xref: /netbsd-src/external/bsd/unbound/dist/testcode/testpkts.c (revision 91f7d55fb697b5e0475da4718fa34c3a3ebeac85)

/*
 * testpkts. Data file parse for test packets, and query matching.
 *
 * Data storage for specially crafted replies for testing purposes.
 *
 * (c) NLnet Labs, 2005, 2006, 2007, 2008
 * See the file LICENSE for the license
 */

/**
 * \file
 * This is a debugging aid. It is not efficient, especially
 * with a long config file, but it can give any reply to any query.
 * This can help the developer pre-script replies for queries.
 *
 * You can specify a packet RR by RR with header flags to return.
 *
 * Missing features:
 *		- matching content different from reply content.
 *		- find way to adjust mangled packets?
 */

#include "config.h"
#include <errno.h>
#include <stdarg.h>
#include <ctype.h>
#include "testcode/testpkts.h"
#include "util/net_help.h"
#include "sldns/sbuffer.h"
#include "sldns/rrdef.h"
#include "sldns/pkthdr.h"
#include "sldns/str2wire.h"
#include "sldns/wire2str.h"

/** max size of a packet */
#define MAX_PACKETLEN 65536
/** max line length */
#define MAX_LINE   10240
/** string to show in warnings and errors */
static const char* prog_name = "testpkts";

#ifndef UTIL_LOG_H
/** verbosity definition for compat */
enum verbosity_value { NO_VERBOSE=0 };
#endif
/** logging routine, provided by caller */
void verbose(enum verbosity_value lvl, const char* msg, ...) ATTR_FORMAT(printf, 2, 3);
static void error(const char* msg, ...) ATTR_NORETURN;

/** print error and exit */
static void error(const char* msg, ...)
{
	va_list args;
	va_start(args, msg);
	fprintf(stderr, "%s error: ", prog_name);
	vfprintf(stderr, msg, args);
	fprintf(stderr, "\n");
	fflush(stderr);
	va_end(args);
	exit(EXIT_FAILURE);
}

/** return if string is empty or comment */
static int isendline(char c)
{
	if(c == ';' || c == '#'
		|| c == '\n' || c == 0)
		return 1;
	return 0;
}

/** true if the string starts with the keyword given. Moves the str ahead.
 * @param str: before keyword, afterwards after keyword and spaces.
 * @param keyword: the keyword to match
 * @return: true if keyword present. False otherwise, and str unchanged.
*/
static int str_keyword(char** str, const char* keyword)
{
	size_t len = strlen(keyword);
	assert(str && keyword);
	if(strncmp(*str, keyword, len) != 0)
		return 0;
	*str += len;
	while(isspace((unsigned char)**str))
		(*str)++;
	return 1;
}

/** Add reply packet to entry */
static struct reply_packet*
entry_add_reply(struct entry* entry)
{
	struct reply_packet* pkt = (struct reply_packet*)malloc(
		sizeof(struct reply_packet));
	struct reply_packet ** p = &entry->reply_list;
	if(!pkt) error("out of memory");
	pkt->next = NULL;
	pkt->packet_sleep = 0;
	pkt->reply_pkt = NULL;
	pkt->reply_from_hex = NULL;
	pkt->raw_ednsdata = NULL;
	/* link at end */
	while(*p)
		p = &((*p)->next);
	*p = pkt;
	return pkt;
}

/** parse MATCH line */
static void matchline(char* line, struct entry* e)
{
	char* parse = line;
	while(*parse) {
		if(isendline(*parse))
			return;
		if(str_keyword(&parse, "opcode")) {
			e->match_opcode = 1;
		} else if(str_keyword(&parse, "qtype")) {
			e->match_qtype = 1;
		} else if(str_keyword(&parse, "qname")) {
			e->match_qname = 1;
		} else if(str_keyword(&parse, "rcode")) {
			e->match_rcode = 1;
		} else if(str_keyword(&parse, "question")) {
			e->match_question = 1;
		} else if(str_keyword(&parse, "answer")) {
			e->match_answer = 1;
		} else if(str_keyword(&parse, "subdomain")) {
			e->match_subdomain = 1;
		} else if(str_keyword(&parse, "all_noedns")) {
			e->match_all_noedns = 1;
		} else if(str_keyword(&parse, "all")) {
			e->match_all = 1;
		} else if(str_keyword(&parse, "ttl")) {
			e->match_ttl = 1;
		} else if(str_keyword(&parse, "DO")) {
			e->match_do = 1;
		} else if(str_keyword(&parse, "noedns")) {
			e->match_noedns = 1;
		} else if(str_keyword(&parse, "ednsdata")) {
			e->match_ednsdata_raw = 1;
		} else if(str_keyword(&parse, "client_cookie")) {
			e->match_client_cookie = 1;
		} else if(str_keyword(&parse, "server_cookie")) {
			e->match_server_cookie = 1;
		} else if(str_keyword(&parse, "UDP")) {
			e->match_transport = transport_udp;
		} else if(str_keyword(&parse, "TCP")) {
			e->match_transport = transport_tcp;
		} else if(str_keyword(&parse, "serial")) {
			e->match_serial = 1;
			if(*parse != '=' && *parse != ':')
				error("expected = or : in MATCH: %s", line);
			parse++;
			e->ixfr_soa_serial = (uint32_t)strtol(parse, (char**)&parse, 10);
			while(isspace((unsigned char)*parse))
				parse++;
		} else if(str_keyword(&parse, "ede")) {
			e->match_ede = 1;
			if(*parse != '=' && *parse != ':')
				error("expected = or : in MATCH: %s", line);
			parse++;
			while(isspace((unsigned char)*parse))
				parse++;
			if(str_keyword(&parse, "any")) {
				e->match_ede_any = 1;
			} else {
				e->ede_info_code = (uint16_t)strtol(parse,
					(char**)&parse, 10);
			}
			while(isspace((unsigned char)*parse))
				parse++;
		} else {
			error("could not parse MATCH: '%s'", parse);
		}
	}
}

