Lines Matching +full:num +full:- +full:transfer +full:- +full:bits
2 * services/authzone.c - authoritative zone that is locally hosted.
85 /* auth transfer timeout for TCP connections, in msec */
87 /* auth transfer max backoff for failed transfers and probes */
99 /** pick up nextprobe task to start waiting to perform transfer actions */
106 * or transfer task if nothing to probe, or false if already in progress */
120 msg->qinfo.qname = regional_alloc_init(region, qinfo->qname,
121 qinfo->qname_len);
122 if(!msg->qinfo.qname)
124 msg->qinfo.qname_len = qinfo->qname_len;
125 msg->qinfo.qtype = qinfo->qtype;
126 msg->qinfo.qclass = qinfo->qclass;
127 msg->qinfo.local_alias = NULL;
128 /* non-packed reply_info, because it needs to grow the array */
129 msg->rep = (struct reply_info*)regional_alloc_zero(region,
130 sizeof(struct reply_info)-sizeof(struct rrset_ref));
131 if(!msg->rep)
133 msg->rep->flags = (uint16_t)(BIT_QR | BIT_AA);
134 msg->rep->authoritative = 1;
135 msg->rep->reason_bogus = LDNS_EDE_NONE;
136 msg->rep->qdcount = 1;
145 if(msg->rep->rrsets == NULL) {
146 msg->rep->rrsets = regional_alloc_zero(region,
147 sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1));
148 if(!msg->rep->rrsets)
151 struct ub_packed_rrset_key** rrsets_old = msg->rep->rrsets;
152 msg->rep->rrsets = regional_alloc_zero(region,
153 sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1));
154 if(!msg->rep->rrsets)
156 memmove(msg->rep->rrsets, rrsets_old,
157 sizeof(struct ub_packed_rrset_key*)*msg->rep->rrset_count);
167 k->entry.data;
168 return d->ttl;
171 /** Copy rrset into region from domain-datanode and packet rrset */
179 key.entry.data = rrset->data;
180 key.rk.dname = node->name;
181 key.rk.dname_len = node->namelen;
182 key.rk.type = htons(rrset->type);
183 key.rk.rrset_class = htons(z->dclass);
188 /** fix up msg->rep TTL and prefetch ttl */
192 if(msg->rep->rrset_count == 0) return;
193 if(msg->rep->rrset_count == 1) {
194 msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
195 msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
196 msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
197 } else if(get_rrset_ttl(msg->rep->rrsets[msg->rep->rrset_count-1]) <
198 msg->rep->ttl) {
199 msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[
200 msg->rep->rrset_count-1]);
201 msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
202 msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
212 for(i=0; i<msg->rep->rrset_count; i++) {
213 struct ub_packed_rrset_key* k = msg->rep->rrsets[i];
214 if(ntohs(k->rk.type) == type && k->rk.dname_len == nmlen &&
215 ntohs(k->rk.rrset_class) == dclass &&
216 query_dname_compare(k->rk.dname, nm) == 0)
227 log_assert(msg->rep->ns_numrrsets == 0);
228 log_assert(msg->rep->ar_numrrsets == 0);
231 if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
232 z->dclass))
238 if(!(msg->rep->rrsets[msg->rep->rrset_count] =
241 msg->rep->rrset_count++;
242 msg->rep->an_numrrsets++;
252 log_assert(msg->rep->ar_numrrsets == 0);
255 if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
256 z->dclass))
262 if(!(msg->rep->rrsets[msg->rep->rrset_count] =
265 msg->rep->rrset_count++;
266 msg->rep->ns_numrrsets++;
278 if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
279 z->dclass))
285 if(!(msg->rep->rrsets[msg->rep->rrset_count] =
288 msg->rep->rrset_count++;
289 msg->rep->ar_numrrsets++;
301 rbtree_init(&az->ztree, &auth_zone_cmp);
302 rbtree_init(&az->xtree, &auth_xfer_cmp);
303 lock_rw_init(&az->lock);
304 lock_protect(&az->lock, &az->ztree, sizeof(az->ztree));
305 lock_protect(&az->lock, &az->xtree, sizeof(az->xtree));
307 lock_rw_init(&az->rpz_lock);
308 lock_protect(&az->rpz_lock, &az->rpz_first, sizeof(az->rpz_first));
319 if(a->dclass != b->dclass) {
320 if(a->dclass < b->dclass)
321 return -1;
326 return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
335 return dname_canon_lab_cmp(a->name, a->namelabs, b->name,
336 b->namelabs, &m);
346 if(a->dclass != b->dclass) {
347 if(a->dclass < b->dclass)
348 return -1;
353 return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
361 free(rrset->data);
371 p = n->rrsets;
373 np = p->next;
377 free(n->name);
385 struct auth_data* z = (struct auth_data*)n->key;
394 lock_rw_destroy(&z->lock);
395 traverse_postorder(&z->data, auth_data_del, NULL);
397 if(az && z->rpz) {
399 lock_rw_wrlock(&az->rpz_lock);
400 if(z->rpz_az_prev)
401 z->rpz_az_prev->rpz_az_next = z->rpz_az_next;
403 az->rpz_first = z->rpz_az_next;
404 if(z->rpz_az_next)
405 z->rpz_az_next->rpz_az_prev = z->rpz_az_prev;
406 lock_rw_unlock(&az->rpz_lock);
408 if(z->rpz)
409 rpz_delete(z->rpz);
410 free(z->name);
411 free(z->zonefile);
423 z->node.key = z;
424 z->dclass = dclass;
425 z->namelen = nmlen;
426 z->namelabs = dname_count_labels(nm);
427 z->name = memdup(nm, nmlen);
428 if(!z->name) {
432 rbtree_init(&z->data, &auth_data_cmp);
433 lock_rw_init(&z->lock);
434 lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type)-
435 sizeof(&z->rpz_az_next)-sizeof(&z->rpz_az_prev));
436 lock_rw_wrlock(&z->lock);
438 * pointers, which are protected using az->lock */
439 if(!rbtree_insert(&az->ztree, &z->node)) {
440 lock_rw_unlock(&z->lock);
458 return (struct auth_zone*)rbtree_search(&az->ztree, &key);
471 return (struct auth_xfer*)rbtree_search(&az->xtree, &key);
474 /** find an auth zone or sorted less-or-equal, return true if exact */
485 return rbtree_find_less_equal(&az->ztree, &key, (rbnode_type**)z);
501 /* less-or-nothing */
505 nm = dname_get_shared_topdomain(z->name, name);
538 lock_rw_wrlock(&z->lock);
549 x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
554 lock_basic_lock(&x->lock);
562 if(z->zonefile) free(z->zonefile);
564 z->zonefile = NULL;
566 z->zonefile = strdup(zonefile);
567 if(!z->zonefile) {
584 z->fallback_enabled = (strcmp(fallbackstr, "yes")==0);
595 n->node.key = n;
596 n->name = memdup(nm, nmlen);
597 if(!n->name) {
601 n->namelen = nmlen;
602 n->namelabs = dname_count_labels(nm);
603 if(!rbtree_insert(&z->data, &n->node)) {
605 free(n->name);
621 return (struct auth_data*)rbtree_search(&z->data, &key);
631 key.name = qinfo->qname;
632 key.namelen = qinfo->qname_len;
634 *node_exact = rbtree_find_less_equal(&z->data, &key,
656 rrset = n->rrsets;
658 if(rrset->type == t)
660 rrset = rrset->next;
672 rrset = node->rrsets;
674 if(rrset->type == rr_type) {
676 if(prev) prev->next = rrset->next;
677 else node->rrsets = rrset->next;
682 rrset = rrset->next;
692 for(i=d->count; i<d->count + d->rrsig_count; i++) {
693 if(d->rr_len[i] != len)
695 if(memcmp(d->rr_data[i], rdata, len) == 0) {
708 for(i=0; i<d->count + d->rrsig_count; i++) {
709 if(d->rr_len[i] != len)
711 if(memcmp(d->rr_data[i], rdata, len) == 0)
735 struct packed_rrset_data* d, *old = rrset->data;
737 if(index >= old->count + old->rrsig_count)
739 d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) - (
741 old->rr_len[index]));
746 d->ttl = old->ttl;
747 d->count = old->count;
748 d->rrsig_count = old->rrsig_count;
749 if(index < d->count) d->count--;
750 else d->rrsig_count--;
751 d->trust = old->trust;
752 d->security = old->security;
755 d->rr_len = (size_t*)((uint8_t*)d +
758 memmove(d->rr_len, old->rr_len, (index)*sizeof(size_t));
759 if(index+1 < old->count+old->rrsig_count)
760 memmove(&d->rr_len[index], &old->rr_len[index+1],
761 (old->count+old->rrsig_count - (index+1))*sizeof(size_t));
766 memmove(d->rr_ttl, old->rr_ttl, (index)*sizeof(time_t));
767 if(index+1 < old->count+old->rrsig_count)
768 memmove(&d->rr_ttl[index], &old->rr_ttl[index+1],
769 (old->count+old->rrsig_count - (index+1))*sizeof(time_t));
772 for(i=0; i<d->count+d->rrsig_count; i++) {
776 memmove(d->rr_data[i], old->rr_data[oldi], d->rr_len[i]);
780 if(d->count + d->rrsig_count > 0)
781 d->ttl = d->rr_ttl[0];
782 for(i=0; i<d->count+d->rrsig_count; i++) {
783 if(d->rr_ttl[i] < d->ttl)
784 d->ttl = d->rr_ttl[i];
787 free(rrset->data);
788 rrset->data = d;
798 struct packed_rrset_data* d, *old = rrset->data;
811 d->count++;
813 d->rrsig_count++;
815 old_total = old->count + old->rrsig_count;
816 total = d->count + d->rrsig_count;
818 d->rr_len = (size_t*)((uint8_t*)d +
820 if(old->count != 0)
821 memmove(d->rr_len, old->rr_len, old->count*sizeof(size_t));
822 if(old->rrsig_count != 0)
823 memmove(d->rr_len+d->count, old->rr_len+old->count,
824 old->rrsig_count*sizeof(size_t));
826 d->rr_len[d->count-1] = rdatalen;
827 else d->rr_len[total-1] = rdatalen;
829 if((time_t)rr_ttl < d->ttl)
830 d->ttl = rr_ttl;
833 if(old->count != 0) {
834 memmove(d->rr_ttl, old->rr_ttl, old->count*sizeof(time_t));
837 memmove(d->rr_data[0], old->rr_data[0],
838 (old->rr_data[old->count-1] - old->rr_data[0]) +
839 old->rr_len[old->count-1]);
841 if(old->rrsig_count != 0) {
842 memmove(d->rr_ttl+d->count, old->rr_ttl+old->count,
843 old->rrsig_count*sizeof(time_t));
844 memmove(d->rr_data[d->count], old->rr_data[old->count],
845 (old->rr_data[old_total-1] - old->rr_data[old->count]) +
846 old->rr_len[old_total-1]);
851 d->rr_ttl[d->count-1] = rr_ttl;
852 memmove(d->rr_data[d->count-1], rdata, rdatalen);
854 d->rr_ttl[total-1] = rr_ttl;
855 memmove(d->rr_data[total-1], rdata, rdatalen);
858 rrset->data = d;
876 rrset->type = rr_type;
887 rrset->data = d;
888 d->ttl = rr_ttl;
889 d->trust = rrset_trust_prim_noglue;
890 d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data));
891 d->rr_data = (uint8_t**)&(d->rr_len[1]);
892 d->rr_ttl = (time_t*)&(d->rr_data[1]);
893 d->rr_data[0] = (uint8_t*)&(d->rr_ttl[1]);
896 d->rr_len[0] = rdatalen;
897 d->rr_ttl[0] = rr_ttl;
898 memmove(d->rr_data[0], rdata, rdatalen);
899 d->count++;
904 p = node->rrsets;
905 while(p && p->type<=rr_type) {
907 p = p->next;
910 rrset->next = p;
911 if(prev) prev->next = rrset;
912 else node->rrsets = rrset;
920 struct packed_rrset_data* d = rrsig->data;
921 size_t i, num = 0;
923 log_assert(d && rrsig->type == LDNS_RR_TYPE_RRSIG);
