dns64.c revision 294190 
1/*
2 * dns64/dns64.c - DNS64 module
3 *
4 * Copyright (c) 2009, Viag��nie. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of Viag��nie nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
34 */
35
36/**
37 * \file
38 *
39 * This file contains a module that performs DNS64 query processing.
40 */
41
42#include "config.h"
43#include "dns64/dns64.h"
44#include "services/cache/dns.h"
45#include "services/cache/rrset.h"
46#include "util/config_file.h"
47#include "util/data/msgreply.h"
48#include "util/fptr_wlist.h"
49#include "util/net_help.h"
50#include "util/regional.h"
51
52/******************************************************************************
53 *                                                                            *
54 *                             STATIC CONSTANTS                               *
55 *                                                                            *
56 ******************************************************************************/
57
58/**
59 * This is the default DNS64 prefix that is used whent he dns64 module is listed
60 * in module-config but when the dns64-prefix variable is not present.
61 */
62static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96";
63
64/**
65 * Maximum length of a domain name in a PTR query in the .in-addr.arpa tree.
66 */
67#define MAX_PTR_QNAME_IPV4 30
68
69/**
70 * Per-query module-specific state. This is usually a dynamically-allocated
71 * structure, but in our case we only need to store one variable describing the
72 * state the query is in. So we repurpose the minfo pointer by storing an
73 * integer in there.
74 */
75enum dns64_qstate {
76    DNS64_INTERNAL_QUERY,    /**< Internally-generated query, no DNS64
77                                  processing. */
78    DNS64_NEW_QUERY,         /**< Query for which we're the first module in
79                                  line. */
80    DNS64_SUBQUERY_FINISHED  /**< Query for which we generated a sub-query, and
81                                  for which this sub-query is finished. */
82};
83
84
85/******************************************************************************
86 *                                                                            *
87 *                                 STRUCTURES                                 *
88 *                                                                            *
89 ******************************************************************************/
90
91/**
92 * This structure contains module configuration information. One instance of
93 * this structure exists per instance of the module. Normally there is only one
94 * instance of the module.
95 */
96struct dns64_env {
97    /**
98     * DNS64 prefix address. We're using a full sockaddr instead of just an
99     * in6_addr because we can reuse Unbound's generic string parsing functions.
100     * It will always contain a sockaddr_in6, and only the sin6_addr member will
101     * ever be used.
102     */
103    struct sockaddr_storage prefix_addr;
104
105    /**
106     * This is always sizeof(sockaddr_in6).
107     */
108    socklen_t prefix_addrlen;
109
110    /**
111     * This is the CIDR length of the prefix. It needs to be between 0 and 96.
112     */
113    int prefix_net;
114};
115
116
117/******************************************************************************
118 *                                                                            *
119 *                             UTILITY FUNCTIONS                              *
120 *                                                                            *
121 ******************************************************************************/
122
123/**
124 * Generic macro for swapping two variables.
125 *
126 * \param t Type of the variables. (e.g. int)
127 * \param a First variable.
128 * \param b Second variable.
129 *
130 * \warning Do not attempt something foolish such as swap(int,a++,b++)!
131 */
132#define swap(t,a,b) do {t x = a; a = b; b = x;} while(0)
133
134/**
135 * Reverses a string.
136 *
137 * \param begin Points to the first character of the string.
138 * \param end   Points one past the last character of the string.
139 */
140static void
141reverse(char* begin, char* end)
142{
143    while ( begin < --end ) {
144        swap(char, *begin, *end);
145        ++begin;
146    }
147}
148
149/**
150 * Convert an unsigned integer to a string. The point of this function is that
151 * of being faster than sprintf().
152 *
153 * \param n The number to be converted.
154 * \param s The result will be written here. Must be large enough, be careful!
155 *
156 * \return The number of characters written.
157 */
158static int
159uitoa(unsigned n, char* s)
160{
161    char* ss = s;
162    do {
163        *ss++ = '0' + n % 10;
164    } while (n /= 10);
165    reverse(s, ss);
166    return ss - s;
167}
168
169/**
170 * Extract an IPv4 address embedded in the IPv6 address \a ipv6 at offset \a
171 * offset (in bits). Note that bits are not necessarily aligned on bytes so we
172 * need to be careful.
