Lines Matching +full:pd +full:- +full:node
2 * respip/respip.c - filtering response IP module
31 /** Subset of resp_addr.node, used for inform-variant logging */
38 /** Query state regarding the response-ip module. */
52 /** Per query state for the response-ip module. */
63 set->region = regional_create(); in respip_set_create()
64 if(!set->region) { in respip_set_create()
68 addr_tree_init(&set->ip_tree); in respip_set_create()
69 lock_rw_init(&set->lock); in respip_set_create()
77 struct resp_addr* r = (struct resp_addr*)n->key; in resp_addr_del()
78 lock_rw_destroy(&r->lock); in resp_addr_del()
89 lock_rw_destroy(&set->lock); in respip_set_delete()
90 traverse_postorder(&set->ip_tree, resp_addr_del, NULL); in respip_set_delete()
91 regional_destroy(set->region); in respip_set_delete()
100 return &set->ip_tree; in respip_set_get_tree()
107 struct resp_addr* node; in respip_sockaddr_find_or_create() local
108 node = (struct resp_addr*)addr_tree_find(&set->ip_tree, addr, addrlen, net); in respip_sockaddr_find_or_create()
109 if(!node && create) { in respip_sockaddr_find_or_create()
110 node = regional_alloc_zero(set->region, sizeof(*node)); in respip_sockaddr_find_or_create()
111 if(!node) { in respip_sockaddr_find_or_create()
115 lock_rw_init(&node->lock); in respip_sockaddr_find_or_create()
116 node->action = respip_none; in respip_sockaddr_find_or_create()
117 if(!addr_tree_insert(&set->ip_tree, &node->node, addr, in respip_sockaddr_find_or_create()
124 return node; in respip_sockaddr_find_or_create()
128 respip_sockaddr_delete(struct respip_set* set, struct resp_addr* node) in respip_sockaddr_delete() argument
131 prev = (struct resp_addr*)rbtree_previous((struct rbnode_type*)node); in respip_sockaddr_delete()
132 lock_rw_destroy(&node->lock); in respip_sockaddr_delete()
133 (void)rbtree_delete(&set->ip_tree, node); in respip_sockaddr_delete()
138 addr_tree_init_parents_node(&prev->node); in respip_sockaddr_delete()
141 /** returns the node in the address tree for the specified netblock string;
142 * non-existent node will be created if 'create' is true */
162 struct resp_addr* node; in respip_tag_cfg() local
164 if(!(node=respip_find_or_create(set, ipstr, 1))) in respip_tag_cfg()
166 if(node->taglist) { in respip_tag_cfg()
167 log_warn("duplicate response-address-tag for '%s', overridden.", in respip_tag_cfg()
170 node->taglist = regional_alloc_init(set->region, taglist, taglen); in respip_tag_cfg()
171 if(!node->taglist) { in respip_tag_cfg()
175 node->taglen = taglen; in respip_tag_cfg()
179 /** set action for the node specified by the netblock string */
184 struct resp_addr* node; in respip_action_cfg() local
187 if(!(node=respip_find_or_create(set, ipstr, 1))) in respip_action_cfg()
189 if(node->action != respip_none) { in respip_action_cfg()
190 verbose(VERB_QUERY, "duplicate response-ip action for '%s', overridden.", in respip_action_cfg()
214 log_err("unknown response-ip action %s", actnstr); in respip_action_cfg()
217 node->action = action; in respip_action_cfg()
226 struct packed_rrset_data* pd; in new_rrset() local
233 rrset->entry.key = rrset; in new_rrset()
234 pd = regional_alloc_zero(region, sizeof(*pd)); in new_rrset()
235 if(!pd) { in new_rrset()
239 pd->trust = rrset_trust_prim_noglue; in new_rrset()
240 pd->security = sec_status_insecure; in new_rrset()
241 rrset->entry.data = pd; in new_rrset()
242 rrset->rk.dname = regional_alloc_zero(region, 1); in new_rrset()
243 if(!rrset->rk.dname) { in new_rrset()
247 rrset->rk.dname_len = 1; in new_rrset()
248 rrset->rk.type = htons(rrtype); in new_rrset()
249 rrset->rk.rrset_class = htons(rrclass); in new_rrset()
253 /** enter local data as resource records into a response-ip node */
260 struct packed_rrset_data* pd; in respip_enter_rr() local