924 for(i=0; i<d->count+d->rrsig_count; i++) {
925 if(rrsig_rdata_get_type_covered(d->rr_data[i],
926 d->rr_len[i]) == rr_type) {
927 num++;
928 (*sigsz) += d->rr_len[i];
931 return num;
940 struct packed_rrset_data* sigold = rrsig->data;
941 struct packed_rrset_data* old = rrset->data;
944 log_assert(rrset->type == rr_type);
945 log_assert(rrsig->type == LDNS_RR_TYPE_RRSIG);
962 total = old->count + old->rrsig_count;
964 d->rrsig_count += sigs;
966 d->rr_len = (size_t*)((uint8_t*)d +
969 memmove(d->rr_len, old->rr_len, total*sizeof(size_t));
970 j = d->count+d->rrsig_count-sigs;
971 for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
972 if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
973 sigold->rr_len[i]) == rr_type) {
974 d->rr_len[j] = sigold->rr_len[i];
982 memmove(d->rr_ttl, old->rr_ttl, total*sizeof(time_t));
985 memmove(d->rr_data[0], old->rr_data[0],
986 (old->rr_data[total-1] - old->rr_data[0]) +
987 old->rr_len[total-1]);
991 j = d->count+d->rrsig_count-sigs;
992 for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
993 if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
994 sigold->rr_len[i]) == rr_type) {
996 d->rr_ttl[j] = sigold->rr_ttl[i];
997 memmove(d->rr_data[j], sigold->rr_data[i],
998 sigold->rr_len[i]);
999 if(d->rr_ttl[j] < d->ttl)
1000 d->ttl = d->rr_ttl[j];
1006 rrset->data = d;
1010 if(sigold->count+sigold->rrsig_count == sigs) {
1018 - sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t))
1019 - sigsz);
1022 * node->rrset structure */
1029 sigd->count -= sigs;
1031 sigd->rr_len = (size_t*)((uint8_t*)sigd +
1034 for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
1035 if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
1036 sigold->rr_len[i]) != rr_type) {
1037 sigd->rr_len[j] = sigold->rr_len[i];
1045 for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
1046 if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
1047 sigold->rr_len[i]) != rr_type) {
1049 sigd->rr_ttl[j] = sigold->rr_ttl[i];
1050 memmove(sigd->rr_data[j], sigold->rr_data[i],
1051 sigold->rr_len[i]);
1052 if(j==0) sigd->ttl = sigd->rr_ttl[j];
1054 if(sigd->rr_ttl[j] < sigd->ttl)
1055 sigd->ttl = sigd->rr_ttl[j];
1062 rrsig->data = sigd;
1075 if(rrset->data->rrsig_count == 0)
1080 for(i=rrset->data->count;
1081 i<rrset->data->count+rrset->data->rrsig_count; i++) {
1082 uint8_t* rdata = rrset->data->rr_data[i];
1083 size_t rdatalen = rrset->data->rr_len[i];
1084 time_t rr_ttl = rrset->data->rr_ttl[i];
1086 if(rdata_duplicate(rrsigset->data, rdata, rdatalen)) {
1108 if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1116 if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1132 if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1174 if(rr_class != z->dclass) {
1187 if(z->rpz) {
1188 if(!(rpz_insert_rr(z->rpz, z->name, z->namelen, dname,
1207 if(packed_rrset_find_rr(rrset->data, rdata, rdatalen, &index)) {
1208 if(rrset->data->count == 1 &&
1209 rrset->data->rrsig_count == 0) {
1212 } else if(rrset->data->count == 1 &&
1213 rrset->data->rrsig_count != 0) {
1231 rrset->type = LDNS_RR_TYPE_RRSIG;
1232 rrset->data->count = rrset->data->rrsig_count;
1233 rrset->data->rrsig_count = 0;
1249 if(az_rrset_find_rrsig(rrset->data, rdata, rdatalen,
1251 /* rrsig should have d->count > 0, be
1282 if(rr_class != z->dclass) {
1287 * zone transfer */
1304 if(node->rrsets == NULL) {
1305 (void)rbtree_delete(&z->data, node);
1308 if(z->rpz) {
1309 rpz_remove_rr(z->rpz, z->name, z->namelen, dname, dname_len,
1333 (size_t)(dname - sldns_buffer_current(&pktbuf)));
1352 if(rdlen > 0 && desc && desc->_dname_count > 0) {
1353 int count = (int)desc->_dname_count;
1360 switch(desc->_wireformat[rdf]) {
1363 (size_t)(rd -
1380 &pktbuf) - oldpos;
1382 rdlen -= compressed_len;
1383 count--;
1390 len = get_rdf_size(desc->_wireformat[rdf]);
1398 rdlen -= len;
1410 sldns_buffer_position(buf)-rdlenpos-2);
1467 * @param state: parse state with $ORIGIN, $TTL and 'prev-dname' and so on,
1482 state->lineno = 1;
1494 int lineno_orig = state->lineno;
1498 "exceeded", fname, state->lineno);
1505 if(cfg->chrootdir && cfg->chrootdir[0] &&
1506 strncmp(incfile, cfg->chrootdir,
1507 strlen(cfg->chrootdir)) == 0)
1508 incfile += strlen(cfg->chrootdir);
1539 state->lineno = lineno_orig;
1545 state->lineno, LDNS_WIREPARSE_OFFSET(status),
1559 fname, state->lineno, buf);
1573 if(!z || !z->zonefile || z->zonefile[0]==0)
1576 zfilename = z->zonefile;
1577 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename,
1578 cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
1579 zfilename += strlen(cfg->chrootdir);
1582 dname_str(z->name, nm);
1587 char* n = sldns_wire2str_dname(z->name, z->namelen);
1588 if(z->zone_is_slave && errno == ENOENT) {
1602 traverse_postorder(&z->data, auth_data_del, NULL);
1603 rbtree_init(&z->data, &auth_data_cmp);
1605 if(z->rpz)
1606 rpz_clear(z->rpz);
1612 if(z->namelen <= sizeof(state.origin)) {
1613 memcpy(state.origin, z->name, z->namelen);
1614 state.origin_len = z->namelen;
1618 char* n = sldns_wire2str_dname(z->name, z->namelen);
1627 if(z->rpz)
1628 rpz_finish_config(z->rpz);
1658 if(i >= data->count) tp = LDNS_RR_TYPE_RRSIG;
1663 w += sldns_str_print(&s, &slen, "%lu\t", (unsigned long)data->rr_ttl[i]);
1668 datlen = data->rr_len[i]-2;
1669 dat = data->rr_data[i]+2;
1674 sldns_calc_keytag_raw(data->rr_data[i]+2,
1675 data->rr_len[i]-2));
1691 size_t i, count = r->data->count + r->data->rrsig_count;
1694 if(!auth_rr_to_string(node->name, node->namelen, r->type,
1695 z->dclass, r->data, i, buf, sizeof(buf))) {
1711 if(z->namelen == n->namelen) {
1719 for(r = n->rrsets; r; r = r->next) {
1720 if(z->namelen == n->namelen &&
1721 r->type == LDNS_RR_TYPE_SOA)
1738 RBTREE_FOR(n, struct auth_data*, &z->data) {
1759 if(!z->zonemd_check)
1762 env.scratch_buffer = sldns_buffer_new(env.cfg->msg_buffer_size);
1790 lock_rw_wrlock(&az->lock);
1791 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1792 lock_rw_wrlock(&z->lock);
1794 lock_rw_unlock(&z->lock);
1795 lock_rw_unlock(&az->lock);
1798 if(z->zonefile && z->zonefile[0]!=0 && env)
1800 lock_rw_unlock(&z->lock);
1802 lock_rw_unlock(&az->lock);
1813 if(i >= zonemd_rrset->data->count)
1815 rr_len = zonemd_rrset->data->rr_len[i];
1818 rdata = zonemd_rrset->data->rr_data[i];
1822 *hashlen = rr_len - 8;
1842 for(j=0; j<zonemd_rrset->data->count; j++) {
1888 region = env->scratch;
1890 buf = env->scratch_buffer;
1896 apex = az_find_name(z, z->name, z->namelen);
1902 if(!zonemd_rrset || zonemd_rrset->data->count==0) {
1908 for(i=0; i<zonemd_rrset->data->count; i++) {
1946 dname_str(z->name, zstr);
1947 verbose(VERB_ALGO, "auth-zone %s ZONEMD %d %d is unsupported: %s", zstr, (int)scheme, (int)hashalgo, *reason);
1954 dname_str(z->name, zstr);
1956 verbose(VERB_ALGO, "auth-zone %s ZONEMD hash is correct", zstr);
1977 dname_str(z->name, zstr);
1978 verbose(VERB_ALGO, "auth-zone %s ZONEMD failed: %s", zstr, *reason);
1988 apex = az_find_name(z, z->name, z->namelen);
2001 apex = az_find_name(z, z->name, z->namelen);
2004 if(!soa || soa->data->count==0)
2006 if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */
2007 d = soa->data;
2008 *serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20));
2019 apex = az_find_name(z, z->name, z->namelen);
2022 if(!soa || soa->data->count==0)
2024 if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */
2027 d = soa->data;
2028 xfr->have_zone = 1;
2029 xfr->serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20));
2030 xfr->refresh = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-16));
2031 xfr->retry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-12));
2032 xfr->expiry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-8));
2033 /* soa minimum at d->rr_len[0]-4 */
2054 /* nothing for probe, nextprobe and transfer tasks */
2068 lock_rw_wrlock(&az->lock);
2069 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2070 lock_rw_wrlock(&z->lock);
2071 x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
2073 lock_basic_lock(&x->lock);
2077 lock_basic_unlock(&x->lock);
2079 lock_rw_unlock(&z->lock);
2080 lock_rw_unlock(&az->lock);
2084 lock_basic_unlock(&x->lock);
2086 lock_rw_unlock(&z->lock);
2088 lock_rw_unlock(&az->lock);
2100 if(c->isrpz) {
2103 lock_rw_wrlock(&az->rpz_lock);
2105 lock_rw_wrlock(&az->lock);
2106 if(!(z=auth_zones_find_or_add_zone(az, c->name))) {
2107 lock_rw_unlock(&az->lock);
2108 if(c->isrpz) {
2109 lock_rw_unlock(&az->rpz_lock);
2113 if(c->masters || c->urls) {
2115 lock_rw_unlock(&az->lock);
2116 lock_rw_unlock(&z->lock);
2117 if(c->isrpz) {
2118 lock_rw_unlock(&az->rpz_lock);
2123 if(c->for_downstream)
2124 az->have_downstream = 1;
2125 lock_rw_unlock(&az->lock);
2128 z->zone_deleted = 0;
2129 if(!auth_zone_set_zonefile(z, c->zonefile)) {
2131 lock_basic_unlock(&x->lock);
2133 lock_rw_unlock(&z->lock);
2134 if(c->isrpz) {
2135 lock_rw_unlock(&az->rpz_lock);
2139 z->for_downstream = c->for_downstream;
2140 z->for_upstream = c->for_upstream;
2141 z->fallback_enabled = c->fallback_enabled;
2142 z->zonemd_check = c->zonemd_check;
2143 z->zonemd_reject_absence = c->zonemd_reject_absence;
2144 if(c->isrpz && !z->rpz){
2145 if(!(z->rpz = rpz_create(c))){
2149 lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz));
2150 /* the az->rpz_lock is locked above */
2151 z->rpz_az_next = az->rpz_first;
2152 if(az->rpz_first)
2153 az->rpz_first->rpz_az_prev = z;
2154 az->rpz_first = z;
2155 } else if(c->isrpz && z->rpz) {
2156 if(!rpz_config(z->rpz, c)) {
2159 lock_basic_unlock(&x->lock);
2161 lock_rw_unlock(&z->lock);
2162 lock_rw_unlock(&az->rpz_lock);
2166 if(c->isrpz) {
2167 lock_rw_unlock(&az->rpz_lock);
2172 z->zone_is_slave = 1;
2174 if(!xfer_set_masters(&x->task_probe->masters, c, 0)) {
2175 lock_basic_unlock(&x->lock);
2176 lock_rw_unlock(&z->lock);
2179 if(!xfer_set_masters(&x->task_transfer->masters, c, 1)) {
2180 lock_basic_unlock(&x->lock);
2181 lock_rw_unlock(&z->lock);
2184 lock_basic_unlock(&x->lock);
