size_t
nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max)
{
size_t i, hash_len;
/* prepare buffer for first iteration */
sldns_buffer_clear(buf);
sldns_buffer_write(buf, nm, nmlen);
query_dname_tolower(sldns_buffer_begin(buf));
sldns_buffer_write(buf, salt, saltlen);
sldns_buffer_flip(buf);
hash_len = nsec3_hash_algo_size_supported(algo);
if(hash_len == 0) {
log_err("nsec3 hash of unknown algo %d", algo);
return 0;
}
if(hash_len > max)
return 0;
if(!secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
sldns_buffer_limit(buf), (unsigned char*)res))
return 0;
for(i=0; i<iter; i++) {
sldns_buffer_clear(buf);
sldns_buffer_write(buf, res, hash_len);
sldns_buffer_write(buf, salt, saltlen);
sldns_buffer_flip(buf);
if(!secalgo_nsec3_hash(algo,
(unsigned char*)sldns_buffer_begin(buf),
sldns_buffer_limit(buf), (unsigned char*)res))
return 0;
}
return hash_len;
}
size_t
nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max)
{
size_t i, hash_len;
/* prepare buffer for first iteration */
sldns_buffer_clear(buf);
sldns_buffer_write(buf, nm, nmlen);
query_dname_tolower(sldns_buffer_begin(buf));
sldns_buffer_write(buf, salt, saltlen);
sldns_buffer_flip(buf);
switch(algo) {
#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
case NSEC3_HASH_SHA1:
#ifdef HAVE_SSL
hash_len = SHA_DIGEST_LENGTH;
#else
hash_len = SHA1_LENGTH;
#endif
if(hash_len > max)
return 0;
# ifdef HAVE_SSL
(void)SHA1((unsigned char*)sldns_buffer_begin(buf),
(unsigned long)sldns_buffer_limit(buf),
(unsigned char*)res);
# else
(void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res,
(unsigned char*)sldns_buffer_begin(buf),
(unsigned long)sldns_buffer_limit(buf));
# endif
for(i=0; i<iter; i++) {
sldns_buffer_clear(buf);
sldns_buffer_write(buf, res, hash_len);
sldns_buffer_write(buf, salt, saltlen);
sldns_buffer_flip(buf);
# ifdef HAVE_SSL
(void)SHA1(
(unsigned char*)sldns_buffer_begin(buf),
(unsigned long)sldns_buffer_limit(buf),
(unsigned char*)res);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)res,
(unsigned char*)sldns_buffer_begin(buf),
(unsigned long)sldns_buffer_limit(buf));
# endif
}
break;
#endif /* HAVE_EVP_SHA1 or NSS */
default:
log_err("nsec3 hash of unknown algo %d", algo);
return 0;
}
return hash_len;
}
static int
testframe_lookup(struct module_env* env, struct cachedb_env* cachedb_env,
char* key, struct sldns_buffer* result_buffer)
{
struct testframe_moddata* d = (struct testframe_moddata*)
cachedb_env->backend_data;
(void)env;
verbose(VERB_ALGO, "testframe_lookup of %s", key);
lock_basic_lock(&d->lock);
if(d->stored_key && strcmp(d->stored_key, key) == 0) {
if(d->stored_datalen > sldns_buffer_capacity(result_buffer)) {
lock_basic_unlock(&d->lock);
return 0; /* too large */
}
verbose(VERB_ALGO, "testframe_lookup found %d bytes",
(int)d->stored_datalen);
sldns_buffer_clear(result_buffer);
sldns_buffer_write(result_buffer, d->stored_data,
d->stored_datalen);
sldns_buffer_flip(result_buffer);
lock_basic_unlock(&d->lock);
return 1;
}
lock_basic_unlock(&d->lock);
return 0;
}
void
attach_edns_record(sldns_buffer* pkt, struct edns_data* edns)
{
size_t len;
size_t rdatapos;
struct edns_option* opt;
if(!edns || !edns->edns_present)
return;
/* inc additional count */
sldns_buffer_write_u16_at(pkt, 10,
sldns_buffer_read_u16_at(pkt, 10) + 1);
len = sldns_buffer_limit(pkt);
sldns_buffer_clear(pkt);
sldns_buffer_set_position(pkt, len);
/* write EDNS record */
sldns_buffer_write_u8(pkt, 0); /* '.' label */
sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_OPT); /* type */
sldns_buffer_write_u16(pkt, edns->udp_size); /* class */
sldns_buffer_write_u8(pkt, edns->ext_rcode); /* ttl */
sldns_buffer_write_u8(pkt, edns->edns_version);
sldns_buffer_write_u16(pkt, edns->bits);
rdatapos = sldns_buffer_position(pkt);
sldns_buffer_write_u16(pkt, 0); /* rdatalen */
/* write rdata */
for(opt=edns->opt_list; opt; opt=opt->next) {
sldns_buffer_write_u16(pkt, opt->opt_code);
sldns_buffer_write_u16(pkt, opt->opt_len);
if(opt->opt_len != 0)
sldns_buffer_write(pkt, opt->opt_data, opt->opt_len);
}
if(edns->opt_list)
sldns_buffer_write_u16_at(pkt, rdatapos,
sldns_buffer_position(pkt)-rdatapos-2);
sldns_buffer_flip(pkt);
}
/**
* Fill CH class answer into buffer. Keeps query.
* @param pkt: buffer
* @param str: string to put into text record (<255).
* @param edns: edns reply information.
* @param worker: worker with scratch region.
