dns64.c revision 356345 
1/*
2 * dns64/dns64.c - DNS64 module
3 *
4 * Copyright (c) 2009, Viag��nie. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of Viag��nie nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
34 */
35
36/**
37 * \file
38 *
39 * This file contains a module that performs DNS64 query processing.
40 */
41
42#include "config.h"
43#include "dns64/dns64.h"
44#include "services/cache/dns.h"
45#include "services/cache/rrset.h"
46#include "util/config_file.h"
47#include "util/data/msgreply.h"
48#include "util/fptr_wlist.h"
49#include "util/net_help.h"
50#include "util/regional.h"
51#include "util/storage/dnstree.h"
52#include "util/data/dname.h"
53#include "sldns/str2wire.h"
54
55/******************************************************************************
56 *                                                                            *
57 *                             STATIC CONSTANTS                               *
58 *                                                                            *
59 ******************************************************************************/
60
61/**
62 * This is the default DNS64 prefix that is used whent he dns64 module is listed
63 * in module-config but when the dns64-prefix variable is not present.
64 */
65static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96";
66
67/**
68 * Maximum length of a domain name in a PTR query in the .in-addr.arpa tree.
69 */
70#define MAX_PTR_QNAME_IPV4 30
71
72/**
73 * State of DNS64 processing for a query.
74 */
75enum dns64_state {
76    DNS64_INTERNAL_QUERY,    /**< Internally-generated query, no DNS64
77                                  processing. */
78    DNS64_NEW_QUERY,         /**< Query for which we're the first module in
79                                  line. */
80    DNS64_SUBQUERY_FINISHED  /**< Query for which we generated a sub-query, and
81                                  for which this sub-query is finished. */
82};
83
84/**
85 * Per-query module-specific state.  For the DNS64 module.
86 */
87struct dns64_qstate {
88	/** State of the DNS64 module. */
89	enum dns64_state state;
90	/** If the dns64 module started with no_cache bool set in the qstate,
91	 * a message to tell it to not modify the cache contents, then this
92	 * is true.  The dns64 module is then free to modify that flag for
93	 * its own purposes.
94	 * Otherwise, it is false, the dns64 module was not told to no_cache */
95	int started_no_cache_store;
96};
97
98/******************************************************************************
99 *                                                                            *
100 *                                 STRUCTURES                                 *
101 *                                                                            *
102 ******************************************************************************/
103
104/**
105 * This structure contains module configuration information. One instance of
106 * this structure exists per instance of the module. Normally there is only one
107 * instance of the module.
108 */
109struct dns64_env {
110    /**
111     * DNS64 prefix address. We're using a full sockaddr instead of just an
112     * in6_addr because we can reuse Unbound's generic string parsing functions.
113     * It will always contain a sockaddr_in6, and only the sin6_addr member will
114     * ever be used.
115     */
116    struct sockaddr_storage prefix_addr;
117
118    /**
119     * This is always sizeof(sockaddr_in6).
120     */
121    socklen_t prefix_addrlen;
122
123    /**
124     * This is the CIDR length of the prefix. It needs to be between 0 and 96.
125     */
126    int prefix_net;
127
128    /**
129     * Tree of names for which AAAA is ignored. always synthesize from A.
130     */
131    rbtree_type ignore_aaaa;
132};
133
134
135/******************************************************************************
136 *                                                                            *
137 *                             UTILITY FUNCTIONS                              *
138 *                                                                            *
139 ******************************************************************************/
140
141/**
142 * Generic macro for swapping two variables.
143 *
144 * \param t Type of the variables. (e.g. int)
145 * \param a First variable.
146 * \param b Second variable.
147 *
148 * \warning Do not attempt something foolish such as swap(int,a++,b++)!
149 */
150#define swap(t,a,b) do {t x = a; a = b; b = x;} while(0)
151
152/**
153 * Reverses a string.
154 *
155 * \param begin Points to the first character of the string.
156 * \param end   Points one past the last character of the string.
157 */
158static void
159reverse(char* begin, char* end)
160{
161    while ( begin < --end ) {
162        swap(char, *begin, *end);
163        ++begin;
164    }
165}
166
167/**
168 * Convert an unsigned integer to a string. The point of this function is that
169 * of being faster than sprintf().
170 *
171 * \param n The number to be converted.
172 * \param s The result will be written here. Must be large enough, be careful!
173 *
174 * \return The number of characters written.
