* _inaddr (pa,cs,di, +search_sortlist, dip_genaddr)
* _in6addr (pa,cs,di)
* _addr (pap,pa,di,csp,cs,qs, +search_sortlist_sa,
- dip_sockaddr, rrtypes)
+ * dip_sockaddr, rrtypes)
* _domain (pap)
* _host_raw (pa)
* _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs +pap_findaddrs)
* addr_rrtypes, addr_rrsz)
*/
+/* About CNAME handling in addr queries.
+ *
+ * A user-level addr query is translated into a number of protocol-level
+ * queries, and its job is to reassemble the results. This gets tricky if
+ * the answers aren't consistent. In particular, if the answers report
+ * inconsistent indirection via CNAME records (e.g., different CNAMEs, or
+ * some indirect via a CNAME, and some don't) then we have trouble.
+ *
+ * Once we've received an answer, even if it was NODATA, we set
+ * adns__qf_addr_answer on the parent query. This will let us detect a
+ * conflict between a no-CNAME-with-NODATA reply and a subsequent CNAME.
+ *
+ * If we detect a conflict of any kind, then at least one answer came back
+ * with a CNAME record, so we pick the first such answer (somewhat
+ * arbitrarily) as being the `right' canonical name, and set this in the
+ * parent query's answer->cname slot. We discard address records from the
+ * wrong name. And finally we cancel the outstanding child queries, and
+ * resubmit address queries for the address families we don't yet have, with
+ * adns__qf_addr_cname set so that we know that we're in the fixup state.
+ */
+
static adns_status pap_addr(const parseinfo *pai, int rrty, size_t rrsz,
int *cbyte_io, int max, adns_rr_addr *storeto)
{
switch (rrty) {
case adns_r_a:
- if (pai->qu->flags & adns_qf_ipv6_mapv4) {
+ if (pai->qu->flags & adns_qf_domapv4) {
if (avail < 4) return adns_s_invaliddata;
memset(v6map.s6_addr + 0, 0x00, 10);
memset(v6map.s6_addr + 10, 0xff, 2);
return csp_addr(vb,rrp);
}
-#define ADDR_MAXRRTYPES 2
-
static void addr_rrtypes(adns_state ads, adns_rrtype type,
adns_queryflags qf,
adns_rrtype *rrty, size_t *nrrty)
{
size_t n = 0;
adns_rrtype qtf = type & adns__qtf_deref;
+ adns_queryflags permitaf = 0, hackaf = 0;
+
+ if (!(type & adns__qtf_bigaddr) || !(type & adns__qtf_manyaf))
+ qf = (qf & adns__qf_afmask) | adns_qf_ipv4_only;
+ else if (ads->iflags & adns_if_afmask) {
+ if (ads->iflags & adns_if_af_v4only) {
+ permitaf |= adns_qf_ipv4_only;
+ hackaf |= adns_qf_domapv4;
+ }
+ if (ads->iflags & adns_if_af_v6only)
+ permitaf |= adns_qf_ipv6_only;
+ if (qf & permitaf)
+ qf &= hackaf | permitaf | ~adns__qf_afmask;
+ }
- if ((qf & adns__qf_afmask) != adns_qf_ipv6_only)
- rrty[n++] = adns_r_a | qtf;
- if ((qf & adns__qf_afmask) != adns_qf_ipv4_only)
- rrty[n++] = adns_r_aaaa | qtf;
+
+ if (qf & adns_qf_ipv4_only) rrty[n++] = adns_r_a | qtf;
+ if (qf & adns_qf_ipv6_only) rrty[n++] = adns_r_aaaa | qtf;
*nrrty = n;
}
sizeof(adns_rr_addr) : sizeof(adns_rr_addr_v4only);
}
-static void icb_addr(adns_query parent, adns_query child)
+static adns_status append_addrs(adns_query qu, adns_query from, size_t rrsz,
+ adns_rr_addr **dp, int *dlen,
+ const adns_rr_addr *sp, int slen)
{
- adns_state ads = parent->ads;
- adns_answer *pans = parent->answer, *cans = child->answer;
- struct timeval tvbuf;
- const struct timeval *now = 0;
- size_t prrsz, crrsz;
- unsigned char *rrs;
-
- /* Must handle CNAMEs correctly. This gets very hairy if the answers we
- * get are inconsistent.
