Simon Kelley | c8e8f5c | 2021-01-24 21:59:37 +0000 | [diff] [blame] | 1 | /* dnsmasq is Copyright (c) 2000-2021 Simon Kelley |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 2 | |
| 3 | This program is free software; you can redistribute it and/or modify |
| 4 | it under the terms of the GNU General Public License as published by |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 5 | the Free Software Foundation; version 2 dated June, 1991, or |
| 6 | (at your option) version 3 dated 29 June, 2007. |
| 7 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 8 | This program is distributed in the hope that it will be useful, |
| 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 11 | GNU General Public License for more details. |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 12 | |
Simon Kelley | 73a08a2 | 2009-02-05 20:28:08 +0000 | [diff] [blame] | 13 | You should have received a copy of the GNU General Public License |
| 14 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 15 | */ |
| 16 | |
| 17 | #include "dnsmasq.h" |
| 18 | |
Simon Kelley | 4f7b304 | 2012-11-28 21:27:02 +0000 | [diff] [blame] | 19 | int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, |
| 20 | char *name, int isExtract, int extrabytes) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 21 | { |
Simon Kelley | 3d8df26 | 2005-08-29 12:19:27 +0100 | [diff] [blame] | 22 | unsigned char *cp = (unsigned char *)name, *p = *pp, *p1 = NULL; |
Simon Kelley | b8f1655 | 2015-04-22 21:14:31 +0100 | [diff] [blame] | 23 | unsigned int j, l, namelen = 0, hops = 0; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 24 | int retvalue = 1; |
| 25 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 26 | if (isExtract) |
| 27 | *cp = 0; |
| 28 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 29 | while (1) |
| 30 | { |
| 31 | unsigned int label_type; |
| 32 | |
| 33 | if (!CHECK_LEN(header, p, plen, 1)) |
| 34 | return 0; |
| 35 | |
| 36 | if ((l = *p++) == 0) |
| 37 | /* end marker */ |
| 38 | { |
Josh Soref | 74f0f9a | 2017-12-01 21:38:27 +0000 | [diff] [blame] | 39 | /* check that there are the correct no. of bytes after the name */ |
Simon Kelley | 6a0b00f | 2017-09-25 20:19:55 +0100 | [diff] [blame] | 40 | if (!CHECK_LEN(header, p1 ? p1 : p, plen, extrabytes)) |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 41 | return 0; |
| 42 | |
| 43 | if (isExtract) |
| 44 | { |
| 45 | if (cp != (unsigned char *)name) |
| 46 | cp--; |
| 47 | *cp = 0; /* terminate: lose final period */ |
| 48 | } |
| 49 | else if (*cp != 0) |
| 50 | retvalue = 2; |
| 51 | |
| 52 | if (p1) /* we jumped via compression */ |
| 53 | *pp = p1; |
| 54 | else |
| 55 | *pp = p; |
| 56 | |
| 57 | return retvalue; |
| 58 | } |
| 59 | |
| 60 | label_type = l & 0xc0; |
| 61 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 62 | if (label_type == 0xc0) /* pointer */ |
| 63 | { |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 64 | if (!CHECK_LEN(header, p, plen, 1)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 65 | return 0; |
| 66 | |
| 67 | /* get offset */ |
| 68 | l = (l&0x3f) << 8; |
| 69 | l |= *p++; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 70 | |
| 71 | if (!p1) /* first jump, save location to go back to */ |
| 72 | p1 = p; |
| 73 | |
| 74 | hops++; /* break malicious infinite loops */ |
| 75 | if (hops > 255) |
| 76 | return 0; |
| 77 | |
| 78 | p = l + (unsigned char *)header; |
| 79 | } |
Simon Kelley | 06568c6 | 2015-05-15 20:43:48 +0100 | [diff] [blame] | 80 | else if (label_type == 0x00) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 81 | { /* label_type = 0 -> label. */ |
Simon Kelley | 5d07d77 | 2015-05-15 18:13:06 +0100 | [diff] [blame] | 82 | namelen += l + 1; /* include period */ |
| 83 | if (namelen >= MAXDNAME) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 84 | return 0; |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 85 | if (!CHECK_LEN(header, p, plen, l)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 86 | return 0; |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 87 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 88 | for(j=0; j<l; j++, p++) |
| 89 | if (isExtract) |
| 90 | { |
Simon Kelley | 1f15b81 | 2009-10-13 17:49:32 +0100 | [diff] [blame] | 91 | unsigned char c = *p; |
Simon Kelley | cbe379a | 2015-04-21 22:57:06 +0100 | [diff] [blame] | 92 | #ifdef HAVE_DNSSEC |
| 93 | if (option_bool(OPT_DNSSEC_VALID)) |
| 94 | { |
| 95 | if (c == 0 || c == '.' || c == NAME_ESCAPE) |
Simon Kelley | b8f1655 | 2015-04-22 21:14:31 +0100 | [diff] [blame] | 96 | { |
| 97 | *cp++ = NAME_ESCAPE; |
| 98 | *cp++ = c+1; |
| 99 | } |
| 100 | else |
| 101 | *cp++ = c; |
Simon Kelley | cbe379a | 2015-04-21 22:57:06 +0100 | [diff] [blame] | 102 | } |
| 103 | else |
| 104 | #endif |
Simon Kelley | 394ff49 | 2015-03-29 22:17:14 +0100 | [diff] [blame] | 105 | if (c != 0 && c != '.') |
| 106 | *cp++ = c; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 107 | else |
| 108 | return 0; |
| 109 | } |
| 110 | else |
| 111 | { |
| 112 | unsigned char c1 = *cp, c2 = *p; |
| 113 | |
| 114 | if (c1 == 0) |
| 115 | retvalue = 2; |
| 116 | else |
| 117 | { |
| 118 | cp++; |
| 119 | if (c1 >= 'A' && c1 <= 'Z') |
| 120 | c1 += 'a' - 'A'; |
Simon Kelley | cbe379a | 2015-04-21 22:57:06 +0100 | [diff] [blame] | 121 | #ifdef HAVE_DNSSEC |
| 122 | if (option_bool(OPT_DNSSEC_VALID) && c1 == NAME_ESCAPE) |
Simon Kelley | b8f1655 | 2015-04-22 21:14:31 +0100 | [diff] [blame] | 123 | c1 = (*cp++)-1; |
Simon Kelley | cbe379a | 2015-04-21 22:57:06 +0100 | [diff] [blame] | 124 | #endif |
| 125 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 126 | if (c2 >= 'A' && c2 <= 'Z') |
| 127 | c2 += 'a' - 'A'; |
Simon Kelley | cbe379a | 2015-04-21 22:57:06 +0100 | [diff] [blame] | 128 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 129 | if (c1 != c2) |
| 130 | retvalue = 2; |
| 131 | } |
| 132 | } |
Simon Kelley | 06568c6 | 2015-05-15 20:43:48 +0100 | [diff] [blame] | 133 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 134 | if (isExtract) |
| 135 | *cp++ = '.'; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 136 | else if (*cp != 0 && *cp++ != '.') |
| 137 | retvalue = 2; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 138 | } |
Simon Kelley | 06568c6 | 2015-05-15 20:43:48 +0100 | [diff] [blame] | 139 | else |
| 140 | return 0; /* label types 0x40 and 0x80 not supported */ |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 141 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 142 | } |
| 143 | |
| 144 | /* Max size of input string (for IPv6) is 75 chars.) */ |
| 145 | #define MAXARPANAME 75 |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 146 | int in_arpa_name_2_addr(char *namein, union all_addr *addrp) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 147 | { |
| 148 | int j; |
| 149 | char name[MAXARPANAME+1], *cp1; |
| 150 | unsigned char *addr = (unsigned char *)addrp; |
| 151 | char *lastchunk = NULL, *penchunk = NULL; |
| 152 | |
| 153 | if (strlen(namein) > MAXARPANAME) |
| 154 | return 0; |
| 155 | |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 156 | memset(addrp, 0, sizeof(union all_addr)); |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 157 | |
| 158 | /* turn name into a series of asciiz strings */ |
Josh Soref | 74f0f9a | 2017-12-01 21:38:27 +0000 | [diff] [blame] | 159 | /* j counts no. of labels */ |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 160 | for(j = 1,cp1 = name; *namein; cp1++, namein++) |
| 161 | if (*namein == '.') |
| 162 | { |
| 163 | penchunk = lastchunk; |
| 164 | lastchunk = cp1 + 1; |
| 165 | *cp1 = 0; |
| 166 | j++; |
| 167 | } |
| 168 | else |
| 169 | *cp1 = *namein; |
| 170 | |
| 171 | *cp1 = 0; |
| 172 | |
| 173 | if (j<3) |
| 174 | return 0; |
| 175 | |
| 176 | if (hostname_isequal(lastchunk, "arpa") && hostname_isequal(penchunk, "in-addr")) |
| 177 | { |
| 178 | /* IP v4 */ |
Josh Soref | 730c674 | 2017-02-06 16:14:04 +0000 | [diff] [blame] | 179 | /* address arrives as a name of the form |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 180 | www.xxx.yyy.zzz.in-addr.arpa |
| 181 | some of the low order address octets might be missing |
| 182 | and should be set to zero. */ |
| 183 | for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1) |
| 184 | { |
| 185 | /* check for digits only (weeds out things like |
| 186 | 50.0/24.67.28.64.in-addr.arpa which are used |
| 187 | as CNAME targets according to RFC 2317 */ |
| 188 | char *cp; |
| 189 | for (cp = cp1; *cp; cp++) |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 190 | if (!isdigit((unsigned char)*cp)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 191 | return 0; |
| 192 | |
| 193 | addr[3] = addr[2]; |
| 194 | addr[2] = addr[1]; |
| 195 | addr[1] = addr[0]; |
| 196 | addr[0] = atoi(cp1); |
| 197 | } |
| 198 | |
| 199 | return F_IPV4; |
| 200 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 201 | else if (hostname_isequal(penchunk, "ip6") && |
| 202 | (hostname_isequal(lastchunk, "int") || hostname_isequal(lastchunk, "arpa"))) |
| 203 | { |
| 204 | /* IP v6: |
| 205 | Address arrives as 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.[int|arpa] |
| 206 | or \[xfedcba9876543210fedcba9876543210/128].ip6.[int|arpa] |
| 207 | |
Josh Soref | 730c674 | 2017-02-06 16:14:04 +0000 | [diff] [blame] | 208 | Note that most of these the various representations are obsolete and |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 209 | left-over from the many DNS-for-IPv6 wars. We support all the formats |
| 210 | that we can since there is no reason not to. |
| 211 | */ |
| 212 | |
| 213 | if (*name == '\\' && *(name+1) == '[' && |
| 214 | (*(name+2) == 'x' || *(name+2) == 'X')) |
| 215 | { |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 216 | for (j = 0, cp1 = name+3; *cp1 && isxdigit((unsigned char) *cp1) && j < 32; cp1++, j++) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 217 | { |
| 218 | char xdig[2]; |
| 219 | xdig[0] = *cp1; |
| 220 | xdig[1] = 0; |
| 221 | if (j%2) |
| 222 | addr[j/2] |= strtol(xdig, NULL, 16); |
| 223 | else |
| 224 | addr[j/2] = strtol(xdig, NULL, 16) << 4; |
| 225 | } |
| 226 | |
| 227 | if (*cp1 == '/' && j == 32) |
| 228 | return F_IPV6; |
| 229 | } |
| 230 | else |
| 231 | { |
| 232 | for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1) |
| 233 | { |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 234 | if (*(cp1+1) || !isxdigit((unsigned char)*cp1)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 235 | return 0; |
| 236 | |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 237 | for (j = sizeof(struct in6_addr)-1; j>0; j--) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 238 | addr[j] = (addr[j] >> 4) | (addr[j-1] << 4); |
| 239 | addr[0] = (addr[0] >> 4) | (strtol(cp1, NULL, 16) << 4); |
| 240 | } |
| 241 | |
| 242 | return F_IPV6; |
| 243 | } |
| 244 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 245 | |
| 246 | return 0; |
| 247 | } |
| 248 | |
Giovanni Bajo | 32f82c6 | 2012-04-28 01:01:16 +0200 | [diff] [blame] | 249 | unsigned char *skip_name(unsigned char *ansp, struct dns_header *header, size_t plen, int extrabytes) |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 250 | { |
| 251 | while(1) |
| 252 | { |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 253 | unsigned int label_type; |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 254 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 255 | if (!CHECK_LEN(header, ansp, plen, 1)) |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 256 | return NULL; |
| 257 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 258 | label_type = (*ansp) & 0xc0; |
| 259 | |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 260 | if (label_type == 0xc0) |
| 261 | { |
| 262 | /* pointer for compression. */ |
| 263 | ansp += 2; |
| 264 | break; |
| 265 | } |
| 266 | else if (label_type == 0x80) |
| 267 | return NULL; /* reserved */ |
| 268 | else if (label_type == 0x40) |
| 269 | { |
| 270 | /* Extended label type */ |
| 271 | unsigned int count; |
| 272 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 273 | if (!CHECK_LEN(header, ansp, plen, 2)) |
| 274 | return NULL; |
| 275 | |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 276 | if (((*ansp++) & 0x3f) != 1) |
| 277 | return NULL; /* we only understand bitstrings */ |
| 278 | |
| 279 | count = *(ansp++); /* Bits in bitstring */ |
| 280 | |
| 281 | if (count == 0) /* count == 0 means 256 bits */ |
| 282 | ansp += 32; |
| 283 | else |
| 284 | ansp += ((count-1)>>3)+1; |
| 285 | } |
| 286 | else |
| 287 | { /* label type == 0 Bottom six bits is length */ |
| 288 | unsigned int len = (*ansp++) & 0x3f; |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 289 | |
| 290 | if (!ADD_RDLEN(header, ansp, plen, len)) |
| 291 | return NULL; |
| 292 | |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 293 | if (len == 0) |
| 294 | break; /* zero length label marks the end. */ |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 295 | } |
| 296 | } |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 297 | |
| 298 | if (!CHECK_LEN(header, ansp, plen, extrabytes)) |
| 299 | return NULL; |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 300 | |
| 301 | return ansp; |
| 302 | } |
| 303 | |
Simon Kelley | 4f7b304 | 2012-11-28 21:27:02 +0000 | [diff] [blame] | 304 | unsigned char *skip_questions(struct dns_header *header, size_t plen) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 305 | { |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 306 | int q; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 307 | unsigned char *ansp = (unsigned char *)(header+1); |