175 */
176static int
177uitoa(unsigned n, char* s)
178{
179    char* ss = s;
180    do {
181        *ss++ = '0' + n % 10;
182    } while (n /= 10);
183    reverse(s, ss);
184    return ss - s;
185}
186
187/**
188 * Extract an IPv4 address embedded in the IPv6 address \a ipv6 at offset \a
189 * offset (in bits). Note that bits are not necessarily aligned on bytes so we
190 * need to be careful.
191 *
192 * \param ipv6   IPv6 address represented as a 128-bit array in big-endian
193 *               order.
194 * \param ipv6_len length of the ipv6 byte array.
195 * \param offset Index of the MSB of the IPv4 address embedded in the IPv6
196 *               address.
197 */
198static uint32_t
199extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset)
200{
201    uint32_t ipv4;
202    log_assert(ipv6_len == 16); (void)ipv6_len;
203    ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8))
204         | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8))
205         | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8))
206         | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8));
207    if (offset/8+4 < 16)
208        ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8);
209    return ipv4;
210}
211
212/**
213 * Builds the PTR query name corresponding to an IPv4 address. For example,
214 * given the number 3,464,175,361, this will build the string
215 * "\03206\03123\0231\011\07in-addr\04arpa".
216 *
217 * \param ipv4 IPv4 address represented as an unsigned 32-bit number.
218 * \param ptr  The result will be written here. Must be large enough, be
219 *             careful!
220 * \param nm_len length of the ptr buffer.
221 *
222 * \return The number of characters written.
223 */
224static size_t
225ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len)
226{
227    static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa";
228    int i;
229    char* c = ptr;
230    log_assert(nm_len == MAX_PTR_QNAME_IPV4);
231
232    for (i = 0; i < 4; ++i) {
233        *c = uitoa((unsigned int)(ipv4 % 256), c + 1);
234        c += *c + 1;
235	log_assert(c < ptr+nm_len);
236        ipv4 /= 256;
237    }
238
239    log_assert(c + sizeof(IPV4_PTR_SUFFIX) <= ptr+nm_len);
240    memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX));
241
242    return c + sizeof(IPV4_PTR_SUFFIX) - ptr;
243}
244
245/**
246 * Converts an IPv6-related domain name string from a PTR query into an IPv6
247 * address represented as a 128-bit array.
248 *
249 * \param ptr  The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa")
250 * \param ipv6 The result will be written here, in network byte order.
251 * \param ipv6_len length of the ipv6 byte array.
252 *
253 * \return 1 on success, 0 on failure.
254 */
255static int
256ptr_to_ipv6(const char* ptr, uint8_t ipv6[], size_t ipv6_len)
257{
258    int i;
259    log_assert(ipv6_len == 16); (void)ipv6_len;
260
261    for (i = 0; i < 64; i++) {
262        int x;
263
264        if (ptr[i++] != 1)
265            return 0;
266
267        if (ptr[i] >= '0' && ptr[i] <= '9') {
268            x = ptr[i] - '0';
269        } else if (ptr[i] >= 'a' && ptr[i] <= 'f') {
270            x = ptr[i] - 'a' + 10;
271        } else if (ptr[i] >= 'A' && ptr[i] <= 'F') {
272            x = ptr[i] - 'A' + 10;
273        } else {
274            return 0;
275        }
276
277        ipv6[15-i/4] |= x << (2 * ((i-1) % 4));
278    }
279
280    return 1;
281}
282
283/**
284 * Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix.
285 *
286 * \param prefix_addr DNS64 prefix address.
287 * \param prefix_addr_len length of the prefix_addr buffer.
288 * \param prefix_net  CIDR length of the DNS64 prefix. Must be between 0 and 96.
289 * \param a           IPv4 address.
290 * \param a_len       length of the a buffer.
291 * \param aaaa        IPv6 address. The result will be written here.
292 * \param aaaa_len    length of the aaaa buffer.
293 */
294static void
295synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len,
296	int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[],
297	size_t aaaa_len)
298{
299    log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16);
300    (void)prefix_addr_len; (void)a_len; (void)aaaa_len;
301    memcpy(aaaa, prefix_addr, 16);
302    aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8);
303    aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8);
304    aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8);
305    aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8);
306    aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8);
307    aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8);
308    aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8);
309    if (prefix_net/8+4 < 16)  /* <-- my beautiful symmetry is destroyed! */
310    aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8);
311}
312
313
314/******************************************************************************
315 *                                                                            *
316 *                           DNS64 MODULE FUNCTIONS                           *
317 *                                                                            *
318 ******************************************************************************/
319
320/**
321 * insert ignore_aaaa element into the tree
322 * @param dns64_env: module env.