/** parse REPLY line */
static void replyline(char* line, uint8_t* reply, size_t reply_len,
	int* do_flag)
{
	char* parse = line;
	if(reply_len < LDNS_HEADER_SIZE) error("packet too short for header");
	while(*parse) {
		if(isendline(*parse))
			return;
			/* opcodes */
		if(str_keyword(&parse, "QUERY")) {
			LDNS_OPCODE_SET(reply, LDNS_PACKET_QUERY);
		} else if(str_keyword(&parse, "IQUERY")) {
			LDNS_OPCODE_SET(reply, LDNS_PACKET_IQUERY);
		} else if(str_keyword(&parse, "STATUS")) {
			LDNS_OPCODE_SET(reply, LDNS_PACKET_STATUS);
		} else if(str_keyword(&parse, "NOTIFY")) {
			LDNS_OPCODE_SET(reply, LDNS_PACKET_NOTIFY);
		} else if(str_keyword(&parse, "UPDATE")) {
			LDNS_OPCODE_SET(reply, LDNS_PACKET_UPDATE);
			/* rcodes */
		} else if(str_keyword(&parse, "NOERROR")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_NOERROR);
		} else if(str_keyword(&parse, "FORMERR")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_FORMERR);
		} else if(str_keyword(&parse, "SERVFAIL")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_SERVFAIL);
		} else if(str_keyword(&parse, "NXDOMAIN")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_NXDOMAIN);
		} else if(str_keyword(&parse, "NOTIMPL")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_NOTIMPL);
		} else if(str_keyword(&parse, "REFUSED")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_REFUSED);
		} else if(str_keyword(&parse, "YXDOMAIN")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_YXDOMAIN);
		} else if(str_keyword(&parse, "YXRRSET")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_YXRRSET);
		} else if(str_keyword(&parse, "NXRRSET")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_NXRRSET);
		} else if(str_keyword(&parse, "NOTAUTH")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_NOTAUTH);
		} else if(str_keyword(&parse, "NOTZONE")) {
			LDNS_RCODE_SET(reply, LDNS_RCODE_NOTZONE);
			/* flags */
		} else if(str_keyword(&parse, "QR")) {
			LDNS_QR_SET(reply);
		} else if(str_keyword(&parse, "AA")) {
			LDNS_AA_SET(reply);
		} else if(str_keyword(&parse, "TC")) {
			LDNS_TC_SET(reply);
		} else if(str_keyword(&parse, "RD")) {
			LDNS_RD_SET(reply);
		} else if(str_keyword(&parse, "CD")) {
			LDNS_CD_SET(reply);
		} else if(str_keyword(&parse, "RA")) {
			LDNS_RA_SET(reply);
		} else if(str_keyword(&parse, "AD")) {
			LDNS_AD_SET(reply);
		} else if(str_keyword(&parse, "DO")) {
			*do_flag = 1;
		} else {
			error("could not parse REPLY: '%s'", parse);
		}
	}
}

/** parse ADJUST line */
static void adjustline(char* line, struct entry* e,
	struct reply_packet* pkt)
{
	char* parse = line;
	while(*parse) {
		if(isendline(*parse))
			return;
		if(str_keyword(&parse, "copy_id")) {
			e->copy_id = 1;
		} else if(str_keyword(&parse, "copy_query")) {
			e->copy_query = 1;
		} else if(str_keyword(&parse, "copy_ednsdata_assume_clientsubnet")) {
			e->copy_ednsdata_assume_clientsubnet = 1;
		} else if(str_keyword(&parse, "increment_ecs_scope")) {
			e->increment_ecs_scope = 1;
		} else if(str_keyword(&parse, "sleep=")) {
			e->sleeptime = (unsigned int) strtol(parse, (char**)&parse, 10);
			while(isspace((unsigned char)*parse))
				parse++;
		} else if(str_keyword(&parse, "packet_sleep=")) {
			pkt->packet_sleep = (unsigned int) strtol(parse, (char**)&parse, 10);
			while(isspace((unsigned char)*parse))
				parse++;
		} else {
			error("could not parse ADJUST: '%s'", parse);
		}
	}
}

/** create new entry */
static struct entry* new_entry(void)
{
	struct entry* e = (struct entry*)malloc(sizeof(struct entry));
	if(!e) error("out of memory");
	memset(e, 0, sizeof(*e));
	e->match_opcode = 0;
	e->match_qtype = 0;
	e->match_qname = 0;
	e->match_rcode = 0;
	e->match_question = 0;
	e->match_answer = 0;
	e->match_subdomain = 0;
	e->match_all = 0;
	e->match_all_noedns = 0;
	e->match_ttl = 0;
	e->match_do = 0;
	e->match_noedns = 0;
	e->match_serial = 0;
	e->ixfr_soa_serial = 0;
	e->match_ede = 0;
	e->match_ede_any = 0;
	e->ede_info_code = -1;
	e->match_transport = transport_any;
	e->reply_list = NULL;
	e->copy_id = 0;
	e->copy_query = 0;
	e->copy_ednsdata_assume_clientsubnet = 0;
	e->increment_ecs_scope = 0;
	e->sleeptime = 0;
	e->next = NULL;
	return e;
}

/**
 * Converts a hex string to binary data
 * @param hexstr: string of hex.
 * @param len: is the length of the string
 * @param buf: is the buffer to store the result in
 * @param offset: is the starting position in the result buffer
 * @param buf_len: is the length of buf.
 * @return This function returns the length of the result
 */
static size_t
hexstr2bin(char *hexstr, int len, uint8_t *buf, size_t offset, size_t buf_len)
{
	char c;
	int i;
	uint8_t int8 = 0;
	int sec = 0;
	size_t bufpos = 0;

	if (len % 2 != 0) {
		return 0;
	}

	for (i=0; i<len; i++) {
		c = hexstr[i];

		/* case insensitive, skip spaces */
		if (c != ' ') {
			if (c >= '0' && c <= '9') {
				int8 += c & 0x0f;
			} else if (c >= 'a' && c <= 'z') {
				int8 += (c & 0x0f) + 9;
			} else if (c >= 'A' && c <= 'Z') {
				int8 += (c & 0x0f) + 9;
			} else {
				return 0;
			}

			if (sec == 0) {
				int8 = int8 << 4;
				sec = 1;
			} else {
				if (bufpos + offset + 1 <= buf_len) {
					buf[bufpos+offset] = int8;
					int8 = 0;
					sec = 0;
					bufpos++;
				} else {
					fprintf(stderr, "Buffer too small in hexstr2bin");
				}
			}
		}
        }
        return bufpos;
}

/** convert hex buffer to binary buffer */
static sldns_buffer *
hex_buffer2wire(sldns_buffer *data_buffer)
{
	sldns_buffer *wire_buffer = NULL;
	int c;

	/* stat hack
	 * 0 = normal
	 * 1 = comment (skip to end of line)
	 * 2 = unprintable character found, read binary data directly
	 */
	size_t data_buf_pos = 0;
	int state = 0;
	uint8_t *hexbuf;
	int hexbufpos = 0;
	size_t wirelen;
	uint8_t *data_wire = (uint8_t *) sldns_buffer_begin(data_buffer);
	uint8_t *wire = (uint8_t*)malloc(MAX_PACKETLEN);
	if(!wire) error("out of memory");

	hexbuf = (uint8_t*)malloc(MAX_PACKETLEN);
	if(!hexbuf) error("out of memory");
	for (data_buf_pos = 0; data_buf_pos < sldns_buffer_position(data_buffer); data_buf_pos++) {
		c = (int) data_wire[data_buf_pos];

		if (state < 2 && !isascii((unsigned char)c)) {
			/*verbose("non ascii character found in file: (%d) switching to raw mode\n", c);*/
			state = 2;
		}
		switch (state) {
			case 0:
				if (	(c >= '0' && c <= '9') ||
					(c >= 'a' && c <= 'f') ||
					(c >= 'A' && c <= 'F') )
				{
					if (hexbufpos >= MAX_PACKETLEN) {
						error("buffer overflow");
						free(hexbuf);
						return 0;

