diff options
Diffstat (limited to 'contrib/unbound/iterator')
| -rw-r--r-- | contrib/unbound/iterator/iter_delegpt.c | 53 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_delegpt.h | 50 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_donotq.c | 20 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_donotq.h | 20 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_fwd.c | 78 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_fwd.h | 30 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_hints.c | 147 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_hints.h | 20 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_priv.c | 95 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_priv.h | 26 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_resptype.c | 23 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_resptype.h | 20 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_scrub.c | 75 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_scrub.h | 24 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_utils.c | 69 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iter_utils.h | 30 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iterator.c | 107 | ||||
| -rw-r--r-- | contrib/unbound/iterator/iterator.h | 20 |
18 files changed, 509 insertions, 398 deletions
diff --git a/contrib/unbound/iterator/iter_delegpt.c b/contrib/unbound/iterator/iter_delegpt.c index d2f5d73..1d84280 100644 --- a/contrib/unbound/iterator/iter_delegpt.c +++ b/contrib/unbound/iterator/iter_delegpt.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -47,6 +47,8 @@ #include "util/data/packed_rrset.h" #include "util/data/msgreply.h" #include "util/net_help.h" +#include "ldns/rrdef.h" +#include "ldns/sbuffer.h" struct delegpt* delegpt_create(struct regional* region) @@ -71,7 +73,7 @@ struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region) copy->bogus = dp->bogus; copy->has_parent_side_NS = dp->has_parent_side_NS; for(ns = dp->nslist; ns; ns = ns->next) { - if(!delegpt_add_ns(copy, region, ns->name, (int)ns->lame)) + if(!delegpt_add_ns(copy, region, ns->name, ns->lame)) return NULL; copy->nslist->resolved = ns->resolved; copy->nslist->got4 = ns->got4; @@ -98,7 +100,7 @@ delegpt_set_name(struct delegpt* dp, struct regional* region, uint8_t* name) int delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name, - int lame) + uint8_t lame) { struct delegpt_ns* ns; size_t len; @@ -119,7 +121,7 @@ delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name, ns->resolved = 0; ns->got4 = 0; ns->got6 = 0; - ns->lame = (uint8_t)lame; + ns->lame = lame; ns->done_pside4 = 0; ns->done_pside6 = 0; return ns->name != 0; @@ -156,7 +158,7 @@ delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr, int delegpt_add_target(struct delegpt* dp, struct regional* region, uint8_t* name, size_t namelen, struct sockaddr_storage* addr, - socklen_t addrlen, int bogus, int lame) + socklen_t addrlen, uint8_t bogus, uint8_t lame) { struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); log_assert(!dp->dp_type_mlc); @@ -176,8 +178,8 @@ delegpt_add_target(struct delegpt* dp, struct regional* region, int delegpt_add_addr(struct delegpt* dp, struct regional* region, - struct sockaddr_storage* addr, socklen_t addrlen, int bogus, - int lame) + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, + uint8_t lame) { struct delegpt_addr* a; log_assert(!dp->dp_type_mlc); @@ -204,6 +206,7 @@ delegpt_add_addr(struct delegpt* dp, struct regional* region, a->attempts = 0; a->bogus = bogus; a->lame = lame; + a->dnsseclame = 0; return 1; } @@ -376,7 +379,7 @@ delegpt_from_message(struct dns_msg* msg, struct regional* region) int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ns_rrset, int lame) + struct ub_packed_rrset_key* ns_rrset, uint8_t lame) { struct packed_rrset_data* nsdata = (struct packed_rrset_data*) ns_rrset->entry.data; @@ -387,7 +390,7 @@ delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, for(i=0; i<nsdata->count; i++) { if(nsdata->rr_len[i] < 2+1) continue; /* len + root label */ if(dname_valid(nsdata->rr_data[i]+2, nsdata->rr_len[i]-2) != - (size_t)ldns_read_uint16(nsdata->rr_data[i])) + (size_t)sldns_read_uint16(nsdata->rr_data[i])) continue; /* bad format */ /* add rdata of NS (= wirefmt dname), skip rdatalen bytes */ if(!delegpt_add_ns(dp, region, nsdata->rr_data[i]+2, lame)) @@ -398,7 +401,7 @@ delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, int delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ak, int lame) + struct ub_packed_rrset_key* ak, uint8_t lame) { struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; size_t i; @@ -422,7 +425,7 @@ delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ak, int lame) + struct ub_packed_rrset_key* ak, uint8_t lame) { struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; size_t i; @@ -446,7 +449,7 @@ delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, int delegpt_add_rrset(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* rrset, int lame) + struct ub_packed_rrset_key* rrset, uint8_t lame) { if(!rrset) return 1; @@ -548,7 +551,7 @@ int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name) return (dp->name != NULL); } -int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame) +int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame) { struct delegpt_ns* ns; size_t len; @@ -579,7 +582,7 @@ int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame) } int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, - socklen_t addrlen, int bogus, int lame) + socklen_t addrlen, uint8_t bogus, uint8_t lame) { struct delegpt_addr* a; log_assert(dp->dp_type_mlc); @@ -605,11 +608,13 @@ int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, a->attempts = 0; a->bogus = bogus; a->lame = lame; + a->dnsseclame = 0; return 1; } int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, - struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int lame) + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, + uint8_t lame) { struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); log_assert(dp->dp_type_mlc); diff --git a/contrib/unbound/iterator/iter_delegpt.h b/contrib/unbound/iterator/iter_delegpt.h index 7728031..eb77135 100644 --- a/contrib/unbound/iterator/iter_delegpt.h +++ b/contrib/unbound/iterator/iter_delegpt.