- */
-
- if ((parent->flags & adns_qf_search) &&
- cans->status == adns_s_nxdomain) {
- if (parent->expires > child->expires) parent->expires = child->expires;
- adns__cancel_children(parent);
- adns__free_interim(parent, pans->rrs.bytes);
- pans->rrs.bytes = 0; pans->nrrs = 0;
- adns__must_gettimeofday(ads, &now, &tvbuf);
- if (now) adns__search_next(ads, parent, *now);
- return;
- }
-
- if (cans->status) {
- adns__query_fail(parent, cans->status);
- return;
+ size_t drrsz = *dlen*rrsz, srrsz = slen*rrsz;
+ byte *p;
+
+ /* if (!slen) return adns_s_ok; */
+ p = adns__alloc_interim(qu, drrsz + srrsz);
+ if (!p) R_NOMEM;
+ if (*dlen) {
+ memcpy(p, *dp, drrsz);
+ adns__free_interim(qu, *dp);
}
-
- assert(pans->rrsz == cans->rrsz);
- prrsz = pans->rrsz*pans->nrrs;
- crrsz = cans->rrsz*cans->nrrs;
- rrs = adns__alloc_interim(parent, prrsz + crrsz);
- if (!rrs) {
- adns__query_fail(parent, adns_s_nomemory);
- return;
- }
- if (prrsz) {
- memcpy(rrs, pans->rrs.bytes, prrsz);
- adns__free_interim(parent, pans->rrs.bytes);
- }
- memcpy(rrs + prrsz, cans->rrs.bytes, crrsz);
-
- if (parent->expires > child->expires) parent->expires = child->expires;
- pans->rrs.bytes = rrs;
- pans->nrrs += cans->nrrs;
-
- if (parent->children.head) LIST_LINK_TAIL(ads->childw, parent);
- else adns__query_done(parent);
+ memcpy(p + drrsz, sp, srrsz);
+ *dlen += slen;
+ *dp = (adns_rr_addr *)p;
+ if (from && qu->expires > from->expires) qu->expires = from->expires;
+ return adns_s_ok;
}
-static void qs_addr(adns_query qu, struct timeval now)
+static void icb_addr(adns_query parent, adns_query child);
+
+static void addr_subqueries(adns_query qu, struct timeval now,
+ const byte *qd_dgram, int qd_dglen)
{
- adns_rrtype rrty[ADDR_MAXRRTYPES];
- int i, nrrty, err, id;
+ int i, err, id;
adns_query cqu;
adns_queryflags qf =
(qu->flags | adns__qf_senddirect) &
~(adns_qf_search);
qcontext ctx;
- addr_rrtypes(qu->ads, qu->answer->type, qu->flags, rrty, &nrrty);
-
if (!(qu->answer->type & adns__qtf_bigaddr))
qu->answer->rrsz = sizeof(adns_rr_addr_v4only);
*/
memset(&ctx, 0, sizeof(ctx));
ctx.callback = icb_addr;
- for (i = 0; i < nrrty; i++) {
- err = adns__mkquery_frdgram(qu->ads, &qu->vb, &id, qu->query_dgram,
- qu->query_dglen, DNS_HDRSIZE, rrty[i], qf);
+ qu->t.addr.onrrty = qu->t.addr.nrrty;
+ for (i = 0; i < qu->t.addr.nrrty; i++) {
+ err = adns__mkquery_frdgram(qu->ads, &qu->vb, &id, qd_dgram, qd_dglen,
+ DNS_HDRSIZE, qu->t.addr.rrty[i], qf);
if (err) goto x_error;
- err = adns__internal_submit(qu->ads, &cqu, qu->typei, rrty[i],
+ err = adns__internal_submit(qu->ads, &cqu, qu->typei, qu->t.addr.rrty[i],
&qu->vb, id, qf, now, &ctx);
if (err) goto x_error;
cqu->answer->rrsz = qu->answer->rrsz;
cqu->parent = qu;
LIST_LINK_TAIL_PART(qu->children, cqu,siblings.);
}
+ qu->state = query_childw;
+ LIST_LINK_TAIL(qu->ads->childw, qu);
return;
x_error:
adns__query_fail(qu, err);
}
+static adns_status addr_submit(adns_query parent, adns_query *query_r,
+ vbuf *qumsg_vb, int id,
+ const adns_rrtype *rrty, size_t nrrty,
+ adns_queryflags flags, struct timeval now,
+ const qcontext *ctx)
+{
+ /* This is effectively a substitute for adns__internal_submit, intended for
+ * the case where the caller (possibly) only wants a subset of the
+ * available record types. The memory management and callback rules are
+ * the same as for adns__internal_submit.
