1 /*
2 * dns64/dns64.c - DNS64 module
3 *
4 * Copyright (c) 2009, Viagénie. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of Viagénie nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 /**
37 * \file
38 *
39 * This file contains a module that performs DNS64 query processing.
40 */
41
42 #include "config.h"
43 #include "dns64/dns64.h"
44 #include "services/cache/dns.h"
45 #include "services/cache/rrset.h"
46 #include "util/config_file.h"
47 #include "util/data/msgreply.h"
48 #include "util/fptr_wlist.h"
49 #include "util/net_help.h"
50 #include "util/regional.h"
51 #include "util/storage/dnstree.h"
52 #include "util/data/dname.h"
53 #include "sldns/str2wire.h"
54
55 /******************************************************************************
56 * *
57 * STATIC CONSTANTS *
58 * *
59 ******************************************************************************/
60
61 /**
62 * This is the default DNS64 prefix that is used when the dns64 module is listed
63 * in module-config but when the dns64-prefix variable is not present.
64 */
65 static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96";
66
67 /**
68 * Maximum length of a domain name in a PTR query in the .in-addr.arpa tree.
69 */
70 #define MAX_PTR_QNAME_IPV4 30
71
72 /**
73 * State of DNS64 processing for a query.
74 */
75 enum dns64_state {
76 DNS64_INTERNAL_QUERY, /**< Internally-generated query, no DNS64
77 processing. */
78 DNS64_NEW_QUERY, /**< Query for which we're the first module in
79 line. */
80 DNS64_SUBQUERY_FINISHED /**< Query for which we generated a sub-query, and
81 for which this sub-query is finished. */
82 };
83
84 /**
85 * Per-query module-specific state. For the DNS64 module.
86 */
87 struct dns64_qstate {
88 /** State of the DNS64 module. */
89 enum dns64_state state;
90 /** If the dns64 module started with no_cache bool set in the qstate,
91 * a message to tell it to not modify the cache contents, then this
92 * is true. The dns64 module is then free to modify that flag for
93 * its own purposes.
94 * Otherwise, it is false, the dns64 module was not told to no_cache */
95 int started_no_cache_store;
96 };
97
98 /******************************************************************************
99 * *
100 * STRUCTURES *
101 * *
102 ******************************************************************************/
103
104 /**
105 * This structure contains module configuration information. One instance of
106 * this structure exists per instance of the module. Normally there is only one
107 * instance of the module.
108 */
109 struct dns64_env {
110 /**
111 * DNS64 prefix address. We're using a full sockaddr instead of just an
112 * in6_addr because we can reuse Unbound's generic string parsing functions.
113 * It will always contain a sockaddr_in6, and only the sin6_addr member will
114 * ever be used.
115 */
116 struct sockaddr_storage prefix_addr;
117
118 /**
119 * This is always sizeof(sockaddr_in6).
120 */
121 socklen_t prefix_addrlen;
122
123 /**
124 * This is the CIDR length of the prefix. It needs to be between 0 and 96.
125 */
126 int prefix_net;
127
128 /**
129 * Tree of names for which AAAA is ignored. always synthesize from A.
130 */
131 rbtree_type ignore_aaaa;
132 };
133
134
135 /******************************************************************************
136 * *
137 * UTILITY FUNCTIONS *
138 * *
139 ******************************************************************************/
140
141 /**
142 * Generic macro for swapping two variables.
143 *
144 * \param t Type of the variables. (e.g. int)
145 * \param a First variable.
146 * \param b Second variable.
147 *
148 * \warning Do not attempt something foolish such as swap(int,a++,b++)!
149 */
150 #define swap(t,a,b) do {t x = a; a = b; b = x;} while(0)
151
152 /**
153 * Reverses a string.
154 *
155 * \param begin Points to the first character of the string.
156 * \param end Points one past the last character of the string.
157 */
158 static void
reverse(char * begin,char * end)159 reverse(char* begin, char* end)
160 {
161 while ( begin < --end ) {
162 swap(char, *begin, *end);
163 ++begin;
164 }
165 }
166
167 /**
168 * Convert an unsigned integer to a string. The point of this function is that
169 * of being faster than sprintf().
170 *
171 * \param n The number to be converted.
172 * \param s The result will be written here. Must be large enough, be careful!
173 *
174 * \return The number of characters written.
175 */
176 static int
uitoa(unsigned n,char * s)177 uitoa(unsigned n, char* s)
178 {
179 char* ss = s;
180 do {
181 *ss++ = '0' + n % 10;
182 } while (n /= 10);
183 reverse(s, ss);
184 return ss - s;
185 }
186
187 /**
188 * Extract an IPv4 address embedded in the IPv6 address \a ipv6 at offset \a
189 * offset (in bits). Note that bits are not necessarily aligned on bytes so we
190 * need to be careful.
