1 /* 2 * dns64/dns64.c - DNS64 module 3 * 4 * Copyright (c) 2009, Viagénie. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of Viagénie nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains a module that performs DNS64 query processing. 40 */ 41 42 #include "config.h" 43 #include "dns64/dns64.h" 44 #include "services/cache/dns.h" 45 #include "services/cache/rrset.h" 46 #include "util/config_file.h" 47 #include "util/data/msgreply.h" 48 #include "util/fptr_wlist.h" 49 #include "util/net_help.h" 50 #include "util/regional.h" 51 52 /****************************************************************************** 53 * * 54 * STATIC CONSTANTS * 55 * * 56 ******************************************************************************/ 57 58 /** 59 * This is the default DNS64 prefix that is used whent he dns64 module is listed 60 * in module-config but when the dns64-prefix variable is not present. 61 */ 62 static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96"; 63 64 /** 65 * Maximum length of a domain name in a PTR query in the .in-addr.arpa tree. 66 */ 67 #define MAX_PTR_QNAME_IPV4 30 68 69 /** 70 * Per-query module-specific state. This is usually a dynamically-allocated 71 * structure, but in our case we only need to store one variable describing the 72 * state the query is in. So we repurpose the minfo pointer by storing an 73 * integer in there. 74 */ 75 enum dns64_qstate { 76 DNS64_INTERNAL_QUERY, /**< Internally-generated query, no DNS64 77 processing. */ 78 DNS64_NEW_QUERY, /**< Query for which we're the first module in 79 line. */ 80 DNS64_SUBQUERY_FINISHED /**< Query for which we generated a sub-query, and 81 for which this sub-query is finished. */ 82 }; 83 84 85 /****************************************************************************** 86 * * 87 * STRUCTURES * 88 * * 89 ******************************************************************************/ 90 91 /** 92 * This structure contains module configuration information. One instance of 93 * this structure exists per instance of the module. Normally there is only one 94 * instance of the module. 95 */ 96 struct dns64_env { 97 /** 98 * DNS64 prefix address. We're using a full sockaddr instead of just an 99 * in6_addr because we can reuse Unbound's generic string parsing functions. 100 * It will always contain a sockaddr_in6, and only the sin6_addr member will 101 * ever be used. 102 */ 103 struct sockaddr_storage prefix_addr; 104 105 /** 106 * This is always sizeof(sockaddr_in6). 107 */ 108 socklen_t prefix_addrlen; 109 110 /** 111 * This is the CIDR length of the prefix. It needs to be between 0 and 96. 112 */ 113 int prefix_net; 114 }; 115 116 117 /****************************************************************************** 118 * * 119 * UTILITY FUNCTIONS * 120 * * 121 ******************************************************************************/ 122 123 /** 124 * Generic macro for swapping two variables. 125 * 126 * \param t Type of the variables. (e.g. int) 127 * \param a First variable. 128 * \param b Second variable. 129 * 130 * \warning Do not attempt something foolish such as swap(int,a++,b++)! 131 */ 132 #define swap(t,a,b) do {t x = a; a = b; b = x;} while(0) 133 134 /** 135 * Reverses a string. 136 * 137 * \param begin Points to the first character of the string. 138 * \param end Points one past the last character of the string. 139 */ 140 static void 141 reverse(char* begin, char* end) 142 { 143 while ( begin < --end ) { 144 swap(char, *begin, *end); 145 ++begin; 146 } 147 } 148 149 /** 150 * Convert an unsigned integer to a string. The point of this function is that 151 * of being faster than sprintf(). 152 * 153 * \param n The number to be converted. 154 * \param s The result will be written here. Must be large enough, be careful! 