					}
					hexbuf[hexbufpos] = (uint8_t) c;
					hexbufpos++;
				} else if (c == ';') {
					state = 1;
				} else if (c == ' ' || c == '\t' || c == '\n') {
					/* skip whitespace */
				}
				break;
			case 1:
				if (c == '\n' || c == EOF) {
					state = 0;
				}
				break;
			case 2:
				if (hexbufpos >= MAX_PACKETLEN) {
					error("buffer overflow");
					free(hexbuf);
					return 0;
				}
				hexbuf[hexbufpos] = (uint8_t) c;
				hexbufpos++;
				break;
		}
	}

	if (hexbufpos >= MAX_PACKETLEN) {
		/*verbose("packet size reached\n");*/
	}

	/* lenient mode: length must be multiple of 2 */
	if (hexbufpos % 2 != 0) {
		if (hexbufpos >= MAX_PACKETLEN) {
			error("buffer overflow");
			free(hexbuf);
			return 0;
		}
		hexbuf[hexbufpos] = (uint8_t) '0';
		hexbufpos++;
	}

	if (state < 2) {
		wirelen = hexstr2bin((char *) hexbuf, hexbufpos, wire, 0, MAX_PACKETLEN);
		wire_buffer = sldns_buffer_new(wirelen);
		sldns_buffer_new_frm_data(wire_buffer, wire, wirelen);
	} else {
		error("Incomplete hex data, not at byte boundary\n");
	}
	free(wire);
	free(hexbuf);
	return wire_buffer;
}

/** parse ORIGIN */
static void
get_origin(const char* name, struct sldns_file_parse_state* pstate, char* parse)
{
	/* snip off rest of the text so as to make the parse work in ldns */
	char* end;
	char store;
	int status;

	end=parse;
	while(!isspace((unsigned char)*end) && !isendline(*end))
		end++;
	store = *end;
	*end = 0;
	verbose(3, "parsing '%s'\n", parse);
	status = sldns_str2wire_dname_buf(parse, pstate->origin,
		&pstate->origin_len);
	*end = store;
	if(status != 0)
		error("%s line %d:\n\t%s: %s", name, pstate->lineno,
			sldns_get_errorstr_parse(status), parse);
}

/** add RR to packet */
static void add_rr(char* rrstr, uint8_t* pktbuf, size_t pktsize,
	size_t* pktlen, struct sldns_file_parse_state* pstate,
	sldns_pkt_section add_section, const char* fname)
{
	/* it must be a RR, parse and add to packet. */
	size_t rr_len = pktsize - *pktlen;
	size_t dname_len = 0;
	int status;
	uint8_t* origin = pstate->origin_len?pstate->origin:0;
	uint8_t* prev = pstate->prev_rr_len?pstate->prev_rr:0;
	if(*pktlen > pktsize || *pktlen < LDNS_HEADER_SIZE)
		error("packet overflow");

	/* parse RR */
	if(add_section == LDNS_SECTION_QUESTION)
		status = sldns_str2wire_rr_question_buf(rrstr, pktbuf+*pktlen,
			&rr_len, &dname_len, origin, pstate->origin_len,
			prev, pstate->prev_rr_len);
	else status = sldns_str2wire_rr_buf(rrstr, pktbuf+*pktlen, &rr_len,
			&dname_len, pstate->default_ttl, origin,
			pstate->origin_len, prev, pstate->prev_rr_len);
	if(status != 0)
		error("%s line %d:%d %s\n\t%s", fname, pstate->lineno,
			LDNS_WIREPARSE_OFFSET(status),
			sldns_get_errorstr_parse(status), rrstr);
	*pktlen += rr_len;

	/* increase RR count */
	if(add_section == LDNS_SECTION_QUESTION)
		sldns_write_uint16(pktbuf+4, LDNS_QDCOUNT(pktbuf)+1);
	else if(add_section == LDNS_SECTION_ANSWER)
		sldns_write_uint16(pktbuf+6, LDNS_ANCOUNT(pktbuf)+1);
	else if(add_section == LDNS_SECTION_AUTHORITY)
		sldns_write_uint16(pktbuf+8, LDNS_NSCOUNT(pktbuf)+1);
	else if(add_section == LDNS_SECTION_ADDITIONAL)
		sldns_write_uint16(pktbuf+10, LDNS_ARCOUNT(pktbuf)+1);
	else error("internal error bad section %d", (int)add_section);
}

/* add EDNS 4096 opt record */
static void
add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata,
	uint16_t ednslen, size_t* pktlen)
{
	uint8_t edns[] = {0x00, /* root label */
		0x00, LDNS_RR_TYPE_OPT, /* type */
		0x04, 0xD0, /* class is UDPSIZE 1232 */
		0x00, /* TTL[0] is ext rcode */
		0x00, /* TTL[1] is edns version */
		(uint8_t)(do_flag?0x80:0x00), 0x00, /* TTL[2-3] is edns flags, DO */
		(uint8_t)((ednslen >> 8) & 0xff),
		(uint8_t)(ednslen  & 0xff), /* rdatalength */
	};
	if(*pktlen < LDNS_HEADER_SIZE)
		return;
	if(*pktlen + sizeof(edns) + ednslen > pktsize)
		error("not enough space for EDNS OPT record");
	memmove(pktbuf+*pktlen, edns, sizeof(edns));
	if(ednsdata && ednslen)
		memmove(pktbuf+*pktlen+sizeof(edns), ednsdata, ednslen);
	sldns_write_uint16(pktbuf+10, LDNS_ARCOUNT(pktbuf)+1);
	*pktlen += (sizeof(edns) + ednslen);
}

/* Reads one entry from file. Returns entry or NULL on error. */
struct entry*
read_entry(FILE* in, const char* name, struct sldns_file_parse_state* pstate,
	int skip_whitespace)
{
	struct entry* current = NULL;
	char line[MAX_LINE];
	char* parse;
	sldns_pkt_section add_section = LDNS_SECTION_QUESTION;
	struct reply_packet *cur_reply = NULL;
	int reading_hex = 0;
	int reading_hex_ednsdata = 0;
	sldns_buffer* hex_data_buffer = NULL;
	sldns_buffer* hex_ednsdata_buffer = NULL;
	uint8_t pktbuf[MAX_PACKETLEN];
	size_t pktlen = LDNS_HEADER_SIZE;
	int do_flag = 0; /* DO flag in EDNS */
	memset(pktbuf, 0, pktlen); /* ID = 0, FLAGS="", and rr counts 0 */

	while(fgets(line, (int)sizeof(line), in) != NULL) {
		line[MAX_LINE-1] = 0;
		parse = line;
		pstate->lineno++;

		while(isspace((unsigned char)*parse))
			parse++;
		/* test for keywords */
		if(isendline(*parse))
			continue; /* skip comment and empty lines */
		if(str_keyword(&parse, "ENTRY_BEGIN")) {
			if(current) {
				error("%s line %d: previous entry does not ENTRY_END",
					name, pstate->lineno);
			}
			current = new_entry();
			current->lineno = pstate->lineno;
			cur_reply = entry_add_reply(current);
			continue;
		} else if(str_keyword(&parse, "$ORIGIN")) {
			get_origin(name, pstate, parse);
			continue;
		} else if(str_keyword(&parse, "$TTL")) {
			pstate->default_ttl = (uint32_t)atoi(parse);
			continue;
		}