*/
static void
chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns,
struct worker* worker)
{
size_t len = strlen(str);
unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt));
unsigned int cd = LDNS_CD_WIRE(sldns_buffer_begin(pkt));
if(len>255) len=255; /* cap size of TXT record */
sldns_buffer_clear(pkt);
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */
sldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA));
if(rd) LDNS_RD_SET(sldns_buffer_begin(pkt));
if(cd) LDNS_CD_SET(sldns_buffer_begin(pkt));
sldns_buffer_write_u16(pkt, 1); /* qdcount */
sldns_buffer_write_u16(pkt, 1); /* ancount */
sldns_buffer_write_u16(pkt, 0); /* nscount */
sldns_buffer_write_u16(pkt, 0); /* arcount */
(void)query_dname_len(pkt); /* skip qname */
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qtype */
sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qclass */
sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */
sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT);
sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH);
sldns_buffer_write_u32(pkt, 0); /* TTL */
sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len);
sldns_buffer_write_u8(pkt, len);
sldns_buffer_write(pkt, str, len);
sldns_buffer_flip(pkt);
edns->edns_version = EDNS_ADVERTISED_VERSION;
edns->udp_size = EDNS_ADVERTISED_SIZE;
edns->bits &= EDNS_DO;
if(!edns_opt_inplace_reply(edns, worker->scratchpad))
edns->opt_list = NULL;
attach_edns_record(pkt, edns);
}
/**
* Create a DS digest for a DNSKEY entry.
*
* @param env: module environment. Uses scratch space.
* @param dnskey_rrset: DNSKEY rrset.
* @param dnskey_idx: index of RR in rrset.
* @param ds_rrset: DS rrset
* @param ds_idx: index of RR in DS rrset.
* @param digest: digest is returned in here (must be correctly sized).
* @return false on error.
*/
static int
ds_create_dnskey_digest(struct module_env* env,
struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx,
struct ub_packed_rrset_key* ds_rrset, size_t ds_idx,
uint8_t* digest)
{
sldns_buffer* b = env->scratch_buffer;
uint8_t* dnskey_rdata;
size_t dnskey_len;
rrset_get_rdata(dnskey_rrset, dnskey_idx, &dnskey_rdata, &dnskey_len);
/* create digest source material in buffer
* digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
* DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. */
sldns_buffer_clear(b);
sldns_buffer_write(b, dnskey_rrset->rk.dname,
dnskey_rrset->rk.dname_len);
query_dname_tolower(sldns_buffer_begin(b));
sldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/
sldns_buffer_flip(b);
return secalgo_ds_digest(ds_get_digest_algo(ds_rrset, ds_idx),
(unsigned char*)sldns_buffer_begin(b), sldns_buffer_limit(b),
(unsigned char*)digest);
}
/**
* answer in case where no exact match is found
* @param z: zone for query
* @param qinfo: query
* @param edns: edns from query
* @param buf: buffer for answer.
* @param temp: temp region for encoding
* @param ld: local data, if NULL, no such name exists in localdata.
* @param lz_type: type of the local zone
* @return 1 if a reply is to be sent, 0 if not.
*/
static int
lz_zone_answer(struct local_zone* z, struct query_info* qinfo,
struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
struct local_data* ld, enum localzone_type lz_type)
{
if(lz_type == local_zone_deny || lz_type == local_zone_inform_deny) {
/** no reply at all, signal caller by clearing buffer. */
sldns_buffer_clear(buf);
sldns_buffer_flip(buf);
return 1;
} else if(lz_type == local_zone_refuse
|| lz_type == local_zone_always_refuse) {
error_encode(buf, (LDNS_RCODE_REFUSED|BIT_AA), qinfo,
*(uint16_t*)sldns_buffer_begin(buf),
sldns_buffer_read_u16_at(buf, 2), edns);
return 1;
} else if(lz_type == local_zone_static ||
lz_type == local_zone_redirect ||
lz_type == local_zone_always_nxdomain) {
/* for static, reply nodata or nxdomain
* for redirect, reply nodata */
/* no additional section processing,
* cname, dname or wildcard processing,
* or using closest match for NSEC.
* or using closest match for returning delegation downwards
*/
int rcode = (ld || lz_type == local_zone_redirect)?
LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN;
if(z->soa)
return local_encode(qinfo, edns, buf, temp,
z->soa, 0, rcode);
error_encode(buf, (rcode|BIT_AA), qinfo,
*(uint16_t*)sldns_buffer_begin(buf),
sldns_buffer_read_u16_at(buf, 2), edns);
return 1;
} else if(lz_type == local_zone_typetransparent
|| lz_type == local_zone_always_transparent) {
/* no NODATA or NXDOMAINS for this zone type */
return 0;
}
/* else lz_type == local_zone_transparent */
/* if the zone is transparent and the name exists, but the type
* does not, then we should make this noerror/nodata */
if(ld && ld->rrsets) {
int rcode = LDNS_RCODE_NOERROR;
if(z->soa)
return local_encode(qinfo, edns, buf, temp,
z->soa, 0, rcode);
error_encode(buf, (rcode|BIT_AA), qinfo,
*(uint16_t*)sldns_buffer_begin(buf),
sldns_buffer_read_u16_at(buf, 2), edns);
return 1;
}
/* stop here, and resolve further on */
return 0;
}
/** load an RR into rrset */
static int
load_rr(SSL* ssl, sldns_buffer* buf, struct regional* region,
struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
unsigned int i, int is_rrsig, int* go_on, time_t now)
{
uint8_t rr[LDNS_RR_BUF_SIZE];
size_t rr_len = sizeof(rr), dname_len = 0;
int status;
/* read the line */
if(!ssl_read_buf(ssl, buf))
return 0;
if(strncmp((char*)sldns_buffer_begin(buf), "BADRR\n", 6) == 0) {
*go_on = 0;
return 1;
}
status = sldns_str2wire_rr_buf((char*)sldns_buffer_begin(buf), rr,
&rr_len, &dname_len, 3600, NULL, 0, NULL, 0);
if(status != 0) {
log_warn("error cannot parse rr: %s: %s",
sldns_get_errorstr_parse(status),
(char*)sldns_buffer_begin(buf));
return 0;
}
if(is_rrsig && sldns_wirerr_get_type(rr, rr_len, dname_len)
!= LDNS_RR_TYPE_RRSIG) {
log_warn("error expected rrsig but got %s",
(char*)sldns_buffer_begin(buf));
return 0;
}
/* convert ldns rr into packed_rr */
d->rr_ttl[i] = (time_t)sldns_wirerr_get_ttl(rr, rr_len, dname_len) + now;
sldns_buffer_clear(buf);
d->rr_len[i] = sldns_wirerr_get_rdatalen(rr, rr_len, dname_len)+2;
d->rr_data[i] = (uint8_t*)regional_alloc_init(region,
sldns_wirerr_get_rdatawl(rr, rr_len, dname_len), d->rr_len[i]);
if(!d->rr_data[i]) {
log_warn("error out of memory");
return 0;
}
/* if first entry, fill the key structure */
if(i==0) {
rk->rk.type = htons(sldns_wirerr_get_type(rr, rr_len, dname_len));
rk->rk.rrset_class = htons(sldns_wirerr_get_class(rr, rr_len, dname_len));
rk->rk.dname_len = dname_len;
rk->rk.dname = regional_alloc_init(region, rr, dname_len);
if(!rk->rk.dname) {
log_warn("error out of memory");
return 0;
}
}
return 1;
}
/**
* Read a BIND9 like file with trust anchors in named.conf format.
