xref: /freebsd/contrib/unbound/daemon/cachedump.c (revision 8d20be1e22095c27faf8fe8b2f0d089739cc742e)
1 /*
2  * daemon/cachedump.c - dump the cache to text format.
3  *
4  * Copyright (c) 2008, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
27  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33  * POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * This file contains functions to read and write the cache(s)
40  * to text format.
41  */
42 #include "config.h"
43 #include <ldns/ldns.h>
44 #include "daemon/cachedump.h"
45 #include "daemon/remote.h"
46 #include "daemon/worker.h"
47 #include "services/cache/rrset.h"
48 #include "services/cache/dns.h"
49 #include "services/cache/infra.h"
50 #include "util/data/msgreply.h"
51 #include "util/regional.h"
52 #include "util/net_help.h"
53 #include "util/data/dname.h"
54 #include "iterator/iterator.h"
55 #include "iterator/iter_delegpt.h"
56 #include "iterator/iter_utils.h"
57 #include "iterator/iter_fwd.h"
58 #include "iterator/iter_hints.h"
59 
60 /** convert to ldns rr */
61 static ldns_rr*
62 to_rr(struct ub_packed_rrset_key* k, struct packed_rrset_data* d,
63 	uint32_t now, size_t i, uint16_t type)
64 {
65 	ldns_rr* rr = ldns_rr_new();
66 	ldns_rdf* rdf;
67 	ldns_status status;
68 	size_t pos;
69 	log_assert(i < d->count + d->rrsig_count);
70 	if(!rr) {
71 		return NULL;
72 	}
73 	ldns_rr_set_type(rr, type);
74 	ldns_rr_set_class(rr, ntohs(k->rk.rrset_class));
75 	if(d->rr_ttl[i] < now)
76 		ldns_rr_set_ttl(rr, 0);
77 	else	ldns_rr_set_ttl(rr, d->rr_ttl[i] - now);
78 	pos = 0;
79 	status = ldns_wire2dname(&rdf, k->rk.dname, k->rk.dname_len, &pos);
80 	if(status != LDNS_STATUS_OK) {
81 		/* we drop detailed error in status */
82 		ldns_rr_free(rr);
83 		return NULL;
84 	}
85 	ldns_rr_set_owner(rr, rdf);
86 	pos = 0;
87 	status = ldns_wire2rdf(rr, d->rr_data[i], d->rr_len[i], &pos);
88 	if(status != LDNS_STATUS_OK) {
89 		/* we drop detailed error in status */
90 		ldns_rr_free(rr);
91 		return NULL;
92 	}
93 	return rr;
94 }
95 
96 /** dump one rrset zonefile line */
97 static int
98 dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k,
99         struct packed_rrset_data* d, uint32_t now, size_t i, uint16_t type)
100 {
101 	char* s;
102 	ldns_rr* rr = to_rr(k, d, now, i, type);
103 	if(!rr) {
104 		return ssl_printf(ssl, "BADRR\n");
105 	}
106 	s = ldns_rr2str(rr);
107 	ldns_rr_free(rr);
108 	if(!s) {
109 		return ssl_printf(ssl, "BADRR\n");
110 	}
111 	if(!ssl_printf(ssl, "%s", s)) {
112 		free(s);
113 		return 0;
114 	}
115 	free(s);
116 	return 1;
117 }
118 
119 /** dump rrset key and data info */
120 static int
121 dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
122 	struct packed_rrset_data* d, uint32_t now)
123 {
124 	size_t i;
125 	/* rd lock held by caller */
126 	if(!k || !d) return 1;
127 	if(d->ttl < now) return 1; /* expired */
128 
129 	/* meta line */
130 	if(!ssl_printf(ssl, ";rrset%s %u %u %u %d %d\n",
131 		(k->rk.flags & PACKED_RRSET_NSEC_AT_APEX)?" nsec_apex":"",
132 		(unsigned)(d->ttl - now),
133 		(unsigned)d->count, (unsigned)d->rrsig_count,
134 		(int)d->trust, (int)d->security
135 		))
136 		return 0;
137 	for(i=0; i<d->count; i++) {
138 		if(!dump_rrset_line(ssl, k, d, now, i, ntohs(k->rk.type)))
139 			return 0;
140 	}
141 	for(i=0; i<d->rrsig_count; i++) {
142 		if(!dump_rrset_line(ssl, k, d, now, i+d->count,
143 			LDNS_RR_TYPE_RRSIG))
144 			return 0;
145 	}
146 
147 	return 1;
148 }
149 
150 /** dump lruhash rrset cache */
151 static int
152 dump_rrset_lruhash(SSL* ssl, struct lruhash* h, uint32_t now)