191 *
192 * \param ipv6 IPv6 address represented as a 128-bit array in big-endian
193 * order.
194 * \param ipv6_len length of the ipv6 byte array.
195 * \param offset Index of the MSB of the IPv4 address embedded in the IPv6
196 * address.
197 */
198 static uint32_t
extract_ipv4(const uint8_t ipv6[],size_t ipv6_len,const int offset)199 extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset)
200 {
201 uint32_t ipv4 = 0;
202 int i, pos;
203 log_assert(ipv6_len == 16); (void)ipv6_len;
204 log_assert(offset == 32 || offset == 40 || offset == 48 || offset == 56 ||
205 offset == 64 || offset == 96);
206 for(i = 0, pos = offset / 8; i < 4; i++, pos++) {
207 if (pos == 8)
208 pos++;
209 ipv4 = ipv4 << 8;
210 ipv4 |= ipv6[pos];
211 }
212 return ipv4;
213 }
214
215 /**
216 * Builds the PTR query name corresponding to an IPv4 address. For example,
217 * given the number 3,464,175,361, this will build the string
218 * "\03206\03123\0231\011\07in-addr\04arpa".
219 *
220 * \param ipv4 IPv4 address represented as an unsigned 32-bit number.
221 * \param ptr The result will be written here. Must be large enough, be
222 * careful!
223 * \param nm_len length of the ptr buffer.
224 *
225 * \return The number of characters written.
226 */
227 static size_t
ipv4_to_ptr(uint32_t ipv4,char ptr[],size_t nm_len)228 ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len)
229 {
230 static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa";
231 int i;
232 char* c = ptr;
233 log_assert(nm_len == MAX_PTR_QNAME_IPV4); (void)nm_len;
234
235 for (i = 0; i < 4; ++i) {
236 *c = uitoa((unsigned int)(ipv4 % 256), c + 1);
237 c += *c + 1;
238 log_assert(c < ptr+nm_len);
239 ipv4 /= 256;
240 }
241
242 log_assert(c + sizeof(IPV4_PTR_SUFFIX) <= ptr+nm_len);
243 memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX));
244
245 return c + sizeof(IPV4_PTR_SUFFIX) - ptr;
246 }
247
248 /**
249 * Converts an IPv6-related domain name string from a PTR query into an IPv6
250 * address represented as a 128-bit array.
251 *
252 * \param ptr The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa")
253 * \param ipv6 The result will be written here, in network byte order.
254 * \param ipv6_len length of the ipv6 byte array.
255 *
256 * \return 1 on success, 0 on failure.
257 */
258 static int
ptr_to_ipv6(const char * ptr,uint8_t ipv6[],size_t ipv6_len)259 ptr_to_ipv6(const char* ptr, uint8_t ipv6[], size_t ipv6_len)
260 {
261 int i;
262 log_assert(ipv6_len == 16); (void)ipv6_len;
263
264 for (i = 0; i < 64; i++) {
265 int x;
266
267 if (ptr[i++] != 1)
268 return 0;
269
270 if (ptr[i] >= '0' && ptr[i] <= '9') {
271 x = ptr[i] - '0';
272 } else if (ptr[i] >= 'a' && ptr[i] <= 'f') {
273 x = ptr[i] - 'a' + 10;
274 } else if (ptr[i] >= 'A' && ptr[i] <= 'F') {
275 x = ptr[i] - 'A' + 10;
276 } else {
277 return 0;
278 }
279
280 ipv6[15-i/4] |= x << (2 * ((i-1) % 4));
281 }
282
283 return 1;
284 }
285
286 /**
287 * Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix.
288 *
289 * \param prefix_addr DNS64 prefix address.
290 * \param prefix_addr_len length of the prefix_addr buffer.
291 * \param prefix_net CIDR length of the DNS64 prefix. Must be between 0 and 96.
292 * \param a IPv4 address.
293 * \param a_len length of the a buffer.
294 * \param aaaa IPv6 address. The result will be written here.
295 * \param aaaa_len length of the aaaa buffer.
296 */
297 static void
synthesize_aaaa(const uint8_t prefix_addr[],size_t prefix_addr_len,int prefix_net,const uint8_t a[],size_t a_len,uint8_t aaaa[],size_t aaaa_len)298 synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len,
299 int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[],
300 size_t aaaa_len)
301 {
302 size_t i;
303 int pos;
304 log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16);
305 log_assert(prefix_net == 32 || prefix_net == 40 || prefix_net == 48 ||
306 prefix_net == 56 || prefix_net == 64 || prefix_net == 96);
307 (void)prefix_addr_len; (void)a_len; (void)aaaa_len;
308 memcpy(aaaa, prefix_addr, 16);
309 for(i = 0, pos = prefix_net / 8; i < a_len; i++, pos++) {
310 if(pos == 8)
311 aaaa[pos++] = 0;
312 aaaa[pos] = a[i];
313 }
314 }
315
316
317 /******************************************************************************
318 * *
319 * DNS64 MODULE FUNCTIONS *
320 * *
321 ******************************************************************************/
322
323 /**
324 * insert ignore_aaaa element into the tree
325 * @param dns64_env: module env.