* @param anchors: anchor storage.
* @param buffer: parsing buffer.
* @param fname: string.
* @return false on error.
*/
static int
anchor_read_bind_file(struct val_anchors* anchors, sldns_buffer* buffer,
const char* fname)
{
int line_nr = 1;
FILE* in = fopen(fname, "r");
int rdlen = 0;
if(!in) {
log_err("error opening file %s: %s", fname, strerror(errno));
return 0;
}
verbose(VERB_QUERY, "reading in bind-compat-mode: '%s'", fname);
/* scan for trusted-keys keyword, ignore everything else */
sldns_buffer_clear(buffer);
while((rdlen=readkeyword_bindfile(in, buffer, &line_nr, 1)) != 0) {
if(rdlen != 12 || strncmp((char*)sldns_buffer_begin(buffer),
"trusted-keys", 12) != 0) {
sldns_buffer_clear(buffer);
/* ignore everything but trusted-keys */
continue;
}
if(!skip_to_special(in, buffer, &line_nr, '{')) {
log_err("error in trusted key: \"%s\"", fname);
fclose(in);
return 0;
}
/* process contents */
if(!process_bind_contents(anchors, buffer, &line_nr, in)) {
log_err("error in trusted key: \"%s\"", fname);
fclose(in);
return 0;
}
if(!skip_to_special(in, buffer, &line_nr, ';')) {
log_err("error in trusted key: \"%s\"", fname);
fclose(in);
return 0;
}
sldns_buffer_clear(buffer);
}
fclose(in);
return 1;
}
/**
* Create canonical form of rrset in the scratch buffer.
* @param region: temporary region.
* @param buf: the buffer to use.
* @param k: the rrset to insert.
* @param sig: RRSIG rdata to include.
* @param siglen: RRSIG rdata len excluding signature field, but inclusive
* signer name length.
* @param sortree: if NULL is passed a new sorted rrset tree is built.
* Otherwise it is reused.
* @return false on alloc error.
*/
static int
rrset_canonical(struct regional* region, sldns_buffer* buf,
struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen,
struct rbtree_t** sortree)
{
struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
uint8_t* can_owner = NULL;
size_t can_owner_len = 0;
struct canon_rr* walk;
struct canon_rr* rrs;
if(!*sortree) {
*sortree = (struct rbtree_t*)regional_alloc(region,
sizeof(rbtree_t));
if(!*sortree)
return 0;
if(d->count > RR_COUNT_MAX)
return 0; /* integer overflow protection */
rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count);
if(!rrs) {
*sortree = NULL;
return 0;
}
rbtree_init(*sortree, &canonical_tree_compare);
canonical_sort(k, d, *sortree, rrs);
}
sldns_buffer_clear(buf);
sldns_buffer_write(buf, sig, siglen);
/* canonicalize signer name */
query_dname_tolower(sldns_buffer_begin(buf)+18);
RBTREE_FOR(walk, struct canon_rr*, (*sortree)) {
/* see if there is enough space left in the buffer */
if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4
+ d->rr_len[walk->rr_idx]) {
log_err("verify: failed to canonicalize, "
"rrset too big");
return 0;
}
/* determine canonical owner name */
if(can_owner)
sldns_buffer_write(buf, can_owner, can_owner_len);
else insert_can_owner(buf, k, sig, &can_owner,
&can_owner_len);
sldns_buffer_write(buf, &k->rk.type, 2);
sldns_buffer_write(buf, &k->rk.rrset_class, 2);
sldns_buffer_write(buf, sig+4, 4);
sldns_buffer_write(buf, d->rr_data[walk->rr_idx],
d->rr_len[walk->rr_idx]);
canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]);
}
sldns_buffer_flip(buf);
return 1;
}
void
sldns_buffer_copy(sldns_buffer* result, sldns_buffer* from)
{
size_t tocopy = sldns_buffer_limit(from);
if(tocopy > sldns_buffer_capacity(result))
tocopy = sldns_buffer_capacity(result);
sldns_buffer_clear(result);
sldns_buffer_write(result, sldns_buffer_begin(from), tocopy);
sldns_buffer_flip(result);
}
/** skip through file to { or ; */
static int
skip_to_special(FILE* in, sldns_buffer* buf, int* line, int spec)
{
int rdlen;
sldns_buffer_clear(buf);
while((rdlen=readkeyword_bindfile(in, buf, line, 1))) {
if(rdlen == 1 && isspace((unsigned char)*sldns_buffer_begin(buf))) {
sldns_buffer_clear(buf);
continue;
}
if(rdlen != 1 || *sldns_buffer_begin(buf) != (uint8_t)spec) {
sldns_buffer_write_u8(buf, 0);
log_err("trusted-keys, line %d, expected %c",
*line, spec);
return 0;
}
return 1;
}
log_err("trusted-keys, line %d, expected %c got EOF", *line, spec);
return 0;
}
/** entry to packet buffer with wireformat */
static void
entry_to_buf(struct entry* e, sldns_buffer* pkt)
{
unit_assert(e->reply_list);
if(e->reply_list->reply_from_hex) {
sldns_buffer_copy(pkt, e->reply_list->reply_from_hex);
} else {
sldns_buffer_clear(pkt);
sldns_buffer_write(pkt, e->reply_list->reply_pkt,
e->reply_list->reply_len);