		/* working inside an entry */
		if(!current) {
			error("%s line %d: expected ENTRY_BEGIN but got %s",
				name, pstate->lineno, line);
		}
		if(str_keyword(&parse, "MATCH")) {
			matchline(parse, current);
		} else if(str_keyword(&parse, "REPLY")) {
			replyline(parse, pktbuf, pktlen, &do_flag);
		} else if(str_keyword(&parse, "ADJUST")) {
			adjustline(parse, current, cur_reply);
		} else if(str_keyword(&parse, "EXTRA_PACKET")) {
			/* copy current packet into buffer */
			cur_reply->reply_pkt = memdup(pktbuf, pktlen);
			cur_reply->reply_len = pktlen;
			if(!cur_reply->reply_pkt)
				error("out of memory");
			cur_reply = entry_add_reply(current);
			/* clear for next packet */
			pktlen = LDNS_HEADER_SIZE;
			memset(pktbuf, 0, pktlen); /* ID = 0, FLAGS="", and rr counts 0 */
		} else if(str_keyword(&parse, "SECTION")) {
			if(str_keyword(&parse, "QUESTION"))
				add_section = LDNS_SECTION_QUESTION;
			else if(str_keyword(&parse, "ANSWER"))
				add_section = LDNS_SECTION_ANSWER;
			else if(str_keyword(&parse, "AUTHORITY"))
				add_section = LDNS_SECTION_AUTHORITY;
			else if(str_keyword(&parse, "ADDITIONAL"))
				add_section = LDNS_SECTION_ADDITIONAL;
			else error("%s line %d: bad section %s", name, pstate->lineno, parse);
		} else if(str_keyword(&parse, "HEX_ANSWER_BEGIN")) {
			hex_data_buffer = sldns_buffer_new(MAX_PACKETLEN);
			reading_hex = 1;
		} else if(str_keyword(&parse, "HEX_ANSWER_END")) {
			if(!reading_hex) {
				error("%s line %d: HEX_ANSWER_END read but no HEX_ANSWER_BEGIN keyword seen", name, pstate->lineno);
			}
			reading_hex = 0;
			cur_reply->reply_from_hex = hex_buffer2wire(hex_data_buffer);
			sldns_buffer_free(hex_data_buffer);
			hex_data_buffer = NULL;
		} else if(reading_hex) {
			sldns_buffer_printf(hex_data_buffer, "%s", line);
		} else if(str_keyword(&parse, "HEX_EDNSDATA_BEGIN")) {
			hex_ednsdata_buffer = sldns_buffer_new(MAX_PACKETLEN);
			reading_hex_ednsdata = 1;
		} else if(str_keyword(&parse, "HEX_EDNSDATA_END")) {
			if (!reading_hex_ednsdata) {
				error("%s line %d: HEX_EDNSDATA_END read but no"
					"HEX_EDNSDATA_BEGIN keyword seen", name, pstate->lineno);
			}
			reading_hex_ednsdata = 0;
			cur_reply->raw_ednsdata = hex_buffer2wire(hex_ednsdata_buffer);
			sldns_buffer_free(hex_ednsdata_buffer);
			hex_ednsdata_buffer = NULL;
		} else if(reading_hex_ednsdata) {
			sldns_buffer_printf(hex_ednsdata_buffer, "%s", line);
		} else if(str_keyword(&parse, "ENTRY_END")) {
			if(hex_data_buffer)
				sldns_buffer_free(hex_data_buffer);
			if(hex_ednsdata_buffer)
				sldns_buffer_free(hex_ednsdata_buffer);
			if(pktlen != 0) {
				if(do_flag || cur_reply->raw_ednsdata) {
					if(cur_reply->raw_ednsdata &&
						sldns_buffer_limit(cur_reply->raw_ednsdata))
						add_edns(pktbuf, sizeof(pktbuf), do_flag,
							sldns_buffer_begin(cur_reply->raw_ednsdata),
							(uint16_t)sldns_buffer_limit(cur_reply->raw_ednsdata),
							&pktlen);
					else
						add_edns(pktbuf, sizeof(pktbuf), do_flag,
							NULL, 0, &pktlen);
				}
				cur_reply->reply_pkt = memdup(pktbuf, pktlen);
				cur_reply->reply_len = pktlen;
				if(!cur_reply->reply_pkt)
					error("out of memory");
			}
			return current;
		} else {
			add_rr(skip_whitespace?parse:line, pktbuf,
				sizeof(pktbuf), &pktlen, pstate, add_section,
				name);
		}

	}
	if(reading_hex) {
		error("%s: End of file reached while still reading hex, "
			"missing HEX_ANSWER_END\n", name);
	}
	if(reading_hex_ednsdata) {
		error("%s: End of file reached while still reading edns data, "
			"missing HEX_EDNSDATA_END\n", name);
	}
	if(current) {
		error("%s: End of file reached while reading entry. "
			"missing ENTRY_END\n", name);
	}
	return 0;
}

/* reads the canned reply file and returns a list of structs */
struct entry*
read_datafile(const char* name, int skip_whitespace)
{
	struct entry* list = NULL;
	struct entry* last = NULL;
	struct entry* current = NULL;
	FILE *in;
	struct sldns_file_parse_state pstate;
	int entry_num = 0;
	memset(&pstate, 0, sizeof(pstate));

	if((in=fopen(name, "r")) == NULL) {
		error("could not open file %s: %s", name, strerror(errno));
	}

	while((current = read_entry(in, name, &pstate, skip_whitespace)))
	{
		if(last)
			last->next = current;
		else	list = current;
		last = current;
		entry_num ++;
	}
	verbose(1, "%s: Read %d entries\n", prog_name, entry_num);

	fclose(in);
	return list;
}

/** get qtype from packet */
static sldns_rr_type get_qtype(uint8_t* pkt, size_t pktlen)
{
	uint8_t* d;
	size_t dl, sl=0;
	char* snull = NULL;
	int comprloop = 0;
	if(pktlen < LDNS_HEADER_SIZE)
		return 0;
	if(LDNS_QDCOUNT(pkt) == 0)
		return 0;
	/* skip over dname with dname-scan routine */
	d = pkt+LDNS_HEADER_SIZE;
	dl = pktlen-LDNS_HEADER_SIZE;
	(void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen, &comprloop);
	if(dl < 2)
		return 0;
	return sldns_read_uint16(d);
}

/** get qtype from packet */
static size_t get_qname_len(uint8_t* pkt, size_t pktlen)
{
	uint8_t* d;
	size_t dl, sl=0;
	char* snull = NULL;
	int comprloop = 0;
	if(pktlen < LDNS_HEADER_SIZE)
		return 0;
	if(LDNS_QDCOUNT(pkt) == 0)
		return 0;
	/* skip over dname with dname-scan routine */
	d = pkt+LDNS_HEADER_SIZE;
	dl = pktlen-LDNS_HEADER_SIZE;
	(void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen, &comprloop);
	return pktlen-dl-LDNS_HEADER_SIZE;
}

/** returns owner from packet */
static uint8_t* get_qname(uint8_t* pkt, size_t pktlen)
{
	if(pktlen < LDNS_HEADER_SIZE)
		return NULL;
	if(LDNS_QDCOUNT(pkt) == 0)
		return NULL;
	return pkt+LDNS_HEADER_SIZE;
}

/** returns opcode from packet */
static int get_opcode(uint8_t* pkt, size_t pktlen)
{
	if(pktlen < LDNS_HEADER_SIZE)
		return 0;
	return (int)LDNS_OPCODE_WIRE(pkt);
}

/** returns rcode from packet */
static int get_rcode(uint8_t* pkt, size_t pktlen)
{
	if(pktlen < LDNS_HEADER_SIZE)
		return 0;
	return (int)LDNS_RCODE_WIRE(pkt);
}

