1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 static int add_resource_record(HEADER
*header
, char *limit
, int *truncp
,
20 unsigned int nameoffset
, unsigned char **pp
,
21 unsigned long ttl
, unsigned int *offset
, unsigned short type
,
22 unsigned short class, char *format
, ...);
24 #define CHECK_LEN(header, pp, plen, len) \
25 ((size_t)((pp) - (unsigned char *)(header) + (len)) <= (plen))
27 #define ADD_RDLEN(header, pp, plen, len) \
28 (!CHECK_LEN(header, pp, plen, len) ? 0 : (long)((pp) += (len)), 1)
30 static int extract_name(HEADER
*header
, size_t plen
, unsigned char **pp
,
31 char *name
, int isExtract
, int extrabytes
)
33 unsigned char *cp
= (unsigned char *)name
, *p
= *pp
, *p1
= NULL
;
34 unsigned int j
, l
, hops
= 0;
42 unsigned int label_type
;
44 if (!CHECK_LEN(header
, p
, plen
, 1))
50 /* check that there are the correct no of bytes after the name */
51 if (!CHECK_LEN(header
, p
, plen
, extrabytes
))
56 if (cp
!= (unsigned char *)name
)
58 *cp
= 0; /* terminate: lose final period */
63 if (p1
) /* we jumped via compression */
71 label_type
= l
& 0xc0;
73 if (label_type
== 0xc0) /* pointer */
75 if (!CHECK_LEN(header
, p
, plen
, 1))
82 if (!p1
) /* first jump, save location to go back to */
85 hops
++; /* break malicious infinite loops */
89 p
= l
+ (unsigned char *)header
;
91 else if (label_type
== 0x80)
92 return 0; /* reserved */
93 else if (label_type
== 0x40)
95 unsigned int count
, digs
;
98 return 0; /* we only understand bitstrings */
101 return 0; /* Cannot compare bitsrings */
106 digs
= ((count
-1)>>2)+1;
108 /* output is \[x<hex>/siz]. which is digs+9 chars */
109 if (cp
- (unsigned char *)name
+ digs
+ 9 >= MAXDNAME
)
111 if (!CHECK_LEN(header
, p
, plen
, (count
-1)>>3))
117 for (j
=0; j
<digs
; j
++)
125 *cp
++ = dig
< 10 ? dig
+ '0' : dig
+ 'A' - 10;
127 cp
+= sprintf((char *)cp
, "/%d]", count
);
128 /* do this here to overwrite the zero char from sprintf */
132 { /* label_type = 0 -> label. */
133 if (cp
- (unsigned char *)name
+ l
+ 1 >= MAXDNAME
)
135 if (!CHECK_LEN(header
, p
, plen
, l
))
138 for(j
=0; j
<l
; j
++, p
++)
148 unsigned char c1
= *cp
, c2
= *p
;
155 if (c1
>= 'A' && c1
<= 'Z')
157 if (c2
>= 'A' && c2
<= 'Z')
167 else if (*cp
!= 0 && *cp
++ != '.')
173 /* Max size of input string (for IPv6) is 75 chars.) */
174 #define MAXARPANAME 75
175 static int in_arpa_name_2_addr(char *namein
, struct all_addr
*addrp
)
178 char name
[MAXARPANAME
+1], *cp1
;
179 unsigned char *addr
= (unsigned char *)addrp
;
180 char *lastchunk
= NULL
, *penchunk
= NULL
;
182 if (strlen(namein
) > MAXARPANAME
)
185 memset(addrp
, 0, sizeof(struct all_addr
));
187 /* turn name into a series of asciiz strings */
188 /* j counts no of labels */
189 for(j
= 1,cp1
= name
; *namein
; cp1
++, namein
++)
192 penchunk
= lastchunk
;
205 if (hostname_isequal(lastchunk
, "arpa") && hostname_isequal(penchunk
, "in-addr"))
208 /* address arives as a name of the form
209 www.xxx.yyy.zzz.in-addr.arpa
210 some of the low order address octets might be missing
211 and should be set to zero. */
212 for (cp1
= name
; cp1
!= penchunk
; cp1
+= strlen(cp1
)+1)
214 /* check for digits only (weeds out things like
215 50.0/24.67.28.64.in-addr.arpa which are used
216 as CNAME targets according to RFC 2317 */
218 for (cp
= cp1
; *cp
; cp
++)
219 if (!isdigit((int)*cp
))
231 else if (hostname_isequal(penchunk
, "ip6") &&
232 (hostname_isequal(lastchunk
, "int") || hostname_isequal(lastchunk
, "arpa")))
235 Address arrives as 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.[int|arpa]
236 or \[xfedcba9876543210fedcba9876543210/128].ip6.[int|arpa]
238 Note that most of these the various reprentations are obsolete and
239 left-over from the many DNS-for-IPv6 wars. We support all the formats
240 that we can since there is no reason not to.
