1/* 2 * iterator/iter_delegpt.c - delegation point with NS and address information. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * This file implements the Delegation Point. It contains a list of name servers 40 * and their addresses if known. 41 */ 42#include "config.h" 43#include "iterator/iter_delegpt.h" 44#include "services/cache/dns.h" 45#include "util/regional.h" 46#include "util/data/dname.h" 47#include "util/data/packed_rrset.h" 48#include "util/data/msgreply.h" 49#include "util/net_help.h" 50 51struct delegpt* 52delegpt_create(struct regional* region) 53{ 54 struct delegpt* dp=(struct delegpt*)regional_alloc( 55 region, sizeof(*dp)); 56 if(!dp) 57 return NULL; 58 memset(dp, 0, sizeof(*dp)); 59 return dp; 60} 61 62struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region) 63{ 64 struct delegpt* copy = delegpt_create(region); 65 struct delegpt_ns* ns; 66 struct delegpt_addr* a; 67 if(!copy) 68 return NULL; 69 if(!delegpt_set_name(copy, region, dp->name)) 70 return NULL; 71 copy->bogus = dp->bogus; 72 copy->has_parent_side_NS = dp->has_parent_side_NS; 73 for(ns = dp->nslist; ns; ns = ns->next) { 74 if(!delegpt_add_ns(copy, region, ns->name, (int)ns->lame)) 75 return NULL; 76 copy->nslist->resolved = ns->resolved; 77 copy->nslist->got4 = ns->got4; 78 copy->nslist->got6 = ns->got6; 79 copy->nslist->done_pside4 = ns->done_pside4; 80 copy->nslist->done_pside6 = ns->done_pside6; 81 } 82 for(a = dp->target_list; a; a = a->next_target) { 83 if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen, 84 a->bogus, a->lame)) 85 return NULL; 86 } 87 return copy; 88} 89 90int 91delegpt_set_name(struct delegpt* dp, struct regional* region, uint8_t* name) 92{ 93 log_assert(!dp->dp_type_mlc); 94 dp->namelabs = dname_count_size_labels(name, &dp->namelen); 95 dp->name = regional_alloc_init(region, name, dp->namelen); 96 return dp->name != 0; 97} 98 99int 100delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name, 101 int lame) 102{ 103 struct delegpt_ns* ns; 104 size_t len; 105 (void)dname_count_size_labels(name, &len); 106 log_assert(!dp->dp_type_mlc); 107 /* slow check for duplicates to avoid counting failures when 108 * adding the same server as a dependency twice */ 109 if(delegpt_find_ns(dp, name, len)) 110 return 1; 111 ns = (struct delegpt_ns*)regional_alloc(region, 112 sizeof(struct delegpt_ns)); 113 if(!ns) 114 return 0; 115 ns->next = dp->nslist; 116 ns->namelen = len; 117 dp->nslist = ns; 118 ns->name = regional_alloc_init(region, name, ns->namelen); 119 ns->resolved = 0; 120 ns->got4 = 0; 121 ns->got6 = 0; 122 ns->lame = (uint8_t)lame; 123 ns->done_pside4 = 0; 124 ns->done_pside6 = 0; 125 return ns->name != 0; 126} 127 128struct delegpt_ns* 129delegpt_find_ns(struct delegpt* dp, uint8_t* name, size_t namelen) 130{ 131 struct delegpt_ns* p = dp->nslist; 132 while(p) { 133 if(namelen == p->namelen && 134 query_dname_compare(name, p->name) == 0) { 135 return p; 136 } 137 p = p->next; 138 } 139 return NULL; 140} 141 142struct delegpt_addr* 143delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr, 144 socklen_t addrlen) 145{ 146 struct delegpt_addr* p = dp->target_list; 147 while(p) { 148 if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0) { 149 return p; 150 } 151 p = p->next_target; 152 } 153 return NULL; 154} 155 156int 157delegpt_add_target(struct delegpt* dp, struct