/** get authority section SOA serial value */
static uint32_t get_serial(uint8_t* p, size_t plen)
{
	uint8_t* walk = p;
	size_t walk_len = plen, sl=0;
	char* snull = NULL;
	uint16_t i;
	int comprloop = 0;

	if(walk_len < LDNS_HEADER_SIZE)
		return 0;
	walk += LDNS_HEADER_SIZE;
	walk_len -= LDNS_HEADER_SIZE;

	/* skip other records with wire2str_scan */
	for(i=0; i < LDNS_QDCOUNT(p); i++)
		(void)sldns_wire2str_rrquestion_scan(&walk, &walk_len,
			&snull, &sl, p, plen, &comprloop);
	for(i=0; i < LDNS_ANCOUNT(p); i++)
		(void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl,
			p, plen, &comprloop);

	/* walk through authority section */
	for(i=0; i < LDNS_NSCOUNT(p); i++) {
		/* if this is SOA then get serial, skip compressed dname */
		uint8_t* dstart = walk;
		size_t dlen = walk_len;
		(void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl,
			p, plen, &comprloop);
		if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_SOA) {
			/* skip type, class, TTL, rdatalen */
			if(dlen < 10)
				return 0;
			if(dlen < 10 + (size_t)sldns_read_uint16(dstart+8))
				return 0;
			dstart += 10;
			dlen -= 10;
			/* check third rdf */
			(void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull,
				&sl, p, plen, &comprloop);
			(void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull,
				&sl, p, plen, &comprloop);
			if(dlen < 4)
				return 0;
			verbose(3, "found serial %u in msg. ",
				(int)sldns_read_uint32(dstart));
			return sldns_read_uint32(dstart);
		}
		/* move to next RR */
		(void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl,
			p, plen, &comprloop);
	}
	return 0;
}

/** get ptr to EDNS OPT record (and remaining length); after the type u16 */
static int
pkt_find_edns_opt(uint8_t** p, size_t* plen)
{
	/* walk over the packet with scan routines */
	uint8_t* w = *p;
	size_t wlen = *plen, sl=0;
	char* snull = NULL;
	uint16_t i;
	int comprloop = 0;

	if(wlen < LDNS_HEADER_SIZE)
		return 0;
	w += LDNS_HEADER_SIZE;
	wlen -= LDNS_HEADER_SIZE;

	/* skip other records with wire2str_scan */
	for(i=0; i < LDNS_QDCOUNT(*p); i++)
		(void)sldns_wire2str_rrquestion_scan(&w, &wlen, &snull, &sl,
			*p, *plen, &comprloop);
	for(i=0; i < LDNS_ANCOUNT(*p); i++)
		(void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop);
	for(i=0; i < LDNS_NSCOUNT(*p); i++)
		(void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop);

	/* walk through additional section */
	for(i=0; i < LDNS_ARCOUNT(*p); i++) {
		/* if this is OPT then done */
		uint8_t* dstart = w;
		size_t dlen = wlen;
		(void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl,
			*p, *plen, &comprloop);
		if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_OPT) {
			*p = dstart+2;
			*plen = dlen-2;
			return 1;
		}
		/* move to next RR */
		(void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop);
	}
	return 0;
}

/** return true if the packet has EDNS OPT record */
static int
get_has_edns(uint8_t* pkt, size_t len)
{
	/* use arguments as temporary variables */
	return pkt_find_edns_opt(&pkt, &len);
}

/** return true if the DO flag is set */
static int
get_do_flag(uint8_t* pkt, size_t len)
{
	uint16_t edns_bits;
	uint8_t* walk = pkt;
	size_t walk_len = len;
	if(!pkt_find_edns_opt(&walk, &walk_len)) {
		return 0;
	}
	if(walk_len < 6)
		return 0; /* malformed */
	edns_bits = sldns_read_uint16(walk+4);
	return (int)(edns_bits&LDNS_EDNS_MASK_DO_BIT);
}

/** Snips the specified EDNS option out of the OPT record and puts it in the
 *  provided buffer. The buffer should be able to hold any opt data ie 65535.
 *  Returns the length of the option written,
 *  or 0 if not found, else -1 on error. */
static int
pkt_snip_edns_option(uint8_t* pkt, size_t len, sldns_edns_option code,
	uint8_t* buf)
{
	uint8_t *rdata, *opt_position = pkt;
	uint16_t rdlen, optlen;
	size_t remaining = len;
	if(!pkt_find_edns_opt(&opt_position, &remaining)) return 0;
	if(remaining < 8) return -1; /* malformed */
	rdlen = sldns_read_uint16(opt_position+6);
	rdata = opt_position + 8;
	while(rdlen > 0) {
		if(rdlen < 4) return -1; /* malformed */
		optlen = sldns_read_uint16(rdata+2);
		if(sldns_read_uint16(rdata) == code) {
			/* save data to buf for caller inspection */
			memmove(buf, rdata+4, optlen);
			/* snip option from packet; assumes len is correct */
			memmove(rdata, rdata+4+optlen,
				(pkt+len)-(rdata+4+optlen));
			/* update OPT size */
			sldns_write_uint16(opt_position+6,
				sldns_read_uint16(opt_position+6)-(4+optlen));
			return optlen;
		}
		rdlen -= 4 + optlen;
		rdata += 4 + optlen;
	}
	return 0;
}

/** Snips the EDE option out of the OPT record and returns the EDNS EDE
 *  INFO-CODE if found, else -1 */
static int
extract_ede(uint8_t* pkt, size_t len)
{
	uint8_t buf[65535];
	int buflen = pkt_snip_edns_option(pkt, len, LDNS_EDNS_EDE, buf);
	if(buflen < 2 /*ede without text at minimum*/) return -1;
	return sldns_read_uint16(buf);
}

/** Snips the DNS Cookie option out of the OPT record and puts it in the
 *  provided cookie buffer (should be at least 24 octets).
 *  Returns the length of the cookie if found, else -1. */
static int
extract_cookie(uint8_t* pkt, size_t len, uint8_t* cookie)
{
	uint8_t buf[65535];
	int buflen = pkt_snip_edns_option(pkt, len, LDNS_EDNS_COOKIE, buf);
	if(buflen != 8 /*client cookie*/ &&
		buflen != 8 + 16 /*server cookie*/) return -1;
	memcpy(cookie, buf, buflen);
	return buflen;
}

/** zero TTLs in packet */
static void
zerottls(uint8_t* pkt, size_t pktlen)
{
	uint8_t* walk = pkt;
	size_t walk_len = pktlen, sl=0;
	char* snull = NULL;
	uint16_t i;
	uint16_t num = LDNS_ANCOUNT(pkt)+LDNS_NSCOUNT(pkt)+LDNS_ARCOUNT(pkt);
	int comprloop = 0;
	if(walk_len < LDNS_HEADER_SIZE)
		return;
	walk += LDNS_HEADER_SIZE;
	walk_len -= LDNS_HEADER_SIZE;
	for(i=0; i < LDNS_QDCOUNT(pkt); i++)
		(void)sldns_wire2str_rrquestion_scan(&walk, &walk_len,
			&snull, &sl, pkt, pktlen, &comprloop);
	for(i=0; i < num; i++) {
		/* wipe TTL */
		uint8_t* dstart = walk;
		size_t dlen = walk_len;
		(void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl,
			pkt, pktlen, &comprloop);
		if(dlen < 8)
			return;
		sldns_write_uint32(dstart+4, 0);
		/* go to next RR */
		(void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl,
			pkt, pktlen, &comprloop);
	}
}