243 if (*name
== '\\' && *(name
+1) == '[' &&
244 (*(name
+2) == 'x' || *(name
+2) == 'X'))
246 for (j
= 0, cp1
= name
+3; *cp1
&& isxdigit((int) *cp1
) && j
< 32; cp1
++, j
++)
252 addr
[j
/2] |= strtol(xdig
, NULL
, 16);
254 addr
[j
/2] = strtol(xdig
, NULL
, 16) << 4;
257 if (*cp1
== '/' && j
== 32)
262 for (cp1
= name
; cp1
!= penchunk
; cp1
+= strlen(cp1
)+1)
264 if (*(cp1
+1) || !isxdigit((int)*cp1
))
267 for (j
= sizeof(struct all_addr
)-1; j
>0; j
--)
268 addr
[j
] = (addr
[j
] >> 4) | (addr
[j
-1] << 4);
269 addr
[0] = (addr
[0] >> 4) | (strtol(cp1
, NULL
, 16) << 4);
280 static unsigned char *skip_name(unsigned char *ansp
, HEADER
*header
, size_t plen
, int extrabytes
)
284 unsigned int label_type
;
286 if (!CHECK_LEN(header
, ansp
, plen
, 1))
289 label_type
= (*ansp
) & 0xc0;
291 if (label_type
== 0xc0)
293 /* pointer for compression. */
297 else if (label_type
== 0x80)
298 return NULL
; /* reserved */
299 else if (label_type
== 0x40)
301 /* Extended label type */
304 if (!CHECK_LEN(header
, ansp
, plen
, 2))
307 if (((*ansp
++) & 0x3f) != 1)
308 return NULL
; /* we only understand bitstrings */
310 count
= *(ansp
++); /* Bits in bitstring */
312 if (count
== 0) /* count == 0 means 256 bits */
315 ansp
+= ((count
-1)>>3)+1;
318 { /* label type == 0 Bottom six bits is length */
319 unsigned int len
= (*ansp
++) & 0x3f;
321 if (!ADD_RDLEN(header
, ansp
, plen
, len
))
325 break; /* zero length label marks the end. */
329 if (!CHECK_LEN(header
, ansp
, plen
, extrabytes
))
335 static unsigned char *skip_questions(HEADER
*header
, size_t plen
)
338 unsigned char *ansp
= (unsigned char *)(header
+1);
340 for (q
= ntohs(header
->qdcount
); q
!= 0; q
--)
342 if (!(ansp
= skip_name(ansp
, header
, plen
, 4)))
344 ansp
+= 4; /* class and type */
350 static unsigned char *skip_section(unsigned char *ansp
, int count
, HEADER
*header
, size_t plen
)
354 for (i
= 0; i
< count
; i
++)
356 if (!(ansp
= skip_name(ansp
, header
, plen
, 10)))
358 ansp
+= 8; /* type, class, TTL */
359 GETSHORT(rdlen
, ansp
);
360 if (!ADD_RDLEN(header
, ansp
, plen
, rdlen
))
367 /* CRC the question section. This is used to safely detect query
368 retransmision and to detect answers to questions we didn't ask, which
369 might be poisoning attacks. Note that we decode the name rather
370 than CRC the raw bytes, since replies might be compressed differently.
371 We ignore case in the names for the same reason. Return all-ones
372 if there is not question section. */
373 unsigned int questions_crc(HEADER
*header
, size_t plen
, char *name
)
376 unsigned int crc
= 0xffffffff;
377 unsigned char *p1
, *p
= (unsigned char *)(header
+1);
379 for (q
= ntohs(header
->qdcount
); q
!= 0; q
--)
381 if (!extract_name(header
, plen
, &p
, name
, 1, 4))
382 return crc
; /* bad packet */
384 for (p1
= (unsigned char *)name
; *p1
; p1
++)
389 if (c
>= 'A' && c
<= 'Z')
394 crc
= crc
& 0x80000000 ? (crc
<< 1) ^ 0x04c11db7 : crc
<< 1;
397 /* CRC the class and type as well */
398 for (p1
= p
; p1
< p
+4; p1
++)
403 crc
= crc
& 0x80000000 ? (crc
<< 1) ^ 0x04c11db7 : crc
<< 1;
407 if (!CHECK_LEN(header
, p
, plen
, 0))
408 return crc
; /* bad packet */
415 size_t resize_packet(HEADER
*header
, size_t plen
, unsigned char *pheader
, size_t hlen
)
417 unsigned char *ansp
= skip_questions(header
, plen
);
419 /* if packet is malformed, just return as-is. */
423 if (!(ansp
= skip_section(ansp
, ntohs(header
->ancount
) + ntohs(header
->nscount
) + ntohs(header
->arcount
),
427 /* restore pseudoheader */
428 if (pheader
&& ntohs(header
->arcount
) == 0)
430 /* must use memmove, may overlap */
431 memmove(ansp
, pheader
, hlen
);
432 header
->arcount
= htons(1);
436 return ansp
- (unsigned char *)header
;
439 unsigned char *find_pseudoheader(HEADER
*header
, size_t plen
, size_t *len
, unsigned char **p
, int *is_sign
)
441 /* See if packet has an RFC2671 pseudoheader, and if so return a pointer to it.
