2 * services/localzone.c - local zones authority service.
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
6 * This software is open source.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 * This file contains functions to enable local zone authority service.
42 #include "services/localzone.h"
43 #include "sldns/str2wire.h"
44 #include "sldns/sbuffer.h"
45 #include "util/regional.h"
46 #include "util/config_file.h"
47 #include "util/data/dname.h"
48 #include "util/data/packed_rrset.h"
49 #include "util/data/msgencode.h"
50 #include "util/net_help.h"
51 #include "util/netevent.h"
52 #include "util/data/msgreply.h"
53 #include "util/data/msgparse.h"
54 #include "util/as112.h"
55 #include "util/config_file.h"
57 /* maximum RRs in an RRset, to cap possible 'endless' list RRs.
58 * with 16 bytes for an A record, a 64K packet has about 4000 max */
59 #define LOCALZONE_RRSET_COUNT_MAX 4096
62 local_zones_create(void)
64 struct local_zones* zones = (struct local_zones*)calloc(1,
68 rbtree_init(&zones->ztree, &local_zone_cmp);
69 lock_rw_init(&zones->lock);
70 lock_protect(&zones->lock, &zones->ztree, sizeof(zones->ztree));
71 /* also lock protects the rbnode's in struct local_zone */
75 /** helper traverse to delete zones */
77 lzdel(rbnode_type* n, void* ATTR_UNUSED(arg))
79 struct local_zone* z = (struct local_zone*)n->key;
84 local_zones_delete(struct local_zones* zones)
88 lock_rw_destroy(&zones->lock);
89 /* walk through zones and delete them all */
90 traverse_postorder(&zones->ztree, lzdel, NULL);
95 local_zone_delete(struct local_zone* z)
99 lock_rw_destroy(&z->lock);
100 regional_destroy(z->region);
107 local_zone_cmp(const void* z1, const void* z2)
109 /* first sort on class, so that hierarchy can be maintained within
111 struct local_zone* a = (struct local_zone*)z1;
112 struct local_zone* b = (struct local_zone*)z2;
114 if(a->dclass != b->dclass) {
115 if(a->dclass < b->dclass)
119 return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
123 local_data_cmp(const void* d1, const void* d2)
125 struct local_data* a = (struct local_data*)d1;
126 struct local_data* b = (struct local_data*)d2;
128 return dname_canon_lab_cmp(a->name, a->namelabs, b->name,
132 /* form wireformat from text format domain name */
134 parse_dname(const char* str, uint8_t** res, size_t* len, int* labs)
136 *res = sldns_str2wire_dname(str, len);
139 log_err("cannot parse name %s", str);
142 *labs = dname_count_size_labels(*res, len);
146 /** create a new localzone */
147 static struct local_zone*
148 local_zone_create(uint8_t* nm, size_t len, int labs,
149 enum localzone_type t, uint16_t dclass)
151 struct local_zone* z = (struct local_zone*)calloc(1, sizeof(*z));
161 lock_rw_init(&z->lock);
162 z->region = regional_create_custom(sizeof(struct regional));
167 rbtree_init(&z->data, &local_data_cmp);
168 lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_type));
169 /* also the zones->lock protects node, parent, name*, class */
173 /** enter a new zone with allocated dname returns with WRlock */
174 static struct local_zone*
175 lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len,
176 int labs, enum localzone_type t, uint16_t c)
178 struct local_zone* z = local_zone_create(nm, len, labs, t, c);
181 log_err("out of memory");
186 lock_rw_wrlock(&zones->lock);
187 lock_rw_wrlock(&z->lock);
188 if(!rbtree_insert(&zones->ztree, &z->node)) {
189 struct local_zone* oldz;
192 log_warn("duplicate local-zone %s", str);
193 lock_rw_unlock(&z->lock);
194 /* save zone name locally before deallocation,
195 * otherwise, nm is gone if we zone_delete now. */
197 /* find the correct zone, so not an error for duplicate */
198 z = local_zones_find(zones, nm, len, labs, c);
199 lock_rw_wrlock(&z->lock);
200 lock_rw_unlock(&zones->lock);
201 local_zone_delete(oldz);
204 lock_rw_unlock(&zones->lock);
208 /** enter a new zone */
209 static struct local_zone*
210 lz_enter_zone(struct local_zones* zones, const char* name, const char* type,
213 struct local_zone* z;
214 enum localzone_type t;
218 if(!parse_dname(name, &nm, &len, &labs)) {
219 log_err("bad zone name %s %s", name, type);
222 if(!local_zone_str2type(type, &t)) {
223 log_err("bad lz_enter_zone type %s %s", name, type);
227 if(!(z=lz_enter_zone_dname(zones, nm, len, labs, t, dclass))) {
228 log_err("could not enter zone %s %s", name, type);
235 rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type,
236 uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len,
237 uint8_t** rdata, size_t* rdata_len)
239 size_t dname_len = 0;
240 int e = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600,
243 log_err("error parsing local-data at %d: '%s': %s",
244 LDNS_WIREPARSE_OFFSET(e), str,
245 sldns_get_errorstr_parse(e));
248 *nm = memdup(rr, dname_len);
250 log_err("out of memory");
253 *dclass = sldns_wirerr_get_class(rr, len, dname_len);
254 *type = sldns_wirerr_get_type(rr, len, dname_len);
255 *ttl = (time_t)sldns_wirerr_get_ttl(rr, len, dname_len);
256 *rdata = sldns_wirerr_get_rdatawl(rr, len, dname_len);
257 *rdata_len = sldns_wirerr_get_rdatalen(rr, len, dname_len)+2;
261 /** return name and class of rr; parses string */
263 get_rr_nameclass(const char* str, uint8_t** nm, uint16_t* dclass)
265 uint8_t rr[LDNS_RR_BUF_SIZE];
266 size_t len = sizeof(rr), dname_len = 0;
267 int s = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600,
270 log_err("error parsing local-data at %d '%s': %s",
271 LDNS_WIREPARSE_OFFSET(s), str,
272 sldns_get_errorstr_parse(s));
275 *nm = memdup(rr, dname_len);
276 *dclass = sldns_wirerr_get_class(rr, len, dname_len);
278 log_err("out of memory");
285 * Find an rrset in local data structure.
286 * @param data: local data domain name structure.
287 * @param type: type to look for (host order).
288 * @param alias_ok: 1 if matching a non-exact, alias type such as CNAME is
289 * allowed. otherwise 0.
290 * @return rrset pointer or NULL if not found.