323 * @param str: string with domain name.
324 * @return false on failure.
325 */
326static int
327dns64_insert_ignore_aaaa(struct dns64_env* dns64_env, char* str)
328{
329	/* parse and insert element */
330	struct name_tree_node* node;
331	node = (struct name_tree_node*)calloc(1, sizeof(*node));
332	if(!node) {
333		log_err("out of memory");
334		return 0;
335	}
336	node->name = sldns_str2wire_dname(str, &node->len);
337	if(!node->name) {
338		free(node);
339		log_err("cannot parse dns64-ignore-aaaa: %s", str);
340		return 0;
341	}
342	node->labs = dname_count_labels(node->name);
343	node->dclass = LDNS_RR_CLASS_IN;
344	if(!name_tree_insert(&dns64_env->ignore_aaaa, node,
345		node->name, node->len, node->labs, node->dclass)) {
346		/* ignore duplicate element */
347		free(node->name);
348		free(node);
349		return 1;
350	}
351	return 1;
352}
353
354/**
355 * This function applies the configuration found in the parsed configuration
356 * file \a cfg to this instance of the dns64 module. Currently only the DNS64
357 * prefix (a.k.a. Pref64) is configurable.
358 *
359 * \param dns64_env Module-specific global parameters.
360 * \param cfg       Parsed configuration file.
361 */
362static int
363dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg)
364{
365    struct config_strlist* s;
366    verbose(VERB_ALGO, "dns64-prefix: %s", cfg->dns64_prefix);
367    if (!netblockstrtoaddr(cfg->dns64_prefix ? cfg->dns64_prefix :
368                DEFAULT_DNS64_PREFIX, 0, &dns64_env->prefix_addr,
369                &dns64_env->prefix_addrlen, &dns64_env->prefix_net)) {
370        log_err("cannot parse dns64-prefix netblock: %s", cfg->dns64_prefix);
371        return 0;
372    }
373    if (!addr_is_ip6(&dns64_env->prefix_addr, dns64_env->prefix_addrlen)) {
374        log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix);
375        return 0;
376    }
377    if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) {
378        log_err("dns64-prefix length it not between 0 and 96: %s",
379                cfg->dns64_prefix);
380        return 0;
381    }
382    for(s = cfg->dns64_ignore_aaaa; s; s = s->next) {
383	    if(!dns64_insert_ignore_aaaa(dns64_env, s->str))
384		    return 0;
385    }
386    name_tree_init_parents(&dns64_env->ignore_aaaa);
387    return 1;
388}
389
390/**
391 * Initializes this instance of the dns64 module.
392 *
393 * \param env Global state of all module instances.
394 * \param id  This instance's ID number.
395 */
396int
397dns64_init(struct module_env* env, int id)
398{
399    struct dns64_env* dns64_env =
400        (struct dns64_env*)calloc(1, sizeof(struct dns64_env));
401    if (!dns64_env) {
402        log_err("malloc failure");
403        return 0;
404    }
405    env->modinfo[id] = (void*)dns64_env;
406    name_tree_init(&dns64_env->ignore_aaaa);
407    if (!dns64_apply_cfg(dns64_env, env->cfg)) {
408        log_err("dns64: could not apply configuration settings.");
409        return 0;
410    }
411    return 1;
412}
413
414/** free ignore AAAA elements */
415static void
416free_ignore_aaaa_node(rbnode_type* node, void* ATTR_UNUSED(arg))
417{
418	struct name_tree_node* n = (struct name_tree_node*)node;
419	if(!n) return;
420	free(n->name);
421	free(n);
422}
423
424/**
425 * Deinitializes this instance of the dns64 module.
426 *
427 * \param env Global state of all module instances.
428 * \param id  This instance's ID number.
429 */
430void
431dns64_deinit(struct module_env* env, int id)
432{
433    struct dns64_env* dns64_env;
434    if (!env)
435        return;
436    dns64_env = (struct dns64_env*)env->modinfo[id];
437    if(dns64_env) {
438	    traverse_postorder(&dns64_env->ignore_aaaa, free_ignore_aaaa_node,
439	    	NULL);
440    }
441    free(env->modinfo[id]);
442    env->modinfo[id] = NULL;
443}
444
445/**
446 * Handle PTR queries for IPv6 addresses. If the address belongs to the DNS64
447 * prefix, we must do a PTR query for the corresponding IPv4 address instead.
