uint16_t type) +{ + struct rr_parse* rr; + /* check section of rrset. */ + if(rrset->section != section && type != LDNS_RR_TYPE_RRSIG && + rrset->type != LDNS_RR_TYPE_RRSIG) { + /* silently drop it - we drop the last part, since + * trust in rr data depends on the section it is in. + * the less trustworthy part is discarded. + * also the last part is more likely to be incomplete. + * RFC 2181: must put RRset only once in response. */ + /* + verbose(VERB_QUERY, "Packet contains rrset data in " + "multiple sections, dropped last part."); + log_buf(VERB_QUERY, "packet was", pkt); + */ + /* forwards */ + if(!skip_ttl_rdata(pkt)) + return LDNS_RCODE_FORMERR; + return 0; + } + + if( (msg->qtype == LDNS_RR_TYPE_RRSIG || + msg->qtype == LDNS_RR_TYPE_ANY) + && sig_is_double(pkt, rrset, sldns_buffer_current(pkt))) { + if(!skip_ttl_rdata(pkt)) + return LDNS_RCODE_FORMERR; + return 0; + } + + /* create rr */ + if(!(rr = (struct rr_parse*)regional_alloc(region, sizeof(*rr)))) + return LDNS_RCODE_SERVFAIL; + rr->outside_packet = 0; + rr->ttl_data = sldns_buffer_current(pkt); + rr->next = 0; + if(type == LDNS_RR_TYPE_RRSIG && rrset->type != LDNS_RR_TYPE_RRSIG) { + if(rrset->rrsig_last) + rrset->rrsig_last->next = rr; + else rrset->rrsig_first = rr; + rrset->rrsig_last = rr; + rrset->rrsig_count++; + } else { + if(rrset->rr_last) + rrset->rr_last->next = rr; + else rrset->rr_first = rr; + rrset->rr_last = rr; + rrset->rr_count++; + } + + /* calc decompressed size */ + if(!calc_size(pkt, type, rr)) + return LDNS_RCODE_FORMERR; + rrset->size += rr->size; + + return 0; +} + +/** + * Parse packet RR section, for answer, authority and additional sections. + * @param pkt: packet, position at call must be at start of section. + * at end position is after section. + * @param msg: store results here. + * @param region: how to alloc results. + * @param section: section enum. + * @param num_rrs: how many rrs are in the section. + * @param num_rrsets: returns number of rrsets in the section. + * @return: 0 if OK, or rcode on error. + */ +static int +parse_section(sldns_buffer* pkt, struct msg_parse* msg, + struct regional* region, sldns_pkt_section section, + uint16_t num_rrs, size_t* num_rrsets) +{ + uint16_t i; + uint8_t* dname, *prev_dname_f = NULL, *prev_dname_l = NULL; + size_t dnamelen, prev_dnamelen = 0; + uint16_t type, prev_type = 0; + uint16_t dclass, prev_dclass = 0; + uint32_t rrset_flags = 0; + hashvalue_t hash = 0; + struct rrset_parse* rrset = NULL; + int r; + + if(num_rrs == 0) + return 0; + if(sldns_buffer_remaining(pkt) <= 0) + return LDNS_RCODE_FORMERR; + for(i=0; i<num_rrs; i++) { + /* parse this RR. */ + dname = sldns_buffer_current(pkt); + if((dnamelen = pkt_dname_len(pkt)) == 0) + return LDNS_RCODE_FORMERR; + if(sldns_buffer_remaining(pkt) < 10) /* type, class, ttl, len */ + return LDNS_RCODE_FORMERR; + type = sldns_buffer_read_u16(pkt); + sldns_buffer_read(pkt, &dclass, sizeof(dclass)); + + if(0) { /* debug show what is being parsed. */ + if(type == LDNS_RR_TYPE_RRSIG) { + uint16_t t; + if(pkt_rrsig_covered(pkt, + sldns_buffer_current(pkt), &t)) + fprintf(stderr, "parse of %s(%d) [%s(%d)]", + sldns_rr_descript(type)? + sldns_rr_descript(type)->_name: "??", + (int)type, + sldns_rr_descript(t)? + sldns_rr_descript(t)->_name: "??", + (int)t); + } else + fprintf(stderr, "parse of %s(%d)", + sldns_rr_descript(type)? + sldns_rr_descript(type)->_name: "??", + (int)type); + fprintf(stderr, " %s(%d) ", + sldns_lookup_by_id(sldns_rr_classes, + (int)ntohs(dclass))?sldns_lookup_by_id( + sldns_rr_classes, (int)ntohs(dclass))->name: + "??", (int)ntohs(dclass)); + dname_print(stderr, pkt, dname); + fprintf(stderr, "\n"); + } + + /* see if it is part of an existing RR set */ + if(!find_rrset(msg, pkt, dname, dnamelen, type, dclass, &hash, + &rrset_flags, &prev_dname_f, &prev_dname_l, + &prev_dnamelen, &prev_type, &prev_dclass, &rrset, + section, region)) + return LDNS_RCODE_SERVFAIL; + if(!rrset) { + /* it is a new RR set. hash&flags already calculated.*/ + (*num_rrsets)++; + rrset = new_rrset(msg, dname, dnamelen, type, dclass, + hash, rrset_flags, section, region); + if(!rrset) + return LDNS_RCODE_SERVFAIL; + } + else if(0) { + fprintf(stderr, "is part of existing: "); + dname_print(stderr, pkt, rrset->dname); + fprintf(stderr, " type %s(%d)\n", + sldns_rr_descript(rrset->type)? + sldns_rr_descript(rrset->type)->_name: "??", + (int)rrset->type); + } + /* add to rrset. */ + if((r=add_rr_to_rrset(rrset, pkt, msg, region, section, + type)) != 0) + return r; + } + return 0; +} + +int +parse_packet(sldns_buffer* pkt, struct msg_parse* msg, struct regional* region) +{ + int ret; + if(sldns_buffer_remaining(pkt) < LDNS_HEADER_SIZE) + return LDNS_RCODE_FORMERR; + /* read the header */ + sldns_buffer_read(pkt, &msg->id, sizeof(uint16_t)); + msg->flags = sldns_buffer_read_u16(pkt); + msg->qdcount = sldns_buffer_read_u16(pkt); + msg->ancount = sldns_buffer_read_u16(pkt); + msg->nscount = sldns_buffer_read_u16(pkt); + msg->arcount = sldns_buffer_read_u16(pkt); + if(msg->qdcount > 1) + return LDNS_RCODE_FORMERR; + if((ret = parse_query_section(pkt, msg)) != 0) + return ret; + if((ret = parse_section(pkt, msg, region, LDNS_SECTION_ANSWER, + msg->ancount, &msg->an_rrsets)) != 0) + return ret; + if((ret = parse_section(pkt, msg, region, LDNS_SECTION_AUTHORITY, + msg->nscount, &msg->ns_rrsets)) != 0) + return ret; + if(sldns_buffer_remaining(pkt) == 0 && msg->arcount == 1) { + /* BIND accepts leniently that an EDNS record is missing. + * so, we do too. */ + } else if((ret = parse_section(pkt, msg, region, + LDNS_SECTION_ADDITIONAL, msg->arcount, &msg->ar_rrsets)) != 0) + return ret; + /* if(sldns_buffer_remaining(pkt) > 0) { */ + /* there is spurious data at end of packet. ignore */ + /* } */ + msg->rrset_count = msg->an_rrsets + msg->ns_rrsets + msg->ar_rrsets; + return 0; +} + +int +parse_extract_edns(struct msg_parse* msg, struct edns_data* edns) +{ + struct rrset_parse* rrset = msg->rrset_first; + struct rrset_parse* prev = 0; + struct rrset_parse* found = 0; + struct rrset_parse* found_prev = 0; + /* since the class encodes the UDP size, we cannot use hash table to + * find the EDNS OPT record. Scan the packet. */ + while(rrset) { + if(rrset->type == LDNS_RR_TYPE_OPT) { + /* only one OPT RR allowed. */ + if(found) return LDNS_RCODE_FORMERR; + /* found it! */ + found_prev = prev; + found = rrset; + } + prev = rrset; + rrset = rrset->rrset_all_next; + } + if(!found) { + memset(edns, 0, sizeof(*edns)); + edns->udp_size = 512; + return 0; + } + /* check the found RRset */ + /* most lenient check possible. ignore dname, use last opt */ + if(found->section != LDNS_SECTION_ADDITIONAL) + return LDNS_RCODE_FORMERR; + if(found->rr_count == 0) + return LDNS_RCODE_FORMERR; + if(0) { /* strict checking of dname and RRcount */ + if(found->dname_len != 1 || !found->dname + || found->dname[0] != 0) return LDNS_RCODE_FORMERR; + if(found->rr_count != 1) return LDNS_RCODE_FORMERR; + } + log_assert(found->rr_first && found->rr_last); + + /* remove from packet */ + if(found_prev) found_prev->rrset_all_next = found->rrset_all_next; + else msg->rrset_first = found->rrset_all_next; + if(found == msg->rrset_last) + msg->rrset_last = found_prev; + msg->arcount --; + msg->ar_rrsets --; + msg->rrset_count --; + + /* take the data ! */ + edns->edns_present = 1; + edns->ext_rcode = found->rr_last->ttl_data[0]; + edns->edns_version = found->rr_last->ttl_data[1]; + edns->bits = sldns_read_uint16(&found->rr_last->ttl_data[2]); + edns->udp_size = ntohs(found->rrset_class); + /* ignore rdata and rrsigs */ + return 0; +} + +int +parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns) +{ + log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1); + log_assert(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0); + log_assert(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) == 0); + /* check edns section is present */ + if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { + return LDNS_RCODE_FORMERR; + } + if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 0) { + memset(edns, 0, sizeof(*edns)); + edns->udp_size = 512; + return 0; + } + /* domain name must be the root of length 1. */ + if(pkt_dname_len(pkt) != 1) + return LDNS_RCODE_FORMERR; + if(sldns_buffer_remaining(pkt) < 10) /* type, class, ttl, rdatalen */ + return LDNS_RCODE_FORMERR; + if(sldns_buffer_read_u16(pkt) != LDNS_RR_TYPE_OPT) + return LDNS_RCODE_FORMERR; + edns->edns_present = 1; + edns->udp_size = sldns_buffer_read_u16(pkt); /* class is udp size */ + edns->ext_rcode = sldns_buffer_read_u8(pkt); /* ttl used for bits */ + edns->edns_version = sldns_buffer_read_u8(pkt); + edns->bits = sldns_buffer_read_u16(pkt); + /* ignore rdata and rrsigs */ + return 0; +} diff --git a/external/unbound/util/data/msgparse.h b/external/unbound/util/data/msgparse.h new file mode 100644 index 000000000..221a45aad --- /dev/null +++ b/external/unbound/util/data/msgparse.h @@ -0,0 +1,301 @@ +/* + * util/data/msgparse.h - parse wireformat DNS messages. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * Contains message parsing data structures. + * These point back into the packet buffer. + * + * During parsing RRSIGS are put together with the rrsets they (claim to) sign. + * This process works as follows: + * o if RRSIG follows the data rrset, it is added to the rrset rrsig list. + * o if no matching data rrset is found, the RRSIG becomes a new rrset. + * o If the data rrset later follows the RRSIG + * o See if the RRSIG rrset contains multiple types, and needs to + * have the rrsig(s) for that data type split off. + * o Put the data rr as data type in the rrset and rrsig in list. + * o RRSIGs are allowed to move to a different section. The section of + * the data item is used for the final rrset. + * o multiple signatures over an RRset are possible. + * + * For queries of qtype=RRSIG, some special handling is needed, to avoid + * splitting the RRSIG in the answer section. + * o duplicate, not split, RRSIGs from the answer section, if qtype=RRSIG. + * o check for doubles in the rrsig list when adding an RRSIG to data, + * so that a data rrset is signed by RRSIGs with different rdata. + * when qtype=RRSIG. + * This will move the RRSIG from the answer section to sign the data further + * in the packet (if possible). If then after that, more RRSIGs are found + * that sign the data as well, doubles are removed. + */ + +#ifndef UTIL_DATA_MSGPARSE_H +#define UTIL_DATA_MSGPARSE_H +#include "util/storage/lruhash.h" +#include "ldns/pkthdr.h" +#include "ldns/rrdef.h" +struct sldns_buffer; +struct rrset_parse; +struct rr_parse; +struct regional; + +/** number of buckets in parse rrset hash table. Must be power of 2. */ +#define PARSE_TABLE_SIZE 32 +/** Maximum TTL that is allowed. */ +extern time_t MAX_TTL; +/** Minimum TTL that is allowed. */ +extern time_t MIN_TTL; +/** Negative cache time (for entries without any RRs.) */ +#define NORR_TTL 5 /* seconds */ + +/** + * Data stored in scratch pad memory during parsing. + * Stores the data that will enter into the msgreply and packet result. + */ +struct msg_parse { + /** id from message, network format. */ + uint16_t id; + /** flags from message, host format. */ + uint16_t flags; + /** count of RRs, host format */ + uint16_t qdcount; + /** count of RRs, host format */ + uint16_t ancount; + /** count of RRs, host format */ + uint16_t nscount; + /** count of RRs, host format */ + uint16_t arcount; + /** count of RRsets per section. */ + size_t an_rrsets; + /** count of RRsets per section. */ + size_t ns_rrsets; + /** count of RRsets per section. */ + size_t ar_rrsets; + /** total number of rrsets found. */ + size_t rrset_count; + + /** query dname (pointer to start location in packet, NULL if none */ + uint8_t* qname; + /** length of query dname in octets, 0 if none */ + size_t qname_len; + /** query type, host order. 0 if qdcount=0 */ + uint16_t qtype; + /** query class, host order. 0 if qdcount=0 */ + uint16_t qclass; + + /** + * Hash table array used during parsing to lookup rrset types. + * Based on name, type, class. Same hash value as in rrset cache. + */ + struct rrset_parse* hashtable[PARSE_TABLE_SIZE]; + + /** linked list of rrsets that have been found (in order). */ + struct rrset_parse* rrset_first; + /** last element of rrset list. */ + struct rrset_parse* rrset_last; +}; + +/** + * Data stored for an rrset during parsing. + */ +struct rrset_parse { + /** next in hash bucket */ + struct rrset_parse* rrset_bucket_next; + /** next in list of all rrsets */ + struct rrset_parse* rrset_all_next; + /** hash value of rrset */ + hashvalue_t hash; + /** which section was it found in: one of + * LDNS_SECTION_ANSWER, LDNS_SECTION_AUTHORITY, LDNS_SECTION_ADDITIONAL + */ + sldns_pkt_section section; + /** start of (possibly compressed) dname in packet */ + uint8_t* dname; + /** length of the dname uncompressed wireformat */ + size_t dname_len; + /** type, host order. */ + uint16_t type; + /** class, network order. var name so that it is not a c++ keyword. */ + uint16_t rrset_class; + /** the flags for the rrset, like for packedrrset */ + uint32_t flags; + /** number of RRs in the rr list */ + size_t rr_count; + /** sum of RR rdata sizes */ + size_t size; + /** linked list of RRs in this rrset. */ + struct rr_parse* rr_first; + /** last in list of RRs in this rrset. */ + struct rr_parse* rr_last; + /** number of RRSIGs over this rrset. */ + size_t rrsig_count; + /** linked list of RRsig RRs over this rrset. */ + struct rr_parse* rrsig_first; + /** last in list of RRSIG RRs over this rrset. */ + struct rr_parse* rrsig_last; +}; + +/** + * Data stored for an RR during parsing. + */ +struct rr_parse { + /** + * Pointer to the RR. Points to start of TTL value in the packet. + * Rdata length and rdata follow it. + * its dname, type and class are the same and stored for the rrset. + */ + uint8_t* ttl_data; + /** true if ttl_data is not part of the packet, but elsewhere in mem. + * Set for generated CNAMEs for DNAMEs. */ + int outside_packet; + /** the length of the rdata if allocated (with no dname compression)*/ + size_t size; + /** next in list of RRs. */ + struct rr_parse* next; +}; + +/** Check if label length is first octet of a compression pointer, pass u8. */ +#define LABEL_IS_PTR(x) ( ((x)&0xc0) == 0xc0 ) +/** Calculate destination offset of a compression pointer. pass first and + * second octets of the compression pointer. */ +#define PTR_OFFSET(x, y) ( ((x)&0x3f)<<8 | (y) ) +/** create a compression pointer to the given offset. */ +#define PTR_CREATE(offset) ((uint16_t)(0xc000 | (offset))) + +/** error codes, extended with EDNS, so > 15. */ +#define EDNS_RCODE_BADVERS 16 /** bad EDNS version */ +/** largest valid compression offset */ +#define PTR_MAX_OFFSET 0x3fff + +/** + * EDNS data storage + * EDNS rdata is ignored. + */ +struct edns_data { + /** if EDNS OPT record was present */ + int edns_present; + /** Extended RCODE */ + uint8_t ext_rcode; + /** The EDNS version number */ + uint8_t edns_version; + /** the EDNS bits field from ttl (host order): Z */ + uint16_t bits; + /** UDP reassembly size. */ + uint16_t udp_size; +}; + +/** + * Obtain size in the packet of an rr type, that is before dname type. + * Do TYPE_DNAME, and type STR, yourself. Gives size for most regular types. + * @param rdf: the rdf type from the descriptor. + * @return: size in octets. 0 on failure. + */ +size_t get_rdf_size(sldns_rdf_type rdf); + +/** + * Parse the packet. + * @param pkt: packet, position at call must be at start of packet. + * at end position is after packet. + * @param msg: where to store results. + * @param region: how to alloc results. + * @return: 0 if OK, or rcode on error. + */ +int parse_packet(struct sldns_buffer* pkt, struct msg_parse* msg, + struct regional* region); + +/** + * After parsing the packet, extract EDNS data from packet. + * If not present this is noted in the data structure. + * If a parse error happens, an error code is returned. + * + * Quirks: + * o ignores OPT rdata. + * o ignores OPT owner name. + * o ignores extra OPT records, except the last one in the packet. + * + * @param msg: parsed message structure. Modified on exit, if EDNS was present + * it is removed from the additional section. + * @param edns: the edns data is stored here. Does not have to be initialised. + * @return: 0 on success. or an RCODE on an error. + * RCODE formerr if OPT in wrong section, and so on. + */ +int parse_extract_edns(struct msg_parse* msg, struct edns_data* edns); + +/** + * If EDNS data follows a query section, extract it and initialize edns struct. + * @param pkt: the packet. position at start must be right after the query + * section. At end, right after EDNS data or no movement if failed. + * @param edns: the edns data allocated by the caller. Does not have to be + * initialised. + * @return: 0 on success, or an RCODE on error. + * RCODE formerr if OPT is badly formatted and so on. + */ +int parse_edns_from_pkt(struct sldns_buffer* pkt, struct edns_data* edns); + +/** + * Calculate hash value for rrset in packet. + * @param pkt: the packet. + * @param dname: pointer to uncompressed dname, or compressed dname in packet. + * @param type: rrset type in host order. + * @param dclass: rrset class in network order. + * @param rrset_flags: rrset flags (same as packed_rrset flags). + * @return hash value + */ +hashvalue_t pkt_hash_rrset(struct sldns_buffer* pkt, uint8_t* dname, uint16_t type, + uint16_t dclass, uint32_t rrset_flags); + +/** + * Lookup in msg hashtable to find a rrset. + * @param msg: with the hashtable. + * @param pkt: packet for compressed names. + * @param h: hash value + * @param rrset_flags: flags of rrset sought for. + * @param dname: name of rrset sought for. + * @param dnamelen: len of dname. + * @param type: rrset type, host order. + * @param dclass: rrset class, network order. + * @return NULL or the rrset_parse if found. + */ +struct rrset_parse* msgparse_hashtable_lookup(struct msg_parse* msg, + struct sldns_buffer* pkt, hashvalue_t h, uint32_t rrset_flags, + uint8_t* dname, size_t dnamelen, uint16_t type, uint16_t dclass); + +/** + * Remove rrset from hash table. + * @param msg: with hashtable. + * @param rrset: with hash value and id info. + */ +void msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset); + +#endif /* UTIL_DATA_MSGPARSE_H */ diff --git a/external/unbound/util/data/msgreply.c b/external/unbound/util/data/msgreply.c new file mode 100644 index 000000000..126e7bef4 --- /dev/null +++ b/external/unbound/util/data/msgreply.c @@ -0,0 +1,830 @@ +/* + * util/data/msgreply.c - store message and reply data. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains a data structure to store a message and its reply. + */ + +#include "config.h" +#include "util/data/msgreply.h" +#include "util/storage/lookup3.h" +#include "util/log.h" +#include "util/alloc.h" +#include "util/netevent.h" +#include "util/net_help.h" +#include "util/data/dname.h" +#include "util/regional.h" +#include "util/data/msgparse.h" +#include "util/data/msgencode.h" +#include "ldns/sbuffer.h" +#include "ldns/wire2str.h" + +/** MAX TTL default for messages and rrsets */ +time_t MAX_TTL = 3600 * 24 * 10; /* ten days */ +/** MIN TTL default for messages and rrsets */ +time_t MIN_TTL = 0; + +/** allocate qinfo, return 0 on error */ +static int +parse_create_qinfo(sldns_buffer* pkt, struct msg_parse* msg, + struct query_info* qinf, struct regional* region) +{ + if(msg->qname) { + if(region) + qinf->qname = (uint8_t*)regional_alloc(region, + msg->qname_len); + else qinf->qname = (uint8_t*)malloc(msg->qname_len); + if(!qinf->qname) return 0; + dname_pkt_copy(pkt, qinf->qname, msg->qname); + } else qinf->qname = 0; + qinf->qname_len = msg->qname_len; + qinf->qtype = msg->qtype; + qinf->qclass = msg->qclass; + return 1; +} + +/** constructor for replyinfo */ +struct reply_info* +construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, + time_t ttl, time_t prettl, size_t an, size_t ns, size_t ar, + size_t total, enum sec_status sec) +{ + struct reply_info* rep; + /* rrset_count-1 because the first ref is part of the struct. */ + size_t s = sizeof(struct reply_info) - sizeof(struct rrset_ref) + + sizeof(struct ub_packed_rrset_key*) * total; + if(region) + rep = (struct reply_info*)regional_alloc(region, s); + else rep = (struct reply_info*)malloc(s + + sizeof(struct rrset_ref) * (total)); + if(!rep) + return NULL; + rep->flags = flags; + rep->qdcount = qd; + rep->ttl = ttl; + rep->prefetch_ttl = prettl; + rep->an_numrrsets = an; + rep->ns_numrrsets = ns; + rep->ar_numrrsets = ar; + rep->rrset_count = total; + rep->security = sec; + rep->authoritative = 0; + /* array starts after the refs */ + if(region) + rep->rrsets = (struct ub_packed_rrset_key**)&(rep->ref[0]); + else rep->rrsets = (struct ub_packed_rrset_key**)&(rep->ref[total]); + /* zero the arrays to assist cleanup in case of malloc failure */ + memset( rep->rrsets, 0, sizeof(struct ub_packed_rrset_key*) * total); + if(!region) + memset( &rep->ref[0], 0, sizeof(struct rrset_ref) * total); + return rep; +} + +/** allocate replyinfo, return 0 on error */ +static int +parse_create_repinfo(struct msg_parse* msg, struct reply_info** rep, + struct regional* region) +{ + *rep = construct_reply_info_base(region, msg->flags, msg->qdcount, 0, + 0, msg->an_rrsets, msg->ns_rrsets, msg->ar_rrsets, + msg->rrset_count, sec_status_unchecked); + if(!*rep) + return 0; + return 1; +} + +/** allocate (special) rrset keys, return 0 on error */ +static int +repinfo_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc, + struct regional* region) +{ + size_t i; + for(i=0; i<rep->rrset_count; i++) { + if(region) { + rep->rrsets[i] = (struct ub_packed_rrset_key*) + regional_alloc(region, + sizeof(struct ub_packed_rrset_key)); + if(rep->rrsets[i]) { + memset(rep->rrsets[i], 0, + sizeof(struct ub_packed_rrset_key)); + rep->rrsets[i]->entry.key = rep->rrsets[i]; + } + } + else rep->rrsets[i] = alloc_special_obtain(alloc); + if(!rep->rrsets[i]) + return 0; + rep->rrsets[i]->entry.data = NULL; + } + return 1; +} + +/** do the rdata copy */ +static int +rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to, + struct rr_parse* rr, time_t* rr_ttl, uint16_t type) +{ + uint16_t pkt_len; + const sldns_rr_descriptor* desc; + + *rr_ttl = sldns_read_uint32(rr->ttl_data); + /* RFC 2181 Section 8. if msb of ttl is set treat as if zero. */ + if(*rr_ttl & 0x80000000U) + *rr_ttl = 0; + if(*rr_ttl < MIN_TTL) + *rr_ttl = MIN_TTL; + if(*rr_ttl < data->ttl) + data->ttl = *rr_ttl; + + if(rr->outside_packet) { + /* uncompressed already, only needs copy */ + memmove(to, rr->ttl_data+sizeof(uint32_t), rr->size); + return 1; + } + + sldns_buffer_set_position(pkt, (size_t) + (rr->ttl_data - sldns_buffer_begin(pkt) + sizeof(uint32_t))); + /* insert decompressed size into rdata len stored in memory */ + /* -2 because rdatalen bytes are not included. */ + pkt_len = htons(rr->size - 2); + memmove(to, &pkt_len, sizeof(uint16_t)); + to += 2; + /* read packet rdata len */ + pkt_len = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < pkt_len) + return 0; + desc = sldns_rr_descript(type); + if(pkt_len > 0 && desc && desc->_dname_count > 0) { + int count = (int)desc->_dname_count; + int rdf = 0; + size_t len; + size_t oldpos; + /* decompress dnames. */ + while(pkt_len > 0 && count) { + switch(desc->_wireformat[rdf]) { + case LDNS_RDF_TYPE_DNAME: + oldpos = sldns_buffer_position(pkt); + dname_pkt_copy(pkt, to, + sldns_buffer_current(pkt)); + to += pkt_dname_len(pkt); + pkt_len -= sldns_buffer_position(pkt)-oldpos; + count--; + len = 0; + break; + case LDNS_RDF_TYPE_STR: + len = sldns_buffer_current(pkt)[0] + 1; + break; + default: + len = get_rdf_size(desc->_wireformat[rdf]); + break; + } + if(len) { + memmove(to, sldns_buffer_current(pkt), len); + to += len; + sldns_buffer_skip(pkt, (ssize_t)len); + log_assert(len <= pkt_len); + pkt_len -= len; + } + rdf++; + } + } + /* copy remaining rdata */ + if(pkt_len > 0) + memmove(to, sldns_buffer_current(pkt), pkt_len); + + return 1; +} + +/** copy over the data into packed rrset */ +static int +parse_rr_copy(sldns_buffer* pkt, struct rrset_parse* pset, + struct packed_rrset_data* data) +{ + size_t i; + struct rr_parse* rr = pset->rr_first; + uint8_t* nextrdata; + size_t total = pset->rr_count + pset->rrsig_count; + data->ttl = MAX_TTL; + data->count = pset->rr_count; + data->rrsig_count = pset->rrsig_count; + data->trust = rrset_trust_none; + data->security = sec_status_unchecked; + /* layout: struct - rr_len - rr_data - rr_ttl - rdata - rrsig */ + data->rr_len = (size_t*)((uint8_t*)data + + sizeof(struct packed_rrset_data)); + data->rr_data = (uint8_t**)&(data->rr_len[total]); + data->rr_ttl = (time_t*)&(data->rr_data[total]); + nextrdata = (uint8_t*)&(data->rr_ttl[total]); + for(i=0; i<data->count; i++) { + data->rr_len[i] = rr->size; + data->rr_data[i] = nextrdata; + nextrdata += rr->size; + if(!rdata_copy(pkt, data, data->rr_data[i], rr, + &data->rr_ttl[i], pset->type)) + return 0; + rr = rr->next; + } + /* if rrsig, its rdata is at nextrdata */ + rr = pset->rrsig_first; + for(i=data->count; i<total; i++) { + data->rr_len[i] = rr->size; + data->rr_data[i] = nextrdata; + nextrdata += rr->size; + if(!rdata_copy(pkt, data, data->rr_data[i], rr, + &data->rr_ttl[i], LDNS_RR_TYPE_RRSIG)) + return 0; + rr = rr->next; + } + return 1; +} + +/** create rrset return 0 on failure */ +static int +parse_create_rrset(sldns_buffer* pkt, struct rrset_parse* pset, + struct packed_rrset_data** data, struct regional* region) +{ + /* allocate */ + size_t s = sizeof(struct packed_rrset_data) + + (pset->rr_count + pset->rrsig_count) * + (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)) + + pset->size; + if(region) + *data = regional_alloc(region, s); + else *data = malloc(s); + if(!*data) + return 0; + /* copy & decompress */ + if(!parse_rr_copy(pkt, pset, *data)) { + if(!region) free(*data); + return 0; + } + return 1; +} + +/** get trust value for rrset */ +static enum rrset_trust +get_rrset_trust(struct msg_parse* msg, struct rrset_parse* rrset) +{ + uint16_t AA = msg->flags & BIT_AA; + if(rrset->section == LDNS_SECTION_ANSWER) { + if(AA) { + /* RFC2181 says remainder of CNAME chain is nonauth*/ + if(msg->rrset_first && + msg->rrset_first->section==LDNS_SECTION_ANSWER + && msg->rrset_first->type==LDNS_RR_TYPE_CNAME){ + if(rrset == msg->rrset_first) + return rrset_trust_ans_AA; + else return rrset_trust_ans_noAA; + } + if(msg->rrset_first && + msg->rrset_first->section==LDNS_SECTION_ANSWER + && msg->rrset_first->type==LDNS_RR_TYPE_DNAME){ + if(rrset == msg->rrset_first || + rrset == msg->rrset_first->rrset_all_next) + return rrset_trust_ans_AA; + else return rrset_trust_ans_noAA; + } + return rrset_trust_ans_AA; + } + else return rrset_trust_ans_noAA; + } else if(rrset->section == LDNS_SECTION_AUTHORITY) { + if(AA) return rrset_trust_auth_AA; + else return rrset_trust_auth_noAA; + } else { + /* addit section */ + if(AA) return rrset_trust_add_AA; + else return rrset_trust_add_noAA; + } + /* NOTREACHED */ + return rrset_trust_none; +} + +int +parse_copy_decompress_rrset(sldns_buffer* pkt, struct msg_parse* msg, + struct rrset_parse *pset, struct regional* region, + struct ub_packed_rrset_key* pk) +{ + struct packed_rrset_data* data; + pk->rk.flags = pset->flags; + pk->rk.dname_len = pset->dname_len; + if(region) + pk->rk.dname = (uint8_t*)regional_alloc( + region, pset->dname_len); + else pk->rk.dname = + (uint8_t*)malloc(pset->dname_len); + if(!pk->rk.dname) + return 0; + /** copy & decompress dname */ + dname_pkt_copy(pkt, pk->rk.dname, pset->dname); + /** copy over type and class */ + pk->rk.type = htons(pset->type); + pk->rk.rrset_class = pset->rrset_class; + /** read data part. */ + if(!parse_create_rrset(pkt, pset, &data, region)) + return 0; + pk->entry.data = (void*)data; + pk->entry.key = (void*)pk; + pk->entry.hash = pset->hash; + data->trust = get_rrset_trust(msg, pset); + return 1; +} + +/** + * Copy and decompress rrs + * @param pkt: the packet for compression pointer resolution. + * @param msg: the parsed message + * @param rep: reply info to put rrs into. + * @param region: if not NULL, used for allocation. + * @return 0 on failure. + */ +static int +parse_copy_decompress(sldns_buffer* pkt, struct msg_parse* msg, + struct reply_info* rep, struct regional* region) +{ + size_t i; + struct rrset_parse *pset = msg->rrset_first; + struct packed_rrset_data* data; + log_assert(rep); + rep->ttl = MAX_TTL; + rep->security = sec_status_unchecked; + if(rep->rrset_count == 0) + rep->ttl = NORR_TTL; + + for(i=0; i<rep->rrset_count; i++) { + if(!parse_copy_decompress_rrset(pkt, msg, pset, region, + rep->rrsets[i])) + return 0; + data = (struct packed_rrset_data*)rep->rrsets[i]->entry.data; + if(data->ttl < rep->ttl) + rep->ttl = data->ttl; + + pset = pset->rrset_all_next; + } + rep->prefetch_ttl = PREFETCH_TTL_CALC(rep->ttl); + return 1; +} + +int +parse_create_msg(sldns_buffer* pkt, struct msg_parse* msg, + struct alloc_cache* alloc, struct query_info* qinf, + struct reply_info** rep, struct regional* region) +{ + log_assert(pkt && msg); + if(!parse_create_qinfo(pkt, msg, qinf, region)) + return 0; + if(!parse_create_repinfo(msg, rep, region)) + return 0; + if(!repinfo_alloc_rrset_keys(*rep, alloc, region)) + return 0; + if(!parse_copy_decompress(pkt, msg, *rep, region)) + return 0; + return 1; +} + +int reply_info_parse(sldns_buffer* pkt, struct alloc_cache* alloc, + struct query_info* qinf, struct reply_info** rep, + struct regional* region, struct edns_data* edns) +{ + /* use scratch pad region-allocator during parsing. */ + struct msg_parse* msg; + int ret; + + qinf->qname = NULL; + *rep = NULL; + if(!