regional* region, 158 uint8_t* name, size_t namelen, struct sockaddr_storage* addr, 159 socklen_t addrlen, int bogus, int lame) 160{ 161 struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); 162 log_assert(!dp->dp_type_mlc); 163 if(!ns) { 164 /* ignore it */ 165 return 1; 166 } 167 if(!lame) { 168 if(addr_is_ip6(addr, addrlen)) 169 ns->got6 = 1; 170 else ns->got4 = 1; 171 if(ns->got4 && ns->got6) 172 ns->resolved = 1; 173 } 174 return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame); 175} 176 177int 178delegpt_add_addr(struct delegpt* dp, struct regional* region, 179 struct sockaddr_storage* addr, socklen_t addrlen, int bogus, 180 int lame) 181{ 182 struct delegpt_addr* a; 183 log_assert(!dp->dp_type_mlc); 184 /* check for duplicates */ 185 if((a = delegpt_find_addr(dp, addr, addrlen))) { 186 if(bogus) 187 a->bogus = bogus; 188 if(!lame) 189 a->lame = 0; 190 return 1; 191 } 192 193 a = (struct delegpt_addr*)regional_alloc(region, 194 sizeof(struct delegpt_addr)); 195 if(!a) 196 return 0; 197 a->next_target = dp->target_list; 198 dp->target_list = a; 199 a->next_result = 0; 200 a->next_usable = dp->usable_list; 201 dp->usable_list = a; 202 memcpy(&a->addr, addr, addrlen); 203 a->addrlen = addrlen; 204 a->attempts = 0; 205 a->bogus = bogus; 206 a->lame = lame; 207 return 1; 208} 209 210void 211delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing) 212{ 213 struct delegpt_ns* ns; 214 *numns = 0; 215 *missing = 0; 216 for(ns = dp->nslist; ns; ns = ns->next) { 217 (*numns)++; 218 if(!ns->resolved) 219 (*missing)++; 220 } 221} 222 223void 224delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres, 225 size_t* numavail) 226{ 227 struct delegpt_addr* a; 228 *numaddr = 0; 229 *numres = 0; 230 *numavail = 0; 231 for(a = dp->target_list; a; a = a->next_target) { 232 (*numaddr)++; 233 } 234 for(a = dp->result_list; a; a = a->next_result) { 235 (*numres)++; 236 } 237 for(a = dp->usable_list; a; a = a->next_usable) { 238 (*numavail)++; 239 } 240} 241 242void delegpt_log(enum verbosity_value v, struct delegpt* dp) 243{ 244 char buf[LDNS_MAX_DOMAINLEN+1]; 245 struct delegpt_ns* ns; 246 struct delegpt_addr* a; 247 size_t missing=0, numns=0, numaddr=0, numres=0, numavail=0; 248 if(verbosity < v) 249 return; 250 dname_str(dp->name, buf); 251 if(dp->nslist == NULL && dp->target_list == NULL) { 252 log_info("DelegationPoint<%s>: empty", buf); 253 return; 254 } 255 delegpt_count_ns(dp, &numns, &missing); 256 delegpt_count_addr(dp, &numaddr, &numres, &numavail); 257 log_info("DelegationPoint<%s>: %u names (%u missing), " 258 "%u addrs (%u result, %u avail)%s", 259 buf, (unsigned)numns, (unsigned)missing, 260 (unsigned)numaddr, (unsigned)numres, (unsigned)numavail, 261 (dp->has_parent_side_NS?" parentNS":" cacheNS")); 262 if(verbosity >= VERB_ALGO) { 263 for(ns = dp->nslist; ns; ns = ns->next) { 264 dname_str(ns->name, buf); 265 log_info(" %s %s%s%s%s%s%s%s", buf, 266 (ns->resolved?"