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -140,9 +140,13 @@ struct delegpt_addr { int sel_rtt; /** if true, the A or AAAA RR was bogus, so this address is bad. * Also check the dp->bogus to see if everything is bogus. */ - int bogus; + uint8_t bogus; /** if true, this address is dispreferred: it is a lame IP address */ - int lame; + uint8_t lame; + /** if the address is dnsseclame, but this cannot be cached, this + * option is useful to mark the address dnsseclame. + * This value is not copied in addr-copy and dp-copy. */ + uint8_t dnsseclame; }; /** @@ -179,7 +183,7 @@ int delegpt_set_name(struct delegpt* dp, struct regional* regional, * @return false on error. */ int delegpt_add_ns(struct delegpt* dp, struct regional* regional, - uint8_t* name, int lame); + uint8_t* name, uint8_t lame); /** * Add NS rrset; calls add_ns repeatedly. @@ -190,7 +194,7 @@ int delegpt_add_ns(struct delegpt* dp, struct regional* regional, * @return 0 on alloc error. */ int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* ns_rrset, int lame); + struct ub_packed_rrset_key* ns_rrset, uint8_t lame); /** * Add target address to the delegation point. @@ -207,7 +211,7 @@ int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, */ int delegpt_add_target(struct delegpt* dp, struct regional* regional, uint8_t* name, size_t namelen, struct sockaddr_storage* addr, - socklen_t addrlen, int bogus, int lame); + socklen_t addrlen, uint8_t bogus, uint8_t lame); /** * Add A RRset to delegpt. @@ -218,7 +222,7 @@ int delegpt_add_target(struct delegpt* dp, struct regional* regional, * @return 0 on alloc error. */ int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, int lame); + struct ub_packed_rrset_key* rrset, uint8_t lame); /** * Add AAAA RRset to delegpt. @@ -229,7 +233,7 @@ int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, * @return 0 on alloc error. */ int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, int lame); + struct ub_packed_rrset_key* rrset, uint8_t lame); /** * Add any RRset to delegpt. @@ -241,7 +245,7 @@ int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, * @return 0 on alloc error. */ int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, int lame); + struct ub_packed_rrset_key* rrset, uint8_t lame); /** * Add address to the delegation point. No servername is associated or checked. @@ -254,7 +258,8 @@ int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, * @return false on error. */ int delegpt_add_addr(struct delegpt* dp, struct regional* regional, - struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int lame); + struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t bogus, uint8_t lame); /** * Find NS record in name list of delegation point. @@ -376,7 +381,7 @@ int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name); * @param lame: the name is lame, disprefer. * @return false on error. */ -int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame); +int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame); /** * add an address to a malloced delegation point. @@ -388,7 +393,7 @@ int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame); * @return false on error. */ int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, - socklen_t addrlen, int bogus, int lame); + socklen_t addrlen, uint8_t bogus, uint8_t lame); /** * Add target address to the delegation point. @@ -403,7 +408,8 @@ int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, * @return false on error. */ int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, - struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int lame); + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, + uint8_t lame); /** get memory in use by dp */ size_t delegpt_get_mem(struct delegpt* dp); diff --git a/contrib/unbound/iterator/iter_donotq.c b/contrib/unbound/iterator/iter_donotq.c index bd60633..40ffb45 100644 --- a/contrib/unbound/iterator/iter_donotq.c +++ b/contrib/unbound/iterator/iter_donotq.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** diff --git a/contrib/unbound/iterator/iter_donotq.h b/contrib/unbound/iterator/iter_donotq.h index 4c4fcb2..429e5a3 100644 --- a/contrib/unbound/iterator/iter_donotq.h +++ b/contrib/unbound/iterator/iter_donotq.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** diff --git a/contrib/unbound/iterator/iter_fwd.c b/contrib/unbound/iterator/iter_fwd.c index 0b3b652..0121212 100644 --- a/contrib/unbound/iterator/iter_fwd.c +++ b/contrib/unbound/iterator/iter_fwd.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -40,15 +40,14 @@ * Keep track of forward zones and config settings. */ #include "config.h" -#include <ldns/rdata.h> -#include <ldns/dname.h> -#include <ldns/rr.h> #include "iterator/iter_fwd.h" #include "iterator/iter_delegpt.h" #include "util/log.h" #include "util/config_file.h" #include "util/net_help.h" #include "util/data/dname.h" +#include "ldns/rrdef.h" +#include "ldns/str2wire.h" int fwd_cmp(const void* k1, const void* k2) @@ -180,22 +179,23 @@ static struct delegpt* read_fwds_name(struct config_stub* s) { struct delegpt* dp; - ldns_rdf* rdf; + uint8_t* dname; + size_t dname_len; if(!s->name) { log_err("forward zone without a name (use name \".\" to forward everything)"); return NULL; } - rdf = ldns_dname_new_frm_str(s->name); - if(!rdf) { + dname = sldns_str2wire_dname(s->name, &dname_len); + if(!dname) { log_err("cannot parse forward zone name %s", s->name); return NULL; } - if(!(dp=delegpt_create_mlc(ldns_rdf_data(rdf)))) { - ldns_rdf_deep_free(rdf); + if(!(dp=delegpt_create_mlc(dname))) { + free(dname); log_err("out of memory"); return NULL; } - ldns_rdf_deep_free(rdf); + free(dname); return dp; } @@ -204,21 +204,22 @@ static int read_fwds_host(struct config_stub* s, struct delegpt* dp) { struct config_strlist* p; - ldns_rdf* rdf; + uint8_t* dname; + size_t dname_len; for(p = s->hosts; p; p = p->next) { log_assert(p->str); - rdf = ldns_dname_new_frm_str(p->str); - if(!rdf) { + dname = sldns_str2wire_dname(p->str, &dname_len); + if(!dname) { log_err("cannot parse forward %s server name: '%s'", s->name, p->str); return 0; } - if(!delegpt_add_ns_mlc(dp, ldns_rdf_data(rdf), 0)) { - ldns_rdf_deep_free(rdf); + if(!delegpt_add_ns_mlc(dp, dname, 0)) { + free(dname); log_err("out of memory"); return 0; } - ldns_rdf_deep_free(rdf); + free(dname); } return 1; } @@ -290,19 +291,20 @@ static int make_stub_holes(struct iter_forwards* fwd, struct config_file* cfg) { struct config_stub* s; + uint8_t* dname; + size_t dname_len; for(s = cfg->stubs; s; s = s->next) { - ldns_rdf* rdf = ldns_dname_new_frm_str(s->name); - if(!rdf) { + dname = sldns_str2wire_dname(s->name, &dname_len); + if(!dname) { log_err("cannot