* addr_rrtypes, addr_rrsz)
*/
+/* About CNAME handling in addr queries.
+ *
+ * A user-level addr query is translated into a number of protocol-level
+ * queries, and its job is to reassemble the results. This gets tricky if
+ * the answers aren't consistent. In particular, if the answers report
+ * inconsistent indirection via CNAME records (e.g., different CNAMEs, or
+ * some indirect via a CNAME, and some don't) then we have trouble.
+ *
+ * Once we've received an answer, even if it was NODATA, we set
+ * adns__qf_addr_answer on the parent query. This will let us detect a
+ * conflict between a no-CNAME-with-NODATA reply and a subsequent CNAME.
+ *
+ * If we detect a conflict of any kind, then at least one answer came back
+ * with a CNAME record, so we pick the first such answer (somewhat
+ * arbitrarily) as being the `right' canonical name, and set this in the
+ * parent query's answer->cname slot. We discard address records from the
+ * wrong name. And finally we cancel the outstanding child queries, and
+ * resubmit address queries for the address families we don't yet have, with
+ * adns__qf_addr_cname set so that we know that we're in the fixup state.
+ */
+
static adns_status pap_addr(const parseinfo *pai, int rrty, size_t rrsz,
int *cbyte_io, int max, adns_rr_addr *storeto)
{
return csp_addr(vb,rrp);
}
-#define ADDR_MAXRRTYPES 2
-
static void addr_rrtypes(adns_state ads, adns_rrtype type,
adns_queryflags qf,
adns_rrtype *rrty, size_t *nrrty)
{
size_t n = 0;
adns_rrtype qtf = type & adns__qtf_deref;
+ adns_queryflags permitaf = 0, hackaf = 0;
if (!(type & adns__qtf_bigaddr) || !(type & adns__qtf_manyaf))
qf = (qf & adns__qf_afmask) | adns_qf_ipv4_only;
+ else if (ads->iflags & adns_if_afmask) {
+ if (ads->iflags & adns_if_af_v4only) {
+ permitaf |= adns_qf_ipv4_only;
+ hackaf |= adns_qf_domapv4;
+ }
+ if (ads->iflags & adns_if_af_v6only)
+ permitaf |= adns_qf_ipv6_only;
+ if (qf & permitaf)
+ qf &= hackaf | permitaf | ~adns__qf_afmask;
+ }
+
if (qf & adns_qf_ipv4_only) rrty[n++] = adns_r_a | qtf;
if (qf & adns_qf_ipv6_only) rrty[n++] = adns_r_aaaa | qtf;
const adns_rr_addr *sp, int slen)
{
size_t drrsz = *dlen*rrsz, srrsz = slen*rrsz;
- byte *p = adns__alloc_interim(qu, drrsz + srrsz);
+ byte *p;
+
+ /* if (!slen) return adns_s_ok; */
+ p = adns__alloc_interim(qu, drrsz + srrsz);
if (!p) R_NOMEM;
if (*dlen) {
memcpy(p, *dp, drrsz);
return adns_s_ok;
}
-static void icb_addr(adns_query parent, adns_query child)
-{
- adns_state ads = parent->ads;
- adns_answer *pans = parent->answer, *cans = child->answer;
- struct timeval tvbuf;
- adns_status err;
- const struct timeval *now = 0;
-
- /* Must handle CNAMEs correctly. This gets very hairy if the answers we
- * get are inconsistent.