173 *
174 * \param ipv6   IPv6 address represented as a 128-bit array in big-endian
175 *               order.
176 * \param offset Index of the MSB of the IPv4 address embedded in the IPv6
177 *               address.
178 */
179static uint32_t
180extract_ipv4(const uint8_t ipv6[16], const int offset)
181{
182    uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8))
183                  | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8))
184                  | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8))
185                  | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8));
186    if (offset/8+4 < 16)
187        ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8);
188    return ipv4;
189}
190
191/**
192 * Builds the PTR query name corresponding to an IPv4 address. For example,
193 * given the number 3,464,175,361, this will build the string
194 * "\03206\03123\0231\011\07in-addr\04arpa".
195 *
196 * \param ipv4 IPv4 address represented as an unsigned 32-bit number.
197 * \param ptr  The result will be written here. Must be large enough, be
198 *             careful!
199 *
200 * \return The number of characters written.
201 */
202static size_t
203ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4])
204{
205    static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa";
206    int i;
207    char* c = ptr;
208
209    for (i = 0; i < 4; ++i) {
210        *c = uitoa((unsigned int)(ipv4 % 256), c + 1);
211        c += *c + 1;
212        ipv4 /= 256;
213    }
214
215    memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX));
216
217    return c + sizeof(IPV4_PTR_SUFFIX) - ptr;
218}
219
220/**
221 * Converts an IPv6-related domain name string from a PTR query into an IPv6
222 * address represented as a 128-bit array.
223 *
224 * \param ptr  The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa")
225 * \param ipv6 The result will be written here, in network byte order.
226 *
227 * \return 1 on success, 0 on failure.
228 */
229static int
230ptr_to_ipv6(const char* ptr, uint8_t ipv6[16])
231{
232    int i;
233
234    for (i = 0; i < 64; i++) {
235        int x;
236
237        if (ptr[i++] != 1)
238            return 0;
239
240        if (ptr[i] >= '0' && ptr[i] <= '9') {
241            x = ptr[i] - '0';
242        } else if (ptr[i] >= 'a' && ptr[i] <= 'f') {
243            x = ptr[i] - 'a' + 10;
244        } else if (ptr[i] >= 'A' && ptr[i] <= 'F') {
245            x = ptr[i] - 'A' + 10;
246        } else {
247            return 0;
248        }
249
250        ipv6[15-i/4] |= x << (2 * ((i-1) % 4));
251    }
252
253    return 1;
254}
255
256/**
257 * Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix.
258 *
259 * \param prefix_addr DNS64 prefix address.
260 * \param prefix_net  CIDR length of the DNS64 prefix. Must be between 0 and 96.
261 * \param a           IPv4 address.
262 * \param aaaa        IPv6 address. The result will be written here.
263 */
264static void
265synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net,
266        const uint8_t a[4], uint8_t aaaa[16])
267{
268    memcpy(aaaa, prefix_addr, 16);
269    aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8);
270    aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8);
271    aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8);
272    aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8);
273    aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8);
274    aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8);
275    aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8);
276    if (prefix_net/8+4 < 16)  /* <-- my beautiful symmetry is destroyed! */
277    aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8);
278}
279
280
281/******************************************************************************
282 *                                                                            *
283 *                           DNS64 MODULE FUNCTIONS                           *
284 *                                                                            *
285 ******************************************************************************/
286
287/**
288 * This function applies the configuration found in the parsed configuration
289 * file \a cfg to this instance of the dns64 module. Currently only the DNS64
290 * prefix (a.k.a. Pref64) is configurable.
291 *
292 * \param dns64_env Module-specific global parameters.
293 * \param cfg       Parsed configuration file.