parse stub name '%s'", s->name); return 0; } - if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, - ldns_rdf_data(rdf))) { - ldns_rdf_deep_free(rdf); + if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) { + free(dname); log_err("out of memory"); return 0; } - ldns_rdf_deep_free(rdf); + free(dname); } return 1; } @@ -325,6 +327,20 @@ forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg) } struct delegpt* +forwards_find(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass) +{ + rbnode_t* res = NULL; + struct iter_forward_zone key; + key.node.key = &key; + key.dclass = qclass; + key.name = qname; + key.namelabs = dname_count_size_labels(qname, &key.namelen); + res = rbtree_search(fwd->tree, &key); + if(res) return ((struct iter_forward_zone*)res)->dp; + return NULL; +} + +struct delegpt* forwards_lookup(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass) { /* lookup the forward zone in the tree */ diff --git a/contrib/unbound/iterator/iter_fwd.h b/contrib/unbound/iterator/iter_fwd.h index dbb84f2..20113a3 100644 --- a/contrib/unbound/iterator/iter_fwd.h +++ b/contrib/unbound/iterator/iter_fwd.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -105,6 +105,16 @@ void forwards_delete(struct iter_forwards* fwd); int forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg); /** + * Find forward zone exactly by name + * @param fwd: forward storage. + * @param qname: The qname of the query. + * @param qclass: The qclass of the query. + * @return: A delegation point or null. + */ +struct delegpt* forwards_find(struct iter_forwards* fwd, uint8_t* qname, + uint16_t qclass); + +/** * Find forward zone information * For this qname/qclass find forward zone information, returns delegation * point with server names and addresses, or NULL if no forwarding is needed. diff --git a/contrib/unbound/iterator/iter_hints.c b/contrib/unbound/iterator/iter_hints.c index cde3a7e..7fa07a7 100644 --- a/contrib/unbound/iterator/iter_hints.c +++ b/contrib/unbound/iterator/iter_hints.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -40,14 +40,15 @@ * Keep track of stub and root hints, and read those from config. */ #include "config.h" -#include <ldns/dname.h> -#include <ldns/rr.h> #include "iterator/iter_hints.h" #include "iterator/iter_delegpt.h" #include "util/log.h" #include "util/config_file.h" #include "util/net_help.h" #include "util/data/dname.h" +#include "ldns/rrdef.h" +#include "ldns/str2wire.h" +#include "ldns/wire2str.h" struct iter_hints* hints_create(void) @@ -92,19 +93,20 @@ ah(struct delegpt* dp, const char* sv, const char* ip) { struct sockaddr_storage addr; socklen_t addrlen; - ldns_rdf* rdf = ldns_dname_new_frm_str(sv); - if(!rdf) { + size_t dname_len; + uint8_t* dname = sldns_str2wire_dname(sv, &dname_len); + if(!dname) { log_err("could not parse %s", sv); return 0; } - if(!delegpt_add_ns_mlc(dp, ldns_rdf_data(rdf), 0) || + if(!delegpt_add_ns_mlc(dp, dname, 0) || !extstrtoaddr(ip, &addr, &addrlen) || - !delegpt_add_target_mlc(dp, ldns_rdf_data(rdf), ldns_rdf_size(rdf), + !delegpt_add_target_mlc(dp, dname, dname_len, &addr, addrlen, 0, 0)) { - ldns_rdf_deep_free(rdf); + free(dname); return 0; } - ldns_rdf_deep_free(rdf); + free(dname); return 1; } @@ -186,22 +188,23 @@ static struct delegpt* read_stubs_name(struct config_stub* s) { struct delegpt* dp; - ldns_rdf* rdf; + size_t dname_len; + uint8_t* dname; if(!s->name) { log_err("stub zone without a name"); return NULL; } - rdf = ldns_dname_new_frm_str(s->name); - if(!rdf) { + dname = sldns_str2wire_dname(s->name, &dname_len); + if(!dname) { log_err("cannot parse stub zone name %s", s->name); return NULL; } - if(!(dp=delegpt_create_mlc(ldns_rdf_data(rdf)))) { - ldns_rdf_deep_free(rdf); + if(!(dp=delegpt_create_mlc(dname))) { + free(dname); log_err("out of memory"); return NULL; } - ldns_rdf_deep_free(rdf); + free(dname); return dp; } @@ -210,21 +213,22 @@ static int read_stubs_host(struct config_stub* s, struct delegpt* dp) { struct config_strlist* p; - ldns_rdf* rdf; + size_t dname_len; + uint8_t* dname; for(p = s->hosts; p; p = p->next) { log_assert(p->str); - rdf = ldns_dname_new_frm_str(p->str); - if(!rdf) { + dname = sldns_str2wire_dname(p->str, &dname_len); + if(!dname) { log_err("cannot parse stub %s nameserver name: '%s'", s->name, p->str); return 0; } - if(!delegpt_add_ns_mlc(dp, ldns_rdf_data(rdf), 0)) { - ldns_rdf_deep_free(rdf); + if(!delegpt_add_ns_mlc(dp, dname, 0)) { + free(dname); log_err("out of memory"); return 0; } - ldns_rdf_deep_free(rdf); + free(dname); } return 1; } @@ -279,13 +283,11 @@ read_stubs(struct iter_hints* hints, struct config_file* cfg) static int read_root_hints(struct iter_hints* hints, char* fname) { - int lineno = 0; - uint32_t default_ttl = 0; - ldns_rdf* origin = NULL; - ldns_rdf* prev_rr = NULL; + struct sldns_file_parse_state pstate; struct delegpt* dp; - ldns_rr* rr = NULL; - ldns_status status; + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t rr_len, dname_len; + int status; uint16_t c = LDNS_RR_CLASS_IN; FILE* f = fopen(fname, "r"); if(!f) { @@ -300,77 +302,78 @@ read_root_hints(struct iter_hints* hints, char* fname) return 0; } verbose(VERB_QUERY, "Reading root hints from %s", fname); + memset(&pstate, 0, sizeof(pstate)); + pstate.lineno = 1; dp->has_parent_side_NS = 1; while(!feof(f)) { - status = ldns_rr_new_frm_fp_l(&rr, f, - &default_ttl, &origin, &prev_rr, &lineno); - if(status == LDNS_STATUS_SYNTAX_EMPTY || - status == LDNS_STATUS_SYNTAX_TTL || - status == LDNS_STATUS_SYNTAX_ORIGIN) - continue; - if(status != LDNS_STATUS_OK) { - log_err("reading root hints %s %d: %s", fname, - lineno, ldns_get_errorstr_by_id(status)); + rr_len = sizeof(rr); + dname_len = 0; + status = sldns_fp2wire_rr_buf(f, rr, &rr_len, &dname_len, + &pstate); + if(status != 0) { + log_err("reading root hints %s %d:%d: %s", fname, + pstate.lineno, LDNS_WIREPARSE_OFFSET(status), + sldns_get_errorstr_parse(status)); goto stop_read; } - if(ldns_rr_get_type(rr) == LDNS_RR_TYPE_NS) { - if(!delegpt_add_ns_mlc(dp, - ldns_rdf_data(ldns_rr_rdf(rr, 0)), 0)) { + if(rr_len == 0) + continue; /* EMPTY line, TTL or ORIGIN */ + if(sldns_wirerr_get_type(rr, rr_len, dname_len) + == LDNS_RR_TYPE_NS) { + if(!delegpt_add_ns_mlc(dp, sldns_wirerr_get_rdata(rr, + rr_len, dname_len), 0)) { log_err("out of memory reading root hints"); goto stop_read; } - c = ldns_rr_get_class(rr); + c = sldns_wirerr_get_class(rr, rr_len, dname_len); if(!dp->name) { - if(!delegpt_set_name_mlc(dp, - ldns_rdf_data(ldns_rr_owner(rr)))){ + if(!delegpt_set_name_mlc(dp, rr)) { log_err("out of memory."); goto stop_read; } } - } else if(ldns_rr_get_type(rr) == LDNS_RR_TYPE_A) { + } else if(sldns_wirerr_get_type(rr, rr_len, dname_len) + == LDNS_RR_TYPE_A && sldns_wirerr_get_rdatalen(rr, + rr_len, dname_len) == INET_SIZE) { struct sockaddr_in sa; socklen_t len = (socklen_t)sizeof(sa); memset(&sa, 0, len); sa.sin_family = AF_INET; sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); memmove(&sa.sin_addr, - ldns_rdf_data(ldns_rr_rdf(rr, 0)), INET_SIZE); - if(!delegpt_add_target_mlc(dp, - ldns_rdf_data(ldns_rr_owner(rr)), - ldns_rdf_size(ldns_rr_owner(rr)), + sldns_wirerr_get_rdata(rr, rr_len, dname_len), + INET_SIZE); + if(!delegpt_add_target_mlc(dp, rr, dname_len, (struct sockaddr_storage*)&sa, len, 0, 0)) { log_err("out of memory reading root hints"); goto stop_read; } - } else if(ldns_rr_get_type(rr) == LDNS_RR_TYPE_AAAA) { + } else if(sldns_wirerr_get_type(rr, rr_len, dname_len) + == LDNS_RR_TYPE_AAAA && sldns_wirerr_get_rdatalen(rr, + rr_len, dname_len) == INET6_SIZE) { struct sockaddr_in6 sa; socklen_t len = (socklen_t)sizeof(sa); memset(&sa, 0, len); sa.sin6_family = AF_INET6; sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); memmove(&sa.sin6_addr, - ldns_rdf_data(ldns_rr_rdf(rr, 0)), INET6_SIZE); - if(!delegpt_add_target_mlc(dp, - ldns_rdf_data(ldns_rr_owner(rr)), - ldns_rdf_size(ldns_rr_owner(rr)), + sldns_wirerr_get_rdata(rr, rr_len, dname_len), + INET6_SIZE); + if(!delegpt_add_target_mlc(dp, rr, dname_len, (struct sockaddr_storage*)&sa, len, 0, 0)) { log_err("out of memory reading root hints"); goto stop_read; } } else { - log_warn("root hints %s:%d skipping type %d", - fname, lineno, ldns_rr_get_type(rr)); + char buf[17]; + sldns_wire2str_type_buf(sldns_wirerr_get_type(rr, + rr_len, dname_len), buf, sizeof(buf)); + log_warn("root hints %s:%d skipping type %s", + fname, pstate.lineno, buf); } - - ldns_rr_free(rr); } - - if (origin) - ldns_rdf_deep_free(origin); - if (prev_rr) - ldns_rdf_deep_free(prev_rr); fclose(f); if(!dp->name) { log_warn("root hints %s: no NS content", fname); @@ -384,10 +387,6 @@ read_root_hints(struct iter_hints* hints, char* fname) return 1; stop_read: - if (origin) - ldns_rdf_deep_free(origin); - if (prev_rr) - ldns_rdf_deep_free(prev_rr); delegpt_free_mlc(dp); fclose(f); return 0; diff --git a/contrib/unbound/iterator/iter_hints.h b/contrib/unbound/iterator/iter_hints.h index 7cac811..715ec9f 100644 --- a/contrib/unbound/iterator/iter_hints.h +++ b/contrib/unbound/iterator/iter_hints.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** diff --git a/contrib/unbound/iterator/iter_priv.c b/contrib/unbound/iterator/iter_priv.c index db7dbe5..9e09a84 100644 --- a/contrib/unbound/iterator/iter_priv.c +++ b/contrib/unbound/iterator/iter_priv.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -41,7 +41,6 @@ */ #include "config.h" -#include <ldns/dname.h> #include "iterator/iter_priv.h" #include "util/regional.h" #include "util/log.h" @@ -50,6 +49,8 @@ #include "util/data/msgparse.h" #include "util/net_help.h" #include "util/storage/dnstree.h" +#include "ldns/str2wire.h" +#include "ldns/sbuffer.h" struct iter_priv* priv_create(void) { @@ -110,23 +111,21 @@ static int read_names(struct iter_priv* priv, struct config_file* cfg) /* parse names, report errors, insert into tree */ struct config_strlist* p; struct name_tree_node* n; - uint8_t* nm; + uint8_t* nm, *nmr; size_t nm_len; int nm_labs; - ldns_rdf* rdf; for(p = cfg->private_domain; p; p = p->next) { log_assert(p->str); - rdf = ldns_dname_new_frm_str(p->str); - if(!rdf) { + nm = sldns_str2wire_dname(p->str, &nm_len); + if(!nm) { log_err("cannot parse private-domain: %s", p->str); return 0; } - nm = ldns_rdf_data(rdf); nm_labs = dname_count_size_labels(nm, &nm_len); - nm = (uint8_t*)regional_alloc_init(priv->region, nm, nm_len); - ldns_rdf_deep_free(rdf); - if(!nm) { + nmr = (uint8_t*)regional_alloc_init(priv->region, nm, nm_len); + free(nm); + if(!nmr) { log_err("out of memory"); return 0; } @@ -136,7 +135,7 @@ static int read_names(struct iter_priv* priv, struct config_file* cfg) log_err("out of memory"); return 0; } - if(!name_tree_insert(&priv->n, n, nm, nm_len, nm_labs, + if(!name_tree_insert(&priv->n, n, nmr, nm_len, nm_labs, LDNS_RR_CLASS_IN)) { verbose(VERB_QUERY, "ignoring duplicate " "private-domain: %s", p->str); @@ -188,7 +187,7 @@ priv_lookup_addr(struct iter_priv* priv, struct sockaddr_storage* addr, * @return: true if the name is OK. false if unlisted. */ static int -priv_lookup_name(struct iter_priv* priv, ldns_buffer* pkt, +priv_lookup_name(struct iter_priv* priv, sldns_buffer* pkt, uint8_t* name, size_t name_len, uint16_t dclass) { size_t len; @@ -208,7 +207,29 @@ size_t priv_get_mem(struct iter_priv* priv) return sizeof(*priv) + regional_get_mem(priv->region); } -int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, +/** remove RR from msgparse RRset, return true if rrset is entirely bad */ +static int +remove_rr(const char* str, sldns_buffer* pkt, struct rrset_parse* rrset, + struct rr_parse* prev, struct rr_parse** rr, struct sockaddr_storage* addr, socklen_t addrlen) +{ + if(verbosity >= VERB_QUERY && rrset->dname_len <= LDNS_MAX_DOMAINLEN && str) { + uint8_t buf[LDNS_MAX_DOMAINLEN+1]; + dname_pkt_copy(pkt, buf, rrset->dname); + log_name_addr(VERB_QUERY, str, buf, addr, addrlen); + } + if(prev) + prev->next = (*rr)->next; + else rrset->rr_first = (*rr)->next; + if(rrset->rr_last == *rr) + rrset->rr_last = prev; + rrset->rr_count --; + rrset->size -= (*rr)->size; + /* rr struct still exists, but is unlinked, so that in the for loop + * the rr->next works fine to continue. */ + return rrset->rr_count == 0; +} + +int priv_rrset_bad(struct iter_priv* priv, sldns_buffer* pkt, struct rrset_parse* rrset) { if(priv->a.count == 0) @@ -221,7 +242,7 @@ int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, } else { /* so its a public name, check the address */ socklen_t len; - struct rr_parse* rr; + struct rr_parse* rr, *prev = NULL; if(rrset->type == LDNS_RR_TYPE_A) { struct sockaddr_storage addr; struct sockaddr_in sa; @@ -231,14 +252,20 @@ int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, sa.sin_family = AF_INET; sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); for(rr = rrset->rr_first; rr; rr = rr->next) { - if(ldns_read_uint16(rr->ttl_data+4) - != INET_SIZE) + if(sldns_read_uint16(rr->ttl_data+4) + != INET_SIZE) { + prev = rr; continue; + } memmove(&sa.sin_addr, rr->ttl_data+4+2, INET_SIZE); memmove(&addr, &sa, len); - if(priv_lookup_addr(priv, &addr, len)) - return 1; + if(priv_lookup_addr(priv, &addr, len)) { + if(remove_rr("sanitize: removing public name with private address", pkt, rrset, prev, &rr, &addr, len)) + return 1; + continue; + } + prev = rr; } } else if(rrset->type == LDNS_RR_TYPE_AAAA) { struct sockaddr_storage addr; @@ -248,14 +275,20 @@ int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, sa.sin6_family = AF_INET6; sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); for(rr = rrset->rr_first; rr; rr = rr->next) { - if(ldns_read_uint16(rr->ttl_data+4) - != INET6_SIZE) + if(sldns_read_uint16(rr->ttl_data+4) + != INET6_SIZE) { + prev = rr; continue; + } memmove(&sa.sin6_addr, rr->ttl_data+4+2, INET6_SIZE); memmove(&addr, &sa, len); - if(priv_lookup_addr(priv, &addr, len)) - return 1; + if(priv_lookup_addr(priv, &addr, len)) { + if(remove_rr("sanitize: removing public name with private address", pkt, rrset, prev, &rr, &addr, len)) + return 1; + continue; + } + prev = rr; } } } diff --git a/contrib/unbound/iterator/iter_priv.h b/contrib/unbound/iterator/iter_priv.h index f6264f8..6fa8490 100644 --- a/contrib/unbound/iterator/iter_priv.h +++ b/contrib/unbound/iterator/iter_priv.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -43,7 +43,7 @@ #ifndef ITERATOR_ITER_PRIV_H #define ITERATOR_ITER_PRIV_H #include "util/rbtree.h" -#include <ldns/buffer.h> +struct sldns_buffer; struct iter_env; struct config_file; struct regional; @@ -92,12 +92,14 @@ int priv_apply_cfg(struct iter_priv* priv, struct config_file* cfg); /** * See if rrset is bad. + * Will remove individual RRs that are bad (if possible) to + * sanitize the RRset without removing it completely. * @param priv: structure for private address storage. * @param pkt: packet to decompress rrset name in. * @param rrset: the rrset to examine, A or AAAA. * @return true if the rrset is bad and should be removed. */ -int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, +int priv_rrset_bad(struct iter_priv* priv, struct sldns_buffer* pkt, struct rrset_parse* rrset); /** diff --git a/contrib/unbound/iterator/iter_resptype.c b/contrib/unbound/iterator/iter_resptype.c index 2cdc5fc..45f9193 100644 --- a/contrib/unbound/iterator/iter_resptype.c +++ b/contrib/unbound/iterator/iter_resptype.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -40,12 +40,13 @@ * one of the response types. */ #include "config.h" -#include <ldns/packet.h> #include "iterator/iter_resptype.h" #include "iterator/iter_delegpt.h" #include "services/cache/dns.h" #include "util/net_help.h" #include "util/data/dname.h" +#include "ldns/rrdef.h" +#include "ldns/pkthdr.h" enum response_type response_type_from_cache(struct dns_msg* msg, diff --git a/contrib/unbound/iterator/iter_resptype.h b/contrib/unbound/iterator/iter_resptype.h index 3bb3eed..fee9ef3 100644 --- a/contrib/unbound/iterator/iter_resptype.h +++ b/contrib/unbound/iterator/iter_resptype.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** diff --git a/contrib/unbound/iterator/iter_scrub.c b/contrib/unbound/iterator/iter_scrub.c index 6147c96..b2248bc 100644 --- a/contrib/unbound/iterator/iter_scrub.c +++ b/contrib/unbound/iterator/iter_scrub.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -53,16 +53,17 @@ #include "util/data/dname.h" #include "util/data/msgreply.h" #include "util/alloc.h" +#include "ldns/sbuffer.h" /** RRset flag used during scrubbing. The RRset is OK. */ #define RRSET_SCRUB_OK 0x80 /** remove rrset, update loop variables */ static void -remove_rrset(const char* str, ldns_buffer* pkt, struct msg_parse* msg, +remove_rrset(const char* str, sldns_buffer* pkt, struct msg_parse* msg, struct rrset_parse* prev, struct rrset_parse** rrset) { - if(verbosity >= VERB_QUERY + if(verbosity >= VERB_QUERY && str && (*rrset)->dname_len <= LDNS_MAX_DOMAINLEN) { uint8_t buf[LDNS_MAX_DOMAINLEN+1]; dname_pkt_copy(pkt, buf, (*rrset)->dname); @@ -108,7 +109,7 @@ has_additional(uint16_t t) /** get additional name from rrset RR, return false if no name present */ static int get_additional_name(struct rrset_parse* rrset, struct rr_parse* rr, - uint8_t** nm, size_t* nmlen, ldns_buffer* pkt) + uint8_t** nm, size_t* nmlen, sldns_buffer* pkt) { size_t offset = 0; size_t len, oldpos; @@ -132,14 +133,14 @@ get_additional_name(struct rrset_parse* rrset, struct rr_parse* rr, default: return 0; } - len = ldns_read_uint16(rr->ttl_data+sizeof(uint32_t)); + len = sldns_read_uint16(rr->ttl_data+sizeof(uint32_t)); if(len < offset+1) return 0; /* rdata field too small */ *nm = rr->ttl_data+sizeof(uint32_t)+sizeof(uint16_t)+offset; - oldpos = ldns_buffer_position(pkt); - ldns_buffer_set_position(pkt, (size_t)(*nm - ldns_buffer_begin(pkt))); + oldpos = sldns_buffer_position(pkt); + sldns_buffer_set_position(pkt, (size_t)(*nm - sldns_buffer_begin(pkt))); *nmlen = pkt_dname_len(pkt); - ldns_buffer_set_position(pkt, oldpos); + sldns_buffer_set_position(pkt, oldpos); if(*nmlen == 0) return 0; return 1; @@ -147,7 +148,7 @@ get_additional_name(struct rrset_parse* rrset, struct rr_parse* rr, /** Place mark on rrsets in additional section they are OK */ static void -mark_additional_rrset(ldns_buffer* pkt, struct msg_parse* msg, +mark_additional_rrset(sldns_buffer* pkt, struct msg_parse* msg, struct rrset_parse* rrset) { /* Mark A and AAAA for NS as appropriate additional section info. */ @@ -209,7 +210,7 @@ parse_get_cname_target(struct rrset_parse* rrset, uint8_t** sname, /** Synthesize CNAME from DNAME, false if too long */ static int synth_cname(uint8_t* qname, size_t qnamelen, struct rrset_parse* dname_rrset, - uint8_t* alias, size_t* aliaslen, ldns_buffer* pkt) + uint8_t* alias, size_t* aliaslen, sldns_buffer* pkt) { /* we already know that sname is a strict subdomain of DNAME owner */ uint8_t* dtarg = NULL; @@ -233,7 +234,7 @@ static struct rrset_parse* synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias, size_t aliaslen, struct regional* region, struct msg_parse* msg, struct rrset_parse* rrset, struct rrset_parse* prev, - struct rrset_parse* nx, ldns_buffer* pkt) + struct rrset_parse* nx, sldns_buffer* pkt) { struct rrset_parse* cn = (struct rrset_parse*)regional_alloc(region, sizeof(struct rrset_parse)); @@ -264,8 +265,8 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias, sizeof(uint32_t)+sizeof(uint16_t)+aliaslen); if(!cn->rr_first->ttl_data) return