292 static struct local_rrset*
293 local_data_find_type(struct local_data* data, uint16_t type, int alias_ok)
295 struct local_rrset* p;
297 for(p = data->rrsets; p; p = p->next) {
298 if(p->rrset->rk.type == type)
300 if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME))
306 /** check for RR duplicates */
308 rr_is_duplicate(struct packed_rrset_data* pd, uint8_t* rdata, size_t rdata_len)
311 for(i=0; i<pd->count; i++) {
312 if(pd->rr_len[i] == rdata_len &&
313 memcmp(pd->rr_data[i], rdata, rdata_len) == 0)
319 /** new local_rrset */
320 static struct local_rrset*
321 new_local_rrset(struct regional* region, struct local_data* node,
322 uint16_t rrtype, uint16_t rrclass)
324 struct packed_rrset_data* pd;
325 struct local_rrset* rrset = (struct local_rrset*)
326 regional_alloc_zero(region, sizeof(*rrset));
328 log_err("out of memory");
331 rrset->next = node->rrsets;
332 node->rrsets = rrset;
333 rrset->rrset = (struct ub_packed_rrset_key*)
334 regional_alloc_zero(region, sizeof(*rrset->rrset));
336 log_err("out of memory");
339 rrset->rrset->entry.key = rrset->rrset;
340 pd = (struct packed_rrset_data*)regional_alloc_zero(region,
343 log_err("out of memory");
346 pd->trust = rrset_trust_prim_noglue;
347 pd->security = sec_status_insecure;
348 rrset->rrset->entry.data = pd;
349 rrset->rrset->rk.dname = node->name;
350 rrset->rrset->rk.dname_len = node->namelen;
351 rrset->rrset->rk.type = htons(rrtype);
352 rrset->rrset->rk.rrset_class = htons(rrclass);
356 /** insert RR into RRset data structure; Wastes a couple of bytes */
358 rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd,
359 uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr)
361 size_t* oldlen = pd->rr_len;
362 time_t* oldttl = pd->rr_ttl;
363 uint8_t** olddata = pd->rr_data;
365 /* add RR to rrset */
366 if(pd->count > LOCALZONE_RRSET_COUNT_MAX) {
367 log_warn("RRset '%s' has more than %d records, record ignored",
368 rrstr, LOCALZONE_RRSET_COUNT_MAX);
372 pd->rr_len = regional_alloc(region, sizeof(*pd->rr_len)*pd->count);
373 pd->rr_ttl = regional_alloc(region, sizeof(*pd->rr_ttl)*pd->count);
374 pd->rr_data = regional_alloc(region, sizeof(*pd->rr_data)*pd->count);
375 if(!pd->rr_len || !pd->rr_ttl || !pd->rr_data) {
376 log_err("out of memory");
380 memcpy(pd->rr_len+1, oldlen,
381 sizeof(*pd->rr_len)*(pd->count-1));
382 memcpy(pd->rr_ttl+1, oldttl,
383 sizeof(*pd->rr_ttl)*(pd->count-1));
384 memcpy(pd->rr_data+1, olddata,
385 sizeof(*pd->rr_data)*(pd->count-1));
387 pd->rr_len[0] = rdata_len;
389 pd->rr_data[0] = regional_alloc_init(region, rdata, rdata_len);
390 if(!pd->rr_data[0]) {
391 log_err("out of memory");
397 /** find a data node by exact name */
398 static struct local_data*
399 lz_find_node(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs)
401 struct local_data key;
405 key.namelabs = nmlabs;
406 return (struct local_data*)rbtree_search(&z->data, &key.node);
409 /** find a node, create it if not and all its empty nonterminal parents */
411 lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen,
412 int nmlabs, struct local_data** res)
414 struct local_data* ld = lz_find_node(z, nm, nmlen, nmlabs);
416 /* create a domain name to store rr. */
417 ld = (struct local_data*)regional_alloc_zero(z->region,
420 log_err("out of memory adding local data");
424 ld->name = regional_alloc_init(z->region, nm, nmlen);
426 log_err("out of memory");
430 ld->namelabs = nmlabs;
431 if(!rbtree_insert(&z->data, &ld->node)) {
432 log_assert(0); /* duplicate name */
434 /* see if empty nonterminals need to be created */
435 if(nmlabs > z->namelabs) {
436 dname_remove_label(&nm, &nmlen);
437 if(!lz_find_create_node(z, nm, nmlen, nmlabs-1, res))
445 /** enter data RR into auth zone */
447 lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr)
452 struct local_data* node;
453 struct local_rrset* rrset;
454 struct packed_rrset_data* pd;
455 uint16_t rrtype = 0, rrclass = 0;
457 uint8_t rr[LDNS_RR_BUF_SIZE];
460 if(!rrstr_get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr,
461 sizeof(rr), &rdata, &rdata_len)) {
462 log_err("bad local-data: %s", rrstr);
465 log_assert(z->dclass == rrclass);
466 if(z->type == local_zone_redirect &&
467 query_dname_compare(z->name, nm) != 0) {
468 log_err("local-data in redirect zone must reside at top of zone"
469 ", not at %s", rrstr);
473 nmlabs = dname_count_size_labels(nm, &nmlen);
474 if(!lz_find_create_node(z, nm, nmlen, nmlabs, &node)) {
481 /* Reject it if we would end up having CNAME and other data (including
482 * another CNAME) for a redirect zone. */
483 if(z->type == local_zone_redirect && node->rrsets) {
484 const char* othertype = NULL;
485 if (rrtype == LDNS_RR_TYPE_CNAME)
487 else if (node->rrsets->rrset->rk.type ==
488 htons(LDNS_RR_TYPE_CNAME)) {
492 log_err("local-data '%s' in redirect zone must not "
493 "coexist with %s local-data", rrstr, othertype);
497 rrset = local_data_find_type(node, rrtype, 0);
499 rrset = new_local_rrset(z->region, node, rrtype, rrclass);
502 if(query_dname_compare(node->name, z->name) == 0) {
503 if(rrtype == LDNS_RR_TYPE_NSEC)
504 rrset->rrset->rk.flags = PACKED_RRSET_NSEC_AT_APEX;
505 if(rrtype == LDNS_RR_TYPE_SOA)
506 z->soa = rrset->rrset;
509 pd = (struct packed_rrset_data*)rrset->rrset->entry.data;
510 log_assert(rrset && pd);
512 /* check for duplicate RR */
513 if(rr_is_duplicate(pd, rdata, rdata_len)) {
514 verbose(VERB_ALGO, "ignoring duplicate RR: %s", rrstr);
517 return rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr);
520 /** enter a data RR into auth data; a zone for it must exist */
522 lz_enter_rr_str(struct local_zones* zones, const char* rr)
528 struct local_zone* z;
530 if(!get_rr_nameclass(rr, &rr_name, &rr_class)) {
531 log_err("bad rr %s", rr);
534 labs = dname_count_size_labels(rr_name, &len);
535 lock_rw_rdlock(&zones->lock);
536 z = local_zones_lookup(zones, rr_name, len, labs, rr_class);
538 lock_rw_unlock(&zones->lock);