326 * @param str: string with domain name.
327 * @return false on failure.
328 */
329 static int
dns64_insert_ignore_aaaa(struct dns64_env * dns64_env,char * str)330 dns64_insert_ignore_aaaa(struct dns64_env* dns64_env, char* str)
331 {
332 /* parse and insert element */
333 struct name_tree_node* node;
334 node = (struct name_tree_node*)calloc(1, sizeof(*node));
335 if(!node) {
336 log_err("out of memory");
337 return 0;
338 }
339 node->name = sldns_str2wire_dname(str, &node->len);
340 if(!node->name) {
341 free(node);
342 log_err("cannot parse dns64-ignore-aaaa: %s", str);
343 return 0;
344 }
345 node->labs = dname_count_labels(node->name);
346 node->dclass = LDNS_RR_CLASS_IN;
347 if(!name_tree_insert(&dns64_env->ignore_aaaa, node,
348 node->name, node->len, node->labs, node->dclass)) {
349 /* ignore duplicate element */
350 free(node->name);
351 free(node);
352 return 1;
353 }
354 return 1;
355 }
356
357 /**
358 * This function applies the configuration found in the parsed configuration
359 * file \a cfg to this instance of the dns64 module. Currently only the DNS64
360 * prefix (a.k.a. Pref64) is configurable.
361 *
362 * \param dns64_env Module-specific global parameters.
363 * \param cfg Parsed configuration file.
364 */
365 static int
dns64_apply_cfg(struct dns64_env * dns64_env,struct config_file * cfg)366 dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg)
367 {
368 struct config_strlist* s;
369 verbose(VERB_ALGO, "dns64-prefix: %s", cfg->dns64_prefix);
370 if (!netblockstrtoaddr(cfg->dns64_prefix ? cfg->dns64_prefix :
371 DEFAULT_DNS64_PREFIX, 0, &dns64_env->prefix_addr,
372 &dns64_env->prefix_addrlen, &dns64_env->prefix_net)) {
373 log_err("cannot parse dns64-prefix netblock: %s", cfg->dns64_prefix);
374 return 0;
375 }
376 if (!addr_is_ip6(&dns64_env->prefix_addr, dns64_env->prefix_addrlen)) {
377 log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix);
378 return 0;
379 }
380 if (dns64_env->prefix_net != 32 && dns64_env->prefix_net != 40 &&
381 dns64_env->prefix_net != 48 && dns64_env->prefix_net != 56 &&
382 dns64_env->prefix_net != 64 && dns64_env->prefix_net != 96 ) {
383 log_err("dns64-prefix length it not 32, 40, 48, 56, 64 or 96: %s",
384 cfg->dns64_prefix);
385 return 0;
386 }
387 for(s = cfg->dns64_ignore_aaaa; s; s = s->next) {
388 if(!dns64_insert_ignore_aaaa(dns64_env, s->str))
389 return 0;
390 }
391 name_tree_init_parents(&dns64_env->ignore_aaaa);
392 return 1;
393 }
394
395 /**
396 * Initializes this instance of the dns64 module.
397 *
398 * \param env Global state of all module instances.
399 * \param id This instance's ID number.
400 */
401 int
dns64_init(struct module_env * env,int id)402 dns64_init(struct module_env* env, int id)
403 {
404 struct dns64_env* dns64_env =
405 (struct dns64_env*)calloc(1, sizeof(struct dns64_env));
406 if (!dns64_env) {
407 log_err("malloc failure");
408 return 0;
409 }
410 env->modinfo[id] = (void*)dns64_env;
411 name_tree_init(&dns64_env->ignore_aaaa);
412 if (!dns64_apply_cfg(dns64_env, env->cfg)) {
413 log_err("dns64: could not apply configuration settings.");
414 return 0;
415 }
416 return 1;
417 }
418
419 /** free ignore AAAA elements */
420 static void
free_ignore_aaaa_node(rbnode_type * node,void * ATTR_UNUSED (arg))421 free_ignore_aaaa_node(rbnode_type* node, void* ATTR_UNUSED(arg))
422 {
423 struct name_tree_node* n = (struct name_tree_node*)node;
424 if(!n) return;
425 free(n->name);
426 free(n);
427 }
428
429 /**
430 * Deinitializes this instance of the dns64 module.
431 *
432 * \param env Global state of all module instances.
433 * \param id This instance's ID number.