(msg = regional_alloc(region, sizeof(*msg)))) { + return LDNS_RCODE_SERVFAIL; + } + memset(msg, 0, sizeof(*msg)); + + sldns_buffer_set_position(pkt, 0); + if((ret = parse_packet(pkt, msg, region)) != 0) { + return ret; + } + if((ret = parse_extract_edns(msg, edns)) != 0) + return ret; + + /* parse OK, allocate return structures */ + /* this also performs dname decompression */ + if(!parse_create_msg(pkt, msg, alloc, qinf, rep, NULL)) { + query_info_clear(qinf); + reply_info_parsedelete(*rep, alloc); + *rep = NULL; + return LDNS_RCODE_SERVFAIL; + } + return 0; +} + +/** helper compare function to sort in lock order */ +static int +reply_info_sortref_cmp(const void* a, const void* b) +{ + struct rrset_ref* x = (struct rrset_ref*)a; + struct rrset_ref* y = (struct rrset_ref*)b; + if(x->key < y->key) return -1; + if(x->key > y->key) return 1; + return 0; +} + +void +reply_info_sortref(struct reply_info* rep) +{ + qsort(&rep->ref[0], rep->rrset_count, sizeof(struct rrset_ref), + reply_info_sortref_cmp); +} + +void +reply_info_set_ttls(struct reply_info* rep, time_t timenow) +{ + size_t i, j; + rep->ttl += timenow; + rep->prefetch_ttl += timenow; + for(i=0; i<rep->rrset_count; i++) { + struct packed_rrset_data* data = (struct packed_rrset_data*) + rep->ref[i].key->entry.data; + if(i>0 && rep->ref[i].key == rep->ref[i-1].key) + continue; + data->ttl += timenow; + for(j=0; j<data->count + data->rrsig_count; j++) { + data->rr_ttl[j] += timenow; + } + } +} + +void +reply_info_parsedelete(struct reply_info* rep, struct alloc_cache* alloc) +{ + size_t i; + if(!rep) + return; + /* no need to lock, since not shared in hashtables. */ + for(i=0; i<rep->rrset_count; i++) { + ub_packed_rrset_parsedelete(rep->rrsets[i], alloc); + } + free(rep); +} + +int +query_info_parse(struct query_info* m, sldns_buffer* query) +{ + uint8_t* q = sldns_buffer_begin(query); + /* minimum size: header + \0 + qtype + qclass */ + if(sldns_buffer_limit(query) < LDNS_HEADER_SIZE + 5) + return 0; + if(LDNS_OPCODE_WIRE(q) != LDNS_PACKET_QUERY || + LDNS_QDCOUNT(q) != 1 || sldns_buffer_position(query) != 0) + return 0; + sldns_buffer_skip(query, LDNS_HEADER_SIZE); + m->qname = sldns_buffer_current(query); + if((m->qname_len = query_dname_len(query)) == 0) + return 0; /* parse error */ + if(sldns_buffer_remaining(query) < 4) + return 0; /* need qtype, qclass */ + m->qtype = sldns_buffer_read_u16(query); + m->qclass = sldns_buffer_read_u16(query); + return 1; +} + +/** tiny subroutine for msgreply_compare */ +#define COMPARE_IT(x, y) \ + if( (x) < (y) ) return -1; \ + else if( (x) > (y) ) return +1; \ + log_assert( (x) == (y) ); + +int +query_info_compare(void* m1, void* m2) +{ + struct query_info* msg1 = (struct query_info*)m1; + struct query_info* msg2 = (struct query_info*)m2; + int mc; + /* from most different to least different for speed */ + COMPARE_IT(msg1->qtype, msg2->qtype); + if((mc = query_dname_compare(msg1->qname, msg2->qname)) != 0) + return mc; + log_assert(msg1->qname_len == msg2->qname_len); + COMPARE_IT(msg1->qclass, msg2->qclass); + return 0; +#undef COMPARE_IT +} + +void +query_info_clear(struct query_info* m) +{ + free(m->qname); + m->qname = NULL; +} + +size_t +msgreply_sizefunc(void* k, void* d) +{ + struct msgreply_entry* q = (struct msgreply_entry*)k; + struct reply_info* r = (struct reply_info*)d; + size_t s = sizeof(struct msgreply_entry) + sizeof(struct reply_info) + + q->key.qname_len + lock_get_mem(&q->entry.lock) + - sizeof(struct rrset_ref); + s += r->rrset_count * sizeof(struct rrset_ref); + s += r->rrset_count * sizeof(struct ub_packed_rrset_key*); + return s; +} + +void +query_entry_delete(void *k, void* ATTR_UNUSED(arg)) +{ + struct msgreply_entry* q = (struct msgreply_entry*)k; + lock_rw_destroy(&q->entry.lock); + query_info_clear(&q->key); + free(q); +} + +void +reply_info_delete(void* d, void* ATTR_UNUSED(arg)) +{ + struct reply_info* r = (struct reply_info*)d; + free(r); +} + +hashvalue_t +query_info_hash(struct query_info *q) +{ + hashvalue_t h = 0xab; + h = hashlittle(&q->qtype, sizeof(q->qtype), h); + h = hashlittle(&q->qclass, sizeof(q->qclass), h); + h = dname_query_hash(q->qname, h); + return h; +} + +struct msgreply_entry* +query_info_entrysetup(struct query_info* q, struct reply_info* r, + hashvalue_t h) +{ + struct msgreply_entry* e = (struct msgreply_entry*)malloc( + sizeof(struct msgreply_entry)); + if(!e) return NULL; + memcpy(&e->key, q, sizeof(*q)); + e->entry.hash = h; + e->entry.key = e; + e->entry.data = r; + lock_rw_init(&e->entry.lock); + lock_protect(&e->entry.lock, &e->key, sizeof(e->key)); + lock_protect(&e->entry.lock, &e->entry.hash, sizeof(e->entry.hash) + + sizeof(e->entry.key) + sizeof(e->entry.data)); + lock_protect(&e->entry.lock, e->key.qname, e->key.qname_len); + q->qname = NULL; + return e; +} + +/** copy rrsets from replyinfo to dest replyinfo */ +static int +repinfo_copy_rrsets(struct reply_info* dest, struct reply_info* from, + struct regional* region) +{ + size_t i, s; + struct packed_rrset_data* fd, *dd; + struct ub_packed_rrset_key* fk, *dk; + for(i=0; i<dest->rrset_count; i++) { + fk = from->rrsets[i]; + dk = dest->rrsets[i]; + fd = (struct packed_rrset_data*)fk->entry.data; + dk->entry.hash = fk->entry.hash; + dk->rk = fk->rk; + if(region) { + dk->id = fk->id; + dk->rk.dname = (uint8_t*)regional_alloc_init(region, + fk->rk.dname, fk->rk.dname_len); + } else + dk->rk.dname = (uint8_t*)memdup(fk->rk.dname, + fk->rk.dname_len); + if(!dk->rk.dname) + return 0; + s = packed_rrset_sizeof(fd); + if(region) + dd = (struct packed_rrset_data*)regional_alloc_init( + region, fd, s); + else dd = (struct packed_rrset_data*)memdup(fd, s); + if(!dd) + return 0; + packed_rrset_ptr_fixup(dd); + dk->entry.data = (void*)dd; + } + return 1; +} + +struct reply_info* +reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, + struct regional* region) +{ + struct reply_info* cp; + cp = construct_reply_info_base(region, rep->flags, rep->qdcount, + rep->ttl, rep->prefetch_ttl, rep->an_numrrsets, + rep->ns_numrrsets, rep->ar_numrrsets, rep->rrset_count, + rep->security); + if(!cp) + return NULL; + /* allocate ub_key structures special or not */ + if(!repinfo_alloc_rrset_keys(cp, alloc, region)) { + if(!region) + reply_info_parsedelete(cp, alloc); + return NULL; + } + if(!repinfo_copy_rrsets(cp, rep, region)) { + if(!region) + reply_info_parsedelete(cp, alloc); + return NULL; + } + return cp; +} + +uint8_t* +reply_find_final_cname_target(struct query_info* qinfo, struct reply_info* rep) +{ + uint8_t* sname = qinfo->qname; + size_t snamelen = qinfo->qname_len; + size_t i; + for(i=0; i<rep->an_numrrsets; i++) { + struct ub_packed_rrset_key* s = rep->rrsets[i]; + /* follow CNAME chain (if any) */ + if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && + ntohs(s->rk.rrset_class) == qinfo->qclass && + snamelen == s->rk.dname_len && + query_dname_compare(sname, s->rk.dname) == 0) { + get_cname_target(s, &sname, &snamelen); + } + } + if(sname != qinfo->qname) + return sname; + return NULL; +} + +struct ub_packed_rrset_key* +reply_find_answer_rrset(struct query_info* qinfo, struct reply_info* rep) +{ + uint8_t* sname = qinfo->qname; + size_t snamelen = qinfo->qname_len; + size_t i; + for(i=0; i<rep->an_numrrsets; i++) { + struct ub_packed_rrset_key* s = rep->rrsets[i]; + /* first match type, for query of qtype cname */ + if(ntohs(s->rk.type) == qinfo->qtype && + ntohs(s->rk.rrset_class) == qinfo->qclass && + snamelen == s->rk.dname_len && + query_dname_compare(sname, s->rk.dname) == 0) { + return s; + } + /* follow CNAME chain (if any) */ + if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && + ntohs(s->rk.rrset_class) == qinfo->qclass && + snamelen == s->rk.dname_len && + query_dname_compare(sname, s->rk.dname) == 0) { + get_cname_target(s, &sname, &snamelen); + } + } + return NULL; +} + +struct ub_packed_rrset_key* reply_find_rrset_section_an(struct reply_info* rep, + uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass) +{ + size_t i; + for(i=0; i<rep->an_numrrsets; i++) { + struct ub_packed_rrset_key* s = rep->rrsets[i]; + if(ntohs(s->rk.type) == type && + ntohs(s->rk.rrset_class) == dclass && + namelen == s->rk.dname_len && + query_dname_compare(name, s->rk.dname) == 0) { + return s; + } + } + return NULL; +} + +struct ub_packed_rrset_key* reply_find_rrset_section_ns(struct reply_info* rep, + uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass) +{ + size_t i; + for(i=rep->an_numrrsets; i<rep->an_numrrsets+rep->ns_numrrsets; i++) { + struct ub_packed_rrset_key* s = rep->rrsets[i]; + if(ntohs(s->rk.type) == type && + ntohs(s->rk.rrset_class) == dclass && + namelen == s->rk.dname_len && + query_dname_compare(name, s->rk.dname) == 0) { + return s; + } + } + return NULL; +} + +struct ub_packed_rrset_key* reply_find_rrset(struct reply_info* rep, + uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass) +{ + size_t i; + for(i=0; i<rep->rrset_count; i++) { + struct ub_packed_rrset_key* s = rep->rrsets[i]; + if(ntohs(s->rk.type) == type && + ntohs(s->rk.rrset_class) == dclass && + namelen == s->rk.dname_len && + query_dname_compare(name, s->rk.dname) == 0) { + return s; + } + } + return NULL; +} + +void +log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* rep) +{ + /* not particularly fast but flexible, make wireformat and print */ + sldns_buffer* buf = sldns_buffer_new(65535); + struct regional* region = regional_create(); + if(!reply_info_encode(qinfo, rep, 0, rep->flags, buf, 0, + region, 65535, 1)) { + log_info("%s: log_dns_msg: out of memory", str); + } else { + char* str = sldns_wire2str_pkt(sldns_buffer_begin(buf), + sldns_buffer_limit(buf)); + if(!str) { + log_info("%s: log_dns_msg: ldns tostr failed", str); + } else { + log_info("%s %s", + str, (char*)sldns_buffer_begin(buf)); + } + free(str); + } + sldns_buffer_free(buf); + regional_destroy(region); +} + +void +log_query_info(enum verbosity_value v, const char* str, + struct query_info* qinf) +{ + log_nametypeclass(v, str, qinf->qname, qinf->qtype, qinf->qclass); +} + +int +reply_check_cname_chain(struct reply_info* rep) +{ + /* check only answer section rrs for matching cname chain. + * the cache may return changed rdata, but owner names are untouched.