262 sa = (struct sockaddr*)&raddr->node.addr; in respip_enter_rr()
263 if (rrtype == LDNS_RR_TYPE_CNAME && raddr->data) { in respip_enter_rr()
264 log_err("CNAME response-ip data (%s) can not co-exist with other " in respip_enter_rr()
265 "response-ip data for netblock %s", rrstr, netblockstr); in respip_enter_rr()
267 } else if (raddr->data && in respip_enter_rr()
268 raddr->data->rk.type == htons(LDNS_RR_TYPE_CNAME)) { in respip_enter_rr()
269 log_err("response-ip data (%s) can not be added; CNAME response-ip " in respip_enter_rr()
273 ((sa->sa_family == AF_INET && rrtype != LDNS_RR_TYPE_A) || in respip_enter_rr()
274 (sa->sa_family == AF_INET6 && rrtype != LDNS_RR_TYPE_AAAA))) { in respip_enter_rr()
275 log_err("response-ip data %s record type does not correspond " in respip_enter_rr()
280 if(!raddr->data) { in respip_enter_rr()
281 raddr->data = new_rrset(region, rrtype, rrclass); in respip_enter_rr()
282 if(!raddr->data) in respip_enter_rr()
285 pd = raddr->data->entry.data; in respip_enter_rr()
286 return rrset_insert_rr(region, pd, rdata, rdata_len, ttl, rrstr); in respip_enter_rr()
302 if(raddr->action != respip_redirect in respip_enter_rrstr()
303 && raddr->action != respip_inform_redirect) { in respip_enter_rrstr()
304 log_err("cannot parse response-ip-data %s: response-ip " in respip_enter_rrstr()
311 log_err("bad response-ip-data: %s...", bufshort); in respip_enter_rrstr()
316 log_err("bad response-ip-data: %s", rrstr); in respip_enter_rrstr()
327 struct resp_addr* node; in respip_data_cfg() local
329 node=respip_find_or_create(set, ipstr, 0); in respip_data_cfg()
330 if(!node || node->action == respip_none) { in respip_data_cfg()
331 log_err("cannot parse response-ip-data %s: " in respip_data_cfg()
332 "response-ip node for %s not found", rrstr, ipstr); in respip_data_cfg()
335 return respip_enter_rrstr(set->region, node, rrstr, ipstr); in respip_data_cfg()
346 struct config_str2list* pd; in respip_set_apply_cfg() local
348 set->tagname = tagname; in respip_set_apply_cfg()
349 set->num_tags = num_tags; in respip_set_apply_cfg()
353 struct config_strbytelist* np = p->next; in respip_set_apply_cfg()
355 log_assert(p->str && p->str2); in respip_set_apply_cfg()
356 if(!respip_tag_cfg(set, p->str, p->str2, p->str2len)) { in respip_set_apply_cfg()
360 free(p->str); in respip_set_apply_cfg()
361 free(p->str2); in respip_set_apply_cfg()
368 struct config_str2list* np = pa->next; in respip_set_apply_cfg()
369 log_assert(pa->str && pa->str2); in respip_set_apply_cfg()
370 if(!respip_action_cfg(set, pa->str, pa->str2)) { in respip_set_apply_cfg()
374 free(pa->str); in respip_set_apply_cfg()
375 free(pa->str2); in respip_set_apply_cfg()
380 pd = respip_data; in respip_set_apply_cfg()
381 while(pd) { in respip_set_apply_cfg()
382 struct config_str2list* np = pd->next; in respip_set_apply_cfg()
383 log_assert(pd->str && pd->str2); in respip_set_apply_cfg()
384 if(!respip_data_cfg(set, pd->str, pd->str2)) { in respip_set_apply_cfg()
385 config_deldblstrlist(pd); in respip_set_apply_cfg()
388 free(pd->str); in respip_set_apply_cfg()
389 free(pd->str2); in respip_set_apply_cfg()
390 free(pd); in respip_set_apply_cfg()
391 pd = np; in respip_set_apply_cfg()
393 addr_tree_init_parents(&set->ip_tree); in respip_set_apply_cfg()
401 int ret = respip_set_apply_cfg(set, cfg->tagname, cfg->num_tags, in respip_global_apply_cfg()
402 cfg->respip_tags, cfg->respip_actions, cfg->respip_data); in respip_global_apply_cfg()
403 cfg->respip_data = NULL; in respip_global_apply_cfg()
404 cfg->respip_actions = NULL; in respip_global_apply_cfg()
405 cfg->respip_tags = NULL; in respip_global_apply_cfg()
409 /** Iterate through raw view data and apply the view-specific respip
425 for(cv = cfg->views; cv; cv = cv->next) { in respip_views_apply_cfg()
432 if(!cv->respip_actions && !cv->respip_data) in respip_views_apply_cfg()