434 */
435 void
dns64_deinit(struct module_env * env,int id)436 dns64_deinit(struct module_env* env, int id)
437 {
438 struct dns64_env* dns64_env;
439 if (!env)
440 return;
441 dns64_env = (struct dns64_env*)env->modinfo[id];
442 if(dns64_env) {
443 traverse_postorder(&dns64_env->ignore_aaaa, free_ignore_aaaa_node,
444 NULL);
445 }
446 free(env->modinfo[id]);
447 env->modinfo[id] = NULL;
448 }
449
450 /**
451 * Handle PTR queries for IPv6 addresses. If the address belongs to the DNS64
452 * prefix, we must do a PTR query for the corresponding IPv4 address instead.
453 *
454 * \param qstate Query state structure.
455 * \param id This module instance's ID number.
456 *
457 * \return The new state of the query.
458 */
459 static enum module_ext_state
handle_ipv6_ptr(struct module_qstate * qstate,int id)460 handle_ipv6_ptr(struct module_qstate* qstate, int id)
461 {
462 struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id];
463 struct module_qstate* subq = NULL;
464 struct query_info qinfo;
465 struct sockaddr_in6 sin6;
466
467 /* Convert the PTR query string to an IPv6 address. */
468 memset(&sin6, 0, sizeof(sin6));
469 sin6.sin6_family = AF_INET6;
470 if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr,
471 sizeof(sin6.sin6_addr.s6_addr)))
472 return module_wait_module; /* Let other module handle this. */
473
474 /*
475 * If this IPv6 address is not part of our DNS64 prefix, then we don't need
476 * to do anything. Let another module handle the query.
477 */
478 if (addr_in_common((struct sockaddr_storage*)&sin6, 128,
479 &dns64_env->prefix_addr, dns64_env->prefix_net,
480 (socklen_t)sizeof(sin6)) != dns64_env->prefix_net)
481 return module_wait_module;
482
483 verbose(VERB_ALGO, "dns64: rewrite PTR record");
484
485 /*
486 * Create a new PTR query info for the domain name corresponding to the IPv4
487 * address corresponding to the IPv6 address corresponding to the original
488 * PTR query domain name.
489 */
490 qinfo = qstate->qinfo;
491 if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4)))
492 return module_error;
493 qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr,
494 sizeof(sin6.sin6_addr.s6_addr), dns64_env->prefix_net),
495 (char*)qinfo.qname, MAX_PTR_QNAME_IPV4);
496
497 /* Create the new sub-query. */
498 fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
499 if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, 0,
500 &subq))
501 return module_error;
502 if (subq) {
503 subq->curmod = id;
504 subq->ext_state[id] = module_state_initial;
505 subq->minfo[id] = NULL;
506 }
507
508 return module_wait_subquery;
509 }
510
511 static enum module_ext_state
generate_type_A_query(struct module_qstate * qstate,int id)512 generate_type_A_query(struct module_qstate* qstate, int id)
513 {
514 struct module_qstate* subq = NULL;
515 struct query_info qinfo;
516
517 verbose(VERB_ALGO, "dns64: query A record");
518
519 /* Create a new query info. */
520 qinfo = qstate->qinfo;
521 qinfo.qtype = LDNS_RR_TYPE_A;
522
523 /* Start the sub-query. */
524 fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
525 if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0,
526 0, &subq))
527 {
528 verbose(VERB_ALGO, "dns64: sub-query creation failed");
529 return module_error;
530 }
531 if (subq) {
532 subq->curmod = id;
533 subq->ext_state[id] = module_state_initial;
534 subq->minfo[id] = NULL;
535 }
536
537 return module_wait_subquery;
538 }
539
540 /**
541 * See if query name is in the always synth config.
542 * The ignore-aaaa list has names for which the AAAA for the domain is
543 * ignored and the A is always used to create the answer.
544 * @param qstate: query state.
545 * @param id: module id.
546 * @return true if the name is covered by ignore-aaaa.
547 */
548 static int
dns64_always_synth_for_qname(struct module_qstate * qstate,int id)549 dns64_always_synth_for_qname(struct module_qstate* qstate, int id)
550 {
551 struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id];
552 int labs = dname_count_labels(qstate->qinfo.qname);
553 struct name_tree_node* node = name_tree_lookup(&dns64_env->ignore_aaaa,
554 qstate->qinfo.qname, qstate->qinfo.qname_len, labs,
555 qstate->qinfo.qclass);
556 return (node != NULL);
557 }
558
559 /**
560 * Handles the "pass" event for a query. This event is received when a new query
561 * is received by this module. The query may have been generated internally by
562 * another module, in which case we don't want to do any special processing
563 * (this is an interesting discussion topic), or it may be brand new, e.g.
564 * received over a socket, in which case we do want to apply DNS64 processing.
565 *
566 * \param qstate A structure representing the state of the query that has just
567 * received the "pass" event.
568 * \param id This module's instance ID.
569 *
570 * \return The new state of the query.