153 {
154 	struct lruhash_entry* e;
155 	/* lruhash already locked by caller */
156 	/* walk in order of lru; best first */
157 	for(e=h->lru_start; e; e = e->lru_next) {
158 		lock_rw_rdlock(&e->lock);
159 		if(!dump_rrset(ssl, (struct ub_packed_rrset_key*)e->key,
160 			(struct packed_rrset_data*)e->data, now)) {
161 			lock_rw_unlock(&e->lock);
162 			return 0;
163 		}
164 		lock_rw_unlock(&e->lock);
165 	}
166 	return 1;
167 }
168 
169 /** dump rrset cache */
170 static int
171 dump_rrset_cache(SSL* ssl, struct worker* worker)
172 {
173 	struct rrset_cache* r = worker->env.rrset_cache;
174 	size_t slab;
175 	if(!ssl_printf(ssl, "START_RRSET_CACHE\n")) return 0;
176 	for(slab=0; slab<r->table.size; slab++) {
177 		lock_quick_lock(&r->table.array[slab]->lock);
178 		if(!dump_rrset_lruhash(ssl, r->table.array[slab],
179 			*worker->env.now)) {
180 			lock_quick_unlock(&r->table.array[slab]->lock);
181 			return 0;
182 		}
183 		lock_quick_unlock(&r->table.array[slab]->lock);
184 	}
185 	return ssl_printf(ssl, "END_RRSET_CACHE\n");
186 }
187 
188 /** dump message to rrset reference */
189 static int
190 dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
191 {
192 	ldns_rdf* rdf;
193 	ldns_status status;
194 	size_t pos;
195 	char* nm, *tp, *cl;
196 
197 	pos = 0;
198 	status = ldns_wire2dname(&rdf, k->rk.dname, k->rk.dname_len, &pos);
199 	if(status != LDNS_STATUS_OK) {
200 		return ssl_printf(ssl, "BADREF\n");
201 	}
202 	nm = ldns_rdf2str(rdf);
203 	ldns_rdf_deep_free(rdf);
204 	tp = ldns_rr_type2str(ntohs(k->rk.type));
205 	cl = ldns_rr_class2str(ntohs(k->rk.rrset_class));
206 	if(!nm || !cl || !tp) {
207 		free(nm);
208 		free(tp);
209 		free(cl);
210 		return ssl_printf(ssl, "BADREF\n");
211 	}
212 	if(!ssl_printf(ssl, "%s %s %s %d\n", nm, cl, tp, (int)k->rk.flags)) {
213 		free(nm);
214 		free(tp);
215 		free(cl);
216 		return 0;
217 	}
218 	free(nm);
219 	free(tp);
220 	free(cl);
221 
222 	return 1;
223 }
224 
225 /** dump message entry */
226 static int
227 dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d,
228 	uint32_t now)
229 {
230 	size_t i;
231 	char* nm, *tp, *cl;
232 	ldns_rdf* rdf;
233 	ldns_status status;
234 	size_t pos;
235 	if(!k || !d) return 1;
236 	if(d->ttl < now) return 1; /* expired */
237 
238 	pos = 0;
239 	status = ldns_wire2dname(&rdf, k->qname, k->qname_len, &pos);
240 	if(status != LDNS_STATUS_OK) {
241 		return 1; /* skip this entry */
242 	}
243 	nm = ldns_rdf2str(rdf);
244 	ldns_rdf_deep_free(rdf);
245 	tp = ldns_rr_type2str(k->qtype);
246 	cl = ldns_rr_class2str(k->qclass);
247 	if(!nm || !tp || !cl) {
248 		free(nm);
249 		free(tp);
250 		free(cl);
251 		return 1; /* skip this entry */
252 	}
253 	if(!rrset_array_lock(d->ref, d->rrset_count, now)) {
254 		/* rrsets have timed out or do not exist */
255 		free(nm);
256 		free(tp);
257 		free(cl);
258 		return 1; /* skip this entry */
259 	}
260 
261 	/* meta line */
262 	if(!ssl_printf(ssl, "msg %s %s %s %d %d %u %d %u %u %u\n",
263 			nm, cl, tp,
264 			(int)d->flags, (int)d->qdcount,
265 			(unsigned)(d->ttl-now), (int)d->security,
266 			(unsigned)d->an_numrrsets,
267 			(unsigned)d->ns_numrrsets,
268 			(unsigned)d->ar_numrrsets)) {
269 		free(nm);
270 		free(tp);
271 		free(cl);
272 		rrset_array_unlock(d->ref, d->rrset_count);
273 		return 0;
274 	}
275 	free(nm);
276 	free(tp);
277 	free(cl);
278 
279 	for(i=0; i<d->rrset_count; i++) {
280 		if(!dump_msg_ref(ssl, d->rrsets[i])) {
281 			rrset_array_unlock(d->ref, d->rrset_count);
282 			return 0;