+ *
+ * Some differences: the query is linked onto the parent's children list
+ * before exit (though the parent's state is not changed, and it is not
+ * linked into the childw list queue).
+ */
+
+ adns_state ads = parent->ads;
+ adns_query qu;
+ adns_status err;
+ adns_rrtype type =
+ (adns_r_addr & adns_rrt_reprmask) |
+ (parent->answer->type & ~adns_rrt_reprmask);
+
+ err = adns__internal_submit(ads, &qu, adns__findtype(adns_r_addr),
+ type, qumsg_vb, id, flags | adns__qf_nosend,
+ now, ctx);
+ if (err) return err;
+
+ qu->parent = parent;
+ LIST_LINK_TAIL_PART(parent->children, qu, siblings.);
+
+ memcpy(qu->t.addr.rrty, rrty, nrrty*sizeof(*rrty));
+ qu->t.addr.nrrty = nrrty;
+ addr_subqueries(qu, now, parent->query_dgram, parent->query_dglen);
+ *query_r = qu;
+ return adns_s_ok;
+}
+
+static adns_status copy_cname_from_child(adns_query parent, adns_query child)
+{
+ adns_answer *pans = parent->answer, *cans = child->answer;
+ size_t n = strlen(cans->cname) + 1;
+
+ pans->cname = adns__alloc_preserved(parent, n);
+ if (!pans->cname) R_NOMEM;
+ memcpy(pans->cname, cans->cname, n);
+ return adns_s_ok;
+}
+
+static void done_addr_type(adns_query qu, adns_rrtype type)
+{
+ size_t i;
+
+ for (i = 0; i < qu->t.addr.nrrty && type != qu->t.addr.rrty[i]; i++);
+ assert(i < qu->t.addr.nrrty);
+ qu->t.addr.rrty[i] = qu->t.addr.rrty[--qu->t.addr.nrrty];
+ qu->t.addr.rrty[qu->t.addr.nrrty] = type;
+}
+
+static void icb_addr(adns_query parent, adns_query child)
+{
+ adns_state ads = parent->ads;
+ adns_answer *pans = parent->answer, *cans = child->answer;
+ struct timeval tvbuf;
+ adns_status err;
+ const struct timeval *now = 0;
+ int id;
+
+ if (!(child->flags & adns__qf_addr_cname) &&
+ (parent->flags & adns__qf_addr_answer) &&
+ (!pans->cname != !cans->cname ||
+ (pans->cname && strcmp(pans->cname, pans->cname) != 0))) {
+ /* We've detected an inconsistency in CNAME records, and must deploy
+ * countermeasures.
+ */
+
+ if (!pans->cname) {
+ /* The child has a CNAME record, but the parent doesn't. We must
+ * discard all of the parent's addresses, and substitute the child's.
+ */
+
+ assert(pans->rrsz == cans->rrsz);
+ adns__free_interim(parent, pans->rrs.bytes);
+ adns__transfer_interim(child, parent, cans->rrs.bytes);
+ pans->rrs.bytes = cans->rrs.bytes;
+ pans->nrrs = cans->nrrs;
+ parent->t.addr.nrrty = parent->t.addr.onrrty;
+ done_addr_type(parent, cans->type);
+ err = copy_cname_from_child(parent, child); if (err) goto x_err;
+ }
+
+ /* We've settled on the CNAME (now) associated with the parent, which
+ * already has appropriate address records. Build a query datagram for
+ * this name so that we can issue child queries for the missing address
+ * families. The child's vbuf looks handy for this.
+ */
+ err = adns__mkquery(ads, &child->vb, &id, pans->cname,
+ strlen(pans->cname), adns__findtype(adns_r_addr),
+ adns_r_addr, parent->flags);
+ if (err) goto x_err;
+
+ /* Now cancel the remaining children, and try again with the CNAME we've
+ * settled on.
+ */
+ adns__cancel_children(parent);
+ adns__must_gettimeofday(ads, &now, &tvbuf);
+ if (now) addr_subqueries(parent, *now, child->vb.buf, child->vb.used);
+ return;
+ }
+
+ if (cans->cname && !pans->cname) {
+ err = copy_cname_from_child(parent, child);
+ if (err) goto x_err;
+ }
+
+ if ((parent->flags & adns_qf_search) &&
+ !pans->cname && cans->status == adns_s_nxdomain) {
+ /* We're searching a list of suffixes, this is the first answer, and it
+ * tells us that the name doesn't exist. Try the next one.