539 fatal_exit("internal error: no zone for rr %s", rr);
541 lock_rw_wrlock(&z->lock);
542 lock_rw_unlock(&zones->lock);
544 r = lz_enter_rr_into_zone(z, rr);
545 lock_rw_unlock(&z->lock);
549 /** enter tagstring into zone */
551 lz_enter_zone_tag(struct local_zones* zones, char* zname, uint8_t* list,
552 size_t len, uint16_t rr_class)
554 uint8_t dname[LDNS_MAX_DOMAINLEN+1];
555 size_t dname_len = sizeof(dname);
556 int dname_labs, r = 0;
557 struct local_zone* z;
559 if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) {
560 log_err("cannot parse zone name in local-zone-tag: %s", zname);
563 dname_labs = dname_count_labels(dname);
565 lock_rw_rdlock(&zones->lock);
566 z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class);
568 lock_rw_unlock(&zones->lock);
569 log_err("no local-zone for tag %s", zname);
572 lock_rw_wrlock(&z->lock);
573 lock_rw_unlock(&zones->lock);
575 z->taglist = memdup(list, len);
579 lock_rw_unlock(&z->lock);
583 /** enter override into zone */
585 lz_enter_override(struct local_zones* zones, char* zname, char* netblock,
586 char* type, uint16_t rr_class)
588 uint8_t dname[LDNS_MAX_DOMAINLEN+1];
589 size_t dname_len = sizeof(dname);
591 struct sockaddr_storage addr;
594 struct local_zone* z;
595 enum localzone_type t;
597 /* parse zone name */
598 if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) {
599 log_err("cannot parse zone name in local-zone-override: %s %s",
603 dname_labs = dname_count_labels(dname);
606 if(!netblockstrtoaddr(netblock, UNBOUND_DNS_PORT, &addr, &addrlen,
608 log_err("cannot parse netblock in local-zone-override: %s %s",
613 /* parse zone type */
614 if(!local_zone_str2type(type, &t)) {
615 log_err("cannot parse type in local-zone-override: %s %s %s",
616 zname, netblock, type);
620 /* find localzone entry */
621 lock_rw_rdlock(&zones->lock);
622 z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class);
624 lock_rw_unlock(&zones->lock);
625 log_err("no local-zone for local-zone-override %s", zname);
628 lock_rw_wrlock(&z->lock);
629 lock_rw_unlock(&zones->lock);
631 /* create netblock addr_tree if not present yet */
632 if(!z->override_tree) {
633 z->override_tree = (struct rbtree_type*)regional_alloc_zero(
634 z->region, sizeof(*z->override_tree));
635 if(!z->override_tree) {
636 lock_rw_unlock(&z->lock);
637 log_err("out of memory");
640 addr_tree_init(z->override_tree);
642 /* add new elem to tree */
643 if(z->override_tree) {
644 struct local_zone_override* n;
645 n = (struct local_zone_override*)regional_alloc_zero(
646 z->region, sizeof(*n));
648 lock_rw_unlock(&z->lock);
649 log_err("out of memory");
653 if(!addr_tree_insert(z->override_tree,
654 (struct addr_tree_node*)n, &addr, addrlen, net)) {
655 lock_rw_unlock(&z->lock);
656 log_err("duplicate local-zone-override %s %s",
662 lock_rw_unlock(&z->lock);
666 /** parse local-zone: statements */
668 lz_enter_zones(struct local_zones* zones, struct config_file* cfg)
670 struct config_str2list* p;
671 struct local_zone* z;
672 for(p = cfg->local_zones; p; p = p->next) {
673 if(!(z=lz_enter_zone(zones, p->str, p->str2,
676 lock_rw_unlock(&z->lock);
681 /** lookup a zone in rbtree; exact match only; SLOW due to parse */
683 lz_exists(struct local_zones* zones, const char* name)
687 z.dclass = LDNS_RR_CLASS_IN;
688 if(!parse_dname(name, &z.name, &z.namelen, &z.namelabs)) {
689 log_err("bad name %s", name);
692 lock_rw_rdlock(&zones->lock);
693 if(rbtree_search(&zones->ztree, &z.node)) {
694 lock_rw_unlock(&zones->lock);
698 lock_rw_unlock(&zones->lock);
703 /** lookup a zone in cfg->nodefault list */
705 lz_nodefault(struct config_file* cfg, const char* name)
707 struct config_strlist* p;
708 size_t len = strlen(name);
709 if(len == 0) return 0;
710 if(name[len-1] == '.') len--;
712 for(p = cfg->local_zones_nodefault; p; p = p->next) {
713 /* compare zone name, lowercase, compare without ending . */
714 if(strncasecmp(p->str, name, len) == 0 &&
715 (strlen(p->str) == len || (strlen(p->str)==len+1 &&
716 p->str[len] == '.')))
722 /** enter AS112 default zone */
724 add_as112_default(struct local_zones* zones, struct config_file* cfg,
727 struct local_zone* z;
728 char str[1024]; /* known long enough */
729 if(lz_exists(zones, name) || lz_nodefault(cfg, name))
730 return 1; /* do not enter default content */
731 if(!(z=lz_enter_zone(zones, name, "static", LDNS_RR_CLASS_IN)))
733 snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. "
734 "nobody.invalid. 1 3600 1200 604800 10800", name);
735 if(!lz_enter_rr_into_zone(z, str)) {
736 lock_rw_unlock(&z->lock);
739 snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name);
740 if(!lz_enter_rr_into_zone(z, str)) {
741 lock_rw_unlock(&z->lock);
744 lock_rw_unlock(&z->lock);
748 /** enter default zones */
749 int local_zone_enter_defaults(struct local_zones* zones, struct config_file* cfg)
751 struct local_zone* z;
754 /* Do not add any default */
755 if(cfg->local_zones_disable_default)
758 /* this list of zones is from RFC 6303 and RFC 7686 */
760 /* block localhost level zones first, then onion and later the LAN zones */
762 /* localhost. zone */
763 if(!lz_exists(zones, "localhost.") &&
764 !lz_nodefault(cfg, "localhost.")) {
765 if(!(z=lz_enter_zone(zones, "localhost.", "static",
766 LDNS_RR_CLASS_IN)) ||
767 !lz_enter_rr_into_zone(z,
768 "localhost. 10800 IN NS localhost.") ||
769 !lz_enter_rr_into_zone(z,
770 "localhost. 10800 IN SOA localhost. nobody.invalid. "
771 "1 3600 1200 604800 10800") ||
772 !lz_enter_rr_into_zone(z,
773 "localhost. 10800 IN A 127.0.0.1") ||
774 !lz_enter_rr_into_zone(z,
775 "localhost. 10800 IN AAAA ::1")) {
776 log_err("out of memory adding default zone");
777 if(z) { lock_rw_unlock(&z->lock); }
780 lock_rw_unlock(&z->lock);
782 /* reverse ip4 zone */
783 if(!lz_exists(zones, "127.in-addr.arpa.") &&
784 !lz_nodefault(cfg, "127.in-addr.arpa.")) {
785 if(!(z=lz_enter_zone(zones, "127.in-addr.arpa.", "static",