*":""), 267 (ns->got4?" A":""), (ns->got6?" AAAA":""), 268 (dp->bogus?" BOGUS":""), (ns->lame?" PARENTSIDE":""), 269 (ns->done_pside4?" PSIDE_A":""), 270 (ns->done_pside6?" PSIDE_AAAA":"")); 271 } 272 for(a = dp->target_list; a; a = a->next_target) { 273 const char* str = " "; 274 if(a->bogus && a->lame) str = " BOGUS ADDR_LAME "; 275 else if(a->bogus) str = " BOGUS "; 276 else if(a->lame) str = " ADDR_LAME "; 277 log_addr(VERB_ALGO, str, &a->addr, a->addrlen); 278 } 279 } 280} 281 282void 283delegpt_add_unused_targets(struct delegpt* dp) 284{ 285 struct delegpt_addr* usa = dp->usable_list; 286 dp->usable_list = NULL; 287 while(usa) { 288 usa->next_result = dp->result_list; 289 dp->result_list = usa; 290 usa = usa->next_usable; 291 } 292} 293 294size_t 295delegpt_count_targets(struct delegpt* dp) 296{ 297 struct delegpt_addr* a; 298 size_t n = 0; 299 for(a = dp->target_list; a; a = a->next_target) 300 n++; 301 return n; 302} 303 304size_t 305delegpt_count_missing_targets(struct delegpt* dp) 306{ 307 struct delegpt_ns* ns; 308 size_t n = 0; 309 for(ns = dp->nslist; ns; ns = ns->next) 310 if(!ns->resolved) 311 n++; 312 return n; 313} 314 315/** find NS rrset in given list */ 316static struct ub_packed_rrset_key* 317find_NS(struct reply_info* rep, size_t from, size_t to) 318{ 319 size_t i; 320 for(i=from; i<to; i++) { 321 if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NS) 322 return rep->rrsets[i]; 323 } 324 return NULL; 325} 326 327struct delegpt* 328delegpt_from_message(struct dns_msg* msg, struct regional* region) 329{ 330 struct ub_packed_rrset_key* ns_rrset = NULL; 331 struct delegpt* dp; 332 size_t i; 333 /* look for NS records in the authority section... */ 334 ns_rrset = find_NS(msg->rep, msg->rep->an_numrrsets, 335 msg->rep->an_numrrsets+msg->rep->ns_numrrsets); 336 337 /* In some cases (even legitimate, perfectly legal cases), the 338 * NS set for the "referral" might be in the answer section. */ 339 if(!ns_rrset) 340 ns_rrset = find_NS(msg->rep, 0, msg->rep->an_numrrsets); 341 342 /* If there was no NS rrset in the authority section, then this 343 * wasn't a referral message. (It might not actually be a 344 * referral message anyway) */ 345 if(!ns_rrset) 346 return NULL; 347 348 /* If we found any, then Yay! we have a delegation point. */ 349 dp = delegpt_create(region); 350 if(!dp) 351 return NULL; 352 dp->has_parent_side_NS = 1; /* created from message */ 353 if(!delegpt_set_name(dp, region, ns_rrset->rk.dname)) 354 return NULL; 355 if(!delegpt_rrset_add_ns(dp, region, ns_rrset, 0)) 356 return NULL; 357 358 /* add glue, A and AAAA in answer and additional section */ 359 for(i=0; i<msg->rep->rrset_count; i++) { 360 struct ub_packed_rrset_key* s = msg->rep->rrsets[i]; 361 /* skip auth section. FIXME really needed?*/ 362 if(msg->rep->an_numrrsets <= i && 363 i < (msg->rep->an_numrrsets+msg->rep->ns_numrrsets)) 364 continue; 365 366 if(ntohs(s->rk.type) == LDNS_RR_TYPE_A) { 367 if(!delegpt_add_rrset_A(dp, region, s, 0)) 368 return NULL; 369 } else if(ntohs(s->rk.type) == LDNS_RR_TYPE_AAAA) { 370 if(!delegpt_add_rrset_AAAA(dp, region, s, 0)) 371 return NULL; 372 } 373 } 374 return dp; 375} 376 377int 378delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, 379 struct ub_packed_rrset_key* ns_rrset, int lame) 380{ 381 struct packed_rrset_data* nsdata = (struct packed_rrset_data*) 382 ns_rrset->entry.data; 383 size_t i; 384 log_assert(!dp->dp_type_mlc); 385 if(nsdata->security == sec_status_bogus) 386 dp->bogus = 1; 387 for(i=0; i<nsdata->count; i++) { 388 if(nsdata->rr_len[i] < 2+1) continue; /* len + root label */ 389 if(dname_valid(nsdata->rr_data[i]+2, nsdata->rr_len[i]-2) != 390 (size_t)ldns_read_uint16(nsdata->rr_data[i])) 391 continue; /* bad format */ 392 /* add rdata of NS (= wirefmt dname), skip rdatalen bytes */ 393 if(!delegpt_add_ns(dp, region, nsdata->rr_data[i]+2, lame)) 394 return 0; 395 } 396 return 1; 397} 398 399int 400delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, 401 struct ub_packed_rrset_key* ak, int lame) 402{ 403 struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; 404 size_t i; 405 struct sockaddr_in sa; 406 socklen_t len = (socklen_t)sizeof(sa); 407 log_assert(!dp->dp_type_mlc); 408 memset(&sa, 0, len); 409 sa.sin_family = AF_INET; 410 sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); 411 for(i=0; i<d->count; i++) { 412 if(d->rr_len[i] != 2 + INET_SIZE) 413 continue; 414 memmove(&sa.sin_addr, d->rr_data[i]+2, INET_SIZE); 415 if(!delegpt_add_target(dp, region, ak->rk.dname, 416 ak->rk.dname_len, (struct sockaddr_storage*)&sa, 417 len, (d->security==sec_status_bogus), lame)) 418 return 0; 419 } 420 return 1; 421} 422 423int 424delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, 425 struct ub_packed_rrset_key* ak, int lame) 426{ 427 struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; 428 size_t i; 429 struct sockaddr_in6 sa; 430 socklen_t len = (socklen_t)sizeof(sa); 431 log_assert(!dp->dp_type_mlc); 432 memset(&sa, 0, len); 433 sa.sin6_family = AF_INET6; 434 sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); 435 for(i=0; i<d->count; i++) { 436 if(d->rr_len[i] != 2 + INET6_SIZE) /* rdatalen + len of IP6 */ 437 continue; 438 memmove(&sa.sin6_addr, d->rr_data[i]+2, INET6_SIZE); 439 if(!delegpt_add_target(dp, region, ak->rk.dname, 440 ak->rk.dname_len, (struct sockaddr_storage*)&sa, 441 len, (d->security==sec_status_bogus), lame)) 442 return 0; 443 } 444 return 1; 445} 446 447int 448delegpt_add_rrset(struct delegpt* dp, struct regional* region, 449 struct ub_packed_rrset_key* rrset, int lame) 450{ 451 if(!rrset) 452 return 1; 453 if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_NS) 454 return delegpt_rrset_add_ns(dp, region, rrset, lame); 455 else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_A) 456 return delegpt_add_rrset_A(dp, region, rrset, lame); 457 else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_AAAA) 458 return delegpt_add_rrset_AAAA(dp, region, rrset, lame); 459 log_warn("Unknown rrset type added to delegpt"); 460 return 1; 461} 462 463void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg) 464{ 465 struct reply_info* rep = (struct reply_info*)msg->entry.data; 466 if(!rep) return; 467 468 /* if error or no answers */ 469 if(FLAGS_GET_RCODE(rep->flags) != 0 || rep->an_numrrsets == 0) { 470 struct delegpt_ns* ns = delegpt_find_ns(dp, msg->key.qname, 471 msg->key.qname_len); 472 if(ns) { 473 if(msg->key.qtype == LDNS_RR_TYPE_A) 474 ns->got4 = 1; 475 else if(msg->key.qtype == LDNS_RR_TYPE_AAAA) 476 ns->got6 = 1; 477 if(ns->got4 && ns->got6) 478 ns->resolved = 1; 479 } 480 } 481} 482 483void delegpt_no_ipv6(struct delegpt* dp) 484{ 485 struct delegpt_ns* ns; 486 for(ns = dp->nslist; ns; ns = ns->next) { 487 /* no ipv6, so only ipv4 is enough to resolve a nameserver */ 488 if(ns->got4) 489 ns->resolved = 1; 490 } 491} 492 493void delegpt_no_ipv4(struct delegpt* dp) 494{ 495 struct delegpt_ns* ns; 496 for(ns = dp->nslist; ns; ns = ns->next) { 497 /* no ipv4, so only ipv6 is enough to resolve a nameserver */ 498 if(ns->got6) 499 ns->resolved = 1; 500 } 501} 502 503struct