294 */
295static int
296dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg)
297{
298    verbose(VERB_ALGO, "dns64-prefix: %s", cfg->dns64_prefix);
299    if (!netblockstrtoaddr(cfg->dns64_prefix ? cfg->dns64_prefix :
300                DEFAULT_DNS64_PREFIX, 0, &dns64_env->prefix_addr,
301                &dns64_env->prefix_addrlen, &dns64_env->prefix_net)) {
302        log_err("cannot parse dns64-prefix netblock: %s", cfg->dns64_prefix);
303        return 0;
304    }
305    if (!addr_is_ip6(&dns64_env->prefix_addr, dns64_env->prefix_addrlen)) {
306        log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix);
307        return 0;
308    }
309    if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) {
310        log_err("dns64-prefix length it not between 0 and 96: %s",
311                cfg->dns64_prefix);
312        return 0;
313    }
314    return 1;
315}
316
317/**
318 * Initializes this instance of the dns64 module.
319 *
320 * \param env Global state of all module instances.
321 * \param id  This instance's ID number.
322 */
323int
324dns64_init(struct module_env* env, int id)
325{
326    struct dns64_env* dns64_env =
327        (struct dns64_env*)calloc(1, sizeof(struct dns64_env));
328    if (!dns64_env) {
329        log_err("malloc failure");
330        return 0;
331    }
332	env->modinfo[id] = (void*)dns64_env;
333    if (!dns64_apply_cfg(dns64_env, env->cfg)) {
334        log_err("dns64: could not apply configuration settings.");
335        return 0;
336    }
337    return 1;
338}
339
340/**
341 * Deinitializes this instance of the dns64 module.
342 *
343 * \param env Global state of all module instances.
344 * \param id  This instance's ID number.
345 */
346void
347dns64_deinit(struct module_env* env, int id)
348{
349    if (!env)
350        return;
351    free(env->modinfo[id]);
352    env->modinfo[id] = NULL;
353}
354
355/**
356 * Handle PTR queries for IPv6 addresses. If the address belongs to the DNS64
357 * prefix, we must do a PTR query for the corresponding IPv4 address instead.
358 *
359 * \param qstate Query state structure.
360 * \param id     This module instance's ID number.
361 *
362 * \return The new state of the query.
363 */
364static enum module_ext_state
365handle_ipv6_ptr(struct module_qstate* qstate, int id)
366{
367    struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id];
368    struct module_qstate* subq = NULL;
369    struct query_info qinfo;
370    struct sockaddr_in6 sin6;
371
372    /* Convert the PTR query string to an IPv6 address. */
373    memset(&sin6, 0, sizeof(sin6));
374    sin6.sin6_family = AF_INET6;
375    if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr))
376        return module_wait_module;  /* Let other module handle this. */
377
378    /*
379     * If this IPv6 address is not part of our DNS64 prefix, then we don't need
380     * to do anything. Let another module handle the query.
381     */
382    if (addr_in_common((struct sockaddr_storage*)&sin6, 128,
383                &dns64_env->prefix_addr, dns64_env->prefix_net,
384                (socklen_t)sizeof(sin6)) != dns64_env->prefix_net)
385        return module_wait_module;
386
387    verbose(VERB_ALGO, "dns64: rewrite PTR record");
388
389    /*
390     * Create a new PTR query info for the domain name corresponding to the IPv4
391     * address corresponding to the IPv6 address corresponding to the original
392     * PTR query domain name.