155 * 156 * \return The number of characters written. 157 */ 158 static int 159 uitoa(unsigned n, char* s) 160 { 161 char* ss = s; 162 do { 163 *ss++ = '0' + n % 10; 164 } while (n /= 10); 165 reverse(s, ss); 166 return ss - s; 167 } 168 169 /** 170 * Extract an IPv4 address embedded in the IPv6 address \a ipv6 at offset \a 171 * offset (in bits). Note that bits are not necessarily aligned on bytes so we 172 * need to be careful. 173 * 174 * \param ipv6 IPv6 address represented as a 128-bit array in big-endian 175 * order. 176 * \param offset Index of the MSB of the IPv4 address embedded in the IPv6 177 * address. 178 */ 179 static uint32_t 180 extract_ipv4(const uint8_t ipv6[16], const int offset) 181 { 182 uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) 183 | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) 184 | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) 185 | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); 186 if (offset/8+4 < 16) 187 ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8); 188 return ipv4; 189 } 190 191 /** 192 * Builds the PTR query name corresponding to an IPv4 address. For example, 193 * given the number 3,464,175,361, this will build the string 194 * "\03206\03123\0231\011\07in-addr\04arpa". 195 * 196 * \param ipv4 IPv4 address represented as an unsigned 32-bit number. 197 * \param ptr The result will be written here. Must be large enough, be 198 * careful! 199 * 200 * \return The number of characters written. 201 */ 202 static size_t 203 ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) 204 { 205 static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa"; 206 int i; 207 char* c = ptr; 208 209 for (i = 0; i < 4; ++i) { 210 *c = uitoa((unsigned int)(ipv4 % 256), c + 1); 211 c += *c + 1; 212 ipv4 /= 256; 213 } 214 215 memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX)); 216 217 return c + sizeof(IPV4_PTR_SUFFIX) - ptr; 218 } 219 220 /** 221 * Converts an IPv6-related domain name string from a PTR query into an IPv6 222 * address represented as a 128-bit array. 223 * 224 * \param ptr The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa") 225 * \param ipv6 The result will be written here, in network byte order. 226 * 227 * \return 1 on success, 0 on failure. 228 */ 229 static int 230 ptr_to_ipv6(const char* ptr, uint8_t ipv6[16]) 231 { 232 int i; 233 234 for (i = 0; i < 64; i++) { 235 int x; 236 237 if (ptr[i++] != 1) 238 return 0; 239 240 if (ptr[i] >= '0' && ptr[i] <= '9') { 241 x = ptr[i] - '0'; 242 } else if (ptr[i] >= 'a' && ptr[i] <= 'f') { 243 x = ptr[i] - 'a' + 10; 244 } else if (ptr[i] >= 'A' && ptr[i] <= 'F') { 245 x = ptr[i] - 'A' + 10; 246 } else { 247 return 0; 248 } 249 250 ipv6[15-i/4] |= x << (2 * ((i-1) % 4)); 251 } 252 253 return 1; 254 } 255 256 /** 257 * Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix. 258 * 259 * \param prefix_addr DNS64 prefix address. 260 * \param prefix_net CIDR length of the DNS64 prefix. Must be between 0 and 96. 261 * \param a IPv4 address. 262 * \param aaaa IPv6 address. The result will be written here. 263 */ 264 static void 265 synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net, 266 const uint8_t a[4], uint8_t aaaa[16]) 267 { 268 memcpy(aaaa, prefix_addr, 16); 269 aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8); 270 aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8); 271 aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8); 272 aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8); 273 aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8); 274 aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8); 275 aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8); 276 if (prefix_net/8+4 < 16) /* <-- my beautiful symmetry is destroyed! */ 277 aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8); 278 } 279 280 281 /****************************************************************************** 282 * * 283 * DNS64 MODULE FUNCTIONS * 284 * * 285 ******************************************************************************/ 286 287 /** 288 * This function applies the configuration found in the parsed configuration 289 * file \a cfg to this instance of the dns64 module. Currently only the DNS64 290 * prefix (a.k.a. Pref64) is configurable. 