| 308 | |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 309 | for (q = ntohs(header->qdcount); q != 0; q--) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 310 | { |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 311 | if (!(ansp = skip_name(ansp, header, plen, 4))) |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 312 | return NULL; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 313 | ansp += 4; /* class and type */ |
| 314 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 315 | |
| 316 | return ansp; |
| 317 | } |
| 318 | |
Simon Kelley | 5107ace | 2014-02-23 10:48:32 +0000 | [diff] [blame] | 319 | unsigned char *skip_section(unsigned char *ansp, int count, struct dns_header *header, size_t plen) |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 320 | { |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 321 | int i, rdlen; |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 322 | |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 323 | for (i = 0; i < count; i++) |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 324 | { |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 325 | if (!(ansp = skip_name(ansp, header, plen, 10))) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 326 | return NULL; |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 327 | ansp += 8; /* type, class, TTL */ |
| 328 | GETSHORT(rdlen, ansp); |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 329 | if (!ADD_RDLEN(header, ansp, plen, rdlen)) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 330 | return NULL; |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 331 | } |
| 332 | |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 333 | return ansp; |
| 334 | } |
| 335 | |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 336 | size_t resize_packet(struct dns_header *header, size_t plen, unsigned char *pheader, size_t hlen) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 337 | { |
| 338 | unsigned char *ansp = skip_questions(header, plen); |
| 339 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 340 | /* if packet is malformed, just return as-is. */ |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 341 | if (!ansp) |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 342 | return plen; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 343 | |
| 344 | if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount), |
| 345 | header, plen))) |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 346 | return plen; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 347 | |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 348 | /* restore pseudoheader */ |
| 349 | if (pheader && ntohs(header->arcount) == 0) |
| 350 | { |
| 351 | /* must use memmove, may overlap */ |
| 352 | memmove(ansp, pheader, hlen); |
| 353 | header->arcount = htons(1); |
| 354 | ansp += hlen; |
| 355 | } |
| 356 | |
| 357 | return ansp - (unsigned char *)header; |
| 358 | } |
| 359 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 360 | /* is addr in the non-globally-routed IP space? */ |
Simon Kelley | dc27e14 | 2013-10-16 13:09:53 +0100 | [diff] [blame] | 361 | int private_net(struct in_addr addr, int ban_localhost) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 362 | { |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 363 | in_addr_t ip_addr = ntohl(addr.s_addr); |
| 364 | |
| 365 | return |
Simon Kelley | d2aa7df | 2015-08-03 21:52:12 +0100 | [diff] [blame] | 366 | (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ || |
| 367 | ((ip_addr & 0xFF000000) == 0x00000000) /* RFC 5735 section 3. "here" network */ || |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 368 | ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ || |
| 369 | ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ || |
Simon Kelley | 90477fb | 2015-10-20 21:21:32 +0100 | [diff] [blame] | 370 | ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ || |
| 371 | ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ || |
| 372 | ((ip_addr & 0xFFFFFF00) == 0xC0000200) /* 192.0.2.0/24 (test-net) */ || |
| 373 | ((ip_addr & 0xFFFFFF00) == 0xC6336400) /* 198.51.100.0/24(test-net) */ || |
| 374 | ((ip_addr & 0xFFFFFF00) == 0xCB007100) /* 203.0.113.0/24 (test-net) */ || |
| 375 | ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 376 | } |
Simon Kelley | 1cff166 | 2004-03-12 08:12:58 +0000 | [diff] [blame] | 377 | |
Simon Kelley | fca008d | 2017-02-19 18:50:41 +0000 | [diff] [blame] | 378 | static int private_net6(struct in6_addr *a) |
| 379 | { |
| 380 | return |
| 381 | IN6_IS_ADDR_UNSPECIFIED(a) || /* RFC 6303 4.3 */ |
| 382 | IN6_IS_ADDR_LOOPBACK(a) || /* RFC 6303 4.3 */ |
| 383 | IN6_IS_ADDR_LINKLOCAL(a) || /* RFC 6303 4.5 */ |
| 384 | ((unsigned char *)a)[0] == 0xfd || /* RFC 6303 4.4 */ |
| 385 | ((u32 *)a)[0] == htonl(0x20010db8); /* RFC 6303 4.6 */ |
| 386 | } |
Simon Kelley | fca008d | 2017-02-19 18:50:41 +0000 | [diff] [blame] | 387 | |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 388 | static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 389 | { |
| 390 | int i, qtype, qclass, rdlen; |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 391 | |
| 392 | for (i = count; i != 0; i--) |
| 393 | { |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 394 | if (name && option_bool(OPT_LOG)) |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 395 | { |
| 396 | if (!extract_name(header, qlen, &p, name, 1, 10)) |
| 397 | return 0; |
| 398 | } |
| 399 | else if (!(p = skip_name(p, header, qlen, 10))) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 400 | return 0; /* bad packet */ |
| 401 | |
| 402 | GETSHORT(qtype, p); |
| 403 | GETSHORT(qclass, p); |
Simon Kelley | 7de060b | 2011-08-26 17:24:52 +0100 | [diff] [blame] | 404 | p += 4; /* ttl */ |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 405 | GETSHORT(rdlen, p); |
| 406 | |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 407 | if (qclass == C_IN && qtype == T_A) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 408 | { |
| 409 | struct doctor *doctor; |
| 410 | struct in_addr addr; |
| 411 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 412 | if (!CHECK_LEN(header, p, qlen, INADDRSZ)) |
| 413 | return 0; |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 414 | |
| 415 | /* alignment */ |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 416 | memcpy(&addr, p, INADDRSZ); |
| 417 | |
| 418 | for (doctor = daemon->doctors; doctor; doctor = doctor->next) |
Simon Kelley | 73a08a2 | 2009-02-05 20:28:08 +0000 | [diff] [blame] | 419 | { |
| 420 | if (doctor->end.s_addr == 0) |
| 421 | { |
| 422 | if (!is_same_net(doctor->in, addr, doctor->mask)) |
| 423 | continue; |
| 424 | } |
| 425 | else if (ntohl(doctor->in.s_addr) > ntohl(addr.s_addr) || |
| 426 | ntohl(doctor->end.s_addr) < ntohl(addr.s_addr)) |
| 427 | continue; |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 428 | |
Simon Kelley | 73a08a2 | 2009-02-05 20:28:08 +0000 | [diff] [blame] | 429 | addr.s_addr &= ~doctor->mask.s_addr; |
| 430 | addr.s_addr |= (doctor->out.s_addr & doctor->mask.s_addr); |
| 431 | /* Since we munged the data, the server it came from is no longer authoritative */ |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 432 | header->hb3 &= ~HB3_AA; |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 433 | *doctored = 1; |
Simon Kelley | 73a08a2 | 2009-02-05 20:28:08 +0000 | [diff] [blame] | 434 | memcpy(p, &addr, INADDRSZ); |
| 435 | break; |
| 436 | } |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 437 | } |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 438 | else if (qtype == T_TXT && name && option_bool(OPT_LOG)) |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 439 | { |
| 440 | unsigned char *p1 = p; |
| 441 | if (!CHECK_LEN(header, p1, qlen, rdlen)) |
| 442 | return 0; |
| 443 | while ((p1 - p) < rdlen) |
| 444 | { |
| 445 | unsigned int i, len = *p1; |
| 446 | unsigned char *p2 = p1; |
Simon Kelley | 6a0b00f | 2017-09-25 20:19:55 +0100 | [diff] [blame] | 447 | if ((p1 + len - p) >= rdlen) |
| 448 | return 0; /* bad packet */ |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 449 | /* make counted string zero-term and sanitise */ |
| 450 | for (i = 0; i < len; i++) |
Simon Kelley | 231d061 | 2012-04-27 13:50:45 +0100 | [diff] [blame] | 451 | { |
| 452 | if (!isprint((int)*(p2+1))) |
| 453 | break; |
| 454 | |
| 455 | *p2 = *(p2+1); |
| 456 | p2++; |
| 457 | } |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 458 | *p2 = 0; |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 459 | my_syslog(LOG_INFO, "reply %s is %s", name, p1); |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 460 | /* restore */ |
Simon Kelley | 231d061 | 2012-04-27 13:50:45 +0100 | [diff] [blame] | 461 | memmove(p1 + 1, p1, i); |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 462 | *p1 = len; |
| 463 | p1 += len+1; |
| 464 | } |
| 465 | } |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 466 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 467 | if (!ADD_RDLEN(header, p, qlen, rdlen)) |
| 468 | return 0; /* bad packet */ |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 469 | } |
| 470 | |
| 471 | return p; |
| 472 | } |
| 473 | |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 474 | static int find_soa(struct dns_header *header, size_t qlen, char *name, int *doctored) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 475 | { |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 476 | unsigned char *p; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 477 | int qtype, qclass, rdlen; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 478 | unsigned long ttl, minttl = ULONG_MAX; |
| 479 | int i, found_soa = 0; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 480 | |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 481 | /* first move to NS section and find TTL from any SOA section */ |
| 482 | if (!(p = skip_questions(header, qlen)) || |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 483 | !(p = do_doctor(p, ntohs(header->ancount), header, qlen, name, doctored))) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 484 | return 0; /* bad packet */ |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 485 | |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 486 | for (i = ntohs(header->nscount); i != 0; i--) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 487 | { |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 488 | if (!(p = skip_name(p, header, qlen, 10))) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 489 | return 0; /* bad packet */ |
| 490 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 491 | GETSHORT(qtype, p); |
| 492 | GETSHORT(qclass, p); |
| 493 | GETLONG(ttl, p); |
| 494 | GETSHORT(rdlen, p); |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 495 | |
| 496 | if ((qclass == C_IN) && (qtype == T_SOA)) |
| 497 | { |
| 498 | found_soa = 1; |
| 499 | if (ttl < minttl) |
| 500 | minttl = ttl; |
| 501 | |
| 502 | /* MNAME */ |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 503 | if (!(p = skip_name(p, header, qlen, 0))) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 504 | return 0; |
| 505 | /* RNAME */ |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 506 | if (!(p = skip_name(p, header, qlen, 20))) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 507 | return 0; |
| 508 | p += 16; /* SERIAL REFRESH RETRY EXPIRE */ |
| 509 | |
| 510 | GETLONG(ttl, p); /* minTTL */ |
| 511 | if (ttl < minttl) |
| 512 | minttl = ttl; |
| 513 | } |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 514 | else if (!ADD_RDLEN(header, p, qlen, rdlen)) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 515 | return 0; /* bad packet */ |
| 516 | } |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 517 | |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 518 | /* rewrite addresses in additional section too */ |
| 519 | if (!do_doctor(p, ntohs(header->arcount), header, qlen, NULL, doctored)) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 520 | return 0; |
| 521 | |
| 522 | if (!found_soa) |
| 523 | minttl = daemon->neg_ttl; |
| 524 | |
| 525 | return minttl; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 526 | } |
| 527 | |
| 528 | /* Note that the following code can create CNAME chains that don't point to a real record, |
| 529 | either because of lack of memory, or lack of SOA records. These are treated by the cache code as |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 530 | expired and cleaned out that way. |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 531 | Return 1 if we reject an address because it look like part of dns-rebinding attack. */ |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 532 | int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t now, |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 533 | char **ipsets, int is_sign, int check_rebind, int no_cache_dnssec, |
Simon Kelley | 373e917 | 2017-12-01 22:40:56 +0000 | [diff] [blame] | 534 | int secure, int *doctored) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 535 | { |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 536 | unsigned char *p, *p1, *endrr, *namep; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 537 | int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0; |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 538 | unsigned long ttl = 0; |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 539 | union all_addr addr; |
Jason A. Donenfeld | 13d86c7 | 2013-02-22 18:20:53 +0000 | [diff] [blame] | 540 | #ifdef HAVE_IPSET |
| 541 | char **ipsets_cur; |
| 542 | #else |
| 543 | (void)ipsets; /* unused */ |
| 544 | #endif |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 545 | |