448 *
449 * \param qstate Query state structure.
450 * \param id     This module instance's ID number.
451 *
452 * \return The new state of the query.
453 */
454static enum module_ext_state
455handle_ipv6_ptr(struct module_qstate* qstate, int id)
456{
457    struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id];
458    struct module_qstate* subq = NULL;
459    struct query_info qinfo;
460    struct sockaddr_in6 sin6;
461
462    /* Convert the PTR query string to an IPv6 address. */
463    memset(&sin6, 0, sizeof(sin6));
464    sin6.sin6_family = AF_INET6;
465    if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr,
466	sizeof(sin6.sin6_addr.s6_addr)))
467        return module_wait_module;  /* Let other module handle this. */
468
469    /*
470     * If this IPv6 address is not part of our DNS64 prefix, then we don't need
471     * to do anything. Let another module handle the query.
472     */
473    if (addr_in_common((struct sockaddr_storage*)&sin6, 128,
474                &dns64_env->prefix_addr, dns64_env->prefix_net,
475                (socklen_t)sizeof(sin6)) != dns64_env->prefix_net)
476        return module_wait_module;
477
478    verbose(VERB_ALGO, "dns64: rewrite PTR record");
479
480    /*
481     * Create a new PTR query info for the domain name corresponding to the IPv4
482     * address corresponding to the IPv6 address corresponding to the original
483     * PTR query domain name.
484     */
485    qinfo = qstate->qinfo;
486    if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4)))
487        return module_error;
488    qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr,
489		sizeof(sin6.sin6_addr.s6_addr), dns64_env->prefix_net),
490		(char*)qinfo.qname, MAX_PTR_QNAME_IPV4);
491
492    /* Create the new sub-query. */
493    fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
494    if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, 0,
495                &subq))
496        return module_error;
497    if (subq) {
498        subq->curmod = id;
499        subq->ext_state[id] = module_state_initial;
500	subq->minfo[id] = NULL;
501    }
502
503    return module_wait_subquery;
504}
505
506static enum module_ext_state
507generate_type_A_query(struct module_qstate* qstate, int id)
508{
509	struct module_qstate* subq = NULL;
510	struct query_info qinfo;
511
512	verbose(VERB_ALGO, "dns64: query A record");
513
514	/* Create a new query info. */
515	qinfo = qstate->qinfo;
516	qinfo.qtype = LDNS_RR_TYPE_A;
517
518	/* Start the sub-query. */
519	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
520	if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0,
521				       0, &subq))
522	{
523		verbose(VERB_ALGO, "dns64: sub-query creation failed");
524		return module_error;
525	}
526	if (subq) {
527		subq->curmod = id;
528		subq->ext_state[id] = module_state_initial;
529		subq->minfo[id] = NULL;
530	}
531
532	return module_wait_subquery;
533}
534
535/**
536 * See if query name is in the always synth config.
537 * The ignore-aaaa list has names for which the AAAA for the domain is
538 * ignored and the A is always used to create the answer.
539 * @param qstate: query state.
540 * @param id: module id.
541 * @return true if the name is covered by ignore-aaaa.
542 */
543static int
544dns64_always_synth_for_qname(struct module_qstate* qstate, int id)
545{
546	struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id];
547	int labs = dname_count_labels(qstate->qinfo.qname);
548	struct name_tree_node* node = name_tree_lookup(&dns64_env->ignore_aaaa,
549		qstate->qinfo.qname, qstate->qinfo.qname_len, labs,
550		qstate->qinfo.qclass);
551	return (node != NULL);
552}
553
554/**
555 * Handles the "pass" event for a query. This event is received when a new query
556 * is received by this module. The query may have been generated internally by
557 * another module, in which case we don't want to do any special processing
558 * (this is an interesting discussion topic),  or it may be brand new, e.g.
559 * received over a socket, in which case we do want to apply DNS64 processing.
560 *
561 * \param qstate A structure representing the state of the query that has just
562 *               received the "pass" event.
563 * \param id     This module's instance ID.
564 *
565 * \return The new state of the query.