435 if(!(v = views_find_view(vs, cv->name, 1))) { in respip_views_apply_cfg()
436 log_err("view '%s' unexpectedly missing", cv->name); in respip_views_apply_cfg()
439 if(!v->respip_set) { in respip_views_apply_cfg()
440 v->respip_set = respip_set_create(); in respip_views_apply_cfg()
441 if(!v->respip_set) { in respip_views_apply_cfg()
443 lock_rw_unlock(&v->lock); in respip_views_apply_cfg()
447 ret = respip_set_apply_cfg(v->respip_set, NULL, 0, NULL, in respip_views_apply_cfg()
448 cv->respip_actions, cv->respip_data); in respip_views_apply_cfg()
449 lock_rw_unlock(&v->lock); in respip_views_apply_cfg()
452 "for view '%s'", cv->name); in respip_views_apply_cfg()
456 v->respip_set->ip_tree.count); in respip_views_apply_cfg()
457 cv->respip_actions = NULL; in respip_views_apply_cfg()
458 cv->respip_data = NULL; in respip_views_apply_cfg()
468 * - It doesn't assume all data in 'key' are in a contiguous memory region.
470 * a lower-level module and it might not build the rrset to meet the
471 * assumption. In fact, an rrset specified as response-ip-data or generated
477 * - It doesn't copy RRSIGs (if any) in 'key'. The rrset will be used in
480 * - It doesn't adjust TTLs as it basically has to be a verbatim copy of 'key'
493 struct packed_rrset_data* data = key->entry.data; in respip_copy_rrset()
501 ck->id = key->id; in respip_copy_rrset()
502 memset(&ck->entry, 0, sizeof(ck->entry)); in respip_copy_rrset()
503 ck->entry.hash = key->entry.hash; in respip_copy_rrset()
504 ck->entry.key = ck; in respip_copy_rrset()
505 ck->rk = key->rk; in respip_copy_rrset()
506 if(key->rk.dname) { in respip_copy_rrset()
507 ck->rk.dname = regional_alloc_init(region, key->rk.dname, in respip_copy_rrset()
508 key->rk.dname_len); in respip_copy_rrset()
509 if(!ck->rk.dname) in respip_copy_rrset()
511 ck->rk.dname_len = key->rk.dname_len; in respip_copy_rrset()
513 ck->rk.dname = NULL; in respip_copy_rrset()
514 ck->rk.dname_len = 0; in respip_copy_rrset()
517 if((unsigned)data->count >= 0xffff00U) in respip_copy_rrset()
519 dsize = sizeof(struct packed_rrset_data) + data->count * in respip_copy_rrset()
521 for(i=0; i<data->count; i++) { in respip_copy_rrset()
523 (unsigned)data->rr_len[i] >= 0x0fffffffU) in respip_copy_rrset()
525 dsize += data->rr_len[i]; in respip_copy_rrset()
531 d->rrsig_count = 0; in respip_copy_rrset()
532 ck->entry.data = d; in respip_copy_rrset()
535 d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data)); in respip_copy_rrset()
536 d->rr_data = (uint8_t**)&(d->rr_len[d->count]); in respip_copy_rrset()
537 d->rr_ttl = (time_t*)&(d->rr_data[d->count]); in respip_copy_rrset()
538 nextrdata = (uint8_t*)&(d->rr_ttl[d->count]); in respip_copy_rrset()
539 for(i=0; i<d->count; i++) { in respip_copy_rrset()
540 d->rr_len[i] = data->rr_len[i]; in respip_copy_rrset()
541 d->rr_ttl[i] = data->rr_ttl[i]; in respip_copy_rrset()
542 d->rr_data[i] = nextrdata; in respip_copy_rrset()
543 memcpy(d->rr_data[i], data->rr_data[i], data->rr_len[i]); in respip_copy_rrset()
544 nextrdata += d->rr_len[i]; in respip_copy_rrset()
570 /* unbound can accept and cache odd-length AAAA/A records, so we have in rdata2sockaddr()
572 if(rtype == LDNS_RR_TYPE_A && rd->rr_len[i] == 6) { in rdata2sockaddr()
576 sa4->sin_family = AF_INET; in rdata2sockaddr()
577 memcpy(&sa4->sin_addr, rd->rr_data[i] + 2, in rdata2sockaddr()
578 sizeof(sa4->sin_addr)); in rdata2sockaddr()
581 } else if(rtype == LDNS_RR_TYPE_AAAA && rd->rr_len[i] == 18) { in rdata2sockaddr()
585 sa6->sin6_family = AF_INET6; in rdata2sockaddr()
586 memcpy(&sa6->sin6_addr, rd->rr_data[i] + 2, in rdata2sockaddr()
587 sizeof(sa6->sin6_addr)); in rdata2sockaddr()
599 * rep->rrsets for the RRset that contains the matching IP address record
601 * chain or type-ANY response).