Jason A. Donenfeld | 13d86c7 | 2013-02-22 18:20:53 +0000 | [diff] [blame] | 546 | |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 547 | cache_start_insert(); |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 548 | |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 549 | /* find_soa is needed for dns_doctor and logging side-effects, so don't call it lazily if there are any. */ |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 550 | if (daemon->doctors || option_bool(OPT_LOG) || option_bool(OPT_DNSSEC_VALID)) |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 551 | { |
| 552 | searched_soa = 1; |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 553 | ttl = find_soa(header, qlen, name, doctored); |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 554 | |
| 555 | if (*doctored) |
| 556 | { |
| 557 | if (secure) |
| 558 | return 0; |
Simon Kelley | 8c707e1 | 2017-12-05 22:28:10 +0000 | [diff] [blame] | 559 | #ifdef HAVE_DNSSEC |
Simon Kelley | 373e917 | 2017-12-01 22:40:56 +0000 | [diff] [blame] | 560 | if (option_bool(OPT_DNSSEC_VALID)) |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 561 | for (i = 0; i < ntohs(header->ancount); i++) |
Simon Kelley | ae7a3b9 | 2019-09-03 14:40:47 +0100 | [diff] [blame] | 562 | if (daemon->rr_status[i] != 0) |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 563 | return 0; |
Simon Kelley | 8c707e1 | 2017-12-05 22:28:10 +0000 | [diff] [blame] | 564 | #endif |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 565 | } |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 566 | } |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 567 | |
| 568 | /* go through the questions. */ |
| 569 | p = (unsigned char *)(header+1); |
| 570 | |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 571 | for (i = ntohs(header->qdcount); i != 0; i--) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 572 | { |
Simon Kelley | 1fbe4d2 | 2014-03-01 20:03:47 +0000 | [diff] [blame] | 573 | int found = 0, cname_count = CNAME_CHAIN; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 574 | struct crec *cpp = NULL; |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 575 | int flags = RCODE(header) == NXDOMAIN ? F_NXDOMAIN : 0; |
Simon Kelley | 8c707e1 | 2017-12-05 22:28:10 +0000 | [diff] [blame] | 576 | #ifdef HAVE_DNSSEC |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 577 | int cname_short = 0; |
Simon Kelley | 8c707e1 | 2017-12-05 22:28:10 +0000 | [diff] [blame] | 578 | #endif |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 579 | unsigned long cttl = ULONG_MAX, attl; |
Simon Kelley | 0fc2f31 | 2014-01-08 10:26:58 +0000 | [diff] [blame] | 580 | |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 581 | namep = p; |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 582 | if (!extract_name(header, qlen, &p, name, 1, 4)) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 583 | return 0; /* bad packet */ |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 584 | |
| 585 | GETSHORT(qtype, p); |
| 586 | GETSHORT(qclass, p); |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 587 | |
| 588 | if (qclass != C_IN) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 589 | continue; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 590 | |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 591 | /* PTRs: we chase CNAMEs here, since we have no way to |
| 592 | represent them in the cache. */ |
| 593 | if (qtype == T_PTR) |
| 594 | { |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 595 | int name_encoding = in_arpa_name_2_addr(name, &addr); |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 596 | |
| 597 | if (!name_encoding) |
| 598 | continue; |
| 599 | |
| 600 | if (!(flags & F_NXDOMAIN)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 601 | { |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 602 | cname_loop: |
| 603 | if (!(p1 = skip_questions(header, qlen))) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 604 | return 0; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 605 | |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 606 | for (j = 0; j < ntohs(header->ancount); j++) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 607 | { |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 608 | int secflag = 0; |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 609 | unsigned char *tmp = namep; |
| 610 | /* the loop body overwrites the original name, so get it back here. */ |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 611 | if (!extract_name(header, qlen, &tmp, name, 1, 0) || |
| 612 | !(res = extract_name(header, qlen, &p1, name, 0, 10))) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 613 | return 0; /* bad packet */ |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 614 | |
| 615 | GETSHORT(aqtype, p1); |
| 616 | GETSHORT(aqclass, p1); |
| 617 | GETLONG(attl, p1); |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 618 | if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign) |
| 619 | { |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 620 | (p1) -= 4; |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 621 | PUTLONG(daemon->max_ttl, p1); |
| 622 | } |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 623 | GETSHORT(ardlen, p1); |
| 624 | endrr = p1+ardlen; |
| 625 | |
| 626 | /* TTL of record is minimum of CNAMES and PTR */ |
| 627 | if (attl < cttl) |
| 628 | cttl = attl; |
| 629 | |
| 630 | if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == T_PTR)) |
| 631 | { |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 632 | if (!extract_name(header, qlen, &p1, name, 1, 0)) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 633 | return 0; |
Simon Kelley | 8c707e1 | 2017-12-05 22:28:10 +0000 | [diff] [blame] | 634 | #ifdef HAVE_DNSSEC |
Simon Kelley | ae7a3b9 | 2019-09-03 14:40:47 +0100 | [diff] [blame] | 635 | if (option_bool(OPT_DNSSEC_VALID) && daemon->rr_status[j] != 0) |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 636 | { |
| 637 | /* validated RR anywhere in CNAME chain, don't cache. */ |
| 638 | if (cname_short || aqtype == T_CNAME) |
| 639 | return 0; |
| 640 | |
| 641 | secflag = F_DNSSECOK; |
Simon Kelley | ae7a3b9 | 2019-09-03 14:40:47 +0100 | [diff] [blame] | 642 | /* limit TTL based on signature. */ |
| 643 | if (daemon->rr_status[j] < cttl) |
| 644 | cttl = daemon->rr_status[j]; |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 645 | } |
Simon Kelley | 8c707e1 | 2017-12-05 22:28:10 +0000 | [diff] [blame] | 646 | #endif |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 647 | |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 648 | if (aqtype == T_CNAME) |
| 649 | { |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 650 | if (!cname_count--) |
| 651 | return 0; /* looped CNAMES, we can't cache. */ |
Simon Kelley | 8c707e1 | 2017-12-05 22:28:10 +0000 | [diff] [blame] | 652 | #ifdef HAVE_DNSSEC |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 653 | cname_short = 1; |
Simon Kelley | 8c707e1 | 2017-12-05 22:28:10 +0000 | [diff] [blame] | 654 | #endif |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 655 | goto cname_loop; |
| 656 | } |
| 657 | |
Simon Kelley | 65a01b7 | 2018-12-31 23:56:33 +0000 | [diff] [blame] | 658 | cache_insert(name, &addr, C_IN, now, cttl, name_encoding | secflag | F_REVERSE); |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 659 | found = 1; |
| 660 | } |
| 661 | |
| 662 | p1 = endrr; |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 663 | if (!CHECK_LEN(header, p1, qlen, 0)) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 664 | return 0; /* bad packet */ |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 665 | } |
| 666 | } |
| 667 | |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 668 | if (!found && !option_bool(OPT_NO_NEG)) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 669 | { |
| 670 | if (!searched_soa) |
| 671 | { |
| 672 | searched_soa = 1; |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 673 | ttl = find_soa(header, qlen, NULL, doctored); |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 674 | } |
| 675 | if (ttl) |
Simon Kelley | 65a01b7 | 2018-12-31 23:56:33 +0000 | [diff] [blame] | 676 | cache_insert(NULL, &addr, C_IN, now, ttl, name_encoding | F_REVERSE | F_NEG | flags | (secure ? F_DNSSECOK : 0)); |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 677 | } |
| 678 | } |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 679 | else |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 680 | { |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 681 | /* everything other than PTR */ |
| 682 | struct crec *newc; |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 683 | int addrlen = 0; |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 684 | |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 685 | if (qtype == T_A) |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 686 | { |
| 687 | addrlen = INADDRSZ; |
| 688 | flags |= F_IPV4; |
| 689 | } |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 690 | else if (qtype == T_AAAA) |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 691 | { |
| 692 | addrlen = IN6ADDRSZ; |
| 693 | flags |= F_IPV6; |
| 694 | } |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 695 | else if (qtype == T_SRV) |
| 696 | flags |= F_SRV; |
| 697 | else |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 698 | continue; |
| 699 | |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 700 | cname_loop1: |
| 701 | if (!(p1 = skip_questions(header, qlen))) |
| 702 | return 0; |
| 703 | |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 704 | for (j = 0; j < ntohs(header->ancount); j++) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 705 | { |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 706 | int secflag = 0; |
| 707 | |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 708 | if (!(res = extract_name(header, qlen, &p1, name, 0, 10))) |
| 709 | return 0; /* bad packet */ |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 710 | |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 711 | GETSHORT(aqtype, p1); |
| 712 | GETSHORT(aqclass, p1); |
| 713 | GETLONG(attl, p1); |
| 714 | if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 715 | { |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 716 | (p1) -= 4; |
| 717 | PUTLONG(daemon->max_ttl, p1); |
| 718 | } |
| 719 | GETSHORT(ardlen, p1); |
| 720 | endrr = p1+ardlen; |
| 721 | |
| 722 | if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == qtype)) |
| 723 | { |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 724 | #ifdef HAVE_DNSSEC |
Simon Kelley | ae7a3b9 | 2019-09-03 14:40:47 +0100 | [diff] [blame] | 725 | if (option_bool(OPT_DNSSEC_VALID) && daemon->rr_status[j] != 0) |
| 726 | { |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 727 | secflag = F_DNSSECOK; |
Simon Kelley | ae7a3b9 | 2019-09-03 14:40:47 +0100 | [diff] [blame] | 728 | |
| 729 | /* limit TTl based on sig. */ |
| 730 | if (daemon->rr_status[j] < attl) |
| 731 | attl = daemon->rr_status[j]; |
| 732 | } |
Simon Kelley | a6004d7 | 2017-10-25 17:48:19 +0100 | [diff] [blame] | 733 | #endif |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 734 | if (aqtype == T_CNAME) |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 735 | { |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 736 | if (!cname_count--) |
| 737 | return 0; /* looped CNAMES */ |
Simon Kelley | 1fd56c0 | 2019-10-30 12:58:28 +0000 | [diff] [blame] | 738 | |
| 739 | if ((newc = cache_insert(name, NULL, C_IN, now, attl, F_CNAME | F_FORWARD | secflag))) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 740 | { |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 741 | newc->addr.cname.target.cache = NULL; |
Simon Kelley | 1fd56c0 | 2019-10-30 12:58:28 +0000 | [diff] [blame] | 742 | newc->addr.cname.is_name_ptr = 0; |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 743 | if (cpp) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 744 | { |
Simon Kelley | 45d8a24 | 2018-07-17 21:01:14 +0100 | [diff] [blame] | 745 | next_uid(newc); |
Simon Kelley | d56a604 | 2013-10-11 14:39:03 +0100 | [diff] [blame] | 746 | cpp->addr.cname.target.cache = newc; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 747 | cpp->addr.cname.uid = newc->uid; |
| 748 | } |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 749 | } |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 750 | |
| 751 | cpp = newc; |
| 752 | if (attl < cttl) |
| 753 | cttl = attl; |
| 754 | |
Simon Kelley | 122997d | 2019-10-25 17:23:56 +0100 | [diff] [blame] | 755 | namep = p1; |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 756 | if (!extract_name(header, qlen, &p1, name, 1, 0)) |
| 757 | return 0; |
Simon Kelley | 122997d | 2019-10-25 17:23:56 +0100 | [diff] [blame] | 758 | |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 759 | goto cname_loop1; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 760 | } |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 761 | else if (!(flags & F_NXDOMAIN)) |
| 762 | { |
| 763 | found = 1; |
| 764 | |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 765 | if (flags & F_SRV) |
Simon Kelley | b059c96 | 2015-05-08 20:25:51 +0100 | [diff] [blame] | 766 | { |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 767 | unsigned char *tmp = namep; |
| 768 | |
| 769 | if (!CHECK_LEN(header, p1, qlen, 6)) |
| 770 | return 0; /* bad packet */ |
| 771 | GETSHORT(addr.srv.priority, p1); |
| 772 | GETSHORT(addr.srv.weight, p1); |
| 773 | GETSHORT(addr.srv.srvport, p1); |
| 774 | if (!extract_name(header, qlen, &p1, name, 1, 0)) |
| 775 | return 0; |