393     */
394    qinfo = qstate->qinfo;
395    if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4)))
396        return module_error;
397    qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr,
398                dns64_env->prefix_net), (char*)qinfo.qname);
399
400    /* Create the new sub-query. */
401    fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
402    if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, 0,
403                &subq))
404        return module_error;
405    if (subq) {
406        subq->curmod = id;
407        subq->ext_state[id] = module_state_initial;
408        subq->minfo[id] = NULL;
409    }
410
411    return module_wait_subquery;
412}
413
414/** allocate (special) rrset keys, return 0 on error */
415static int
416repinfo_alloc_rrset_keys(struct reply_info* rep,
417	struct regional* region)
418{
419	size_t i;
420	for(i=0; i<rep->rrset_count; i++) {
421		if(region) {
422			rep->rrsets[i] = (struct ub_packed_rrset_key*)
423				regional_alloc(region,
424				sizeof(struct ub_packed_rrset_key));
425			if(rep->rrsets[i]) {
426				memset(rep->rrsets[i], 0,
427					sizeof(struct ub_packed_rrset_key));
428				rep->rrsets[i]->entry.key = rep->rrsets[i];
429			}
430		}
431		else return 0;/*	rep->rrsets[i] = alloc_special_obtain(alloc);*/
432		if(!rep->rrsets[i])
433			return 0;
434		rep->rrsets[i]->entry.data = NULL;
435	}
436	return 1;
437}
438
439static enum module_ext_state
440generate_type_A_query(struct module_qstate* qstate, int id)
441{
442	struct module_qstate* subq = NULL;
443	struct query_info qinfo;
444
445	verbose(VERB_ALGO, "dns64: query A record");
446
447	/* Create a new query info. */
448	qinfo = qstate->qinfo;
449	qinfo.qtype = LDNS_RR_TYPE_A;
450
451	/* Start the sub-query. */
452	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
453	if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0,
454				       0, &subq))
455	{
456		verbose(VERB_ALGO, "dns64: sub-query creation failed");
457		return module_error;
458	}
459	if (subq) {
460		subq->curmod = id;
461		subq->ext_state[id] = module_state_initial;
462		subq->minfo[id] = NULL;
463	}
464
465	return module_wait_subquery;
466}
467
468/**
469 * Handles the "pass" event for a query. This event is received when a new query
470 * is received by this module. The query may have been generated internally by
471 * another module, in which case we don't want to do any special processing
472 * (this is an interesting discussion topic),  or it may be brand new, e.g.
473 * received over a socket, in which case we do want to apply DNS64 processing.
474 *
475 * \param qstate A structure representing the state of the query that has just
476 *               received the "pass" event.
477 * \param id     This module's instance ID.
478 *
479 * \return The new state of the query.
480 */
481static enum module_ext_state
482handle_event_pass(struct module_qstate* qstate, int id)
483{
484	if ((uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY
485            && qstate->qinfo.qtype == LDNS_RR_TYPE_PTR
486            && qstate->qinfo.qname_len == 74
487            && !strcmp((char*)&qstate->qinfo.qname[64], "\03ip6\04arpa"))
488        /* Handle PTR queries for IPv6 addresses. */
489        return handle_ipv6_ptr(qstate, id);
490
491	if (qstate->env->cfg->dns64_synthall &&
492	    (uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY
493	    && qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA)
494		return generate_type_A_query(qstate, id);
495
496	/* We are finished when our sub-query is finished. */
497	if ((uintptr_t)qstate->minfo[id] == DNS64_SUBQUERY_FINISHED)
498		return module_finished;
499
500	/* Otherwise, pass request to next module. */
501	verbose(VERB_ALGO, "dns64: pass to next module");
502	return module_wait_module;
503}
504
505/**
506 * Handles the "done" event for a query. We need to analyze the response and
507 * maybe issue a new sub-query for the A record.
508 *
509 * \param qstate A structure representing the state of the query that has just
510 *               received the "pass" event.
511 * \param id     This module's instance ID.
512 *
513 * \return The new state of the query.
514 */
515static enum module_ext_state
516handle_event_moddone(struct module_qstate* qstate, int id)
517{
518    /*
519     * In many cases we have nothing special to do. From most to least common:
520     *
521     *   - An internal query.
522     *   - A query for a record type other than AAAA.
523     *   - CD FLAG was set on querier
524     *   - An AAAA query for which an error was returned.
525     *   - A successful AAAA query with an answer.