613 lock_rw_rdlock(&rs->lock); in respip_addr_lookup()
614 for(i=0; i<rep->an_numrrsets; i++) { in respip_addr_lookup()
617 uint16_t rtype = ntohs(rep->rrsets[i]->rk.type); in respip_addr_lookup()
621 rd = rep->rrsets[i]->entry.data; in respip_addr_lookup()
622 for(j = 0; j < rd->count; j++) { in respip_addr_lookup()
625 ra = (struct resp_addr*)addr_tree_lookup(&rs->ip_tree, in respip_addr_lookup()
630 lock_rw_rdlock(&ra->lock); in respip_addr_lookup()
631 lock_rw_unlock(&rs->lock); in respip_addr_lookup()
636 lock_rw_unlock(&rs->lock); in respip_addr_lookup()
641 * See if response-ip or tag data should override the original answer rrset
642 * (which is rep->rrsets[rrset_id]) and if so override it.
644 * response-ip actions.
661 * @return 1 if overridden, 0 if not overridden, -1 on error.
676 if(action == respip_redirect && tag != -1 && in respip_data_answer()
686 dataqinfo.qname = rep->rrsets[rrset_id]->rk.dname; in respip_data_answer()
687 dataqinfo.qname_len = rep->rrsets[rrset_id]->rk.dname_len; in respip_data_answer()
688 dataqinfo.qtype = ntohs(rep->rrsets[rrset_id]->rk.type); in respip_data_answer()
689 dataqinfo.qclass = ntohs(rep->rrsets[rrset_id]->rk.rrset_class); in respip_data_answer()
695 "response-ip redirect with tag data [%d] %s", in respip_data_answer()
700 return -1; in respip_data_answer()
706 /* If we are using response-ip-data, we need to make a copy of rrset in respip_data_answer()
709 * response-ip-data isn't associated to any specific name. */ in respip_data_answer()
713 return -1; in respip_data_answer()
714 rp->rk.dname = rep->rrsets[rrset_id]->rk.dname; in respip_data_answer()
715 rp->rk.dname_len = rep->rrsets[rrset_id]->rk.dname_len; in respip_data_answer()
727 return -1; in respip_data_answer()
728 rp->rk.flags |= PACKED_RRSET_FIXEDTTL; /* avoid adjusting TTL */ in respip_data_answer()
729 new_rep->rrsets[rrset_id] = rp; in respip_data_answer()
740 * - 'deny' variants will be handled at the caller side
741 * - no specific processing for 'transparent' variants: unlike local zones,
763 FLAGS_SET_RCODE(new_rep->flags, LDNS_RCODE_REFUSED); in respip_nodata_answer()
776 * CNAMEs (in that case rrset_id > 0). Type-ANY case is in respip_nodata_answer()
783 FLAGS_SET_RCODE(new_rep->flags, rcode); in respip_nodata_answer()
791 /** Populate action info structure with the results of response-ip action
792 * processing, iff as the result of response-ip processing we are actually
806 actinfo->action = action; in populate_action_info()
807 actinfo->rpz_used = rpz_used; in populate_action_info()
808 actinfo->rpz_log = rpz_log; in populate_action_info()
809 actinfo->log_name = log_name; in populate_action_info()
810 actinfo->rpz_cname_override = rpz_cname_override; in populate_action_info()
823 a->addr = raddr->node.addr; in populate_action_info()
824 a->addrlen = raddr->node.addrlen; in populate_action_info()
825 a->net = raddr->node.net; in populate_action_info()
826 actinfo->addrinfo = a; in populate_action_info()
841 if(r->action_override == RPZ_DISABLED_ACTION) { in respip_use_rpz()
845 else if(r->action_override == RPZ_NO_OVERRIDE_ACTION) in respip_use_rpz()
846 *action = raddr->action; in respip_use_rpz()
848 *action = rpz_action_to_respip_action(r->action_override); in respip_use_rpz()