| 776 | addr.srv.targetlen = strlen(name) + 1; /* include terminating zero */ |
| 777 | if (!(addr.srv.target = blockdata_alloc(name, addr.srv.targetlen))) |
| 778 | return 0; |
| 779 | |
| 780 | /* we overwrote the original name, so get it back here. */ |
| 781 | if (!extract_name(header, qlen, &tmp, name, 1, 0)) |
| 782 | return 0; |
| 783 | } |
| 784 | else |
| 785 | { |
| 786 | /* copy address into aligned storage */ |
| 787 | if (!CHECK_LEN(header, p1, qlen, addrlen)) |
| 788 | return 0; /* bad packet */ |
| 789 | memcpy(&addr, p1, addrlen); |
| 790 | |
| 791 | /* check for returned address in private space */ |
| 792 | if (check_rebind) |
Simon Kelley | b059c96 | 2015-05-08 20:25:51 +0100 | [diff] [blame] | 793 | { |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 794 | if ((flags & F_IPV4) && |
| 795 | private_net(addr.addr4, !option_bool(OPT_LOCAL_REBIND))) |
Simon Kelley | b059c96 | 2015-05-08 20:25:51 +0100 | [diff] [blame] | 796 | return 1; |
Dominik DL6ER | e7ee1aa | 2020-03-17 22:59:17 +0000 | [diff] [blame] | 797 | |
| 798 | /* Block IPv4-mapped IPv6 addresses in private IPv4 address space */ |
| 799 | if (flags & F_IPV6) |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 800 | { |
Dominik DL6ER | e7ee1aa | 2020-03-17 22:59:17 +0000 | [diff] [blame] | 801 | if (IN6_IS_ADDR_V4MAPPED(&addr.addr6)) |
| 802 | { |
| 803 | struct in_addr v4; |
| 804 | v4.s_addr = ((const uint32_t *) (&addr.addr6))[3]; |
| 805 | if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) |
| 806 | return 1; |
| 807 | } |
| 808 | |
| 809 | /* Check for link-local (LL) and site-local (ULA) IPv6 addresses */ |
| 810 | if (IN6_IS_ADDR_LINKLOCAL(&addr.addr6) || |
| 811 | IN6_IS_ADDR_SITELOCAL(&addr.addr6)) |
| 812 | return 1; |
| 813 | |
| 814 | /* Check for the IPv6 loopback address (::1) when |
| 815 | option rebind-localhost-ok is NOT set */ |
| 816 | if (!option_bool(OPT_LOCAL_REBIND) && |
| 817 | IN6_IS_ADDR_LOOPBACK(&addr.addr6)) |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 818 | return 1; |
| 819 | } |
Simon Kelley | b059c96 | 2015-05-08 20:25:51 +0100 | [diff] [blame] | 820 | } |
Dominik DL6ER | e7ee1aa | 2020-03-17 22:59:17 +0000 | [diff] [blame] | 821 | |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 822 | #ifdef HAVE_IPSET |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 823 | if (ipsets && (flags & (F_IPV4 | F_IPV6))) |
Wang Jian | 49752b9 | 2014-03-28 20:52:47 +0000 | [diff] [blame] | 824 | { |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 825 | ipsets_cur = ipsets; |
| 826 | while (*ipsets_cur) |
| 827 | { |
| 828 | log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur); |
| 829 | add_to_ipset(*ipsets_cur++, &addr, flags, 0); |
| 830 | } |
Wang Jian | 49752b9 | 2014-03-28 20:52:47 +0000 | [diff] [blame] | 831 | } |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 832 | #endif |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 833 | } |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 834 | |
Simon Kelley | 65a01b7 | 2018-12-31 23:56:33 +0000 | [diff] [blame] | 835 | newc = cache_insert(name, &addr, C_IN, now, attl, flags | F_FORWARD | secflag); |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 836 | if (newc && cpp) |
| 837 | { |
Simon Kelley | 45d8a24 | 2018-07-17 21:01:14 +0100 | [diff] [blame] | 838 | next_uid(newc); |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 839 | cpp->addr.cname.target.cache = newc; |
| 840 | cpp->addr.cname.uid = newc->uid; |
| 841 | } |
| 842 | cpp = NULL; |
| 843 | } |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 844 | } |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 845 | |
| 846 | p1 = endrr; |
| 847 | if (!CHECK_LEN(header, p1, qlen, 0)) |
| 848 | return 0; /* bad packet */ |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 849 | } |
| 850 | |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 851 | if (!found && !option_bool(OPT_NO_NEG)) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 852 | { |
| 853 | if (!searched_soa) |
| 854 | { |
| 855 | searched_soa = 1; |
Simon Kelley | 6938f34 | 2014-01-26 22:47:39 +0000 | [diff] [blame] | 856 | ttl = find_soa(header, qlen, NULL, doctored); |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 857 | } |
| 858 | /* If there's no SOA to get the TTL from, but there is a CNAME |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 859 | pointing at this, inherit its TTL */ |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 860 | if (ttl || cpp) |
| 861 | { |
Simon Kelley | 65a01b7 | 2018-12-31 23:56:33 +0000 | [diff] [blame] | 862 | newc = cache_insert(name, NULL, C_IN, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0)); |
Simon Kelley | 26128d2 | 2004-11-14 16:43:54 +0000 | [diff] [blame] | 863 | if (newc && cpp) |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 864 | { |
Simon Kelley | 45d8a24 | 2018-07-17 21:01:14 +0100 | [diff] [blame] | 865 | next_uid(newc); |
Simon Kelley | d56a604 | 2013-10-11 14:39:03 +0100 | [diff] [blame] | 866 | cpp->addr.cname.target.cache = newc; |
Simon Kelley | fd9fa48 | 2004-10-21 20:24:00 +0100 | [diff] [blame] | 867 | cpp->addr.cname.uid = newc->uid; |
| 868 | } |
| 869 | } |
| 870 | } |
| 871 | } |
| 872 | } |
| 873 | |
Simon Kelley | 1023dcb | 2012-04-09 18:00:08 +0100 | [diff] [blame] | 874 | /* Don't put stuff from a truncated packet into the cache. |
Simon Kelley | 1023dcb | 2012-04-09 18:00:08 +0100 | [diff] [blame] | 875 | Don't cache replies from non-recursive nameservers, since we may get a |
| 876 | reply containing a CNAME but not its target, even though the target |
| 877 | does exist. */ |
| 878 | if (!(header->hb3 & HB3_TC) && |
| 879 | !(header->hb4 & HB4_CD) && |
| 880 | (header->hb4 & HB4_RA) && |
Simon Kelley | 3a23715 | 2013-12-12 12:15:50 +0000 | [diff] [blame] | 881 | !no_cache_dnssec) |
Simon Kelley | 824af85 | 2008-02-12 20:43:05 +0000 | [diff] [blame] | 882 | cache_end_insert(); |
| 883 | |
| 884 | return 0; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 885 | } |
| 886 | |
| 887 | /* If the packet holds exactly one query |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 888 | return F_IPV4 or F_IPV6 and leave the name from the query in name */ |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 889 | unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, unsigned short *typep) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 890 | { |
| 891 | unsigned char *p = (unsigned char *)(header+1); |
| 892 | int qtype, qclass; |
| 893 | |
Simon Kelley | c1bb850 | 2004-08-11 18:40:17 +0100 | [diff] [blame] | 894 | if (typep) |
| 895 | *typep = 0; |
| 896 | |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 897 | if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 898 | return 0; /* must be exactly one query. */ |
| 899 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 900 | if (!extract_name(header, qlen, &p, name, 1, 4)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 901 | return 0; /* bad packet */ |
| 902 | |
| 903 | GETSHORT(qtype, p); |
| 904 | GETSHORT(qclass, p); |
| 905 | |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 906 | if (typep) |
| 907 | *typep = qtype; |
| 908 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 909 | if (qclass == C_IN) |
| 910 | { |
| 911 | if (qtype == T_A) |
| 912 | return F_IPV4; |
| 913 | if (qtype == T_AAAA) |
| 914 | return F_IPV6; |
| 915 | if (qtype == T_ANY) |
| 916 | return F_IPV4 | F_IPV6; |
| 917 | } |
Simon Kelley | 07e25da | 2018-12-16 18:21:58 +0000 | [diff] [blame] | 918 | |
| 919 | /* F_DNSSECOK as agument to search_servers() inhibits forwarding |
| 920 | to servers for domains without a trust anchor. This make the |
| 921 | behaviour for DS and DNSKEY queries we forward the same |
| 922 | as for DS and DNSKEY queries we originate. */ |
| 923 | if (qtype == T_DS || qtype == T_DNSKEY) |
| 924 | return F_DNSSECOK; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 925 | |
| 926 | return F_QUERY; |
| 927 | } |
| 928 | |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 929 | size_t setup_reply(struct dns_header *header, size_t qlen, |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 930 | union all_addr *addrp, unsigned int flags, unsigned long ttl) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 931 | { |
Simon Kelley | ad4a8ff | 2015-04-09 21:48:00 +0100 | [diff] [blame] | 932 | unsigned char *p; |
Simon Kelley | 07ed585 | 2018-05-04 21:52:22 +0100 | [diff] [blame] | 933 | |
Simon Kelley | ad4a8ff | 2015-04-09 21:48:00 +0100 | [diff] [blame] | 934 | if (!(p = skip_questions(header, qlen))) |
| 935 | return 0; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 936 | |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 937 | /* clear authoritative and truncated flags, set QR flag */ |
Simon Kelley | a220545 | 2018-10-22 18:21:48 +0100 | [diff] [blame] | 938 | header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC )) | HB3_QR; |
| 939 | /* clear AD flag, set RA flag */ |
| 940 | header->hb4 = (header->hb4 & ~HB4_AD) | HB4_RA; |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 941 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 942 | header->nscount = htons(0); |
| 943 | header->arcount = htons(0); |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 944 | header->ancount = htons(0); /* no answers unless changed below */ |
Simon Kelley | d05dd58 | 2016-01-19 21:23:30 +0000 | [diff] [blame] | 945 | if (flags == F_NOERR) |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 946 | SET_RCODE(header, NOERROR); /* empty domain */ |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 947 | else if (flags == F_NXDOMAIN) |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 948 | SET_RCODE(header, NXDOMAIN); |
Simon Kelley | 087eb76 | 2017-10-30 23:16:54 +0000 | [diff] [blame] | 949 | else if (flags == F_SERVFAIL) |
Simon Kelley | 07ed585 | 2018-05-04 21:52:22 +0100 | [diff] [blame] | 950 | { |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 951 | union all_addr a; |
| 952 | a.log.rcode = SERVFAIL; |
Simon Kelley | 07ed585 | 2018-05-04 21:52:22 +0100 | [diff] [blame] | 953 | log_query(F_CONFIG | F_RCODE, "error", &a, NULL); |
| 954 | SET_RCODE(header, SERVFAIL); |
| 955 | } |
Simon Kelley | c346f61 | 2018-09-04 21:14:18 +0100 | [diff] [blame] | 956 | else if (flags & ( F_IPV4 | F_IPV6)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 957 | { |
Simon Kelley | c346f61 | 2018-09-04 21:14:18 +0100 | [diff] [blame] | 958 | if (flags & F_IPV4) |
| 959 | { /* we know the address */ |
| 960 | SET_RCODE(header, NOERROR); |
| 961 | header->ancount = htons(1); |
| 962 | header->hb3 |= HB3_AA; |
| 963 | add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); |
| 964 | } |
| 965 | |
Simon Kelley | c346f61 | 2018-09-04 21:14:18 +0100 | [diff] [blame] | 966 | if (flags & F_IPV6) |
| 967 | { |
| 968 | SET_RCODE(header, NOERROR); |
| 969 | header->ancount = htons(ntohs(header->ancount) + 1); |
| 970 | header->hb3 |= HB3_AA; |
| 971 | add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_AAAA, C_IN, "6", addrp); |
| 972 | } |
Simon Kelley | c346f61 | 2018-09-04 21:14:18 +0100 | [diff] [blame] | 973 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 974 | else /* nowhere to forward to */ |
Simon Kelley | 07ed585 | 2018-05-04 21:52:22 +0100 | [diff] [blame] | 975 | { |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 976 | union all_addr a; |
| 977 | a.log.rcode = REFUSED; |
Simon Kelley | 07ed585 | 2018-05-04 21:52:22 +0100 | [diff] [blame] | 978 | log_query(F_CONFIG | F_RCODE, "error", &a, NULL); |
| 979 | SET_RCODE(header, REFUSED); |
| 980 | } |
| 981 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 982 | return p - (unsigned char *)header; |
| 983 | } |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 984 | |
| 985 | /* check if name matches local names ie from /etc/hosts or DHCP or local mx names. */ |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 986 | int check_for_local_domain(char *name, time_t now) |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 987 | { |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 988 | struct mx_srv_record *mx; |
| 989 | struct txt_record *txt; |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 990 | struct interface_name *intr; |
| 991 | struct ptr_record *ptr; |
Simon Kelley | 7de060b | 2011-08-26 17:24:52 +0100 | [diff] [blame] | 992 | struct naptr *naptr; |
| 993 | |
Simon Kelley | 7de060b | 2011-08-26 17:24:52 +0100 | [diff] [blame] | 994 | for (naptr = daemon->naptr; naptr; naptr = naptr->next) |
Simon Kelley | b6f926f | 2018-08-21 17:46:52 +0100 | [diff] [blame] | 995 | if (hostname_issubdomain(name, naptr->name)) |
Simon Kelley | 7de060b | 2011-08-26 17:24:52 +0100 | [diff] [blame] | 996 | return 1; |
| 997 | |
| 998 | for (mx = daemon->mxnames; mx; mx = mx->next) |
Simon Kelley | b6f926f | 2018-08-21 17:46:52 +0100 | [diff] [blame] | 999 | if (hostname_issubdomain(name, mx->name)) |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 1000 | return 1; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1001 | |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1002 | for (txt = daemon->txt; txt; txt = txt->next) |
Simon Kelley | b6f926f | 2018-08-21 17:46:52 +0100 | [diff] [blame] | 1003 | if (hostname_issubdomain(name, txt->name)) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1004 | return 1; |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1005 | |
| 1006 | for (intr = daemon->int_names; intr; intr = intr->next) |
Simon Kelley | b6f926f | 2018-08-21 17:46:52 +0100 | [diff] [blame] | 1007 | if (hostname_issubdomain(name, intr->name)) |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1008 | return 1; |
| 1009 | |
| 1010 | for (ptr = daemon->ptr; ptr; ptr = ptr->next) |