566 */
567static enum module_ext_state
568handle_event_pass(struct module_qstate* qstate, int id)
569{
570	struct dns64_qstate* iq = (struct dns64_qstate*)qstate->minfo[id];
571	if (iq && iq->state == DNS64_NEW_QUERY
572            && qstate->qinfo.qtype == LDNS_RR_TYPE_PTR
573            && qstate->qinfo.qname_len == 74
574            && !strcmp((char*)&qstate->qinfo.qname[64], "\03ip6\04arpa"))
575        /* Handle PTR queries for IPv6 addresses. */
576        return handle_ipv6_ptr(qstate, id);
577
578	if (qstate->env->cfg->dns64_synthall &&
579	    iq && iq->state == DNS64_NEW_QUERY
580	    && qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA)
581		return generate_type_A_query(qstate, id);
582
583	if(dns64_always_synth_for_qname(qstate, id) &&
584	    iq && iq->state == DNS64_NEW_QUERY
585	    && !(qstate->query_flags & BIT_CD)
586	    && qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) {
587		verbose(VERB_ALGO, "dns64: ignore-aaaa and synthesize anyway");
588		return generate_type_A_query(qstate, id);
589	}
590
591	/* We are finished when our sub-query is finished. */
592	if (iq && iq->state == DNS64_SUBQUERY_FINISHED)
593		return module_finished;
594
595	/* Otherwise, pass request to next module. */
596	verbose(VERB_ALGO, "dns64: pass to next module");
597	return module_wait_module;
598}
599
600/**
601 * Handles the "done" event for a query. We need to analyze the response and
602 * maybe issue a new sub-query for the A record.
603 *
604 * \param qstate A structure representing the state of the query that has just
605 *               received the "pass" event.
606 * \param id     This module's instance ID.
607 *
608 * \return The new state of the query.
609 */
610static enum module_ext_state
611handle_event_moddone(struct module_qstate* qstate, int id)
612{
613	struct dns64_qstate* iq = (struct dns64_qstate*)qstate->minfo[id];
614    /*
615     * In many cases we have nothing special to do. From most to least common:
616     *
617     *   - An internal query.
618     *   - A query for a record type other than AAAA.
619     *   - CD FLAG was set on querier
620     *   - An AAAA query for which an error was returned.(qstate.return_rcode)
621     *     -> treated as servfail thus synthesize (sec 5.1.3 6147), thus
622     *        synthesize in (sec 5.1.2 of RFC6147).
623     *   - A successful AAAA query with an answer.
624     */
625	if((!iq || iq->state != DNS64_INTERNAL_QUERY)
626            && qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA
627	    && !(qstate->query_flags & BIT_CD)
628	    && !(qstate->return_msg &&
629		    qstate->return_msg->rep &&
630		    reply_find_answer_rrset(&qstate->qinfo,
631			    qstate->return_msg->rep)))
632		/* not internal, type AAAA, not CD, and no answer RRset,
633		 * So, this is a AAAA noerror/nodata answer */
634		return generate_type_A_query(qstate, id);
635
636	if((!iq || iq->state != DNS64_INTERNAL_QUERY)
637	    && qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA
638	    && !(qstate->query_flags & BIT_CD)
639	    && dns64_always_synth_for_qname(qstate, id)) {
640		/* if it is not internal, AAAA, not CD and listed domain,
641		 * generate from A record and ignore AAAA */
642		verbose(VERB_ALGO, "dns64: ignore-aaaa and synthesize anyway");
643		return generate_type_A_query(qstate, id);
644	}
645
646	/* Store the response in cache. */
647	if ( (!iq || !iq->started_no_cache_store) &&
648		qstate->return_msg && qstate->return_msg->rep &&
649		!dns_cache_store(qstate->env, &qstate->qinfo, qstate->return_msg->rep,
650		0, 0, 0, NULL, qstate->query_flags))
651		log_err("out of memory");
652
653	/* do nothing */
654	return module_finished;
655}
656
657/**
658 * This is the module's main() function. It gets called each time a query
659 * receives an event which we may need to handle. We respond by updating the
660 * state of the query.
661 *
662 * \param qstate   Structure containing the state of the query.
663 * \param event    Event that has just been received.
664 * \param id       This module's instance ID.
665 * \param outbound State of a DNS query on an authoritative server. We never do
666 *                 our own queries ourselves (other modules do it for us), so
667 *                 this is unused.