786 LDNS_RR_CLASS_IN)) ||
787 !lz_enter_rr_into_zone(z,
788 "127.in-addr.arpa. 10800 IN NS localhost.") ||
789 !lz_enter_rr_into_zone(z,
790 "127.in-addr.arpa. 10800 IN SOA localhost. "
791 "nobody.invalid. 1 3600 1200 604800 10800") ||
792 !lz_enter_rr_into_zone(z,
793 "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.")) {
794 log_err("out of memory adding default zone");
795 if(z) { lock_rw_unlock(&z->lock); }
798 lock_rw_unlock(&z->lock);
800 /* reverse ip6 zone */
801 if(!lz_exists(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") &&
802 !lz_nodefault(cfg, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.")) {
803 if(!(z=lz_enter_zone(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", "static",
804 LDNS_RR_CLASS_IN)) ||
805 !lz_enter_rr_into_zone(z,
806 "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost.") ||
807 !lz_enter_rr_into_zone(z,
808 "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. "
809 "nobody.invalid. 1 3600 1200 604800 10800") ||
810 !lz_enter_rr_into_zone(z,
811 "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.")) {
812 log_err("out of memory adding default zone");
813 if(z) { lock_rw_unlock(&z->lock); }
816 lock_rw_unlock(&z->lock);
818 /* onion. zone (RFC 7686) */
819 if(!lz_exists(zones, "onion.") &&
820 !lz_nodefault(cfg, "onion.")) {
821 if(!(z=lz_enter_zone(zones, "onion.", "static",
822 LDNS_RR_CLASS_IN)) ||
823 !lz_enter_rr_into_zone(z,
824 "onion. 10800 IN NS localhost.") ||
825 !lz_enter_rr_into_zone(z,
826 "onion. 10800 IN SOA localhost. nobody.invalid. "
827 "1 3600 1200 604800 10800")) {
828 log_err("out of memory adding default zone");
829 if(z) { lock_rw_unlock(&z->lock); }
832 lock_rw_unlock(&z->lock);
835 /* block AS112 zones, unless asked not to */
836 if(!cfg->unblock_lan_zones) {
837 for(zstr = as112_zones; *zstr; zstr++) {
838 if(!add_as112_default(zones, cfg, *zstr)) {
839 log_err("out of memory adding default zone");
847 /** parse local-zone-override: statements */
849 lz_enter_overrides(struct local_zones* zones, struct config_file* cfg)
851 struct config_str3list* p;
852 for(p = cfg->local_zone_overrides; p; p = p->next) {
853 if(!lz_enter_override(zones, p->str, p->str2, p->str3,
860 /** setup parent pointers, so that a lookup can be done for closest match */
862 init_parents(struct local_zones* zones)
864 struct local_zone* node, *prev = NULL, *p;
866 lock_rw_wrlock(&zones->lock);
867 RBTREE_FOR(node, struct local_zone*, &zones->ztree) {
868 lock_rw_wrlock(&node->lock);
870 if(!prev || prev->dclass != node->dclass) {
872 lock_rw_unlock(&node->lock);
875 (void)dname_lab_cmp(prev->name, prev->namelabs, node->name,
876 node->namelabs, &m); /* we know prev is smaller */
877 /* sort order like: . com. bla.com. zwb.com. net. */
878 /* find the previous, or parent-parent-parent */
879 for(p = prev; p; p = p->parent)
880 /* looking for name with few labels, a parent */
881 if(p->namelabs <= m) {
882 /* ==: since prev matched m, this is closest*/
883 /* <: prev matches more, but is not a parent,
884 * this one is a (grand)parent */
890 if(node->override_tree)
891 addr_tree_init_parents(node->override_tree);
892 lock_rw_unlock(&node->lock);
894 lock_rw_unlock(&zones->lock);
897 /** enter implicit transparent zone for local-data: without local-zone: */
899 lz_setup_implicit(struct local_zones* zones, struct config_file* cfg)
901 /* walk over all items that have no parent zone and find
902 * the name that covers them all (could be the root) and
903 * add that as a transparent zone */
904 struct config_strlist* p;
906 int have_other_classes = 0;
911 int match = 0; /* number of labels match count */
913 init_parents(zones); /* to enable local_zones_lookup() */
914 for(p = cfg->local_data; p; p = p->next) {
919 if(!get_rr_nameclass(p->str, &rr_name, &rr_class)) {
920 log_err("Bad local-data RR %s", p->str);
923 labs = dname_count_size_labels(rr_name, &len);
924 lock_rw_rdlock(&zones->lock);
925 if(!local_zones_lookup(zones, rr_name, len, labs, rr_class)) {
935 if(rr_class != dclass) {
936 /* process other classes later */
938 have_other_classes = 1;
939 lock_rw_unlock(&zones->lock);
942 /* find smallest shared topdomain */
943 (void)dname_lab_cmp(nm, nmlabs,
949 } else free(rr_name);
950 lock_rw_unlock(&zones->lock);
954 struct local_zone* z;
955 /* allocate zone of smallest shared topdomain to contain em */
957 dname_remove_labels(&n2, &nmlen, nmlabs - match);
958 n2 = memdup(n2, nmlen);
961 log_err("out of memory");
964 log_nametypeclass(VERB_ALGO, "implicit transparent local-zone",
966 if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match,
967 local_zone_transparent, dclass))) {
970 lock_rw_unlock(&z->lock);
972 if(have_other_classes) {
973 /* restart to setup other class */
974 return lz_setup_implicit(zones, cfg);
979 /** enter local-zone-tag info */
981 lz_enter_zone_tags(struct local_zones* zones, struct config_file* cfg)
983 struct config_strbytelist* p;
985 for(p = cfg->local_zone_tags; p; p = p->next) {
986 if(!lz_enter_zone_tag(zones, p->str, p->str2, p->str2len,
991 if(c) verbose(VERB_ALGO, "applied tags to %d local zones", c);
995 /** enter auth data */
997 lz_enter_data(struct local_zones* zones, struct config_file* cfg)
999 struct config_strlist* p;
1000 for(p = cfg->local_data; p; p = p->next) {
1001 if(!lz_enter_rr_str(zones, p->str))
1007 /** free memory from config */
1009 lz_freeup_cfg(struct config_file* cfg)
1011 config_deldblstrlist(cfg->local_zones);
1012 cfg->local_zones = NULL;
1013 config_delstrlist(cfg->local_zones_nodefault);
1014 cfg->local_zones_nodefault = NULL;
1015 config_delstrlist(cfg->local_data);
1016 cfg->local_data = NULL;
1020 local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg)
1022 /* create zones from zone statements. */
1023 if(!lz_enter_zones(zones, cfg)) {
1026 /* apply default zones+content (unless disabled, or overridden) */
1027 if(!local_zone_enter_defaults(zones, cfg)) {