Simon Kelley | b6f926f | 2018-08-21 17:46:52 +0100 | [diff] [blame] | 1011 | if (hostname_issubdomain(name, ptr->name)) |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1012 | return 1; |
Simon Kelley | b6f926f | 2018-08-21 17:46:52 +0100 | [diff] [blame] | 1013 | |
| 1014 | if (cache_find_non_terminal(name, now)) |
| 1015 | return 1; |
| 1016 | |
Simon Kelley | 36717ee | 2004-09-20 19:20:58 +0100 | [diff] [blame] | 1017 | return 0; |
| 1018 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1019 | |
| 1020 | /* Is the packet a reply with the answer address equal to addr? |
| 1021 | If so mung is into an NXDOMAIN reply and also put that information |
| 1022 | in the cache. */ |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 1023 | int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name, |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1024 | struct bogus_addr *baddr, time_t now) |
| 1025 | { |
| 1026 | unsigned char *p; |
| 1027 | int i, qtype, qclass, rdlen; |
| 1028 | unsigned long ttl; |
| 1029 | struct bogus_addr *baddrp; |
| 1030 | |
| 1031 | /* skip over questions */ |
| 1032 | if (!(p = skip_questions(header, qlen))) |
| 1033 | return 0; /* bad packet */ |
| 1034 | |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 1035 | for (i = ntohs(header->ancount); i != 0; i--) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1036 | { |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1037 | if (!extract_name(header, qlen, &p, name, 1, 10)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1038 | return 0; /* bad packet */ |
| 1039 | |
| 1040 | GETSHORT(qtype, p); |
| 1041 | GETSHORT(qclass, p); |
| 1042 | GETLONG(ttl, p); |
| 1043 | GETSHORT(rdlen, p); |
| 1044 | |
| 1045 | if (qclass == C_IN && qtype == T_A) |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1046 | { |
| 1047 | if (!CHECK_LEN(header, p, qlen, INADDRSZ)) |
| 1048 | return 0; |
| 1049 | |
| 1050 | for (baddrp = baddr; baddrp; baddrp = baddrp->next) |
| 1051 | if (memcmp(&baddrp->addr, p, INADDRSZ) == 0) |
| 1052 | { |
| 1053 | /* Found a bogus address. Insert that info here, since there no SOA record |
| 1054 | to get the ttl from in the normal processing */ |
| 1055 | cache_start_insert(); |
Simon Kelley | 65a01b7 | 2018-12-31 23:56:33 +0000 | [diff] [blame] | 1056 | cache_insert(name, NULL, C_IN, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN); |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1057 | cache_end_insert(); |
| 1058 | |
| 1059 | return 1; |
| 1060 | } |
| 1061 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1062 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1063 | if (!ADD_RDLEN(header, p, qlen, rdlen)) |
| 1064 | return 0; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1065 | } |
| 1066 | |
| 1067 | return 0; |
| 1068 | } |
| 1069 | |
Glen Huang | 32fc6db | 2014-12-27 15:28:12 +0000 | [diff] [blame] | 1070 | int check_for_ignored_address(struct dns_header *header, size_t qlen, struct bogus_addr *baddr) |
| 1071 | { |
| 1072 | unsigned char *p; |
| 1073 | int i, qtype, qclass, rdlen; |
| 1074 | struct bogus_addr *baddrp; |
| 1075 | |
| 1076 | /* skip over questions */ |
| 1077 | if (!(p = skip_questions(header, qlen))) |
| 1078 | return 0; /* bad packet */ |
| 1079 | |
| 1080 | for (i = ntohs(header->ancount); i != 0; i--) |
| 1081 | { |
| 1082 | if (!(p = skip_name(p, header, qlen, 10))) |
| 1083 | return 0; /* bad packet */ |
| 1084 | |
| 1085 | GETSHORT(qtype, p); |
| 1086 | GETSHORT(qclass, p); |
| 1087 | p += 4; /* TTL */ |
| 1088 | GETSHORT(rdlen, p); |
| 1089 | |
| 1090 | if (qclass == C_IN && qtype == T_A) |
| 1091 | { |
| 1092 | if (!CHECK_LEN(header, p, qlen, INADDRSZ)) |
| 1093 | return 0; |
| 1094 | |
| 1095 | for (baddrp = baddr; baddrp; baddrp = baddrp->next) |
| 1096 | if (memcmp(&baddrp->addr, p, INADDRSZ) == 0) |
| 1097 | return 1; |
| 1098 | } |
| 1099 | |
| 1100 | if (!ADD_RDLEN(header, p, qlen, rdlen)) |
| 1101 | return 0; |
| 1102 | } |
| 1103 | |
| 1104 | return 0; |
| 1105 | } |
| 1106 | |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1107 | |
Simon Kelley | b75e936 | 2012-12-07 11:50:41 +0000 | [diff] [blame] | 1108 | int add_resource_record(struct dns_header *header, char *limit, int *truncp, int nameoffset, unsigned char **pp, |
Simon Kelley | e1ff419 | 2012-12-09 17:08:47 +0000 | [diff] [blame] | 1109 | unsigned long ttl, int *offset, unsigned short type, unsigned short class, char *format, ...) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1110 | { |
| 1111 | va_list ap; |
| 1112 | unsigned char *sav, *p = *pp; |
| 1113 | int j; |
| 1114 | unsigned short usval; |
| 1115 | long lval; |
| 1116 | char *sval; |
Simon Kelley | c366717 | 2017-10-13 23:26:29 +0100 | [diff] [blame] | 1117 | |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1118 | #define CHECK_LIMIT(size) \ |
Simon Kelley | c366717 | 2017-10-13 23:26:29 +0100 | [diff] [blame] | 1119 | if (limit && p + (size) > (unsigned char*)limit) goto truncated; |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1120 | |
Simon Kelley | 4f7b304 | 2012-11-28 21:27:02 +0000 | [diff] [blame] | 1121 | va_start(ap, format); /* make ap point to 1st unamed argument */ |
Simon Kelley | c366717 | 2017-10-13 23:26:29 +0100 | [diff] [blame] | 1122 | |
| 1123 | if (truncp && *truncp) |
| 1124 | goto truncated; |
| 1125 | |
Simon Kelley | b75e936 | 2012-12-07 11:50:41 +0000 | [diff] [blame] | 1126 | if (nameoffset > 0) |
Simon Kelley | 4f7b304 | 2012-11-28 21:27:02 +0000 | [diff] [blame] | 1127 | { |
Simon Kelley | 62cb936 | 2017-09-26 22:00:11 +0100 | [diff] [blame] | 1128 | CHECK_LIMIT(2); |
Simon Kelley | 4f7b304 | 2012-11-28 21:27:02 +0000 | [diff] [blame] | 1129 | PUTSHORT(nameoffset | 0xc000, p); |
| 1130 | } |
| 1131 | else |
| 1132 | { |
Simon Kelley | e1ff419 | 2012-12-09 17:08:47 +0000 | [diff] [blame] | 1133 | char *name = va_arg(ap, char *); |
Simon Kelley | 62cb936 | 2017-09-26 22:00:11 +0100 | [diff] [blame] | 1134 | if (name && !(p = do_rfc1035_name(p, name, limit))) |
Simon Kelley | c366717 | 2017-10-13 23:26:29 +0100 | [diff] [blame] | 1135 | goto truncated; |
Simon Kelley | 62cb936 | 2017-09-26 22:00:11 +0100 | [diff] [blame] | 1136 | |
Simon Kelley | b75e936 | 2012-12-07 11:50:41 +0000 | [diff] [blame] | 1137 | if (nameoffset < 0) |
| 1138 | { |
Simon Kelley | 62cb936 | 2017-09-26 22:00:11 +0100 | [diff] [blame] | 1139 | CHECK_LIMIT(2); |
Simon Kelley | b75e936 | 2012-12-07 11:50:41 +0000 | [diff] [blame] | 1140 | PUTSHORT(-nameoffset | 0xc000, p); |
| 1141 | } |
| 1142 | else |
Simon Kelley | 62cb936 | 2017-09-26 22:00:11 +0100 | [diff] [blame] | 1143 | { |
| 1144 | CHECK_LIMIT(1); |
| 1145 | *p++ = 0; |
| 1146 | } |
Simon Kelley | 4f7b304 | 2012-11-28 21:27:02 +0000 | [diff] [blame] | 1147 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1148 | |
Simon Kelley | 62cb936 | 2017-09-26 22:00:11 +0100 | [diff] [blame] | 1149 | /* type (2) + class (2) + ttl (4) + rdlen (2) */ |
| 1150 | CHECK_LIMIT(10); |
| 1151 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1152 | PUTSHORT(type, p); |
| 1153 | PUTSHORT(class, p); |
| 1154 | PUTLONG(ttl, p); /* TTL */ |
| 1155 | |
| 1156 | sav = p; /* Save pointer to RDLength field */ |
| 1157 | PUTSHORT(0, p); /* Placeholder RDLength */ |
| 1158 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1159 | for (; *format; format++) |
| 1160 | switch (*format) |
| 1161 | { |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1162 | case '6': |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1163 | CHECK_LIMIT(IN6ADDRSZ); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1164 | sval = va_arg(ap, char *); |
| 1165 | memcpy(p, sval, IN6ADDRSZ); |
| 1166 | p += IN6ADDRSZ; |
| 1167 | break; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1168 | |
| 1169 | case '4': |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1170 | CHECK_LIMIT(INADDRSZ); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1171 | sval = va_arg(ap, char *); |
| 1172 | memcpy(p, sval, INADDRSZ); |
| 1173 | p += INADDRSZ; |
| 1174 | break; |
| 1175 | |
Simon Kelley | 51ea3ca | 2014-01-22 19:31:38 +0000 | [diff] [blame] | 1176 | case 'b': |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1177 | CHECK_LIMIT(1); |
Simon Kelley | 51ea3ca | 2014-01-22 19:31:38 +0000 | [diff] [blame] | 1178 | usval = va_arg(ap, int); |
| 1179 | *p++ = usval; |
| 1180 | break; |
| 1181 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1182 | case 's': |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1183 | CHECK_LIMIT(2); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1184 | usval = va_arg(ap, int); |
| 1185 | PUTSHORT(usval, p); |
| 1186 | break; |
| 1187 | |
| 1188 | case 'l': |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1189 | CHECK_LIMIT(4); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1190 | lval = va_arg(ap, long); |
| 1191 | PUTLONG(lval, p); |
| 1192 | break; |
| 1193 | |
| 1194 | case 'd': |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1195 | /* get domain-name answer arg and store it in RDATA field */ |
| 1196 | if (offset) |
| 1197 | *offset = p - (unsigned char *)header; |
Simon Kelley | c366717 | 2017-10-13 23:26:29 +0100 | [diff] [blame] | 1198 | if (!(p = do_rfc1035_name(p, va_arg(ap, char *), limit))) |
| 1199 | goto truncated; |
| 1200 | CHECK_LIMIT(1); |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1201 | *p++ = 0; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1202 | break; |
Simon Kelley | 3d8df26 | 2005-08-29 12:19:27 +0100 | [diff] [blame] | 1203 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1204 | case 't': |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1205 | usval = va_arg(ap, int); |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1206 | CHECK_LIMIT(usval); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1207 | sval = va_arg(ap, char *); |
Simon Kelley | 9f7f3b1 | 2012-05-28 21:39:57 +0100 | [diff] [blame] | 1208 | if (usval != 0) |
| 1209 | memcpy(p, sval, usval); |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1210 | p += usval; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1211 | break; |
Simon Kelley | 1a6bca8 | 2008-07-11 11:11:42 +0100 | [diff] [blame] | 1212 | |
| 1213 | case 'z': |
| 1214 | sval = va_arg(ap, char *); |
| 1215 | usval = sval ? strlen(sval) : 0; |
| 1216 | if (usval > 255) |
| 1217 | usval = 255; |
Simon Kelley | 0549c73 | 2017-09-25 18:17:11 +0100 | [diff] [blame] | 1218 | CHECK_LIMIT(usval + 1); |
Simon Kelley | 1a6bca8 | 2008-07-11 11:11:42 +0100 | [diff] [blame] | 1219 | *p++ = (unsigned char)usval; |
| 1220 | memcpy(p, sval, usval); |
| 1221 | p += usval; |
| 1222 | break; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1223 | } |
| 1224 | |
| 1225 | va_end(ap); /* clean up variable argument pointer */ |
| 1226 | |
Simon Kelley | c366717 | 2017-10-13 23:26:29 +0100 | [diff] [blame] | 1227 | /* Now, store real RDLength. sav already checked against limit. */ |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1228 | j = p - sav - 2; |
Simon Kelley | c366717 | 2017-10-13 23:26:29 +0100 | [diff] [blame] | 1229 | PUTSHORT(j, sav); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1230 | |
| 1231 | *pp = p; |
| 1232 | return 1; |
Simon Kelley | c366717 | 2017-10-13 23:26:29 +0100 | [diff] [blame] | 1233 | |
| 1234 | truncated: |
| 1235 | va_end(ap); |
| 1236 | if (truncp) |
| 1237 | *truncp = 1; |
| 1238 | return 0; |
| 1239 | |
| 1240 | #undef CHECK_LIMIT |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1241 | } |
| 1242 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1243 | static unsigned long crec_ttl(struct crec *crecp, time_t now) |
| 1244 | { |
| 1245 | /* Return 0 ttl for DHCP entries, which might change |
Simon Kelley | 7480aef | 2016-02-26 21:58:20 +0000 | [diff] [blame] | 1246 | before the lease expires, unless configured otherwise. */ |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1247 | |
Simon Kelley | df3d54f | 2016-02-24 21:03:38 +0000 | [diff] [blame] | 1248 | if (crecp->flags & F_DHCP) |
Simon Kelley | 7480aef | 2016-02-26 21:58:20 +0000 | [diff] [blame] | 1249 | { |
| 1250 | int conf_ttl = daemon->use_dhcp_ttl ? daemon->dhcp_ttl : daemon->local_ttl; |
| 1251 | |
| 1252 | /* Apply ceiling of actual lease length to configured TTL. */ |
| 1253 | if (!(crecp->flags & F_IMMORTAL) && (crecp->ttd - now) < conf_ttl) |
| 1254 | return crecp->ttd - now; |
| 1255 | |
| 1256 | return conf_ttl; |
| 1257 | } |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1258 | |
Simon Kelley | df3d54f | 2016-02-24 21:03:38 +0000 | [diff] [blame] | 1259 | /* Immortal entries other than DHCP are local, and hold TTL in TTD field. */ |
| 1260 | if (crecp->flags & F_IMMORTAL) |
| 1261 | return crecp->ttd; |
| 1262 | |
klemens | 43517fc | 2017-02-19 15:53:37 +0000 | [diff] [blame] | 1263 | /* Return the Max TTL value if it is lower than the actual TTL */ |
Simon Kelley | 8ef5ada | 2010-06-03 19:42:45 +0100 | [diff] [blame] | 1264 | if (daemon->max_ttl == 0 || ((unsigned)(crecp->ttd - now) < daemon->max_ttl)) |
| 1265 | return crecp->ttd - now; |
| 1266 | else |
| 1267 | return daemon->max_ttl; |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1268 | } |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1269 | |
| 1270 | static int cache_validated(const struct crec *crecp) |
| 1271 | { |
| 1272 | return (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)); |
| 1273 | } |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1274 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1275 | /* return zero if we can't answer from cache, or packet size if we can */ |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 1276 | size_t answer_request(struct dns_header *header, char *limit, size_t qlen, |