571 */
572 static enum module_ext_state
handle_event_pass(struct module_qstate * qstate,int id)573 handle_event_pass(struct module_qstate* qstate, int id)
574 {
575 struct dns64_qstate* iq = (struct dns64_qstate*)qstate->minfo[id];
576 int synth_all_cfg = qstate->env->cfg->dns64_synthall;
577 int synth_qname = 0;
578
579 if(iq && iq->state == DNS64_NEW_QUERY
580 && qstate->qinfo.qtype == LDNS_RR_TYPE_PTR
581 && qstate->qinfo.qname_len == 74
582 && !strcmp((char*)&qstate->qinfo.qname[64], "\03ip6\04arpa")) {
583 /* Handle PTR queries for IPv6 addresses. */
584 return handle_ipv6_ptr(qstate, id);
585 }
586
587 if(iq && iq->state == DNS64_NEW_QUERY &&
588 qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA &&
589 (synth_all_cfg ||
590 (synth_qname=(dns64_always_synth_for_qname(qstate, id)
591 && !(qstate->query_flags & BIT_CD))))) {
592 if(synth_qname)
593 verbose(VERB_ALGO, "dns64: ignore-aaaa and synthesize anyway");
594 return generate_type_A_query(qstate, id);
595 }
596
597 /* We are finished when our sub-query is finished. */
598 if(iq && iq->state == DNS64_SUBQUERY_FINISHED)
599 return module_finished;
600
601 /* Otherwise, pass request to next module. */
602 verbose(VERB_ALGO, "dns64: pass to next module");
603 return module_wait_module;
604 }
605
606 /**
607 * Handles the "done" event for a query. We need to analyze the response and
608 * maybe issue a new sub-query for the A record.
609 *
610 * \param qstate A structure representing the state of the query that has just
611 * received the "pass" event.
612 * \param id This module's instance ID.
613 *
614 * \return The new state of the query.
615 */
616 static enum module_ext_state
handle_event_moddone(struct module_qstate * qstate,int id)617 handle_event_moddone(struct module_qstate* qstate, int id)
618 {
619 struct dns64_qstate* iq = (struct dns64_qstate*)qstate->minfo[id];
620 /*
621 * In many cases we have nothing special to do. From most to least common:
622 *
623 * - An internal query.
624 * - A query for a record type other than AAAA.
625 * - CD FLAG was set on querier
626 * - An AAAA query for which an error was returned.(qstate.return_rcode)
627 * -> treated as servfail thus synthesize (sec 5.1.3 6147), thus
628 * synthesize in (sec 5.1.2 of RFC6147).
629 * - A successful AAAA query with an answer.
630 */
631
632 /* When an AAAA query completes check if we want to perform DNS64
633 * synthesis. We skip queries with DNSSEC enabled (!CD) and
634 * ones generated by us to retrive the A/PTR record to use for
635 * synth. */
636 int could_synth =
637 qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA &&
638 (!iq || iq->state != DNS64_INTERNAL_QUERY) &&
639 !(qstate->query_flags & BIT_CD);
640 int has_data = /* whether query returned non-empty rrset */
641 qstate->return_msg &&
642 qstate->return_msg->rep &&
643 reply_find_answer_rrset(&qstate->qinfo, qstate->return_msg->rep);
644 int synth_qname = 0;
645
646 if(could_synth &&
647 (!has_data ||
648 (synth_qname=dns64_always_synth_for_qname(qstate, id)))) {
649 if(synth_qname)
650 verbose(VERB_ALGO, "dns64: ignore-aaaa and synthesize anyway");
651 return generate_type_A_query(qstate, id);
652 }
653
654 /* Store the response in cache. */
655 if( (!iq || !iq->started_no_cache_store) &&
656 qstate->return_msg &&
657 qstate->return_msg->rep &&
658 !dns_cache_store(
659 qstate->env, &qstate->qinfo, qstate->return_msg->rep,
660 0, qstate->prefetch_leeway, 0, NULL,
661 qstate->query_flags, qstate->qstarttime))
662 log_err("out of memory");
663
664 /* do nothing */
665 return module_finished;
666 }
667
668 /**
669 * This is the module's main() function. It gets called each time a query
670 * receives an event which we may need to handle. We respond by updating the
671 * state of the query.
672 *
673 * \param qstate Structure containing the state of the query.
674 * \param event Event that has just been received.
675 * \param id This module's instance ID.
676 * \param outbound State of a DNS query on an authoritative server. We never do
677 * our own queries ourselves (other modules do it for us), so
678 * this is unused.