NULL; - ldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */ - ldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen); + sldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */ + sldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen); memmove(cn->rr_first->ttl_data+6, alias, aliaslen); cn->rr_first->size = sizeof(uint16_t)+aliaslen; @@ -287,7 +288,7 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias, /** check if DNAME applies to a name */ static int -pkt_strict_sub(ldns_buffer* pkt, uint8_t* sname, uint8_t* dr) +pkt_strict_sub(sldns_buffer* pkt, uint8_t* sname, uint8_t* dr) { uint8_t buf1[LDNS_MAX_DOMAINLEN+1]; uint8_t buf2[LDNS_MAX_DOMAINLEN+1]; @@ -299,7 +300,7 @@ pkt_strict_sub(ldns_buffer* pkt, uint8_t* sname, uint8_t* dr) /** check subdomain with decompression */ static int -pkt_sub(ldns_buffer* pkt, uint8_t* comprname, uint8_t* zone) +pkt_sub(sldns_buffer* pkt, uint8_t* comprname, uint8_t* zone) { uint8_t buf[LDNS_MAX_DOMAINLEN+1]; dname_pkt_copy(pkt, buf, comprname); @@ -308,7 +309,7 @@ pkt_sub(ldns_buffer* pkt, uint8_t* comprname, uint8_t* zone) /** check subdomain with decompression, compressed is parent */ static int -sub_of_pkt(ldns_buffer* pkt, uint8_t* zone, uint8_t* comprname) +sub_of_pkt(sldns_buffer* pkt, uint8_t* zone, uint8_t* comprname) { uint8_t buf[LDNS_MAX_DOMAINLEN+1]; dname_pkt_copy(pkt, buf, comprname); @@ -327,7 +328,7 @@ sub_of_pkt(ldns_buffer* pkt, uint8_t* zone, uint8_t* comprname) * @return 0 on error. */ static int -scrub_normalize(ldns_buffer* pkt, struct msg_parse* msg, +scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, struct query_info* qinfo, struct regional* region) { uint8_t* sname = qinfo->qname; @@ -514,13 +515,13 @@ scrub_normalize(ldns_buffer* pkt, struct msg_parse* msg, * @param rrset: to store. */ static void -store_rrset(ldns_buffer* pkt, struct msg_parse* msg, struct module_env* env, +store_rrset(sldns_buffer* pkt, struct msg_parse* msg, struct module_env* env, struct rrset_parse* rrset) { struct ub_packed_rrset_key* k; struct packed_rrset_data* d; struct rrset_ref ref; - uint32_t now = *env->now; + time_t now = *env->now; k = alloc_special_obtain(env->alloc); if(!k) @@ -565,7 +566,7 @@ static int sanitize_nsec_is_overreach(struct rrset_parse* rrset, log_assert(rrset->type == LDNS_RR_TYPE_NSEC); for(rr = rrset->rr_first; rr; rr = rr->next) { rhs = rr->ttl_data+4+2; - len = ldns_read_uint16(rr->ttl_data+4); + len = sldns_read_uint16(rr->ttl_data+4); if(!dname_valid(rhs, len)) { /* malformed domain name in rdata */ return 1; @@ -594,7 +595,7 @@ static int sanitize_nsec_is_overreach(struct rrset_parse* rrset, * @return 0 on error. */ static int -scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg, +scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, struct query_info* qinfo, uint8_t* zonename, struct module_env* env, struct iter_env* ie) { @@ -646,14 +647,16 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg, /* remove private addresses */ if( (rrset->type == LDNS_RR_TYPE_A || - rrset->type == LDNS_RR_TYPE_AAAA) && - priv_rrset_bad(ie->priv, pkt, rrset)) { + rrset->type == LDNS_RR_TYPE_AAAA)) { /* do not set servfail since this leads to too * many drops of other people using rfc1918 space */ - remove_rrset("sanitize: removing public name with " - "private address", pkt, msg, prev, &rrset); - continue; + /* also do not remove entire rrset, unless all records + * in it are bad */ + if(priv_rrset_bad(ie->priv, pkt, rrset)) { + remove_rrset(NULL, pkt, msg, prev, &rrset); + continue; + } } /* skip DNAME records -- they will always be followed by a @@ -711,7 +714,7 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg, } int -scrub_message(ldns_buffer* pkt, struct msg_parse* msg, +scrub_message(sldns_buffer* pkt, struct msg_parse* msg, struct query_info* qinfo, uint8_t* zonename, struct regional* region, struct module_env* env, struct iter_env* ie) { diff --git a/contrib/unbound/iterator/iter_scrub.h b/contrib/unbound/iterator/iter_scrub.h index 6b7274e..cbbaf73 100644 --- a/contrib/unbound/iterator/iter_scrub.h +++ b/contrib/unbound/iterator/iter_scrub.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -42,7 +42,7 @@ #ifndef ITERATOR_ITER_SCRUB_H #define ITERATOR_ITER_SCRUB_H -#include <ldns/buffer.h> +struct sldns_buffer; struct msg_parse; struct query_info; struct regional; @@ -62,7 +62,7 @@ struct iter_env; * @param ie: iterator module environment data. * @return: false if the message is total waste. true if scrubbed with success. */ -int scrub_message(ldns_buffer* pkt, struct msg_parse* msg, +int scrub_message(struct sldns_buffer* pkt, struct msg_parse* msg, struct query_info* qinfo, uint8_t* zonename, struct regional* regional, struct module_env* env, struct iter_env* ie); diff --git a/contrib/unbound/iterator/iter_utils.c b/contrib/unbound/iterator/iter_utils.c index a500c75..5d55b62 100644 --- a/contrib/unbound/iterator/iter_utils.c +++ b/contrib/unbound/iterator/iter_utils.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -63,6 +63,8 @@ #include "validator/val_kcache.h" #include "validator/val_kentry.h" #include "validator/val_utils.h" +#include "validator/val_sigcrypt.h" +#include "ldns/sbuffer.h" /** time when nameserver glue is said to be 'recent' */ #define SUSPICION_RECENT_EXPIRY 86400 @@ -177,7 +179,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) */ static int iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now, + uint8_t* name, size_t namelen, uint16_t qtype, time_t now, struct delegpt_addr* a) { int rtt, lame, reclame, dnsseclame; @@ -217,14 +219,16 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, /* select remainder from worst to best */ else if(reclame) return rtt+USEFUL_SERVER_TOP_TIMEOUT*3; /* nonpref */ - else if(dnsseclame ) + else if(dnsseclame || a->dnsseclame) return rtt+USEFUL_SERVER_TOP_TIMEOUT*2; /* nonpref */ else if(a->lame) return rtt+USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */ else return rtt; } /* no server information present */ - if(a->lame) + if(a->dnsseclame) + return UNKNOWN_SERVER_NICENESS+USEFUL_SERVER_TOP_TIMEOUT*2; /* nonpref */ + else if(a->lame) return USEFUL_SERVER_TOP_TIMEOUT+1+UNKNOWN_SERVER_NICENESS; /* nonpref */ return UNKNOWN_SERVER_NICENESS; } @@ -232,7 +236,7 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, /** lookup RTT information, and also store fastest rtt (if any) */ static int iter_fill_rtt(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now, + uint8_t* name, size_t namelen, uint16_t qtype, time_t