sldns_buffer_flip(pkt);
}
}
/** put dname into buffer */
static sldns_buffer*
dname_to_buf(sldns_buffer* b, const char* str)
{
int e;
size_t len = sldns_buffer_capacity(b);
sldns_buffer_clear(b);
e = sldns_str2wire_dname_buf(str, sldns_buffer_begin(b), &len);
if(e != 0)
fatal_exit("%s ldns: %s", __func__,
sldns_get_errorstr_parse(e));
sldns_buffer_set_position(b, len);
sldns_buffer_flip(b);
return b;
}
/** perform hash of name */
static int
nsec3_calc_hash(struct regional* region, sldns_buffer* buf,
struct nsec3_cached_hash* c)
{
int algo = nsec3_get_algo(c->nsec3, c->rr);
size_t iter = nsec3_get_iter(c->nsec3, c->rr);
uint8_t* salt;
size_t saltlen, i;
if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen))
return -1;
/* prepare buffer for first iteration */
sldns_buffer_clear(buf);
sldns_buffer_write(buf, c->dname, c->dname_len);
query_dname_tolower(sldns_buffer_begin(buf));
sldns_buffer_write(buf, salt, saltlen);
sldns_buffer_flip(buf);
c->hash_len = nsec3_hash_algo_size_supported(algo);
if(c->hash_len == 0) {
log_err("nsec3 hash of unknown algo %d", algo);
return -1;
}
c->hash = (uint8_t*)regional_alloc(region, c->hash_len);
if(!c->hash)
return 0;
(void)secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
sldns_buffer_limit(buf), (unsigned char*)c->hash);
for(i=0; i<iter; i++) {
sldns_buffer_clear(buf);
sldns_buffer_write(buf, c->hash, c->hash_len);
sldns_buffer_write(buf, salt, saltlen);
sldns_buffer_flip(buf);
(void)secalgo_nsec3_hash(algo,
(unsigned char*)sldns_buffer_begin(buf),
sldns_buffer_limit(buf), (unsigned char*)c->hash);
}
return 1;
}
void
qinfo_query_encode(sldns_buffer* pkt, struct query_info* qinfo)
{
uint16_t flags = 0; /* QUERY, NOERROR */
sldns_buffer_clear(pkt);
log_assert(sldns_buffer_remaining(pkt) >= 12+255+4/*max query*/);
sldns_buffer_skip(pkt, 2); /* id done later */
sldns_buffer_write_u16(pkt, flags);
sldns_buffer_write_u16(pkt, 1); /* query count */
sldns_buffer_write(pkt, "\000\000\000\000\000\000", 6); /* counts */
sldns_buffer_write(pkt, qinfo->qname, qinfo->qname_len);
sldns_buffer_write_u16(pkt, qinfo->qtype);
sldns_buffer_write_u16(pkt, qinfo->qclass);
sldns_buffer_flip(pkt);
}
int
nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
struct ub_packed_rrset_key* rrset, int rr, sldns_buffer* buf)
{
uint8_t* next, *owner;
size_t nextlen;
int len;
if(!nsec3_get_nextowner(rrset, rr, &next, &nextlen))
return 0; /* malformed RR proves nothing */
/* check the owner name is a hashed value . apex
* base32 encoded values must have equal length.
* hash_value and next hash value must have equal length. */
if(nextlen != hash->hash_len || hash->hash_len==0||hash->b32_len==0||
(size_t)*rrset->rk.dname != hash->b32_len ||
query_dname_compare(rrset->rk.dname+1+
(size_t)*rrset->rk.dname, zone) != 0)
return 0; /* bad lengths or owner name */
/* This is the "normal case: owner < next and owner < hash < next */
if(label_compare_lower(rrset->rk.dname+1, hash->b32,
hash->b32_len) < 0 &&
memcmp(hash->hash, next, nextlen) < 0)
return 1;
/* convert owner name from text to binary */
sldns_buffer_clear(buf);
owner = sldns_buffer_begin(buf);
len = sldns_b32_pton_extended_hex((char*)rrset->rk.dname+1,
hash->b32_len, owner, sldns_buffer_limit(buf));
if(len<1)
return 0; /* bad owner name in some way */
if((size_t)len != hash->hash_len || (size_t)len != nextlen)
return 0; /* wrong length */
/* this is the end of zone case: next <= owner &&
* (hash > owner || hash < next)
* this also covers the only-apex case of next==owner.
*/
if(memcmp(next, owner, nextlen) <= 0 &&
( memcmp(hash->hash, owner, nextlen) > 0 ||
memcmp(hash->hash, next, nextlen) < 0)) {
return 1;
}
return 0;
}
void
error_encode(sldns_buffer* buf, int r, struct query_info* qinfo,
uint16_t qid, uint16_t qflags, struct edns_data* edns)
{
uint16_t flags;
sldns_buffer_clear(buf);
sldns_buffer_write(buf, &qid, sizeof(uint16_t));
flags = (uint16_t)(BIT_QR | BIT_RA | r); /* QR and retcode*/
flags |= (qflags & (BIT_RD|BIT_CD)); /* copy RD and CD bit */
sldns_buffer_write_u16(buf, flags);
if(qinfo) flags = 1;
else flags = 0;
sldns_buffer_write_u16(buf, flags);
flags = 0;
sldns_buffer_write(buf, &flags, sizeof(uint16_t));
sldns_buffer_write(buf, &flags, sizeof(uint16_t));
sldns_buffer_write(buf, &flags, sizeof(uint16_t));
if(qinfo) {
const uint8_t* qname = qinfo->local_alias ?
qinfo->local_alias->rrset->rk.dname : qinfo->qname;
size_t qname_len = qinfo->local_alias ?