849 if(r->action_override == RPZ_CNAME_OVERRIDE_ACTION && in respip_use_rpz()
850 r->cname_override) { in respip_use_rpz()
851 *data = r->cname_override; in respip_use_rpz()
857 *rpz_log = r->log; in respip_use_rpz()
858 if(r->log_name) in respip_use_rpz()
859 if(!(*log_name = regional_strdup(region, r->log_name))) in respip_use_rpz()
882 int tag = -1; in respip_rewrite_reply()
896 ctaglist = cinfo->taglist; in respip_rewrite_reply()
897 ctaglen = cinfo->taglen; in respip_rewrite_reply()
898 tag_actions = cinfo->tag_actions; in respip_rewrite_reply()
899 tag_actions_size = cinfo->tag_actions_size; in respip_rewrite_reply()
900 tag_datas = cinfo->tag_datas; in respip_rewrite_reply()
901 tag_datas_size = cinfo->tag_datas_size; in respip_rewrite_reply()
902 view = cinfo->view; in respip_rewrite_reply()
903 ipset = cinfo->respip_set; in respip_rewrite_reply()
907 /** Try to use response-ip config from the view first; use in respip_rewrite_reply()
908 * global response-ip config if we don't have the view or we don't in respip_rewrite_reply()
909 * have the matching per-view config (and the view allows the use in respip_rewrite_reply()
918 lock_rw_rdlock(&view->lock); in respip_rewrite_reply()
919 if(view->respip_set) { in respip_rewrite_reply()
921 view->respip_set, &rrset_id, &rr_id))) { in respip_rewrite_reply()
922 /** for per-view respip directives the action in respip_rewrite_reply()
923 * can only be direct (i.e. not tag-based) */ in respip_rewrite_reply()
924 action = raddr->action; in respip_rewrite_reply()
927 if(!raddr && !view->isfirst) in respip_rewrite_reply()
929 if(!raddr && view->isfirst) { in respip_rewrite_reply()
930 lock_rw_unlock(&view->lock); in respip_rewrite_reply()
937 raddr->taglist, raddr->taglen, ctaglist, ctaglen, in respip_rewrite_reply()
939 (enum localzone_type)raddr->action, &tag, in respip_rewrite_reply()
940 ipset->tagname, ipset->num_tags); in respip_rewrite_reply()
942 lock_rw_rdlock(&az->rpz_lock); in respip_rewrite_reply()
943 for(a = az->rpz_first; a && !raddr && !(rpz_passthru && *rpz_passthru); a = a->rpz_az_next) { in respip_rewrite_reply()
944 lock_rw_rdlock(&a->lock); in respip_rewrite_reply()
945 r = a->rpz; in respip_rewrite_reply()
946 if(!r->taglist || taglist_intersect(r->taglist, in respip_rewrite_reply()
947 r->taglistlen, ctaglist, ctaglen)) { in respip_rewrite_reply()
949 r->respip_set, &rrset_id, &rr_id))) { in respip_rewrite_reply()
954 lock_rw_unlock(&raddr->lock); in respip_rewrite_reply()
955 lock_rw_unlock(&a->lock); in respip_rewrite_reply()
956 lock_rw_unlock(&az->rpz_lock); in respip_rewrite_reply()
965 …if(!rdata2sockaddr(rep->rrsets[rrset_id]->entry.data, ntohs(rep->rrsets[rrset_id]->rk.type), rr_id… in respip_rewrite_reply()
969 dname_str(qinfo->qname, qn); in respip_rewrite_reply()
970 addr_to_str(&raddr->node.addr, in respip_rewrite_reply()
971 raddr->node.addrlen, in respip_rewrite_reply()
973 …verbose(VERB_ALGO, "respip: rpz: response-ip trigger %s/%d on %s %s with action %s", nm, raddr->no… in respip_rewrite_reply()
979 lock_rw_unlock(&raddr->lock); in respip_rewrite_reply()
981 actinfo->rpz_disabled++; in respip_rewrite_reply()
984 lock_rw_unlock(&a->lock); in respip_rewrite_reply()
986 lock_rw_unlock(&az->rpz_lock); in respip_rewrite_reply()