1030 /* enter local zone overrides */
1031 if(!lz_enter_overrides(zones, cfg)) {
1034 /* create implicit transparent zone from data. */
1035 if(!lz_setup_implicit(zones, cfg)) {
1039 /* setup parent ptrs for lookup during data entry */
1040 init_parents(zones);
1041 /* insert local zone tags */
1042 if(!lz_enter_zone_tags(zones, cfg)) {
1045 /* insert local data */
1046 if(!lz_enter_data(zones, cfg)) {
1049 /* freeup memory from cfg struct. */
1055 local_zones_lookup(struct local_zones* zones,
1056 uint8_t* name, size_t len, int labs, uint16_t dclass)
1058 return local_zones_tags_lookup(zones, name, len, labs,
1059 dclass, NULL, 0, 1);
1063 local_zones_tags_lookup(struct local_zones* zones,
1064 uint8_t* name, size_t len, int labs, uint16_t dclass,
1065 uint8_t* taglist, size_t taglen, int ignoretags)
1067 rbnode_type* res = NULL;
1068 struct local_zone *result;
1069 struct local_zone key;
1071 key.node.key = &key;
1072 key.dclass = dclass;
1075 key.namelabs = labs;
1076 rbtree_find_less_equal(&zones->ztree, &key, &res);
1077 result = (struct local_zone*)res;
1078 /* exact or smaller element (or no element) */
1079 if(!result || result->dclass != dclass)
1081 /* count number of labels matched */
1082 (void)dname_lab_cmp(result->name, result->namelabs, key.name,
1084 while(result) { /* go up until qname is zone or subdomain of zone */
1085 if(result->namelabs <= m)
1086 if(ignoretags || !result->taglist ||
1087 taglist_intersect(result->taglist,
1088 result->taglen, taglist, taglen))
1090 result = result->parent;
1096 local_zones_find(struct local_zones* zones,
1097 uint8_t* name, size_t len, int labs, uint16_t dclass)
1099 struct local_zone key;
1100 key.node.key = &key;
1101 key.dclass = dclass;
1104 key.namelabs = labs;
1106 return (struct local_zone*)rbtree_search(&zones->ztree, &key);
1109 /** print all RRsets in local zone */
1111 local_zone_out(struct local_zone* z)
1113 struct local_data* d;
1114 struct local_rrset* p;
1115 RBTREE_FOR(d, struct local_data*, &z->data) {
1116 for(p = d->rrsets; p; p = p->next) {
1117 log_nametypeclass(0, "rrset", d->name,
1118 ntohs(p->rrset->rk.type),
1119 ntohs(p->rrset->rk.rrset_class));
1124 void local_zones_print(struct local_zones* zones)
1126 struct local_zone* z;
1127 lock_rw_rdlock(&zones->lock);
1128 log_info("number of auth zones %u", (unsigned)zones->ztree.count);
1129 RBTREE_FOR(z, struct local_zone*, &zones->ztree) {
1130 lock_rw_rdlock(&z->lock);
1132 case local_zone_deny:
1133 log_nametypeclass(0, "deny zone",
1134 z->name, 0, z->dclass);
1136 case local_zone_refuse:
1137 log_nametypeclass(0, "refuse zone",
1138 z->name, 0, z->dclass);
1140 case local_zone_redirect:
1141 log_nametypeclass(0, "redirect zone",
1142 z->name, 0, z->dclass);
1144 case local_zone_transparent:
1145 log_nametypeclass(0, "transparent zone",
1146 z->name, 0, z->dclass);
1148 case local_zone_typetransparent:
1149 log_nametypeclass(0, "typetransparent zone",
1150 z->name, 0, z->dclass);
1152 case local_zone_static:
1153 log_nametypeclass(0, "static zone",
1154 z->name, 0, z->dclass);
1156 case local_zone_inform:
1157 log_nametypeclass(0, "inform zone",
1158 z->name, 0, z->dclass);
1160 case local_zone_inform_deny:
1161 log_nametypeclass(0, "inform_deny zone",
1162 z->name, 0, z->dclass);
1164 case local_zone_always_transparent:
1165 log_nametypeclass(0, "always_transparent zone",
1166 z->name, 0, z->dclass);
1168 case local_zone_always_refuse:
1169 log_nametypeclass(0, "always_refuse zone",
1170 z->name, 0, z->dclass);
1172 case local_zone_always_nxdomain:
1173 log_nametypeclass(0, "always_nxdomain zone",
1174 z->name, 0, z->dclass);
1177 log_nametypeclass(0, "badtyped zone",
1178 z->name, 0, z->dclass);
1182 lock_rw_unlock(&z->lock);
1184 lock_rw_unlock(&zones->lock);
1187 /** encode answer consisting of 1 rrset */
1189 local_encode(struct query_info* qinfo, struct module_env* env,
1190 struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
1191 struct ub_packed_rrset_key* rrset, int ansec, int rcode)
1193 struct reply_info rep;
1195 /* make answer with time=0 for fixed TTL values */
1196 memset(&rep, 0, sizeof(rep));
1197 rep.flags = (uint16_t)((BIT_QR | BIT_AA | BIT_RA) | rcode);
1200 rep.an_numrrsets = 1;
1201 else rep.ns_numrrsets = 1;
1202 rep.rrset_count = 1;
1203 rep.rrsets = &rrset;
1204 udpsize = edns->udp_size;
1205 edns->edns_version = EDNS_ADVERTISED_VERSION;
1206 edns->udp_size = EDNS_ADVERTISED_SIZE;
1207 edns->ext_rcode = 0;
1208 edns->bits &= EDNS_DO;
1209 if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns, temp)
1210 || !reply_info_answer_encode(qinfo, &rep,
1211 *(uint16_t*)sldns_buffer_begin(buf),
1212 sldns_buffer_read_u16_at(buf, 2),
1213 buf, 0, 0, temp, udpsize, edns,
1214 (int)(edns->bits&EDNS_DO), 0))
1215 error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
1216 *(uint16_t*)sldns_buffer_begin(buf),
1217 sldns_buffer_read_u16_at(buf, 2), edns);
1221 /** encode local error answer */
1223 local_error_encode(struct query_info* qinfo, struct module_env* env,
1224 struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
1227 edns->edns_version = EDNS_ADVERTISED_VERSION;
1228 edns->udp_size = EDNS_ADVERTISED_SIZE;
1229 edns->ext_rcode = 0;
1230 edns->bits &= EDNS_DO;
1232 if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
1234 edns->opt_list = NULL;
1235 error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
1236 sldns_buffer_read_u16_at(buf, 2), edns);
1239 /** find local data tag string match for the given type in the list */
1241 local_data_find_tag_datas(const struct query_info* qinfo,
1242 struct config_strlist* list, struct ub_packed_rrset_key* r,
1243 struct regional* temp)
1245 struct config_strlist* p;
1247 uint8_t rr[LDNS_RR_BUF_SIZE];
1250 struct packed_rrset_data* d;
1251 for(p=list; p; p=p->next) {
1255 /* does this element match the type? */
1256 snprintf(buf, sizeof(buf), ". %s", p->str);