/** get one line (\n) from a string, move next to after the \n, zero \n */
static int
get_line(char** s, char** n)
{
	/* at end of string? end */
	if(*n == NULL || **n == 0)
		return 0;
	/* result starts at next string */
	*s = *n;
	/* find \n after that */
	*n = strchr(*s, '\n');
	if(*n && **n != 0) {
		/* terminate line */
		(*n)[0] = 0;
		(*n)++;
	}
	return 1;
}

/** match two RR sections without ordering */
static int
match_noloc_section(char** q, char** nq, char** p, char** np, uint16_t num)
{
	/* for max number of RRs in packet */
	const uint16_t numarray = 3000;
	char* qlines[numarray], *plines[numarray];
	uint16_t i, j, numq=0, nump=0;
	if(num > numarray) fatal_exit("too many RRs");
	/* gather lines */
	for(i=0; i<num; i++) {
		get_line(q, nq);
		get_line(p, np);
		qlines[numq++] = *q;
		plines[nump++] = *p;
	}
	/* see if they are all present in the other */
	for(i=0; i<num; i++) {
		int found = 0;
		for(j=0; j<num; j++) {
			if(strcmp(qlines[i], plines[j]) == 0) {
				found = 1;
				break;
			}
		}
		if(!found) {
			verbose(3, "comparenoloc: failed for %s", qlines[i]);
			return 0;
		}
	}
	return 1;
}

/** match two strings for unordered equality of RRs and everything else */
static int
match_noloc(char* q, char* p, uint8_t* q_pkt, size_t q_pkt_len,
	uint8_t* p_pkt, size_t p_pkt_len)
{
	char* nq = q, *np = p;
	/* if no header, compare bytes */
	if(p_pkt_len < LDNS_HEADER_SIZE || q_pkt_len < LDNS_HEADER_SIZE) {
		if(p_pkt_len != q_pkt_len) return 0;
		return memcmp(p, q, p_pkt_len);
	}
	/* compare RR counts */
	if(LDNS_QDCOUNT(p_pkt) != LDNS_QDCOUNT(q_pkt))
		return 0;
	if(LDNS_ANCOUNT(p_pkt) != LDNS_ANCOUNT(q_pkt))
		return 0;
	if(LDNS_NSCOUNT(p_pkt) != LDNS_NSCOUNT(q_pkt))
		return 0;
	if(LDNS_ARCOUNT(p_pkt) != LDNS_ARCOUNT(q_pkt))
		return 0;
	/* get a line from both; compare; at sections do section */
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) {
		/* header line opcode, rcode, id */
		return 0;
	}
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) {
		/* header flags, rr counts */
		return 0;
	}
	/* ;; QUESTION SECTION */
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) return 0;
	if(!match_noloc_section(&q, &nq, &p, &np, LDNS_QDCOUNT(p_pkt)))
		return 0;

	/* empty line and ;; ANSWER SECTION */
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) return 0;
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) return 0;
	if(!match_noloc_section(&q, &nq, &p, &np, LDNS_ANCOUNT(p_pkt)))
		return 0;

	/* empty line and ;; AUTHORITY SECTION */
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) return 0;
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) return 0;
	if(!match_noloc_section(&q, &nq, &p, &np, LDNS_NSCOUNT(p_pkt)))
		return 0;

	/* empty line and ;; ADDITIONAL SECTION */
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) return 0;
	get_line(&q, &nq);
	get_line(&p, &np);
	if(strcmp(q, p) != 0) return 0;
	if(!match_noloc_section(&q, &nq, &p, &np, LDNS_ARCOUNT(p_pkt)))
		return 0;

	return 1;
}

/** lowercase domain name - does not follow compression pointers */
static void lowercase_dname(uint8_t** p, size_t* remain)
{
	unsigned i, llen;
	if(*remain == 0) return;
	while(**p != 0) {
		/* compressed? */
		if((**p & 0xc0) == 0xc0) {
			*p += 2;
			*remain -= 2;
			return;
		}
		llen = (unsigned int)**p;
		*p += 1;
		*remain -= 1;
		if(*remain < llen)
			llen = (unsigned int)*remain;
		for(i=0; i<llen; i++) {
			(*p)[i] = (uint8_t)tolower((int)(*p)[i]);
		}
		*p += llen;
		*remain -= llen;
		if(*remain == 0) return;
	}
	/* skip root label */
	*p += 1;
	*remain -= 1;
}

/** lowercase rdata of type */
static void lowercase_rdata(uint8_t** p, size_t* remain,
	uint16_t rdatalen, uint16_t t)
{
	const sldns_rr_descriptor *desc = sldns_rr_descript(t);
	uint8_t dname_count = 0;
	size_t i = 0;
	size_t rdataremain = rdatalen;
	if(!desc) {
		/* unknown type */
		*p += rdatalen;
		*remain -= rdatalen;
		return;
	}
	while(dname_count < desc->_dname_count) {
		sldns_rdf_type f = sldns_rr_descriptor_field_type(desc, i++);
		if(f == LDNS_RDF_TYPE_DNAME) {
			lowercase_dname(p, &rdataremain);
			dname_count++;
		} else if(f == LDNS_RDF_TYPE_STR) {
			uint8_t len;
			if(rdataremain == 0) return;
			len = **p;
			*p += len+1;
			rdataremain -= len+1;
		} else {
			int len = 0;
			switch(f) {
			case LDNS_RDF_TYPE_CLASS:
			case LDNS_RDF_TYPE_ALG:
			case LDNS_RDF_TYPE_INT8:
				len = 1;
				break;
			case LDNS_RDF_TYPE_INT16:
			case LDNS_RDF_TYPE_TYPE:
			case LDNS_RDF_TYPE_CERT_ALG:
				len = 2;
				break;
			case LDNS_RDF_TYPE_INT32:
			case LDNS_RDF_TYPE_TIME:
			case LDNS_RDF_TYPE_A:
			case LDNS_RDF_TYPE_PERIOD:
				len = 4;
				break;
			case LDNS_RDF_TYPE_TSIGTIME:
				len = 6;
				break;
			case LDNS_RDF_TYPE_AAAA:
				len = 16;
				break;
			default: error("bad rdf type in lowercase %d", (int)f);
			}
			*p += len;
			rdataremain -= len;
		}
	}
	/* skip remainder of rdata */
	*p += rdataremain;
	*remain -= rdatalen;
}

/** lowercase all names in the message */
static void lowercase_pkt(uint8_t* pkt, size_t pktlen)
{
	uint16_t i;
	uint8_t* p = pkt;
	size_t remain = pktlen;
	uint16_t t, rdatalen;
	if(pktlen < LDNS_HEADER_SIZE)
		return;
	p += LDNS_HEADER_SIZE;
	remain -= LDNS_HEADER_SIZE;
	for(i=0; i<LDNS_QDCOUNT(pkt); i++) {
		lowercase_dname(&p, &remain);
		if(remain < 4) return;
		p += 4;
		remain -= 4;
	}
	for(i=0; i<LDNS_ANCOUNT(pkt)+LDNS_NSCOUNT(pkt)+LDNS_ARCOUNT(pkt); i++) {
		lowercase_dname(&p, &remain);
		if(remain < 10) return;
		t = sldns_read_uint16(p);
		rdatalen = sldns_read_uint16(p+8);
		p += 10;
		remain -= 10;
		if(remain < rdatalen) return;
		lowercase_rdata(&p, &remain, rdatalen, t);
	}
}