990 /* first, see if we have response-ip or tag action for the in respip_rewrite_reply()
998 (data) ? data : raddr->data, qinfo->qtype, rep, in respip_rewrite_reply()
1000 ipset->tagname, ipset->num_tags, &redirect_rrset, in respip_rewrite_reply()
1008 if(!result && !respip_nodata_answer(qinfo->qtype, action, rep, in respip_rewrite_reply()
1016 lock_rw_unlock(&view->lock); in respip_rewrite_reply()
1023 * can be of other type when a data-dependent tag action in respip_rewrite_reply()
1024 * uses redirect response-ip data. in respip_rewrite_reply()
1027 redirect_rrset->rk.type == ntohs(LDNS_RR_TYPE_CNAME) && in respip_rewrite_reply()
1028 qinfo->qtype != LDNS_RR_TYPE_ANY) in respip_rewrite_reply()
1036 lock_rw_unlock(&raddr->lock); in respip_rewrite_reply()
1039 lock_rw_unlock(&a->lock); in respip_rewrite_reply()
1055 subqi.qtype = qstate->qinfo.qtype; in generate_cname_request()
1056 subqi.qclass = qstate->qinfo.qclass; in generate_cname_request()
1057 fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); in generate_cname_request()
1058 return (*qstate->env->attach_sub)(qstate, &subqi, BIT_RD, 0, 0, &subq); in generate_cname_request()
1065 struct respip_qstate* rq = (struct respip_qstate*)qstate->minfo[id]; in respip_operate()
1067 log_query_info(VERB_QUERY, "respip operate: query", &qstate->qinfo); in respip_operate()
1072 rq = regional_alloc_zero(qstate->region, sizeof(*rq)); in respip_operate()
1075 rq->state = RESPIP_INIT; in respip_operate()
1076 qstate->minfo[id] = rq; in respip_operate()
1078 if(rq->state == RESPIP_SUBQUERY_FINISHED) { in respip_operate()
1079 qstate->ext_state[id] = module_finished; in respip_operate()
1083 qstate->ext_state[id] = module_wait_module; in respip_operate()
1085 /* If the reply may be subject to response-ip rewriting in respip_operate()
1091 if((qstate->qinfo.qtype == LDNS_RR_TYPE_A || in respip_operate()
1092 qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA || in respip_operate()
1093 qstate->qinfo.qtype == LDNS_RR_TYPE_ANY) && in respip_operate()
1094 qstate->return_msg && qstate->return_msg->rep) { in respip_operate()
1095 struct reply_info* new_rep = qstate->return_msg->rep; in respip_operate()
1100 if(!respip_rewrite_reply(&qstate->qinfo, in respip_operate()
1101 qstate->client_info, qstate->return_msg->rep, in respip_operate()
1103 qstate->region, qstate->env->auth_zones, in respip_operate()
1104 &qstate->rpz_passthru)) { in respip_operate()
1109 * per-front-end-query basis */ in respip_operate()
1110 if(!(qstate->respip_action_info = in respip_operate()
1111 regional_alloc_init(qstate->region, in respip_operate()
1118 qstate->respip_action_info = NULL; in respip_operate()
1121 (new_rep == qstate->return_msg->rep && in respip_operate()
1124 /* for deny-variant actions (unless response-ip in respip_operate()
1128 qstate->is_drop = 1; in respip_operate()
1134 qstate->return_msg->rep = new_rep; in respip_operate()
1136 qstate->ext_state[id] = next_state; in respip_operate()
1138 qstate->ext_state[id] = module_finished; in respip_operate()
1143 qstate->return_rcode = LDNS_RCODE_SERVFAIL; in respip_operate()
1144 qstate->return_msg = NULL; in respip_operate()
1167 * DNSSEC-validated DNAME has been cached but synthesizing CNAME in respip_merge_cname()