now, struct delegpt* dp, int* best_rtt, struct sock_list* blacklist) { int got_it = 0; @@ -261,7 +265,7 @@ iter_fill_rtt(struct iter_env* iter_env, struct module_env* env, * returns number of best targets (or 0, no suitable targets) */ static int iter_filter_order(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now, + uint8_t* name, size_t namelen, uint16_t qtype, time_t now, struct delegpt* dp, int* selected_rtt, int open_target, struct sock_list* blacklist) { @@ -387,7 +391,7 @@ iter_server_selection(struct iter_env* iter_env, } struct dns_msg* -dns_alloc_msg(ldns_buffer* pkt, struct msg_parse* msg, +dns_alloc_msg(sldns_buffer* pkt, struct msg_parse* msg, struct regional* region) { struct dns_msg* m = (struct dns_msg*)regional_alloc(region, @@ -420,7 +424,7 @@ dns_copy_msg(struct dns_msg* from, struct regional* region) void iter_dns_store(struct module_env* env, struct query_info* msgqinf, - struct reply_info* msgrep, int is_referral, uint32_t leeway, int pside, + struct reply_info* msgrep, int is_referral, time_t leeway, int pside, struct regional* region) { if(!dns_cache_store(env, msgqinf, msgrep, is_referral, leeway, @@ -680,7 +684,7 @@ rrset_equal(struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2) } int -reply_equal(struct reply_info* p, struct reply_info* q, ldns_buffer* scratch) +reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region) { size_t i; if(p->flags != q->flags || @@ -695,27 +699,12 @@ reply_equal(struct reply_info* p, struct reply_info* q, ldns_buffer* scratch) return 0; for(i=0; i<p->rrset_count; i++) { if(!rrset_equal(p->rrsets[i], q->rrsets[i])) { - /* fallback procedure: try to sort and canonicalize */ - ldns_rr_list* pl, *ql; - pl = packed_rrset_to_rr_list(p->rrsets[i], scratch); - ql = packed_rrset_to_rr_list(q->rrsets[i], scratch); - if(!pl || !ql) { - ldns_rr_list_deep_free(pl); - ldns_rr_list_deep_free(ql); + if(!rrset_canonical_equal(region, p->rrsets[i], + q->rrsets[i])) { + regional_free_all(region); return 0; } - ldns_rr_list2canonical(pl); - ldns_rr_list2canonical(ql); - ldns_rr_list_sort(pl); - ldns_rr_list_sort(ql); - if(ldns_rr_list_compare(pl, ql) != 0) { - ldns_rr_list_deep_free(pl); - ldns_rr_list_deep_free(ql); - return 0; - } - ldns_rr_list_deep_free(pl); - ldns_rr_list_deep_free(ql); - continue; + regional_free_all(region); } } return 1; @@ -768,7 +757,7 @@ void iter_store_parentside_neg(struct module_env* env, /* TTL: NS from referral in iq->deleg_msg, * or first RR from iq->response, * or servfail5secs if !iq->response */ - uint32_t ttl = NORR_TTL; + time_t ttl = NORR_TTL; struct ub_packed_rrset_key* neg; struct packed_rrset_data* newd; if(rep) { @@ -798,7 +787,7 @@ void iter_store_parentside_neg(struct module_env* env, neg->entry.hash = rrset_key_hash(&neg->rk); newd = (struct packed_rrset_data*)regional_alloc_zero(env->scratch, sizeof(struct packed_rrset_data) + sizeof(size_t) + - sizeof(uint8_t*) + sizeof(uint32_t) + sizeof(uint16_t)); + sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t)); if(!newd) { log_err("out of memory in store_parentside_neg"); return; @@ -815,7 +804,7 @@ void iter_store_parentside_neg(struct module_env* env, newd->rr_len[0] = 0 /* zero len rdata */ + sizeof(uint16_t); packed_rrset_ptr_fixup(newd); newd->rr_ttl[0] = newd->ttl; - ldns_write_uint16(newd->rr_data[0], 0 /* zero len rdata */); + sldns_write_uint16(newd->rr_data[0], 0 /* zero len rdata */); /* store it */ log_rrset_key(VERB_ALGO, "store parent-side negative", neg); iter_store_parentside_rrset(env, neg); diff --git a/contrib/unbound/iterator/iter_utils.h b/contrib/unbound/iterator/iter_utils.h index 8f5a291..abdc68f 100644 --- a/contrib/unbound/iterator/iter_utils.h +++ b/contrib/unbound/iterator/iter_utils.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -43,7 +43,7 @@ #ifndef ITERATOR_ITER_UTILS_H #define ITERATOR_ITER_UTILS_H #include "iterator/iter_resptype.h" -#include <ldns/buffer.h> +struct sldns_buffer; struct iter_env; struct iter_hints; struct iter_forwards; @@ -102,7 +102,7 @@ struct delegpt_addr* iter_server_selection(struct iter_env* iter_env, * @param regional: regional to use for allocation. * @return newly allocated dns_msg, or NULL on memory error. */ -struct dns_msg* dns_alloc_msg(ldns_buffer* pkt, struct msg_parse* msg, +struct dns_msg* dns_alloc_msg(struct sldns_buffer* pkt, struct msg_parse* msg, struct regional* regional); /** @@ -131,7 +131,7 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional); * but the query resolution can continue without cache storage. */ void iter_dns_store(struct module_env* env, struct query_info* qinf, - struct reply_info* rep, int is_referral, uint32_t leeway, int pside, + struct reply_info* rep, int is_referral, time_t leeway, int pside, struct regional* region); /** @@ -216,10 +216,10 @@ int iter_msg_from_zone(struct dns_msg* msg, struct delegpt* dp, * @param p: reply one. The reply has rrset data pointers in region. * Does not check rrset-IDs * @param q: reply two - * @param buf: scratch buffer. + * @param region: scratch buffer. * @return if one and two are equal. */ -int reply_equal(struct reply_info* p, struct reply_info* q, ldns_buffer* buf); +int reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region); /** * Store parent-side rrset in seperate rrset cache entries for later diff --git a/contrib/unbound/iterator/iterator.c b/contrib/unbound/iterator/iterator.c index e3f058f..87fac81 100644 --- a/contrib/unbound/iterator/iterator.c +++ b/contrib/unbound/iterator/iterator.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -41,7 +41,6 @@ */ #include "config.h" -#include <ldns/ldns.h> #include "iterator/iterator.h" #include "iterator/iter_utils.h" #include "iterator/iter_hints.h" @@ -62,6 +61,10 @@ #include "util/data/msgencode.h" #include "util/fptr_wlist.h" #include "util/config_file.h" +#include "ldns/rrdef.h" +#include "ldns/wire2str.h" +#include "ldns/parseutil.h" +#include "ldns/sbuffer.h" int iter_init(struct module_env* env, int id) @@ -228,8 +231,8 @@ static int error_response(struct module_qstate* qstate, int id, int rcode) { verbose(VERB_QUERY, "return error response %s", - ldns_lookup_by_id(ldns_rcodes, rcode)? - ldns_lookup_by_id(ldns_rcodes, rcode)->name:"??"); + sldns_lookup_by_id(sldns_rcodes, rcode)? + sldns_lookup_by_id(sldns_rcodes, rcode)->name:"??"); qstate->return_rcode = rcode; qstate->return_msg = NULL; qstate->ext_state[id] = module_finished; @@ -540,8 +543,8 @@ prime_root(struct module_qstate* qstate, struct iter_qstate* iq, int id, struct delegpt* dp; struct module_qstate* subq; verbose(VERB_DETAIL, "priming . %s NS", - ldns_lookup_by_id(ldns_rr_classes, (int)qclass)? - ldns_lookup_by_id(ldns_rr_classes, (int)qclass)->name:"??"); + sldns_lookup_by_id(sldns_rr_classes, (int)qclass)? + sldns_lookup_by_id(sldns_rr_classes, (int)qclass)->name:"??"); dp = hints_lookup_root(qstate->env->hints, qclass); if(!dp) { verbose(VERB_ALGO, "Cannot prime due to lack of hints"); @@ -1212,7 +1215,7 @@ processInitRequest3(struct module_qstate* qstate, struct iter_qstate* iq, * cached referral as the response. */ if(!