*/ + size_t i; + uint8_t* sname = rep->rrsets[0]->rk.dname; + size_t snamelen = rep->rrsets[0]->rk.dname_len; + for(i=0; i<rep->an_numrrsets; i++) { + uint16_t t = ntohs(rep->rrsets[i]->rk.type); + if(t == LDNS_RR_TYPE_DNAME) + continue; /* skip dnames; note TTL 0 not cached */ + /* verify that owner matches current sname */ + if(query_dname_compare(sname, rep->rrsets[i]->rk.dname) != 0){ + /* cname chain broken */ + return 0; + } + /* if this is a cname; move on */ + if(t == LDNS_RR_TYPE_CNAME) { + get_cname_target(rep->rrsets[i], &sname, &snamelen); + } + } + return 1; +} + +int +reply_all_rrsets_secure(struct reply_info* rep) +{ + size_t i; + for(i=0; i<rep->rrset_count; i++) { + if( ((struct packed_rrset_data*)rep->rrsets[i]->entry.data) + ->security != sec_status_secure ) + return 0; + } + return 1; +} diff --git a/external/unbound/util/data/msgreply.h b/external/unbound/util/data/msgreply.h new file mode 100644 index 000000000..ccbd0d748 --- /dev/null +++ b/external/unbound/util/data/msgreply.h @@ -0,0 +1,438 @@ +/* + * util/data/msgreply.h - store message and reply data. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains a data structure to store a message and its reply. + */ + +#ifndef UTIL_DATA_MSGREPLY_H +#define UTIL_DATA_MSGREPLY_H +#include "util/storage/lruhash.h" +#include "util/data/packed_rrset.h" +struct sldns_buffer; +struct comm_reply; +struct alloc_cache; +struct iovec; +struct regional; +struct edns_data; +struct msg_parse; +struct rrset_parse; + +/** calculate the prefetch TTL as 90% of original. Calculation + * without numerical overflow (uin32_t) */ +#define PREFETCH_TTL_CALC(ttl) ((ttl) - (ttl)/10) + +/** + * Structure to store query information that makes answers to queries + * different. + */ +struct query_info { + /** + * Salient data on the query: qname, in wireformat. + * can be allocated or a pointer to outside buffer. + * User has to keep track on the status of this. + */ + uint8_t* qname; + /** length of qname (including last 0 octet) */ + size_t qname_len; + /** qtype, host byte order */ + uint16_t qtype; + /** qclass, host byte order */ + uint16_t qclass; +}; + +/** + * Information to reference an rrset + */ +struct rrset_ref { + /** the key with lock, and ptr to packed data. */ + struct ub_packed_rrset_key* key; + /** id needed */ + rrset_id_t id; +}; + +/** + * Structure to store DNS query and the reply packet. + * To use it, copy over the flags from reply and modify using flags from + * the query (RD,CD if not AA). prepend ID. + * + * Memory layout is: + * o struct + * o rrset_ref array + * o packed_rrset_key* array. + * + * Memory layout is sometimes not packed, when the message is synthesized, + * for easy of the generation. It is allocated packed when it is copied + * from the region allocation to the malloc allocation. + */ +struct reply_info { + /** the flags for the answer, host byte order. */ + uint16_t flags; + + /** + * This flag informs unbound the answer is authoritative and + * the AA flag should be preserved. + */ + uint8_t authoritative; + + /** + * Number of RRs in the query section. + * If qdcount is not 0, then it is 1, and the data that appears + * in the reply is the same as the query_info. + * Host byte order. + */ + uint8_t qdcount; + + /** 32 bit padding to pad struct member alignment to 64 bits. */ + uint32_t padding; + + /** + * TTL of the entire reply (for negative caching). + * only for use when there are 0 RRsets in this message. + * if there are RRsets, check those instead. + */ + time_t ttl; + + /** + * TTL for prefetch. After it has expired, a prefetch is suitable. + * Smaller than the TTL, otherwise the prefetch would not happen. + */ + time_t prefetch_ttl; + + /** + * The security status from DNSSEC validation of this message. + */ + enum sec_status security; + + /** + * Number of RRsets in each section. + * The answer section. Add up the RRs in every RRset to calculate + * the number of RRs, and the count for the dns packet. + * The number of RRs in RRsets can change due to RRset updates. + */ + size_t an_numrrsets; + + /** Count of authority section RRsets */ + size_t ns_numrrsets; + /** Count of additional section RRsets */ + size_t ar_numrrsets; + + /** number of RRsets: an_numrrsets + ns_numrrsets + ar_numrrsets */ + size_t rrset_count; + + /** + * List of pointers (only) to the rrsets in the order in which + * they appear in the reply message. + * Number of elements is ancount+nscount+arcount RRsets. + * This is a pointer to that array. + * Use the accessor function for access. + */ + struct ub_packed_rrset_key** rrsets; + + /** + * Packed array of ids (see counts) and pointers to packed_rrset_key. + * The number equals ancount+nscount+arcount RRsets. + * These are sorted in ascending pointer, the locking order. So + * this list can be locked (and id, ttl checked), to see if + * all the data is available and recent enough. + * + * This is defined as an array of size 1, so that the compiler + * associates the identifier with this position in the structure. + * Array bound overflow on this array then gives access to the further + * elements of the array, which are allocated after the main structure. + * + * It could be more pure to define as array of size 0, ref[0]. + * But ref[1] may be less confusing for compilers. + * Use the accessor function for access. + */ + struct rrset_ref ref[1]; +}; + +/** + * Structure to keep hash table entry for message replies. + */ +struct msgreply_entry { + /** the hash table key */ + struct query_info key; + /** the hash table entry, data is struct reply_info* */ + struct lruhash_entry entry; +}; + +/** + * Constructor for replyinfo. + * @param region: where to allocate the results, pass NULL to use malloc. + * @param flags: flags for the replyinfo. + * @param qd: qd count + * @param ttl: TTL of replyinfo + * @param prettl: prefetch ttl + * @param an: an count + * @param ns: ns count + * @param ar: ar count + * @param total: total rrset count (presumably an+ns+ar). + * @param sec: security status of the reply info. + * @return the reply_info base struct with the array for putting the rrsets + * in. The array has been zeroed. Returns NULL on malloc failure. + */ +struct reply_info* +construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, + time_t ttl, time_t prettl, size_t an, size_t ns, size_t ar, + size_t total, enum sec_status sec); + +/** + * Parse wire query into a queryinfo structure, return 0 on parse error. + * initialises the (prealloced) queryinfo structure as well. + * This query structure contains a pointer back info the buffer! + * This pointer avoids memory allocation. allocqname does memory allocation. + * @param m: the prealloced queryinfo structure to put query into. + * must be unused, or _clear()ed. + * @param query: the wireformat packet query. starts with ID. + * @return: 0 on format error. + */ +int query_info_parse(struct query_info* m, struct sldns_buffer* query); + +/** + * Parse query reply. + * Fills in preallocated query_info structure (with ptr into buffer). + * Allocates reply_info and packed_rrsets. These are not yet added to any + * caches or anything, this is only parsing. Returns formerror on qdcount > 1. + * @param pkt: the packet buffer. Must be positioned after the query section. + * @param alloc: creates packed rrset key structures. + * @param rep: allocated reply_info is returned (only on no error). + * @param qinf: query_info is returned (only on no error). + * @param region: where to store temporary data (for parsing). + * @param edns: where to store edns information, does not need to be inited. + * @return: zero is OK, or DNS error code in case of error + * o FORMERR for parse errors. + * o SERVFAIL for memory allocation errors. + */ +int reply_info_parse(struct sldns_buffer* pkt, struct alloc_cache* alloc, + struct query_info* qinf, struct reply_info** rep, + struct regional* region, struct edns_data* edns); + +/** + * Allocate and decompress parsed message and rrsets. + * @param pkt: for name decompression. + * @param msg: parsed message in scratch region. + * @param alloc: alloc cache for special rrset key structures. + * Not used if region!=NULL, it can be NULL in that case. + * @param qinf: where to store query info. + * qinf itself is allocated by the caller. + * @param rep: reply info is allocated and returned. + * @param region: if this parameter is NULL then malloc and the alloc is used. + * otherwise, everything is allocated in this region. + * In a region, no special rrset key structures are needed (not shared), + * and no rrset_ref array in the reply is built up. + * @return 0 if allocation failed. + */ +int parse_create_msg(struct sldns_buffer* pkt, struct msg_parse* msg, + struct alloc_cache* alloc, struct query_info* qinf, + struct reply_info** rep, struct regional* region); + +/** + * Sorts the ref array. + * @param rep: reply info. rrsets must be filled in. + */ +void reply_info_sortref(struct reply_info* rep); + +/** + * Set TTLs inside the replyinfo to absolute values. + * @param rep: reply info. rrsets must be filled in. + * Also refs must be filled in. + * @param timenow: the current time. + */ +void reply_info_set_ttls(struct reply_info* rep, time_t timenow); + +/** + * Delete reply_info and packed_rrsets (while they are not yet added to the + * hashtables.). Returns rrsets to the alloc cache. + * @param rep: reply_info to delete. + * @param alloc: where to return rrset structures to. + */ +void reply_info_parsedelete(struct reply_info* rep, struct alloc_cache* alloc); + +/** + * Compare two queryinfo structures, on query and type, class. + * It is _not_ sorted in canonical ordering. + * @param m1: struct query_info* , void* here to ease use as function pointer. + * @param m2: struct query_info* , void* here to ease use as function pointer. + * @return: 0 = same, -1 m1 is smaller, +1 m1 is larger. + */ +int query_info_compare(void* m1, void* m2); + +/** clear out query info structure */ +void query_info_clear(struct query_info* m); + +/** calculate size of struct query_info + reply_info */ +size_t msgreply_sizefunc(void* k, void* d); + +/** delete msgreply_entry key structure */ +void query_entry_delete(void *q, void* arg); + +/** delete reply_info data structure */ +void reply_info_delete(void* d, void* arg); + +/** calculate hash value of query_info, lowercases the qname */ +hashvalue_t query_info_hash(struct query_info *q); + +/** + * Setup query info entry + * @param q: query info to copy. Emptied as if clear is called. + * @param r: reply to init data. + * @param h: hash value. + * @return: newly allocated message reply cache item. + */ +struct msgreply_entry* query_info_entrysetup(struct query_info* q, + struct reply_info* r, hashvalue_t h); + +/** + * Copy reply_info and all rrsets in it and allocate. + * @param rep: what to copy, probably inside region, no ref[] array in it. + * @param alloc: how to allocate rrset keys. + * Not used if region!