+ */
+
+ if (parent->expires > child->expires) parent->expires = child->expires;
+ adns__cancel_children(parent);
+ adns__free_interim(parent, pans->rrs.bytes);
+ pans->rrs.bytes = 0; pans->nrrs = 0;
+ adns__must_gettimeofday(ads, &now, &tvbuf);
+ if (now) adns__search_next(ads, parent, *now);
+ return;
+ }
+
+ if (cans->status && cans->status != adns_s_nodata)
+ { err = cans->status; goto x_err; }
+
+ assert(pans->rrsz == cans->rrsz);
+ err = append_addrs(parent, child, pans->rrsz,
+ &pans->rrs.addr, &pans->nrrs,
+ cans->rrs.addr, cans->nrrs);
+ if (err) goto x_err;
+ done_addr_type(parent, cans->type);
+
+ if (parent->children.head) LIST_LINK_TAIL(ads->childw, parent);
+ else if (!pans->nrrs) adns__query_fail(parent, adns_s_nodata);
+ else adns__query_done(parent);
+ parent->flags |= adns__qf_addr_answer;
+ return;
+
+x_err:
+ adns__query_fail(parent, err);
+}
+
+static void qs_addr(adns_query qu, struct timeval now)
+{
+ addr_rrtypes(qu->ads, qu->answer->type, qu->flags,
+ qu->t.addr.rrty, &qu->t.addr.nrrty);
+ addr_subqueries(qu, now, qu->query_dgram, qu->query_dglen);
+}
+
/*
* _domain (pap,csp,cs)
* _dom_raw (pa)
*/
static adns_status pap_findaddrs(const parseinfo *pai, adns_rr_hostaddr *ha,
- int *cbyte_io, int count, int dmstart) {
+ adns_rrtype *rrty, size_t *nrrty_io,
+ size_t addrsz, int *cbyte_io, int count,
+ int dmstart) {
int rri, naddrs, j;
int type, class, rdlen, rdend, rdstart, ownermatched;
- adns_rrtype rrty[ADDR_MAXRRTYPES];
- size_t nrrty, addrsz;
+ size_t nrrty = *nrrty_io;
unsigned long ttl;
adns_status st;
-
- addr_rrtypes(pai->qu->ads, pai->qu->answer->type,
- pai->qu->flags, rrty, &nrrty);
-
- addrsz = addr_rrsz(pai->qu);
- for (rri=0, naddrs=-1; rri<count; rri++) {
+ for (rri=0, naddrs=0; rri<count; rri++) {
st= adns__findrr_anychk(pai->qu, pai->serv, pai->dgram,
pai->dglen, cbyte_io,
&type, &class, &ttl, &rdlen, &rdstart,
pai->dgram, pai->dglen, dmstart, &ownermatched);
if (st) return st;
- if (!ownermatched || class != DNS_CLASS_IN) {
- if (naddrs>0) break; else continue;
- }
- if (naddrs == -1) {
- naddrs= 0;
- }
+ if (!ownermatched || class != DNS_CLASS_IN) continue;
for (j = 0; j < nrrty && type != (rrty[j] & adns_rrt_typemask); j++);
if (j >= nrrty) continue;
- if (!adns__vbuf_ensure(&pai->qu->vb, (naddrs+1)*addrsz))
- R_NOMEM;
+ if (j < *nrrty_io) {
+ (*nrrty_io)--;
+ adns_rrtype t = rrty[j];
+ rrty[j] = rrty[*nrrty_io];
+ rrty[*nrrty_io] = t;
+ }
+ if (!adns__vbuf_ensure(&pai->qu->vb, (naddrs+1)*addrsz)) R_NOMEM;
adns__update_expires(pai->qu,ttl,pai->now);
rdend = rdstart + rdlen;
st= pap_addr(pai, type, addrsz, &rdstart, rdend,
if (rdstart != rdend) return adns_s_invaliddata;
naddrs++;
}
- if (naddrs >= 0) {
- ha->addrs= adns__alloc_interim(pai->qu, naddrs*addrsz);
- if (!ha->addrs) R_NOMEM;
- memcpy(ha->addrs, pai->qu->vb.buf, naddrs*addrsz);
- ha->naddrs= naddrs;
+ if (naddrs > 0) {
+ st = append_addrs(pai->qu, 0, addrsz, &ha->addrs, &ha->naddrs,