291 * 292 * \param dns64_env Module-specific global parameters. 293 * \param cfg Parsed configuration file. 294 */ 295 static int 296 dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg) 297 { 298 verbose(VERB_ALGO, "dns64-prefix: %s", cfg->dns64_prefix); 299 if (!netblockstrtoaddr(cfg->dns64_prefix ? cfg->dns64_prefix : 300 DEFAULT_DNS64_PREFIX, 0, &dns64_env->prefix_addr, 301 &dns64_env->prefix_addrlen, &dns64_env->prefix_net)) { 302 log_err("cannot parse dns64-prefix netblock: %s", cfg->dns64_prefix); 303 return 0; 304 } 305 if (!addr_is_ip6(&dns64_env->prefix_addr, dns64_env->prefix_addrlen)) { 306 log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix); 307 return 0; 308 } 309 if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) { 310 log_err("dns64-prefix length it not between 0 and 96: %s", 311 cfg->dns64_prefix); 312 return 0; 313 } 314 return 1; 315 } 316 317 /** 318 * Initializes this instance of the dns64 module. 319 * 320 * \param env Global state of all module instances. 321 * \param id This instance's ID number. 322 */ 323 int 324 dns64_init(struct module_env* env, int id) 325 { 326 struct dns64_env* dns64_env = 327 (struct dns64_env*)calloc(1, sizeof(struct dns64_env)); 328 if (!dns64_env) { 329 log_err("malloc failure"); 330 return 0; 331 } 332 env->modinfo[id] = (void*)dns64_env; 333 if (!dns64_apply_cfg(dns64_env, env->cfg)) { 334 log_err("dns64: could not apply configuration settings."); 335 return 0; 336 } 337 return 1; 338 } 339 340 /** 341 * Deinitializes this instance of the dns64 module. 342 * 343 * \param env Global state of all module instances. 344 * \param id This instance's ID number. 345 */ 346 void 347 dns64_deinit(struct module_env* env, int id) 348 { 349 if (!env) 350 return; 351 free(env->modinfo[id]); 352 env->modinfo[id] = NULL; 353 } 354 355 /** 356 * Handle PTR queries for IPv6 addresses. If the address belongs to the DNS64 357 * prefix, we must do a PTR query for the corresponding IPv4 address instead. 358 * 359 * \param qstate Query state structure. 360 * \param id This module instance's ID number. 361 * 362 * \return The new state of the query. 363 */ 364 static enum module_ext_state 365 handle_ipv6_ptr(struct module_qstate* qstate, int id) 366 { 367 struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id]; 368 struct module_qstate* subq = NULL; 369 struct query_info qinfo; 370 struct sockaddr_in6 sin6; 371 372 /* Convert the PTR query string to an IPv6 address. */ 373 memset(&sin6, 0, sizeof(sin6)); 374 sin6.sin6_family = AF_INET6; 375 if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr)) 376 return module_wait_module; /* Let other module handle this. */ 377 378 /* 379 * If this IPv6 address is not part of our DNS64 prefix, then we don't need 380 * to do anything. Let another module handle the query. 