1257 res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600,
1260 /* parse errors are already checked before, in
1261 * acllist check_data, skip this for robustness */
1263 if(len < 1 /* . */ + 8 /* typeclassttl*/ + 2 /*rdatalen*/)
1265 rdr_type = sldns_wirerr_get_type(rr, len, 1);
1266 if(rdr_type != qinfo->qtype && rdr_type != LDNS_RR_TYPE_CNAME)
1269 /* do we have entries already? if not setup key */
1270 if(r->rk.dname == NULL) {
1272 r->rk.dname = qinfo->qname;
1273 r->rk.dname_len = qinfo->qname_len;
1274 r->rk.type = htons(rdr_type);
1275 r->rk.rrset_class = htons(qinfo->qclass);
1277 d = (struct packed_rrset_data*)regional_alloc_zero(
1278 temp, sizeof(struct packed_rrset_data)
1279 + sizeof(size_t) + sizeof(uint8_t*) +
1281 if(!d) return 0; /* out of memory */
1283 d->ttl = sldns_wirerr_get_ttl(rr, len, 1);
1284 d->rr_len = (size_t*)((uint8_t*)d +
1285 sizeof(struct packed_rrset_data));
1286 d->rr_data = (uint8_t**)&(d->rr_len[1]);
1287 d->rr_ttl = (time_t*)&(d->rr_data[1]);
1289 d = (struct packed_rrset_data*)r->entry.data;
1290 /* add entry to the data */
1292 size_t* oldlen = d->rr_len;
1293 uint8_t** olddata = d->rr_data;
1294 time_t* oldttl = d->rr_ttl;
1295 /* increase arrays for lookup */
1296 /* this is of course slow for very many records,
1297 * but most redirects are expected with few records */
1298 d->rr_len = (size_t*)regional_alloc_zero(temp,
1299 (d->count+1)*sizeof(size_t));
1300 d->rr_data = (uint8_t**)regional_alloc_zero(temp,
1301 (d->count+1)*sizeof(uint8_t*));
1302 d->rr_ttl = (time_t*)regional_alloc_zero(temp,
1303 (d->count+1)*sizeof(time_t));
1304 if(!d->rr_len || !d->rr_data || !d->rr_ttl)
1305 return 0; /* out of memory */
1306 /* first one was allocated after struct d, but new
1307 * ones get their own array increment alloc, so
1308 * copy old content */
1309 memmove(d->rr_len, oldlen, d->count*sizeof(size_t));
1310 memmove(d->rr_data, olddata, d->count*sizeof(uint8_t*));
1311 memmove(d->rr_ttl, oldttl, d->count*sizeof(time_t));
1314 d->rr_len[d->count] = sldns_wirerr_get_rdatalen(rr, len, 1)+2;
1315 d->rr_ttl[d->count] = sldns_wirerr_get_ttl(rr, len, 1);
1316 d->rr_data[d->count] = regional_alloc_init(temp,
1317 sldns_wirerr_get_rdatawl(rr, len, 1),
1318 d->rr_len[d->count]);
1319 if(!d->rr_data[d->count])
1320 return 0; /* out of memory */
1329 find_tag_datas(struct query_info* qinfo, struct config_strlist* list,
1330 struct ub_packed_rrset_key* r, struct regional* temp)
1332 int result = local_data_find_tag_datas(qinfo, list, r, temp);
1334 /* If we've found a non-exact alias type of local data, make a shallow
1335 * copy of the RRset and remember it in qinfo to complete the alias
1337 if(result && qinfo->qtype != LDNS_RR_TYPE_CNAME &&
1338 r->rk.type == htons(LDNS_RR_TYPE_CNAME)) {
1339 qinfo->local_alias =
1340 regional_alloc_zero(temp, sizeof(struct local_rrset));
1341 if(!qinfo->local_alias)
1342 return 0; /* out of memory */
1343 qinfo->local_alias->rrset =
1344 regional_alloc_init(temp, r, sizeof(*r));
1345 if(!qinfo->local_alias->rrset)
1346 return 0; /* out of memory */
1351 /** answer local data match */
1353 local_data_answer(struct local_zone* z, struct module_env* env,
1354 struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
1355 struct regional* temp, int labs, struct local_data** ldp,
1356 enum localzone_type lz_type, int tag, struct config_strlist** tag_datas,
1357 size_t tag_datas_size, char** tagname, int num_tags)
1359 struct local_data key;
1360 struct local_data* ld;
1361 struct local_rrset* lr;
1362 key.node.key = &key;
1363 key.name = qinfo->qname;
1364 key.namelen = qinfo->qname_len;
1365 key.namelabs = labs;
1366 if(lz_type == local_zone_redirect) {
1368 key.namelen = z->namelen;
1369 key.namelabs = z->namelabs;
1370 if(tag != -1 && (size_t)tag<tag_datas_size && tag_datas[tag]) {
1371 struct ub_packed_rrset_key r;
1372 memset(&r, 0, sizeof(r));
1373 if(find_tag_datas(qinfo, tag_datas[tag], &r, temp)) {
1374 verbose(VERB_ALGO, "redirect with tag data [%d] %s",
1375 tag, (tag<num_tags?tagname[tag]:"null"));
1377 /* If we found a matching alias, we should
1378 * use it as part of the answer, but we can't
1379 * encode it until we complete the alias
1381 if(qinfo->local_alias)
1383 return local_encode(qinfo, env, edns, buf, temp,
1384 &r, 1, LDNS_RCODE_NOERROR);
1388 ld = (struct local_data*)rbtree_search(&z->data, &key.node);
1393 lr = local_data_find_type(ld, qinfo->qtype, 1);
1397 /* Special case for alias matching. See local_data_answer(). */
1398 if(lz_type == local_zone_redirect &&
1399 qinfo->qtype != LDNS_RR_TYPE_CNAME &&
1400 lr->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) {
1401 qinfo->local_alias =
1402 regional_alloc_zero(temp, sizeof(struct local_rrset));
1403 if(!qinfo->local_alias)
1404 return 0; /* out of memory */
1405 qinfo->local_alias->rrset =
1406 regional_alloc_init(temp, lr->rrset, sizeof(*lr->rrset));
1407 if(!qinfo->local_alias->rrset)
1408 return 0; /* out of memory */
1409 qinfo->local_alias->rrset->rk.dname = qinfo->qname;
1410 qinfo->local_alias->rrset->rk.dname_len = qinfo->qname_len;
1413 if(lz_type == local_zone_redirect) {
1414 /* convert rrset name to query name; like a wildcard */
1415 struct ub_packed_rrset_key r = *lr->rrset;
1416 r.rk.dname = qinfo->qname;
1417 r.rk.dname_len = qinfo->qname_len;
1418 return local_encode(qinfo, env, edns, buf, temp, &r, 1,
1419 LDNS_RCODE_NOERROR);
1421 return local_encode(qinfo, env, edns, buf, temp, lr->rrset, 1,
1422 LDNS_RCODE_NOERROR);
1426 * answer in case where no exact match is found
1427 * @param z: zone for query
1428 * @param env: module environment
1429 * @param qinfo: query
1430 * @param edns: edns from query
1431 * @param buf: buffer for answer.
1432 * @param temp: temp region for encoding
1433 * @param ld: local data, if NULL, no such name exists in localdata.
1434 * @param lz_type: type of the local zone
1435 * @return 1 if a reply is to be sent, 0 if not.