442 also return length of pseudoheader in *len and pointer to the UDP size in *p
443 Finally, check to see if a packet is signed. If it is we cannot change a single bit before
444 forwarding. We look for SIG and TSIG in the addition section, and TKEY queries (for GSS-TSIG) */
446 int i
, arcount
= ntohs(header
->arcount
);
447 unsigned char *ansp
= (unsigned char *)(header
+1);
448 unsigned short rdlen
, type
, class;
449 unsigned char *ret
= NULL
;
455 if (header
->opcode
== QUERY
)
457 for (i
= ntohs(header
->qdcount
); i
!= 0; i
--)
459 if (!(ansp
= skip_name(ansp
, header
, plen
, 4)))
462 GETSHORT(type
, ansp
);
463 GETSHORT(class, ansp
);
465 if (class == C_IN
&& type
== T_TKEY
)
472 if (!(ansp
= skip_questions(header
, plen
)))
479 if (!(ansp
= skip_section(ansp
, ntohs(header
->ancount
) + ntohs(header
->nscount
), header
, plen
)))
482 for (i
= 0; i
< arcount
; i
++)
484 unsigned char *save
, *start
= ansp
;
485 if (!(ansp
= skip_name(ansp
, header
, plen
, 10)))
488 GETSHORT(type
, ansp
);
490 GETSHORT(class, ansp
);
492 GETSHORT(rdlen
, ansp
);
493 if (!ADD_RDLEN(header
, ansp
, plen
, rdlen
))
506 (type
== T_SIG
|| type
== T_TSIG
))
514 /* is addr in the non-globally-routed IP space? */
515 static int private_net(struct in_addr addr
)
517 in_addr_t ip_addr
= ntohl(addr
.s_addr
);
520 ((ip_addr
& 0xFF000000) == 0x7F000000) /* 127.0.0.0/8 (loopback) */ ||
521 ((ip_addr
& 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ ||
522 ((ip_addr
& 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ ||
523 ((ip_addr
& 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ ||
524 ((ip_addr
& 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ;
527 static unsigned char *do_doctor(unsigned char *p
, int count
, HEADER
*header
, size_t qlen
)
529 int i
, qtype
, qclass
, rdlen
;
532 for (i
= count
; i
!= 0; i
--)
534 if (!(p
= skip_name(p
, header
, qlen
, 10)))
535 return 0; /* bad packet */
542 if ((qclass
== C_IN
) && (qtype
== T_A
))
544 struct doctor
*doctor
;
547 if (!CHECK_LEN(header
, p
, qlen
, INADDRSZ
))
551 memcpy(&addr
, p
, INADDRSZ
);
553 for (doctor
= daemon
->doctors
; doctor
; doctor
= doctor
->next
)
555 if (doctor
->end
.s_addr
== 0)
557 if (!is_same_net(doctor
->in
, addr
, doctor
->mask
))
560 else if (ntohl(doctor
->in
.s_addr
) > ntohl(addr
.s_addr
) ||
561 ntohl(doctor
->end
.s_addr
) < ntohl(addr
.s_addr
))
564 addr
.s_addr
&= ~doctor
->mask
.s_addr
;
565 addr
.s_addr
|= (doctor
->out
.s_addr
& doctor
->mask
.s_addr
);
566 /* Since we munged the data, the server it came from is no longer authoritative */
568 memcpy(p
, &addr
, INADDRSZ
);
573 if (!ADD_RDLEN(header
, p
, qlen
, rdlen
))
574 return 0; /* bad packet */
580 static int find_soa(HEADER
*header
, size_t qlen
)
583 int qtype
, qclass
, rdlen
;
584 unsigned long ttl
, minttl
= ULONG_MAX
;
585 int i
, found_soa
= 0;
587 /* first move to NS section and find TTL from any SOA section */
588 if (!(p
= skip_questions(header
, qlen
)) ||
589 !(p
= do_doctor(p
, ntohs(header
->ancount
), header
, qlen
)))
590 return 0; /* bad packet */
592 for (i
= ntohs(header
->nscount
); i
!= 0; i
--)
594 if (!(p
= skip_name(p
, header
, qlen
, 10)))
595 return 0; /* bad packet */
602 if ((qclass
== C_IN
) && (qtype
== T_SOA
))
609 if (!(p
= skip_name(p
, header
, qlen
, 0)))
612 if (!(p
= skip_name(p
, header
, qlen
, 20)))
614 p
+= 16; /* SERIAL REFRESH RETRY EXPIRE */
616 GETLONG(ttl
, p
); /* minTTL */
620 else if (!ADD_RDLEN(header
, p
, qlen
, rdlen
))
621 return 0; /* bad packet */
624 /* rewrite addresses in additioal section too */
625 if (!do_doctor(p
, ntohs(header
->arcount
), header
, qlen
))
629 minttl
= daemon
->neg_ttl
;
634 /* Note that the following code can create CNAME chains that don't point to a real record,
635 either because of lack of memory, or lack of SOA records. These are treated by the cache code as
636 expired and cleaned out that way.