=NULL, it can be NULL in that case. + * @param region: if this parameter is NULL then malloc and the alloc is used. + * otherwise, everything is allocated in this region. + * In a region, no special rrset key structures are needed (not shared), + * and no rrset_ref array in the reply is built up. + * @return new reply info or NULL on memory error. + */ +struct reply_info* reply_info_copy(struct reply_info* rep, + struct alloc_cache* alloc, struct regional* region); + +/** + * Copy a parsed rrset into given key, decompressing and allocating rdata. + * @param pkt: packet for decompression + * @param msg: the parser message (for flags for trust). + * @param pset: the parsed rrset to copy. + * @param region: if NULL - malloc, else data is allocated in this region. + * @param pk: a freshly obtained rrsetkey structure. No dname is set yet, + * will be set on return. + * Note that TTL will still be relative on return. + * @return false on alloc failure. + */ +int parse_copy_decompress_rrset(struct sldns_buffer* pkt, struct msg_parse* msg, + struct rrset_parse *pset, struct regional* region, + struct ub_packed_rrset_key* pk); + +/** + * Find final cname target in reply, the one matching qinfo. Follows CNAMEs. + * @param qinfo: what to start with. + * @param rep: looks in answer section of this message. + * @return: pointer dname, or NULL if not found. + */ +uint8_t* reply_find_final_cname_target(struct query_info* qinfo, + struct reply_info* rep); + +/** + * Check if cname chain in cached reply is still valid. + * @param rep: reply to check. + * @return: true if valid, false if invalid. + */ +int reply_check_cname_chain(struct reply_info* rep); + +/** + * Check security status of all RRs in the message. + * @param rep: reply to check + * @return: true if all RRs are secure. False if not. + * True if there are zero RRs. + */ +int reply_all_rrsets_secure(struct reply_info* rep); + +/** + * Find answer rrset in reply, the one matching qinfo. Follows CNAMEs, so the + * result may have a different owner name. + * @param qinfo: what to look for. + * @param rep: looks in answer section of this message. + * @return: pointer to rrset, or NULL if not found. + */ +struct ub_packed_rrset_key* reply_find_answer_rrset(struct query_info* qinfo, + struct reply_info* rep); + +/** + * Find rrset in reply, inside the answer section. Does not follow CNAMEs. + * @param rep: looks in answer section of this message. + * @param name: what to look for. + * @param namelen: length of name. + * @param type: looks for (host order). + * @param dclass: looks for (host order). + * @return: pointer to rrset, or NULL if not found. + */ +struct ub_packed_rrset_key* reply_find_rrset_section_an(struct reply_info* rep, + uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass); + +/** + * Find rrset in reply, inside the authority section. Does not follow CNAMEs. + * @param rep: looks in authority section of this message. + * @param name: what to look for. + * @param namelen: length of name. + * @param type: looks for (host order). + * @param dclass: looks for (host order). + * @return: pointer to rrset, or NULL if not found. + */ +struct ub_packed_rrset_key* reply_find_rrset_section_ns(struct reply_info* rep, + uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass); + +/** + * Find rrset in reply, inside any section. Does not follow CNAMEs. + * @param rep: looks in answer,authority and additional section of this message. + * @param name: what to look for. + * @param namelen: length of name. + * @param type: looks for (host order). + * @param dclass: looks for (host order). + * @return: pointer to rrset, or NULL if not found. + */ +struct ub_packed_rrset_key* reply_find_rrset(struct reply_info* rep, + uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass); + +/** + * Debug send the query info and reply info to the log in readable form. + * @param str: descriptive string printed with packet content. + * @param qinfo: query section. + * @param rep: rest of message. + */ +void log_dns_msg(const char* str, struct query_info* qinfo, + struct reply_info* rep); + +/** + * Print string with neat domain name, type, class from query info. + * @param v: at what verbosity level to print this. + * @param str: string of message. + * @param qinf: query info structure with name, type and class. + */ +void log_query_info(enum verbosity_value v, const char* str, + struct query_info* qinf); + +#endif /* UTIL_DATA_MSGREPLY_H */ diff --git a/external/unbound/util/data/packed_rrset.c b/external/unbound/util/data/packed_rrset.c new file mode 100644 index 000000000..807468576 --- /dev/null +++ b/external/unbound/util/data/packed_rrset.c @@ -0,0 +1,389 @@ +/* + * util/data/packed_rrset.c - data storage for a set of resource records. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains the data storage for RRsets. + */ + +#include "config.h" +#include "util/data/packed_rrset.h" +#include "util/data/dname.h" +#include "util/storage/lookup3.h" +#include "util/log.h" +#include "util/alloc.h" +#include "util/regional.h" +#include "util/net_help.h" +#include "ldns/rrdef.h" +#include "ldns/sbuffer.h" +#include "ldns/wire2str.h" + +void +ub_packed_rrset_parsedelete(struct ub_packed_rrset_key* pkey, + struct alloc_cache* alloc) +{ + if(!pkey) + return; + if(pkey->entry.data) + free(pkey->entry.data); + pkey->entry.data = NULL; + if(pkey->rk.dname) + free(pkey->rk.dname); + pkey->rk.dname = NULL; + pkey->id = 0; + alloc_special_release(alloc, pkey); +} + +size_t +ub_rrset_sizefunc(void* key, void* data) +{ + struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)key; + struct packed_rrset_data* d = (struct packed_rrset_data*)data; + size_t s = sizeof(struct ub_packed_rrset_key) + k->rk.dname_len; + s += packed_rrset_sizeof(d) + lock_get_mem(&k->entry.lock); + return s; +} + +size_t +packed_rrset_sizeof(struct packed_rrset_data* d) +{ + size_t s; + if(d->rrsig_count > 0) { + s = ((uint8_t*)d->rr_data[d->count+d->rrsig_count-1] - + (uint8_t*)d) + d->rr_len[d->count+d->rrsig_count-1]; + } else { + log_assert(d->count > 0); + s = ((uint8_t*)d->rr_data[d->count-1] - (uint8_t*)d) + + d->rr_len[d->count-1]; + } + return s; +} + +int +ub_rrset_compare(void* k1, void* k2) +{ + struct ub_packed_rrset_key* key1 = (struct ub_packed_rrset_key*)k1; + struct ub_packed_rrset_key* key2 = (struct ub_packed_rrset_key*)k2; + int c; + if(key1 == key2) + return 0; + if(key1->rk.type != key2->rk.type) { + if(key1->rk.type < key2->rk.type) + return -1; + return 1; + } + if(key1->rk.dname_len != key2->rk.dname_len) { + if(key1->rk.dname_len < key2->rk.dname_len) + return -1; + return 1; + } + if((c=query_dname_compare(key1->rk.dname, key2->rk.dname)) != 0) + return c; + if(key1->rk.rrset_class != key2->rk.rrset_class) { + if(key1->rk.rrset_class < key2->rk.rrset_class) + return -1; + return 1; + } + if(key1->rk.flags != key2->rk.flags) { + if(key1->rk.flags < key2->rk.flags) + return -1; + return 1; + } + return 0; +} + +void +ub_rrset_key_delete(void* key, void* userdata) +{ + struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)key; + struct alloc_cache* a = (struct alloc_cache*)userdata; + k->id = 0; + free(k->rk.dname); + k->rk.dname = NULL; + alloc_special_release(a, k); +} + +void +rrset_data_delete(void* data, void* ATTR_UNUSED(userdata)) +{ + struct packed_rrset_data* d = (struct packed_rrset_data*)data; + free(d); +} + +int +rrsetdata_equal(struct packed_rrset_data* d1, struct packed_rrset_data* d2) +{ + size_t i; + size_t total; + if(d1->count != d2->count || d1->rrsig_count != d2->rrsig_count) + return 0; + total = d1->count + d1->rrsig_count; + for(i=0; i<total; i++) { + if(d1->rr_len[i] != d2->rr_len[i]) + return 0; + if(memcmp(d1->rr_data[i], d2->rr_data[i], d1->rr_len[i]) != 0) + return 0; + } + return 1; +} + +hashvalue_t +rrset_key_hash(struct packed_rrset_key* key) +{ + /* type is hashed in host order */ + uint16_t t = ntohs(key->type); + /* Note this MUST be identical to pkt_hash_rrset in msgparse.c */ + /* this routine does not have a compressed name */ + hashvalue_t h = 0xab; + h = dname_query_hash(key->dname, h); + h = hashlittle(&t, sizeof(t), h); + h = hashlittle(&key->rrset_class, sizeof(uint16_t), h); + h = hashlittle(&key->flags, sizeof(uint32_t), h); + return h; +} + +void +packed_rrset_ptr_fixup(struct packed_rrset_data* data) +{ + size_t i; + size_t total = data->count + data->rrsig_count; + uint8_t* nextrdata; + /* fixup pointers in packed rrset data */ + data->rr_len = (size_t*)((uint8_t*)data + + sizeof(struct packed_rrset_data)); + data->rr_data = (uint8_t**)&(data->rr_len[total]); + data->rr_ttl = (time_t*)&(data->rr_data[total]); + nextrdata = (uint8_t*)&(data->rr_ttl[total]); + for(i=0; i<total; i++) { + data->rr_data[i] = nextrdata; + nextrdata += data->rr_len[i]; + } +} + +void +get_cname_target(struct ub_packed_rrset_key* rrset, uint8_t** dname, + size_t* dname_len) +{ + struct packed_rrset_data* d; + size_t len; + if(ntohs(rrset->rk.type) != LDNS_RR_TYPE_CNAME && + ntohs(rrset->rk.type) != LDNS_RR_TYPE_DNAME) + return; + d = (struct packed_rrset_data*)rrset->entry.data; + if(d->count < 1) + return; + if(d->rr_len[0] < 3) /* at least rdatalen + 0byte root label */ + return; + len = sldns_read_uint16(d->rr_data[0]); + if(len != d->rr_len[0] - sizeof(uint16_t)) + return; + if(dname_valid(d->rr_data[0]+sizeof(uint16_t), len) != len) + return; + *dname = d->rr_data[0]+sizeof(uint16_t); + *dname_len = len; +} + +void +packed_rrset_ttl_add(struct packed_rrset_data* data, time_t add) +{ + size_t i; + size_t total = data->count + data->rrsig_count; + data->ttl += add; + for(i=0; i<total; i++) + data->rr_ttl[i] += add; +} + +const char* +rrset_trust_to_string(enum rrset_trust s) +{ + switch(s) { + case rrset_trust_none: return "rrset_trust_none"; + case rrset_trust_add_noAA: return "rrset_trust_add_noAA"; + case rrset_trust_auth_noAA: return "rrset_trust_auth_noAA"; + case rrset_trust_add_AA: return "rrset_trust_add_AA"; + case rrset_trust_nonauth_ans_AA:return "rrset_trust_nonauth_ans_AA"; + case rrset_trust_ans_noAA: return "rrset_trust_ans_noAA"; + case rrset_trust_glue: return "rrset_trust_glue"; + case rrset_trust_auth_AA: return "rrset_trust_auth_AA"; + case rrset_trust_ans_AA: return "rrset_trust_ans_AA"; + case rrset_trust_sec_noglue: return "rrset_trust_sec_noglue"; + case rrset_trust_prim_noglue: return "rrset_trust_prim_noglue"; + case rrset_trust_validated: return "rrset_trust_validated"; + case rrset_trust_ultimate: return "rrset_trust_ultimate"; + } + return "unknown_rrset_trust_value"; +} + +const char* +sec_status_to_string(enum sec_status s) +{ + switch(s) { + case sec_status_unchecked: return "sec_status_unchecked"; + case sec_status_bogus: return "sec_status_bogus"; + case sec_status_indeterminate: return "sec_status_indeterminate"; + case sec_status_insecure: return "sec_status_insecure"; + case sec_status_secure: return "sec_status_secure"; + } + return "unknown_sec_status_value"; +} + +void log_rrset_key(enum verbosity_value v, const char* str, + struct ub_packed_rrset_key* rrset) +{ + if(verbosity >= v) + log_nametypeclass(v, str, rrset->rk.dname, + ntohs(rrset->rk.type), ntohs(rrset->rk.rrset_class)); +} + +int packed_rr_to_string(struct ub_packed_rrset_key* rrset, size_t i, + time_t now, char* dest, size_t dest_len) +{ + struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> + entry.data; + uint8_t rr[65535]; + size_t rlen = rrset->rk.dname_len + 2 + 2 + 4 + d->rr_len[i]; + log_assert(dest_len > 0 && dest); + if(rlen > dest_len) { + dest[0] = 0; + return 0; + } + memmove(rr, rrset->rk.dname, rrset->rk.dname_len); + if(i < d->count) + memmove(rr+rrset->rk.dname_len, &rrset->rk.type, 2); + else sldns_write_uint16(rr+rrset->rk.dname_len, LDNS_RR_TYPE_RRSIG); + memmove(rr+rrset->rk.dname_len+2, &rrset->rk.rrset_class, 2); + sldns_write_uint32(rr+rrset->rk.dname_len+4, + (uint32_t)(d->rr_ttl[i]-now)); + memmove(rr+rrset->rk.dname_len+8, d->rr_data[i], d->rr_len[i]); + if(sldns_wire2str_rr_buf(rr, rlen, dest, dest_len) == -1) { + log_info("rrbuf failure %d %s", (int)d->rr_len[i], dest); + dest[0] = 0; + return 0; + } + return 1; +} + +void log_packed_rrset(enum verbosity_value v, const char* str, + struct ub_packed_rrset_key* rrset) +{ + struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> + entry.data; + char buf[65535]; + size_t i; + if(verbosity < v) + return; + for(i=0; i<d->count+d->rrsig_count; i++) { + if(!packed_rr_to_string(rrset, i, 0, buf, sizeof(buf))) { + log_info("%s: rr %d wire2str-error", str, (int)i); + } else { + log_info("%s: %s", str, buf); + } + } +} + +time_t +ub_packed_rrset_ttl(struct ub_packed_rrset_key* key) +{ + struct packed_rrset_data* d = (struct packed_rrset_data*)key-> + entry.data; + return d->ttl; +} + +struct ub_packed_rrset_key* +packed_rrset_copy_region(struct ub_packed_rrset_key* key, + struct regional* region, time_t now) +{ + struct ub_packed_rrset_key* ck = regional_alloc(region, + sizeof(struct ub_packed_rrset_key)); + struct packed_rrset_data* d; + struct packed_rrset_data* data = (struct packed_rrset_data*) + key->entry.data; + size_t dsize, i; + if(!ck) + return NULL; + ck->id = key->id; + memset(&ck->entry, 0, sizeof(ck->entry)); + ck->entry.hash = key->entry.hash; + ck->entry.key = ck; + ck->rk = key->rk; + ck->rk.dname = regional_alloc_init(region, key->rk.dname, + key->rk.dname_len); + if(!ck->rk.dname) + return NULL; + dsize = packed_rrset_sizeof(data); + d = (struct packed_rrset_data*)regional_alloc_init(region, data, dsize); + if(!d) + return NULL; + ck->entry.data = d; + packed_rrset_ptr_fixup(d); + /* make TTLs relative - once per rrset */ + for(i=0; i<d->count + d->rrsig_count; i++) { + if(d->rr_ttl[i] < now) + d->rr_ttl[i] = 0; + else d->rr_ttl[i] -= now; + } + if(d->ttl < now) + d->ttl = 0; + else d->ttl -= now; + return ck; +} + +struct ub_packed_rrset_key* +packed_rrset_copy_alloc(struct ub_packed_rrset_key* key, + struct alloc_cache* alloc, time_t now) +{ + struct packed_rrset_data* fd, *dd; + struct ub_packed_rrset_key* dk = alloc_special_obtain(alloc); + if(!dk) return NULL; + fd = (struct packed_rrset_data*)key->entry.data; + dk->entry.hash = key->entry.hash; + dk->rk = key->rk; + dk->rk.dname = (uint8_t*)memdup(key->rk.dname, key->rk.dname_len); + if(!dk->rk.dname) { + alloc_special_release(alloc, dk); + return NULL; + } + dd = (struct packed_rrset_data*)memdup(fd, packed_rrset_sizeof(fd)); + if(!dd) { + free(dk->rk.dname); + alloc_special_release(alloc, dk); + return NULL; + } + packed_rrset_ptr_fixup(dd); + dk->entry.data = (void*)dd; + packed_rrset_ttl_add(dd, now); + return dk; +} diff --git a/external/unbound/util/data/packed_rrset.h b/external/unbound/util/data/packed_rrset.h new file mode 100644 index 000000000..5d7990a2b --- /dev/null +++ b/external/unbound/util/data/packed_rrset.h @@ -0,0 +1,428 @@ +/* + * util/data/packed_rrset.h - data storage for a set of resource records. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains the data storage for RRsets. + */ + +#ifndef UTIL_DATA_PACKED_RRSET_H +#define UTIL_DATA_PACKED_RRSET_H +#include "util/storage/lruhash.h" +struct alloc_cache; +struct regional; + +/** type used to uniquely identify rrsets. Cannot be reused without + * clearing the cache. */ +typedef uint64_t rrset_id_t; + +/** this rrset is NSEC and is at zone apex (at child side of zonecut) */ +#define PACKED_RRSET_NSEC_AT_APEX 0x1 +/** this rrset is A/AAAA and is in-zone-glue (from parent side of zonecut) */ +#define PACKED_RRSET_PARENT_SIDE 0x2 +/** this rrset is SOA and has the negative ttl (from nxdomain or nodata), + * this is set on SOA rrsets in the authority section, to keep its TTL separate + * from the SOA in the answer section from a direct SOA query or ANY query. */ +#define PACKED_RRSET_SOA_NEG 0x4 + +/** + * The identifying information for an RRset. + */ +struct packed_rrset_key { + /** + * The domain name. If not null (for id=0) it is allocated, and + * contains the wireformat domain name. + * This dname is not canonicalized. + */ + uint8_t* dname; + /** + * Length of the domain name, including last 0 root octet. + */ + size_t dname_len; + /** + * Flags. 32bit to be easy for hashing: + * o PACKED_RRSET_NSEC_AT_APEX + * o PACKED_RRSET_PARENT_SIDE + * o PACKED_RRSET_SOA_NEG + */ + uint32_t flags; + /** the rrset type in network format */ + uint16_t type; + /** the rrset class in network format */ + uint16_t rrset_class; +}; + +/** + * This structure contains an RRset. A set of resource records that + * share the same domain name, type and class. + * + * Due to memory management and threading, the key structure cannot be + * deleted, although the data can be. The id can be set to 0 to store and the + * structure can be recycled with a new id. + */ +struct ub_packed_rrset_key { + /** + * entry into hashtable. Note the lock is never destroyed, + * even when this key is retired to the cache. + * the data pointer (if not null) points to a struct packed_rrset. + */ + struct lruhash_entry entry; + /** + * the ID of this rrset. unique, based on threadid + sequenceno. + * ids are not reused, except after flushing the cache. + * zero is an unused entry, and never a valid id. + * Check this value after getting entry.lock. + * The other values in this struct may only be altered after changing + * the id (which needs a writelock on entry.lock). + */ + rrset_id_t id; + /** key data: dname, type and class */ + struct packed_rrset_key rk; +}; + +/** + * RRset trustworthiness. Bigger value is more trust. RFC 2181. + * The rrset_trust_add_noAA, rrset_trust_auth_noAA, rrset_trust_add_AA, + * are mentioned as the same trustworthiness in 2181, but split up here + * for ease of processing. + * + * rrset_trust_nonauth_ans_AA, rrset_trust_ans_noAA + * are also mentioned as the same trustworthiness in 2181, but split up here + * for ease of processing. + * + * Added trust_none for a sane initial value, smaller than anything else. + * Added validated and ultimate trust for keys and rrsig validated content. + */ +enum rrset_trust { + /** initial value for trust */ + rrset_trust_none = 0, + /** Additional information from non-authoritative answers */ + rrset_trust_add_noAA, + /** Data from the authority section of a non-authoritative answer */ + rrset_trust_auth_noAA, + /** Additional information from an authoritative answer */ + rrset_trust_add_AA, + /** non-authoritative data from the answer section of authoritative + * answers */ + rrset_trust_nonauth_ans_AA, + /** Data from the answer section of