668 */
669void
670dns64_operate(struct module_qstate* qstate, enum module_ev event, int id,
671		struct outbound_entry* outbound)
672{
673	struct dns64_qstate* iq;
674	(void)outbound;
675	verbose(VERB_QUERY, "dns64[module %d] operate: extstate:%s event:%s",
676			id, strextstate(qstate->ext_state[id]),
677			strmodulevent(event));
678	log_query_info(VERB_QUERY, "dns64 operate: query", &qstate->qinfo);
679
680	switch(event) {
681		case module_event_new:
682			/* Tag this query as being new and fall through. */
683			iq = (struct dns64_qstate*)regional_alloc(
684				qstate->region, sizeof(*iq));
685			qstate->minfo[id] = iq;
686			iq->state = DNS64_NEW_QUERY;
687			iq->started_no_cache_store = qstate->no_cache_store;
688			qstate->no_cache_store = 1;
689  			/* fallthrough */
690		case module_event_pass:
691			qstate->ext_state[id] = handle_event_pass(qstate, id);
692			break;
693		case module_event_moddone:
694			qstate->ext_state[id] = handle_event_moddone(qstate, id);
695			break;
696		default:
697			qstate->ext_state[id] = module_finished;
698			break;
699	}
700	if(qstate->ext_state[id] == module_finished) {
701		iq = (struct dns64_qstate*)qstate->minfo[id];
702		if(iq && iq->state != DNS64_INTERNAL_QUERY)
703			qstate->no_cache_store = iq->started_no_cache_store;
704	}
705}
706
707static void
708dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
709		      const struct packed_rrset_data* fd,
710		      struct ub_packed_rrset_key *dk,
711		      struct packed_rrset_data **dd_out, struct regional *region,
712		      struct dns64_env* dns64_env )
713{
714	struct packed_rrset_data *dd;
715	size_t i;
716	/*
717	 * Create synthesized AAAA RR set data. We need to allocated extra memory
718	 * for the RRs themselves. Each RR has a length, TTL, pointer to wireformat
719	 * data, 2 bytes of data length, and 16 bytes of IPv6 address.
720	 */
721	if(fd->count > RR_COUNT_MAX) {
722		*dd_out = NULL;
723		return; /* integer overflow protection in alloc */
724	}
725	if (!(dd = *dd_out = regional_alloc(region,
726		  sizeof(struct packed_rrset_data)
727		  + fd->count * (sizeof(size_t) + sizeof(time_t) +
728			     sizeof(uint8_t*) + 2 + 16)))) {
729		log_err("out of memory");
730		return;
731	}
732
733	/* Copy attributes from A RR set. */
734	dd->ttl = fd->ttl;
735	dd->count = fd->count;
736	dd->rrsig_count = 0;
737	dd->trust = fd->trust;
738	dd->security = fd->security;
739
740	/*
741	 * Synthesize AAAA records. Adjust pointers in structure.
742	 */
743	dd->rr_len =
744	    (size_t*)((uint8_t*)dd + sizeof(struct packed_rrset_data));
745	dd->rr_data = (uint8_t**)&dd->rr_len[dd->count];
746	dd->rr_ttl = (time_t*)&dd->rr_data[dd->count];
747	for(i = 0; i < fd->count; ++i) {
748		if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0
749		    || fd->rr_data[i][1] != 4) {
750			*dd_out = NULL;
751			return;
752		}
753		dd->rr_len[i] = 18;
754		dd->rr_data[i] =
755		    (uint8_t*)&dd->rr_ttl[dd->count] + 18*i;
756		dd->rr_data[i][0] = 0;
757		dd->rr_data[i][1] = 16;
758		synthesize_aaaa(
759				((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr,
760				sizeof(((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr),
761				dns64_env->prefix_net, &fd->rr_data[i][2],
762				fd->rr_len[i]-2, &dd->rr_data[i][2],
763				dd->rr_len[i]-2);
764		dd->rr_ttl[i] = fd->rr_ttl[i];
765	}
766
767	/*
768	 * Create synthesized AAAA RR set key. This is mostly just bookkeeping,
769	 * nothing interesting here.