381 */ 382 if (addr_in_common((struct sockaddr_storage*)&sin6, 128, 383 &dns64_env->prefix_addr, dns64_env->prefix_net, 384 (socklen_t)sizeof(sin6)) != dns64_env->prefix_net) 385 return module_wait_module; 386 387 verbose(VERB_ALGO, "dns64: rewrite PTR record"); 388 389 /* 390 * Create a new PTR query info for the domain name corresponding to the IPv4 391 * address corresponding to the IPv6 address corresponding to the original 392 * PTR query domain name. 393 */ 394 qinfo = qstate->qinfo; 395 if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4))) 396 return module_error; 397 qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr, 398 dns64_env->prefix_net), (char*)qinfo.qname); 399 400 /* Create the new sub-query. */ 401 fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); 402 if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, 0, 403 &subq)) 404 return module_error; 405 if (subq) { 406 subq->curmod = id; 407 subq->ext_state[id] = module_state_initial; 408 subq->minfo[id] = NULL; 409 } 410 411 return module_wait_subquery; 412 } 413 414 /** allocate (special) rrset keys, return 0 on error */ 415 static int 416 repinfo_alloc_rrset_keys(struct reply_info* rep, 417 struct regional* region) 418 { 419 size_t i; 420 for(i=0; i<rep->rrset_count; i++) { 421 if(region) { 422 rep->rrsets[i] = (struct ub_packed_rrset_key*) 423 regional_alloc(region, 424 sizeof(struct ub_packed_rrset_key)); 425 if(rep->rrsets[i]) { 426 memset(rep->rrsets[i], 0, 427 sizeof(struct ub_packed_rrset_key)); 428 rep->rrsets[i]->entry.key = rep->rrsets[i]; 429 } 430 } 431 else return 0;/* rep->rrsets[i] = alloc_special_obtain(alloc);*/ 432 if(!rep->rrsets[i]) 433 return 0; 434 rep->rrsets[i]->entry.data = NULL; 435 } 436 return 1; 437 } 438 439 static enum module_ext_state 440 generate_type_A_query(struct module_qstate* qstate, int id) 441 { 442 struct module_qstate* subq = NULL; 443 struct query_info qinfo; 444 445 verbose(VERB_ALGO, "dns64: query A record"); 446 447 /* Create a new query info. */ 448 qinfo = qstate->qinfo; 449 qinfo.qtype = LDNS_RR_TYPE_A; 450 451 /* Start the sub-query. */ 452 fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); 453 if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, 454 0, &subq)) 455 { 456 verbose(VERB_ALGO, "dns64: sub-query creation failed"); 457 return module_error; 458 } 459 if (subq) { 460 subq->curmod = id; 461 subq->ext_state[id] = module_state_initial; 462 subq->minfo[id] = NULL; 463 } 464 465 return module_wait_subquery; 466 } 467 468 /** 469 * Handles the "pass" event for a query. This event is received when a new query 470 * is received by this module. The query may have been generated internally by 471 * another module, in which case we don't want to do any special processing 472 * (this is an interesting discussion topic), or it may be brand new, e.g. 473 * received over a socket, in which case we do want to apply DNS64 processing. 474 * 475 * \param qstate A structure representing the state of the query that has just 476 * received the "pass" event. 477 * \param id This module's instance ID. 478 * 479 * \return The new state of the query. 480 */ 481 static enum module_ext_state 482 handle_event_pass(struct module_qstate* qstate, int id) 483 { 484 if ((uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY 485 && qstate->qinfo.qtype == LDNS_RR_TYPE_PTR 486 && qstate->qinfo.qname_len == 74 487 && !strcmp((char*)&qstate->qinfo.qname[64], "\03ip6\04arpa")) 488 /* Handle PTR queries for IPv6 addresses. */ 489 return handle_ipv6_ptr(qstate, id); 490 491 if (qstate->env->cfg->dns64_synthall && 492 (uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY 493 && qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) 494 return generate_type_A_query(qstate, id); 495 496 /* We are finished when our sub-query is finished. */ 497 if ((uintptr_t)qstate->minfo[id] == DNS64_SUBQUERY_FINISHED) 498 return module_finished; 499 500 /* Otherwise, pass request to next module. */ 501 verbose(VERB_ALGO, "dns64: pass to next module"); 502 return module_wait_module; 503 } 504 505 /** 506 * Handles the "done" event for a query. We need to analyze the response and 507 * maybe issue a new sub-query for the A record. 