637 Return 1 if we reject an address because it look like parct of dns-rebinding attack. */
638 int extract_addresses(HEADER
*header
, size_t qlen
, char *name
, time_t now
)
640 unsigned char *p
, *p1
, *endrr
, *namep
;
641 int i
, j
, qtype
, qclass
, aqtype
, aqclass
, ardlen
, res
, searched_soa
= 0;
642 unsigned long ttl
= 0;
643 struct all_addr addr
;
645 cache_start_insert();
647 /* find_soa is needed for dns_doctor side-effects, so don't call it lazily if there are any. */
651 ttl
= find_soa(header
, qlen
);
654 /* go through the questions. */
655 p
= (unsigned char *)(header
+1);
657 for (i
= ntohs(header
->qdcount
); i
!= 0; i
--)
659 int found
= 0, cname_count
= 5;
660 struct crec
*cpp
= NULL
;
661 int flags
= header
->rcode
== NXDOMAIN
? F_NXDOMAIN
: 0;
662 unsigned long cttl
= ULONG_MAX
, attl
;
665 if (!extract_name(header
, qlen
, &p
, name
, 1, 4))
666 return 0; /* bad packet */
674 /* PTRs: we chase CNAMEs here, since we have no way to
675 represent them in the cache. */
678 int name_encoding
= in_arpa_name_2_addr(name
, &addr
);
683 if (!(flags
& F_NXDOMAIN
))
686 if (!(p1
= skip_questions(header
, qlen
)))
689 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
691 unsigned char *tmp
= namep
;
692 /* the loop body overwrites the original name, so get it back here. */
693 if (!extract_name(header
, qlen
, &tmp
, name
, 1, 0) ||
694 !(res
= extract_name(header
, qlen
, &p1
, name
, 0, 10)))
695 return 0; /* bad packet */
697 GETSHORT(aqtype
, p1
);
698 GETSHORT(aqclass
, p1
);
700 GETSHORT(ardlen
, p1
);
703 /* TTL of record is minimum of CNAMES and PTR */
707 if (aqclass
== C_IN
&& res
!= 2 && (aqtype
== T_CNAME
|| aqtype
== T_PTR
))
709 if (!extract_name(header
, qlen
, &p1
, name
, 1, 0))
712 if (aqtype
== T_CNAME
)
715 return 0; /* looped CNAMES */
719 cache_insert(name
, &addr
, now
, cttl
, name_encoding
| F_REVERSE
);
724 if (!CHECK_LEN(header
, p1
, qlen
, 0))
725 return 0; /* bad packet */
729 if (!found
&& !(daemon
->options
& OPT_NO_NEG
))
734 ttl
= find_soa(header
, qlen
);
737 cache_insert(NULL
, &addr
, now
, ttl
, name_encoding
| F_REVERSE
| F_NEG
| flags
);
742 /* everything other than PTR */
752 else if (qtype
== T_AAAA
)
761 if (!(flags
& F_NXDOMAIN
))
764 if (!(p1
= skip_questions(header
, qlen
)))
767 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
769 if (!(res
= extract_name(header
, qlen
, &p1
, name
, 0, 10)))
770 return 0; /* bad packet */
772 GETSHORT(aqtype
, p1
);
773 GETSHORT(aqclass
, p1
);
775 GETSHORT(ardlen
, p1
);
778 if (aqclass
== C_IN
&& res
!= 2 && (aqtype
== T_CNAME
|| aqtype
== qtype
))
780 if (aqtype
== T_CNAME
)
783 return 0; /* looped CNAMES */
784 newc
= cache_insert(name
, NULL
, now
, attl
, F_CNAME
| F_FORWARD
);
787 cpp
->addr
.cname
.cache
= newc
;
788 cpp
->addr
.cname
.uid
= newc
->uid
;
795 if (!extract_name(header
, qlen
, &p1
, name
, 1, 0))
803 /* copy address into aligned storage */
804 if (!CHECK_LEN(header
, p1
, qlen
, addrlen
))
805 return 0; /* bad packet */
806 memcpy(&addr
, p1
, addrlen
);
808 /* check for returned address in private space */
809 if ((daemon
->options
& OPT_NO_REBIND
) &&
811 private_net(addr
.addr
.addr4
))
814 newc
= cache_insert(name
, &addr
, now
, attl
, flags
| F_FORWARD
);
817 cpp
->addr
.cname
.cache
= newc
;
818 cpp
->addr
.cname
.uid
= newc
->uid
;
825 if (!CHECK_LEN(header
, p1
, qlen
, 0))
826 return 0; /* bad packet */
830 if (!found
&& !(daemon
->options
& OPT_NO_NEG
))
835 ttl
= find_soa(header
, qlen
);
837 /* If there's no SOA to get the TTL from, but there is a CNAME
838 pointing at this, inherit its TTL */
841 newc
= cache_insert(name
, NULL
, now
, ttl
? ttl
: cttl
, F_FORWARD
| F_NEG
| flags
);
844 cpp
->addr
.cname
.cache
= newc
;
845 cpp
->addr
.cname
.uid
= newc
->uid
;
852 /* Don't put stuff from a truncated packet into the cache, but do everything else */
859 /* If the packet holds exactly one query
860 return F_IPV4 or F_IPV6 and leave the name from the query in name.