283 		}
284 	}
285 	rrset_array_unlock(d->ref, d->rrset_count);
286 
287 	return 1;
288 }
289 
290 /** copy msg to worker pad */
291 static int
292 copy_msg(struct regional* region, struct lruhash_entry* e,
293 	struct query_info** k, struct reply_info** d)
294 {
295 	struct reply_info* rep = (struct reply_info*)e->data;
296 	*d = (struct reply_info*)regional_alloc_init(region, e->data,
297 		sizeof(struct reply_info) +
298 		sizeof(struct rrset_ref) * (rep->rrset_count-1) +
299 		sizeof(struct ub_packed_rrset_key*) * rep->rrset_count);
300 	if(!*d)
301 		return 0;
302 	(*d)->rrsets = (struct ub_packed_rrset_key**)(void *)(
303 		(uint8_t*)(&((*d)->ref[0])) +
304 		sizeof(struct rrset_ref) * rep->rrset_count);
305 	*k = (struct query_info*)regional_alloc_init(region,
306 		e->key, sizeof(struct query_info));
307 	if(!*k)
308 		return 0;
309 	(*k)->qname = regional_alloc_init(region,
310 		(*k)->qname, (*k)->qname_len);
311 	return (*k)->qname != NULL;
312 }
313 
314 /** dump lruhash msg cache */
315 static int
316 dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
317 {
318 	struct lruhash_entry* e;
319 	struct query_info* k;
320 	struct reply_info* d;
321 
322 	/* lruhash already locked by caller */
323 	/* walk in order of lru; best first */
324 	for(e=h->lru_start; e; e = e->lru_next) {
325 		regional_free_all(worker->scratchpad);
326 		lock_rw_rdlock(&e->lock);
327 		/* make copy of rrset in worker buffer */
328 		if(!copy_msg(worker->scratchpad, e, &k, &d)) {
329 			lock_rw_unlock(&e->lock);
330 			return 0;
331 		}
332 		lock_rw_unlock(&e->lock);
333 		/* release lock so we can lookup the rrset references
334 		 * in the rrset cache */
335 		if(!dump_msg(ssl, k, d, *worker->env.now)) {
336 			return 0;
337 		}
338 	}
339 	return 1;
340 }
341 
342 /** dump msg cache */
343 static int
344 dump_msg_cache(SSL* ssl, struct worker* worker)
345 {
346 	struct slabhash* sh = worker->env.msg_cache;
347 	size_t slab;
348 	if(!ssl_printf(ssl, "START_MSG_CACHE\n")) return 0;
349 	for(slab=0; slab<sh->size; slab++) {
350 		lock_quick_lock(&sh->array[slab]->lock);
351 		if(!dump_msg_lruhash(ssl, worker, sh->array[slab])) {
352 			lock_quick_unlock(&sh->array[slab]->lock);
353 			return 0;
354 		}
355 		lock_quick_unlock(&sh->array[slab]->lock);
356 	}
357 	return ssl_printf(ssl, "END_MSG_CACHE\n");
358 }
359 
360 int
361 dump_cache(SSL* ssl, struct worker* worker)
362 {
363 	if(!dump_rrset_cache(ssl, worker))
364 		return 0;
365 	if(!dump_msg_cache(ssl, worker))
366 		return 0;
367 	return ssl_printf(ssl, "EOF\n");
368 }
369 
370 /** read a line from ssl into buffer */
371 static int
372 ssl_read_buf(SSL* ssl, ldns_buffer* buf)
373 {
374 	return ssl_read_line(ssl, (char*)ldns_buffer_begin(buf),
375 		ldns_buffer_capacity(buf));
376 }
377 
378 /** check fixed text on line */
379 static int
380 read_fixed(SSL* ssl, ldns_buffer* buf, const char* str)
381 {
382 	if(!ssl_read_buf(ssl, buf)) return 0;
383 	return (strcmp((char*)ldns_buffer_begin(buf), str) == 0);
384 }
385 
386 /** load an RR into rrset */
387 static int
388 load_rr(SSL* ssl, ldns_buffer* buf, struct regional* region,
389 	struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
390 	unsigned int i, int is_rrsig, int* go_on, uint32_t now)
391 {
392 	ldns_rr* rr;
393 	ldns_status status;
394 
395 	/* read the line */
396 	if(!ssl_read_buf(ssl, buf))
397 		return 0;
398 	if(strncmp((char*)ldns_buffer_begin(buf), "BADRR\n", 6) == 0) {
399 		*go_on = 0;
400 		return 1;
401 	}
402 	status = ldns_rr_new_frm_str(&rr, (char*)ldns_buffer_begin(buf),