2187 lock_rw_unlock(&z->lock);
2198 lock_rw_wrlock(&az->lock);
2199 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2200 lock_rw_wrlock(&z->lock);
2201 z->zone_deleted = 1;
2202 lock_rw_unlock(&z->lock);
2204 lock_rw_unlock(&az->lock);
2216 lock_rw_wrlock(&az->lock);
2217 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2218 lock_rw_wrlock(&z->lock);
2219 if(z->zone_deleted) {
2223 z->delete_next = delete_list;
2226 lock_rw_unlock(&z->lock);
2232 next = z->delete_next;
2233 xfr = auth_xfer_find(az, z->name, z->namelen, z->dclass);
2235 (void)rbtree_delete(&az->xtree, &xfr->node);
2238 (void)rbtree_delete(&az->ztree, &z->node);
2242 lock_rw_unlock(&az->lock);
2251 for(p = cfg->auths; p; p = p->next) {
2252 if(!p->name || p->name[0] == 0) {
2253 log_warn("auth-zone without a name, skipped");
2256 *is_rpz = (*is_rpz || p->isrpz);
2258 log_err("cannot config auth zone %s", p->name);
2273 * @param at: transfer structure with chunks list. The chunks and their
2279 if(at->chunks_first) {
2281 c = at->chunks_first;
2283 cn = c->next;
2284 free(c->data);
2289 at->chunks_first = NULL;
2290 at->chunks_last = NULL;
2299 n = list->next;
2311 n = list->next;
2312 auth_free_master_addrs(list->list);
2313 free(list->host);
2314 free(list->file);
2327 lock_basic_destroy(&xfr->lock);
2328 free(xfr->name);
2329 if(xfr->task_nextprobe) {
2330 comm_timer_delete(xfr->task_nextprobe->timer);
2331 free(xfr->task_nextprobe);
2333 if(xfr->task_probe) {
2334 auth_free_masters(xfr->task_probe->masters);
2335 comm_point_delete(xfr->task_probe->cp);
2336 comm_timer_delete(xfr->task_probe->timer);
2337 free(xfr->task_probe);
2339 if(xfr->task_transfer) {
2340 auth_free_masters(xfr->task_transfer->masters);
2341 comm_point_delete(xfr->task_transfer->cp);
2342 comm_timer_delete(xfr->task_transfer->timer);
2343 if(xfr->task_transfer->chunks_first) {
2344 auth_chunks_delete(xfr->task_transfer);
2346 free(xfr->task_transfer);
2348 auth_free_masters(xfr->allow_notify_list);
2356 struct auth_zone* z = (struct auth_zone*)n->key;
2364 struct auth_xfer* z = (struct auth_xfer*)n->key;
2371 lock_rw_destroy(&az->lock);
2372 lock_rw_destroy(&az->rpz_lock);
2373 traverse_postorder(&az->ztree, auth_zone_del, NULL);
2374 traverse_postorder(&az->xtree, auth_xfer_del, NULL);
2382 struct auth_rrset* rrset = n->rrsets;
2385 if(rrset->type == LDNS_RR_TYPE_NSEC3) {
2387 } else if(rrset->type != LDNS_RR_TYPE_RRSIG) {
2390 rrset = rrset->next;
2413 uint8_t* nm = qinfo->qname;
2414 size_t nmlen = qinfo->qname_len;
2416 if(!dname_subdomain_c(nm, z->name))
2420 if(nmlen == z->namelen)
2422 if(ce && nmlen == ce->namelen)
2440 nm = dname_get_shared_topdomain(qinfo->qname, n->name);
2442 nm = qinfo->qname;
2460 uint8_t* nm = n->name;
2461 size_t nmlen = n->namelen;
2499 /* no direct answer from nsec3-only domains */
2510 if(n->namelen != z->namelen &&
2513 (qinfo->qtype != LDNS_RR_TYPE_DS ||
2514 n->namelen != qinfo->qname_len)) {
2522 if(n->namelen != qinfo->qname_len &&
2549 struct packed_rrset_data* d = rrset->data;
2552 for(i=0; i<d->count; i++) {
2556 if(d->rr_len[i] < 2+offset)
2558 if(!(dlen = dname_valid(d->rr_data[i]+2+offset,
2559 d->rr_len[i]-2-offset)))
2561 domain = az_find_name(z, d->rr_data[i]+2+offset, dlen);
2585 struct auth_data* apex = az_find_name(z, z->name, z->namelen);
2592 log_assert(msg->rep->rrset_count == 0);
2595 d = (struct packed_rrset_data*)msg->rep->rrsets[msg->rep->rrset_count-1]->entry.data;
2597 if(d->count == 0) return 0;
2598 if(d->rr_len[0] < 2+4) return 0;
2599 minimum = (time_t)sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4));
2600 minimum = d->ttl<minimum?d->ttl:minimum;
2601 d->ttl = minimum;
2602 for(i=0; i < d->count + d->rrsig_count; i++)
2603 d->rr_ttl[i] = minimum;
2604 msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
2605 msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
2606 msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
2622 next = (struct auth_data*)rbtree_first(&z->data);
2624 next = (struct auth_data*)rbtree_next(&node->node);
2626 while(next && (rbnode_type*)next != RBTREE_NULL && next->rrsets == NULL) {
2629 next = (struct auth_data*)rbtree_next(&node->node);
2638 if(dname_strict_subdomain_c(next->name, qinfo->qname))
2648 size_t newlen = qname_len + dtarglen - dname_len;
2655 memcpy(buf, qname, qname_len-dname_len);
2656 memmove(buf+(qname_len-dname_len), dtarg, dtarglen);
2673 if(dname->data->count < 1) return 0;
2674 if(dname->data->rr_len[0] < 3) return 0; /* at least rdatalen +1 */
2675 dtarg = dname->data->rr_data[0]+2;
2676 dtarglen = dname->data->rr_len[0]-2;
2677 if(sldns_read_uint16(dname->data->rr_data[0]) != dtarglen)
2683 if(qname_len <= node->namelen)
2687 newlen = synth_cname_buf(qname, qname_len, node->namelen,
2698 memset(&(*cname)->entry, 0, sizeof((*cname)->entry));
2699 (*cname)->entry.key = (*cname);
2700 (*cname)->rk.type = htons(LDNS_RR_TYPE_CNAME);
2701 (*cname)->rk.rrset_class = htons(dclass);
2702 (*cname)->rk.flags = 0;
2703 (*cname)->rk.dname = regional_alloc_init(region, qname, qname_len);
2704 if(!(*cname)->rk.dname)
2706 (*cname)->rk.dname_len = qname_len;
2707 (*cname)->entry.hash = rrset_key_hash(&(*cname)->rk);
2714 (*cname)->entry.data = d;
2715 d->ttl = dname->data->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */
2716 d->count = 1;
2717 d->rrsig_count = 0;
2718 d->trust = rrset_trust_ans_noAA;
2719 d->rr_len = (size_t*)((uint8_t*)d +
2721 d->rr_len[0] = newlen + sizeof(uint16_t);
2723 d->rr_ttl[0] = d->ttl;
2724 sldns_write_uint16(d->rr_data[0], newlen);
2725 memmove(d->rr_data[0] + sizeof(uint16_t), buf, newlen);
2738 z->dclass, &cname)) {
2744 msg->rep->flags |= LDNS_RCODE_YXDOMAIN;
2750 msg->rep->rrsets[msg->rep->rrset_count] = cname;
2751 msg->rep->rrset_count++;
2752 msg->rep->an_numrrsets++;
2763 size_t start = 0, end = msg->rep->rrset_count;
2764 if(!an_only) start = msg->rep->an_numrrsets;
2765 if(an_only) end = msg->rep->an_numrrsets;
2768 if(query_dname_compare(msg->rep->rrsets[i]->rk.dname, oldname)
2770 msg->rep->rrsets[i]->rk.dname = newname;
2771 msg->rep->rrsets[i]->rk.dname_len = newlen;
2772 msg->rep->rrsets[i]->entry.hash = rrset_key_hash(&msg->rep->rrsets[i]->rk);
2781 uint8_t* nm = (*node)->name;
2782 size_t nmlen = (*node)->namelen;
2784 /* find the NSEC for the smallest-or-equal node */
2788 /* for empty nonterminals, the auth-data node should not exist,
2792 * Go up to find nonglue (previous) NSEC-holding nodes */
2795 if(nmlen == z->namelen) return NULL;
2840 apex = az_find_name(z, z->name, z->namelen);
2843 if(!param || param->data->count==0)
2847 for(i=0; i<param->data->count; i++) {
2848 uint8_t* rdata = param->data->rr_data[i]+2;
2849 size_t rdatalen = param->data->rr_len[i];
2878 * (salt has 0-255 length) */
2915 if(*hashnmlen < hlen*2+1+z->namelen) /* approx b32 as hexb16 */
2918 (*hashnmlen)-1);
2923 if((*hashnmlen) - ret < z->namelen)
2925 memmove(hashname+ret, z->name, z->namelen);
2926 *hashnmlen = z->namelen+(size_t)ret;
2930 /** Find the datanode that covers the nsec3hash-name */
2944 /* but we may have to skip non-nsec3 nodes */
2949 node = (struct auth_data*)rbtree_previous(&node->node);
2972 node = (struct auth_data*)rbtree_last(&z->data);
2975 node = (struct auth_data*)rbtree_previous(&node->node);
3007 int strip = qlabs - celabs -1;
3016 * updated cenm to the new name. If it went up no-exact-ce is true. */
3024 if(*cenmlen == z->namelen) {
3055 * (for some sort of opt-out empty nonterminal cases).
3135 if(rrset->type == LDNS_RR_TYPE_MX) {
3138 } else if(rrset->type == LDNS_RR_TYPE_SRV) {
3141 } else if(rrset->type == LDNS_RR_TYPE_NS) {
3172 if(added == 0 && node && node->rrsets) {
3174 node->rrsets)) return 0;
3192 if(d->count == 0) break; /* no CNAME */
3193 if(d->rr_len[0] < 2+1) break; /* too small */
3194 if((clen=dname_valid(d->rr_data[0]+2, d->rr_len[0]-2))==0)
3196 if(!dname_subdomain_c(d->rr_data[0]+2, z->name))
3198 if((node = az_find_name(z, d->rr_data[0]+2, clen))==NULL)
3209 d = rrset->data;
3222 if(!follow_cname_chain(z, qinfo->qtype, region, msg, rrset->data))
3239 if(!az_add_nsec3_proof(z, region, msg, node->name,
3240 node->namelen, msg->qinfo.qname,
3241 msg->qinfo.qname_len, 1, 1, 0, 0))
3255 msg->rep->flags &= ~BIT_AA;
3266 if(!az_add_nsec3_proof(z, region, msg, ce->name,
3267 ce->namelen, msg->qinfo.qname,
3268 msg->qinfo.qname_len, 1, 1, 0, 0))
3286 if(!add_synth_cname(z, qinfo->qname, qinfo->qname_len, region,
3288 if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_YXDOMAIN)
3290 if(msg->rep->rrset_count == 0 ||
3291 !msg->rep->rrsets[msg->rep->rrset_count-1])
3293 if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3294 (struct packed_rrset_data*)msg->rep->rrsets[
3295 msg->rep->rrset_count-1]->entry.data))
3308 if((rrset=az_domain_rrset(wildcard, qinfo->qtype)) != NULL) {
3312 az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3313 msg->qinfo.qname_len, 1);
3318 az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3319 msg->qinfo.qname_len, 1);
3320 if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3321 rrset->data))
3323 } else if(qinfo->qtype == LDNS_RR_TYPE_ANY && wildcard->rrsets) {
3327 az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3328 msg->qinfo.qname_len, 1);
3344 uint8_t* wildup = wildcard->name;
3345 size_t wilduplen= wildcard->namelen;
3348 wilduplen, msg->qinfo.qname,
3349 msg->qinfo.qname_len, 0, insert_ce, 1, 0))
3355 az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3356 msg->qinfo.qname_len, 0);
3366 msg->rep->flags |= LDNS_RCODE_NXDOMAIN;
3370 if(ce && !az_nsec_wildcard_denial(z, region, msg, ce->name,
3371 ce->namelen)) return 0;
3373 if(!az_add_nsec3_proof(z, region, msg, ce->name,
3374 ce->namelen, msg->qinfo.qname,
3375 msg->qinfo.qname_len, 0, 1, 1, 1))
3388 if((rrset=az_domain_rrset(node, qinfo->qtype)) != NULL) {
3397 if(qinfo->qtype == LDNS_RR_TYPE_ANY) {
3404 /** Generate answer without an existing-node that we can use.