508 * 509 * \param qstate A structure representing the state of the query that has just 510 * received the "pass" event. 511 * \param id This module's instance ID. 512 * 513 * \return The new state of the query. 514 */ 515 static enum module_ext_state 516 handle_event_moddone(struct module_qstate* qstate, int id) 517 { 518 /* 519 * In many cases we have nothing special to do. From most to least common: 520 * 521 * - An internal query. 522 * - A query for a record type other than AAAA. 523 * - CD FLAG was set on querier 524 * - An AAAA query for which an error was returned.(qstate.return_rcode) 525 * -> treated as servfail thus synthesize (sec 5.1.3 6147), thus 526 * synthesize in (sec 5.1.2 of RFC6147). 527 * - A successful AAAA query with an answer. 528 */ 529 if ( (enum dns64_qstate)qstate->minfo[id] == DNS64_INTERNAL_QUERY 530 || qstate->qinfo.qtype != LDNS_RR_TYPE_AAAA 531 || (qstate->query_flags & BIT_CD) 532 || (qstate->return_msg && 533 qstate->return_msg->rep && 534 reply_find_answer_rrset(&qstate->qinfo, 535 qstate->return_msg->rep))) 536 return module_finished; 537 538 /* So, this is a AAAA noerror/nodata answer */ 539 return generate_type_A_query(qstate, id); 540 } 541 542 /** 543 * This is the module's main() function. It gets called each time a query 544 * receives an event which we may need to handle. We respond by updating the 545 * state of the query. 546 * 547 * \param qstate Structure containing the state of the query. 548 * \param event Event that has just been received. 549 * \param id This module's instance ID. 550 * \param outbound State of a DNS query on an authoritative server. We never do 551 * our own queries ourselves (other modules do it for us), so 552 * this is unused. 553 */ 554 void 555 dns64_operate(struct module_qstate* qstate, enum module_ev event, int id, 556 struct outbound_entry* outbound) 557 { 558 (void)outbound; 559 verbose(VERB_QUERY, "dns64[module %d] operate: extstate:%s event:%s", 560 id, strextstate(qstate->ext_state[id]), 561 strmodulevent(event)); 562 log_query_info(VERB_QUERY, "dns64 operate: query", &qstate->qinfo); 563 564 switch(event) { 565 case module_event_new: 566 /* Tag this query as being new and fall through. */ 567 qstate->minfo[id] = (void*)DNS64_NEW_QUERY; 568 case module_event_pass: 569 qstate->ext_state[id] = handle_event_pass(qstate, id); 570 break; 571 case module_event_moddone: 572 qstate->ext_state[id] = handle_event_moddone(qstate, id); 573 break; 574 default: 575 qstate->ext_state[id] = module_finished; 576 break; 577 } 578 } 579 580 static void 581 dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, 582 const struct packed_rrset_data* fd, 583 struct ub_packed_rrset_key *dk, 584 struct packed_rrset_data **dd_out, struct regional *region, 585 struct dns64_env* dns64_env ) 586 { 587 struct packed_rrset_data *dd; 588 size_t i; 589 /* 590 * Create synthesized AAAA RR set data. We need to allocated extra memory 591 * for the RRs themselves. Each RR has a length, TTL, pointer to wireformat 592 * data, 2 bytes of data length, and 16 bytes of IPv6 address. 593 */ 594 if(fd->count > RR_COUNT_MAX) { 595 *dd_out = NULL; 596 return; /* integer overflow protection in alloc */ 597 } 598 if (!(dd = *dd_out = regional_alloc(region, 599 sizeof(struct packed_rrset_data) 600 + fd->count * (sizeof(size_t) + sizeof(time_t) + 601 sizeof(uint8_t*) + 2 + 16)))) { 602 log_err("out of memory"); 603 return; 604 } 605 606 /* Copy attributes from A RR set. */ 607 dd->ttl = fd->ttl; 608 dd->count = fd->count; 609 dd->rrsig_count = 0; 610 dd->trust = fd->trust; 611 dd->security = fd->security; 612 613 /* 614 * Synthesize AAAA records. Adjust pointers in structure. 