679 */
680 void
dns64_operate(struct module_qstate * qstate,enum module_ev event,int id,struct outbound_entry * outbound)681 dns64_operate(struct module_qstate* qstate, enum module_ev event, int id,
682 struct outbound_entry* outbound)
683 {
684 struct dns64_qstate* iq;
685 (void)outbound;
686 verbose(VERB_QUERY, "dns64[module %d] operate: extstate:%s event:%s",
687 id, strextstate(qstate->ext_state[id]),
688 strmodulevent(event));
689 log_query_info(VERB_QUERY, "dns64 operate: query", &qstate->qinfo);
690
691 switch(event) {
692 case module_event_new:
693 /* Tag this query as being new and fall through. */
694 if (!(iq = (struct dns64_qstate*)regional_alloc(
695 qstate->region, sizeof(*iq)))) {
696 log_err("out of memory");
697 qstate->ext_state[id] = module_error;
698 return;
699 }
700 qstate->minfo[id] = iq;
701 iq->state = DNS64_NEW_QUERY;
702 iq->started_no_cache_store = qstate->no_cache_store;
703 qstate->no_cache_store = 1;
704 ATTR_FALLTHROUGH
705 /* fallthrough */
706 case module_event_pass:
707 qstate->ext_state[id] = handle_event_pass(qstate, id);
708 break;
709 case module_event_moddone:
710 qstate->ext_state[id] = handle_event_moddone(qstate, id);
711 break;
712 default:
713 qstate->ext_state[id] = module_finished;
714 break;
715 }
716 if(qstate->ext_state[id] == module_finished) {
717 iq = (struct dns64_qstate*)qstate->minfo[id];
718 if(iq && iq->state != DNS64_INTERNAL_QUERY)
719 qstate->no_cache_store = iq->started_no_cache_store;
720 }
721 }
722
723 static void
dns64_synth_aaaa_data(const struct ub_packed_rrset_key * fk,const struct packed_rrset_data * fd,struct ub_packed_rrset_key * dk,struct packed_rrset_data ** dd_out,struct regional * region,struct dns64_env * dns64_env)724 dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
725 const struct packed_rrset_data* fd,
726 struct ub_packed_rrset_key *dk,
727 struct packed_rrset_data **dd_out, struct regional *region,
728 struct dns64_env* dns64_env )
729 {
730 struct packed_rrset_data *dd;
731 size_t i;
732 /*
733 * Create synthesized AAAA RR set data. We need to allocated extra memory
734 * for the RRs themselves. Each RR has a length, TTL, pointer to wireformat
735 * data, 2 bytes of data length, and 16 bytes of IPv6 address.
736 */
737 if(fd->count > RR_COUNT_MAX) {
738 *dd_out = NULL;
739 return; /* integer overflow protection in alloc */
740 }
741 if (!(dd = *dd_out = regional_alloc_zero(region,
742 sizeof(struct packed_rrset_data)
743 + fd->count * (sizeof(size_t) + sizeof(time_t) +
744 sizeof(uint8_t*) + 2 + 16)))) {
745 log_err("out of memory");
746 return;
747 }
748
749 /* Copy attributes from A RR set. */
750 dd->ttl = fd->ttl;
751 dd->count = fd->count;
752 dd->rrsig_count = 0;
753 dd->trust = fd->trust;
754 dd->security = fd->security;
755
756 /*
757 * Synthesize AAAA records. Adjust pointers in structure.
758 */
759 dd->rr_len =
760 (size_t*)((uint8_t*)dd + sizeof(struct packed_rrset_data));
761 dd->rr_data = (uint8_t**)&dd->rr_len[dd->count];
762 dd->rr_ttl = (time_t*)&dd->rr_data[dd->count];
763 for(i = 0; i < fd->count; ++i) {
764 if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0
765 || fd->rr_data[i][1] != 4) {
766 *dd_out = NULL;
767 return;
768 }
769 dd->rr_len[i] = 18;
770 dd->rr_data[i] =
771 (uint8_t*)&dd->rr_ttl[dd->count] + 18*i;
772 dd->rr_data[i][0] = 0;
773 dd->rr_data[i][1] = 16;
774 synthesize_aaaa(
775 ((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr,
776 sizeof(((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr),
777 dns64_env->prefix_net, &fd->rr_data[i][2],
778 fd->rr_len[i]-2, &dd->rr_data[i][2],
779 dd->rr_len[i]-2);
780 dd->rr_ttl[i] = fd->rr_ttl[i];
781 }
782
783 /*
784 * Create synthesized AAAA RR set key. This is mostly just bookkeeping,
785 * nothing interesting here.
786 */
787 if(!dk) {
788 log_err("no key");
789 *dd_out = NULL;
790 return;
791 }
792
793 dk->rk.dname = (uint8_t*)regional_alloc_init(region,
794 fk->rk.dname, fk->rk.dname_len);
795
796 if(!dk->rk.dname) {
797 log_err("out of memory");
798 *dd_out = NULL;
799 return;
800 }
801
802 dk->rk.type = htons(LDNS_RR_TYPE_AAAA);
803 memset(&dk->entry, 0, sizeof(dk->entry));
804 dk->entry.key = dk;
805 dk->entry.hash = rrset_key_hash(&dk->rk);
806 dk->entry.data = dd;
807
808 }
809
810 /**
811 * Synthesize an AAAA RR set from an A sub-query's answer and add it to the
812 * original empty response.