3415 if(ce && rrset && rrset->type == LDNS_RR_TYPE_NS) {
3418 if(ce && rrset && rrset->type == LDNS_RR_TYPE_DNAME) {
3445 *fallback = z->fallback_enabled;
3452 * obscured by NS or DNAME or NSEC3-only), and also return the
3453 * closest-encloser from that, closest node that should be used
3460 sldns_wire2str_dname_buf(qinfo->qname, qinfo->qname_len, qname,
3462 sldns_wire2str_type_buf(qinfo->qtype, tpstr, sizeof(tpstr));
3463 sldns_wire2str_dname_buf(z->name, z->namelen, zname,
3466 sldns_wire2str_dname_buf(node->name, node->namelen,
3470 sldns_wire2str_dname_buf(ce->name, ce->namelen,
3473 if(rrset) sldns_wire2str_type_buf(rrset->type, rrstr,
3498 lock_rw_rdlock(&az->lock);
3499 z = auth_zone_find(az, dp_nm, dp_nmlen, qinfo->qclass);
3501 lock_rw_unlock(&az->lock);
3506 lock_rw_rdlock(&z->lock);
3507 lock_rw_unlock(&az->lock);
3510 if(!z->for_upstream) {
3511 lock_rw_unlock(&z->lock);
3515 if(z->zone_expired) {
3516 *fallback = z->fallback_enabled;
3517 lock_rw_unlock(&z->lock);
3522 lock_rw_unlock(&z->lock);
3533 udpsize = edns->udp_size;
3534 edns->edns_version = EDNS_ADVERTISED_VERSION;
3535 edns->udp_size = EDNS_ADVERTISED_SIZE;
3536 edns->ext_rcode = 0;
3537 edns->bits &= EDNS_DO;
3539 if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep,
3540 (int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp, env->now_tv)
3541 || !reply_info_answer_encode(qinfo, msg->rep,
3545 (int)(edns->bits&EDNS_DO), 0)) {
3558 edns->edns_version = EDNS_ADVERTISED_VERSION;
3559 edns->udp_size = EDNS_ADVERTISED_SIZE;
3560 edns->ext_rcode = 0;
3561 edns->bits &= EDNS_DO;
3564 rcode, edns, repinfo, temp, env->now_tv))
3565 edns->opt_list_inplace_cb_out = NULL;
3580 lock_rw_rdlock(&az->lock);
3581 if(!az->have_downstream) {
3583 lock_rw_unlock(&az->lock);
3586 if(qinfo->qtype == LDNS_RR_TYPE_DS) {
3587 uint8_t* delname = qinfo->qname;
3588 size_t delnamelen = qinfo->qname_len;
3591 qinfo->qclass);
3593 z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len,
3594 qinfo->qclass);
3598 lock_rw_unlock(&az->lock);
3601 lock_rw_rdlock(&z->lock);
3602 lock_rw_unlock(&az->lock);
3603 if(!z->for_downstream) {
3604 lock_rw_unlock(&z->lock);
3607 if(z->zone_expired) {
3608 if(z->fallback_enabled) {
3609 lock_rw_unlock(&z->lock);
3612 lock_rw_unlock(&z->lock);
3613 lock_rw_wrlock(&az->lock);
3614 az->num_query_down++;
3615 lock_rw_unlock(&az->lock);
3623 lock_rw_unlock(&z->lock);
3628 lock_rw_wrlock(&az->lock);
3629 az->num_query_down++;
3630 lock_rw_unlock(&az->lock);
3646 lock_rw_rdlock(&az->lock);
3649 lock_rw_unlock(&az->lock);
3653 lock_rw_rdlock(&z->lock);
3654 lock_rw_unlock(&az->lock);
3655 r = z->fallback_enabled || (!z->for_upstream);
3656 lock_rw_unlock(&z->lock);
3681 sldns_buffer_skip(pkt, (ssize_t)(rdlen-20));
3694 port = ntohs((uint16_t)sa->sin6_port);
3697 port = ntohs((uint16_t)sa->sin_port);
3716 for(p=list; p; p=p->next) {
3717 if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0)
3732 if(addr_in_list(master->list, addr, addrlen)) {
3739 if(extstrtoaddr(master->host, &a, &alen, UNBOUND_DNS_PORT) &&
3746 if(master->allow_notify && !master->http &&
3747 strchr(master->host, '/') != NULL &&
3748 strchr(master->host, '/') == strrchr(master->host, '/') &&
3749 netblockstrtoaddr(master->host, UNBOUND_DNS_PORT, &a, &alen,
3754 to send the probe or transfer with */
3767 for(p=xfr->allow_notify_list; p; p=p->next) {
3780 if(!xfr->have_zone)
3782 if(xfr->zone_expired)
3785 if(compare_serial(xfr->serial, serial) < 0)
3795 if(xfr->notify_received && xfr->notify_has_serial && has_serial) {
3797 if(compare_serial(xfr->notify_serial, serial) < 0)
3798 xfr->notify_serial = serial;
3799 } else if(xfr->notify_received && xfr->notify_has_serial &&
3802 xfr->notify_has_serial = 0;
3803 xfr->notify_serial = 0;
3804 } else if(xfr->notify_received && !xfr->notify_has_serial) {
3809 xfr->notify_received = 1;
3810 xfr->notify_has_serial = has_serial;
3811 xfr->notify_serial = serial;
3823 lock_basic_unlock(&xfr->lock);
3830 lock_basic_unlock(&xfr->lock);
3832 /* successful end of start_probe unlocked xfr->lock */
3843 lock_rw_rdlock(&az->lock);
3846 lock_rw_unlock(&az->lock);
3851 lock_basic_lock(&xfr->lock);
3852 lock_rw_unlock(&az->lock);
3856 lock_basic_unlock(&xfr->lock);
3871 lock_rw_rdlock(&az->lock);
3874 lock_rw_unlock(&az->lock);
3877 lock_basic_lock(&xfr->lock);
3878 lock_rw_unlock(&az->lock);
3892 lock_basic_lock(&xfr->lock);
3893 xfr->zone_expired = expired;
3894 lock_basic_unlock(&xfr->lock);
3897 lock_rw_rdlock(&env->auth_zones->lock);
3898 z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
3899 xfr->dclass);
3901 lock_rw_unlock(&env->auth_zones->lock);
3904 lock_rw_wrlock(&z->lock);
3905 lock_rw_unlock(&env->auth_zones->lock);
3908 z->zone_expired = expired;
3909 lock_rw_unlock(&z->lock);
3917 for(p=list; p; p=p->next) {
3918 if(strcmp(p->host, host) == 0)
3929 for(m=list; m; m=m->next) {
3930 if(m->list) {
3931 auth_free_master_addrs(m->list);
3932 m->list = NULL;
3943 for(p=source; p; p=p->next) {
3950 a->next = NULL;
3951 if(last) last->next = a;
3969 m->next = NULL;
3970 if(m->host) {
3971 m->host = strdup(m->host);
3972 if(!m->host) {
3978 if(m->file) {
3979 m->file = strdup(m->file);
3980 if(!m->file) {
3981 free(m->host);
3987 if(m->list) {
3988 m->list = auth_addr_list_copy(m->list);
3989 if(!m->list) {
3990 free(m->file);
3991 free(m->host);
4007 for(p = xfr->task_transfer->masters; p; p=p->next) {
4014 m->next = NULL;
4015 if(last) last->next = m;
4020 auth_free_masters(xfr->allow_notify_list);
4021 xfr->allow_notify_list = list;
4029 xfr->task_transfer->scan_addr = NULL;
4030 xfr_masterlist_free_addrs(xfr->task_transfer->masters);
4033 xfr->task_transfer->lookup_target = xfr->task_transfer->masters;
4034 xfr->task_transfer->lookup_aaaa = 0;
4041 if(!xfr->task_transfer->lookup_target)
4043 if(!xfr->task_transfer->lookup_aaaa && env->cfg->do_ip6) {
4045 xfr->task_transfer->lookup_aaaa = 1;
4048 xfr->task_transfer->lookup_target =
4049 xfr->task_transfer->lookup_target->next;
4050 xfr->task_transfer->lookup_aaaa = 0;
4051 if(!env->cfg->do_ip4 && xfr->task_transfer->lookup_target!=NULL)
4052 xfr->task_transfer->lookup_aaaa = 1;
4060 xfr->task_probe->scan_addr = NULL;
4061 xfr_masterlist_free_addrs(xfr->task_probe->masters);
4064 xfr->task_probe->lookup_target = xfr->task_probe->masters;
4065 xfr->task_probe->lookup_aaaa = 0;
4072 if(!xfr->task_probe->lookup_target)
4074 if(!xfr->task_probe->lookup_aaaa && env->cfg->do_ip6) {
4076 xfr->task_probe->lookup_aaaa = 1;
4079 xfr->task_probe->lookup_target = xfr->task_probe->lookup_target->next;
4080 xfr->task_probe->lookup_aaaa = 0;
4081 if(!env->cfg->do_ip4 && xfr->task_probe->lookup_target!=NULL)
4082 xfr->task_probe->lookup_aaaa = 1;
4090 xfr->task_transfer->scan_specific = find_master_by_host(
4091 xfr->task_transfer->masters, spec->host);
4092 if(xfr->task_transfer->scan_specific) {
4093 xfr->task_transfer->scan_target = NULL;
4094 xfr->task_transfer->scan_addr = NULL;
4095 if(xfr->task_transfer->scan_specific->list)
4096 xfr->task_transfer->scan_addr =
4097 xfr->task_transfer->scan_specific->list;
4102 xfr->task_transfer->scan_specific = NULL;
4103 xfr->task_transfer->scan_addr = NULL;
4105 xfr->task_transfer->scan_target = xfr->task_transfer->masters;
4106 if(xfr->task_transfer->scan_target && xfr->task_transfer->
4107 scan_target->list)
4108 xfr->task_transfer->scan_addr =
4109 xfr->task_transfer->scan_target->list;
4117 xfr->task_probe->scan_specific = find_master_by_host(
4118 xfr->task_probe->masters, spec->host);
4119 if(xfr->task_probe->scan_specific) {
4120 xfr->task_probe->scan_target = NULL;
4121 xfr->task_probe->scan_addr = NULL;
4122 if(xfr->task_probe->scan_specific->list)
4123 xfr->task_probe->scan_addr =
4124 xfr->task_probe->scan_specific->list;
4129 xfr->task_probe->scan_specific = NULL;
4130 xfr->task_probe->scan_addr = NULL;
4132 xfr->task_probe->scan_target = xfr->task_probe->masters;
4133 if(xfr->task_probe->scan_target && xfr->task_probe->scan_target->list)
4134 xfr->task_probe->scan_addr =
4135 xfr->task_probe->scan_target->list;
4142 if(xfr->task_transfer->scan_specific)
4143 return xfr->task_transfer->scan_specific;
4144 return xfr->task_transfer->scan_target;
4151 if(xfr->task_probe->scan_specific)
4152 return xfr->task_probe->scan_specific;
4153 return xfr->task_probe->scan_target;
4160 return !xfr->task_transfer->scan_specific &&
4161 !xfr->task_transfer->scan_target;
4168 return !xfr->task_probe->scan_specific && !xfr->task_probe->scan_target;
4175 if(!xfr->task_transfer->scan_specific &&
4176 !xfr->task_transfer->scan_target)
4178 if(xfr->task_transfer->scan_addr) {
4179 xfr->task_transfer->scan_addr =
4180 xfr->task_transfer->scan_addr->next;
4181 if(xfr->task_transfer->scan_addr)
4184 if(xfr->task_transfer->scan_specific) {
4185 xfr->task_transfer->scan_specific = NULL;
4186 xfr->task_transfer->scan_target = xfr->task_transfer->masters;
4187 if(xfr->task_transfer->scan_target && xfr->task_transfer->
4188 scan_target->list)
4189 xfr->task_transfer->scan_addr =
4190 xfr->task_transfer->scan_target->list;
4193 if(!xfr->task_transfer->scan_target)
4195 xfr->task_transfer->scan_target = xfr->task_transfer->scan_target->next;
4196 if(xfr->task_transfer->scan_target && xfr->task_transfer->
4197 scan_target->list)
4198 xfr->task_transfer->scan_addr =
4199 xfr->task_transfer->scan_target->list;
4207 if(!xfr->task_probe->scan_specific && !xfr->task_probe->scan_target)
4209 if(xfr->task_probe->scan_addr) {
4210 xfr->task_probe->scan_addr = xfr->task_probe->scan_addr->next;
4211 if(xfr->task_probe->scan_addr)
4214 if(xfr->task_probe->scan_specific) {
4215 xfr->task_probe->scan_specific = NULL;
4216 xfr->task_probe->scan_target = xfr->task_probe->masters;
4217 if(xfr->task_probe->scan_target && xfr->task_probe->
4218 scan_target->list)
4219 xfr->task_probe->scan_addr =
4220 xfr->task_probe->scan_target->list;
4223 if(!xfr->task_probe->scan_target)
4225 xfr->task_probe->scan_target = xfr->task_probe->scan_target->next;
4226 if(xfr->task_probe->scan_target && xfr->task_probe->
4227 scan_target->list)
4228 xfr->task_probe->scan_addr =
4229 xfr->task_probe->scan_target->list;
4241 qinfo.qname = xfr->name;
4242 qinfo.qname_len = xfr->namelen;
4244 qinfo.qclass = xfr->dclass;
4257 have_zone = xfr->have_zone;
4258 serial = xfr->serial;
4261 qinfo.qname = xfr->name;
4262 qinfo.qname_len = xfr->namelen;
4263 xfr->task_transfer->got_xfr_serial = 0;
4264 xfr->task_transfer->rr_scan_num = 0;
4265 xfr->task_transfer->incoming_xfr_serial = 0;
4266 xfr->task_transfer->on_ixfr_is_axfr = 0;
4267 xfr->task_transfer->on_ixfr = 1;
4269 if(!have_zone || xfr->task_transfer->ixfr_fail || !master->ixfr) {
4271 xfr->task_transfer->ixfr_fail = 0;
4272 xfr->task_transfer->on_ixfr = 0;
4275 qinfo.qclass = xfr->dclass;
4316 if(LDNS_ID_WIRE(sldns_buffer_begin(pkt)) != xfr->task_probe->id)
4319 /* check flag bits and rcode */
4331 if(sldns_buffer_remaining(pkt) < xfr->namelen)
4333 if(query_dname_compare(sldns_buffer_current(pkt), xfr->name) != 0)
4335 sldns_buffer_skip(pkt, (ssize_t)xfr->namelen);
4342 if(sldns_buffer_read_u16(pkt) != xfr->dclass)
4354 xfr->name) != 0)
4363 if(sldns_buffer_read_u16(pkt) != xfr->dclass)
4392 if(*chunk_pos < (*chunk)->len) {
4394 while(*chunk_pos < (*chunk)->len) {
4395 char c = (char)((*chunk)->data[*chunk_pos]);
4411 *chunk = (*chunk)->next;
4438 count --;
4498 else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0);
4509 else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0);
4534 pstate->origin_len = sizeof(pstate->origin);
4536 pstate->origin, &pstate->origin_len);
4538 pstate->origin_len = 0;
4555 pstate->default_ttl = sldns_str2period(
4606 if(xfr->namelen < sizeof(pstate.origin)) {
4607 pstate.origin_len = xfr->namelen;