a non-authoritative answer */ + rrset_trust_ans_noAA, + /** Glue from a primary zone, or glue from a zone transfer */ + rrset_trust_glue, + /** Data from the authority section of an authoritative answer */ + rrset_trust_auth_AA, + /** The authoritative data included in the answer section of an + * authoritative reply */ + rrset_trust_ans_AA, + /** Data from a zone transfer, other than glue */ + rrset_trust_sec_noglue, + /** Data from a primary zone file, other than glue data */ + rrset_trust_prim_noglue, + /** DNSSEC(rfc4034) validated with trusted keys */ + rrset_trust_validated, + /** ultimately trusted, no more trust is possible; + * trusted keys from the unbound configuration setup. */ + rrset_trust_ultimate +}; + +/** + * Security status from validation for data. + * The order is significant; more secure, more proven later. + */ +enum sec_status { + /** UNCHECKED means that object has yet to be validated. */ + sec_status_unchecked = 0, + /** BOGUS means that the object (RRset or message) failed to validate + * (according to local policy), but should have validated. */ + sec_status_bogus, + /** INDETERMINATE means that the object is insecure, but not + * authoritatively so. Generally this means that the RRset is not + * below a configured trust anchor. */ + sec_status_indeterminate, + /** INSECURE means that the object is authoritatively known to be + * insecure. Generally this means that this RRset is below a trust + * anchor, but also below a verified, insecure delegation. */ + sec_status_insecure, + /** SECURE means that the object (RRset or message) validated + * according to local policy. */ + sec_status_secure +}; + +/** + * RRset data. + * + * The data is packed, stored contiguously in memory. + * memory layout: + * o base struct + * o rr_len size_t array + * o rr_data uint8_t* array + * o rr_ttl time_t array (after size_t and ptrs because those may be + * 64bit and this array before those would make them unaligned). + * Since the stuff before is 32/64bit, rr_ttl is 32 bit aligned. + * o rr_data rdata wireformats + * o rrsig_data rdata wireformat(s) + * + * Rdata is stored in wireformat. The dname is stored in wireformat. + * TTLs are stored as absolute values (and could be expired). + * + * RRSIGs are stored in the arrays after the regular rrs. + * + * You need the packed_rrset_key to know dname, type, class of the + * resource records in this RRset. (if signed the rrsig gives the type too). + * + * On the wire an RR is: + * name, type, class, ttl, rdlength, rdata. + * So we need to send the following per RR: + * key.dname, ttl, rr_data[i]. + * since key.dname ends with type and class. + * and rr_data starts with the rdlength. + * the ttl value to send changes due to time. + */ +struct packed_rrset_data { + /** TTL (in seconds like time()) of the rrset. + * Same for all RRs see rfc2181(5.2). */ + time_t ttl; + /** number of rrs. */ + size_t count; + /** number of rrsigs, if 0 no rrsigs */ + size_t rrsig_count; + /** the trustworthiness of the rrset data */ + enum rrset_trust trust; + /** security status of the rrset data */ + enum sec_status security; + /** length of every rr's rdata, rr_len[i] is size of rr_data[i]. */ + size_t* rr_len; + /** ttl of every rr. rr_ttl[i] ttl of rr i. */ + time_t *rr_ttl; + /** + * Array of pointers to every rr's rdata. + * The rr_data[i] rdata is stored in uncompressed wireformat. + * The first uint16_t of rr_data[i] is network format rdlength. + * + * rr_data[count] to rr_data[count+rrsig_count] contain the rrsig data. + */ + uint8_t** rr_data; +}; + +/** + * An RRset can be represented using both key and data together. + * Split into key and data structures to simplify implementation of + * caching schemes. + */ +struct packed_rrset { + /** domain name, type and class */ + struct packed_rrset_key* k; + /** ttl, count and rdatas (and rrsig) */ + struct packed_rrset_data* d; +}; + +/** + * list of packed rrsets + */ +struct packed_rrset_list { + /** next in list */ + struct packed_rrset_list* next; + /** rrset key and data */ + struct packed_rrset rrset; +}; + +/** + * Delete packed rrset key and data, not entered in hashtables yet. + * Used during parsing. + * @param pkey: rrset key structure with locks, key and data pointers. + * @param alloc: where to return the unfree-able key structure. + */ +void ub_packed_rrset_parsedelete(struct ub_packed_rrset_key* pkey, + struct alloc_cache* alloc); + +/** + * Memory size of rrset data. RRset data must be filled in correctly. + * @param data: data to examine. + * @return size in bytes. + */ +size_t packed_rrset_sizeof(struct packed_rrset_data* data); + +/** + * Get TTL of rrset. RRset data must be filled in correctly. + * @param key: rrset key, with data to examine. + * @return ttl value. + */ +time_t ub_packed_rrset_ttl(struct ub_packed_rrset_key* key); + +/** + * Calculate memory size of rrset entry. For hash table usage. + * @param key: struct ub_packed_rrset_key*. + * @param data: struct packed_rrset_data*. + * @return size in bytes. + */ +size_t ub_rrset_sizefunc(void* key, void* data); + +/** + * compares two rrset keys. + * @param k1: struct ub_packed_rrset_key*. + * @param k2: struct ub_packed_rrset_key*. + * @return 0 if equal. + */ +int ub_rrset_compare(void* k1, void* k2); + +/** + * compare two rrset data structures. + * Compared rdata and rrsigdata, not the trust or ttl value. + * @param d1: data to compare. + * @param d2: data to compare. + * @return 1 if equal. + */ +int rrsetdata_equal(struct packed_rrset_data* d1, struct packed_rrset_data* d2); + +/** + * Old key to be deleted. RRset keys are recycled via alloc. + * The id is set to 0. So that other threads, after acquiring a lock always + * get the correct value, in this case the 0 deleted-special value. + * @param key: struct ub_packed_rrset_key*. + * @param userdata: alloc structure to use for recycling. + */ +void ub_rrset_key_delete(void* key, void* userdata); + +/** + * Old data to be deleted. + * @param data: what to delete. + * @param userdata: user data ptr. + */ +void rrset_data_delete(void* data, void* userdata); + +/** + * Calculate hash value for a packed rrset key. + * @param key: the rrset key with name, type, class, flags. + * @return hash value. + */ +hashvalue_t rrset_key_hash(struct packed_rrset_key* key); + +/** + * Fixup pointers in fixed data packed_rrset_data blob. + * After a memcpy of the data for example. Will set internal pointers right. + * @param data: rrset data structure. Otherwise correctly filled in. + */ +void packed_rrset_ptr_fixup(struct packed_rrset_data* data); + +/** + * Fixup TTLs in fixed data packed_rrset_data blob. + * @param data: rrset data structure. Otherwise correctly filled in. + * @param add: how many seconds to add, pass time(0) for example. + */ +void packed_rrset_ttl_add(struct packed_rrset_data* data, time_t add); + +/** + * Utility procedure to extract CNAME target name from its rdata. + * Failsafes; it will change passed dname to a valid dname or do nothing. + * @param rrset: the rrset structure. Must be a CNAME. + * Only first RR is used (multiple RRs are technically illegal anyway). + * Also works on type DNAME. Returns target name. + * @param dname: this pointer is updated to point into the cname rdata. + * If a failsafe fails, nothing happens to the pointer (such as the + * rdata was not a valid dname, not a CNAME, ...). + * @param dname_len: length of dname is returned. + */ +void get_cname_target(struct ub_packed_rrset_key* rrset, uint8_t** dname, + size_t* dname_len); + +/** + * Get a printable string for a rrset trust value + * @param s: rrset trust value + * @return printable string. + */ +const char* rrset_trust_to_string(enum rrset_trust s); + +/** + * Get a printable string for a security status value + * @param s: security status + * @return printable string. + */ +const char* sec_status_to_string(enum sec_status s); + +/** + * Print string with neat domain name, type, class from rrset. + * @param v: at what verbosity level to print this. + * @param str: string of message. + * @param rrset: structure with name, type and class. + */ +void log_rrset_key(enum verbosity_value v, const char* str, + struct ub_packed_rrset_key* rrset); + +/** + * Convert RR from RRset to string. + * @param rrset: structure with data. + * @param i: index of rr or RRSIG. + * @param now: time that is subtracted from ttl before printout. Can be 0. + * @param dest: destination string buffer. Must be nonNULL. + * @param dest_len: length of dest buffer (>0). + * @return false on failure. + */ +int packed_rr_to_string(struct ub_packed_rrset_key* rrset, size_t i, + time_t now, char* dest, size_t dest_len); + +/** + * Print the string with prefix, one rr per line. + * @param v: at what verbosity level to print this. + * @param str: string of message. + * @param rrset: with name, and rdata, and rrsigs. + */ +void log_packed_rrset(enum verbosity_value v, const char* str, + struct ub_packed_rrset_key* rrset); + +/** + * Allocate rrset in region - no more locks needed + * @param key: a (just from rrset cache looked up) rrset key + valid, + * packed data record. + * @param region: where to alloc the copy + * @param now: adjust the TTLs to be relative (subtract from all TTLs). + * @return new region-alloced rrset key or NULL on alloc failure. + */ +struct ub_packed_rrset_key* packed_rrset_copy_region( + struct ub_packed_rrset_key* key, struct regional* region, + time_t now); + +/** + * Allocate rrset with malloc (from region or you are holding the lock). + * @param key: key with data entry. + * @param alloc: alloc_cache to create rrset_keys + * @param now: adjust the TTLs to be absolute (add to all TTLs). + * @return new region-alloced rrset key or NULL on alloc failure. + */ +struct ub_packed_rrset_key* packed_rrset_copy_alloc( + struct ub_packed_rrset_key* key, struct alloc_cache* alloc, + time_t now); + +#endif /* UTIL_DATA_PACKED_RRSET_H */ |