/** match question section of packet */
static int
match_question(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl)
{
	char* qstr, *pstr, *s, *qcmpstr, *pcmpstr;
	uint8_t* qb = q, *pb = p;
	int r;
	/* zero TTLs */
	qb = memdup(q, qlen);
	pb = memdup(p, plen);
	if(!qb || !pb) error("out of memory");
	if(!mttl) {
		zerottls(qb, qlen);
		zerottls(pb, plen);
	}
	lowercase_pkt(qb, qlen);
	lowercase_pkt(pb, plen);
	qstr = sldns_wire2str_pkt(qb, qlen);
	pstr = sldns_wire2str_pkt(pb, plen);
	if(!qstr || !pstr) error("cannot pkt2string");

	/* remove before ;; QUESTION */
	s = strstr(qstr, ";; QUESTION SECTION");
	qcmpstr = s;
	s = strstr(pstr, ";; QUESTION SECTION");
	pcmpstr = s;
	if(!qcmpstr && !pcmpstr) {
		free(qstr);
		free(pstr);
		free(qb);
		free(pb);
		return 1;
	}
	if(!qcmpstr || !pcmpstr) {
		free(qstr);
		free(pstr);
		free(qb);
		free(pb);
		return 0;
	}

	/* remove after answer section, (;; ANS, ;; AUTH, ;; ADD  ..) */
	s = strstr(qcmpstr, ";; ANSWER SECTION");
	if(!s) s = strstr(qcmpstr, ";; AUTHORITY SECTION");
	if(!s) s = strstr(qcmpstr, ";; ADDITIONAL SECTION");
	if(!s) s = strstr(qcmpstr, ";; MSG SIZE");
	if(s) *s = 0;
	s = strstr(pcmpstr, ";; ANSWER SECTION");
	if(!s) s = strstr(pcmpstr, ";; AUTHORITY SECTION");
	if(!s) s = strstr(pcmpstr, ";; ADDITIONAL SECTION");
	if(!s) s = strstr(pcmpstr, ";; MSG SIZE");
	if(s) *s = 0;

	r = (strcmp(qcmpstr, pcmpstr) == 0);

	if(!r) {
		verbose(3, "mismatch question section '%s' and '%s'",
			qcmpstr, pcmpstr);
	}

	free(qstr);
	free(pstr);
	free(qb);
	free(pb);
	return r;
}

/** match answer section of packet */
static int
match_answer(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl)
{
	char* qstr, *pstr, *s, *qcmpstr, *pcmpstr;
	uint8_t* qb = q, *pb = p;
	int r;
	/* zero TTLs */
	qb = memdup(q, qlen);
	pb = memdup(p, plen);
	if(!qb || !pb) error("out of memory");
	if(!mttl) {
		zerottls(qb, qlen);
		zerottls(pb, plen);
	}
	lowercase_pkt(qb, qlen);
	lowercase_pkt(pb, plen);
	qstr = sldns_wire2str_pkt(qb, qlen);
	pstr = sldns_wire2str_pkt(pb, plen);
	if(!qstr || !pstr) error("cannot pkt2string");

	/* remove before ;; ANSWER */
	s = strstr(qstr, ";; ANSWER SECTION");
	qcmpstr = s;
	s = strstr(pstr, ";; ANSWER SECTION");
	pcmpstr = s;
	if(!qcmpstr && !pcmpstr) {
		free(qstr);
		free(pstr);
		free(qb);
		free(pb);
		return 1;
	}
	if(!qcmpstr || !pcmpstr) {
		free(qstr);
		free(pstr);
		free(qb);
		free(pb);
		return 0;
	}

	/* remove after answer section, (;; AUTH, ;; ADD, ;; MSG size ..) */
	s = strstr(qcmpstr, ";; AUTHORITY SECTION");
	if(!s) s = strstr(qcmpstr, ";; ADDITIONAL SECTION");
	if(!s) s = strstr(qcmpstr, ";; MSG SIZE");
	if(s) *s = 0;
	s = strstr(pcmpstr, ";; AUTHORITY SECTION");
	if(!s) s = strstr(pcmpstr, ";; ADDITIONAL SECTION");
	if(!s) s = strstr(pcmpstr, ";; MSG SIZE");
	if(s) *s = 0;

	r = (strcmp(qcmpstr, pcmpstr) == 0);

	if(!r) {
		verbose(3, "mismatch answer section '%s' and '%s'",
			qcmpstr, pcmpstr);
	}

	free(qstr);
	free(pstr);
	free(qb);
	free(pb);
	return r;
}

/** ignore EDNS lines in the string by overwriting them with what's left or
 *  zero out if at end of the string */
static int
ignore_edns_lines(char* str) {
	char* edns = str, *n;
	size_t str_len = strlen(str);
	while((edns = strstr(edns, "; EDNS"))) {
		n = strchr(edns, '\n');
		if(!n) {
			/* EDNS at end of string; zero */
			*edns = 0;
			break;
		}
		memmove(edns, n+1, str_len-(n-str));
	}
	return 1;
}

/** match all of the packet */
int
match_all(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl,
	int noloc, int noedns)
{
	char* qstr, *pstr;
	uint8_t* qb = q, *pb = p;
	int r;
	qb = memdup(q, qlen);
	pb = memdup(p, plen);
	if(!qb || !pb) error("out of memory");
	/* zero TTLs */
	if(!mttl) {
		zerottls(qb, qlen);
		zerottls(pb, plen);
	}
	lowercase_pkt(qb, qlen);
	lowercase_pkt(pb, plen);
	qstr = sldns_wire2str_pkt(qb, qlen);
	pstr = sldns_wire2str_pkt(pb, plen);
	if(!qstr || !pstr) error("cannot pkt2string");
	/* should we ignore EDNS lines? */
	if(noedns) {
		ignore_edns_lines(qstr);
		ignore_edns_lines(pstr);
	}
	r = (strcmp(qstr, pstr) == 0);
	if(!r) {
		/* remove ;; MSG SIZE (at end of string) */
		char* s = strstr(qstr, ";; MSG SIZE");
		if(s) *s=0;
		s = strstr(pstr, ";; MSG SIZE");
		if(s) *s=0;
		r = (strcmp(qstr, pstr) == 0);
		if(!r && !noloc && !noedns) {
			/* we are going to fail, see if the cause is EDNS */
			char* a = strstr(qstr, "; EDNS");
			char* b = strstr(pstr, "; EDNS");
			if( (a&&!b) || (b&&!a) ) {
				verbose(3, "mismatch in EDNS\n");
			}
		}
	}
	if(!r && noloc) {
		/* check for reordered sections */
		r = match_noloc(qstr, pstr, q, qlen, p, plen);
	}
	if(!r) {
		verbose(3, "mismatch pkt '%s' and '%s'", qstr, pstr);
	}
	free(qstr);
	free(pstr);
	free(qb);
	free(pb);
	return r;
}

