xref: /freebsd/contrib/unbound/dns64/dns64.c (revision 3fc36ee018bb836bd1796067cf4ef8683f166ebc)
1 /*
2  * dns64/dns64.c - DNS64 module
3  *
4  * Copyright (c) 2009, Viagénie. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of Viagénie nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
27  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33  * POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * This file contains a module that performs DNS64 query processing.
40  */
41 
42 #include "config.h"
43 #include "dns64/dns64.h"
44 #include "services/cache/dns.h"
45 #include "services/cache/rrset.h"
46 #include "util/config_file.h"
47 #include "util/data/msgreply.h"
48 #include "util/fptr_wlist.h"
49 #include "util/net_help.h"
50 #include "util/regional.h"
51 
52 /******************************************************************************
53  *                                                                            *
54  *                             STATIC CONSTANTS                               *
55  *                                                                            *
56  ******************************************************************************/
57 
58 /**
59  * This is the default DNS64 prefix that is used whent he dns64 module is listed
60  * in module-config but when the dns64-prefix variable is not present.
61  */
62 static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96";
63 
64 /**
65  * Maximum length of a domain name in a PTR query in the .in-addr.arpa tree.
66  */
67 #define MAX_PTR_QNAME_IPV4 30
68 
69 /**
70  * Per-query module-specific state. This is usually a dynamically-allocated
71  * structure, but in our case we only need to store one variable describing the
72  * state the query is in. So we repurpose the minfo pointer by storing an
73  * integer in there.
74  */
75 enum dns64_qstate {
76     DNS64_INTERNAL_QUERY,    /**< Internally-generated query, no DNS64
77                                   processing. */
78     DNS64_NEW_QUERY,         /**< Query for which we're the first module in
79                                   line. */
80     DNS64_SUBQUERY_FINISHED  /**< Query for which we generated a sub-query, and
81                                   for which this sub-query is finished. */
82 };
83 
84 
85 /******************************************************************************
86  *                                                                            *
87  *                                 STRUCTURES                                 *
88  *                                                                            *
89  ******************************************************************************/
90 
91 /**
92  * This structure contains module configuration information. One instance of
93  * this structure exists per instance of the module. Normally there is only one
94  * instance of the module.
95  */
96 struct dns64_env {
97     /**
98      * DNS64 prefix address. We're using a full sockaddr instead of just an
99      * in6_addr because we can reuse Unbound's generic string parsing functions.
100      * It will always contain a sockaddr_in6, and only the sin6_addr member will
101      * ever be used.
102      */
103     struct sockaddr_storage prefix_addr;
104 
105     /**
106      * This is always sizeof(sockaddr_in6).
107      */
108     socklen_t prefix_addrlen;
109 
110     /**
111      * This is the CIDR length of the prefix. It needs to be between 0 and 96.
112      */
113     int prefix_net;
114 };
115 
116 
117 /******************************************************************************
118  *                                                                            *
119  *                             UTILITY FUNCTIONS                              *
120  *                                                                            *
121  ******************************************************************************/
122 
123 /**
124  * Generic macro for swapping two variables.
125  *
126  * \param t Type of the variables. (e.g. int)
127  * \param a First variable.
128  * \param b Second variable.
129  *
130  * \warning Do not attempt something foolish such as swap(int,a++,b++)!
131  */
132 #define swap(t,a,b) do {t x = a; a = b; b = x;} while(0)
133 
134 /**
135  * Reverses a string.
136  *
137  * \param begin Points to the first character of the string.
138  * \param end   Points one past the last character of the string.
139  */
140 static void
141 reverse(char* begin, char* end)
142 {
143     while ( begin < --end ) {
144         swap(char, *begin, *end);
145         ++begin;
146     }
147 }
148 
149 /**
150  * Convert an unsigned integer to a string. The point of this function is that
151  * of being faster than sprintf().
152  *
153  * \param n The number to be converted.
154  * \param s The result will be written here. Must be large enough, be careful!
155  *
156  * \return The number of characters written.
157  */
158 static int
159 uitoa(unsigned n, char* s)
160 {
161     char* ss = s;
162     do {
163         *ss++ = '0' + n % 10;
164     } while (n /= 10);
165     reverse(s, ss);
166     return ss - s;
167 }
168 
169 /**
170  * Extract an IPv4 address embedded in the IPv6 address \a ipv6 at offset \a
171  * offset (in bits). Note that bits are not necessarily aligned on bytes so we
172  * need to be careful.