403 		LDNS_DEFAULT_TTL, NULL, NULL);
404 	if(status != LDNS_STATUS_OK) {
405 		log_warn("error cannot parse rr: %s: %s",
406 			ldns_get_errorstr_by_id(status),
407 			(char*)ldns_buffer_begin(buf));
408 		return 0;
409 	}
410 	if(is_rrsig && ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
411 		log_warn("error expected rrsig but got %s",
412 			(char*)ldns_buffer_begin(buf));
413 		return 0;
414 	}
415 
416 	/* convert ldns rr into packed_rr */
417 	d->rr_ttl[i] = ldns_rr_ttl(rr) + now;
418 	ldns_buffer_clear(buf);
419 	ldns_buffer_skip(buf, 2);
420 	status = ldns_rr_rdata2buffer_wire(buf, rr);
421 	if(status != LDNS_STATUS_OK) {
422 		log_warn("error cannot rr2wire: %s",
423 			ldns_get_errorstr_by_id(status));
424 		ldns_rr_free(rr);
425 		return 0;
426 	}
427 	ldns_buffer_flip(buf);
428 	ldns_buffer_write_u16_at(buf, 0, ldns_buffer_limit(buf) - 2);
429 
430 	d->rr_len[i] = ldns_buffer_limit(buf);
431 	d->rr_data[i] = (uint8_t*)regional_alloc_init(region,
432 		ldns_buffer_begin(buf), ldns_buffer_limit(buf));
433 	if(!d->rr_data[i]) {
434 		ldns_rr_free(rr);
435 		log_warn("error out of memory");
436 		return 0;
437 	}
438 
439 	/* if first entry, fill the key structure */
440 	if(i==0) {
441 		rk->rk.type = htons(ldns_rr_get_type(rr));
442 		rk->rk.rrset_class = htons(ldns_rr_get_class(rr));
443 		ldns_buffer_clear(buf);
444 		status = ldns_dname2buffer_wire(buf, ldns_rr_owner(rr));
445 		if(status != LDNS_STATUS_OK) {
446 			log_warn("error cannot dname2buffer: %s",
447 				ldns_get_errorstr_by_id(status));
448 			ldns_rr_free(rr);
449 			return 0;
450 		}
451 		ldns_buffer_flip(buf);
452 		rk->rk.dname_len = ldns_buffer_limit(buf);
453 		rk->rk.dname = regional_alloc_init(region,
454 			ldns_buffer_begin(buf), ldns_buffer_limit(buf));
455 		if(!rk->rk.dname) {
456 			log_warn("error out of memory");
457 			ldns_rr_free(rr);
458 			return 0;
459 		}
460 	}
461 	ldns_rr_free(rr);
462 
463 	return 1;
464 }
465 
466 /** move entry into cache */
467 static int
468 move_into_cache(struct ub_packed_rrset_key* k,
469 	struct packed_rrset_data* d, struct worker* worker)
470 {
471 	struct ub_packed_rrset_key* ak;
472 	struct packed_rrset_data* ad;
473 	size_t s, i, num = d->count + d->rrsig_count;
474 	struct rrset_ref ref;
475 	uint8_t* p;
476 
477 	ak = alloc_special_obtain(&worker->alloc);
478 	if(!ak) {
479 		log_warn("error out of memory");
480 		return 0;
481 	}
482 	ak->entry.data = NULL;
483 	ak->rk = k->rk;
484 	ak->entry.hash = rrset_key_hash(&k->rk);
485 	ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len);
486 	if(!ak->rk.dname) {
487 		log_warn("error out of memory");
488 		ub_packed_rrset_parsedelete(ak, &worker->alloc);
489 		return 0;
490 	}
491 	s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) +
492 		sizeof(uint32_t))* num;
493 	for(i=0; i<num; i++)
494 		s += d->rr_len[i];
495 	ad = (struct packed_rrset_data*)malloc(s);
496 	if(!ad) {
497 		log_warn("error out of memory");
498 		ub_packed_rrset_parsedelete(ak, &worker->alloc);
499 		return 0;
500 	}
501 	p = (uint8_t*)ad;
502 	memmove(p, d, sizeof(*ad));
503 	p += sizeof(*ad);
504 	memmove(p, &d->rr_len[0], sizeof(size_t)*num);
505 	p += sizeof(size_t)*num;
506 	memmove(p, &d->rr_data[0], sizeof(uint8_t*)*num);
507 	p += sizeof(uint8_t*)*num;
508 	memmove(p, &d->rr_ttl[0], sizeof(uint32_t)*num);
509 	p += sizeof(uint32_t)*num;
510 	for(i=0; i<num; i++) {
511 		memmove(p, d->rr_data[i], d->rr_len[i]);
512 		p += d->rr_len[i];
513 	}
514 	packed_rrset_ptr_fixup(ad);
515 