(qstate->query_flags & BIT_RD)) { iq->response = iq->deleg_msg; - if(verbosity >= VERB_ALGO) + if(verbosity >= VERB_ALGO && iq->response) log_dns_msg("no RD requested, using delegation msg", &iq->response->qinfo, iq->response->rep); if(qstate->reply_origin) @@ -1409,6 +1412,35 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, return 1; } +/** see if last resort is possible - does config allow queries to parent */ +static int +can_have_last_resort(struct module_env* env, struct delegpt* dp, + struct iter_qstate* iq) +{ + struct delegpt* fwddp; + struct iter_hints_stub* stub; + /* do not process a last resort (the parent side) if a stub + * or forward is configured, because we do not want to go 'above' + * the configured servers */ + if(!dname_is_root(dp->name) && (stub = (struct iter_hints_stub*) + name_tree_find(&env->hints->tree, dp->name, dp->namelen, + dp->namelabs, iq->qchase.qclass)) && + /* has_parent side is turned off for stub_first, where we + * are allowed to go to the parent */ + stub->dp->has_parent_side_NS) { + verbose(VERB_QUERY, "configured stub servers failed -- returning SERVFAIL"); + return 0; + } + if((fwddp = forwards_find(env->fwds, dp->name, iq->qchase.qclass)) && + /* has_parent_side is turned off for forward_first, where + * we are allowed to go to the parent */ + fwddp->has_parent_side_NS) { + verbose(VERB_QUERY, "configured forward servers failed -- returning SERVFAIL"); + return 0; + } + return 1; +} + /** * Called by processQueryTargets when it would like extra targets to query * but it seems to be out of options. At last resort some less appealing @@ -1430,6 +1462,11 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_ALGO, "No more query targets, attempting last resort"); log_assert(iq->dp); + if(!can_have_last_resort(qstate->env, iq->dp, iq)) { + /* fail -- no more targets, no more hope of targets, no hope + * of a response. */ + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); + } if(!iq->dp->has_parent_side_NS && dname_is_root(iq->dp->name)) { struct delegpt* p = hints_lookup_root(qstate->env->hints, iq->qchase.qclass); @@ -1439,7 +1476,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, iq->chase_flags &= ~BIT_RD; /* go to authorities */ for(ns = p->nslist; ns; ns=ns->next) { (void)delegpt_add_ns(iq->dp, qstate->region, - ns->name, (int)ns->lame); + ns->name, ns->lame); } for(a = p->target_list; a; a=a->next_target) { (void)delegpt_add_addr(iq->dp, qstate->region, @@ -1880,12 +1917,23 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, && type != RESPONSE_TYPE_UNTYPED) { /* a possible answer, see if it is missing DNSSEC */ /* but not when forwarding, so we dont mark fwder lame */ - /* also make sure the answer is from the zone we expected, - * otherwise, (due to parent,child on same server), we - * might mark the server,zone lame inappropriately */ - if(!iter_msg_has_dnssec(iq->response) && - iter_msg_from_zone(iq->response, iq->dp, type, - iq->qchase.qclass)) { + if(!iter_msg_has_dnssec(iq->response)) { + /* Mark this address as dnsseclame in this dp, + * because that will make serverselection disprefer + * it, but also, once it is the only final option, + * use dnssec-lame-bypass if it needs to query there.*/ + if(qstate->reply) { + struct delegpt_addr* a = delegpt_find_addr( + iq->dp, &qstate->reply->addr, + qstate->reply->addrlen); + if(a) a->dnsseclame = 1; + } + /* test the answer is from the zone we expected, + * otherwise, (due to parent,child on same server), we + * might mark the server,zone lame inappropriately */ + if(!iter_msg_from_zone(iq->response, iq->dp, type, + iq->qchase.qclass)) + qstate->reply = NULL; type = RESPONSE_TYPE_LAME; dnsseclame = 1; } @@ -2117,8 +2165,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, *qstate->env->now, dnsseclame, 0, iq->qchase.qtype)) log_err("mark host lame: out of memory"); - } else log_err("%slame response from cache", - dnsseclame?"DNSSEC ":""); + } } else if(type == RESPONSE_TYPE_REC_LAME) { /* Cache the LAMEness. */ verbose(VERB_DETAIL, "query response REC_LAME: " @@ -2326,12 +2373,12 @@ processTargetResponse(struct module_qstate* qstate, int id, rrset->rk.dname_len)) { /* if dpns->lame then set newcname ns lame too */ if(!delegpt_add_ns(foriq->dp, forq->region, - rrset->rk.dname, (int)dpns->lame)) + rrset->rk.dname, dpns->lame)) log_err("out of memory adding cnamed-ns"); } /* if dpns->lame then set the address(es) lame too */ if(!delegpt_add_rrset(foriq->dp, forq->region, rrset, - (int)dpns->lame)) + dpns->lame)) log_err("out of memory adding targets"); verbose(VERB_ALGO, "added target response"); delegpt_log(VERB_ALGO, foriq->dp); @@ -2704,7 +2751,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, { struct msg_parse* prs; struct edns_data edns; - ldns_buffer* pkt; + sldns_buffer* pkt; verbose(VERB_ALGO, "process_response: new external response event"); iq->response = NULL; @@ -2731,7 +2778,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, memset(prs, 0, sizeof(*prs)); memset(&edns, 0, sizeof(edns)); pkt = qstate->reply->c->buffer; - ldns_buffer_set_position(pkt, 0); + sldns_buffer_set_position(pkt, 0); if(parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) { verbose(VERB_ALGO, "parse error on reply packet"); goto handle_it; @@ -2771,7 +2818,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, } else { /* check if reply is the same, otherwise, fail */ if(!reply_equal(iq->response->rep, iq->caps_reply, - qstate->env->scratch_buffer)) { + qstate->env->scratch)) { verbose(VERB_DETAIL, "Capsforid fallback: " "getting different replies, failed"); outbound_list_remove(&iq->outlist, outbound); diff --git a/contrib/unbound/iterator/iterator.h b/contrib/unbound/iterator/iterator.h index eb33315..1816d12 100644 --- a/contrib/unbound/iterator/iterator.h +++ b/contrib/unbound/iterator/iterator.h @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** |