526     */
527	if ( (enum dns64_qstate)qstate->minfo[id] == DNS64_INTERNAL_QUERY
528            || qstate->qinfo.qtype != LDNS_RR_TYPE_AAAA
529	    || (qstate->query_flags & BIT_CD)
530	    || qstate->return_rcode != LDNS_RCODE_NOERROR
531	    || (qstate->return_msg &&
532		    qstate->return_msg->rep &&
533		    reply_find_answer_rrset(&qstate->qinfo,
534			    qstate->return_msg->rep)))
535		return module_finished;
536
537    /* So, this is a AAAA noerror/nodata answer */
538	return generate_type_A_query(qstate, id);
539}
540
541/**
542 * This is the module's main() function. It gets called each time a query
543 * receives an event which we may need to handle. We respond by updating the
544 * state of the query.
545 *
546 * \param qstate   Structure containing the state of the query.
547 * \param event    Event that has just been received.
548 * \param id       This module's instance ID.
549 * \param outbound State of a DNS query on an authoritative server. We never do
550 *                 our own queries ourselves (other modules do it for us), so
551 *                 this is unused.
552 */
553void
554dns64_operate(struct module_qstate* qstate, enum module_ev event, int id,
555		struct outbound_entry* outbound)
556{
557	(void)outbound;
558	verbose(VERB_QUERY, "dns64[module %d] operate: extstate:%s event:%s",
559			id, strextstate(qstate->ext_state[id]),
560			strmodulevent(event));
561	log_query_info(VERB_QUERY, "dns64 operate: query", &qstate->qinfo);
562
563	switch(event) {
564		case module_event_new:
565			/* Tag this query as being new and fall through. */
566			qstate->minfo[id] = (void*)DNS64_NEW_QUERY;
567		case module_event_pass:
568			qstate->ext_state[id] = handle_event_pass(qstate, id);
569			break;
570		case module_event_moddone:
571			qstate->ext_state[id] = handle_event_moddone(qstate, id);
572			break;
573		default:
574			qstate->ext_state[id] = module_finished;
575			break;
576	}
577}
578
579static void
580dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
581		      const struct packed_rrset_data* fd,
582		      struct ub_packed_rrset_key *dk,
583		      struct packed_rrset_data **dd_out, struct regional *region,
584		      struct dns64_env* dns64_env )
585{
586	struct packed_rrset_data *dd;
587	size_t i;
588	/*
589	 * Create synthesized AAAA RR set data. We need to allocated extra memory
590	 * for the RRs themselves. Each RR has a length, TTL, pointer to wireformat
591	 * data, 2 bytes of data length, and 16 bytes of IPv6 address.
592	 */
593	if(fd->count > RR_COUNT_MAX) {
594		*dd_out = NULL;
595		return; /* integer overflow protection in alloc */
596	}
597	if (!(dd = *dd_out = regional_alloc(region,
598		  sizeof(struct packed_rrset_data)
599		  + fd->count * (sizeof(size_t) + sizeof(time_t) +
600			     sizeof(uint8_t*) + 2 + 16)))) {
601		log_err("out of memory");
602		return;
603	}
604
605	/* Copy attributes from A RR set. */
606	dd->ttl = fd->ttl;
607	dd->count = fd->count;
608	dd->rrsig_count = 0;
609	dd->trust = fd->trust;
610	dd->security = fd->security;
611
612	/*
613	 * Synthesize AAAA records. Adjust pointers in structure.
614	 */
615	dd->rr_len =
616	    (size_t*)((uint8_t*)dd + sizeof(struct packed_rrset_data));
617	dd->rr_data = (uint8_t**)&dd->rr_len[dd->count];
618	dd->rr_ttl = (time_t*)&dd->rr_data[dd->count];
619	for(i = 0; i < fd->count; ++i) {
620		if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0
621		    || fd->rr_data[i][1] != 4) {
622			*dd_out = NULL;
623			return;
624		}
625		dd->rr_len[i] = 18;
626		dd->rr_data[i] =
627		    (uint8_t*)&dd->rr_ttl[dd->count] + 18*i;
628		dd->rr_data[i][0] = 0;
629		dd->rr_data[i][1] = 16;
630		synthesize_aaaa(
631				((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr,
632				dns64_env->prefix_net, &fd->rr_data[i][2],
633				&dd->rr_data[i][2] );
634		dd->rr_ttl[i] = fd->rr_ttl[i];
635	}
636
637	/*
638	 * Create synthesized AAAA RR set key. This is mostly just bookkeeping,
639	 * nothing interesting here.