qinfo->local_alias->rrset->rk.dname_len :
qinfo->qname_len;
if(sldns_buffer_current(buf) == qname)
sldns_buffer_skip(buf, (ssize_t)qname_len);
else sldns_buffer_write(buf, qname, qname_len);
sldns_buffer_write_u16(buf, qinfo->qtype);
sldns_buffer_write_u16(buf, qinfo->qclass);
}
sldns_buffer_flip(buf);
if(edns) {
struct edns_data es = *edns;
es.edns_version = EDNS_ADVERTISED_VERSION;
es.udp_size = EDNS_ADVERTISED_SIZE;
es.ext_rcode = 0;
es.bits &= EDNS_DO;
if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) >
edns->udp_size)
return;
attach_edns_record(buf, &es);
}
}
void
qinfo_query_encode(sldns_buffer* pkt, struct query_info* qinfo)
{
uint16_t flags = 0; /* QUERY, NOERROR */
const uint8_t* qname = qinfo->local_alias ?
qinfo->local_alias->rrset->rk.dname : qinfo->qname;
size_t qname_len = qinfo->local_alias ?
qinfo->local_alias->rrset->rk.dname_len : qinfo->qname_len;
sldns_buffer_clear(pkt);
log_assert(sldns_buffer_remaining(pkt) >= 12+255+4/*max query*/);
sldns_buffer_skip(pkt, 2); /* id done later */
sldns_buffer_write_u16(pkt, flags);
sldns_buffer_write_u16(pkt, 1); /* query count */
sldns_buffer_write(pkt, "\000\000\000\000\000\000", 6); /* counts */
sldns_buffer_write(pkt, qname, qname_len);
sldns_buffer_write_u16(pkt, qinfo->qtype);
sldns_buffer_write_u16(pkt, qinfo->qclass);
sldns_buffer_flip(pkt);
}
/** perform b32 encoding of hash */
static int
nsec3_calc_b32(struct regional* region, sldns_buffer* buf,
struct nsec3_cached_hash* c)
{
int r;
sldns_buffer_clear(buf);
r = sldns_b32_ntop_extended_hex(c->hash, c->hash_len,
(char*)sldns_buffer_begin(buf), sldns_buffer_limit(buf));
if(r < 1) {
log_err("b32_ntop_extended_hex: error in encoding: %d", r);
return 0;
}
c->b32_len = (size_t)r;
c->b32 = regional_alloc_init(region, sldns_buffer_begin(buf),
c->b32_len);
if(!c->b32)
return 0;
return 1;
}
/* takes a hex string and puts into buffer */
void hex_to_buf(sldns_buffer* pkt, const char* hex)
{
const char* p = hex;
int val;
sldns_buffer_clear(pkt);
while(*p) {
skip_whites(&p);
if(sldns_buffer_position(pkt) == sldns_buffer_limit(pkt))
fatal_exit("hex_to_buf: buffer too small");
if(!isalnum((unsigned char)*p))
break;
val = sldns_hexdigit_to_int(*p++) << 4;
skip_whites(&p);
log_assert(*p && isalnum((unsigned char)*p));
val |= sldns_hexdigit_to_int(*p++);
sldns_buffer_write_u8(pkt, (uint8_t)val);
skip_whites(&p);
}
sldns_buffer_flip(pkt);
}
void
attach_edns_record(sldns_buffer* pkt, struct edns_data* edns)
{
size_t len;
if(!edns || !edns->edns_present)
return;
/* inc additional count */
sldns_buffer_write_u16_at(pkt, 10,
sldns_buffer_read_u16_at(pkt, 10) + 1);
len = sldns_buffer_limit(pkt);
sldns_buffer_clear(pkt);
sldns_buffer_set_position(pkt, len);
/* write EDNS record */
sldns_buffer_write_u8(pkt, 0); /* '.' label */
sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_OPT); /* type */
sldns_buffer_write_u16(pkt, edns->udp_size); /* class */
sldns_buffer_write_u8(pkt, edns->ext_rcode); /* ttl */
sldns_buffer_write_u8(pkt, edns->edns_version);
sldns_buffer_write_u16(pkt, edns->bits);
sldns_buffer_write_u16(pkt, 0); /* rdatalen */
sldns_buffer_flip(pkt);
}
/**
* Fill buffer with reply from the entry.
*/
static void
fill_buffer_with_reply(sldns_buffer* buffer, struct entry* entry, uint8_t* q,
size_t qlen)
{
uint8_t* c;
size_t clen;
log_assert(entry && entry->reply_list);
sldns_buffer_clear(buffer);
if(entry->reply_list->reply_from_hex) {
c = sldns_buffer_begin(entry->reply_list->reply_from_hex);
clen = sldns_buffer_limit(entry->reply_list->reply_from_hex);
if(!c) fatal_exit("out of memory");
} else {
c = entry->reply_list->reply_pkt;
clen = entry->reply_list->reply_len;
}
if(c) {
if(q) adjust_packet(entry, &c, &clen, q, qlen);
sldns_buffer_write(buffer, c, clen);
if(q) free(c);
}
sldns_buffer_flip(buffer);
}
/** process answer from bg worker */
static int
process_answer_detail(struct ub_ctx* ctx, uint8_t* msg, uint32_t len,
ub_callback_t* cb, void** cbarg, int* err,
struct ub_result** res)
{
struct ctx_query* q;
if(context_serial_getcmd(msg, len) != UB_LIBCMD_ANSWER) {
log_err("error: bad data from bg worker %d",
(int)context_serial_getcmd(msg, len));
return 0;
}
lock_basic_lock(&ctx->cfglock);
q = context_deserialize_answer(ctx, msg, len, err);
if(!q) {
lock_basic_unlock(&ctx->cfglock);
/* probably simply the lookup that failed, i.e.
