iter_delegpt.c revision 269257
1/* 2 * iterator/iter_delegpt.c - delegation point with NS and address information. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * This file implements the Delegation Point. It contains a list of name servers 40 * and their addresses if known. 41 */ 42#include "config.h" 43#include "iterator/iter_delegpt.h" 44#include "services/cache/dns.h" 45#include "util/regional.h" 46#include "util/data/dname.h" 47#include "util/data/packed_rrset.h" 48#include "util/data/msgreply.h" 49#include "util/net_help.h" 50#include "ldns/rrdef.h" 51#include "ldns/sbuffer.h" 52 53struct delegpt* 54delegpt_create(struct regional* region) 55{ 56 struct delegpt* dp=(struct delegpt*)regional_alloc( 57 region, sizeof(*dp)); 58 if(!dp) 59 return NULL; 60 memset(dp, 0, sizeof(*dp)); 61 return dp; 62} 63 64struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region) 65{ 66 struct delegpt* copy = delegpt_create(region); 67 struct delegpt_ns* ns; 68 struct delegpt_addr* a; 69 if(!copy) 70 return NULL; 71 if(!delegpt_set_name(copy, region, dp->name)) 72 return NULL; 73 copy->bogus = dp->bogus; 74 copy->has_parent_side_NS = dp->has_parent_side_NS; 75 for(ns = dp->nslist; ns; ns = ns->next) { 76 if(!delegpt_add_ns(copy, region, ns->name, ns->lame)) 77 return NULL; 78 copy->nslist->resolved = ns->resolved; 79 copy->nslist->got4 = ns->got4; 80 copy->nslist->got6 = ns->got6; 81 copy->nslist->done_pside4 = ns->done_pside4; 82 copy->nslist->done_pside6 = ns->done_pside6; 83 } 84 for(a = dp->target_list; a; a = a->next_target) { 85 if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen, 86 a->bogus, a->lame)) 87 return NULL; 88 } 89 return copy; 90} 91 92int 93delegpt_set_name(struct delegpt* dp, struct regional* region, uint8_t* name) 94{ 95 log_assert(!dp->dp_type_mlc); 96 dp->namelabs = dname_count_size_labels(name, &dp->namelen); 97 dp->name = regional_alloc_init(region, name, dp->namelen); 98 return dp->name != 0; 99} 100 101int 102delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name, 103 uint8_t lame) 104{ 105 struct delegpt_ns* ns; 106 size_t len; 107 (void)dname_count_size_labels(name, &len); 108 log_assert(!dp->dp_type_mlc); 109 /* slow check for duplicates to avoid counting failures when 110 * adding the same server as a dependency twice */ 111 if(delegpt_find_ns(dp, name, len)) 112 return 1; 113 ns = (struct delegpt_ns*)regional_alloc(region, 114 sizeof(struct delegpt_ns)); 115 if(!ns) 116 return 0; 117 ns->next = dp->nslist; 118 ns->namelen = len; 119 dp->nslist = ns; 120 ns->name = regional_alloc_init(region, name, ns->namelen); 121 ns->resolved = 0; 122 ns->got4 = 0; 123 ns->got6 = 0; 124 ns->lame = lame; 125 ns->done_pside4 = 0; 126 ns->done_pside6 = 0; 127 return ns->name != 0; 128} 129 130struct delegpt_ns* 131delegpt_find_ns(struct delegpt* dp, uint8_t* name, size_t namelen) 132{ 133 struct delegpt_ns* p = dp->nslist; 134 while(p) { 135 if(namelen == p->namelen && 136 query_dname_compare(name, p->name) == 0) { 137 return p; 138 } 139 p = p->next; 140 } 141 return NULL; 142} 143 144struct delegpt_addr* 145delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr, 146 socklen_t addrlen) 147{ 148 struct delegpt_addr* p = dp->target_list; 149 while(p) { 150 if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0) { 151 return p; 152 } 153 p = p->next_target; 154 } 155 return NULL; 156} 157 158int 