861 Abuse F_BIGNAME to indicate an NS query - yuck. */
863 unsigned short extract_request(HEADER
*header
, size_t qlen
, char *name
, unsigned short *typep
)
865 unsigned char *p
= (unsigned char *)(header
+1);
871 if (ntohs(header
->qdcount
) != 1 || header
->opcode
!= QUERY
)
872 return 0; /* must be exactly one query. */
874 if (!extract_name(header
, qlen
, &p
, name
, 1, 4))
875 return 0; /* bad packet */
890 return F_IPV4
| F_IPV6
;
891 if (qtype
== T_NS
|| qtype
== T_SOA
)
892 return F_QUERY
| F_BIGNAME
;
899 size_t setup_reply(HEADER
*header
, size_t qlen
,
900 struct all_addr
*addrp
, unsigned short flags
, unsigned long ttl
)
902 unsigned char *p
= skip_questions(header
, qlen
);
904 header
->qr
= 1; /* response */
905 header
->aa
= 0; /* authoritive */
906 header
->ra
= 1; /* recursion if available */
907 header
->tc
= 0; /* not truncated */
908 header
->nscount
= htons(0);
909 header
->arcount
= htons(0);
910 header
->ancount
= htons(0); /* no answers unless changed below */
912 header
->rcode
= SERVFAIL
; /* couldn't get memory */
913 else if (flags
== F_NOERR
)
914 header
->rcode
= NOERROR
; /* empty domain */
915 else if (flags
== F_NXDOMAIN
)
916 header
->rcode
= NXDOMAIN
;
917 else if (p
&& flags
== F_IPV4
)
918 { /* we know the address */
919 header
->rcode
= NOERROR
;
920 header
->ancount
= htons(1);
922 add_resource_record(header
, NULL
, NULL
, sizeof(HEADER
), &p
, ttl
, NULL
, T_A
, C_IN
, "4", addrp
);
925 else if (p
&& flags
== F_IPV6
)
927 header
->rcode
= NOERROR
;
928 header
->ancount
= htons(1);
930 add_resource_record(header
, NULL
, NULL
, sizeof(HEADER
), &p
, ttl
, NULL
, T_AAAA
, C_IN
, "6", addrp
);
933 else /* nowhere to forward to */
934 header
->rcode
= REFUSED
;
936 return p
- (unsigned char *)header
;
939 /* check if name matches local names ie from /etc/hosts or DHCP or local mx names. */
940 int check_for_local_domain(char *name
, time_t now
)
943 struct mx_srv_record
*mx
;
944 struct txt_record
*txt
;
945 struct interface_name
*intr
;
946 struct ptr_record
*ptr
;
948 if ((crecp
= cache_find_by_name(NULL
, name
, now
, F_IPV4
| F_IPV6
)) &&
949 (crecp
->flags
& (F_HOSTS
| F_DHCP
)))
952 for (mx
= daemon
->mxnames
; mx
; mx
= mx
->next
)
953 if (hostname_isequal(name
, mx
->name
))
956 for (txt
= daemon
->txt
; txt
; txt
= txt
->next
)
957 if (hostname_isequal(name
, txt
->name
))
960 for (intr
= daemon
->int_names
; intr
; intr
= intr
->next
)
961 if (hostname_isequal(name
, intr
->name
))
964 for (ptr
= daemon
->ptr
; ptr
; ptr
= ptr
->next
)
965 if (hostname_isequal(name
, ptr
->name
))
971 /* Is the packet a reply with the answer address equal to addr?
972 If so mung is into an NXDOMAIN reply and also put that information
974 int check_for_bogus_wildcard(HEADER
*header
, size_t qlen
, char *name
,
975 struct bogus_addr
*baddr
, time_t now
)
978 int i
, qtype
, qclass
, rdlen
;
980 struct bogus_addr
*baddrp
;
982 /* skip over questions */
983 if (!(p
= skip_questions(header
, qlen
)))
984 return 0; /* bad packet */
986 for (i
= ntohs(header
->ancount
); i
!= 0; i
--)
988 if (!extract_name(header
, qlen
, &p
, name
, 1, 10))
989 return 0; /* bad packet */
996 if (qclass
== C_IN
&& qtype
== T_A
)
998 if (!CHECK_LEN(header
, p
, qlen
, INADDRSZ
))
1001 for (baddrp
= baddr
; baddrp
; baddrp
= baddrp
->next
)
1002 if (memcmp(&baddrp
->addr
, p
, INADDRSZ
) == 0)
1004 /* Found a bogus address. Insert that info here, since there no SOA record
1005 to get the ttl from in the normal processing */
1006 cache_start_insert();
1007 cache_insert(name
, NULL
, now
, ttl
, F_IPV4
| F_FORWARD
| F_NEG
| F_NXDOMAIN
| F_CONFIG
);
1014 if (!ADD_RDLEN(header
, p
, qlen
, rdlen
))
1021 static int add_resource_record(HEADER
*header
, char *limit
, int *truncp
, unsigned int nameoffset
, unsigned char **pp
,
1022 unsigned long ttl
, unsigned int *offset
, unsigned short type
, unsigned short class, char *format
, ...)