640	 */
641	if(!dk) {
642		log_err("no key");
643		*dd_out = NULL;
644		return;
645	}
646
647	dk->rk.dname = (uint8_t*)regional_alloc_init(region,
648		     fk->rk.dname, fk->rk.dname_len);
649
650	if(!dk->rk.dname) {
651		log_err("out of memory");
652		*dd_out = NULL;
653		return;
654	}
655
656	dk->rk.type = htons(LDNS_RR_TYPE_AAAA);
657	memset(&dk->entry, 0, sizeof(dk->entry));
658	dk->entry.key = dk;
659	dk->entry.hash = rrset_key_hash(&dk->rk);
660	dk->entry.data = dd;
661
662}
663
664/**
665 * Synthesize an AAAA RR set from an A sub-query's answer and add it to the
666 * original empty response.
667 *
668 * \param id     This module's instance ID.
669 * \param super  Original AAAA query.
670 * \param qstate A query.
671 */
672static void
673dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate)
674{
675	struct dns64_env* dns64_env = (struct dns64_env*)super->env->modinfo[id];
676	struct reply_info *rep, *cp;
677	size_t i, s;
678	struct packed_rrset_data* fd, *dd;
679	struct ub_packed_rrset_key* fk, *dk;
680
681	verbose(VERB_ALGO, "converting A answers to AAAA answers");
682
683	log_assert(super->region);
684	log_assert(qstate->return_msg);
685	log_assert(qstate->return_msg->rep);
686
687	/* If dns64-synthall is enabled, return_msg is not initialized */
688	if(!super->return_msg) {
689		super->return_msg = (struct dns_msg*)regional_alloc(
690		    super->region, sizeof(struct dns_msg));
691		if(!super->return_msg)
692			return;
693		memset(super->return_msg, 0, sizeof(*super->return_msg));
694		super->return_msg->qinfo = super->qinfo;
695	}
696
697	rep = qstate->return_msg->rep;
698
699	/*
700	 * Build the actual reply.
701	 */
702	cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount,
703		rep->ttl, rep->prefetch_ttl, rep->an_numrrsets, rep->ns_numrrsets,
704		rep->ar_numrrsets, rep->rrset_count, rep->security);
705	if(!cp)
706		return;
707
708	/* allocate ub_key structures special or not */
709	if(!repinfo_alloc_rrset_keys(cp, super->region)) {
710		return;
711	}
712
713	/* copy everything and replace A by AAAA */
714	for(i=0; i<cp->rrset_count; i++) {
715		fk = rep->rrsets[i];
716		dk = cp->rrsets[i];
717		fd = (struct packed_rrset_data*)fk->entry.data;
718		dk->rk = fk->rk;
719		dk->id = fk->id;
720
721		if(i<rep->an_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) {
722			/* also sets dk->entry.hash */
723			dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env);
724			if(!dd)
725				return;
726			/* Delete negative AAAA record from cache stored by
727			 * the iterator module */
728			rrset_cache_remove(super->env->rrset_cache, dk->rk.dname,
729					   dk->rk.dname_len, LDNS_RR_TYPE_AAAA,
730					   LDNS_RR_CLASS_IN, 0);
731		} else {
732			dk->entry.hash = fk->entry.hash;
733			dk->rk.dname = (uint8_t*)regional_alloc_init(super->region,
734				fk->rk.dname, fk->rk.dname_len);
735
736			if(!dk->rk.dname)
737				return;
738
739			s = packed_rrset_sizeof(fd);
740			dd = (struct packed_rrset_data*)regional_alloc_init(
741				super->region, fd, s);
742
743			if(!dd)
744				return;
745		}
746
747		packed_rrset_ptr_fixup(dd);
748		dk->entry.data = (void*)dd;
749	}
750
751	/* Commit changes. */
752	super->return_msg->rep = cp;
753}
754
755/**
756 * Generate a response for the original IPv6 PTR query based on an IPv4 PTR
757 * sub-query's response.