173  *
174  * \param ipv6   IPv6 address represented as a 128-bit array in big-endian
175  *               order.
176  * \param offset Index of the MSB of the IPv4 address embedded in the IPv6
177  *               address.
178  */
179 static uint32_t
180 extract_ipv4(const uint8_t ipv6[16], const int offset)
181 {
182     uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8))
183                   | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8))
184                   | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8))
185                   | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8));
186     if (offset/8+4 < 16)
187         ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8);
188     return ipv4;
189 }
190 
191 /**
192  * Builds the PTR query name corresponding to an IPv4 address. For example,
193  * given the number 3,464,175,361, this will build the string
194  * "\03206\03123\0231\011\07in-addr\04arpa".
195  *
196  * \param ipv4 IPv4 address represented as an unsigned 32-bit number.
197  * \param ptr  The result will be written here. Must be large enough, be
198  *             careful!
199  *
200  * \return The number of characters written.
201  */
202 static size_t
203 ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4])
204 {
205     static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa";
206     int i;
207     char* c = ptr;
208 
209     for (i = 0; i < 4; ++i) {
210         *c = uitoa((unsigned int)(ipv4 % 256), c + 1);
211         c += *c + 1;
212         ipv4 /= 256;
213     }
214 
215     memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX));
216 
217     return c + sizeof(IPV4_PTR_SUFFIX) - ptr;
218 }
219 
220 /**
221  * Converts an IPv6-related domain name string from a PTR query into an IPv6
222  * address represented as a 128-bit array.
223  *
224  * \param ptr  The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa")
225  * \param ipv6 The result will be written here, in network byte order.
226  *
227  * \return 1 on success, 0 on failure.
228  */
229 static int
230 ptr_to_ipv6(const char* ptr, uint8_t ipv6[16])
231 {
232     int i;
233 
234     for (i = 0; i < 64; i++) {
235         int x;
236 
237         if (ptr[i++] != 1)
238             return 0;
239 
240         if (ptr[i] >= '0' && ptr[i] <= '9') {
241             x = ptr[i] - '0';
242         } else if (ptr[i] >= 'a' && ptr[i] <= 'f') {
243             x = ptr[i] - 'a' + 10;
244         } else if (ptr[i] >= 'A' && ptr[i] <= 'F') {
245             x = ptr[i] - 'A' + 10;
246         } else {
247             return 0;
248         }
249 
250         ipv6[15-i/4] |= x << (2 * ((i-1) % 4));
251     }
252 
253     return 1;
254 }
255 
256 /**
257  * Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix.
258  *
259  * \param prefix_addr DNS64 prefix address.
260  * \param prefix_net  CIDR length of the DNS64 prefix. Must be between 0 and 96.
261  * \param a           IPv4 address.
262  * \param aaaa        IPv6 address. The result will be written here.
263  */
264 static void
265 synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net,
266         const uint8_t a[4], uint8_t aaaa[16])
267 {
268     memcpy(aaaa, prefix_addr, 16);
269     aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8);
270     aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8);
271     aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8);
272     aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8);
273     aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8);
274     aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8);
275     aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8);
276     if (prefix_net/8+4 < 16)  /* <-- my beautiful symmetry is destroyed! */
277     aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8);
278 }
279 
280 
281 /******************************************************************************
282  *                                                                            *
283  *                           DNS64 MODULE FUNCTIONS                           *
284  *                                                                            *
285  ******************************************************************************/
286 
287 /**
288  * This function applies the configuration found in the parsed configuration
289  * file \a cfg to this instance of the dns64 module. Currently only the DNS64
290  * prefix (a.k.a. Pref64) is configurable.
291  *
292  * \param dns64_env Module-specific global parameters.
293  * \param cfg       Parsed configuration file.