615 */ 616 dd->rr_len = 617 (size_t*)((uint8_t*)dd + sizeof(struct packed_rrset_data)); 618 dd->rr_data = (uint8_t**)&dd->rr_len[dd->count]; 619 dd->rr_ttl = (time_t*)&dd->rr_data[dd->count]; 620 for(i = 0; i < fd->count; ++i) { 621 if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0 622 || fd->rr_data[i][1] != 4) { 623 *dd_out = NULL; 624 return; 625 } 626 dd->rr_len[i] = 18; 627 dd->rr_data[i] = 628 (uint8_t*)&dd->rr_ttl[dd->count] + 18*i; 629 dd->rr_data[i][0] = 0; 630 dd->rr_data[i][1] = 16; 631 synthesize_aaaa( 632 ((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr, 633 dns64_env->prefix_net, &fd->rr_data[i][2], 634 &dd->rr_data[i][2] ); 635 dd->rr_ttl[i] = fd->rr_ttl[i]; 636 } 637 638 /* 639 * Create synthesized AAAA RR set key. This is mostly just bookkeeping, 640 * nothing interesting here. 641 */ 642 if(!dk) { 643 log_err("no key"); 644 *dd_out = NULL; 645 return; 646 } 647 648 dk->rk.dname = (uint8_t*)regional_alloc_init(region, 649 fk->rk.dname, fk->rk.dname_len); 650 651 if(!dk->rk.dname) { 652 log_err("out of memory"); 653 *dd_out = NULL; 654 return; 655 } 656 657 dk->rk.type = htons(LDNS_RR_TYPE_AAAA); 658 memset(&dk->entry, 0, sizeof(dk->entry)); 659 dk->entry.key = dk; 660 dk->entry.hash = rrset_key_hash(&dk->rk); 661 dk->entry.data = dd; 662 663 } 664 665 /** 666 * Synthesize an AAAA RR set from an A sub-query's answer and add it to the 667 * original empty response. 668 * 669 * \param id This module's instance ID. 670 * \param super Original AAAA query. 671 * \param qstate A query. 672 */ 673 static void 674 dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate) 675 { 676 struct dns64_env* dns64_env = (struct dns64_env*)super->env->modinfo[id]; 677 struct reply_info *rep, *cp; 678 size_t i, s; 679 struct packed_rrset_data* fd, *dd; 680 struct ub_packed_rrset_key* fk, *dk; 681 682 verbose(VERB_ALGO, "converting A answers to AAAA answers"); 683 684 log_assert(super->region); 685 log_assert(qstate->return_msg); 686 log_assert(qstate->return_msg->rep); 687 688 /* If dns64-synthall is enabled, return_msg is not initialized */ 689 if(!super->return_msg) { 690 super->return_msg = (struct dns_msg*)regional_alloc( 691 super->region, sizeof(struct dns_msg)); 692 if(!super->return_msg) 693 return; 694 memset(super->return_msg, 0, sizeof(*super->return_msg)); 695 super->return_msg->qinfo = super->qinfo; 696 } 697 698 rep = qstate->return_msg->rep; 699 700 /* 701 * Build the actual reply. 702 */ 703 cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount, 704 rep->ttl, rep->prefetch_ttl, rep->an_numrrsets, rep->ns_numrrsets, 705 rep->ar_numrrsets, rep->rrset_count, rep->security); 706 if(!cp) 707 return; 708 709 /* allocate ub_key structures special or not */ 710 if(!repinfo_alloc_rrset_keys(cp, super->region)) { 711 return; 712 } 713 714 /* copy everything and replace A by AAAA */ 715 for(i=0; i<cp->rrset_count; i++) { 716 fk = rep->rrsets[i]; 717 dk = cp->rrsets[i]; 718 fd = (struct packed_rrset_data*)fk->entry.data; 719 dk->rk = fk->rk; 720 dk->id = fk->id; 721 722 if(i<rep->an_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) { 723 /* also sets dk->entry.hash */ 724 dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env); 725 if(!dd) 726 return; 727 /* Delete negative AAAA record from cache stored by 728 * the iterator module */ 729 rrset_cache_remove(super->env->rrset_cache, dk->rk.dname, 730 dk->rk.dname_len, LDNS_RR_TYPE_AAAA, 731 LDNS_RR_CLASS_IN, 0); 732 } else { 733 dk->entry.hash = fk->entry.hash; 734 dk->rk.dname = (uint8_t*)regional_alloc_init(super->region, 735 fk->rk.dname, fk->rk.dname_len); 736 737 if(!dk->rk.dname) 738 return; 739 740 s = packed_rrset_sizeof(fd); 741 dd = (struct packed_rrset_data*)regional_alloc_init( 742 super->region, fd, s); 743 744 if(!dd) 745 return; 746 } 747 748 packed_rrset_ptr_fixup(dd); 749 dk->entry.data = (void*)dd; 750 } 751 752 /* Commit changes. */ 753 super->return_msg->rep = cp; 754 } 755 756 /** 757 * Generate a response for the original IPv6 PTR query based on an IPv4 PTR 758 * sub-query's response. 