159delegpt_add_target(struct delegpt* dp, struct regional* region, 160 uint8_t* name, size_t namelen, struct sockaddr_storage* addr, 161 socklen_t addrlen, uint8_t bogus, uint8_t lame) 162{ 163 struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); 164 log_assert(!dp->dp_type_mlc); 165 if(!ns) { 166 /* ignore it */ 167 return 1; 168 } 169 if(!lame) { 170 if(addr_is_ip6(addr, addrlen)) 171 ns->got6 = 1; 172 else ns->got4 = 1; 173 if(ns->got4 && ns->got6) 174 ns->resolved = 1; 175 } 176 return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame); 177} 178 179int 180delegpt_add_addr(struct delegpt* dp, struct regional* region, 181 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, 182 uint8_t lame) 183{ 184 struct delegpt_addr* a; 185 log_assert(!dp->dp_type_mlc); 186 /* check for duplicates */ 187 if((a = delegpt_find_addr(dp, addr, addrlen))) { 188 if(bogus) 189 a->bogus = bogus; 190 if(!lame) 191 a->lame = 0; 192 return 1; 193 } 194 195 a = (struct delegpt_addr*)regional_alloc(region, 196 sizeof(struct delegpt_addr)); 197 if(!a) 198 return 0; 199 a->next_target = dp->target_list; 200 dp->target_list = a; 201 a->next_result = 0; 202 a->next_usable = dp->usable_list; 203 dp->usable_list = a; 204 memcpy(&a->addr, addr, addrlen); 205 a->addrlen = addrlen; 206 a->attempts = 0; 207 a->bogus = bogus; 208 a->lame = lame; 209 a->dnsseclame = 0; 210 return 1; 211} 212 213void 214delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing) 215{ 216 struct delegpt_ns* ns; 217 *numns = 0; 218 *missing = 0; 219 for(ns = dp->nslist; ns; ns = ns->next) { 220 (*numns)++; 221 if(!ns->resolved) 222 (*missing)++; 223 } 224} 225 226void 227delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres, 228 size_t* numavail) 229{ 230 struct delegpt_addr* a; 231 *numaddr = 0; 232 *numres = 0; 233 *numavail = 0; 234 for(a = dp->target_list; a; a = a->next_target) { 235 (*numaddr)++; 236 } 237 for(a = dp->result_list; a; a = a->next_result) { 238 (*numres)++; 239 } 240 for(a = dp->usable_list; a; a = a->next_usable) { 241 (*numavail)++; 242 } 243} 244 245void delegpt_log(enum verbosity_value v, struct delegpt* dp) 246{ 247 char buf[LDNS_MAX_DOMAINLEN+1]; 248 struct delegpt_ns* ns; 249 struct delegpt_addr* a; 250 size_t missing=0, numns=0, numaddr=0, numres=0, numavail=0; 251 if(verbosity < v) 252 return; 253 dname_str(dp->name, buf); 254 if(dp->nslist == NULL && dp->target_list == NULL) { 255 log_info("DelegationPoint<%s>: empty", buf); 256 return; 257 } 258 delegpt_count_ns(dp, &numns, &missing); 259 delegpt_count_addr(dp, &numaddr, &numres, &numavail); 260 log_info("DelegationPoint<%s>: %u names (%u missing), " 261 "%u addrs (%u result, %u avail)%s", 262 buf, (unsigned)numns, (unsigned)missing, 263 (unsigned)numaddr, (unsigned)numres, (unsigned)numavail, 264 (dp->has_parent_side_NS?" parentNS":" cacheNS")); 265 if(verbosity >= VERB_ALGO) { 266 for(ns = dp->nslist; ns; ns = ns->next) { 267 dname_str(ns->name, buf); 268 log_info(" %s %s%s%s%s%s%s%s", buf, 269 (ns->resolved?"