294  */
295 static int
296 dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg)
297 {
298     verbose(VERB_ALGO, "dns64-prefix: %s", cfg->dns64_prefix);
299     if (!netblockstrtoaddr(cfg->dns64_prefix ? cfg->dns64_prefix :
300                 DEFAULT_DNS64_PREFIX, 0, &dns64_env->prefix_addr,
301                 &dns64_env->prefix_addrlen, &dns64_env->prefix_net)) {
302         log_err("cannot parse dns64-prefix netblock: %s", cfg->dns64_prefix);
303         return 0;
304     }
305     if (!addr_is_ip6(&dns64_env->prefix_addr, dns64_env->prefix_addrlen)) {
306         log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix);
307         return 0;
308     }
309     if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) {
310         log_err("dns64-prefix length it not between 0 and 96: %s",
311                 cfg->dns64_prefix);
312         return 0;
313     }
314     return 1;
315 }
316 
317 /**
318  * Initializes this instance of the dns64 module.
319  *
320  * \param env Global state of all module instances.
321  * \param id  This instance's ID number.
322  */
323 int
324 dns64_init(struct module_env* env, int id)
325 {
326     struct dns64_env* dns64_env =
327         (struct dns64_env*)calloc(1, sizeof(struct dns64_env));
328     if (!dns64_env) {
329         log_err("malloc failure");
330         return 0;
331     }
332 	env->modinfo[id] = (void*)dns64_env;
333     if (!dns64_apply_cfg(dns64_env, env->cfg)) {
334         log_err("dns64: could not apply configuration settings.");
335         return 0;
336     }
337     return 1;
338 }
339 
340 /**
341  * Deinitializes this instance of the dns64 module.
342  *
343  * \param env Global state of all module instances.
344  * \param id  This instance's ID number.
345  */
346 void
347 dns64_deinit(struct module_env* env, int id)
348 {
349     if (!env)
350         return;
351     free(env->modinfo[id]);
352     env->modinfo[id] = NULL;
353 }
354 
355 /**
356  * Handle PTR queries for IPv6 addresses. If the address belongs to the DNS64
357  * prefix, we must do a PTR query for the corresponding IPv4 address instead.
358  *
359  * \param qstate Query state structure.
360  * \param id     This module instance's ID number.
361  *
362  * \return The new state of the query.
363  */
364 static enum module_ext_state
365 handle_ipv6_ptr(struct module_qstate* qstate, int id)
366 {
367     struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id];
368     struct module_qstate* subq = NULL;
369     struct query_info qinfo;
370     struct sockaddr_in6 sin6;
371 
372     /* Convert the PTR query string to an IPv6 address. */
373     memset(&sin6, 0, sizeof(sin6));
374     sin6.sin6_family = AF_INET6;
375     if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr))
376         return module_wait_module;  /* Let other module handle this. */
377 
378     /*
379      * If this IPv6 address is not part of our DNS64 prefix, then we don't need
380      * to do anything. Let another module handle the query.
381      */
382     if (addr_in_common((struct sockaddr_storage*)&sin6, 128,
383                 &dns64_env->prefix_addr, dns64_env->prefix_net,
384                 (socklen_t)sizeof(sin6)) != dns64_env->prefix_net)
385         return module_wait_module;
386 
387     verbose(VERB_ALGO, "dns64: rewrite PTR record");
388 
389     /*
390      * Create a new PTR query info for the domain name corresponding to the IPv4
391      * address corresponding to the IPv6 address corresponding to the original
392      * PTR query domain name.