1438 lz_zone_answer(struct local_zone* z, struct module_env* env,
1439 struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
1440 struct regional* temp, struct local_data* ld, enum localzone_type lz_type)
1442 if(lz_type == local_zone_deny || lz_type == local_zone_inform_deny) {
1443 /** no reply at all, signal caller by clearing buffer. */
1444 sldns_buffer_clear(buf);
1445 sldns_buffer_flip(buf);
1447 } else if(lz_type == local_zone_refuse
1448 || lz_type == local_zone_always_refuse) {
1449 local_error_encode(qinfo, env, edns, buf, temp,
1450 LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA));
1452 } else if(lz_type == local_zone_static ||
1453 lz_type == local_zone_redirect ||
1454 lz_type == local_zone_always_nxdomain) {
1455 /* for static, reply nodata or nxdomain
1456 * for redirect, reply nodata */
1457 /* no additional section processing,
1458 * cname, dname or wildcard processing,
1459 * or using closest match for NSEC.
1460 * or using closest match for returning delegation downwards
1462 int rcode = (ld || lz_type == local_zone_redirect)?
1463 LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN;
1465 return local_encode(qinfo, env, edns, buf, temp,
1467 local_error_encode(qinfo, env, edns, buf, temp, rcode,
1470 } else if(lz_type == local_zone_typetransparent
1471 || lz_type == local_zone_always_transparent) {
1472 /* no NODATA or NXDOMAINS for this zone type */
1475 /* else lz_type == local_zone_transparent */
1477 /* if the zone is transparent and the name exists, but the type
1478 * does not, then we should make this noerror/nodata */
1479 if(ld && ld->rrsets) {
1480 int rcode = LDNS_RCODE_NOERROR;
1482 return local_encode(qinfo, env, edns, buf, temp,
1484 local_error_encode(qinfo, env, edns, buf, temp, rcode,
1489 /* stop here, and resolve further on */
1493 /** print log information for an inform zone query */
1495 lz_inform_print(struct local_zone* z, struct query_info* qinfo,
1496 struct comm_reply* repinfo)
1498 char ip[128], txt[512];
1499 char zname[LDNS_MAX_DOMAINLEN+1];
1500 uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
1501 dname_str(z->name, zname);
1502 addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
1503 snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip,
1505 log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass);
1508 static enum localzone_type
1509 lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2,
1510 uint8_t *tagactions, size_t tagactionssize, enum localzone_type lzt,
1511 struct comm_reply* repinfo, struct rbtree_type* override_tree,
1512 int* tag, char** tagname, int num_tags)
1514 struct local_zone_override* lzo;
1515 if(repinfo && override_tree) {
1516 lzo = (struct local_zone_override*)addr_tree_lookup(
1517 override_tree, &repinfo->addr, repinfo->addrlen);
1518 if(lzo && lzo->type) {
1519 verbose(VERB_ALGO, "local zone override to type %s",
1520 local_zone_type2str(lzo->type));
1524 if(!taglist || !taglist2)
1526 return local_data_find_tag_action(taglist, taglen, taglist2, taglen2,
1527 tagactions, tagactionssize, lzt, tag, tagname, num_tags);
1531 local_data_find_tag_action(const uint8_t* taglist, size_t taglen,
1532 const uint8_t* taglist2, size_t taglen2, const uint8_t* tagactions,
1533 size_t tagactionssize, enum localzone_type lzt, int* tag,
1534 char* const* tagname, int num_tags)
1539 for(i=0; i<taglen && i<taglen2; i++) {
1540 tagmatch = (taglist[i] & taglist2[i]);
1541 for(j=0; j<8 && tagmatch>0; j++) {
1542 if((tagmatch & 0x1)) {
1543 *tag = (int)(i*8+j);
1544 verbose(VERB_ALGO, "matched tag [%d] %s",
1545 *tag, (*tag<num_tags?tagname[*tag]:"null"));
1546 /* does this tag have a tag action? */
1547 if(i*8+j < tagactionssize && tagactions
1548 && tagactions[i*8+j] != 0) {
1549 verbose(VERB_ALGO, "tag action [%d] %s to type %s",
1550 *tag, (*tag<num_tags?tagname[*tag]:"null"),
1551 local_zone_type2str(
1552 (enum localzone_type)
1553 tagactions[i*8+j]));
1554 return (enum localzone_type)tagactions[i*8+j];
1565 local_zones_answer(struct local_zones* zones, struct module_env* env,
1566 struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
1567 struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist,
1568 size_t taglen, uint8_t* tagactions, size_t tagactionssize,
1569 struct config_strlist** tag_datas, size_t tag_datas_size,
1570 char** tagname, int num_tags, struct view* view)
1572 /* see if query is covered by a zone,
1573 * if so: - try to match (exact) local data
1574 * - look at zone type for negative response. */
1575 int labs = dname_count_labels(qinfo->qname);
1576 struct local_data* ld = NULL;
1577 struct local_zone* z = NULL;
1578 enum localzone_type lzt = local_zone_transparent;
1582 lock_rw_rdlock(&view->lock);
1583 if(view->local_zones &&
1584 (z = local_zones_lookup(view->local_zones,
1585 qinfo->qname, qinfo->qname_len, labs,
1588 "using localzone from view: %s",
1590 lock_rw_rdlock(&z->lock);
1593 if(view->local_zones && !z && !view->isfirst){
1594 lock_rw_unlock(&view->lock);
1597 lock_rw_unlock(&view->lock);
1600 /* try global local_zones tree */
1601 lock_rw_rdlock(&zones->lock);
1602 if(!(z = local_zones_tags_lookup(zones, qinfo->qname,
1603 qinfo->qname_len, labs, qinfo->qclass, taglist,
1605 lock_rw_unlock(&zones->lock);
1608 lock_rw_rdlock(&z->lock);
1610 lzt = lz_type(taglist, taglen, z->taglist, z->taglen,
1611 tagactions, tagactionssize, z->type, repinfo,
1612 z->override_tree, &tag, tagname, num_tags);
1613 lock_rw_unlock(&zones->lock);
1615 if((lzt == local_zone_inform || lzt == local_zone_inform_deny)
1617 lz_inform_print(z, qinfo, repinfo);
1619 if(lzt != local_zone_always_refuse
1620 && lzt != local_zone_always_transparent
1621 && lzt != local_zone_always_nxdomain
1622 && local_data_answer(z, env, qinfo, edns, buf, temp, labs, &ld, lzt,
1623 tag, tag_datas, tag_datas_size, tagname, num_tags)) {
1624 lock_rw_unlock(&z->lock);
1625 /* We should tell the caller that encode is deferred if we found
1627 return !qinfo->local_alias;
1629 r = lz_zone_answer(z, env, qinfo, edns, buf, temp, ld, lzt);
1630 lock_rw_unlock(&z->lock);
1631 return r && !qinfo->local_alias; /* see above */
1634 const char* local_zone_type2str(enum localzone_type t)
1637 case local_zone_unset: return "unset";