Simon Kelley | 83349b8 | 2014-02-10 21:02:01 +0000 | [diff] [blame] | 1277 | struct in_addr local_addr, struct in_addr local_netmask, |
Simon Kelley | fa14bec | 2015-12-20 17:12:16 +0000 | [diff] [blame] | 1278 | time_t now, int ad_reqd, int do_bit, int have_pseudoheader) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1279 | { |
Simon Kelley | 3be3454 | 2004-09-11 19:12:13 +0100 | [diff] [blame] | 1280 | char *name = daemon->namebuff; |
Simon Kelley | fa14bec | 2015-12-20 17:12:16 +0000 | [diff] [blame] | 1281 | unsigned char *p, *ansp; |
Simon Kelley | 3f7483e | 2014-03-16 22:56:58 +0000 | [diff] [blame] | 1282 | unsigned int qtype, qclass; |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1283 | union all_addr addr; |
Simon Kelley | b75e936 | 2012-12-07 11:50:41 +0000 | [diff] [blame] | 1284 | int nameoffset; |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1285 | unsigned short flag; |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1286 | int q, ans, anscount = 0, addncount = 0; |
Simon Kelley | fa14bec | 2015-12-20 17:12:16 +0000 | [diff] [blame] | 1287 | int dryrun = 0; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1288 | struct crec *crecp; |
Vladislav Grishenko | cf59843 | 2018-10-18 04:55:21 +0500 | [diff] [blame] | 1289 | int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1; |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1290 | struct mx_srv_record *rec; |
Simon Kelley | a25720a | 2014-01-14 23:13:55 +0000 | [diff] [blame] | 1291 | size_t len; |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1292 | int rd_bit = (header->hb3 & HB3_RD); |
Simon Kelley | fa78573 | 2016-07-22 20:56:01 +0100 | [diff] [blame] | 1293 | |
Simon Kelley | 4139298 | 2018-09-19 22:27:11 +0100 | [diff] [blame] | 1294 | /* never answer queries with RD unset, to avoid cache snooping. */ |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1295 | if (ntohs(header->ancount) != 0 || |
Simon Kelley | dd4ad9a | 2015-12-17 10:44:58 +0000 | [diff] [blame] | 1296 | ntohs(header->nscount) != 0 || |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1297 | ntohs(header->qdcount) == 0 || |
Simon Kelley | dd4ad9a | 2015-12-17 10:44:58 +0000 | [diff] [blame] | 1298 | OPCODE(header) != QUERY ) |
| 1299 | return 0; |
Simon Kelley | 087eb76 | 2017-10-30 23:16:54 +0000 | [diff] [blame] | 1300 | |
Simon Kelley | e243c07 | 2014-02-06 18:14:09 +0000 | [diff] [blame] | 1301 | /* Don't return AD set if checking disabled. */ |
Simon Kelley | a25720a | 2014-01-14 23:13:55 +0000 | [diff] [blame] | 1302 | if (header->hb4 & HB4_CD) |
| 1303 | sec_data = 0; |
Simon Kelley | 83349b8 | 2014-02-10 21:02:01 +0000 | [diff] [blame] | 1304 | |
Simon Kelley | dd4ad9a | 2015-12-17 10:44:58 +0000 | [diff] [blame] | 1305 | /* If there is an additional data section then it will be overwritten by |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1306 | partial replies, so we have to do a dry run to see if we can answer |
Simon Kelley | dd4ad9a | 2015-12-17 10:44:58 +0000 | [diff] [blame] | 1307 | the query. */ |
Simon Kelley | dd4ad9a | 2015-12-17 10:44:58 +0000 | [diff] [blame] | 1308 | if (ntohs(header->arcount) != 0) |
Simon Kelley | fa14bec | 2015-12-20 17:12:16 +0000 | [diff] [blame] | 1309 | dryrun = 1; |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1310 | |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1311 | for (rec = daemon->mxnames; rec; rec = rec->next) |
| 1312 | rec->offset = 0; |
| 1313 | |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1314 | rerun: |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1315 | /* determine end of question section (we put answers there) */ |
| 1316 | if (!(ansp = skip_questions(header, qlen))) |
| 1317 | return 0; /* bad packet */ |
| 1318 | |
| 1319 | /* now process each question, answers go in RRs after the question */ |
| 1320 | p = (unsigned char *)(header+1); |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1321 | |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 1322 | for (q = ntohs(header->qdcount); q != 0; q--) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1323 | { |
Simon Kelley | 1aef66b | 2019-11-30 21:07:15 +0000 | [diff] [blame] | 1324 | int count = 255; /* catch loops */ |
| 1325 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1326 | /* save pointer to name for copying into answers */ |
| 1327 | nameoffset = p - (unsigned char *)header; |
| 1328 | |
| 1329 | /* now extract name as .-concatenated string into name */ |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1330 | if (!extract_name(header, qlen, &p, name, 1, 4)) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1331 | return 0; /* bad packet */ |
Simon Kelley | 832af0b | 2007-01-21 20:01:28 +0000 | [diff] [blame] | 1332 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1333 | GETSHORT(qtype, p); |
| 1334 | GETSHORT(qclass, p); |
| 1335 | |
| 1336 | ans = 0; /* have we answered this question */ |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1337 | |
Simon Kelley | 1aef66b | 2019-11-30 21:07:15 +0000 | [diff] [blame] | 1338 | while (--count != 0 && (crecp = cache_find_by_name(NULL, name, now, F_CNAME))) |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1339 | { |
| 1340 | char *cname_target = cache_get_cname_target(crecp); |
| 1341 | |
| 1342 | /* If the client asked for DNSSEC don't use cached data. */ |
| 1343 | if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1344 | (rd_bit && (!do_bit || cache_validated(crecp)))) |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1345 | { |
| 1346 | if (crecp->flags & F_CONFIG || qtype == T_CNAME) |
| 1347 | ans = 1; |
| 1348 | |
| 1349 | if (!(crecp->flags & F_DNSSECOK)) |
| 1350 | sec_data = 0; |
| 1351 | |
| 1352 | if (!dryrun) |
| 1353 | { |
| 1354 | log_query(crecp->flags, name, NULL, record_source(crecp->uid)); |
| 1355 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1356 | crec_ttl(crecp, now), &nameoffset, |
| 1357 | T_CNAME, C_IN, "d", cname_target)) |
| 1358 | anscount++; |
| 1359 | } |
Simon Kelley | 4a1c21d | 2019-11-30 20:59:44 +0000 | [diff] [blame] | 1360 | |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1361 | } |
Simon Kelley | 1eb6ced | 2020-11-14 15:29:34 +0000 | [diff] [blame] | 1362 | else |
| 1363 | return 0; /* give up if any cached CNAME in chain can't be used for DNSSEC reasons. */ |
Simon Kelley | 4a1c21d | 2019-11-30 20:59:44 +0000 | [diff] [blame] | 1364 | |
| 1365 | strcpy(name, cname_target); |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1366 | } |
| 1367 | |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1368 | if (qtype == T_TXT || qtype == T_ANY) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1369 | { |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1370 | struct txt_record *t; |
| 1371 | for(t = daemon->txt; t ; t = t->next) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1372 | { |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1373 | if (t->class == qclass && hostname_isequal(name, t->name)) |
| 1374 | { |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1375 | ans = 1, sec_data = 0; |
Simon Kelley | e17fb62 | 2006-01-14 20:33:46 +0000 | [diff] [blame] | 1376 | if (!dryrun) |
| 1377 | { |
Simon Kelley | fec216d | 2014-03-27 20:54:34 +0000 | [diff] [blame] | 1378 | unsigned long ttl = daemon->local_ttl; |
| 1379 | int ok = 1; |
Kevin Darbyshire-Bryant | 7ac9ae1 | 2016-09-09 20:52:08 +0100 | [diff] [blame] | 1380 | #ifndef NO_ID |
Simon Kelley | fec216d | 2014-03-27 20:54:34 +0000 | [diff] [blame] | 1381 | /* Dynamically generate stat record */ |
| 1382 | if (t->stat != 0) |
| 1383 | { |
| 1384 | ttl = 0; |
| 1385 | if (!cache_make_stat(t)) |
| 1386 | ok = 0; |
| 1387 | } |
Kevin Darbyshire-Bryant | 7ac9ae1 | 2016-09-09 20:52:08 +0100 | [diff] [blame] | 1388 | #endif |
Simon Kelley | cbb5b17 | 2018-10-23 23:45:57 +0100 | [diff] [blame] | 1389 | if (ok) |
| 1390 | { |
| 1391 | log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>"); |
| 1392 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1393 | ttl, NULL, |
| 1394 | T_TXT, t->class, "t", t->len, t->txt)) |
| 1395 | anscount++; |
| 1396 | } |
Simon Kelley | e17fb62 | 2006-01-14 20:33:46 +0000 | [diff] [blame] | 1397 | } |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1398 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1399 | } |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1400 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1401 | |
Vladislav Grishenko | cf59843 | 2018-10-18 04:55:21 +0500 | [diff] [blame] | 1402 | if (qclass == C_CHAOS) |
| 1403 | { |
Simon Kelley | cbb5b17 | 2018-10-23 23:45:57 +0100 | [diff] [blame] | 1404 | /* don't forward *.bind and *.server chaos queries - always reply with NOTIMP */ |
Vladislav Grishenko | cf59843 | 2018-10-18 04:55:21 +0500 | [diff] [blame] | 1405 | if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name)) |
| 1406 | { |
| 1407 | if (!ans) |
Simon Kelley | cbb5b17 | 2018-10-23 23:45:57 +0100 | [diff] [blame] | 1408 | { |
| 1409 | notimp = 1, auth = 0; |
| 1410 | if (!dryrun) |
| 1411 | { |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1412 | addr.log.rcode = NOTIMP; |
Simon Kelley | cbb5b17 | 2018-10-23 23:45:57 +0100 | [diff] [blame] | 1413 | log_query(F_CONFIG | F_RCODE, name, &addr, NULL); |
| 1414 | } |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1415 | ans = 1, sec_data = 0; |
Simon Kelley | cbb5b17 | 2018-10-23 23:45:57 +0100 | [diff] [blame] | 1416 | } |
Vladislav Grishenko | cf59843 | 2018-10-18 04:55:21 +0500 | [diff] [blame] | 1417 | } |
| 1418 | } |
| 1419 | |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1420 | if (qclass == C_IN) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1421 | { |
Simon Kelley | 9f7f3b1 | 2012-05-28 21:39:57 +0100 | [diff] [blame] | 1422 | struct txt_record *t; |
| 1423 | |
| 1424 | for (t = daemon->rr; t; t = t->next) |
| 1425 | if ((t->class == qtype || qtype == T_ANY) && hostname_isequal(name, t->name)) |
| 1426 | { |
| 1427 | ans = 1; |
Simon Kelley | 93be5b1 | 2015-12-15 12:04:40 +0000 | [diff] [blame] | 1428 | sec_data = 0; |
Simon Kelley | 9f7f3b1 | 2012-05-28 21:39:57 +0100 | [diff] [blame] | 1429 | if (!dryrun) |
| 1430 | { |
Simon Kelley | b758b67 | 2018-08-23 21:41:23 +0100 | [diff] [blame] | 1431 | log_query(F_CONFIG | F_RRNAME, name, NULL, querystr(NULL, t->class)); |
Simon Kelley | 9f7f3b1 | 2012-05-28 21:39:57 +0100 | [diff] [blame] | 1432 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1433 | daemon->local_ttl, NULL, |
| 1434 | t->class, C_IN, "t", t->len, t->txt)) |
Simon Kelley | 97f876b | 2018-08-21 22:06:36 +0100 | [diff] [blame] | 1435 | anscount++; |
Simon Kelley | 9f7f3b1 | 2012-05-28 21:39:57 +0100 | [diff] [blame] | 1436 | } |
| 1437 | } |
| 1438 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1439 | if (qtype == T_PTR || qtype == T_ANY) |
Simon Kelley | c1bb850 | 2004-08-11 18:40:17 +0100 | [diff] [blame] | 1440 | { |
Simon Kelley | 832af0b | 2007-01-21 20:01:28 +0000 | [diff] [blame] | 1441 | /* see if it's w.z.y.z.in-addr.arpa format */ |
| 1442 | int is_arpa = in_arpa_name_2_addr(name, &addr); |
| 1443 | struct ptr_record *ptr; |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1444 | struct interface_name* intr = NULL; |
Simon Kelley | 832af0b | 2007-01-21 20:01:28 +0000 | [diff] [blame] | 1445 | |
| 1446 | for (ptr = daemon->ptr; ptr; ptr = ptr->next) |
| 1447 | if (hostname_isequal(name, ptr->name)) |
| 1448 | break; |
| 1449 | |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1450 | if (is_arpa == F_IPV4) |
| 1451 | for (intr = daemon->int_names; intr; intr = intr->next) |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 1452 | { |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1453 | struct addrlist *addrlist; |
| 1454 | |
Simon Kelley | 376d48c | 2013-11-13 13:04:30 +0000 | [diff] [blame] | 1455 | for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1456 | if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr4.s_addr == addrlist->addr.addr4.s_addr) |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1457 | break; |
| 1458 | |
| 1459 | if (addrlist) |
Simon Kelley | 5aabfc7 | 2007-08-29 11:24:47 +0100 | [diff] [blame] | 1460 | break; |
| 1461 | else |
| 1462 | while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) |
| 1463 | intr = intr->next; |
| 1464 | } |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1465 | else if (is_arpa == F_IPV6) |
| 1466 | for (intr = daemon->int_names; intr; intr = intr->next) |
| 1467 | { |
| 1468 | struct addrlist *addrlist; |
| 1469 | |
Simon Kelley | 376d48c | 2013-11-13 13:04:30 +0000 | [diff] [blame] | 1470 | for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1471 | if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr6, &addrlist->addr.addr6)) |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1472 | break; |
| 1473 | |
| 1474 | if (addrlist) |
| 1475 | break; |
| 1476 | else |
| 1477 | while (intr->next && strcmp(intr->intr, intr->next->intr) == 0) |
| 1478 | intr = intr->next; |
| 1479 | } |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1480 | |
| 1481 | if (intr) |
| 1482 | { |
Simon Kelley | 93be5b1 | 2015-12-15 12:04:40 +0000 | [diff] [blame] | 1483 | sec_data = 0; |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1484 | ans = 1; |
| 1485 | if (!dryrun) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1486 | { |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1487 | log_query(is_arpa | F_REVERSE | F_CONFIG, intr->name, &addr, NULL); |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1488 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1489 | daemon->local_ttl, NULL, |
| 1490 | T_PTR, C_IN, "d", intr->name)) |