393      */
394     qinfo = qstate->qinfo;
395     if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4)))
396         return module_error;
397     qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr,
398                 dns64_env->prefix_net), (char*)qinfo.qname);
399 
400     /* Create the new sub-query. */
401     fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
402     if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, 0,
403                 &subq))
404         return module_error;
405     if (subq) {
406         subq->curmod = id;
407         subq->ext_state[id] = module_state_initial;
408         subq->minfo[id] = NULL;
409     }
410 
411     return module_wait_subquery;
412 }
413 
414 /** allocate (special) rrset keys, return 0 on error */
415 static int
416 repinfo_alloc_rrset_keys(struct reply_info* rep,
417 	struct regional* region)
418 {
419 	size_t i;
420 	for(i=0; i<rep->rrset_count; i++) {
421 		if(region) {
422 			rep->rrsets[i] = (struct ub_packed_rrset_key*)
423 				regional_alloc(region,
424 				sizeof(struct ub_packed_rrset_key));
425 			if(rep->rrsets[i]) {
426 				memset(rep->rrsets[i], 0,
427 					sizeof(struct ub_packed_rrset_key));
428 				rep->rrsets[i]->entry.key = rep->rrsets[i];
429 			}
430 		}
431 		else return 0;/*	rep->rrsets[i] = alloc_special_obtain(alloc);*/
432 		if(!rep->rrsets[i])
433 			return 0;
434 		rep->rrsets[i]->entry.data = NULL;
435 	}
436 	return 1;
437 }
438 
439 static enum module_ext_state
440 generate_type_A_query(struct module_qstate* qstate, int id)
441 {
442 	struct module_qstate* subq = NULL;
443 	struct query_info qinfo;
444 
445 	verbose(VERB_ALGO, "dns64: query A record");
446 
447 	/* Create a new query info. */
448 	qinfo = qstate->qinfo;
449 	qinfo.qtype = LDNS_RR_TYPE_A;
450 
451 	/* Start the sub-query. */
452 	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
453 	if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0,
454 				       0, &subq))
455 	{
456 		verbose(VERB_ALGO, "dns64: sub-query creation failed");
457 		return module_error;
458 	}
459 	if (subq) {
460 		subq->curmod = id;
461 		subq->ext_state[id] = module_state_initial;
462 		subq->minfo[id] = NULL;
463 	}
464 
465 	return module_wait_subquery;
466 }
467 
468 /**
469  * Handles the "pass" event for a query. This event is received when a new query
470  * is received by this module. The query may have been generated internally by
471  * another module, in which case we don't want to do any special processing
472  * (this is an interesting discussion topic),  or it may be brand new, e.g.
473  * received over a socket, in which case we do want to apply DNS64 processing.
474  *
475  * \param qstate A structure representing the state of the query that has just
476  *               received the "pass" event.
477  * \param id     This module's instance ID.
478  *
479  * \return The new state of the query.
480  */
481 static enum module_ext_state
482 handle_event_pass(struct module_qstate* qstate, int id)
483 {
484 	if ((uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY
485             && qstate->qinfo.qtype == LDNS_RR_TYPE_PTR
486             && qstate->qinfo.qname_len == 74
487             && !strcmp((char*)&qstate->qinfo.qname[64], "\03ip6\04arpa"))
488         /* Handle PTR queries for IPv6 addresses. */
489         return handle_ipv6_ptr(qstate, id);
490 
491 	if (qstate->env->cfg->dns64_synthall &&
492 	    (uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY
493 	    && qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA)
494 		return generate_type_A_query(qstate, id);
495 
496 	/* We are finished when our sub-query is finished. */
497 	if ((uintptr_t)qstate->minfo[id] == DNS64_SUBQUERY_FINISHED)
498 		return module_finished;
499 
500 	/* Otherwise, pass request to next module. */
501 	verbose(VERB_ALGO, "dns64: pass to next module");
502 	return module_wait_module;
503 }
504 
505 /**
506  * Handles the "done" event for a query. We need to analyze the response and
507  * maybe issue a new sub-query for the A record.
508  *
509  * \param qstate A structure representing the state of the query that has just
510  *               received the "pass" event.
511  * \param id     This module's instance ID.
512  *
513  * \return The new state of the query.
514  */
515 static enum module_ext_state
516 handle_event_moddone(struct module_qstate* qstate, int id)
517 {
518     /*
519      * In many cases we have nothing special to do. From most to least common:
520      *
521      *   - An internal query.
522      *   - A query for a record type other than AAAA.
523      *   - CD FLAG was set on querier
524      *   - An AAAA query for which an error was returned.(qstate.return_rcode)
525      *     -> treated as servfail thus synthesize (sec 5.1.3 6147), thus
526      *        synthesize in (sec 5.1.2 of RFC6147).
527      *   - A successful AAAA query with an answer.
528      */
529 	if ( (enum dns64_qstate)qstate->minfo[id] == DNS64_INTERNAL_QUERY
530             || qstate->qinfo.qtype != LDNS_RR_TYPE_AAAA
531 	    || (qstate->query_flags & BIT_CD)
532 	    || (qstate->return_msg &&
533 		    qstate->return_msg->rep &&
534 		    reply_find_answer_rrset(&qstate->qinfo,
535 			    qstate->return_msg->rep)))
536 		return module_finished;
537 
538     /* So, this is a AAAA noerror/nodata answer */
539 	return generate_type_A_query(qstate, id);
540 }
541 
542 /**
543  * This is the module's main() function. It gets called each time a query
544  * receives an event which we may need to handle. We respond by updating the
545  * state of the query.