813 *
814 * \param id This module's instance ID.
815 * \param super Original AAAA query.
816 * \param qstate A query.
817 */
818 static void
dns64_adjust_a(int id,struct module_qstate * super,struct module_qstate * qstate)819 dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate)
820 {
821 struct dns64_env* dns64_env = (struct dns64_env*)super->env->modinfo[id];
822 struct reply_info *rep, *cp;
823 size_t i, s;
824 struct packed_rrset_data* fd, *dd;
825 struct ub_packed_rrset_key* fk, *dk;
826
827 verbose(VERB_ALGO, "converting A answers to AAAA answers");
828
829 log_assert(super->region);
830 log_assert(qstate->return_msg);
831 log_assert(qstate->return_msg->rep);
832
833 /* If dns64-synthall is enabled, return_msg is not initialized */
834 if(!super->return_msg) {
835 super->return_msg = (struct dns_msg*)regional_alloc(
836 super->region, sizeof(struct dns_msg));
837 if(!super->return_msg)
838 return;
839 memset(super->return_msg, 0, sizeof(*super->return_msg));
840 super->return_msg->qinfo = super->qinfo;
841 }
842
843 rep = qstate->return_msg->rep;
844
845 /*
846 * Build the actual reply.
847 */
848 cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount,
849 rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl,
850 rep->serve_expired_norec_ttl,
851 rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets,
852 rep->rrset_count, rep->security, LDNS_EDE_NONE);
853 if(!cp)
854 return;
855
856 /* allocate ub_key structures special or not */
857 if(!reply_info_alloc_rrset_keys(cp, NULL, super->region)) {
858 return;
859 }
860
861 /* copy everything and replace A by AAAA */
862 for(i=0; i<cp->rrset_count; i++) {
863 fk = rep->rrsets[i];
864 dk = cp->rrsets[i];
865 fd = (struct packed_rrset_data*)fk->entry.data;
866 dk->rk = fk->rk;
867 dk->id = fk->id;
868
869 if(i<rep->an_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) {
870 /* also sets dk->entry.hash */
871 dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env);
872 if(!dd)
873 return;
874 /* Delete negative AAAA record from cache stored by
875 * the iterator module */
876 rrset_cache_remove(super->env->rrset_cache, dk->rk.dname,
877 dk->rk.dname_len, LDNS_RR_TYPE_AAAA,
878 LDNS_RR_CLASS_IN, 0);
879 /* Delete negative AAAA in msg cache for CNAMEs,
880 * stored by the iterator module */
881 if(i != 0) /* if not the first RR */
882 msg_cache_remove(super->env, dk->rk.dname,
883 dk->rk.dname_len, LDNS_RR_TYPE_AAAA,
884 LDNS_RR_CLASS_IN, 0);
885 } else {
886 dk->entry.hash = fk->entry.hash;
887 dk->rk.dname = (uint8_t*)regional_alloc_init(super->region,
888 fk->rk.dname, fk->rk.dname_len);
889
890 if(!dk->rk.dname)
891 return;
892
893 s = packed_rrset_sizeof(fd);
894 dd = (struct packed_rrset_data*)regional_alloc_init(
895 super->region, fd, s);
896
897 if(!dd)
898 return;
899 }
900
901 packed_rrset_ptr_fixup(dd);
902 dk->entry.data = (void*)dd;
903 }
904
905 /* Commit changes. */
906 super->return_msg->rep = cp;
907 }
908
909 /**
910 * Generate a response for the original IPv6 PTR query based on an IPv4 PTR
911 * sub-query's response.
912 *
913 * \param qstate IPv4 PTR sub-query.
914 * \param super Original IPv6 PTR query.
915 */
916 static void
dns64_adjust_ptr(struct module_qstate * qstate,struct module_qstate * super)917 dns64_adjust_ptr(struct module_qstate* qstate, struct module_qstate* super)
918 {
919 struct ub_packed_rrset_key* answer;
920
921 verbose(VERB_ALGO, "adjusting PTR reply");
922
923 /* Copy the sub-query's reply to the parent. */
924 if (!(super->return_msg = (struct dns_msg*)regional_alloc(super->region,
925 sizeof(struct dns_msg))))
926 return;
927 super->return_msg->qinfo = super->qinfo;
928 if (!(super->return_msg->rep = reply_info_copy(qstate->return_msg->rep,
929 NULL, super->region)))
930 return;
931
932 /*
933 * Adjust the domain name of the answer RR set so that it matches the
934 * initial query's domain name.