1025 unsigned char *sav
, *p
= *pp
;
1027 unsigned short usval
;
1031 if (truncp
&& *truncp
)
1034 PUTSHORT(nameoffset
| 0xc000, p
);
1037 PUTLONG(ttl
, p
); /* TTL */
1039 sav
= p
; /* Save pointer to RDLength field */
1040 PUTSHORT(0, p
); /* Placeholder RDLength */
1042 va_start(ap
, format
); /* make ap point to 1st unamed argument */
1044 for (; *format
; format
++)
1049 sval
= va_arg(ap
, char *);
1050 memcpy(p
, sval
, IN6ADDRSZ
);
1056 sval
= va_arg(ap
, char *);
1057 memcpy(p
, sval
, INADDRSZ
);
1062 usval
= va_arg(ap
, int);
1067 lval
= va_arg(ap
, long);
1072 /* get domain-name answer arg and store it in RDATA field */
1074 *offset
= p
- (unsigned char *)header
;
1075 p
= do_rfc1035_name(p
, va_arg(ap
, char *));
1080 usval
= va_arg(ap
, int);
1081 sval
= va_arg(ap
, char *);
1082 memcpy(p
, sval
, usval
);
1087 sval
= va_arg(ap
, char *);
1088 usval
= sval
? strlen(sval
) : 0;
1091 *p
++ = (unsigned char)usval
;
1092 memcpy(p
, sval
, usval
);
1097 va_end(ap
); /* clean up variable argument pointer */
1100 PUTSHORT(j
, sav
); /* Now, store real RDLength */
1102 /* check for overflow of buffer */
1103 if (limit
&& ((unsigned char *)limit
- p
) < 0)
1114 static unsigned long crec_ttl(struct crec
*crecp
, time_t now
)
1116 /* Return 0 ttl for DHCP entries, which might change
1117 before the lease expires. */
1119 if (crecp
->flags
& (F_IMMORTAL
| F_DHCP
))
1120 return daemon
->local_ttl
;
1122 return crecp
->ttd
- now
;
1126 /* return zero if we can't answer from cache, or packet size if we can */
1127 size_t answer_request(HEADER
*header
, char *limit
, size_t qlen
,
1128 struct in_addr local_addr
, struct in_addr local_netmask
, time_t now
)
1130 char *name
= daemon
->namebuff
;
1131 unsigned char *p
, *ansp
, *pheader
;
1133 struct all_addr addr
;
1134 unsigned int nameoffset
;
1135 unsigned short flag
;
1136 int q
, ans
, anscount
= 0, addncount
= 0;
1137 int dryrun
= 0, sec_reqd
= 0;
1140 int nxdomain
= 0, auth
= 1, trunc
= 0;
1141 struct mx_srv_record
*rec
;
1143 /* If there is an RFC2671 pseudoheader then it will be overwritten by
1144 partial replies, so we have to do a dry run to see if we can answer
1145 the query. We check to see if the do bit is set, if so we always
1146 forward rather than answering from the cache, which doesn't include
1147 security information. */
1149 if (find_pseudoheader(header
, qlen
, NULL
, &pheader
, &is_sign
))
1151 unsigned short udpsz
, ext_rcode
, flags
;
1152 unsigned char *psave
= pheader
;
1154 GETSHORT(udpsz
, pheader
);
1155 GETSHORT(ext_rcode
, pheader
);
1156 GETSHORT(flags
, pheader
);
1158 sec_reqd
= flags
& 0x8000; /* do bit */
1160 /* If our client is advertising a larger UDP packet size
1161 than we allow, trim it so that we don't get an overlarge
1162 response from upstream */
1164 if (!is_sign
&& (udpsz
> daemon
->edns_pktsz
))
1165 PUTSHORT(daemon
->edns_pktsz
, psave
);
1170 if (ntohs(header
->qdcount
) == 0 || header
->opcode
!= QUERY
)
1173 for (rec
= daemon
->mxnames
; rec
; rec
= rec
->next
)
1177 /* determine end of question section (we put answers there) */
1178 if (!(ansp
= skip_questions(header
, qlen
)))
1179 return 0; /* bad packet */
1181 /* now process each question, answers go in RRs after the question */
1182 p
= (unsigned char *)(header
+1);
1184 for (q
= ntohs(header
->qdcount
); q
!= 0; q
--)
1186 /* save pointer to name for copying into answers */
1187 nameoffset
= p
- (unsigned char *)header
;
1189 /* now extract name as .-concatenated string into name */
1190 if (!extract_name(header
, qlen
, &p
, name
, 1, 4))
1191 return 0; /* bad packet */
1194 GETSHORT(qclass
, p
);
1196 ans
= 0; /* have we answered this question */
1198 if (qtype
== T_TXT
|| qtype
== T_ANY
)
1200 struct txt_record
*t
;
1201 for(t
= daemon
->txt
; t
; t
= t
->next
)
1203 if (t
->class == qclass
&& hostname_isequal(name
, t
->name
))
1208 log_query(F_CNAME
| F_FORWARD
| F_CONFIG
| F_NXDOMAIN
, name
, NULL
, "<TXT>");
1209 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
,
1210 daemon
->local_ttl
, NULL
,
1211 T_TXT
, t
->class, "t", t
->len
, t
->txt
))
1221 if (qtype
== T_PTR
|| qtype
== T_ANY
)
1223 /* see if it's w.z.y.z.in-addr.arpa format */
