/** check request sanity.
* @param pkt: the wire packet to examine for sanity.
* @param worker: parameters for checking.
* @return error code, 0 OK, or -1 discard.
*/
static int
worker_check_request(sldns_buffer* pkt, struct worker* worker)
{
if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) {
verbose(VERB_QUERY, "request too short, discarded");
return -1;
}
if(sldns_buffer_limit(pkt) > NORMAL_UDP_SIZE &&
worker->daemon->cfg->harden_large_queries) {
verbose(VERB_QUERY, "request too large, discarded");
return -1;
}
if(LDNS_QR_WIRE(sldns_buffer_begin(pkt))) {
verbose(VERB_QUERY, "request has QR bit on, discarded");
return -1;
}
if(LDNS_TC_WIRE(sldns_buffer_begin(pkt))) {
LDNS_TC_CLR(sldns_buffer_begin(pkt));
verbose(VERB_QUERY, "request bad, has TC bit on");
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
}
if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY) {
verbose(VERB_QUERY, "request unknown opcode %d",
LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)));
return worker_err_ratelimit(worker, LDNS_RCODE_NOTIMPL);
}
if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) {
verbose(VERB_QUERY, "request wrong nr qd=%d",
LDNS_QDCOUNT(sldns_buffer_begin(pkt)));
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
}
if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0) {
verbose(VERB_QUERY, "request wrong nr an=%d",
LDNS_ANCOUNT(sldns_buffer_begin(pkt)));
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
}
if(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) {
verbose(VERB_QUERY, "request wrong nr ns=%d",
LDNS_NSCOUNT(sldns_buffer_begin(pkt)));
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
}
if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) {
verbose(VERB_QUERY, "request wrong nr ar=%d",
LDNS_ARCOUNT(sldns_buffer_begin(pkt)));
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
}
return 0;
}
int
worker_handle_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info)
{
struct module_qstate* q = (struct module_qstate*)arg;
struct worker* worker = q->env->worker;
struct outbound_entry e;
e.qstate = q;
e.qsent = NULL;
if(error != 0) {
mesh_report_reply(worker->env.mesh, &e, reply_info, error);
worker_mem_report(worker, NULL);
return 0;
}
/* sanity check. */
if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer))
|| LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) !=
LDNS_PACKET_QUERY
|| LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) {
/* error becomes timeout for the module as if this reply
* never arrived. */
mesh_report_reply(worker->env.mesh, &e, reply_info,
NETEVENT_TIMEOUT);
worker_mem_report(worker, NULL);
return 0;
}
mesh_report_reply(worker->env.mesh, &e, reply_info, NETEVENT_NOERROR);
worker_mem_report(worker, NULL);
return 0;
}
int
worker_handle_service_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info)
{
struct outbound_entry* e = (struct outbound_entry*)arg;
struct worker* worker = e->qstate->env->worker;
struct serviced_query *sq = e->qsent;
verbose(VERB_ALGO, "worker svcd callback for qstate %p", e->qstate);
if(error != 0) {
mesh_report_reply(worker->env.mesh, e, reply_info, error);
worker_mem_report(worker, sq);
return 0;
}
/* sanity check. */
if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer))
|| LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) !=
LDNS_PACKET_QUERY
|| LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) {
/* error becomes timeout for the module as if this reply
* never arrived. */
verbose(VERB_ALGO, "worker: bad reply handled as timeout");
mesh_report_reply(worker->env.mesh, e, reply_info,
NETEVENT_TIMEOUT);
worker_mem_report(worker, sq);
return 0;
}
mesh_report_reply(worker->env.mesh, e, reply_info, NETEVENT_NOERROR);
worker_mem_report(worker, sq);
return 0;
}
int
libworker_handle_service_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info)
{
struct outbound_entry* e = (struct outbound_entry*)arg;
struct libworker* lw = (struct libworker*)e->qstate->env->worker;
if(error != 0) {
mesh_report_reply(lw->env->mesh, e, reply_info, error);
return 0;
}
/* sanity check. */
if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer))
|| LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) !=
LDNS_PACKET_QUERY
|| LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) {
/* error becomes timeout for the module as if this reply
* never arrived. */
mesh_report_reply(lw->env->mesh, e, reply_info,
NETEVENT_TIMEOUT);
return 0;
}
mesh_report_reply(lw->env->mesh, e, reply_info, NETEVENT_NOERROR);
return 0;
}
int
parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns)
{
log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1);
log_assert(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0);
log_assert(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) == 0);
/* check edns section is present */
if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) {