935 */
936 answer = reply_find_answer_rrset(&qstate->qinfo, super->return_msg->rep);
937 if(answer) {
938 answer->rk.dname = super->qinfo.qname;
939 answer->rk.dname_len = super->qinfo.qname_len;
940 }
941 }
942
943 /**
944 * This function is called when a sub-query finishes to inform the parent query.
945 *
946 * We issue two kinds of sub-queries: PTR and A.
947 *
948 * \param qstate State of the sub-query.
949 * \param id This module's instance ID.
950 * \param super State of the super-query.
951 */
952 void
dns64_inform_super(struct module_qstate * qstate,int id,struct module_qstate * super)953 dns64_inform_super(struct module_qstate* qstate, int id,
954 struct module_qstate* super)
955 {
956 struct dns64_qstate* super_dq = (struct dns64_qstate*)super->minfo[id];
957 log_query_info(VERB_ALGO, "dns64: inform_super, sub is",
958 &qstate->qinfo);
959 log_query_info(VERB_ALGO, "super is", &super->qinfo);
960
961 /*
962 * Signal that the sub-query is finished, no matter whether we are
963 * successful or not. This lets the state machine terminate.
964 */
965 if(!super_dq) {
966 super_dq = (struct dns64_qstate*)regional_alloc(super->region,
967 sizeof(*super_dq));
968 if(!super_dq) {
969 log_err("out of memory");
970 super->return_rcode = LDNS_RCODE_SERVFAIL;
971 super->return_msg = NULL;
972 return;
973 }
974 super->minfo[id] = super_dq;
975 memset(super_dq, 0, sizeof(*super_dq));
976 super_dq->started_no_cache_store = super->no_cache_store;
977 }
978 super_dq->state = DNS64_SUBQUERY_FINISHED;
979
980 /* If there is no successful answer, we're done.
981 * Guarantee that we have at least a NOERROR reply further on. */
982 if(qstate->return_rcode != LDNS_RCODE_NOERROR
983 || !qstate->return_msg
984 || !qstate->return_msg->rep) {
985 return;
986 }
987
988 /* When no A record is found for synthesis fall back to AAAA again. */
989 if(qstate->qinfo.qtype == LDNS_RR_TYPE_A &&
990 !reply_find_answer_rrset(&qstate->qinfo,
991 qstate->return_msg->rep)) {
992 super_dq->state = DNS64_INTERNAL_QUERY;
993 return;
994 }
995
996 /* Use return code from A query in response to client. */
997 if (super->return_rcode != LDNS_RCODE_NOERROR)
998 super->return_rcode = qstate->return_rcode;
999
1000 /* Generate a response suitable for the original query. */
1001 if (qstate->qinfo.qtype == LDNS_RR_TYPE_A) {
1002 dns64_adjust_a(id, super, qstate);
1003 } else {
1004 log_assert(qstate->qinfo.qtype == LDNS_RR_TYPE_PTR);
1005 dns64_adjust_ptr(qstate, super);
1006 }
1007
1008 /* Store the generated response in cache. */
1009 if ( (!super_dq || !super_dq->started_no_cache_store) &&
1010 !dns_cache_store(super->env, &super->qinfo, super->return_msg->rep,
1011 0, super->prefetch_leeway, 0, NULL, super->query_flags, qstate->qstarttime))
1012 log_err("out of memory");
1013 }
1014
1015 /**
1016 * Clear module-specific data from query state. Since we do not allocate memory,
1017 * it's just a matter of setting a pointer to NULL.
1018 *
1019 * \param qstate Query state.
1020 * \param id This module's instance ID.
1021 */
1022 void
dns64_clear(struct module_qstate * qstate,int id)1023 dns64_clear(struct module_qstate* qstate, int id)
1024 {
1025 qstate->minfo[id] = NULL;
1026 }
1027
1028 /**
1029 * Returns the amount of global memory that this module uses, not including
1030 * per-query data.
1031 *
1032 * \param env Module environment.
1033 * \param id This module's instance ID.
1034 */
1035 size_t
dns64_get_mem(struct module_env * env,int id)1036 dns64_get_mem(struct module_env* env, int id)
1037 {
1038 struct dns64_env* dns64_env = (struct dns64_env*)env->modinfo[id];
1039 if (!dns64_env)
1040 return 0;
1041 return sizeof(*dns64_env);
1042 }
1043
1044 /**
1045 * The dns64 function block.
1046 */
1047 static struct module_func_block dns64_block = {
1048 "dns64",
1049 NULL, NULL, &dns64_init, &dns64_deinit, &dns64_operate,
1050 &dns64_inform_super, &dns64_clear, &dns64_get_mem
1051 };
1052
1053 /**
1054 * Function for returning the above function block.
1055 */
1056 struct module_func_block *
dns64_get_funcblock(void)1057 dns64_get_funcblock(void)
1058 {
1059 return &dns64_block;
1060 }
1061