1224 int is_arpa
= in_arpa_name_2_addr(name
, &addr
);
1225 struct ptr_record
*ptr
;
1226 struct interface_name
* intr
= NULL
;
1228 for (ptr
= daemon
->ptr
; ptr
; ptr
= ptr
->next
)
1229 if (hostname_isequal(name
, ptr
->name
))
1232 if (is_arpa
== F_IPV4
)
1233 for (intr
= daemon
->int_names
; intr
; intr
= intr
->next
)
1235 if (addr
.addr
.addr4
.s_addr
== get_ifaddr(intr
->intr
).s_addr
)
1238 while (intr
->next
&& strcmp(intr
->intr
, intr
->next
->intr
) == 0)
1247 log_query(F_IPV4
| F_REVERSE
| F_CONFIG
, intr
->name
, &addr
, NULL
);
1248 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
,
1249 daemon
->local_ttl
, NULL
,
1250 T_PTR
, C_IN
, "d", intr
->name
))
1259 log_query(F_CNAME
| F_FORWARD
| F_CONFIG
| F_NXDOMAIN
, name
, NULL
, "<PTR>");
1260 for (ptr
= daemon
->ptr
; ptr
; ptr
= ptr
->next
)
1261 if (hostname_isequal(name
, ptr
->name
) &&
1262 add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
,
1263 daemon
->local_ttl
, NULL
,
1264 T_PTR
, C_IN
, "d", ptr
->ptr
))
1269 else if ((crecp
= cache_find_by_addr(NULL
, &addr
, now
, is_arpa
)))
1272 /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
1273 if (qtype
== T_ANY
&& !(crecp
->flags
& (F_HOSTS
| F_DHCP
)))
1276 if (crecp
->flags
& F_NEG
)
1280 if (crecp
->flags
& F_NXDOMAIN
)
1283 log_query(crecp
->flags
& ~F_FORWARD
, name
, &addr
, NULL
);
1285 else if ((crecp
->flags
& (F_HOSTS
| F_DHCP
)) || !sec_reqd
)
1288 if (!(crecp
->flags
& (F_HOSTS
| F_DHCP
)))
1292 log_query(crecp
->flags
& ~F_FORWARD
, cache_get_name(crecp
), &addr
,
1293 record_source(crecp
->uid
));
1295 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
,
1296 crec_ttl(crecp
, now
), NULL
,
1297 T_PTR
, C_IN
, "d", cache_get_name(crecp
)))
1301 } while ((crecp
= cache_find_by_addr(crecp
, &addr
, now
, is_arpa
)));
1302 else if (is_arpa
== F_IPV4
&&
1303 (daemon
->options
& OPT_BOGUSPRIV
) &&
1304 private_net(addr
.addr
.addr4
))
1306 /* if not in cache, enabled and private IPV4 address, return NXDOMAIN */
1310 log_query(F_CONFIG
| F_REVERSE
| F_IPV4
| F_NEG
| F_NXDOMAIN
,
1315 for (flag
= F_IPV4
; flag
; flag
= (flag
== F_IPV4
) ? F_IPV6
: 0)
1317 unsigned short type
= T_A
;
1326 if (qtype
!= type
&& qtype
!= T_ANY
)
1329 /* Check for "A for A" queries */
1330 if (qtype
== T_A
&& (addr
.addr
.addr4
.s_addr
= inet_addr(name
)) != (in_addr_t
) -1)
1335 log_query(F_FORWARD
| F_CONFIG
| F_IPV4
, name
, &addr
, NULL
);
1336 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
,
1337 daemon
->local_ttl
, NULL
, type
, C_IN
, "4", &addr
))
1343 /* interface name stuff */
1346 struct interface_name
*intr
;
1348 for (intr
= daemon
->int_names
; intr
; intr
= intr
->next
)
1349 if (hostname_isequal(name
, intr
->name
))
1357 if ((addr
.addr
.addr4
= get_ifaddr(intr
->intr
)).s_addr
== (in_addr_t
) -1)
1358 log_query(F_FORWARD
| F_CONFIG
| F_IPV4
| F_NEG
, name
, NULL
, NULL
);
1361 log_query(F_FORWARD
| F_CONFIG
| F_IPV4
, name
, &addr
, NULL
);
1362 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
,
1363 daemon
->local_ttl
, NULL
, type
, C_IN
, "4", &addr
))
1372 if ((crecp
= cache_find_by_name(NULL
, name
, now
, flag
| F_CNAME
)))
1376 /* See if a putative address is on the network from which we recieved
1377 the query, is so we'll filter other answers. */
1378 if (local_addr
.s_addr
!= 0 && (daemon
->options
& OPT_LOCALISE
) && flag
== F_IPV4
)
1380 struct crec
*save
= crecp
;
1382 if ((crecp
->flags
& F_HOSTS
) &&
1383 is_same_net(*((struct in_addr
*)&crecp
->addr
), local_addr
, local_netmask
))
1388 } while ((crecp
= cache_find_by_name(crecp
, name
, now
, flag
| F_CNAME
)));
1394 /* don't answer wildcard queries with data not from /etc/hosts
1396 if (qtype
== T_ANY
&& !(crecp
->flags
& (F_HOSTS
| F_DHCP
)))
1399 if (crecp
->flags
& F_CNAME
)
1403 log_query(crecp
->flags
, name
, NULL
, record_source(crecp
->uid
));
1404 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
,
1405 crec_ttl(crecp
, now
), &nameoffset
,
1406 T_CNAME
, C_IN
, "d", cache_get_name(crecp
->addr
.cname
.cache
)))
1410 strcpy(name
, cache_get_name(crecp
->addr
.cname
.cache
));
1414 if (crecp
->flags
& F_NEG
)
1418 if (crecp
->flags
& F_NXDOMAIN
)