516 	ak->entry.data = ad;
517 
518 	ref.key = ak;
519 	ref.id = ak->id;
520 	(void)rrset_cache_update(worker->env.rrset_cache, &ref,
521 		&worker->alloc, *worker->env.now);
522 	return 1;
523 }
524 
525 /** load an rrset entry */
526 static int
527 load_rrset(SSL* ssl, ldns_buffer* buf, struct worker* worker)
528 {
529 	char* s = (char*)ldns_buffer_begin(buf);
530 	struct regional* region = worker->scratchpad;
531 	struct ub_packed_rrset_key* rk;
532 	struct packed_rrset_data* d;
533 	unsigned int ttl, rr_count, rrsig_count, trust, security;
534 	unsigned int i;
535 	int go_on = 1;
536 	regional_free_all(region);
537 
538 	rk = (struct ub_packed_rrset_key*)regional_alloc_zero(region,
539 		sizeof(*rk));
540 	d = (struct packed_rrset_data*)regional_alloc_zero(region, sizeof(*d));
541 	if(!rk || !d) {
542 		log_warn("error out of memory");
543 		return 0;
544 	}
545 
546 	if(strncmp(s, ";rrset", 6) != 0) {
547 		log_warn("error expected ';rrset' but got %s", s);
548 		return 0;
549 	}
550 	s += 6;
551 	if(strncmp(s, " nsec_apex", 10) == 0) {
552 		s += 10;
553 		rk->rk.flags |= PACKED_RRSET_NSEC_AT_APEX;
554 	}
555 	if(sscanf(s, " %u %u %u %u %u", &ttl, &rr_count, &rrsig_count,
556 		&trust, &security) != 5) {
557 		log_warn("error bad rrset spec %s", s);
558 		return 0;
559 	}
560 	if(rr_count == 0 && rrsig_count == 0) {
561 		log_warn("bad rrset without contents");
562 		return 0;
563 	}
564 	d->count = (size_t)rr_count;
565 	d->rrsig_count = (size_t)rrsig_count;
566 	d->security = (enum sec_status)security;
567 	d->trust = (enum rrset_trust)trust;
568 	d->ttl = (uint32_t)ttl + *worker->env.now;
569 
570 	d->rr_len = regional_alloc_zero(region,
571 		sizeof(size_t)*(d->count+d->rrsig_count));
572 	d->rr_ttl = regional_alloc_zero(region,
573 		sizeof(uint32_t)*(d->count+d->rrsig_count));
574 	d->rr_data = regional_alloc_zero(region,
575 		sizeof(uint8_t*)*(d->count+d->rrsig_count));
576 	if(!d->rr_len || !d->rr_ttl || !d->rr_data) {
577 		log_warn("error out of memory");
578 		return 0;
579 	}
580 
581 	/* read the rr's themselves */
582 	for(i=0; i<rr_count; i++) {
583 		if(!load_rr(ssl, buf, region, rk, d, i, 0,
584 			&go_on, *worker->env.now)) {
585 			log_warn("could not read rr %u", i);
586 			return 0;
587 		}
588 	}
589 	for(i=0; i<rrsig_count; i++) {
590 		if(!load_rr(ssl, buf, region, rk, d, i+rr_count, 1,
591 			&go_on, *worker->env.now)) {
592 			log_warn("could not read rrsig %u", i);
593 			return 0;
594 		}
595 	}
596 	if(!go_on) {
597 		/* skip this entry */
598 		return 1;
599 	}
600 
601 	return move_into_cache(rk, d, worker);
602 }
603 
604 /** load rrset cache */
605 static int
606 load_rrset_cache(SSL* ssl, struct worker* worker)
607 {
608 	ldns_buffer* buf = worker->env.scratch_buffer;
609 	if(!read_fixed(ssl, buf, "START_RRSET_CACHE")) return 0;
610 	while(ssl_read_buf(ssl, buf) &&
611 		strcmp((char*)ldns_buffer_begin(buf), "END_RRSET_CACHE")!=0) {
612 		if(!load_rrset(ssl, buf, worker))
613 			return 0;
614 	}
615 	return 1;
616 }
617 
618 /** read qinfo from next three words */
619 static char*
620 load_qinfo(char* str, struct query_info* qinfo, ldns_buffer* buf,
621 	struct regional* region)
622 {
623 	/* s is part of the buf */
624 	char* s = str;
625 	ldns_rr* rr;
626 	ldns_status status;
627 
628 	/* skip three words */
629 	s = strchr(str, ' ');
630 	if(s) s = strchr(s+1, ' ');
631 	if(s) s = strchr(s+1, ' ');
632 	if(!s) {
633 		log_warn("error line too short, %s", str);
634 		return NULL;
635 	}
636 	s[0] = 0;
637 	s++;
638 
639 	/* parse them */