*":""), 270 (ns->got4?" A":""), (ns->got6?" AAAA":""), 271 (dp->bogus?" BOGUS":""), (ns->lame?" PARENTSIDE":""), 272 (ns->done_pside4?" PSIDE_A":""), 273 (ns->done_pside6?" PSIDE_AAAA":"")); 274 } 275 for(a = dp->target_list; a; a = a->next_target) { 276 const char* str = " "; 277 if(a->bogus && a->lame) str = " BOGUS ADDR_LAME "; 278 else if(a->bogus) str = " BOGUS "; 279 else if(a->lame) str = " ADDR_LAME "; 280 log_addr(VERB_ALGO, str, &a->addr, a->addrlen); 281 } 282 } 283} 284 285void 286delegpt_add_unused_targets(struct delegpt* dp) 287{ 288 struct delegpt_addr* usa = dp->usable_list; 289 dp->usable_list = NULL; 290 while(usa) { 291 usa->next_result = dp->result_list; 292 dp->result_list = usa; 293 usa = usa->next_usable; 294 } 295} 296 297size_t 298delegpt_count_targets(struct delegpt* dp) 299{ 300 struct delegpt_addr* a; 301 size_t n = 0; 302 for(a = dp->target_list; a; a = a->next_target) 303 n++; 304 return n; 305} 306 307size_t 308delegpt_count_missing_targets(struct delegpt* dp) 309{ 310 struct delegpt_ns* ns; 311 size_t n = 0; 312 for(ns = dp->nslist; ns; ns = ns->next) 313 if(!ns->resolved) 314 n++; 315 return n; 316} 317 318/** find NS rrset in given list */ 319static struct ub_packed_rrset_key* 320find_NS(struct reply_info* rep, size_t from, size_t to) 321{ 322 size_t i; 323 for(i=from; i<to; i++) { 324 if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NS) 325 return rep->rrsets[i]; 326 } 327 return NULL; 328} 329 330struct delegpt* 331delegpt_from_message(struct dns_msg* msg, struct regional* region) 332{ 333 struct ub_packed_rrset_key* ns_rrset = NULL; 334 struct delegpt* dp; 335 size_t i; 336 /* look for NS records in the authority section... */ 337 ns_rrset = find_NS(msg->rep, msg->rep->an_numrrsets, 338 msg->rep->an_numrrsets+msg->rep->ns_numrrsets); 339 340 /* In some cases (even legitimate, perfectly legal cases), the 341 * NS set for the "referral" might be in the answer section. */ 342 if(!ns_rrset) 343 ns_rrset = find_NS(msg->rep, 0, msg->rep->an_numrrsets); 344 345 /* If there was no NS rrset in the authority section, then this 346 * wasn't a referral message. (It might not actually be a 347 * referral message anyway) */ 348 if(!ns_rrset) 349 return NULL; 350 351 /* If we found any, then Yay! we have a delegation point. */ 352 dp = delegpt_create(region); 353 if(!dp) 354 return NULL; 355 dp->has_parent_side_NS = 1; /* created from message */ 356 if(!delegpt_set_name(dp, region, ns_rrset->rk.dname)) 357 return NULL; 358 if(!delegpt_rrset_add_ns(dp, region, ns_rrset, 0)) 359 return NULL; 360 361 /* add glue, A and AAAA in answer and additional section */ 362 for(i=0; i<msg->rep->rrset_count; i++) { 363 struct ub_packed_rrset_key* s = msg->rep->rrsets[i]; 364 /* skip auth section. FIXME really needed?*/ 365 if(msg->rep->an_numrrsets <= i && 366 i < (msg->rep->an_numrrsets+msg->rep->ns_numrrsets)) 367 continue; 368 369 if(ntohs(s->rk.type) == LDNS_RR_TYPE_A) { 370 if(!delegpt_add_rrset_A(dp, region, s, 0)) 371 return NULL; 372 } else if(ntohs(s->rk.type) == LDNS_RR_TYPE_AAAA) { 373 if(!delegpt_add_rrset_AAAA(dp, region, s, 0)) 374 return NULL; 375 } 376 } 377 return dp; 378} 379 380int 381delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, 382 struct ub_packed_rrset_key* ns_rrset, uint8_t lame) 383{ 384 struct packed_rrset_data* nsdata = (struct packed_rrset_data*) 385 ns_rrset->entry.data; 386 size_t i; 387 log_assert(!dp->dp_type_mlc); 388 if(nsdata->security == sec_status_bogus) 389 dp->bogus = 1; 390 for(i=0; i<nsdata->count; i++) { 391 if(nsdata->rr_len[i] < 2+1) continue; /* len + root label */ 392 if(dname_valid(nsdata->rr_data[i]+2, nsdata->rr_len[i]-2) != 393 (size_t)sldns_read_uint16(nsdata->rr_data[i])) 394 continue; /* bad format */ 395 /* add