4608 memmove(pstate.origin, xfr->name, xfr->namelen);
4610 chunk = xfr->task_transfer->chunks_first;
4627 if(sldns_wirerr_get_class(rr, rr_len, dname_len) != xfr->dclass) {
4641 for(p=list; p; p=p->next) {
4642 s += p->len;
4654 if(c == '\n' && i==end-1) {
4656 sldns_buffer_set_limit(buf, end-1);
4675 pstate->default_ttl,
4676 pstate->origin_len?pstate->origin:NULL, pstate->origin_len,
4677 pstate->prev_rr_len?pstate->prev_rr:NULL, pstate->prev_rr_len);
4680 xfr->task_transfer->master->host,
4681 xfr->task_transfer->master->file,
4691 if(dname_len < sizeof(pstate->prev_rr)) {
4692 memmove(pstate->prev_rr, rr, dname_len);
4693 pstate->prev_rr_len = dname_len;
4705 *rr_chunk = xfr->task_transfer->chunks_first;
4715 if(rr_chunk->len < LDNS_HEADER_SIZE)
4717 if(rr_num < (int)LDNS_ANCOUNT(rr_chunk->data))
4721 rr_chunk = rr_chunk->next;
4736 if((*rr_chunk)->len >= LDNS_HEADER_SIZE &&
4737 (*rr_num)+1 < (int)LDNS_ANCOUNT((*rr_chunk)->data)) {
4745 *rr_chunk = (*rr_chunk)->next;
4749 if((*rr_chunk)->len >= LDNS_HEADER_SIZE &&
4750 LDNS_ANCOUNT((*rr_chunk)->data) > 0) {
4753 *rr_chunk = (*rr_chunk)->next;
4767 if(rr_chunk->len < LDNS_HEADER_SIZE) return 0;
4768 if(rr_num >= (int)LDNS_ANCOUNT(rr_chunk->data)) return 0;
4769 if(rr_pos >= rr_chunk->len) return 0;
4772 sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len);
4777 for(i=0; i<LDNS_QDCOUNT(rr_chunk->data); i++) {
4799 /** print log message where we are in parsing the zone transfer */
4809 sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len);
4810 sldns_buffer_set_position(&pkt, (size_t)(rr_dname -
4852 startserial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4862 "in memory, rejecting the zone transfer",
4912 serial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4921 transfer_serial, xfr->serial)) {
4942 xfr->serial = transfer_serial;
4962 if(!az_remove_rr_decompress(z, rr_chunk->data,
4963 rr_chunk->len, scratch_buffer, rr_dname,
4982 if(!az_insert_rr_decompress(z, rr_chunk->data,
4983 rr_chunk->len, scratch_buffer, rr_dname,
5025 traverse_postorder(&z->data, auth_data_del, NULL);
5026 rbtree_init(&z->data, &auth_data_cmp);
5028 if(z->rpz)
5029 rpz_clear(z->rpz);
5031 xfr->have_zone = 0;
5032 xfr->serial = 0;
5054 serial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
5058 if(!az_insert_rr_decompress(z, rr_chunk->data, rr_chunk->len,
5073 xfr->serial = serial;
5074 xfr->have_zone = 1;
5092 if(xfr->namelen < sizeof(pstate.origin)) {
5093 pstate.origin_len = xfr->namelen;
5094 memmove(pstate.origin, xfr->name, xfr->namelen);
5099 xfr->task_transfer->master->file,
5100 (int)chunklist_sum(xfr->task_transfer->chunks_first));
5101 if(xfr->task_transfer->chunks_first && verbosity >= VERB_ALGO) {
5103 if(xfr->task_transfer->chunks_first->len+1 > sizeof(preview)) {
5104 memmove(preview, xfr->task_transfer->chunks_first->data,
5105 sizeof(preview)-1);
5106 preview[sizeof(preview)-1]=0;
5108 memmove(preview, xfr->task_transfer->chunks_first->data,
5109 xfr->task_transfer->chunks_first->len);
5110 preview[xfr->task_transfer->chunks_first->len]=0;
5119 "but got '%s'", xfr->task_transfer->master->host,
5120 xfr->task_transfer->master->file,
5126 traverse_postorder(&z->data, auth_data_del, NULL);
5127 rbtree_init(&z->data, &auth_data_cmp);
5129 if(z->rpz)
5130 rpz_clear(z->rpz);
5132 xfr->have_zone = 0;
5133 xfr->serial = 0;
5135 chunk = xfr->task_transfer->chunks_first;
5149 xfr->task_transfer->master->file,
5159 xfr->task_transfer->master->file,
5168 xfr->task_transfer->master->file,
5188 for(p = xfr->task_transfer->chunks_first; p ; p = p->next) {
5189 if(!write_out(out, (char*)p->data, p->len)) {
5203 struct config_file* cfg = env->cfg;
5207 lock_basic_unlock(&xfr->lock);
5211 lock_rw_rdlock(&env->auth_zones->lock);
5212 z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
5213 xfr->dclass);
5215 lock_rw_unlock(&env->auth_zones->lock);
5217 lock_basic_lock(&xfr->lock);
5220 lock_rw_rdlock(&z->lock);
5221 lock_basic_lock(&xfr->lock);
5222 lock_rw_unlock(&env->auth_zones->lock);
5224 if(z->zonefile == NULL || z->zonefile[0] == 0) {
5225 lock_rw_unlock(&z->lock);
5229 zfilename = z->zonefile;
5230 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename,
5231 cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
5232 zfilename += strlen(cfg->chrootdir);
5235 dname_str(z->name, nm);
5243 lock_rw_unlock(&z->lock);
5248 if(xfr->task_transfer->master->http) {
5252 lock_rw_unlock(&z->lock);
5257 lock_rw_unlock(&z->lock);
5267 lock_rw_unlock(&z->lock);
5270 lock_rw_unlock(&z->lock);
5278 /* release xfr lock, then, while holding az->lock grab both
5279 * z->lock and xfr->lock */
5280 lock_rw_rdlock(&env->auth_zones->lock);
5281 *z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
5282 xfr->dclass);
5284 lock_rw_unlock(&env->auth_zones->lock);
5285 lock_basic_lock(&xfr->lock);
5289 lock_rw_wrlock(&(*z)->lock);
5290 lock_basic_lock(&xfr->lock);
5291 lock_rw_unlock(&env->auth_zones->lock);
5304 lock_basic_unlock(&xfr->lock);
5312 if(xfr->task_transfer->master->http) {
5313 if(!apply_http(xfr, z, env->scratch_buffer)) {
5314 lock_rw_unlock(&z->lock);
5316 xfr->task_transfer->master->host);
5319 } else if(xfr->task_transfer->on_ixfr &&
5320 !xfr->task_transfer->on_ixfr_is_axfr) {
5321 if(!apply_ixfr(xfr, z, env->scratch_buffer)) {
5322 lock_rw_unlock(&z->lock);
5324 " data", xfr->task_transfer->master->host);
5329 if(!apply_axfr(xfr, z, env->scratch_buffer)) {
5330 lock_rw_unlock(&z->lock);
5332 " data", xfr->task_transfer->master->host);
5336 xfr->zone_expired = 0;
5337 z->zone_expired = 0;
5339 lock_rw_unlock(&z->lock);
5341 " (or malformed RR)", xfr->task_transfer->master->host);
5347 lock_basic_unlock(&xfr->lock);
5349 auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 0);
5350 if(z->zone_expired) {
5356 lock_rw_unlock(&z->lock);
5359 dname_str(xfr->name, zname);
5360 verbose(VERB_ALGO, "xfr from %s: ZONEMD failed for %s, transfer is failed", xfr->task_transfer->master->host, zname);
5361 xfr->zone_expired = 1;
5362 lock_rw_unlock(&z->lock);
5368 lock_rw_unlock(&z->lock);
5373 if(xfr->have_zone)
5374 xfr->lease_time = *env->now;
5376 if(z->rpz)
5377 rpz_finish_config(z->rpz);
5380 lock_rw_unlock(&z->lock);
5382 if(verbosity >= VERB_QUERY && xfr->have_zone) {
5384 dname_str(xfr->name, zname);
5386 (unsigned)xfr->serial);
5398 comm_timer_delete(xfr->task_transfer->timer);
5399 xfr->task_transfer->timer = NULL;
5401 comm_point_delete(xfr->task_transfer->cp);
5402 xfr->task_transfer->cp = NULL;
5404 xfr->task_transfer->worker = NULL;
5405 xfr->task_transfer->env = NULL;
5414 struct auth_master* master = xfr->task_transfer->lookup_target;
5419 sldns_buffer* buf = env->scratch_buffer;
5421 if(extstrtoaddr(master->host, &addr, &addrlen, UNBOUND_DNS_PORT)) {
5425 if(master->allow_notify)
5426 return 0; /* allow-notifies are not transferred from, no
5429 /* use mesh_new_callback to probe for non-addr hosts,
5432 if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
5434 log_err("cannot parse host name of master %s", master->host);
5438 qinfo.qclass = xfr->dclass;
5440 if(xfr->task_transfer->lookup_aaaa)
5446 dname_str(xfr->name, buf2);
5454 edns.bits = EDNS_DO;
5467 lock_basic_unlock(&xfr->lock);
5468 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
5470 lock_basic_lock(&xfr->lock);
5471 log_err("out of memory lookup up master %s", master->host);
5474 lock_basic_lock(&xfr->lock);
5485 struct auth_master* master = xfr->task_transfer->master;
5490 if(master->allow_notify) return 0; /* only for notify */
5493 if(xfr->task_transfer->scan_addr) {
5494 addrlen = xfr->task_transfer->scan_addr->addrlen;
5495 memmove(&addr, &xfr->task_transfer->scan_addr->addr, addrlen);
5497 if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) {
5502 dname_str(xfr->name, zname);
5503 log_err("%s: failed lookup, cannot transfer from master %s",
5504 zname, master->host);
5510 if(xfr->task_transfer->cp) {
5511 comm_point_delete(xfr->task_transfer->cp);
5512 xfr->task_transfer->cp = NULL;
5514 if(!xfr->task_transfer->timer) {
5515 xfr->task_transfer->timer = comm_timer_create(env->worker_base,
5517 if(!xfr->task_transfer->timer) {
5528 if(master->http) {
5532 xfr->task_transfer->on_ixfr = 0;
5533 if(strchr(master->host, '@') == NULL)
5534 sockaddr_store_port(&addr, addrlen, master->port);
5535 xfr->task_transfer->cp = outnet_comm_point_for_http(
5536 env->outnet, auth_xfer_transfer_http_callback, xfr,
5537 &addr, addrlen, -1, master->ssl, master->host,
5538 master->file, env->cfg);
5539 if(!xfr->task_transfer->cp) {
5541 dname_str(xfr->name, zname);
5547 comm_timer_set(xfr->task_transfer->timer, &t);
5550 dname_str(xfr->name, zname);
5552 verbose(VERB_ALGO, "auth zone %s transfer next HTTP fetch from %s started", zname, as);
5562 xfr->task_transfer->id = GET_RANDOM_ID(env->rnd);
5563 xfr_create_ixfr_packet(xfr, env->scratch_buffer,
5564 xfr->task_transfer->id, master);
5567 xfr->task_transfer->cp = outnet_comm_point_for_tcp(env->outnet,
5569 env->scratch_buffer, -1,
5571 if(!xfr->task_transfer->cp) {
5573 dname_str(xfr->name, zname);
5579 comm_timer_set(xfr->task_transfer->timer, &t);
5582 dname_str(xfr->name, zname);
5584 verbose(VERB_ALGO, "auth zone %s transfer next %s fetch from %s started", zname,
5585 (xfr->task_transfer->on_ixfr?"IXFR":"AXFR"), as);
5590 /** perform next lookup, next transfer TCP, or end and resume wait time task */
5594 log_assert(xfr->task_transfer->worker == env->worker);
5597 while(xfr->task_transfer->lookup_target) {
5606 dname_str(xfr->name, zname);
5607 verbose(VERB_ALGO, "auth zone %s transfer next target lookup", zname);
5609 lock_basic_unlock(&xfr->lock);
5618 xfr->task_transfer->master = xfr_transfer_current_master(xfr);
5621 lock_basic_unlock(&xfr->lock);
5629 dname_str(xfr->name, zname);
5630 verbose(VERB_ALGO, "auth zone %s transfer failed, wait", zname);
5638 if(xfr->task_nextprobe->worker == NULL)
5640 lock_basic_unlock(&xfr->lock);
5653 data = (struct packed_rrset_data*)rrset->entry.data;
5654 for(i=0; i<data->count; i++) {
5656 size_t len = data->rr_len[i] - 2;
5657 uint8_t* rdata = data->rr_data[i]+2;
5671 a->addrlen = (socklen_t)sizeof(*sa);
5672 sa = (struct sockaddr_in*)&a->addr;
5673 sa->sin_family = AF_INET;
5674 sa->sin_port = (in_port_t)htons(UNBOUND_DNS_PORT);
5675 memmove(&sa->sin_addr, rdata, INET_SIZE);
5678 a->addrlen = (socklen_t)sizeof(*sa);
5679 sa = (struct sockaddr_in6*)&a->addr;
5680 sa->sin6_family = AF_INET6;
5681 sa->sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT);
5682 memmove(&sa->sin6_addr, rdata, INET6_SIZE);
5686 addr_port_to_str(&a->addr, a->addrlen, s, sizeof(s));
5688 m->host, s);
5691 a->next = m->list;
5692 m->list = a;
5703 log_assert(xfr->task_transfer);
5704 lock_basic_lock(&xfr->lock);
5705 env = xfr->task_transfer->env;
5706 if(!env || env->outnet->want_to_quit) {
5707 lock_basic_unlock(&xfr->lock);
5714 struct regional* temp = env->scratch;
5717 if(xfr->task_transfer->lookup_aaaa)
5722 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
5727 xfr_master_add_addrs(xfr->task_transfer->
5732 dname_str(xfr->name, zname);
5733 verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has nodata", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5739 dname_str(xfr->name, zname);
5740 verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5747 dname_str(xfr->name, zname);
5748 verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup failed", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5751 if(xfr->task_transfer->lookup_target->list &&
5752 xfr->task_transfer->lookup_target == xfr_transfer_current_master(xfr))
5753 xfr->task_transfer->scan_addr = xfr->task_transfer->lookup_target->list;
5766 * return true with transferdone=true when the transfer has ended.