640 	status = ldns_rr_new_question_frm_str(&rr, str, NULL, NULL);
641 	if(status != LDNS_STATUS_OK) {
642 		log_warn("error cannot parse: %s %s",
643 			ldns_get_errorstr_by_id(status), str);
644 		return NULL;
645 	}
646 	qinfo->qtype = ldns_rr_get_type(rr);
647 	qinfo->qclass = ldns_rr_get_class(rr);
648 	ldns_buffer_clear(buf);
649 	status = ldns_dname2buffer_wire(buf, ldns_rr_owner(rr));
650 	ldns_rr_free(rr);
651 	if(status != LDNS_STATUS_OK) {
652 		log_warn("error cannot dname2wire: %s",
653 			ldns_get_errorstr_by_id(status));
654 		return NULL;
655 	}
656 	ldns_buffer_flip(buf);
657 	qinfo->qname_len = ldns_buffer_limit(buf);
658 	qinfo->qname = (uint8_t*)regional_alloc_init(region,
659 		ldns_buffer_begin(buf), ldns_buffer_limit(buf));
660 	if(!qinfo->qname) {
661 		log_warn("error out of memory");
662 		return NULL;
663 	}
664 
665 	return s;
666 }
667 
668 /** load a msg rrset reference */
669 static int
670 load_ref(SSL* ssl, ldns_buffer* buf, struct worker* worker,
671 	struct regional *region, struct ub_packed_rrset_key** rrset,
672 	int* go_on)
673 {
674 	char* s = (char*)ldns_buffer_begin(buf);
675 	struct query_info qinfo;
676 	unsigned int flags;
677 	struct ub_packed_rrset_key* k;
678 
679 	/* read line */
680 	if(!ssl_read_buf(ssl, buf))
681 		return 0;
682 	if(strncmp(s, "BADREF", 6) == 0) {
683 		*go_on = 0; /* its bad, skip it and skip message */
684 		return 1;
685 	}
686 
687 	s = load_qinfo(s, &qinfo, buf, region);
688 	if(!s) {
689 		return 0;
690 	}
691 	if(sscanf(s, " %u", &flags) != 1) {
692 		log_warn("error cannot parse flags: %s", s);
693 		return 0;
694 	}
695 
696 	/* lookup in cache */
697 	k = rrset_cache_lookup(worker->env.rrset_cache, qinfo.qname,
698 		qinfo.qname_len, qinfo.qtype, qinfo.qclass,
699 		(uint32_t)flags, *worker->env.now, 0);
700 	if(!k) {
701 		/* not found or expired */
702 		*go_on = 0;
703 		return 1;
704 	}
705 
706 	/* store in result */
707 	*rrset = packed_rrset_copy_region(k, region, *worker->env.now);
708 	lock_rw_unlock(&k->entry.lock);
709 
710 	return (*rrset != NULL);
711 }
712 
713 /** load a msg entry */
714 static int
715 load_msg(SSL* ssl, ldns_buffer* buf, struct worker* worker)
716 {
717 	struct regional* region = worker->scratchpad;
718 	struct query_info qinf;
719 	struct reply_info rep;
720 	char* s = (char*)ldns_buffer_begin(buf);
721 	unsigned int flags, qdcount, ttl, security, an, ns, ar;
722 	size_t i;
723 	int go_on = 1;
724 
725 	regional_free_all(region);
726 
727 	if(strncmp(s, "msg ", 4) != 0) {
728 		log_warn("error expected msg but got %s", s);
729 		return 0;
730 	}
731 	s += 4;
732 	s = load_qinfo(s, &qinf, buf, region);
733 	if(!s) {
734 		return 0;
735 	}
736 
737 	/* read remainder of line */
738 	if(sscanf(s, " %u %u %u %u %u %u %u", &flags, &qdcount, &ttl,
739 		&security, &an, &ns, &ar) != 7) {
740 		log_warn("error cannot parse numbers: %s", s);
741 		return 0;
742 	}
743 	rep.flags = (uint16_t)flags;
744 	rep.qdcount = (uint16_t)qdcount;
745 	rep.ttl = (uint32_t)ttl;
746 	rep.prefetch_ttl = PREFETCH_TTL_CALC(rep.ttl);
747 	rep.security = (enum sec_status)security;
748 	rep.an_numrrsets = (size_t)an;
749 	rep.ns_numrrsets = (size_t)ns;
750 	rep.ar_numrrsets = (size_t)ar;
751 	rep.rrset_count = (size_t)an+(size_t)ns+(size_t)ar;
752 	rep.rrsets = (struct ub_packed_rrset_key**)regional_alloc_zero(
753 		region, sizeof(struct ub_packed_rrset_key*)*rep.rrset_count);
754 
755 	/* fill repinfo with references */
756 	for(i=0; i<rep.rrset_count; i++) {
757 		if(!load_ref(ssl, buf, worker, region, &rep.rrsets[i],