- */
-
- if ((parent->flags & adns_qf_search) &&
- cans->status == adns_s_nxdomain) {
- if (parent->expires > child->expires) parent->expires = child->expires;
- adns__cancel_children(parent);
- adns__free_interim(parent, pans->rrs.bytes);
- pans->rrs.bytes = 0; pans->nrrs = 0;
- adns__must_gettimeofday(ads, &now, &tvbuf);
- if (now) adns__search_next(ads, parent, *now);
- return;
- }
-
- if (cans->status && cans->status != adns_s_nodata) {
- adns__query_fail(parent, cans->status);
- return;
- }
-
- assert(pans->rrsz == cans->rrsz);
- err = append_addrs(parent, child, pans->rrsz,
- &pans->rrs.addr, &pans->nrrs,
- cans->rrs.addr, cans->nrrs);
- if (err) { adns__query_fail(parent, err); return; }
-
- if (parent->children.head) LIST_LINK_TAIL(ads->childw, parent);
- else if (!pans->nrrs) adns__query_fail(parent, adns_s_nodata);
- else adns__query_done(parent);
-}
+static void icb_addr(adns_query parent, adns_query child);
static void addr_subqueries(adns_query qu, struct timeval now,
- const adns_rrtype *rrty, size_t nrrty)
+ const byte *qd_dgram, int qd_dglen)
{
int i, err, id;
adns_query cqu;
*/
memset(&ctx, 0, sizeof(ctx));
ctx.callback = icb_addr;
- for (i = 0; i < nrrty; i++) {
- err = adns__mkquery_frdgram(qu->ads, &qu->vb, &id, qu->query_dgram,
- qu->query_dglen, DNS_HDRSIZE, rrty[i], qf);
+ qu->t.addr.onrrty = qu->t.addr.nrrty;
+ for (i = 0; i < qu->t.addr.nrrty; i++) {
+ err = adns__mkquery_frdgram(qu->ads, &qu->vb, &id, qd_dgram, qd_dglen,
+ DNS_HDRSIZE, qu->t.addr.rrty[i], qf);
if (err) goto x_error;
- err = adns__internal_submit(qu->ads, &cqu, qu->typei, rrty[i],
+ err = adns__internal_submit(qu->ads, &cqu, qu->typei, qu->t.addr.rrty[i],
&qu->vb, id, qf, now, &ctx);
if (err) goto x_error;
cqu->answer->rrsz = qu->answer->rrsz;
*/
adns_state ads = parent->ads;
+ adns_query qu;
adns_status err;
adns_rrtype type =
(adns_r_addr & adns_rrt_reprmask) |
(parent->answer->type & ~adns_rrt_reprmask);
- err = adns__internal_submit(ads, query_r, adns__findtype(adns_r_addr),
+ err = adns__internal_submit(ads, &qu, adns__findtype(adns_r_addr),
type, qumsg_vb, id, flags | adns__qf_nosend,
now, ctx);
if (err) return err;
- (*query_r)->parent = parent;
- LIST_LINK_TAIL_PART(parent->children, *query_r, siblings.);
- addr_subqueries(*query_r, now, rrty, nrrty);
+ qu->parent = parent;
+ LIST_LINK_TAIL_PART(parent->children, qu, siblings.);
+
+ memcpy(qu->t.addr.rrty, rrty, nrrty*sizeof(*rrty));
+ qu->t.addr.nrrty = nrrty;
+ addr_subqueries(qu, now, parent->query_dgram, parent->query_dglen);
+ *query_r = qu;
return adns_s_ok;
}
-static void qs_addr(adns_query qu, struct timeval now)
+static adns_status copy_cname_from_child(adns_query parent, adns_query child)
{
- adns_rrtype rrty[ADDR_MAXRRTYPES];
- size_t nrrty;
+ adns_answer *pans = parent->answer, *cans = child->answer;
+ size_t n = strlen(cans->cname) + 1;
+
+ pans->cname = adns__alloc_preserved(parent, n);
+ if (!pans->cname) R_NOMEM;
+ memcpy(pans->cname, cans->cname, n);
+ return adns_s_ok;
+}
- addr_rrtypes(qu->ads, qu->answer->type, qu->flags, rrty, &nrrty);
- addr_subqueries(qu, now, rrty, nrrty);
+static void done_addr_type(adns_query qu, adns_rrtype type)
+{
+ size_t i;
+
+ for (i = 0; i < qu->t.addr.nrrty && type != qu->t.addr.rrty[i]; i++);
+ assert(i < qu->t.addr.nrrty);
+ qu->t.addr.rrty[i] = qu->t.addr.rrty[--qu->t.addr.nrrty];
+ qu->t.addr.rrty[qu->t.addr.nrrty] = type;
+}
+
+static void icb_addr(adns_query parent, adns_query child)
+{
+ adns_state ads = parent->ads;
+ adns_answer *pans = parent->answer, *cans = child->answer;
+ struct timeval tvbuf;
+ adns_status err;
+ const struct timeval *now = 0;
+ int id;
+
+ if (!(child->flags & adns__qf_addr_cname) &&
+ (parent->flags & adns__qf_addr_answer) &&
+ (!pans->cname != !cans->cname ||
+ (pans->cname && strcmp(pans->cname, pans->cname) != 0))) {
+ /* We've detected an inconsistency in CNAME records, and must deploy
+ * countermeasures.