rdata of NS (= wirefmt dname), skip rdatalen bytes */ 396 if(!delegpt_add_ns(dp, region, nsdata->rr_data[i]+2, lame)) 397 return 0; 398 } 399 return 1; 400} 401 402int 403delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, 404 struct ub_packed_rrset_key* ak, uint8_t lame) 405{ 406 struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; 407 size_t i; 408 struct sockaddr_in sa; 409 socklen_t len = (socklen_t)sizeof(sa); 410 log_assert(!dp->dp_type_mlc); 411 memset(&sa, 0, len); 412 sa.sin_family = AF_INET; 413 sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); 414 for(i=0; i<d->count; i++) { 415 if(d->rr_len[i] != 2 + INET_SIZE) 416 continue; 417 memmove(&sa.sin_addr, d->rr_data[i]+2, INET_SIZE); 418 if(!delegpt_add_target(dp, region, ak->rk.dname, 419 ak->rk.dname_len, (struct sockaddr_storage*)&sa, 420 len, (d->security==sec_status_bogus), lame)) 421 return 0; 422 } 423 return 1; 424} 425 426int 427delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, 428 struct ub_packed_rrset_key* ak, uint8_t lame) 429{ 430 struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; 431 size_t i; 432 struct sockaddr_in6 sa; 433 socklen_t len = (socklen_t)sizeof(sa); 434 log_assert(!dp->dp_type_mlc); 435 memset(&sa, 0, len); 436 sa.sin6_family = AF_INET6; 437 sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); 438 for(i=0; i<d->count; i++) { 439 if(d->rr_len[i] != 2 + INET6_SIZE) /* rdatalen + len of IP6 */ 440 continue; 441 memmove(&sa.sin6_addr, d->rr_data[i]+2, INET6_SIZE); 442 if(!delegpt_add_target(dp, region, ak->rk.dname, 443 ak->rk.dname_len, (struct sockaddr_storage*)&sa, 444 len, (d->security==sec_status_bogus), lame)) 445 return 0; 446 } 447 return 1; 448} 449 450int 451delegpt_add_rrset(struct delegpt* dp, struct regional* region, 452 struct ub_packed_rrset_key* rrset, uint8_t lame) 453{ 454 if(!rrset) 455 return 1; 456 if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_NS) 457 return delegpt_rrset_add_ns(dp, region, rrset, lame); 458 else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_A) 459 return delegpt_add_rrset_A(dp, region, rrset, lame); 460 else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_AAAA) 461 return delegpt_add_rrset_AAAA(dp, region, rrset, lame); 462 log_warn("Unknown rrset type added to delegpt"); 463 return 1; 464} 465 466void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg) 467{ 468 struct reply_info* rep = (struct reply_info*)msg->entry.data; 469 if(!rep) return; 470 471 /* if error or no answers */ 472 if(FLAGS_GET_RCODE(rep->flags) != 0 || rep->an_numrrsets == 0) { 473 struct delegpt_ns* ns = delegpt_find_ns(dp, msg->key.qname, 474 msg->key.qname_len); 475 if(ns) { 476 if(msg->key.qtype == LDNS_RR_TYPE_A) 477 ns->got4 = 1; 478 else if(msg->key.qtype == LDNS_RR_TYPE_AAAA) 479 ns->got6 = 1; 480 if(ns->got4 && ns->got6) 481 ns->resolved = 1; 482 } 483 } 484} 485 486void delegpt_no_ipv6(struct delegpt* dp) 487{ 488 struct delegpt_ns* ns; 489 for(ns = dp->nslist; ns; ns = ns->next) { 490 /* no ipv6, so only ipv4 is enough to resolve a nameserver */ 491 if(ns->got4) 492 ns->resolved = 1; 493 } 494} 495 496void delegpt_no_ipv4(struct delegpt* dp) 497{ 498 struct delegpt_ns* ns; 499 for(ns = dp->nslist; ns; ns = ns->next) { 500 /* no ipv4, so only ipv6 is enough to resolve a nameserver */ 501 if(ns->got6) 502 ns->resolved = 1; 503 } 504} 505 506struct