* response returned before cancel was sent out, so noerror */
return 1;
}
log_assert(q->async);
/* grab cb while locked */
if(q->cancelled) {
*cb = NULL;
*cbarg = NULL;
} else {
*cb = q->cb;
*cbarg = q->cb_arg;
}
if(*err) {
*res = NULL;
ub_resolve_free(q->res);
} else {
/* parse the message, extract rcode, fill result */
sldns_buffer* buf = sldns_buffer_new(q->msg_len);
struct regional* region = regional_create();
*res = q->res;
(*res)->rcode = LDNS_RCODE_SERVFAIL;
if(region && buf) {
sldns_buffer_clear(buf);
sldns_buffer_write(buf, q->msg, q->msg_len);
sldns_buffer_flip(buf);
libworker_enter_result(*res, buf, region,
q->msg_security);
}
(*res)->answer_packet = q->msg;
(*res)->answer_len = (int)q->msg_len;
q->msg = NULL;
sldns_buffer_free(buf);
regional_destroy(region);
}
q->res = NULL;
/* delete the q from list */
(void)rbtree_delete(&ctx->queries, q->node.key);
ctx->num_async--;
context_query_delete(q);
lock_basic_unlock(&ctx->cfglock);
if(*cb) return 2;
ub_resolve_free(*res);
return 1;
}
/**
* read contents of trusted-keys{ ... ; clauses and insert keys into storage.
* @param anchors: where to store keys
* @param buf: buffer to use
* @param line: line number in file
* @param in: file to read from.
* @return 0 on error.
*/
static int
process_bind_contents(struct val_anchors* anchors, sldns_buffer* buf,
int* line, FILE* in)
{
/* loop over contents, collate strings before ; */
/* contents is (numbered): 0 1 2 3 4 5 6 7 8 */
/* name. 257 3 5 base64 base64 */
/* quoted value: 0 "111" 0 0 0 0 0 0 0 */
/* comments value: 1 "000" 1 1 1 "0 0 0 0" 1 */
int contnum = 0;
int quoted = 0;
int comments = 1;
int rdlen;
char* str = 0;
sldns_buffer_clear(buf);
while((rdlen=readkeyword_bindfile(in, buf, line, comments))) {
if(rdlen == 1 && sldns_buffer_position(buf) == 1
&& isspace((unsigned char)*sldns_buffer_begin(buf))) {
/* starting whitespace is removed */
sldns_buffer_clear(buf);
continue;
} else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '"') {
/* remove " from the string */
if(contnum == 0) {
quoted = 1;
comments = 0;
}
sldns_buffer_skip(buf, -1);
if(contnum > 0 && quoted) {
if(sldns_buffer_remaining(buf) < 8+1) {
log_err("line %d, too long", *line);
return 0;
}
sldns_buffer_write(buf, " DNSKEY ", 8);
quoted = 0;
comments = 1;
} else if(contnum > 0)
comments = !comments;
continue;
} else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == ';') {
if(contnum < 5) {
sldns_buffer_write_u8(buf, 0);
log_err("line %d, bad key", *line);
return 0;
}
sldns_buffer_skip(buf, -1);
sldns_buffer_write_u8(buf, 0);
str = strdup((char*)sldns_buffer_begin(buf));
if(!str) {
log_err("line %d, allocation failure", *line);
return 0;
}
if(!anchor_store_str(anchors, buf, str)) {
log_err("line %d, bad key", *line);
free(str);
return 0;
}
free(str);
sldns_buffer_clear(buf);
contnum = 0;
quoted = 0;
comments = 1;
continue;
} else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '}') {
if(contnum > 0) {
sldns_buffer_write_u8(buf, 0);
log_err("line %d, bad key before }", *line);
return 0;
}
return 1;
} else if(rdlen == 1 &&
isspace((unsigned char)sldns_buffer_current(buf)[-1])) {
/* leave whitespace here */
} else {
/* not space or whatnot, so actual content */
contnum ++;
if(contnum == 1 && !quoted) {
if(sldns_buffer_remaining(buf) < 8+1) {
log_err("line %d, too long", *line);
return 0;
}
sldns_buffer_write(buf, " DNSKEY ", 8);
}
}
}
log_err("line %d, EOF before }", *line);
return 0;
}
/** perform hash of name */
static int
nsec3_calc_hash(struct regional* region, sldns_buffer* buf,
struct nsec3_cached_hash* c)
{
int algo = nsec3_get_algo(c->nsec3, c->rr);
size_t iter = nsec3_get_iter(c->nsec3, c->rr);
uint8_t* salt;
size_t saltlen, i;
if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen))
return -1;
/* prepare buffer for first iteration */
sldns_buffer_clear(buf);
sldns_buffer_write(buf, c->dname, c->dname_len);
query_dname_tolower(sldns_buffer_begin(buf));
sldns_buffer_write(buf, salt, saltlen);
sldns_buffer_flip(buf);
switch(algo) {
#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
case NSEC3_HASH_SHA1:
#ifdef HAVE_SSL
c->hash_len = SHA_DIGEST_LENGTH;
#else
c->hash_len = SHA1_LENGTH;
#endif
c->hash = (uint8_t*)regional_alloc(region,
c->hash_len);
if(!c->hash)
return 0;
# ifdef HAVE_SSL
(void)SHA1((unsigned char*)sldns_buffer_begin(buf),
(unsigned long)sldns_buffer_limit(buf),
(unsigned char*)c->hash);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)c->hash,
(unsigned char*)sldns_buffer_begin(buf),
(unsigned long)sldns_buffer_limit(buf));
# endif
for(i=0; i<iter; i++) {
sldns_buffer_clear(buf);
sldns_buffer_write(buf, c->hash, c->hash_len);
sldns_buffer_write(buf, salt, saltlen);
sldns_buffer_flip(buf);
# ifdef HAVE_SSL
(void)SHA1(
(unsigned char*)sldns_buffer_begin(buf),
(unsigned long)sldns_buffer_limit(buf),
(unsigned char*)c->hash);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)c->hash,
(unsigned char*)sldns_buffer_begin(buf),
(unsigned long)sldns_buffer_limit(buf));
# endif
}
break;
#endif /* HAVE_EVP_SHA1 or NSS */
default:
log_err("nsec3 hash of unknown algo %d", algo);
return -1;
}
return 1;
}
/** test pkt_dname_len */
static void