759 * 760 * \param qstate IPv4 PTR sub-query. 761 * \param super Original IPv6 PTR query. 762 */ 763 static void 764 dns64_adjust_ptr(struct module_qstate* qstate, struct module_qstate* super) 765 { 766 struct ub_packed_rrset_key* answer; 767 768 verbose(VERB_ALGO, "adjusting PTR reply"); 769 770 /* Copy the sub-query's reply to the parent. */ 771 if (!(super->return_msg = (struct dns_msg*)regional_alloc(super->region, 772 sizeof(struct dns_msg)))) 773 return; 774 super->return_msg->qinfo = super->qinfo; 775 super->return_msg->rep = reply_info_copy(qstate->return_msg->rep, NULL, 776 super->region); 777 778 /* 779 * Adjust the domain name of the answer RR set so that it matches the 780 * initial query's domain name. 781 */ 782 answer = reply_find_answer_rrset(&qstate->qinfo, super->return_msg->rep); 783 log_assert(answer); 784 answer->rk.dname = super->qinfo.qname; 785 answer->rk.dname_len = super->qinfo.qname_len; 786 } 787 788 /** 789 * This function is called when a sub-query finishes to inform the parent query. 790 * 791 * We issue two kinds of sub-queries: PTR and A. 792 * 793 * \param qstate State of the sub-query. 794 * \param id This module's instance ID. 795 * \param super State of the super-query. 796 */ 797 void 798 dns64_inform_super(struct module_qstate* qstate, int id, 799 struct module_qstate* super) 800 { 801 log_query_info(VERB_ALGO, "dns64: inform_super, sub is", 802 &qstate->qinfo); 803 log_query_info(VERB_ALGO, "super is", &super->qinfo); 804 805 /* 806 * Signal that the sub-query is finished, no matter whether we are 807 * successful or not. This lets the state machine terminate. 808 */ 809 super->minfo[id] = (void*)DNS64_SUBQUERY_FINISHED; 810 811 /* If there is no successful answer, we're done. */ 812 if (qstate->return_rcode != LDNS_RCODE_NOERROR 813 || !qstate->return_msg 814 || !qstate->return_msg->rep 815 || !reply_find_answer_rrset(&qstate->qinfo, 816 qstate->return_msg->rep)) 817 return; 818 819 /* Generate a response suitable for the original query. */ 820 if (qstate->qinfo.qtype == LDNS_RR_TYPE_A) { 821 dns64_adjust_a(id, super, qstate); 822 } else { 823 log_assert(qstate->qinfo.qtype == LDNS_RR_TYPE_PTR); 824 dns64_adjust_ptr(qstate, super); 825 } 826 827 /* Store the generated response in cache. */ 828 if (!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep, 829 0, 0, 0, NULL, super->query_flags)) 830 log_err("out of memory"); 831 } 832 833 /** 834 * Clear module-specific data from query state. Since we do not allocate memory, 835 * it's just a matter of setting a pointer to NULL. 836 * 837 * \param qstate Query state. 838 * \param id This module's instance ID. 839 */ 840 void 841 dns64_clear(struct module_qstate* qstate, int id) 842 { 843 qstate->minfo[id] = NULL; 844 } 845 846 /** 847 * Returns the amount of global memory that this module uses, not including 848 * per-query data. 849 * 850 * \param env Module environment. 851 * \param id This module's instance ID. 852 */ 853 size_t 854 dns64_get_mem(struct module_env* env, int id) 855 { 856 struct dns64_env* dns64_env = (struct dns64_env*)env->modinfo[id]; 857 if (!dns64_env) 858 return 0; 859 return sizeof(*dns64_env); 860 } 861 862 /** 863 * The dns64 function block. 864 */ 865 static struct module_func_block dns64_block = { 866 "dns64", 867 &dns64_init, &dns64_deinit, &dns64_operate, &dns64_inform_super, 868 &dns64_clear, &dns64_get_mem 869 }; 870 871 /** 872 * Function for returning the above function block. 873 */ 874 struct module_func_block * 875 dns64_get_funcblock(void) 876 { 877 return &dns64_block; 878 } 879