758 			&go_on)) {
759 			return 0;
760 		}
761 	}
762 
763 	if(!go_on)
764 		return 1; /* skip this one, not all references satisfied */
765 
766 	if(!dns_cache_store(&worker->env, &qinf, &rep, 0, 0, 0, NULL)) {
767 		log_warn("error out of memory");
768 		return 0;
769 	}
770 	return 1;
771 }
772 
773 /** load msg cache */
774 static int
775 load_msg_cache(SSL* ssl, struct worker* worker)
776 {
777 	ldns_buffer* buf = worker->env.scratch_buffer;
778 	if(!read_fixed(ssl, buf, "START_MSG_CACHE")) return 0;
779 	while(ssl_read_buf(ssl, buf) &&
780 		strcmp((char*)ldns_buffer_begin(buf), "END_MSG_CACHE")!=0) {
781 		if(!load_msg(ssl, buf, worker))
782 			return 0;
783 	}
784 	return 1;
785 }
786 
787 int
788 load_cache(SSL* ssl, struct worker* worker)
789 {
790 	if(!load_rrset_cache(ssl, worker))
791 		return 0;
792 	if(!load_msg_cache(ssl, worker))
793 		return 0;
794 	return read_fixed(ssl, worker->env.scratch_buffer, "EOF");
795 }
796 
797 /** print details on a delegation point */
798 static void
799 print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
800 {
801 	char buf[257];
802 	struct delegpt_addr* a;
803 	int lame, dlame, rlame, rto, edns_vs, to, delay, entry_ttl,
804 		tA = 0, tAAAA = 0, tother = 0;
805 	struct rtt_info ri;
806 	uint8_t edns_lame_known;
807 	for(a = dp->target_list; a; a = a->next_target) {
808 		addr_to_str(&a->addr, a->addrlen, buf, sizeof(buf));
809 		if(!ssl_printf(ssl, "%-16s\t", buf))
810 			return;
811 		if(a->bogus) {
812 			if(!ssl_printf(ssl, "Address is BOGUS. "))
813 				return;
814 		}
815 		/* lookup in infra cache */
816 		delay=0;
817 		entry_ttl = infra_get_host_rto(worker->env.infra_cache,
818 			&a->addr, a->addrlen, dp->name, dp->namelen,
819 			&ri, &delay, *worker->env.now, &tA, &tAAAA, &tother);
820 		if(entry_ttl == -2 && ri.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
821 			if(!ssl_printf(ssl, "expired, rto %d msec, tA %d "
822 				"tAAAA %d tother %d.\n", ri.rto, tA, tAAAA,
823 				tother))
824 				return;
825 			continue;
826 		}
827 		if(entry_ttl == -1 || entry_ttl == -2) {
828 			if(!ssl_printf(ssl, "not in infra cache.\n"))
829 				return;
830 			continue; /* skip stuff not in infra cache */
831 		}
832 
833 		/* uses type_A because most often looked up, but other
834 		 * lameness won't be reported then */
835 		if(!infra_get_lame_rtt(worker->env.infra_cache,
836 			&a->addr, a->addrlen, dp->name, dp->namelen,
837 			LDNS_RR_TYPE_A, &lame, &dlame, &rlame, &rto,
838 			*worker->env.now)) {
839 			if(!ssl_printf(ssl, "not in infra cache.\n"))
840 				return;
841 			continue; /* skip stuff not in infra cache */
842 		}
843 		if(!ssl_printf(ssl, "%s%s%s%srto %d msec, ttl %d, ping %d "
844 			"var %d rtt %d, tA %d, tAAAA %d, tother %d",
845 			lame?"LAME ":"", dlame?"NoDNSSEC ":"",
846 			a->lame?"AddrWasParentSide ":"",
847 			rlame?"NoAuthButRecursive ":"", rto, entry_ttl,
848 			ri.srtt, ri.rttvar, rtt_notimeout(&ri),
849 			tA, tAAAA, tother))
850 			return;
851 		if(delay)
852 			if(!ssl_printf(ssl, ", probedelay %d", delay))
853 				return;
854 		if(infra_host(worker->env.infra_cache, &a->addr, a->addrlen,
855 			dp->name, dp->namelen, *worker->env.now, &edns_vs,
856 			&edns_lame_known, &to)) {
857 			if(edns_vs == -1) {
858 				if(!ssl_printf(ssl, ", noEDNS%s.",
859 					edns_lame_known?" probed":" assumed"))
860 					return;
861 			} else {
862 				if(!ssl_printf(ssl, ", EDNS %d%s.", edns_vs,
863 					edns_lame_known?" probed":" assumed"))
864 					return;
865 			}
866 		}