+ */
+
+ if (!pans->cname) {
+ /* The child has a CNAME record, but the parent doesn't. We must
+ * discard all of the parent's addresses, and substitute the child's.
+ */
+
+ assert(pans->rrsz == cans->rrsz);
+ adns__free_interim(parent, pans->rrs.bytes);
+ adns__transfer_interim(child, parent, cans->rrs.bytes);
+ pans->rrs.bytes = cans->rrs.bytes;
+ pans->nrrs = cans->nrrs;
+ parent->t.addr.nrrty = parent->t.addr.onrrty;
+ done_addr_type(parent, cans->type);
+ err = copy_cname_from_child(parent, child); if (err) goto x_err;
+ }
+
+ /* We've settled on the CNAME (now) associated with the parent, which
+ * already has appropriate address records. Build a query datagram for
+ * this name so that we can issue child queries for the missing address
+ * families. The child's vbuf looks handy for this.
+ */
+ err = adns__mkquery(ads, &child->vb, &id, pans->cname,
+ strlen(pans->cname), adns__findtype(adns_r_addr),
+ adns_r_addr, parent->flags);
+ if (err) goto x_err;
+
+ /* Now cancel the remaining children, and try again with the CNAME we've
+ * settled on.
+ */
+ adns__cancel_children(parent);
+ adns__must_gettimeofday(ads, &now, &tvbuf);
+ if (now) addr_subqueries(parent, *now, child->vb.buf, child->vb.used);
+ return;
+ }
+
+ if (cans->cname && !pans->cname) {
+ err = copy_cname_from_child(parent, child);
+ if (err) goto x_err;
+ }
+
+ if ((parent->flags & adns_qf_search) &&
+ !pans->cname && cans->status == adns_s_nxdomain) {
+ /* We're searching a list of suffixes, this is the first answer, and it
+ * tells us that the name doesn't exist. Try the next one.
+ */
+
+ if (parent->expires > child->expires) parent->expires = child->expires;
+ adns__cancel_children(parent);
+ adns__free_interim(parent, pans->rrs.bytes);
+ pans->rrs.bytes = 0; pans->nrrs = 0;
+ adns__must_gettimeofday(ads, &now, &tvbuf);
+ if (now) adns__search_next(ads, parent, *now);
+ return;
+ }
+
+ if (cans->status && cans->status != adns_s_nodata)
+ { err = cans->status; goto x_err; }
+
+ assert(pans->rrsz == cans->rrsz);
+ err = append_addrs(parent, child, pans->rrsz,
+ &pans->rrs.addr, &pans->nrrs,
+ cans->rrs.addr, cans->nrrs);
+ if (err) goto x_err;
+ done_addr_type(parent, cans->type);
+
+ if (parent->children.head) LIST_LINK_TAIL(ads->childw, parent);
+ else if (!pans->nrrs) adns__query_fail(parent, adns_s_nodata);
+ else adns__query_done(parent);
+ parent->flags |= adns__qf_addr_answer;
+ return;
+
+x_err:
+ adns__query_fail(parent, err);
+}
+
+static void qs_addr(adns_query qu, struct timeval now)
+{
+ addr_rrtypes(qu->ads, qu->answer->type, qu->flags,
+ qu->t.addr.rrty, &qu->t.addr.nrrty);
+ addr_subqueries(qu, now, qu->query_dgram, qu->query_dglen);
}
/*
size_t addrsz = addr_rrsz(parent);
st= cans->status == adns_s_nodata ? adns_s_ok : cans->status;
- rrp->astatus= st;
if (st) goto done;
assert(addrsz == cans->rrsz);
done:
if (st) {
adns__free_interim(parent, rrp->addrs);
- rrp->naddrs= (st>0 && st<=adns_s_max_tempfail) ? -1 : cans->nrrs;
+ rrp->naddrs= (st>0 && st<=adns_s_max_tempfail) ? -1 : 0;
}
+ rrp->astatus= st;
if (parent->children.head) {
LIST_LINK_TAIL(ads->childw,parent);
} else {