+ (const adns_rr_addr *)pai->qu->vb.buf, naddrs);
+ if (st) return st;
ha->astatus= adns_s_ok;
- adns__isort(ha->addrs, naddrs, addrsz, pai->qu->vb.buf,
- div_addr, pai->ads);
+ if (!*nrrty_io) {
+ adns__isort(ha->addrs, naddrs, addrsz, pai->qu->vb.buf,
+ div_addr, pai->ads);
+ }
}
return adns_s_ok;
}
adns_rr_hostaddr *rrp= child->ctx.info.hostaddr;
adns_state ads= parent->ads;
adns_status st;
+ size_t addrsz = addr_rrsz(parent);
+
+ st= cans->status == adns_s_nodata ? adns_s_ok : cans->status;
+
+ if (st) goto done;
+ assert(addrsz == cans->rrsz);
+ st = append_addrs(parent, child, addrsz,
+ &rrp->addrs, &rrp->naddrs,
+ cans->rrs.addr, cans->nrrs);
+ if (st) goto done;
+ if (!rrp->naddrs) { st = adns_s_nodata; goto done; }
+
+ if (!adns__vbuf_ensure(&parent->vb, addrsz))
+ { st = adns_s_nomemory; goto done; }
+ adns__isort(rrp->addrs, rrp->naddrs, addrsz, parent->vb.buf,
+ div_addr, ads);
+
+done:
+ if (st) {
+ adns__free_interim(parent, rrp->addrs);
+ rrp->naddrs= (st>0 && st<=adns_s_max_tempfail) ? -1 : 0;
+ }
- st= cans->status;
rrp->astatus= st;
- rrp->naddrs= (st>0 && st<=adns_s_max_tempfail) ? -1 : cans->nrrs;
- rrp->addrs= cans->rrs.addr;
- adns__transfer_interim(child, parent, rrp->addrs, rrp->naddrs*cans->rrsz);
-
if (parent->children.head) {
LIST_LINK_TAIL(ads->childw,parent);
} else {
int id;
adns_query nqu;
adns_queryflags nflags;
+ adns_rrtype rrty[ADDR_MAXRRTYPES];
+ size_t nrrty;
+ size_t addrsz = addr_rrsz(pai->qu);
dmstart= cbyte= *cbyte_io;
st= pap_domain(pai, &cbyte, max, &rrp->host,
*cbyte_io= cbyte;
rrp->astatus= adns_s_ok;
- rrp->naddrs= -1;
+ rrp->naddrs= 0;
rrp->addrs= 0;
cbyte= pai->nsstart;
- st= pap_findaddrs(pai, rrp, &cbyte, pai->nscount, dmstart);
+ addr_rrtypes(pai->ads, pai->qu->answer->type,
+ pai->qu->flags, rrty, &nrrty);
+
+ st= pap_findaddrs(pai, rrp, rrty, &nrrty, addrsz,
+ &cbyte, pai->nscount, dmstart);
if (st) return st;
- if (rrp->naddrs != -1) return adns_s_ok;
+ if (!nrrty) return adns_s_ok;
- st= pap_findaddrs(pai, rrp, &cbyte, pai->arcount, dmstart);
+ st= pap_findaddrs(pai, rrp, rrty, &nrrty, addrsz,
+ &cbyte, pai->arcount, dmstart);
if (st) return st;
- if (rrp->naddrs != -1) return adns_s_ok;
+ if (!nrrty) return adns_s_ok;
st= adns__mkquery_frdgram(pai->ads, &pai->qu->vb, &id,
pai->dgram, pai->dglen, dmstart,
ctx.callback= icb_hostaddr;
ctx.info.hostaddr= rrp;
- nflags= adns_qf_quoteok_query;
+ nflags= adns_qf_quoteok_query | (pai->qu->flags & adns__qf_afmask);
if (!(pai->qu->flags & adns_qf_cname_loose)) nflags |= adns_qf_cname_forbid;
- st= adns__internal_submit(pai->ads, &nqu, adns__findtype(adns_r_addr),
- (adns_r_addr & adns_rrt_reprmask) |
- (pai->qu->answer->type & ~adns_rrt_reprmask),
- &pai->qu->vb, id, nflags, pai->now, &ctx);
+ st= addr_submit(pai->qu, &nqu, &pai->qu->vb, id, rrty, nrrty,
+ nflags, pai->now, &ctx);
if (st) return st;
- nqu->parent= pai->qu;
- LIST_LINK_TAIL_PART(pai->qu->children,nqu,siblings.);
-
return adns_s_ok;
}