770	 */
771	if(!dk) {
772		log_err("no key");
773		*dd_out = NULL;
774		return;
775	}
776
777	dk->rk.dname = (uint8_t*)regional_alloc_init(region,
778		     fk->rk.dname, fk->rk.dname_len);
779
780	if(!dk->rk.dname) {
781		log_err("out of memory");
782		*dd_out = NULL;
783		return;
784	}
785
786	dk->rk.type = htons(LDNS_RR_TYPE_AAAA);
787	memset(&dk->entry, 0, sizeof(dk->entry));
788	dk->entry.key = dk;
789	dk->entry.hash = rrset_key_hash(&dk->rk);
790	dk->entry.data = dd;
791
792}
793
794/**
795 * Synthesize an AAAA RR set from an A sub-query's answer and add it to the
796 * original empty response.
797 *
798 * \param id     This module's instance ID.
799 * \param super  Original AAAA query.
800 * \param qstate A query.
801 */
802static void
803dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate)
804{
805	struct dns64_env* dns64_env = (struct dns64_env*)super->env->modinfo[id];
806	struct reply_info *rep, *cp;
807	size_t i, s;
808	struct packed_rrset_data* fd, *dd;
809	struct ub_packed_rrset_key* fk, *dk;
810
811	verbose(VERB_ALGO, "converting A answers to AAAA answers");
812
813	log_assert(super->region);
814	log_assert(qstate->return_msg);
815	log_assert(qstate->return_msg->rep);
816
817	/* If dns64-synthall is enabled, return_msg is not initialized */
818	if(!super->return_msg) {
819		super->return_msg = (struct dns_msg*)regional_alloc(
820		    super->region, sizeof(struct dns_msg));
821		if(!super->return_msg)
822			return;
823		memset(super->return_msg, 0, sizeof(*super->return_msg));
824		super->return_msg->qinfo = super->qinfo;
825	}
826
827	rep = qstate->return_msg->rep;
828
829	/*
830	 * Build the actual reply.
831	 */
832	cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount,
833		rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl,
834		rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets,
835		rep->rrset_count, rep->security);
836	if(!cp)
837		return;
838
839	/* allocate ub_key structures special or not */
840	if(!reply_info_alloc_rrset_keys(cp, NULL, super->region)) {
841		return;
842	}
843
844	/* copy everything and replace A by AAAA */
845	for(i=0; i<cp->rrset_count; i++) {
846		fk = rep->rrsets[i];
847		dk = cp->rrsets[i];
848		fd = (struct packed_rrset_data*)fk->entry.data;
849		dk->rk = fk->rk;
850		dk->id = fk->id;
851
852		if(i<rep->an_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) {
853			/* also sets dk->entry.hash */
854			dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env);
855			if(!dd)
856				return;
857			/* Delete negative AAAA record from cache stored by
858			 * the iterator module */
859			rrset_cache_remove(super->env->rrset_cache, dk->rk.dname,
860					   dk->rk.dname_len, LDNS_RR_TYPE_AAAA,
861					   LDNS_RR_CLASS_IN, 0);
862			/* Delete negative AAAA in msg cache for CNAMEs,
863			 * stored by the iterator module */
864			if(i != 0) /* if not the first RR */
865			    msg_cache_remove(super->env, dk->rk.dname,
866				dk->rk.dname_len, LDNS_RR_TYPE_AAAA,
867				LDNS_RR_CLASS_IN, 0);
868		} else {
869			dk->entry.hash = fk->entry.hash;
870			dk->rk.dname = (uint8_t*)regional_alloc_init(super->region,
871				fk->rk.dname, fk->rk.dname_len);
872
873			if(!dk->rk.dname)
874				return;
875
876			s = packed_rrset_sizeof(fd);
877			dd = (struct packed_rrset_data*)regional_alloc_init(
878				super->region, fd, s);
879
880			if(!dd)
881				return;
882		}
883
884		packed_rrset_ptr_fixup(dd);
885		dk->entry.data = (void*)dd;
886	}
887
888	/* Commit changes. */
889	super->return_msg->rep = cp;
890}
891
892/**
893 * Generate a response for the original IPv6 PTR query based on an IPv4 PTR
894 * sub-query's response.
895 *
896 * \param qstate IPv4 PTR sub-query.
897 * \param super  Original IPv6 PTR query.
898 */
899static void
900dns64_adjust_ptr(struct module_qstate* qstate, struct module_qstate* super)
901{
902    struct ub_packed_rrset_key* answer;
903
904    verbose(VERB_ALGO, "adjusting PTR reply");
905
906    /* Copy the sub-query's reply to the parent. */
907    if (!(super->return_msg = (struct dns_msg*)regional_alloc(super->region,
908                    sizeof(struct dns_msg))))
909        return;
910    super->return_msg->qinfo = super->qinfo;
911    super->return_msg->rep = reply_info_copy(qstate->return_msg->rep, NULL,
912            super->region);
913
914    /*
915     * Adjust the domain name of the answer RR set so that it matches the
916     * initial query's domain name.