1169 tgt_rcode = FLAGS_GET_RCODE(tgt_rep->flags); in respip_merge_cname()
1173 (must_validate && tgt_rep->security <= sec_status_bogus)) { in respip_merge_cname()
1177 /* see if the target reply would be subject to a response-ip action. */ in respip_merge_cname()
1182 log_info("CNAME target of redirect response-ip action would " in respip_merge_cname()
1183 "be subject to response-ip action, too; stripped"); in respip_merge_cname()
1189 * tgt_rep->rrsets is valid throughout the lifetime of new_rep in respip_merge_cname()
1193 base_rep->an_numrrsets + tgt_rep->an_numrrsets, in respip_merge_cname()
1194 base_rep->an_numrrsets); in respip_merge_cname()
1197 for(i=0,j=base_rep->an_numrrsets; i<tgt_rep->an_numrrsets; i++,j++) { in respip_merge_cname()
1198 new_rep->rrsets[j] = respip_copy_rrset(tgt_rep->rrsets[i], region); in respip_merge_cname()
1199 if(!new_rep->rrsets[j]) in respip_merge_cname()
1203 FLAGS_SET_RCODE(new_rep->flags, tgt_rcode); in respip_merge_cname()
1212 struct respip_qstate* rq = (struct respip_qstate*)super->minfo[id]; in respip_inform_super()
1215 rq->state = RESPIP_SUBQUERY_FINISHED; in respip_inform_super()
1219 log_assert(super->return_msg && super->return_msg->rep); in respip_inform_super()
1225 if(!qstate->return_msg || !qstate->return_msg->rep || in respip_inform_super()
1226 qstate->return_rcode != LDNS_RCODE_NOERROR) in respip_inform_super()
1229 if(!respip_merge_cname(super->return_msg->rep, &qstate->qinfo, in respip_inform_super()
1230 qstate->return_msg->rep, super->client_info, in respip_inform_super()
1231 super->env->need_to_validate, &new_rep, super->region, in respip_inform_super()
1232 qstate->env->auth_zones)) in respip_inform_super()
1234 super->return_msg->rep = new_rep; in respip_inform_super()
1238 super->return_rcode = LDNS_RCODE_SERVFAIL; in respip_inform_super()
1239 super->return_msg = NULL; in respip_inform_super()
1246 qstate->minfo[id] = NULL; in respip_clear()
1258 * The response-ip function block
1275 return addr ? addr->action : respip_none; in resp_addr_get_action()
1281 return addr ? addr->data : NULL; in resp_addr_get_rrset()
1287 return set ? set->ip_tree.count == 0 : 1; in respip_set_is_empty()
1297 struct respip_addr_info* respip_addr = respip_actinfo->addrinfo; in respip_inform_print()
1302 qname = local_alias->rrset->rk.dname; in respip_inform_print()
1303 port = (unsigned)((addr->ss_family == AF_INET) ? in respip_inform_print()
1304 ntohs(((struct sockaddr_in*)addr)->sin_port) : in respip_inform_print()
1305 ntohs(((struct sockaddr_in6*)addr)->sin6_port)); in respip_inform_print()
1307 addr_to_str(&respip_addr->addr, respip_addr->addrlen, in respip_inform_print()
1309 if(respip_actinfo->rpz_log) { in respip_inform_print()
1310 txtlen += snprintf(txt+txtlen, sizeof(txt)-txtlen, "%s", in respip_inform_print()
1312 if(respip_actinfo->rpz_cname_override) in respip_inform_print()
1318 respip_actinfo->action)); in respip_inform_print()
1320 if(respip_actinfo->log_name) { in respip_inform_print()
1321 txtlen += snprintf(txt+txtlen, sizeof(txt)-txtlen, in respip_inform_print()
1322 "[%s] ", respip_actinfo->log_name); in respip_inform_print()
1324 snprintf(txt+txtlen, sizeof(txt)-txtlen, in respip_inform_print()
1325 "%s/%d %s %s@%u", respip, respip_addr->net, in respip_inform_print()