867 		if(!ssl_printf(ssl, "\n"))
868 			return;
869 	}
870 }
871 
872 /** print main dp info */
873 static void
874 print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
875 {
876 	size_t i, n_ns, n_miss, n_addr, n_res, n_avail;
877 
878 	/* print the dp */
879 	if(msg)
880 	    for(i=0; i<msg->rep->rrset_count; i++) {
881 		struct ub_packed_rrset_key* k = msg->rep->rrsets[i];
882 		struct packed_rrset_data* d =
883 			(struct packed_rrset_data*)k->entry.data;
884 		if(d->security == sec_status_bogus) {
885 			if(!ssl_printf(ssl, "Address is BOGUS:\n"))
886 				return;
887 		}
888 		if(!dump_rrset(ssl, k, d, 0))
889 			return;
890 	    }
891 	delegpt_count_ns(dp, &n_ns, &n_miss);
892 	delegpt_count_addr(dp, &n_addr, &n_res, &n_avail);
893 	/* since dp has not been used by iterator, all are available*/
894 	if(!ssl_printf(ssl, "Delegation with %d names, of which %d "
895 		"can be examined to query further addresses.\n"
896 		"%sIt provides %d IP addresses.\n",
897 		(int)n_ns, (int)n_miss, (dp->bogus?"It is BOGUS. ":""),
898 		(int)n_addr))
899 		return;
900 }
901 
902 int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
903 	size_t nmlen, int ATTR_UNUSED(nmlabs))
904 {
905 	/* deep links into the iterator module */
906 	struct delegpt* dp;
907 	struct dns_msg* msg;
908 	struct regional* region = worker->scratchpad;
909 	char b[260];
910 	struct query_info qinfo;
911 	struct iter_hints_stub* stub;
912 	regional_free_all(region);
913 	qinfo.qname = nm;
914 	qinfo.qname_len = nmlen;
915 	qinfo.qtype = LDNS_RR_TYPE_A;
916 	qinfo.qclass = LDNS_RR_CLASS_IN;
917 
918 	dname_str(nm, b);
919 	if(!ssl_printf(ssl, "The following name servers are used for lookup "
920 		"of %s\n", b))
921 		return 0;
922 
923 	dp = forwards_lookup(worker->env.fwds, nm, qinfo.qclass);
924 	if(dp) {
925 		if(!ssl_printf(ssl, "forwarding request:\n"))
926 			return 0;
927 		print_dp_main(ssl, dp, NULL);
928 		print_dp_details(ssl, worker, dp);
929 		return 1;
930 	}
931 
932 	while(1) {
933 		dp = dns_cache_find_delegation(&worker->env, nm, nmlen,
934 			qinfo.qtype, qinfo.qclass, region, &msg,
935 			*worker->env.now);
936 		if(!dp) {
937 			return ssl_printf(ssl, "no delegation from "
938 				"cache; goes to configured roots\n");
939 		}
940 		/* go up? */
941 		if(iter_dp_is_useless(&qinfo, BIT_RD, dp)) {
942 			print_dp_main(ssl, dp, msg);
943 			print_dp_details(ssl, worker, dp);
944 			if(!ssl_printf(ssl, "cache delegation was "
945 				"useless (no IP addresses)\n"))
946 				return 0;
947 			if(dname_is_root(nm)) {
948 				/* goes to root config */
949 				return ssl_printf(ssl, "no delegation from "
950 					"cache; goes to configured roots\n");
951 			} else {
952 				/* useless, goes up */
953 				nm = dp->name;
954 				nmlen = dp->namelen;
955 				dname_remove_label(&nm, &nmlen);
956 				dname_str(nm, b);
957 				if(!ssl_printf(ssl, "going up, lookup %s\n", b))
958 					return 0;
959 				continue;
960 			}
961 		}
962 		stub = hints_lookup_stub(worker->env.hints, nm, qinfo.qclass,
963 			dp);
964 		if(stub) {
965 			if(stub->noprime) {
966 				if(!ssl_printf(ssl, "The noprime stub servers "
967 					"are used:\n"))
968 					return 0;
969 			} else {
970 				if(!ssl_printf(ssl, "The stub is primed "
971 						"with servers:\n"))
972 					return 0;
973 			}
974 			print_dp_main(ssl, stub->dp, NULL);
975 			print_dp_details(ssl, worker, stub->dp);
976 		} else {
977 			print_dp_main(ssl, dp, msg);
978 			print_dp_details(ssl, worker, dp);
979 		}
980 		break;
981 	}
982 
983 	return 1;
984 }
985