return LDNS_RCODE_FORMERR;
}
if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 0) {
memset(edns, 0, sizeof(*edns));
edns->udp_size = 512;
return 0;
}
/* domain name must be the root of length 1. */
if(pkt_dname_len(pkt) != 1)
return LDNS_RCODE_FORMERR;
if(sldns_buffer_remaining(pkt) < 10) /* type, class, ttl, rdatalen */
return LDNS_RCODE_FORMERR;
if(sldns_buffer_read_u16(pkt) != LDNS_RR_TYPE_OPT)
return LDNS_RCODE_FORMERR;
edns->edns_present = 1;
edns->udp_size = sldns_buffer_read_u16(pkt); /* class is udp size */
edns->ext_rcode = sldns_buffer_read_u8(pkt); /* ttl used for bits */
edns->edns_version = sldns_buffer_read_u8(pkt);
edns->bits = sldns_buffer_read_u16(pkt);
/* ignore rdata and rrsigs */
return 0;
}
int
query_info_parse(struct query_info* m, sldns_buffer* query)
{
uint8_t* q = sldns_buffer_begin(query);
/* minimum size: header + \0 + qtype + qclass */
if(sldns_buffer_limit(query) < LDNS_HEADER_SIZE + 5)
return 0;
if(LDNS_OPCODE_WIRE(q) != LDNS_PACKET_QUERY ||
LDNS_QDCOUNT(q) != 1 || sldns_buffer_position(query) != 0)
return 0;
sldns_buffer_skip(query, LDNS_HEADER_SIZE);
m->qname = sldns_buffer_current(query);
if((m->qname_len = query_dname_len(query)) == 0)
return 0; /* parse error */
if(sldns_buffer_remaining(query) < 4)
return 0; /* need qtype, qclass */
m->qtype = sldns_buffer_read_u16(query);
m->qclass = sldns_buffer_read_u16(query);
return 1;
}
/*
* Makes an exact copy of the wire, but with the tsig rr removed
*/
static uint8_t *
ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len)
{
uint8_t *wire2 = NULL;
uint16_t qd_count;
uint16_t an_count;
uint16_t ns_count;
uint16_t ar_count;
ldns_rr *rr;
size_t pos;
uint16_t i;
ldns_status status;
if(wire_len < LDNS_HEADER_SIZE) {
return NULL;
}
/* fake parse the wire */
qd_count = LDNS_QDCOUNT(wire);
an_count = LDNS_ANCOUNT(wire);
ns_count = LDNS_NSCOUNT(wire);
ar_count = LDNS_ARCOUNT(wire);
if (ar_count > 0) {
ar_count--;
} else {
return NULL;
}
pos = LDNS_HEADER_SIZE;
for (i = 0; i < qd_count; i++) {
status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_QUESTION);
if (status != LDNS_STATUS_OK) {
return NULL;
}
ldns_rr_free(rr);
}
for (i = 0; i < an_count; i++) {
status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_ANSWER);
if (status != LDNS_STATUS_OK) {
return NULL;
}
ldns_rr_free(rr);
}
for (i = 0; i < ns_count; i++) {
status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_AUTHORITY);
if (status != LDNS_STATUS_OK) {
return NULL;
}
ldns_rr_free(rr);
}
for (i = 0; i < ar_count; i++) {
status = ldns_wire2rr(&rr, wire, wire_len, &pos,
LDNS_SECTION_ADDITIONAL);
if (status != LDNS_STATUS_OK) {
return NULL;
}
ldns_rr_free(rr);
}
*result_len = pos;
wire2 = LDNS_XMALLOC(uint8_t, *result_len);
if(!wire2) {
return NULL;
}
memcpy(wire2, wire, *result_len);
ldns_write_uint16(wire2 + LDNS_ARCOUNT_OFF, ar_count);
return wire2;
}
/** test a packet */
static void
testpkt(sldns_buffer* pkt, struct alloc_cache* alloc, sldns_buffer* out,
const char* hex)
{
struct query_info qi;
struct reply_info* rep = 0;
int ret;
uint16_t id;
uint16_t flags;
uint32_t timenow = 0;
struct regional* region = regional_create();
struct edns_data edns;
hex_to_buf(pkt, hex);
memmove(&id, sldns_buffer_begin(pkt), sizeof(id));
if(sldns_buffer_limit(pkt) < 2)
flags = 0;
else memmove(&flags, sldns_buffer_at(pkt, 2), sizeof(flags));
flags = ntohs(flags);
ret = reply_info_parse(pkt, alloc, &qi, &rep, region, &edns);
if(ret != 0) {
char rbuf[16];
sldns_wire2str_rcode_buf(ret, rbuf, sizeof(rbuf));
if(vbmp) printf("parse code %d: %s\n", ret, rbuf);
if(ret == LDNS_RCODE_FORMERR) {
unit_assert(!check_formerr_gone);
checkformerr(pkt);
}
unit_assert(ret != LDNS_RCODE_SERVFAIL);
} else if(!check_formerr_gone) {
const size_t lim = 512;
ret = reply_info_encode(&qi, rep, id, flags, out, timenow,
region, 65535, (int)(edns.bits & EDNS_DO) );
unit_assert(ret != 0); /* udp packets should fit */
attach_edns_record(out, &edns);
if(vbmp) printf("inlen %u outlen %u\n",
(unsigned)sldns_buffer_limit(pkt),
(unsigned)sldns_buffer_limit(out));
if(!check_nosameness)
test_buffers(pkt, out);
if(check_rrsigs)
check_the_rrsigs(&qi, rep);
if(sldns_buffer_limit(out) > lim) {
ret = reply_info_encode(&qi, rep, id, flags, out,
timenow, region,
lim - calc_edns_field_size(&edns),
(int)(edns.bits & EDNS_DO));
unit_assert(ret != 0); /* should fit, but with TC */
attach_edns_record(out, &edns);
if( LDNS_QDCOUNT(sldns_buffer_begin(out)) !=
LDNS_QDCOUNT(sldns_buffer_begin(pkt)) ||
LDNS_ANCOUNT(sldns_buffer_begin(out)) !=
LDNS_ANCOUNT(sldns_buffer_begin(pkt)) ||
LDNS_NSCOUNT(sldns_buffer_begin(out)) !=
LDNS_NSCOUNT(sldns_buffer_begin(pkt)))
unit_assert(
LDNS_TC_WIRE(sldns_buffer_begin(out)));
/* must set TC bit if shortened */
unit_assert(sldns_buffer_limit(out) <= lim);
}
}
query_info_clear(&qi);
reply_info_parsedelete(rep, alloc);
regional_destroy(region);
}