546  *
547  * \param qstate   Structure containing the state of the query.
548  * \param event    Event that has just been received.
549  * \param id       This module's instance ID.
550  * \param outbound State of a DNS query on an authoritative server. We never do
551  *                 our own queries ourselves (other modules do it for us), so
552  *                 this is unused.
553  */
554 void
555 dns64_operate(struct module_qstate* qstate, enum module_ev event, int id,
556 		struct outbound_entry* outbound)
557 {
558 	(void)outbound;
559 	verbose(VERB_QUERY, "dns64[module %d] operate: extstate:%s event:%s",
560 			id, strextstate(qstate->ext_state[id]),
561 			strmodulevent(event));
562 	log_query_info(VERB_QUERY, "dns64 operate: query", &qstate->qinfo);
563 
564 	switch(event) {
565 		case module_event_new:
566 			/* Tag this query as being new and fall through. */
567 			qstate->minfo[id] = (void*)DNS64_NEW_QUERY;
568 		case module_event_pass:
569 			qstate->ext_state[id] = handle_event_pass(qstate, id);
570 			break;
571 		case module_event_moddone:
572 			qstate->ext_state[id] = handle_event_moddone(qstate, id);
573 			break;
574 		default:
575 			qstate->ext_state[id] = module_finished;
576 			break;
577 	}
578 }
579 
580 static void
581 dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
582 		      const struct packed_rrset_data* fd,
583 		      struct ub_packed_rrset_key *dk,
584 		      struct packed_rrset_data **dd_out, struct regional *region,
585 		      struct dns64_env* dns64_env )
586 {
587 	struct packed_rrset_data *dd;
588 	size_t i;
589 	/*
590 	 * Create synthesized AAAA RR set data. We need to allocated extra memory
591 	 * for the RRs themselves. Each RR has a length, TTL, pointer to wireformat
592 	 * data, 2 bytes of data length, and 16 bytes of IPv6 address.
593 	 */
594 	if(fd->count > RR_COUNT_MAX) {
595 		*dd_out = NULL;
596 		return; /* integer overflow protection in alloc */
597 	}
598 	if (!(dd = *dd_out = regional_alloc(region,
599 		  sizeof(struct packed_rrset_data)
600 		  + fd->count * (sizeof(size_t) + sizeof(time_t) +
601 			     sizeof(uint8_t*) + 2 + 16)))) {
602 		log_err("out of memory");
603 		return;
604 	}
605 
606 	/* Copy attributes from A RR set. */
607 	dd->ttl = fd->ttl;
608 	dd->count = fd->count;
609 	dd->rrsig_count = 0;
610 	dd->trust = fd->trust;
611 	dd->security = fd->security;
612 
613 	/*
614 	 * Synthesize AAAA records. Adjust pointers in structure.
615 	 */
616 	dd->rr_len =
617 	    (size_t*)((uint8_t*)dd + sizeof(struct packed_rrset_data));
618 	dd->rr_data = (uint8_t**)&dd->rr_len[dd->count];
619 	dd->rr_ttl = (time_t*)&dd->rr_data[dd->count];
620 	for(i = 0; i < fd->count; ++i) {
621 		if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0
622 		    || fd->rr_data[i][1] != 4) {
623 			*dd_out = NULL;
624 			return;
625 		}
626 		dd->rr_len[i] = 18;
627 		dd->rr_data[i] =
628 		    (uint8_t*)&dd->rr_ttl[dd->count] + 18*i;
629 		dd->rr_data[i][0] = 0;
630 		dd->rr_data[i][1] = 16;
631 		synthesize_aaaa(
632 				((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr,
633 				dns64_env->prefix_net, &fd->rr_data[i][2],
634 				&dd->rr_data[i][2] );
635 		dd->rr_ttl[i] = fd->rr_ttl[i];
636 	}
637 
638 	/*
639 	 * Create synthesized AAAA RR set key. This is mostly just bookkeeping,
640 	 * nothing interesting here.