dname_test_pkt_dname_len(sldns_buffer* buff)
{
unit_show_func("util/data/dname.c", "pkt_dname_len");
sldns_buffer_clear(buff);
sldns_buffer_write(buff, "\000", 1);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 1 );
unit_assert( sldns_buffer_position(buff) == 1);
sldns_buffer_clear(buff);
sldns_buffer_write(buff, "\003org\000", 5);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 5 );
unit_assert( sldns_buffer_position(buff) == 5);
sldns_buffer_clear(buff);
sldns_buffer_write(buff, "\002os\007example\003org\000", 16);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 16 );
unit_assert( sldns_buffer_position(buff) == 16);
/* invalid compression pointer: to self */
sldns_buffer_clear(buff);
sldns_buffer_write(buff, "\300\000os\007example\003org\000", 17);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 0 );
/* valid compression pointer */
sldns_buffer_clear(buff);
sldns_buffer_write(buff, "\003com\000\040\300\000", 8);
sldns_buffer_flip(buff);
sldns_buffer_set_position(buff, 6);
unit_assert( pkt_dname_len(buff) == 5 );
unit_assert( sldns_buffer_position(buff) == 8);
/* unknown label type */
sldns_buffer_clear(buff);
sldns_buffer_write(buff, "\002os\107example\003org\000", 16);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 0 );
/* label too long */
sldns_buffer_clear(buff);
sldns_buffer_write(buff, "\002os\047example\003org\000", 16);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 0 );
/* label exceeds packet */
sldns_buffer_clear(buff);
sldns_buffer_write(buff, "\002os\007example\007org\004", 16);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 0 );
/* name very long */
sldns_buffer_clear(buff);
sldns_buffer_write(buff,
"\020a1cdef5555544444"
"\020a2cdef5555544444"
"\020a3cdef5555544444"
"\020a4cdef5555544444"
"\020a5cdef5555544444"
"\020a6cdef5555544444"
"\020a7cdef5555544444"
"\020a8cdef5555544444"
"\020a9cdef5555544444"
"\020aAcdef5555544444"
"\020aBcdef5555544444"
"\020aCcdef5555544444"
"\020aDcdef5555544444"
"\020aEcdef5555544444" /* 238 up to here */
"\007aabbccd" /* 246 up to here */
"\007example\000" /* 255 to here */
, 255);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 255 );
unit_assert( sldns_buffer_position(buff) == 255);
/* name too long */
sldns_buffer_clear(buff);
sldns_buffer_write(buff,
"\020a1cdef5555544444"
"\020a2cdef5555544444"
"\020a3cdef5555544444"
"\020a4cdef5555544444"
"\020a5cdef5555544444"
"\020a6cdef5555544444"
"\020a7cdef5555544444"
"\020a8cdef5555544444"
"\020a9cdef5555544444"
"\020aAcdef5555544444"
"\020aBcdef5555544444"
"\020aCcdef5555544444"
"\020aXcdef5555544444"
"\020aXcdef5555544444"
"\020aXcdef5555544444"
"\020aDcdef5555544444"
"\020aEcdef5555544444" /* 238 up to here */
"\007aabbccd" /* 246 up to here */
"\007example\000" /* 255 to here */
, 255);
sldns_buffer_flip(buff);
unit_assert( pkt_dname_len(buff) == 0 );
}
int
reply_info_encode(struct query_info* qinfo, struct reply_info* rep,
uint16_t id, uint16_t flags, sldns_buffer* buffer, time_t timenow,
struct regional* region, uint16_t udpsize, int dnssec)
{
uint16_t ancount=0, nscount=0, arcount=0;
struct compress_tree_node* tree = 0;
int r;
size_t rr_offset;
sldns_buffer_clear(buffer);
if(udpsize < sldns_buffer_limit(buffer))
sldns_buffer_set_limit(buffer, udpsize);
if(sldns_buffer_remaining(buffer) < LDNS_HEADER_SIZE)
return 0;
sldns_buffer_write(buffer, &id, sizeof(uint16_t));
sldns_buffer_write_u16(buffer, flags);
sldns_buffer_write_u16(buffer, rep->qdcount);
/* set an, ns, ar counts to zero in case of small packets */
sldns_buffer_write(buffer, "\000\000\000\000\000\000", 6);
/* insert query section */
if(rep->qdcount) {
if((r=insert_query(qinfo, &tree, buffer, region)) !=
RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
sldns_buffer_write_u16_at(buffer, 4, 0);
LDNS_TC_SET(sldns_buffer_begin(buffer));
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
}
/* roundrobin offset. using query id for random number. With ntohs
* for different roundrobins for sequential id client senders. */
rr_offset = RRSET_ROUNDROBIN?ntohs(id):0;
/* "prepend" any local alias records in the answer section if this
* response is supposed to be authoritative. Currently it should
* be a single CNAME record (sanity-checked in worker_handle_request())
* but it can be extended if and when we support more variations of
* aliases. */
if(qinfo->local_alias && (flags & BIT_AA)) {
struct reply_info arep;
time_t timezero = 0; /* to use the 'authoritative' TTL */
memset(&arep, 0, sizeof(arep));
arep.flags = rep->flags;
arep.an_numrrsets = 1;
arep.rrset_count = 1;
arep.rrsets = &qinfo->local_alias->rrset;
if((r=insert_section(&arep, 1, &ancount, buffer, 0,
timezero, region, &tree, LDNS_SECTION_ANSWER,
qinfo->qtype, dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
sldns_buffer_write_u16_at(buffer, 6, ancount);
LDNS_TC_SET(sldns_buffer_begin(buffer));
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
}
/* insert answer section */
if((r=insert_section(rep, rep->an_numrrsets, &ancount, buffer,
0, timenow, region, &tree, LDNS_SECTION_ANSWER, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
sldns_buffer_write_u16_at(buffer, 6, ancount);
LDNS_TC_SET(sldns_buffer_begin(buffer));