1638 case local_zone_deny: return "deny";
1639 case local_zone_refuse: return "refuse";
1640 case local_zone_redirect: return "redirect";
1641 case local_zone_transparent: return "transparent";
1642 case local_zone_typetransparent: return "typetransparent";
1643 case local_zone_static: return "static";
1644 case local_zone_nodefault: return "nodefault";
1645 case local_zone_inform: return "inform";
1646 case local_zone_inform_deny: return "inform_deny";
1647 case local_zone_always_transparent: return "always_transparent";
1648 case local_zone_always_refuse: return "always_refuse";
1649 case local_zone_always_nxdomain: return "always_nxdomain";
1654 int local_zone_str2type(const char* type, enum localzone_type* t)
1656 if(strcmp(type, "deny") == 0)
1657 *t = local_zone_deny;
1658 else if(strcmp(type, "refuse") == 0)
1659 *t = local_zone_refuse;
1660 else if(strcmp(type, "static") == 0)
1661 *t = local_zone_static;
1662 else if(strcmp(type, "transparent") == 0)
1663 *t = local_zone_transparent;
1664 else if(strcmp(type, "typetransparent") == 0)
1665 *t = local_zone_typetransparent;
1666 else if(strcmp(type, "redirect") == 0)
1667 *t = local_zone_redirect;
1668 else if(strcmp(type, "inform") == 0)
1669 *t = local_zone_inform;
1670 else if(strcmp(type, "inform_deny") == 0)
1671 *t = local_zone_inform_deny;
1672 else if(strcmp(type, "always_transparent") == 0)
1673 *t = local_zone_always_transparent;
1674 else if(strcmp(type, "always_refuse") == 0)
1675 *t = local_zone_always_refuse;
1676 else if(strcmp(type, "always_nxdomain") == 0)
1677 *t = local_zone_always_nxdomain;
1678 else if(strcmp(type, "nodefault") == 0)
1679 *t = local_zone_nodefault;
1684 /** iterate over the kiddies of the given name and set their parent ptr */
1686 set_kiddo_parents(struct local_zone* z, struct local_zone* match,
1687 struct local_zone* newp)
1689 /* both zones and z are locked already */
1690 /* in the sorted rbtree, the kiddies of z are located after z */
1691 /* z must be present in the tree */
1692 struct local_zone* p = z;
1693 p = (struct local_zone*)rbtree_next(&p->node);
1694 while(p!=(struct local_zone*)RBTREE_NULL &&
1695 p->dclass == z->dclass && dname_strict_subdomain(p->name,
1696 p->namelabs, z->name, z->namelabs)) {
1697 /* update parent ptr */
1698 /* only when matches with existing parent pointer, so that
1699 * deeper child structures are not touched, i.e.
1700 * update of x, and a.x, b.x, f.b.x, g.b.x, c.x, y
1701 * gets to update a.x, b.x and c.x */
1702 lock_rw_wrlock(&p->lock);
1703 if(p->parent == match)
1705 lock_rw_unlock(&p->lock);
1706 p = (struct local_zone*)rbtree_next(&p->node);
1710 struct local_zone* local_zones_add_zone(struct local_zones* zones,
1711 uint8_t* name, size_t len, int labs, uint16_t dclass,
1712 enum localzone_type tp)
1715 struct local_zone* z = local_zone_create(name, len, labs, tp, dclass);
1720 lock_rw_wrlock(&z->lock);
1722 /* find the closest parent */
1723 z->parent = local_zones_find(zones, name, len, labs, dclass);
1725 /* insert into the tree */
1726 if(!rbtree_insert(&zones->ztree, &z->node)) {
1727 /* duplicate entry! */
1728 lock_rw_unlock(&z->lock);
1729 local_zone_delete(z);
1730 log_err("internal: duplicate entry in local_zones_add_zone");
1734 /* set parent pointers right */
1735 set_kiddo_parents(z, z->parent, z);
1737 lock_rw_unlock(&z->lock);
1741 void local_zones_del_zone(struct local_zones* zones, struct local_zone* z)
1743 /* fix up parents in tree */
1744 lock_rw_wrlock(&z->lock);
1745 set_kiddo_parents(z, z, z->parent);
1747 /* remove from tree */
1748 (void)rbtree_delete(&zones->ztree, z);
1750 /* delete the zone */
1751 lock_rw_unlock(&z->lock);
1752 local_zone_delete(z);
1756 local_zones_add_RR(struct local_zones* zones, const char* rr)
1762 struct local_zone* z;
1764 if(!get_rr_nameclass(rr, &rr_name, &rr_class)) {
1767 labs = dname_count_size_labels(rr_name, &len);
1768 /* could first try readlock then get writelock if zone does not exist,
1769 * but we do not add enough RRs (from multiple threads) to optimize */
1770 lock_rw_wrlock(&zones->lock);
1771 z = local_zones_lookup(zones, rr_name, len, labs, rr_class);
1773 z = local_zones_add_zone(zones, rr_name, len, labs, rr_class,
1774 local_zone_transparent);
1776 lock_rw_unlock(&zones->lock);
1782 lock_rw_wrlock(&z->lock);
1783 lock_rw_unlock(&zones->lock);
1784 r = lz_enter_rr_into_zone(z, rr);
1785 lock_rw_unlock(&z->lock);
1789 /** returns true if the node is terminal so no deeper domain names exist */
1791 is_terminal(struct local_data* d)
1793 /* for empty nonterminals, the deeper domain names are sorted
1794 * right after them, so simply check the next name in the tree
1796 struct local_data* n = (struct local_data*)rbtree_next(&d->node);
1797 if(n == (struct local_data*)RBTREE_NULL)
1798 return 1; /* last in tree, no deeper node */
1799 if(dname_strict_subdomain(n->name, n->namelabs, d->name, d->namelabs))
1800 return 0; /* there is a deeper node */
1804 /** delete empty terminals from tree when final data is deleted */
1806 del_empty_term(struct local_zone* z, struct local_data* d,
1807 uint8_t* name, size_t len, int labs)
1809 while(d && d->rrsets == NULL && is_terminal(d)) {
1810 /* is this empty nonterminal? delete */
1811 /* note, no memory recycling in zone region */
1812 (void)rbtree_delete(&z->data, d);
1814 /* go up and to the next label */
1815 if(dname_is_root(name))
1817 dname_remove_label(&name, &len);
1819 d = lz_find_node(z, name, len, labs);
1823 void local_zones_del_data(struct local_zones* zones,
1824 uint8_t* name, size_t len, int labs, uint16_t dclass)
1827 struct local_zone* z;
1828 struct local_data* d;
1829 lock_rw_rdlock(&zones->lock);
1830 z = local_zones_lookup(zones, name, len, labs, dclass);
1832 /* no such zone, we're done */
1833 lock_rw_unlock(&zones->lock);
1836 lock_rw_wrlock(&z->lock);
1837 lock_rw_unlock(&zones->lock);
1839 /* find the domain */
1840 d = lz_find_node(z, name, len, labs);
1842 /* no memory recycling for zone deletions ... */
1844 /* did we delete the soa record ? */
1845 if(query_dname_compare(d->name, z->name) == 0)
1848 /* cleanup the empty nonterminals for this name */
1849 del_empty_term(z, d, name, len, labs);
1852 lock_rw_unlock(&z->lock);
projects / FreeBSD / FreeBSD.git / blob