641 	 */
642 	if(!dk) {
643 		log_err("no key");
644 		*dd_out = NULL;
645 		return;
646 	}
647 
648 	dk->rk.dname = (uint8_t*)regional_alloc_init(region,
649 		     fk->rk.dname, fk->rk.dname_len);
650 
651 	if(!dk->rk.dname) {
652 		log_err("out of memory");
653 		*dd_out = NULL;
654 		return;
655 	}
656 
657 	dk->rk.type = htons(LDNS_RR_TYPE_AAAA);
658 	memset(&dk->entry, 0, sizeof(dk->entry));
659 	dk->entry.key = dk;
660 	dk->entry.hash = rrset_key_hash(&dk->rk);
661 	dk->entry.data = dd;
662 
663 }
664 
665 /**
666  * Synthesize an AAAA RR set from an A sub-query's answer and add it to the
667  * original empty response.
668  *
669  * \param id     This module's instance ID.
670  * \param super  Original AAAA query.
671  * \param qstate A query.
672  */
673 static void
674 dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate)
675 {
676 	struct dns64_env* dns64_env = (struct dns64_env*)super->env->modinfo[id];
677 	struct reply_info *rep, *cp;
678 	size_t i, s;
679 	struct packed_rrset_data* fd, *dd;
680 	struct ub_packed_rrset_key* fk, *dk;
681 
682 	verbose(VERB_ALGO, "converting A answers to AAAA answers");
683 
684 	log_assert(super->region);
685 	log_assert(qstate->return_msg);
686 	log_assert(qstate->return_msg->rep);
687 
688 	/* If dns64-synthall is enabled, return_msg is not initialized */
689 	if(!super->return_msg) {
690 		super->return_msg = (struct dns_msg*)regional_alloc(
691 		    super->region, sizeof(struct dns_msg));
692 		if(!super->return_msg)
693 			return;
694 		memset(super->return_msg, 0, sizeof(*super->return_msg));
695 		super->return_msg->qinfo = super->qinfo;
696 	}
697 
698 	rep = qstate->return_msg->rep;
699 
700 	/*
701 	 * Build the actual reply.
702 	 */
703 	cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount,
704 		rep->ttl, rep->prefetch_ttl, rep->an_numrrsets, rep->ns_numrrsets,
705 		rep->ar_numrrsets, rep->rrset_count, rep->security);
706 	if(!cp)
707 		return;
708 
709 	/* allocate ub_key structures special or not */
710 	if(!repinfo_alloc_rrset_keys(cp, super->region)) {
711 		return;
712 	}
713 
714 	/* copy everything and replace A by AAAA */
715 	for(i=0; i<cp->rrset_count; i++) {
716 		fk = rep->rrsets[i];
717 		dk = cp->rrsets[i];
718 		fd = (struct packed_rrset_data*)fk->entry.data;
719 		dk->rk = fk->rk;
720 		dk->id = fk->id;
721 
722 		if(i<rep->an_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) {
723 			/* also sets dk->entry.hash */
724 			dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env);
725 			if(!dd)
726 				return;
727 			/* Delete negative AAAA record from cache stored by
728 			 * the iterator module */
729 			rrset_cache_remove(super->env->rrset_cache, dk->rk.dname,
730 					   dk->rk.dname_len, LDNS_RR_TYPE_AAAA,
731 					   LDNS_RR_CLASS_IN, 0);
732 		} else {
733 			dk->entry.hash = fk->entry.hash;
734 			dk->rk.dname = (uint8_t*)regional_alloc_init(super->region,
735 				fk->rk.dname, fk->rk.dname_len);
736 
737 			if(!dk->rk.dname)
738 				return;
739 
740 			s = packed_rrset_sizeof(fd);
741 			dd = (struct packed_rrset_data*)regional_alloc_init(
742 				super->region, fd, s);
743 
744 			if(!dd)
745 				return;
746 		}
747 
748 		packed_rrset_ptr_fixup(dd);
749 		dk->entry.data = (void*)dd;
750 	}
751 
752 	/* Commit changes. */
753 	super->return_msg->rep = cp;
754 }
755 
756 /**
757  * Generate a response for the original IPv6 PTR query based on an IPv4 PTR
758  * sub-query's response.