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
sldns_buffer_write_u16_at(buffer, 6, ancount);
/* if response is positive answer, auth/add sections are not required */
if( ! (MINIMAL_RESPONSES && positive_answer(rep, qinfo->qtype)) ) {
/* insert auth section */
if((r=insert_section(rep, rep->ns_numrrsets, &nscount, buffer,
rep->an_numrrsets, timenow, region, &tree,
LDNS_SECTION_AUTHORITY, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
sldns_buffer_write_u16_at(buffer, 8, nscount);
LDNS_TC_SET(sldns_buffer_begin(buffer));
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
sldns_buffer_write_u16_at(buffer, 8, nscount);
/* insert add section */
if((r=insert_section(rep, rep->ar_numrrsets, &arcount, buffer,
rep->an_numrrsets + rep->ns_numrrsets, timenow, region,
&tree, LDNS_SECTION_ADDITIONAL, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* no need to set TC bit, this is the additional */
sldns_buffer_write_u16_at(buffer, 10, arcount);
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
sldns_buffer_write_u16_at(buffer, 10, arcount);
}
sldns_buffer_flip(buffer);
return 1;
}
/** receive DNS datagram over TCP and print it */
static void
recv_one(int fd, int udp, SSL* ssl, sldns_buffer* buf)
{
char* pktstr;
uint16_t len;
if(!udp) {
if(ssl) {
if(SSL_read(ssl, (void*)&len, (int)sizeof(len)) <= 0) {
log_crypto_err("could not SSL_read");
exit(1);
}
} else {
if(recv(fd, (void*)&len, sizeof(len), 0) <
(ssize_t)sizeof(len)) {
#ifndef USE_WINSOCK
perror("read() len failed");
#else
printf("read len: %s\n",
wsa_strerror(WSAGetLastError()));
#endif
exit(1);
}
}
len = ntohs(len);
sldns_buffer_clear(buf);
sldns_buffer_set_limit(buf, len);
if(ssl) {
int r = SSL_read(ssl, (void*)sldns_buffer_begin(buf),
(int)len);
if(r <= 0) {
log_crypto_err("could not SSL_read");
exit(1);
}
if(r != (int)len)
fatal_exit("ssl_read %d of %d", r, len);
} else {
if(recv(fd, (void*)sldns_buffer_begin(buf), len, 0) <
(ssize_t)len) {
#ifndef USE_WINSOCK
perror("read() data failed");
#else
printf("read data: %s\n",
wsa_strerror(WSAGetLastError()));
#endif
exit(1);
}
}
} else {
ssize_t l;
sldns_buffer_clear(buf);
if((l=recv(fd, (void*)sldns_buffer_begin(buf),
sldns_buffer_capacity(buf), 0)) < 0) {
#ifndef USE_WINSOCK
perror("read() data failed");
#else
printf("read data: %s\n",
wsa_strerror(WSAGetLastError()));
#endif
exit(1);
}
sldns_buffer_set_limit(buf, (size_t)l);
len = (size_t)l;
}
printf("\nnext received packet\n");
log_buf(0, "data", buf);
pktstr = sldns_wire2str_pkt(sldns_buffer_begin(buf), len);
printf("%s", pktstr);
free(pktstr);
}
int
reply_info_encode(struct query_info* qinfo, struct reply_info* rep,
uint16_t id, uint16_t flags, sldns_buffer* buffer, time_t timenow,
struct regional* region, uint16_t udpsize, int dnssec)
{
uint16_t ancount=0, nscount=0, arcount=0;
struct compress_tree_node* tree = 0;
int r;
size_t rr_offset;
sldns_buffer_clear(buffer);
if(udpsize < sldns_buffer_limit(buffer))
sldns_buffer_set_limit(buffer, udpsize);
if(sldns_buffer_remaining(buffer) < LDNS_HEADER_SIZE)
return 0;
sldns_buffer_write(buffer, &id, sizeof(uint16_t));
sldns_buffer_write_u16(buffer, flags);
sldns_buffer_write_u16(buffer, rep->qdcount);
/* set an, ns, ar counts to zero in case of small packets */
sldns_buffer_write(buffer, "\000\000\000\000\000\000", 6);
/* insert query section */
if(rep->qdcount) {
if((r=insert_query(qinfo, &tree, buffer, region)) !=
RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
sldns_buffer_write_u16_at(buffer, 4, 0);
LDNS_TC_SET(sldns_buffer_begin(buffer));
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
}
/* roundrobin offset. using query id for random number. With ntohs
* for different roundrobins for sequential id client senders. */
rr_offset = RRSET_ROUNDROBIN?ntohs(id):0;
/* insert answer section */
if((r=insert_section(rep, rep->an_numrrsets, &ancount, buffer,
0, timenow, region, &tree, LDNS_SECTION_ANSWER, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
sldns_buffer_write_u16_at(buffer, 6, ancount);
LDNS_TC_SET(sldns_buffer_begin(buffer));
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
sldns_buffer_write_u16_at(buffer, 6, ancount);
/* if response is positive answer, auth/add sections are not required */
if( ! (MINIMAL_RESPONSES && positive_answer(rep, qinfo->qtype)) ) {
/* insert auth section */
if((r=insert_section(rep, rep->ns_numrrsets, &nscount, buffer,
rep->an_numrrsets, timenow, region, &tree,
LDNS_SECTION_AUTHORITY, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
sldns_buffer_write_u16_at(buffer, 8, nscount);
LDNS_TC_SET(sldns_buffer_begin(buffer));
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
sldns_buffer_write_u16_at(buffer, 8, nscount);
/* insert add section */
if((r=insert_section(rep, rep->ar_numrrsets, &arcount, buffer,
rep->an_numrrsets + rep->ns_numrrsets, timenow, region,
&tree, LDNS_SECTION_ADDITIONAL, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* no need to set TC bit, this is the additional */
sldns_buffer_write_u16_at(buffer, 10, arcount);
sldns_buffer_flip(buffer);
return 1;
}
return 0;
}
sldns_buffer_write_u16_at(buffer, 10, arcount);
}
sldns_buffer_flip(buffer);
return 1;
}