| 1491 | anscount++; |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1492 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1493 | } |
Simon Kelley | 832af0b | 2007-01-21 20:01:28 +0000 | [diff] [blame] | 1494 | else if (ptr) |
| 1495 | { |
| 1496 | ans = 1; |
Simon Kelley | 93be5b1 | 2015-12-15 12:04:40 +0000 | [diff] [blame] | 1497 | sec_data = 0; |
Simon Kelley | 832af0b | 2007-01-21 20:01:28 +0000 | [diff] [blame] | 1498 | if (!dryrun) |
| 1499 | { |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1500 | log_query(F_CONFIG | F_RRNAME, name, NULL, "<PTR>"); |
Simon Kelley | 832af0b | 2007-01-21 20:01:28 +0000 | [diff] [blame] | 1501 | for (ptr = daemon->ptr; ptr; ptr = ptr->next) |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1502 | if (hostname_isequal(name, ptr->name) && |
| 1503 | add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1504 | daemon->local_ttl, NULL, |
| 1505 | T_PTR, C_IN, "d", ptr->ptr)) |
| 1506 | anscount++; |
| 1507 | |
Simon Kelley | 832af0b | 2007-01-21 20:01:28 +0000 | [diff] [blame] | 1508 | } |
| 1509 | } |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1510 | else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa))) |
Simon Kelley | 2d33bda | 2014-01-24 22:37:25 +0000 | [diff] [blame] | 1511 | { |
Simon Kelley | dd4ad9a | 2015-12-17 10:44:58 +0000 | [diff] [blame] | 1512 | /* Don't use cache when DNSSEC data required, unless we know that |
| 1513 | the zone is unsigned, which implies that we're doing |
| 1514 | validation. */ |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1515 | if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || |
| 1516 | (rd_bit && (!do_bit || cache_validated(crecp)) )) |
Simon Kelley | 2d33bda | 2014-01-24 22:37:25 +0000 | [diff] [blame] | 1517 | { |
| 1518 | do |
| 1519 | { |
| 1520 | /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */ |
| 1521 | if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP))) |
| 1522 | continue; |
| 1523 | |
| 1524 | if (!(crecp->flags & F_DNSSECOK)) |
| 1525 | sec_data = 0; |
Simon Kelley | 93be5b1 | 2015-12-15 12:04:40 +0000 | [diff] [blame] | 1526 | |
| 1527 | ans = 1; |
| 1528 | |
Simon Kelley | 2d33bda | 2014-01-24 22:37:25 +0000 | [diff] [blame] | 1529 | if (crecp->flags & F_NEG) |
| 1530 | { |
Simon Kelley | 2d33bda | 2014-01-24 22:37:25 +0000 | [diff] [blame] | 1531 | auth = 0; |
| 1532 | if (crecp->flags & F_NXDOMAIN) |
| 1533 | nxdomain = 1; |
| 1534 | if (!dryrun) |
| 1535 | log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL); |
| 1536 | } |
Simon Kelley | 93be5b1 | 2015-12-15 12:04:40 +0000 | [diff] [blame] | 1537 | else |
Simon Kelley | 2d33bda | 2014-01-24 22:37:25 +0000 | [diff] [blame] | 1538 | { |
Simon Kelley | 2d33bda | 2014-01-24 22:37:25 +0000 | [diff] [blame] | 1539 | if (!(crecp->flags & (F_HOSTS | F_DHCP))) |
| 1540 | auth = 0; |
| 1541 | if (!dryrun) |
| 1542 | { |
| 1543 | log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr, |
| 1544 | record_source(crecp->uid)); |
| 1545 | |
| 1546 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1547 | crec_ttl(crecp, now), NULL, |
| 1548 | T_PTR, C_IN, "d", cache_get_name(crecp))) |
| 1549 | anscount++; |
| 1550 | } |
| 1551 | } |
| 1552 | } while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa))); |
| 1553 | } |
| 1554 | } |
Simon Kelley | 2bb73af | 2013-04-24 17:38:19 +0100 | [diff] [blame] | 1555 | else if (is_rev_synth(is_arpa, &addr, name)) |
| 1556 | { |
| 1557 | ans = 1; |
Simon Kelley | 93be5b1 | 2015-12-15 12:04:40 +0000 | [diff] [blame] | 1558 | sec_data = 0; |
Simon Kelley | 2bb73af | 2013-04-24 17:38:19 +0100 | [diff] [blame] | 1559 | if (!dryrun) |
| 1560 | { |
| 1561 | log_query(F_CONFIG | F_REVERSE | is_arpa, name, &addr, NULL); |
| 1562 | |
| 1563 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1564 | daemon->local_ttl, NULL, |
| 1565 | T_PTR, C_IN, "d", name)) |
| 1566 | anscount++; |
| 1567 | } |
| 1568 | } |
Simon Kelley | fca008d | 2017-02-19 18:50:41 +0000 | [diff] [blame] | 1569 | else if (option_bool(OPT_BOGUSPRIV) && ( |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1570 | (is_arpa == F_IPV6 && private_net6(&addr.addr6)) || |
| 1571 | (is_arpa == F_IPV4 && private_net(addr.addr4, 1)))) |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1572 | { |
Vladislav Grishenko | 5a7212c | 2017-04-24 22:19:57 +0100 | [diff] [blame] | 1573 | struct server *serv; |
| 1574 | unsigned int namelen = strlen(name); |
| 1575 | char *nameend = name + namelen; |
| 1576 | |
| 1577 | /* see if have rev-server set */ |
| 1578 | for (serv = daemon->servers; serv; serv = serv->next) |
| 1579 | { |
| 1580 | unsigned int domainlen; |
| 1581 | char *matchstart; |
| 1582 | |
| 1583 | if ((serv->flags & (SERV_HAS_DOMAIN | SERV_NO_ADDR)) != SERV_HAS_DOMAIN) |
| 1584 | continue; |
| 1585 | |
| 1586 | domainlen = strlen(serv->domain); |
| 1587 | if (domainlen == 0 || domainlen > namelen) |
| 1588 | continue; |
| 1589 | |
| 1590 | matchstart = nameend - domainlen; |
| 1591 | if (hostname_isequal(matchstart, serv->domain) && |
| 1592 | (namelen == domainlen || *(matchstart-1) == '.' )) |
| 1593 | break; |
| 1594 | } |
| 1595 | |
| 1596 | /* if no configured server, not in cache, enabled and private IPV4 address, return NXDOMAIN */ |
| 1597 | if (!serv) |
| 1598 | { |
| 1599 | ans = 1; |
| 1600 | sec_data = 0; |
| 1601 | nxdomain = 1; |
| 1602 | if (!dryrun) |
| 1603 | log_query(F_CONFIG | F_REVERSE | is_arpa | F_NEG | F_NXDOMAIN, |
| 1604 | name, &addr, NULL); |
| 1605 | } |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1606 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1607 | } |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1608 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1609 | for (flag = F_IPV4; flag; flag = (flag == F_IPV4) ? F_IPV6 : 0) |
| 1610 | { |
Simon Kelley | ee87504 | 2018-10-23 22:10:17 +0100 | [diff] [blame] | 1611 | unsigned short type = (flag == F_IPV6) ? T_AAAA : T_A; |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1612 | struct interface_name *intr; |
| 1613 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1614 | if (qtype != type && qtype != T_ANY) |
| 1615 | continue; |
| 1616 | |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1617 | /* interface name stuff */ |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1618 | for (intr = daemon->int_names; intr; intr = intr->next) |
| 1619 | if (hostname_isequal(name, intr->name)) |
| 1620 | break; |
| 1621 | |
| 1622 | if (intr) |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1623 | { |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1624 | struct addrlist *addrlist; |
Simon Kelley | d42d470 | 2017-02-02 16:52:06 +0000 | [diff] [blame] | 1625 | int gotit = 0, localise = 0; |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1626 | |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1627 | enumerate_interfaces(0); |
Simon Kelley | d42d470 | 2017-02-02 16:52:06 +0000 | [diff] [blame] | 1628 | |
klemens | 43517fc | 2017-02-19 15:53:37 +0000 | [diff] [blame] | 1629 | /* See if a putative address is on the network from which we received |
Simon Kelley | d42d470 | 2017-02-02 16:52:06 +0000 | [diff] [blame] | 1630 | the query, is so we'll filter other answers. */ |
| 1631 | if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && type == T_A) |
| 1632 | for (intr = daemon->int_names; intr; intr = intr->next) |
| 1633 | if (hostname_isequal(name, intr->name)) |
| 1634 | for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) |
Simon Kelley | ee87504 | 2018-10-23 22:10:17 +0100 | [diff] [blame] | 1635 | if (!(addrlist->flags & ADDRLIST_IPV6) && |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1636 | is_same_net(addrlist->addr.addr4, local_addr, local_netmask)) |
Simon Kelley | ee87504 | 2018-10-23 22:10:17 +0100 | [diff] [blame] | 1637 | { |
| 1638 | localise = 1; |
| 1639 | break; |
| 1640 | } |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1641 | |
Simon Kelley | fb63dd1 | 2013-10-21 18:19:35 +0100 | [diff] [blame] | 1642 | for (intr = daemon->int_names; intr; intr = intr->next) |
| 1643 | if (hostname_isequal(name, intr->name)) |
| 1644 | { |
Simon Kelley | 4766936 | 2014-12-17 12:41:56 +0000 | [diff] [blame] | 1645 | for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) |
Simon Kelley | 4766936 | 2014-12-17 12:41:56 +0000 | [diff] [blame] | 1646 | if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) |
Simon Kelley | 4766936 | 2014-12-17 12:41:56 +0000 | [diff] [blame] | 1647 | { |
Simon Kelley | d42d470 | 2017-02-02 16:52:06 +0000 | [diff] [blame] | 1648 | if (localise && |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1649 | !is_same_net(addrlist->addr.addr4, local_addr, local_netmask)) |
Simon Kelley | d42d470 | 2017-02-02 16:52:06 +0000 | [diff] [blame] | 1650 | continue; |
| 1651 | |
Simon Kelley | 4766936 | 2014-12-17 12:41:56 +0000 | [diff] [blame] | 1652 | if (addrlist->flags & ADDRLIST_REVONLY) |
| 1653 | continue; |
Simon Kelley | ee87504 | 2018-10-23 22:10:17 +0100 | [diff] [blame] | 1654 | |
Simon Kelley | 4766936 | 2014-12-17 12:41:56 +0000 | [diff] [blame] | 1655 | ans = 1; |
Simon Kelley | 93be5b1 | 2015-12-15 12:04:40 +0000 | [diff] [blame] | 1656 | sec_data = 0; |
Simon Kelley | 4766936 | 2014-12-17 12:41:56 +0000 | [diff] [blame] | 1657 | if (!dryrun) |
Simon Kelley | 376d48c | 2013-11-13 13:04:30 +0000 | [diff] [blame] | 1658 | { |
| 1659 | gotit = 1; |
| 1660 | log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); |
| 1661 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1662 | daemon->local_ttl, NULL, type, C_IN, |
| 1663 | type == T_A ? "4" : "6", &addrlist->addr)) |
| 1664 | anscount++; |
| 1665 | } |
Simon Kelley | 4766936 | 2014-12-17 12:41:56 +0000 | [diff] [blame] | 1666 | } |
Simon Kelley | fb63dd1 | 2013-10-21 18:19:35 +0100 | [diff] [blame] | 1667 | } |
| 1668 | |
| 1669 | if (!dryrun && !gotit) |
| 1670 | log_query(F_FORWARD | F_CONFIG | flag | F_NEG, name, NULL, NULL); |
| 1671 | |
Simon Kelley | 115ac3e | 2013-05-20 11:28:32 +0100 | [diff] [blame] | 1672 | continue; |
Simon Kelley | f2621c7 | 2007-04-29 19:47:21 +0100 | [diff] [blame] | 1673 | } |
| 1674 | |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1675 | if ((crecp = cache_find_by_name(NULL, name, now, flag | (dryrun ? F_NO_RR : 0)))) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1676 | { |
| 1677 | int localise = 0; |
| 1678 | |
Josh Soref | 730c674 | 2017-02-06 16:14:04 +0000 | [diff] [blame] | 1679 | /* See if a putative address is on the network from which we received |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1680 | the query, is so we'll filter other answers. */ |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1681 | if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && flag == F_IPV4) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1682 | { |
| 1683 | struct crec *save = crecp; |
| 1684 | do { |
| 1685 | if ((crecp->flags & F_HOSTS) && |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1686 | is_same_net(crecp->addr.addr4, local_addr, local_netmask)) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1687 | { |
| 1688 | localise = 1; |
| 1689 | break; |
| 1690 | } |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1691 | } while ((crecp = cache_find_by_name(crecp, name, now, flag))); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1692 | crecp = save; |
| 1693 | } |
Simon Kelley | 824202e | 2014-01-23 20:59:46 +0000 | [diff] [blame] | 1694 | |
Simon Kelley | 93be5b1 | 2015-12-15 12:04:40 +0000 | [diff] [blame] | 1695 | /* If the client asked for DNSSEC don't use cached data. */ |
Simon Kelley | a997ca0 | 2018-06-29 14:39:41 +0100 | [diff] [blame] | 1696 | if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1697 | (rd_bit && (!do_bit || cache_validated(crecp)) )) |
Simon Kelley | 824202e | 2014-01-23 20:59:46 +0000 | [diff] [blame] | 1698 | do |
| 1699 | { |
| 1700 | /* don't answer wildcard queries with data not from /etc/hosts |
| 1701 | or DHCP leases */ |
| 1702 | if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG))) |
| 1703 | break; |
| 1704 | |
| 1705 | if (!(crecp->flags & F_DNSSECOK)) |
| 1706 | sec_data = 0; |
| 1707 | |
Simon Kelley | 824202e | 2014-01-23 20:59:46 +0000 | [diff] [blame] | 1708 | if (crecp->flags & F_NEG) |
| 1709 | { |
Simon Kelley | fa14bec | 2015-12-20 17:12:16 +0000 | [diff] [blame] | 1710 | ans = 1; |
| 1711 | auth = 0; |
| 1712 | if (crecp->flags & F_NXDOMAIN) |
| 1713 | nxdomain = 1; |
| 1714 | if (!dryrun) |
| 1715 | log_query(crecp->flags, name, NULL, NULL); |
Simon Kelley | 824202e | 2014-01-23 20:59:46 +0000 | [diff] [blame] | 1716 | } |
| 1717 | else |
| 1718 | { |
| 1719 | /* If we are returning local answers depending on network, |
| 1720 | filter here. */ |
| 1721 | if (localise && |
| 1722 | (crecp->flags & F_HOSTS) && |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1723 | !is_same_net(crecp->addr.addr4, local_addr, local_netmask)) |
Simon Kelley | 824202e | 2014-01-23 20:59:46 +0000 | [diff] [blame] | 1724 | continue; |
| 1725 | |
| 1726 | if (!(crecp->flags & (F_HOSTS | F_DHCP))) |
| 1727 | auth = 0; |
| 1728 | |
| 1729 | ans = 1; |
| 1730 | if (!dryrun) |
| 1731 | { |
Simon Kelley | cc921df | 2019-01-02 22:48:59 +0000 | [diff] [blame] | 1732 | log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr, |
Simon Kelley | 824202e | 2014-01-23 20:59:46 +0000 | [diff] [blame] | 1733 | record_source(crecp->uid)); |
| 1734 | |
| 1735 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1736 | crec_ttl(crecp, now), NULL, type, C_IN, |
| 1737 | type == T_A ? "4" : "6", &crecp->addr)) |
| 1738 | anscount++; |
| 1739 | } |