delegpt* delegpt_create_mlc(uint8_t* name) 504{ 505 struct delegpt* dp=(struct delegpt*)calloc(1, sizeof(*dp)); 506 if(!dp) 507 return NULL; 508 dp->dp_type_mlc = 1; 509 if(name) { 510 dp->namelabs = dname_count_size_labels(name, &dp->namelen); 511 dp->name = memdup(name, dp->namelen); 512 if(!dp->name) { 513 free(dp); 514 return NULL; 515 } 516 } 517 return dp; 518} 519 520void delegpt_free_mlc(struct delegpt* dp) 521{ 522 struct delegpt_ns* n, *nn; 523 struct delegpt_addr* a, *na; 524 if(!dp) return; 525 log_assert(dp->dp_type_mlc); 526 n = dp->nslist; 527 while(n) { 528 nn = n->next; 529 free(n->name); 530 free(n); 531 n = nn; 532 } 533 a = dp->target_list; 534 while(a) { 535 na = a->next_target; 536 free(a); 537 a = na; 538 } 539 free(dp->name); 540 free(dp); 541} 542 543int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name) 544{ 545 log_assert(dp->dp_type_mlc); 546 dp->namelabs = dname_count_size_labels(name, &dp->namelen); 547 dp->name = memdup(name, dp->namelen); 548 return (dp->name != NULL); 549} 550 551int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame) 552{ 553 struct delegpt_ns* ns; 554 size_t len; 555 (void)dname_count_size_labels(name, &len); 556 log_assert(dp->dp_type_mlc); 557 /* slow check for duplicates to avoid counting failures when 558 * adding the same server as a dependency twice */ 559 if(delegpt_find_ns(dp, name, len)) 560 return 1; 561 ns = (struct delegpt_ns*)malloc(sizeof(struct delegpt_ns)); 562 if(!ns) 563 return 0; 564 ns->namelen = len; 565 ns->name = memdup(name, ns->namelen); 566 if(!ns->name) { 567 free(ns); 568 return 0; 569 } 570 ns->next = dp->nslist; 571 dp->nslist = ns; 572 ns->resolved = 0; 573 ns->got4 = 0; 574 ns->got6 = 0; 575 ns->lame = (uint8_t)lame; 576 ns->done_pside4 = 0; 577 ns->done_pside6 = 0; 578 return 1; 579} 580 581int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, 582 socklen_t addrlen, int bogus, int lame) 583{ 584 struct delegpt_addr* a; 585 log_assert(dp->dp_type_mlc); 586 /* check for duplicates */ 587 if((a = delegpt_find_addr(dp, addr, addrlen))) { 588 if(bogus) 589 a->bogus = bogus; 590 if(!lame) 591 a->lame = 0; 592 return 1; 593 } 594 595 a = (struct delegpt_addr*)malloc(sizeof(struct delegpt_addr)); 596 if(!a) 597 return 0; 598 a->next_target = dp->target_list; 599 dp->target_list = a; 600 a->next_result = 0; 601 a->next_usable = dp->usable_list; 602 dp->usable_list = a; 603 memcpy(&a->addr, addr, addrlen); 604 a->addrlen = addrlen; 605 a->attempts = 0; 606 a->bogus = bogus; 607 a->lame = lame; 608 return 1; 609} 610 611int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, 612 struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int lame) 613{ 614 struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); 615 log_assert(dp->dp_type_mlc); 616 if(!ns) { 617 /* ignore it */ 618 return 1; 619 } 620 if(!lame) { 621 if(addr_is_ip6(addr, addrlen)) 622 ns->got6 = 1; 623 else ns->got4 = 1; 624 if(ns->got4 && ns->got6) 625 ns->resolved = 1; 626 } 627 return delegpt_add_addr_mlc(dp, addr, addrlen, bogus, lame); 628} 629 630size_t delegpt_get_mem(struct delegpt* dp) 631{ 632 struct delegpt_ns* ns; 633 size_t s; 634 if(!dp) return 0; 635 s = sizeof(*dp) + dp->namelen + 636 delegpt_count_targets(dp)*sizeof(struct delegpt_addr); 637 for(ns=dp->nslist; ns; ns=ns->next) 638 s += sizeof(*ns)+ns->namelen; 639 return s; 640} 641