5776 xfr->task_transfer->master->host);
5781 xfr->task_transfer->master->host);
5786 xfr->task_transfer->master->host);
5790 if(LDNS_ID_WIRE(wire) != xfr->task_transfer->id) {
5792 xfr->task_transfer->master->host);
5800 if(xfr->task_transfer->on_ixfr) {
5807 xfr->task_transfer->master->host,
5809 xfr->task_transfer->ixfr_fail = 1;
5815 xfr->task_transfer->master->host, rcode);
5820 xfr->task_transfer->master->host);
5825 xfr->task_transfer->master->host,
5838 xfr->task_transfer->master->host);
5842 xfr->name) != 0) {
5845 xfr->task_transfer->master->host);
5851 xfr->task_transfer->master->host);
5856 if(qclass != xfr->dclass) {
5859 xfr->task_transfer->master->host);
5862 if(xfr->task_transfer->on_ixfr) {
5866 xfr->task_transfer->master->host);
5873 xfr->task_transfer->master->host);
5888 xfr->task_transfer->master->host);
5894 xfr->task_transfer->master->host);
5904 xfr->task_transfer->master->host);
5910 if(xfr->task_transfer->rr_scan_num == 0 &&
5913 "malformed zone transfer, no start SOA",
5914 xfr->task_transfer->master->host);
5917 if(xfr->task_transfer->rr_scan_num == 1 &&
5921 xfr->task_transfer->on_ixfr_is_axfr = 1;
5928 xfr->task_transfer->master->host);
5932 xfr->name) != 0) {
5935 xfr->task_transfer->master->host);
5941 sldns_buffer_position(pkt)+rdlen-20);
5944 if(xfr->task_transfer->on_ixfr &&
5945 xfr->task_transfer->rr_scan_num == 0 &&
5950 xfr->task_transfer->master->host,
5952 xfr->task_transfer->ixfr_fail = 1;
5958 if(xfr->task_transfer->got_xfr_serial == 0) {
5959 xfr->task_transfer->got_xfr_serial = 1;
5960 xfr->task_transfer->incoming_xfr_serial =
5964 xfr->task_transfer->master->host,
5967 } else if(!xfr->task_transfer->on_ixfr ||
5968 xfr->task_transfer->on_ixfr_is_axfr) {
5973 xfr->task_transfer->master->host);
5975 } else if(xfr->task_transfer->incoming_xfr_serial ==
5976 serial && xfr->task_transfer->got_xfr_serial
5978 xfr->task_transfer->got_xfr_serial++;
5981 } else if(xfr->task_transfer->incoming_xfr_serial ==
5982 serial && xfr->task_transfer->got_xfr_serial
5985 xfr->task_transfer->master->host);
5988 * transfer is done */
5991 xfr->task_transfer->rr_scan_num++;
6004 xfr->task_transfer->master->host);
6010 xfr->task_transfer->master->host);
6020 xfr->task_transfer->master->host);
6033 xfr->task_transfer->master->host);
6039 xfr->task_transfer->master->host);
6049 xfr->task_transfer->master->host);
6067 e->next = NULL;
6068 e->len = sldns_buffer_limit(pkt);
6069 e->data = memdup(sldns_buffer_begin(pkt), e->len);
6070 if(!e->data) {
6076 if(!xfr->task_transfer->chunks_first)
6077 xfr->task_transfer->chunks_first = e;
6078 if(xfr->task_transfer->chunks_last)
6079 xfr->task_transfer->chunks_last->next = e;
6080 xfr->task_transfer->chunks_last = e;
6084 /** task transfer. the list of data is complete. process it and if failed
6085 * move to next master, if succeeded, end the task transfer */
6092 auth_chunks_delete(xfr->task_transfer);
6097 if(xfr->notify_received && (!xfr->notify_has_serial ||
6098 (xfr->notify_has_serial &&
6099 xfr_serial_means_update(xfr, xfr->notify_serial)))) {
6100 uint32_t sr = xfr->notify_serial;
6101 int has_sr = xfr->notify_has_serial;
6102 /* we received a notify while probe/transfer was
6103 * in progress. start a new probe and transfer */
6104 xfr->notify_received = 0;
6105 xfr->notify_has_serial = 0;
6106 xfr->notify_serial = 0;
6111 xfr->notify_received = 1;
6112 xfr->notify_has_serial = has_sr;
6113 xfr->notify_serial = sr;
6114 lock_basic_unlock(&xfr->lock);
6119 if(xfr->task_nextprobe->worker == NULL)
6122 lock_basic_unlock(&xfr->lock);
6127 auth_chunks_delete(xfr->task_transfer);
6129 xfr->task_transfer->ixfr_fail = 1;
6143 log_assert(xfr->task_transfer);
6144 lock_basic_lock(&xfr->lock);
6145 env = xfr->task_transfer->env;
6146 if(!env || env->outnet->want_to_quit) {
6147 lock_basic_unlock(&xfr->lock);
6152 xfr->task_transfer->master->host);
6155 if(xfr->task_transfer->on_ixfr) {
6156 xfr->task_transfer->ixfr_possible_timeout_count++;
6157 if(xfr->task_transfer->ixfr_possible_timeout_count >=
6161 xfr->task_transfer->master->host);
6162 xfr->task_transfer->ixfr_fail = 1;
6168 auth_chunks_delete(xfr->task_transfer);
6169 comm_point_delete(xfr->task_transfer->cp);
6170 xfr->task_transfer->cp = NULL;
6185 log_assert(xfr->task_transfer);
6186 lock_basic_lock(&xfr->lock);
6187 env = xfr->task_transfer->env;
6188 if(!env || env->outnet->want_to_quit) {
6189 lock_basic_unlock(&xfr->lock);
6193 comm_timer_disable(xfr->task_transfer->timer);
6197 /* stop this transfer, cleanup
6200 xfr->task_transfer->master->host);
6203 if(xfr->task_transfer->on_ixfr) {
6204 xfr->task_transfer->ixfr_possible_timeout_count++;
6205 if(xfr->task_transfer->ixfr_possible_timeout_count >=
6209 xfr->task_transfer->master->host);
6210 xfr->task_transfer->ixfr_fail = 1;
6217 auth_chunks_delete(xfr->task_transfer);
6218 comm_point_delete(xfr->task_transfer->cp);
6219 xfr->task_transfer->cp = NULL;
6226 if(xfr->task_transfer->on_ixfr)
6227 xfr->task_transfer->ixfr_possible_timeout_count = 0;
6230 /* if it fails, cleanup and end this transfer */
6232 if(!check_xfer_packet(c->buffer, xfr, &gonextonfail, &transferdone)) {
6237 if(!xfer_link_data(c->buffer, xfr)) {
6239 xfr->task_transfer->master->host);
6242 /* if the transfer is done now, disconnect and process the list */
6244 comm_point_delete(xfr->task_transfer->cp);
6245 xfr->task_transfer->cp = NULL;
6252 lock_basic_unlock(&xfr->lock);
6253 c->tcp_is_reading = 1;
6254 sldns_buffer_clear(c->buffer);
6255 comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT);
6266 log_assert(xfr->task_transfer);
6267 lock_basic_lock(&xfr->lock);
6268 env = xfr->task_transfer->env;
6269 if(!env || env->outnet->want_to_quit) {
6270 lock_basic_unlock(&xfr->lock);
6273 verbose(VERB_ALGO, "auth zone transfer http callback");
6275 comm_timer_disable(xfr->task_transfer->timer);
6279 /* stop this transfer, cleanup
6282 xfr->task_transfer->master->host);
6285 auth_chunks_delete(xfr->task_transfer);
6286 if(repinfo) repinfo->c = NULL; /* signal cp deleted to
6288 comm_point_delete(xfr->task_transfer->cp);
6289 xfr->task_transfer->cp = NULL;
6297 if(sldns_buffer_limit(c->buffer) > 0) {
6299 (int)sldns_buffer_limit(c->buffer));
6300 if(!xfer_link_data(c->buffer, xfr)) {
6302 xfr->task_transfer->master->host);
6306 /* if the transfer is done now, disconnect and process the list */
6308 if(repinfo) repinfo->c = NULL; /* signal cp deleted to
6310 comm_point_delete(xfr->task_transfer->cp);
6311 xfr->task_transfer->cp = NULL;
6318 lock_basic_unlock(&xfr->lock);
6319 c->tcp_is_reading = 1;
6320 sldns_buffer_clear(c->buffer);
6321 comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT);
6326 /** start transfer task by this worker , xfr is locked. */
6331 log_assert(xfr->task_transfer != NULL);
6332 log_assert(xfr->task_transfer->worker == NULL);
6333 log_assert(xfr->task_transfer->chunks_first == NULL);
6334 log_assert(xfr->task_transfer->chunks_last == NULL);
6335 xfr->task_transfer->worker = env->worker;
6336 xfr->task_transfer->env = env;
6338 /* init transfer process */
6339 /* find that master in the transfer's list of masters? */
6341 /* start lookup for hostnames in transfer master list */
6353 comm_timer_delete(xfr->task_probe->timer);
6354 xfr->task_probe->timer = NULL;
6356 comm_point_delete(xfr->task_probe->cp);
6357 xfr->task_probe->cp = NULL;
6359 xfr->task_probe->worker = NULL;
6360 xfr->task_probe->env = NULL;
6375 if(master->allow_notify) return 0; /* only for notify */
6376 if(master->http) return 0; /* only masters get SOA UDP probe,
6380 if(xfr->task_probe->scan_addr) {
6381 addrlen = xfr->task_probe->scan_addr->addrlen;
6382 memmove(&addr, &xfr->task_probe->scan_addr->addr, addrlen);
6384 if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) {
6389 dname_str(xfr->name, zname);
6391 zname, master->host);
6396 && (int)ntohs(((struct sockaddr_in *)&addr)->sin_port)
6397 == env->cfg->ssl_port)
6398 ((struct sockaddr_in *)&addr)->sin_port
6399 = htons((uint16_t)env->cfg->port);
6401 && (int)ntohs(((struct sockaddr_in6 *)&addr)->sin6_port)
6402 == env->cfg->ssl_port)
6403 ((struct sockaddr_in6 *)&addr)->sin6_port
6404 = htons((uint16_t)env->cfg->port);
6412 xfr->task_probe->id = GET_RANDOM_ID(env->rnd);
6413 xfr_create_soa_probe_packet(xfr, env->scratch_buffer,
6414 xfr->task_probe->id);
6416 if(xfr->task_probe->cp &&
6417 ((xfr->task_probe->cp_is_ip6 && !addr_is_ip6(&addr, addrlen)) ||
6418 (!xfr->task_probe->cp_is_ip6 && addr_is_ip6(&addr, addrlen)))
6420 comm_point_delete(xfr->task_probe->cp);
6421 xfr->task_probe->cp = NULL;
6423 if(!xfr->task_probe->cp) {
6425 xfr->task_probe->cp_is_ip6 = 1;
6426 else xfr->task_probe->cp_is_ip6 = 0;
6427 xfr->task_probe->cp = outnet_comm_point_for_udp(env->outnet,
6429 if(!xfr->task_probe->cp) {
6431 dname_str(xfr->name, zname);
6438 if(!xfr->task_probe->timer) {
6439 xfr->task_probe->timer = comm_timer_create(env->worker_base,
6441 if(!xfr->task_probe->timer) {
6448 if(!comm_point_send_udp_msg(xfr->task_probe->cp, env->scratch_buffer,
6451 dname_str(xfr->name, zname);
6459 dname_str(xfr->name, zname);
6464 xfr->task_probe->timeout = timeout;
6469 comm_timer_set(xfr->task_probe->timer, &t);
6480 log_assert(xfr->task_probe);
6481 lock_basic_lock(&xfr->lock);
6482 env = xfr->task_probe->env;
6483 if(!env || env->outnet->want_to_quit) {
6484 lock_basic_unlock(&xfr->lock);
6490 dname_str(xfr->name, zname);
6493 if(xfr->task_probe->timeout <= AUTH_PROBE_TIMEOUT_STOP) {