917     */
918    answer = reply_find_answer_rrset(&qstate->qinfo, super->return_msg->rep);
919    if(answer) {
920	    answer->rk.dname = super->qinfo.qname;
921	    answer->rk.dname_len = super->qinfo.qname_len;
922    }
923}
924
925/**
926 * This function is called when a sub-query finishes to inform the parent query.
927 *
928 * We issue two kinds of sub-queries: PTR and A.
929 *
930 * \param qstate State of the sub-query.
931 * \param id     This module's instance ID.
932 * \param super  State of the super-query.
933 */
934void
935dns64_inform_super(struct module_qstate* qstate, int id,
936		struct module_qstate* super)
937{
938	struct dns64_qstate* super_dq = (struct dns64_qstate*)super->minfo[id];
939	log_query_info(VERB_ALGO, "dns64: inform_super, sub is",
940		       &qstate->qinfo);
941	log_query_info(VERB_ALGO, "super is", &super->qinfo);
942
943	/*
944	 * Signal that the sub-query is finished, no matter whether we are
945	 * successful or not. This lets the state machine terminate.
946	 */
947	if(!super_dq) {
948		super_dq = (struct dns64_qstate*)regional_alloc(super->region,
949			sizeof(*super_dq));
950		if(!super_dq) {
951			log_err("out of memory");
952			super->return_rcode = LDNS_RCODE_SERVFAIL;
953			super->return_msg = NULL;
954			return;
955		}
956		super->minfo[id] = super_dq;
957		memset(super_dq, 0, sizeof(*super_dq));
958		super_dq->started_no_cache_store = super->no_cache_store;
959	}
960	super_dq->state = DNS64_SUBQUERY_FINISHED;
961
962	/* If there is no successful answer, we're done. */
963	if (qstate->return_rcode != LDNS_RCODE_NOERROR
964	    || !qstate->return_msg
965	    || !qstate->return_msg->rep) {
966		return;
967	}
968
969	/* Use return code from A query in response to client. */
970	if (super->return_rcode != LDNS_RCODE_NOERROR)
971		super->return_rcode = qstate->return_rcode;
972
973	/* Generate a response suitable for the original query. */
974	if (qstate->qinfo.qtype == LDNS_RR_TYPE_A) {
975		dns64_adjust_a(id, super, qstate);
976	} else {
977		log_assert(qstate->qinfo.qtype == LDNS_RR_TYPE_PTR);
978		dns64_adjust_ptr(qstate, super);
979	}
980
981	/* Store the generated response in cache. */
982	if ( (!super_dq || !super_dq->started_no_cache_store) &&
983		!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep,
984		0, 0, 0, NULL, super->query_flags))
985		log_err("out of memory");
986}
987
988/**
989 * Clear module-specific data from query state. Since we do not allocate memory,
990 * it's just a matter of setting a pointer to NULL.
991 *
992 * \param qstate Query state.
993 * \param id     This module's instance ID.
994 */
995void
996dns64_clear(struct module_qstate* qstate, int id)
997{
998    qstate->minfo[id] = NULL;
999}
1000
1001/**
1002 * Returns the amount of global memory that this module uses, not including
1003 * per-query data.
1004 *
1005 * \param env Module environment.
1006 * \param id  This module's instance ID.
1007 */
1008size_t
1009dns64_get_mem(struct module_env* env, int id)
1010{
1011    struct dns64_env* dns64_env = (struct dns64_env*)env->modinfo[id];
1012    if (!dns64_env)
1013        return 0;
1014    return sizeof(*dns64_env);
1015}
1016
1017/**
1018 * The dns64 function block.
1019 */
1020static struct module_func_block dns64_block = {
1021	"dns64",
1022	&dns64_init, &dns64_deinit, &dns64_operate, &dns64_inform_super,
1023	&dns64_clear, &dns64_get_mem
1024};
1025
1026/**
1027 * Function for returning the above function block.
1028 */
1029struct module_func_block *
1030dns64_get_funcblock(void)
1031{
1032	return &dns64_block;
1033}
1034