| 1740 | } |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1741 | } while ((crecp = cache_find_by_name(crecp, name, now, flag))); |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1742 | } |
Simon Kelley | 2bb73af | 2013-04-24 17:38:19 +0100 | [diff] [blame] | 1743 | else if (is_name_synthetic(flag, name, &addr)) |
| 1744 | { |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1745 | ans = 1, sec_data = 0; |
Simon Kelley | 2bb73af | 2013-04-24 17:38:19 +0100 | [diff] [blame] | 1746 | if (!dryrun) |
| 1747 | { |
| 1748 | log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL); |
| 1749 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1750 | daemon->local_ttl, NULL, type, C_IN, type == T_A ? "4" : "6", &addr)) |
| 1751 | anscount++; |
| 1752 | } |
| 1753 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1754 | } |
Simon Kelley | d1c759c | 2012-04-16 17:26:19 +0100 | [diff] [blame] | 1755 | |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1756 | if (qtype == T_MX || qtype == T_ANY) |
| 1757 | { |
| 1758 | int found = 0; |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1759 | for (rec = daemon->mxnames; rec; rec = rec->next) |
| 1760 | if (!rec->issrv && hostname_isequal(name, rec->name)) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1761 | { |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1762 | ans = found = 1; |
| 1763 | sec_data = 0; |
| 1764 | if (!dryrun) |
| 1765 | { |
| 1766 | int offset; |
| 1767 | log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>"); |
| 1768 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, |
| 1769 | &offset, T_MX, C_IN, "sd", rec->weight, rec->target)) |
| 1770 | { |
| 1771 | anscount++; |
| 1772 | if (rec->target) |
| 1773 | rec->offset = offset; |
| 1774 | } |
| 1775 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1776 | } |
| 1777 | |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1778 | if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) && |
Simon Kelley | 12fae49 | 2014-02-04 22:03:06 +0000 | [diff] [blame] | 1779 | cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP | F_NO_RR)) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1780 | { |
| 1781 | ans = 1; |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1782 | sec_data = 0; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1783 | if (!dryrun) |
| 1784 | { |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1785 | log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>"); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1786 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, |
| 1787 | T_MX, C_IN, "sd", 1, |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1788 | option_bool(OPT_SELFMX) ? name : daemon->mxtarget)) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1789 | anscount++; |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1790 | } |
| 1791 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1792 | } |
| 1793 | |
| 1794 | if (qtype == T_SRV || qtype == T_ANY) |
| 1795 | { |
| 1796 | int found = 0; |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1797 | struct mx_srv_record *move = NULL, **up = &daemon->mxnames; |
| 1798 | |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1799 | for (rec = daemon->mxnames; rec; rec = rec->next) |
| 1800 | if (rec->issrv && hostname_isequal(name, rec->name)) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1801 | { |
| 1802 | found = ans = 1; |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1803 | sec_data = 0; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1804 | if (!dryrun) |
| 1805 | { |
Simon Kelley | e1ff419 | 2012-12-09 17:08:47 +0000 | [diff] [blame] | 1806 | int offset; |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1807 | log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>"); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1808 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1809 | &offset, T_SRV, C_IN, "sssd", |
| 1810 | rec->priority, rec->weight, rec->srvport, rec->target)) |
| 1811 | { |
| 1812 | anscount++; |
| 1813 | if (rec->target) |
| 1814 | rec->offset = offset; |
| 1815 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1816 | } |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1817 | |
| 1818 | /* unlink first SRV record found */ |
| 1819 | if (!move) |
| 1820 | { |
| 1821 | move = rec; |
| 1822 | *up = rec->next; |
| 1823 | } |
| 1824 | else |
| 1825 | up = &rec->next; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1826 | } |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1827 | else |
| 1828 | up = &rec->next; |
| 1829 | |
| 1830 | /* put first SRV record back at the end. */ |
| 1831 | if (move) |
| 1832 | { |
| 1833 | *up = move; |
| 1834 | move->next = NULL; |
| 1835 | } |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 1836 | |
| 1837 | if (!found) |
| 1838 | { |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1839 | if ((crecp = cache_find_by_name(NULL, name, now, F_SRV | (dryrun ? F_NO_RR : 0))) && |
Petr MenÅ¡Ãk | 29ae308 | 2019-04-12 15:29:00 +0200 | [diff] [blame] | 1840 | rd_bit && (!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))) |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 1841 | { |
| 1842 | if (!(crecp->flags & F_DNSSECOK)) |
| 1843 | sec_data = 0; |
| 1844 | |
| 1845 | auth = 0; |
| 1846 | found = ans = 1; |
| 1847 | |
| 1848 | do { |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1849 | if (crecp->flags & F_NEG) |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 1850 | { |
| 1851 | if (crecp->flags & F_NXDOMAIN) |
| 1852 | nxdomain = 1; |
| 1853 | if (!dryrun) |
| 1854 | log_query(crecp->flags, name, NULL, NULL); |
| 1855 | } |
Simon Kelley | 122997d | 2019-10-25 17:23:56 +0100 | [diff] [blame] | 1856 | else if (!dryrun) |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 1857 | { |
Simon Kelley | 122997d | 2019-10-25 17:23:56 +0100 | [diff] [blame] | 1858 | char *target = blockdata_retrieve(crecp->addr.srv.target, crecp->addr.srv.targetlen, NULL); |
| 1859 | log_query(crecp->flags, name, NULL, 0); |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 1860 | |
Simon Kelley | 122997d | 2019-10-25 17:23:56 +0100 | [diff] [blame] | 1861 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, |
| 1862 | crec_ttl(crecp, now), NULL, T_SRV, C_IN, "sssd", |
| 1863 | crecp->addr.srv.priority, crecp->addr.srv.weight, crecp->addr.srv.srvport, |
| 1864 | target)) |
| 1865 | anscount++; |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 1866 | } |
Simon Kelley | b59a5c2 | 2019-10-25 16:13:38 +0100 | [diff] [blame] | 1867 | } while ((crecp = cache_find_by_name(crecp, name, now, F_SRV))); |
Simon Kelley | 5b99eae | 2019-01-06 23:09:50 +0000 | [diff] [blame] | 1868 | } |
| 1869 | } |
| 1870 | |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1871 | if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_')))) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1872 | { |
| 1873 | ans = 1; |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1874 | sec_data = 0; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1875 | if (!dryrun) |
Simon Kelley | 1a6bca8 | 2008-07-11 11:11:42 +0100 | [diff] [blame] | 1876 | log_query(F_CONFIG | F_NEG, name, NULL, NULL); |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1877 | } |
| 1878 | } |
Simon Kelley | 1a6bca8 | 2008-07-11 11:11:42 +0100 | [diff] [blame] | 1879 | |
| 1880 | if (qtype == T_NAPTR || qtype == T_ANY) |
| 1881 | { |
| 1882 | struct naptr *na; |
| 1883 | for (na = daemon->naptr; na; na = na->next) |
| 1884 | if (hostname_isequal(name, na->name)) |
| 1885 | { |
| 1886 | ans = 1; |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1887 | sec_data = 0; |
Simon Kelley | 1a6bca8 | 2008-07-11 11:11:42 +0100 | [diff] [blame] | 1888 | if (!dryrun) |
| 1889 | { |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1890 | log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>"); |
Simon Kelley | 1a6bca8 | 2008-07-11 11:11:42 +0100 | [diff] [blame] | 1891 | if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, |
| 1892 | NULL, T_NAPTR, C_IN, "sszzzd", |
| 1893 | na->order, na->pref, na->flags, na->services, na->regexp, na->replace)) |
| 1894 | anscount++; |
| 1895 | } |
| 1896 | } |
| 1897 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1898 | |
| 1899 | if (qtype == T_MAILB) |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1900 | ans = 1, nxdomain = 1, sec_data = 0; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1901 | |
Simon Kelley | 28866e9 | 2011-02-14 20:19:14 +0000 | [diff] [blame] | 1902 | if (qtype == T_SOA && option_bool(OPT_FILTER)) |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1903 | { |
Simon Kelley | 6f7812d | 2018-10-23 23:54:44 +0100 | [diff] [blame] | 1904 | ans = 1; |
| 1905 | sec_data = 0; |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1906 | if (!dryrun) |
Simon Kelley | 1a6bca8 | 2008-07-11 11:11:42 +0100 | [diff] [blame] | 1907 | log_query(F_CONFIG | F_NEG, name, &addr, NULL); |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1908 | } |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1909 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1910 | |
| 1911 | if (!ans) |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1912 | return 0; /* failed to answer a question */ |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1913 | } |
Simon Kelley | f6b7dc4 | 2005-01-23 12:06:08 +0000 | [diff] [blame] | 1914 | |
Simon Kelley | feba5c1 | 2004-07-27 20:28:58 +0100 | [diff] [blame] | 1915 | if (dryrun) |
| 1916 | { |
| 1917 | dryrun = 0; |
| 1918 | goto rerun; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1919 | } |
| 1920 | |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1921 | /* create an additional data section, for stuff in SRV and MX record replies. */ |
| 1922 | for (rec = daemon->mxnames; rec; rec = rec->next) |
| 1923 | if (rec->offset != 0) |
| 1924 | { |
| 1925 | /* squash dupes */ |
| 1926 | struct mx_srv_record *tmp; |
| 1927 | for (tmp = rec->next; tmp; tmp = tmp->next) |
| 1928 | if (tmp->offset != 0 && hostname_isequal(rec->target, tmp->target)) |
| 1929 | tmp->offset = 0; |
| 1930 | |
| 1931 | crecp = NULL; |
| 1932 | while ((crecp = cache_find_by_name(crecp, rec->target, now, F_IPV4 | F_IPV6))) |
| 1933 | { |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1934 | int type = crecp->flags & F_IPV4 ? T_A : T_AAAA; |
Simon Kelley | ee87504 | 2018-10-23 22:10:17 +0100 | [diff] [blame] | 1935 | |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1936 | if (crecp->flags & F_NEG) |
| 1937 | continue; |
| 1938 | |
Simon Kelley | 9009d74 | 2008-11-14 20:04:27 +0000 | [diff] [blame] | 1939 | if (add_resource_record(header, limit, NULL, rec->offset, &ansp, |
| 1940 | crec_ttl(crecp, now), NULL, type, C_IN, |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1941 | crecp->flags & F_IPV4 ? "4" : "6", &crecp->addr)) |
| 1942 | addncount++; |
| 1943 | } |
| 1944 | } |
| 1945 | |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1946 | /* done all questions, set up header and return length of result */ |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 1947 | /* clear authoritative and truncated flags, set QR flag */ |
| 1948 | header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; |
| 1949 | /* set RA flag */ |
| 1950 | header->hb4 |= HB4_RA; |
| 1951 | |
Josh Soref | 730c674 | 2017-02-06 16:14:04 +0000 | [diff] [blame] | 1952 | /* authoritative - only hosts and DHCP derived names. */ |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 1953 | if (auth) |
| 1954 | header->hb3 |= HB3_AA; |
| 1955 | |
| 1956 | /* truncation */ |
| 1957 | if (trunc) |
| 1958 | header->hb3 |= HB3_TC; |
Simon Kelley | 0fc2f31 | 2014-01-08 10:26:58 +0000 | [diff] [blame] | 1959 | |
Simon Kelley | 45cca58 | 2013-10-15 10:20:13 +0100 | [diff] [blame] | 1960 | if (nxdomain) |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 1961 | SET_RCODE(header, NXDOMAIN); |
Vladislav Grishenko | cf59843 | 2018-10-18 04:55:21 +0500 | [diff] [blame] | 1962 | else if (notimp) |
| 1963 | SET_RCODE(header, NOTIMP); |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1964 | else |
Simon Kelley | 572b41e | 2011-02-18 18:11:18 +0000 | [diff] [blame] | 1965 | SET_RCODE(header, NOERROR); /* no error */ |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1966 | header->ancount = htons(anscount); |
| 1967 | header->nscount = htons(0); |
Simon Kelley | 0a85254 | 2005-03-23 20:28:59 +0000 | [diff] [blame] | 1968 | header->arcount = htons(addncount); |
Simon Kelley | e243c07 | 2014-02-06 18:14:09 +0000 | [diff] [blame] | 1969 | |
Simon Kelley | a25720a | 2014-01-14 23:13:55 +0000 | [diff] [blame] | 1970 | len = ansp - (unsigned char *)header; |
| 1971 | |
Simon Kelley | fa14bec | 2015-12-20 17:12:16 +0000 | [diff] [blame] | 1972 | /* Advertise our packet size limit in our reply */ |
Simon Kelley | a25720a | 2014-01-14 23:13:55 +0000 | [diff] [blame] | 1973 | if (have_pseudoheader) |
Simon Kelley | c7f3bd2 | 2016-02-28 21:48:34 +0000 | [diff] [blame] | 1974 | len = add_pseudoheader(header, len, (unsigned char *)limit, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0); |
Simon Kelley | e243c07 | 2014-02-06 18:14:09 +0000 | [diff] [blame] | 1975 | |
Simon Kelley | fa14bec | 2015-12-20 17:12:16 +0000 | [diff] [blame] | 1976 | if (ad_reqd && sec_data) |
Simon Kelley | e243c07 | 2014-02-06 18:14:09 +0000 | [diff] [blame] | 1977 | header->hb4 |= HB4_AD; |
Simon Kelley | 83349b8 | 2014-02-10 21:02:01 +0000 | [diff] [blame] | 1978 | else |
| 1979 | header->hb4 &= ~HB4_AD; |
Simon Kelley | a25720a | 2014-01-14 23:13:55 +0000 | [diff] [blame] | 1980 | |
Simon Kelley | 7c28612 | 2014-01-27 21:38:11 +0000 | [diff] [blame] | 1981 | return len; |
Simon Kelley | 9e4abcb | 2004-01-22 19:47:41 +0000 | [diff] [blame] | 1982 | } |