759  *
760  * \param qstate IPv4 PTR sub-query.
761  * \param super  Original IPv6 PTR query.
762  */
763 static void
764 dns64_adjust_ptr(struct module_qstate* qstate, struct module_qstate* super)
765 {
766     struct ub_packed_rrset_key* answer;
767 
768     verbose(VERB_ALGO, "adjusting PTR reply");
769 
770     /* Copy the sub-query's reply to the parent. */
771     if (!(super->return_msg = (struct dns_msg*)regional_alloc(super->region,
772                     sizeof(struct dns_msg))))
773         return;
774     super->return_msg->qinfo = super->qinfo;
775     super->return_msg->rep = reply_info_copy(qstate->return_msg->rep, NULL,
776             super->region);
777 
778     /*
779      * Adjust the domain name of the answer RR set so that it matches the
780      * initial query's domain name.
781      */
782     answer = reply_find_answer_rrset(&qstate->qinfo, super->return_msg->rep);
783     log_assert(answer);
784     answer->rk.dname = super->qinfo.qname;
785     answer->rk.dname_len = super->qinfo.qname_len;
786 }
787 
788 /**
789  * This function is called when a sub-query finishes to inform the parent query.
790  *
791  * We issue two kinds of sub-queries: PTR and A.
792  *
793  * \param qstate State of the sub-query.
794  * \param id     This module's instance ID.
795  * \param super  State of the super-query.
796  */
797 void
798 dns64_inform_super(struct module_qstate* qstate, int id,
799 		struct module_qstate* super)
800 {
801 	log_query_info(VERB_ALGO, "dns64: inform_super, sub is",
802 		       &qstate->qinfo);
803 	log_query_info(VERB_ALGO, "super is", &super->qinfo);
804 
805 	/*
806 	 * Signal that the sub-query is finished, no matter whether we are
807 	 * successful or not. This lets the state machine terminate.
808 	 */
809 	super->minfo[id] = (void*)DNS64_SUBQUERY_FINISHED;
810 
811 	/* If there is no successful answer, we're done. */
812 	if (qstate->return_rcode != LDNS_RCODE_NOERROR
813 	    || !qstate->return_msg
814 	    || !qstate->return_msg->rep
815 	    || !reply_find_answer_rrset(&qstate->qinfo,
816 					qstate->return_msg->rep))
817 		return;
818 
819 	/* Generate a response suitable for the original query. */
820 	if (qstate->qinfo.qtype == LDNS_RR_TYPE_A) {
821 		dns64_adjust_a(id, super, qstate);
822 	} else {
823 		log_assert(qstate->qinfo.qtype == LDNS_RR_TYPE_PTR);
824 		dns64_adjust_ptr(qstate, super);
825 	}
826 
827 	/* Store the generated response in cache. */
828 	if (!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep,
829 	    0, 0, 0, NULL, super->query_flags))
830 		log_err("out of memory");
831 }
832 
833 /**
834  * Clear module-specific data from query state. Since we do not allocate memory,
835  * it's just a matter of setting a pointer to NULL.
836  *
837  * \param qstate Query state.
838  * \param id     This module's instance ID.
839  */
840 void
841 dns64_clear(struct module_qstate* qstate, int id)
842 {
843     qstate->minfo[id] = NULL;
844 }
845 
846 /**
847  * Returns the amount of global memory that this module uses, not including
848  * per-query data.
849  *
850  * \param env Module environment.
851  * \param id  This module's instance ID.
852  */
853 size_t
854 dns64_get_mem(struct module_env* env, int id)
855 {
856     struct dns64_env* dns64_env = (struct dns64_env*)env->modinfo[id];
857     if (!dns64_env)
858         return 0;
859     return sizeof(*dns64_env);
860 }
861 
862 /**
863  * The dns64 function block.
864  */
865 static struct module_func_block dns64_block = {
866 	"dns64",
867 	&dns64_init, &dns64_deinit, &dns64_operate, &dns64_inform_super,
868 	&dns64_clear, &dns64_get_mem
869 };
870 
871 /**
872  * Function for returning the above function block.
873  */
874 struct module_func_block *
875 dns64_get_funcblock()
876 {
877 	return &dns64_block;
878 }
879