delegpt* delegpt_create_mlc(uint8_t* name) 507{ 508 struct delegpt* dp=(struct delegpt*)calloc(1, sizeof(*dp)); 509 if(!dp) 510 return NULL; 511 dp->dp_type_mlc = 1; 512 if(name) { 513 dp->namelabs = dname_count_size_labels(name, &dp->namelen); 514 dp->name = memdup(name, dp->namelen); 515 if(!dp->name) { 516 free(dp); 517 return NULL; 518 } 519 } 520 return dp; 521} 522 523void delegpt_free_mlc(struct delegpt* dp) 524{ 525 struct delegpt_ns* n, *nn; 526 struct delegpt_addr* a, *na; 527 if(!dp) return; 528 log_assert(dp->dp_type_mlc); 529 n = dp->nslist; 530 while(n) { 531 nn = n->next; 532 free(n->name); 533 free(n); 534 n = nn; 535 } 536 a = dp->target_list; 537 while(a) { 538 na = a->next_target; 539 free(a); 540 a = na; 541 } 542 free(dp->name); 543 free(dp); 544} 545 546int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name) 547{ 548 log_assert(dp->dp_type_mlc); 549 dp->namelabs = dname_count_size_labels(name, &dp->namelen); 550 dp->name = memdup(name, dp->namelen); 551 return (dp->name != NULL); 552} 553 554int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame) 555{ 556 struct delegpt_ns* ns; 557 size_t len; 558 (void)dname_count_size_labels(name, &len); 559 log_assert(dp->dp_type_mlc); 560 /* slow check for duplicates to avoid counting failures when 561 * adding the same server as a dependency twice */ 562 if(delegpt_find_ns(dp, name, len)) 563 return 1; 564 ns = (struct delegpt_ns*)malloc(sizeof(struct delegpt_ns)); 565 if(!ns) 566 return 0; 567 ns->namelen = len; 568 ns->name = memdup(name, ns->namelen); 569 if(!ns->name) { 570 free(ns); 571 return 0; 572 } 573 ns->next = dp->nslist; 574 dp->nslist = ns; 575 ns->resolved = 0; 576 ns->got4 = 0; 577 ns->got6 = 0; 578 ns->lame = (uint8_t)lame; 579 ns->done_pside4 = 0; 580 ns->done_pside6 = 0; 581 return 1; 582} 583 584int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, 585 socklen_t addrlen, uint8_t bogus, uint8_t lame) 586{ 587 struct delegpt_addr* a; 588 log_assert(dp->dp_type_mlc); 589 /* check for duplicates */ 590 if((a = delegpt_find_addr(dp, addr, addrlen))) { 591 if(bogus) 592 a->bogus = bogus; 593 if(!lame) 594 a->lame = 0; 595 return 1; 596 } 597 598 a = (struct delegpt_addr*)malloc(sizeof(struct delegpt_addr)); 599 if(!a) 600 return 0; 601 a->next_target = dp->target_list; 602 dp->target_list = a; 603 a->next_result = 0; 604 a->next_usable = dp->usable_list; 605 dp->usable_list = a; 606 memcpy(&a->addr, addr, addrlen); 607 a->addrlen = addrlen; 608 a->attempts = 0; 609 a->bogus = bogus; 610 a->lame = lame; 611 a->dnsseclame = 0; 612 return 1; 613} 614 615int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, 616 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, 617 uint8_t lame) 618{ 619 struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); 620 log_assert(dp->dp_type_mlc); 621 if(!ns) { 622 /* ignore it */ 623 return 1; 624 } 625 if(!lame) { 626 if(addr_is_ip6(addr, addrlen)) 627 ns->got6 = 1; 628 else ns->got4 = 1; 629 if(ns->got4 && ns->got6) 630 ns->resolved = 1; 631 } 632 return delegpt_add_addr_mlc(dp, addr, addrlen, bogus, lame); 633} 634 635size_t delegpt_get_mem(struct delegpt* dp) 636{ 637 struct delegpt_ns* ns; 638 size_t s; 639 if(!dp) return 0; 640 s = sizeof(*dp) + dp->namelen + 641 delegpt_count_targets(dp)*sizeof(struct delegpt_addr); 642 for(ns=dp->nslist; ns; ns=ns->next) 643 s += sizeof(*ns)+ns->namelen; 644 return s; 645} 646