758 *
759 * \param qstate IPv4 PTR sub-query.
760 * \param super  Original IPv6 PTR query.
761 */
762static void
763dns64_adjust_ptr(struct module_qstate* qstate, struct module_qstate* super)
764{
765    struct ub_packed_rrset_key* answer;
766
767    verbose(VERB_ALGO, "adjusting PTR reply");
768
769    /* Copy the sub-query's reply to the parent. */
770    if (!(super->return_msg = (struct dns_msg*)regional_alloc(super->region,
771                    sizeof(struct dns_msg))))
772        return;
773    super->return_msg->qinfo = super->qinfo;
774    super->return_msg->rep = reply_info_copy(qstate->return_msg->rep, NULL,
775            super->region);
776
777    /*
778     * Adjust the domain name of the answer RR set so that it matches the
779     * initial query's domain name.
780     */
781    answer = reply_find_answer_rrset(&qstate->qinfo, super->return_msg->rep);
782    log_assert(answer);
783    answer->rk.dname = super->qinfo.qname;
784    answer->rk.dname_len = super->qinfo.qname_len;
785}
786
787/**
788 * This function is called when a sub-query finishes to inform the parent query.
789 *
790 * We issue two kinds of sub-queries: PTR and A.
791 *
792 * \param qstate State of the sub-query.
793 * \param id     This module's instance ID.
794 * \param super  State of the super-query.
795 */
796void
797dns64_inform_super(struct module_qstate* qstate, int id,
798		struct module_qstate* super)
799{
800	log_query_info(VERB_ALGO, "dns64: inform_super, sub is",
801		       &qstate->qinfo);
802	log_query_info(VERB_ALGO, "super is", &super->qinfo);
803
804	/*
805	 * Signal that the sub-query is finished, no matter whether we are
806	 * successful or not. This lets the state machine terminate.
807	 */
808	super->minfo[id] = (void*)DNS64_SUBQUERY_FINISHED;
809
810	/* If there is no successful answer, we're done. */
811	if (qstate->return_rcode != LDNS_RCODE_NOERROR
812	    || !qstate->return_msg
813	    || !qstate->return_msg->rep
814	    || !reply_find_answer_rrset(&qstate->qinfo,
815					qstate->return_msg->rep))
816		return;
817
818	/* Generate a response suitable for the original query. */
819	if (qstate->qinfo.qtype == LDNS_RR_TYPE_A) {
820		dns64_adjust_a(id, super, qstate);
821	} else {
822		log_assert(qstate->qinfo.qtype == LDNS_RR_TYPE_PTR);
823		dns64_adjust_ptr(qstate, super);
824	}
825
826	/* Store the generated response in cache. */
827	if (!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep,
828	    0, 0, 0, NULL, super->query_flags))
829		log_err("out of memory");
830}
831
832/**
833 * Clear module-specific data from query state. Since we do not allocate memory,
834 * it's just a matter of setting a pointer to NULL.
835 *
836 * \param qstate Query state.
837 * \param id     This module's instance ID.
838 */
839void
840dns64_clear(struct module_qstate* qstate, int id)
841{
842    qstate->minfo[id] = NULL;
843}
844
845/**
846 * Returns the amount of global memory that this module uses, not including
847 * per-query data.
848 *
849 * \param env Module environment.
850 * \param id  This module's instance ID.
851 */
852size_t
853dns64_get_mem(struct module_env* env, int id)
854{
855    struct dns64_env* dns64_env = (struct dns64_env*)env->modinfo[id];
856    if (!dns64_env)
857        return 0;
858    return sizeof(*dns64_env);
859}
860
861/**
862 * The dns64 function block.
863 */
864static struct module_func_block dns64_block = {
865	"dns64",
866	&dns64_init, &dns64_deinit, &dns64_operate, &dns64_inform_super,
867	&dns64_clear, &dns64_get_mem
868};
869
870/**
871 * Function for returning the above function block.
872 */
873struct module_func_block *
874dns64_get_funcblock()
875{
876	return &dns64_block;
877}
878