6495 if(xfr_probe_send_probe(xfr, env, xfr->task_probe->timeout*2)) {
6496 lock_basic_unlock(&xfr->lock);
6501 comm_point_delete(xfr->task_probe->cp);
6502 xfr->task_probe->cp = NULL;
6516 log_assert(xfr->task_probe);
6517 lock_basic_lock(&xfr->lock);
6518 env = xfr->task_probe->env;
6519 if(!env || env->outnet->want_to_quit) {
6520 lock_basic_unlock(&xfr->lock);
6526 repinfo->c = NULL;
6528 comm_timer_disable(xfr->task_probe->timer);
6533 if(check_packet_ok(c->buffer, LDNS_RR_TYPE_SOA, xfr,
6538 dname_str(xfr->name, buf);
6545 /* if updated, start the transfer task, if needed */
6546 verbose(VERB_ALGO, "auth_zone updated, start transfer");
6547 if(xfr->task_transfer->worker == NULL) {
6553 if(xfr->task_transfer->masters &&
6554 xfr->task_transfer->masters->http)
6563 lock_basic_unlock(&xfr->lock);
6572 xfr->task_probe->have_new_lease = 1;
6577 dname_str(xfr->name, buf);
6584 dname_str(xfr->name, buf);
6591 comm_point_delete(xfr->task_probe->cp);
6592 xfr->task_probe->cp = NULL;
6607 struct auth_master* master = xfr->task_probe->lookup_target;
6612 sldns_buffer* buf = env->scratch_buffer;
6614 if(extstrtoaddr(master->host, &addr, &addrlen, UNBOUND_DNS_PORT)) {
6618 if(master->allow_notify && !master->http &&
6619 strchr(master->host, '/') != NULL &&
6620 strchr(master->host, '/') == strrchr(master->host, '/')) {
6624 /* use mesh_new_callback to probe for non-addr hosts,
6627 if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
6629 log_err("cannot parse host name of master %s", master->host);
6633 qinfo.qclass = xfr->dclass;
6635 if(xfr->task_probe->lookup_aaaa)
6641 dname_str(xfr->name, buf2);
6649 edns.bits = EDNS_DO;
6662 lock_basic_unlock(&xfr->lock);
6663 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
6665 lock_basic_lock(&xfr->lock);
6666 log_err("out of memory lookup up master %s", master->host);
6669 lock_basic_lock(&xfr->lock);
6678 while(xfr->task_probe->lookup_target) {
6687 dname_str(xfr->name, zname);
6690 lock_basic_unlock(&xfr->lock);
6700 dname_str(xfr->name, zname);
6703 if(xfr->task_probe->only_lookup) {
6705 xfr->task_probe->only_lookup = 0;
6708 dname_str(xfr->name, zname);
6712 if(xfr->task_nextprobe->worker == NULL)
6714 lock_basic_unlock(&xfr->lock);
6722 lock_basic_unlock(&xfr->lock);
6730 if(xfr->task_probe->have_new_lease) {
6734 dname_str(xfr->name, zname);
6738 if(xfr->have_zone)
6739 xfr->lease_time = *env->now;
6740 if(xfr->task_nextprobe->worker == NULL)
6745 dname_str(xfr->name, zname);
6752 if(xfr->task_nextprobe->worker == NULL)
6756 lock_basic_unlock(&xfr->lock);
6766 log_assert(xfr->task_probe);
6767 lock_basic_lock(&xfr->lock);
6768 env = xfr->task_probe->env;
6769 if(!env || env->outnet->want_to_quit) {
6770 lock_basic_unlock(&xfr->lock);
6777 struct regional* temp = env->scratch;
6780 if(xfr->task_probe->lookup_aaaa)
6785 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
6790 xfr_master_add_addrs(xfr->task_probe->
6795 dname_str(xfr->name, zname);
6796 verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has nodata", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6802 dname_str(xfr->name, zname);
6803 verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6810 dname_str(xfr->name, zname);
6811 verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup failed", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6814 if(xfr->task_probe->lookup_target->list &&
6815 xfr->task_probe->lookup_target == xfr_probe_current_master(xfr))
6816 xfr->task_probe->scan_addr = xfr->task_probe->lookup_target->list;
6830 comm_timer_delete(xfr->task_nextprobe->timer);
6831 xfr->task_nextprobe->timer = NULL;
6832 xfr->task_nextprobe->next_probe = 0;
6834 xfr->task_nextprobe->worker = NULL;
6835 xfr->task_nextprobe->env = NULL;
6844 log_assert(xfr->task_nextprobe);
6845 lock_basic_lock(&xfr->lock);
6846 env = xfr->task_nextprobe->env;
6847 if(!env || env->outnet->want_to_quit) {
6848 lock_basic_unlock(&xfr->lock);
6853 if(xfr->have_zone && !xfr->zone_expired &&
6854 *env->now >= xfr->lease_time + xfr->expiry) {
6855 lock_basic_unlock(&xfr->lock);
6857 lock_basic_lock(&xfr->lock);
6864 lock_basic_unlock(&xfr->lock);
6873 for(p=list; p; p = p->next) {
6874 if(!p->allow_notify && p->host)
6889 if(xfr->task_probe->worker == NULL) {
6890 if(!have_probe_targets(xfr->task_probe->masters) &&
6891 !(xfr->task_probe->only_lookup &&
6892 xfr->task_probe->masters != NULL)) {
6894 * probe. Instead attempt to pick up task transfer */
6895 if(xfr->task_transfer->worker == NULL) {
6899 /* task transfer already in progress */
6904 xfr->task_probe->worker = env->worker;
6905 xfr->task_probe->env = env;
6906 xfr->task_probe->cp = NULL;
6910 xfr->task_probe->have_new_lease = 0;
6913 * first and also transfer first from it */
6936 log_assert(xfr->task_nextprobe != NULL);
6937 log_assert(xfr->task_nextprobe->worker == NULL ||
6938 xfr->task_nextprobe->worker == env->worker);
6942 xfr->task_nextprobe->next_probe = *env->now;
6943 if(xfr->lease_time && !failure)
6944 xfr->task_nextprobe->next_probe = xfr->lease_time;
6947 xfr->task_nextprobe->backoff = 0;
6949 if(xfr->task_nextprobe->backoff == 0)
6950 xfr->task_nextprobe->backoff = 3;
6951 else xfr->task_nextprobe->backoff *= 2;
6952 if(xfr->task_nextprobe->backoff > AUTH_TRANSFER_MAX_BACKOFF)
6953 xfr->task_nextprobe->backoff =
6957 if(xfr->have_zone) {
6958 time_t wait = xfr->refresh;
6959 if(failure) wait = xfr->retry;
6960 if(xfr->expiry < wait)
6961 xfr->task_nextprobe->next_probe += xfr->expiry;
6962 else xfr->task_nextprobe->next_probe += wait;
6964 xfr->task_nextprobe->next_probe +=
6965 xfr->task_nextprobe->backoff;
6967 if(xfr->lease_time && xfr->lease_time+xfr->expiry <
6968 xfr->task_nextprobe->next_probe &&
6969 xfr->lease_time+xfr->expiry > *env->now)
6970 xfr->task_nextprobe->next_probe =
6971 xfr->lease_time+xfr->expiry;
6973 xfr->task_nextprobe->next_probe +=
6974 xfr->task_nextprobe->backoff;
6977 if(!xfr->task_nextprobe->timer) {
6978 xfr->task_nextprobe->timer = comm_timer_create(
6979 env->worker_base, auth_xfer_timer, xfr);
6980 if(!xfr->task_nextprobe->timer) {
6981 /* failed to malloc memory. likely zone transfer
6984 dname_str(xfr->name, zname);
6990 xfr->task_nextprobe->worker = env->worker;
6991 xfr->task_nextprobe->env = env;
6992 if(*(xfr->task_nextprobe->env->now) <= xfr->task_nextprobe->next_probe)
6993 tv.tv_sec = xfr->task_nextprobe->next_probe -
6994 *(xfr->task_nextprobe->env->now);
6996 if(tv.tv_sec != 0 && lookup_only && xfr->task_probe->masters) {
7000 if(xfr->task_probe->worker == NULL)
7001 xfr->task_probe->only_lookup = 1;
7005 dname_str(xfr->name, zname);
7010 comm_timer_set(xfr->task_nextprobe->timer, &tv);
7018 lock_rw_wrlock(&az->lock);
7019 RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
7020 lock_basic_lock(&x->lock);
7024 if(x->have_zone)
7025 x->lease_time = *env->now;
7026 if(x->task_nextprobe && x->task_nextprobe->worker == NULL) {
7029 lock_basic_unlock(&x->lock);
7031 lock_rw_unlock(&az->lock);
7037 lock_rw_wrlock(&az->lock);
7038 RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
7039 lock_basic_lock(&x->lock);
7040 if(x->task_nextprobe && x->task_nextprobe->worker != NULL) {
7043 if(x->task_probe && x->task_probe->worker != NULL) {
7046 if(x->task_transfer && x->task_transfer->worker != NULL) {
7047 auth_chunks_delete(x->task_transfer);
7050 lock_basic_unlock(&x->lock);
7052 lock_rw_unlock(&az->lock);
7065 xfr->name = memdup(z->name, z->namelen);
7066 if(!xfr->name) {
7070 xfr->node.key = xfr;
7071 xfr->namelen = z->namelen;
7072 xfr->namelabs = z->namelabs;
7073 xfr->dclass = z->dclass;
7075 xfr->task_nextprobe = (struct auth_nextprobe*)calloc(1,
7077 if(!xfr->task_nextprobe) {
7078 free(xfr->name);
7082 xfr->task_probe = (struct auth_probe*)calloc(1,
7084 if(!xfr->task_probe) {
7085 free(xfr->task_nextprobe);
7086 free(xfr->name);
7090 xfr->task_transfer = (struct auth_transfer*)calloc(1,
7092 if(!xfr->task_transfer) {
7093 free(xfr->task_probe);
7094 free(xfr->task_nextprobe);
7095 free(xfr->name);
7100 lock_basic_init(&xfr->lock);
7101 lock_protect(&xfr->lock, &xfr->name, sizeof(xfr->name));
7102 lock_protect(&xfr->lock, &xfr->namelen, sizeof(xfr->namelen));
7103 lock_protect(&xfr->lock, xfr->name, xfr->namelen);
7104 lock_protect(&xfr->lock, &xfr->namelabs, sizeof(xfr->namelabs));
7105 lock_protect(&xfr->lock, &xfr->dclass, sizeof(xfr->dclass));
7106 lock_protect(&xfr->lock, &xfr->notify_received, sizeof(xfr->notify_received));
7107 lock_protect(&xfr->lock, &xfr->notify_serial, sizeof(xfr->notify_serial));
7108 lock_protect(&xfr->lock, &xfr->zone_expired, sizeof(xfr->zone_expired));
7109 lock_protect(&xfr->lock, &xfr->have_zone, sizeof(xfr->have_zone));
7110 lock_protect(&xfr->lock, &xfr->serial, sizeof(xfr->serial));
7111 lock_protect(&xfr->lock, &xfr->retry, sizeof(xfr->retry));
7112 lock_protect(&xfr->lock, &xfr->refresh, sizeof(xfr->refresh));
7113 lock_protect(&xfr->lock, &xfr->expiry, sizeof(xfr->expiry));
7114 lock_protect(&xfr->lock, &xfr->lease_time, sizeof(xfr->lease_time));
7115 lock_protect(&xfr->lock, &xfr->task_nextprobe->worker,
7116 sizeof(xfr->task_nextprobe->worker));
7117 lock_protect(&xfr->lock, &xfr->task_probe->worker,
7118 sizeof(xfr->task_probe->worker));
7119 lock_protect(&xfr->lock, &xfr->task_transfer->worker,
7120 sizeof(xfr->task_transfer->worker));
7121 lock_basic_lock(&xfr->lock);
7127 * and sets the timeout, if a zone transfer is needed a short timeout is set.