1421 log_query(crecp
->flags
, name
, NULL
, NULL
);
1423 else if ((crecp
->flags
& (F_HOSTS
| F_DHCP
)) || !sec_reqd
)
1425 /* If we are returning local answers depending on network,
1428 (crecp
->flags
& F_HOSTS
) &&
1429 !is_same_net(*((struct in_addr
*)&crecp
->addr
), local_addr
, local_netmask
))
1432 if (!(crecp
->flags
& (F_HOSTS
| F_DHCP
)))
1438 log_query(crecp
->flags
& ~F_REVERSE
, name
, &crecp
->addr
.addr
,
1439 record_source(crecp
->uid
));
1441 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
,
1442 crec_ttl(crecp
, now
), NULL
, type
, C_IN
,
1443 type
== T_A
? "4" : "6", &crecp
->addr
))
1447 } while ((crecp
= cache_find_by_name(crecp
, name
, now
, flag
| F_CNAME
)));
1451 if (qtype
== T_MX
|| qtype
== T_ANY
)
1454 for (rec
= daemon
->mxnames
; rec
; rec
= rec
->next
)
1455 if (!rec
->issrv
&& hostname_isequal(name
, rec
->name
))
1460 unsigned int offset
;
1461 log_query(F_CNAME
| F_FORWARD
| F_CONFIG
| F_NXDOMAIN
, name
, NULL
, "<MX>");
1462 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
, daemon
->local_ttl
,
1463 &offset
, T_MX
, C_IN
, "sd", rec
->weight
, rec
->target
))
1467 rec
->offset
= offset
;
1472 if (!found
&& (daemon
->options
& (OPT_SELFMX
| OPT_LOCALMX
)) &&
1473 cache_find_by_name(NULL
, name
, now
, F_HOSTS
| F_DHCP
))
1478 log_query(F_CNAME
| F_FORWARD
| F_CONFIG
| F_NXDOMAIN
, name
, NULL
, "<MX>");
1479 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
, daemon
->local_ttl
, NULL
,
1480 T_MX
, C_IN
, "sd", 1,
1481 (daemon
->options
& OPT_SELFMX
) ? name
: daemon
->mxtarget
))
1487 if (qtype
== T_SRV
|| qtype
== T_ANY
)
1491 for (rec
= daemon
->mxnames
; rec
; rec
= rec
->next
)
1492 if (rec
->issrv
&& hostname_isequal(name
, rec
->name
))
1497 unsigned int offset
;
1498 log_query(F_CNAME
| F_FORWARD
| F_CONFIG
| F_NXDOMAIN
, name
, NULL
, "<SRV>");
1499 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
, daemon
->local_ttl
,
1500 &offset
, T_SRV
, C_IN
, "sssd",
1501 rec
->priority
, rec
->weight
, rec
->srvport
, rec
->target
))
1505 rec
->offset
= offset
;
1510 if (!found
&& (daemon
->options
& OPT_FILTER
) && (qtype
== T_SRV
|| (qtype
== T_ANY
&& strchr(name
, '_'))))
1514 log_query(F_CONFIG
| F_NEG
, name
, NULL
, NULL
);
1518 if (qtype
== T_NAPTR
|| qtype
== T_ANY
)
1521 for (na
= daemon
->naptr
; na
; na
= na
->next
)
1522 if (hostname_isequal(name
, na
->name
))
1527 log_query(F_CNAME
| F_FORWARD
| F_CONFIG
| F_NXDOMAIN
, name
, NULL
, "<NAPTR>");
1528 if (add_resource_record(header
, limit
, &trunc
, nameoffset
, &ansp
, daemon
->local_ttl
,
1529 NULL
, T_NAPTR
, C_IN
, "sszzzd",
1530 na
->order
, na
->pref
, na
->flags
, na
->services
, na
->regexp
, na
->replace
))
1536 if (qtype
== T_MAILB
)
1537 ans
= 1, nxdomain
= 1;
1539 if (qtype
== T_SOA
&& (daemon
->options
& OPT_FILTER
))
1543 log_query(F_CONFIG
| F_NEG
, name
, &addr
, NULL
);
1548 return 0; /* failed to answer a question */
1557 /* create an additional data section, for stuff in SRV and MX record replies. */
1558 for (rec
= daemon
->mxnames
; rec
; rec
= rec
->next
)
1559 if (rec
->offset
!= 0)
1562 struct mx_srv_record
*tmp
;
1563 for (tmp
= rec
->next
; tmp
; tmp
= tmp
->next
)
1564 if (tmp
->offset
!= 0 && hostname_isequal(rec
->target
, tmp
->target
))
1568 while ((crecp
= cache_find_by_name(crecp
, rec
->target
, now
, F_IPV4
| F_IPV6
)))
1571 int type
= crecp
->flags
& F_IPV4
? T_A
: T_AAAA
;
1575 if (crecp
->flags
& F_NEG
)
1578 if (add_resource_record(header
, limit
, NULL
, rec
->offset
, &ansp
,
1579 crec_ttl(crecp
, now
), NULL
, type
, C_IN
,
1580 crecp
->flags
& F_IPV4
? "4" : "6", &crecp
->addr
))
1585 /* done all questions, set up header and return length of result */
1586 header
->qr
= 1; /* response */
1587 header
->aa
= auth
; /* authoritive - only hosts and DHCP derived names. */
1588 header
->ra
= 1; /* recursion if available */
1589 header
->tc
= trunc
; /* truncation */
1590 if (anscount
== 0 && nxdomain
)
1591 header
->rcode
= NXDOMAIN
;
1593 header
->rcode
= NOERROR
; /* no error */
1594 header
->ancount
= htons(anscount
);
1595 header
->nscount
= htons(0);
1596 header
->arcount
= htons(addncount
);
1597 return ansp
- (unsigned char *)header
;