7142 (void)rbtree_insert(&az->xtree, &xfr->node);
7159 (*list) = &(m->next);
7165 dup_prefix(char* str, size_t num)
7169 if(len < num) num = len; /* not more than strlen */
7170 result = (char*)malloc(num+1);
7175 memmove(result, str, num);
7176 result[num] = 0;
7224 char* uri = dup_prefix(p, (size_t)(strstr(p, "://")-p));
7236 *host = dup_prefix(p, (size_t)(end-p));
7247 *host = dup_prefix(p, (size_t)(end-p));
7284 list = &( (*list)->next );
7287 for(p = c->urls; p; p = p->next) {
7290 m->http = 1;
7291 if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl))
7294 for(p = c->masters; p; p = p->next) {
7297 m->ixfr = 1; /* this flag is not configurable */
7298 m->host = strdup(p->str);
7299 if(!m->host) {
7304 for(p = c->allow_notify; p; p = p->next) {
7307 m->allow_notify = 1;
7308 m->host = strdup(p->str);
7309 if(!m->host) {
7321 const uint32_t cutoff = ((uint32_t) 1 << (SERIAL_BITS - 1));
7325 } else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) {
7326 return -1;
7424 size_t num = 0;
7426 if(num >= arraysize)
7427 return num;
7428 array[num] = rrset;
7429 num++;
7430 rrset = rrset->next;
7432 return num;
7442 else t1 = r1->type;
7444 else t2 = r2->type;
7446 return -1;
7475 key.entry.data = rrset->data;
7476 key.rk.dname = node->name;
7477 key.rk.dname_len = node->namelen;
7478 key.rk.type = htons(rrset->type);
7479 key.rk.rrset_class = htons(z->dclass);
7502 for(j = 0; j<rrset->data->count; j++) {
7503 if(rrsig_rdata_get_type_covered(rrset->data->
7504 rr_data[j], rrset->data->rr_len[j]) ==
7506 query_dname_compare(z->name, node->name)==0) {
7514 if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7515 query_dname_compare(z->name, node->name)==0) {
7519 count += (rrlist[i]?rrlist[i]->data->rrsig_count:0);
7528 data->rr_len = regional_alloc(region, sizeof(*data->rr_len) * count);
7529 if(!data->rr_len) {
7532 data->rr_ttl = regional_alloc(region, sizeof(*data->rr_ttl) * count);
7533 if(!data->rr_ttl) {
7536 data->rr_data = regional_alloc(region, sizeof(*data->rr_data) * count);
7537 if(!data->rr_data) {
7553 if(rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7554 query_dname_compare(z->name, node->name)==0) {
7558 for(j = 0; j<rrlist[i]->data->rrsig_count; j++) {
7559 data->rr_len[*done] = rrlist[i]->data->rr_len[rrlist[i]->data->count + j];
7560 data->rr_ttl[*done] = rrlist[i]->data->rr_ttl[rrlist[i]->data->count + j];
7564 data->rr_data[*done] = rrlist[i]->data->rr_data[rrlist[i]->data->count + j];
7576 for(j = 0; j<rrset->data->count; j++) {
7577 if(rrsig_rdata_get_type_covered(rrset->data->
7578 rr_data[j], rrset->data->rr_len[j]) ==
7580 query_dname_compare(z->name, node->name)==0) {
7584 data->rr_len[*done] = rrset->data->rr_len[j];
7585 data->rr_ttl[*done] = rrset->data->rr_ttl[j];
7589 data->rr_data[*done] = rrset->data->rr_data[j];
7620 key.rk.dname = node->name;
7621 key.rk.dname_len = node->namelen;
7623 key.rk.rrset_class = htons(z->dclass);
7661 if(!dname_subdomain_c(node->name, z->name))
7664 rrnum = authdata_rrsets_to_list(rrlist, rrlistsize, node->rrsets);
7668 if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7669 query_dname_compare(z->name, node->name) == 0) {
7673 if(rrlist[i] == NULL || rrlist[i]->type ==
7694 RBTREE_FOR(n, struct auth_data*, &z->data) {
7813 if(m == -1) {
7814 auth_zone_log(z->name, VERB_ALGO, "zonemd dnssec verify: have "
7818 ve = (struct val_env*)env->modinfo[m];
7822 pk.entry.data = rrset->data;
7823 pk.rk.dname = node->name;
7824 pk.rk.dname_len = node->namelen;
7825 pk.rk.type = htons(rrset->type);
7826 pk.rk.rrset_class = htons(z->dclass);
7830 sldns_wire2str_type_buf(rrset->type, typestr, sizeof(typestr));
7831 auth_zone_log(z->name, VERB_ALGO,
7840 auth_zone_log(z->name, VERB_ALGO, "DNSSEC verify was bogus: %s", *why_bogus);
7848 int i, count = (int)nsec3->data->count;
7851 pk.entry.data = nsec3->data;
7897 pk.entry.data = nsec->data;
7902 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC verification of absence of ZONEMD secure");
7921 match = az_nsec3_find_exact(z, z->name, z->namelen, algo,
7944 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC3 verification of absence of ZONEMD secure");
7978 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC verification of SOA and ZONEMD RRsets secure");
7996 dname_str(z->name, zstr);
8012 if(env->cfg->zonemd_permissive_mode) {
8013 verbose(VERB_ALGO, "zonemd-permissive-mode enabled, "
8020 z->zone_expired = 1;
8049 apex = az_find_name(z, z->name, z->namelen);
8054 if(!zonemd_rrset || zonemd_rrset->data->count==0) {
8087 if(zonemd_absent && z->zonemd_reject_absence) {
8092 auth_zone_log(z->name, VERB_ALGO, "DNSSEC verified nonexistence of ZONEMD");
8100 auth_zone_log(z->name, VERB_ALGO, "no ZONEMD present");
8116 auth_zone_log(z->name, VERB_ALGO, "ZONEMD %s", reason);
8117 else auth_zone_log(z->name, VERB_ALGO, "ZONEMD verification successful");
8156 apex = az_find_name(z, z->name, z->namelen);
8162 if(!dnskey_rrset || dnskey_rrset->data->count==0) {
8168 if(m == -1) {
8172 ve = (struct val_env*)env->modinfo[m];
8175 keystorage->entry.key = keystorage;
8176 keystorage->entry.data = dnskey_rrset->data;
8177 keystorage->rk.dname = apex->name;
8178 keystorage->rk.dname_len = apex->namelen;
8179 keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY);
8180 keystorage->rk.rrset_class = htons(z->dclass);
8181 auth_zone_log(z->name, VERB_QUERY,
8183 sec = val_verify_DNSKEY_with_TA(env, ve, keystorage, anchor->ds_rrset,
8184 anchor->dnskey_rrset, NULL, why_bogus, NULL, NULL, reasonbuf,
8186 regional_free_all(env->scratch);
8197 auth_zone_log(z->name, VERB_ALGO,
8218 apex = az_find_name(z, z->name, z->namelen);
8224 if(!dnskey_rrset || dnskey_rrset->data->count==0) {
8230 if(m == -1) {
8234 ve = (struct val_env*)env->modinfo[m];
8237 keystorage->entry.key = keystorage;
8238 keystorage->entry.data = dnskey_rrset->data;
8239 keystorage->rk.dname = apex->name;
8240 keystorage->rk.dname_len = apex->namelen;
8241 keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY);
8242 keystorage->rk.rrset_class = htons(z->dclass);
8243 auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS");
8246 regional_free_all(env->scratch);
8258 auth_zone_log(z->name, VERB_ALGO,
8278 lock_rw_wrlock(&z->lock);
8279 env = z->zonemd_callback_env;
8282 z->zonemd_callback_env = NULL;
8283 if(!env || env->outnet->want_to_quit || z->zone_deleted) {
8284 lock_rw_unlock(&z->lock);
8287 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DS)
8289 downprot = env->cfg->harden_algo_downgrade;
8295 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8299 auth_zone_log(z->name, VERB_ALGO,
8302 uint16_t wanted_qtype = z->zonemd_callback_qtype;
8303 struct regional* temp = env->scratch;
8309 query_dname_compare(z->name, rq.qname) == 0 &&
8310 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
8315 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8318 auth_zone_log(z->name, VERB_ALGO,
8322 auth_zone_log(z->name, VERB_ALGO,
8326 auth_zone_log(z->name, VERB_ALGO,
8330 auth_zone_log(z->name, VERB_ALGO,
8333 auth_zone_log(z->name, VERB_ALGO,
8335 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8340 query_dname_compare(z->name, rq.qname) == 0 &&
8341 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8349 auth_zone_log(z->name, VERB_ALGO,
8352 query_dname_compare(z->name, rq.qname) == 0 &&
8353 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8356 auth_zone_log(z->name, VERB_ALGO,
8359 query_dname_compare(z->name, rq.qname) == 0 &&
8360 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8363 auth_zone_log(z->name, VERB_ALGO,
8366 auth_zone_log(z->name, VERB_ALGO,
8368 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8373 auth_zone_log(z->name, VERB_ALGO,
8375 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8382 &env->mesh->mods, ds, &is_insecure, &ds_bogus,
8391 lock_rw_unlock(&z->lock);
8392 regional_free_all(env->scratch);
8396 auth_zone_verify_zonemd_with_key(z, env, &env->mesh->mods, dnskey,
8398 regional_free_all(env->scratch);
8399 lock_rw_unlock(&z->lock);
8409 sldns_buffer* buf = env->scratch_buffer;
8412 if(!z->fallback_enabled) {
8418 if(z->zonemd_callback_env) {
8423 auth_zone_log(z->name, VERB_ALGO,
8430 qinfo.qname_len = z->namelen;
8431 qinfo.qname = z->name;
8432 qinfo.qclass = z->dclass;
8440 dname_str(z->name, buf2);
8449 edns.bits = EDNS_DO;
8457 /* store the worker-specific module env for the callback.
8459 z->zonemd_callback_env = env;
8460 z->zonemd_callback_qtype = qinfo.qtype;
8462 lock_rw_unlock(&z->lock);
8463 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
8465 lock_rw_wrlock(&z->lock);
8470 lock_rw_wrlock(&z->lock);
8485 if(!z->zonemd_check)
8487 if(z->data.count == 0)
8491 /* is it equal to trustanchor - get dnskey's verified */
8495 if(env->anchors)
8496 anchor = anchors_lookup(env->anchors, z->name, z->namelen,
8497 z->dclass);
8498 if(anchor && anchor->numDS == 0 && anchor->numDNSKEY == 0) {
8499 /* domain-insecure trust anchor for unsigned zones */
8500 lock_basic_unlock(&anchor->lock);
8505 } else if(anchor && query_dname_compare(z->name, anchor->name) == 0) {
8507 lock_basic_unlock(&anchor->lock);
8514 lock_basic_unlock(&anchor->lock);
8519 lock_basic_unlock(&anchor->lock);
8539 regional_free_all(env->scratch);
8545 regional_free_all(env->scratch);
8556 lock_rw_rdlock(&az->lock);
8557 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
8558 lock_rw_wrlock(&z->lock);
8559 if(!z->zonemd_check) {
8560 lock_rw_unlock(&z->lock);
8563 key.dclass = z->dclass;
8564 key.namelabs = z->namelabs;
8565 if(z->namelen > sizeof(savezname)) {
8566 lock_rw_unlock(&z->lock);
8570 savezname_len = z->namelen;
8571 memmove(savezname, z->name, z->namelen);
8572 lock_rw_unlock(&az->lock);
8573 auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 1);
8574 lock_rw_unlock(&z->lock);
8575 lock_rw_rdlock(&az->lock);
8581 z = (struct auth_zone*)rbtree_search(&az->ztree, &key);
8585 lock_rw_unlock(&az->lock);