/** see if domain names are equal */
static int equal_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen)
{
	uint8_t* qn = get_qname(q, qlen);
	uint8_t* pn = get_qname(p, plen);
	char qs[512], ps[512];
	size_t qslen = sizeof(qs), pslen = sizeof(ps);
	char* qss = qs, *pss = ps;
	int comprloop = 0;
	if(!qn || !pn)
		return 0;
	(void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen, &comprloop);
	(void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen, &comprloop);
	return (strcmp(qs, ps) == 0);
}

/** see if domain names are subdomain q of p */
static int subdomain_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen)
{
	/* we use the tostring routines so as to test unbound's routines
	 * with something else */
	uint8_t* qn = get_qname(q, qlen);
	uint8_t* pn = get_qname(p, plen);
	char qs[5120], ps[5120];
	size_t qslen = sizeof(qs), pslen = sizeof(ps);
	char* qss = qs, *pss = ps;
	int comprloop = 0;
	if(!qn || !pn)
		return 0;
	/* decompresses domain names */
	(void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen, &comprloop);
	(void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen, &comprloop);
	/* same: false, (strict subdomain check)??? */
	if(strcmp(qs, ps) == 0)
		return 1;
	/* qs must end in ps, at a dot, without \ in front */
	qslen = strlen(qs);
	pslen = strlen(ps);
	if(qslen > pslen && strcmp(qs + (qslen-pslen), ps) == 0 &&
		qslen + 2 >= pslen && /* space for label and dot */
		qs[qslen-pslen-1] == '.') {
		unsigned int slashcount = 0;
		size_t i = qslen-pslen-2;
		while(i>0 && qs[i]=='\\') {
			i++;
			slashcount++;
		}
		if(slashcount%1 == 1) return 0; /* . preceded by \ */
		return 1;
	}
	return 0;
}

/** Match OPT RDATA (not the EDNS payload size or flags) */
static int
match_ednsdata(uint8_t* q, size_t qlen, uint8_t* p, size_t plen)
{
	uint8_t* walk_q = q;
	size_t walk_qlen = qlen;
	uint8_t* walk_p = p;
	size_t walk_plen = plen;

	if(!pkt_find_edns_opt(&walk_q, &walk_qlen))
		walk_qlen = 0;
	if(!pkt_find_edns_opt(&walk_p, &walk_plen))
		walk_plen = 0;

	/* class + ttl + rdlen = 8 */
	if(walk_qlen <= 8 && walk_plen <= 8) {
		verbose(3, "NO edns opt, move on");
		return 1;
	}
	if(walk_qlen != walk_plen)
		return 0;

	return (memcmp(walk_p+8, walk_q+8, walk_qlen-8) == 0);
}

/* finds entry in list, or returns NULL */
struct entry*
find_match(struct entry* entries, uint8_t* query_pkt, size_t len,
	enum transport_type transport)
{
	struct entry* p = entries;
	uint8_t* reply, *query_pkt_orig;
	size_t rlen, query_pkt_orig_len;
	/* Keep the original packet; it may be modified */
	query_pkt_orig = memdup(query_pkt, len);
	query_pkt_orig_len = len;
	for(p=entries; p; p=p->next) {
		verbose(3, "comparepkt: ");
		reply = p->reply_list->reply_pkt;
		rlen = p->reply_list->reply_len;
		/* Restore the original packet for each entry */
		memcpy(query_pkt, query_pkt_orig, query_pkt_orig_len);
		/* EDE should be first since it may modify the query_pkt */
		if(p->match_ede) {
			int info_code = extract_ede(query_pkt, len);
			if(info_code == -1) {
				verbose(3, "bad EDE. Expected but not found\n");
				continue;
			} else if(!p->match_ede_any &&
				(uint16_t)info_code != p->ede_info_code) {
				verbose(3, "bad EDE INFO-CODE. Expected: %d, "
					"and got: %d\n", (int)p->ede_info_code,
					info_code);
				continue;
			}
		}
		/* Cookies could also modify the query_pkt; keep them early */
		if(p->match_client_cookie || p->match_server_cookie) {
			uint8_t cookie[24];
			int cookie_len = extract_cookie(query_pkt, len,
				cookie);
			if(cookie_len == -1) {
				verbose(3, "bad DNS Cookie. "
					"Expected but not found\n");
				continue;
			} else if(p->match_client_cookie &&
				cookie_len != 8) {
				verbose(3, "bad DNS Cookie. Expected client "
					"cookie of length 8.");
				continue;
			} else if((p->match_server_cookie) &&
				cookie_len != 24) {
				verbose(3, "bad DNS Cookie. Expected server "
					"cookie of length 24.");
				continue;
			}
		}
		if(p->match_opcode && get_opcode(query_pkt, len) !=
			get_opcode(reply, rlen)) {
			verbose(3, "bad opcode\n");
			continue;
		}
		if(p->match_qtype && get_qtype(query_pkt, len) !=
			get_qtype(reply, rlen)) {
			verbose(3, "bad qtype %d %d\n", get_qtype(query_pkt, len), get_qtype(reply, rlen));
			continue;
		}
		if(p->match_qname) {
			if(!equal_dname(query_pkt, len, reply, rlen)) {
				verbose(3, "bad qname\n");
				continue;
			}
		}
		if(p->match_rcode) {
			if(get_rcode(query_pkt, len) != get_rcode(reply, rlen)) {
				char *r1 = sldns_wire2str_rcode(get_rcode(query_pkt, len));
				char *r2 = sldns_wire2str_rcode(get_rcode(reply, rlen));
				verbose(3, "bad rcode %s instead of %s\n",
					r1, r2);
				free(r1);
				free(r2);
				continue;
			}
		}
		if(p->match_question) {
			if(!match_question(query_pkt, len, reply, rlen,
				(int)p->match_ttl)) {
				verbose(3, "bad question section\n");
				continue;
			}
		}
		if(p->match_answer) {
			if(!match_answer(query_pkt, len, reply, rlen,
				(int)p->match_ttl)) {
				verbose(3, "bad answer section\n");
				continue;
			}
		}
		if(p->match_subdomain) {
			if(!subdomain_dname(query_pkt, len, reply, rlen)) {
				verbose(3, "bad subdomain\n");
				continue;
			}
		}
		if(p->match_serial && get_serial(query_pkt, len) != p->ixfr_soa_serial) {
				verbose(3, "bad serial\n");
				continue;
		}
		if(p->match_do && !get_do_flag(query_pkt, len)) {
			verbose(3, "no DO bit set\n");
			continue;
		}
		if(p->match_noedns && get_has_edns(query_pkt, len)) {
			verbose(3, "bad; EDNS OPT present\n");
			continue;
		}
		if(p->match_ednsdata_raw &&
				!match_ednsdata(query_pkt, len, reply, rlen)) {
			verbose(3, "bad EDNS data match.\n");
			continue;
		}
		if(p->match_transport != transport_any && p->match_transport != transport) {
			verbose(3, "bad transport\n");
			continue;
		}
		if(p->match_all_noedns && !match_all(query_pkt, len, reply,
			rlen, (int)p->match_ttl, 0, 1)) {
			verbose(3, "bad all_noedns match\n");
			continue;
		}
		if(p->match_all && !match_all(query_pkt, len, reply, rlen,
			(int)p->match_ttl, 0, 0)) {
			verbose(3, "bad allmatch\n");
			continue;
		}
		verbose(3, "match!\n");
		/* Restore the original packet */
		memcpy(query_pkt, query_pkt_orig, query_pkt_orig_len);
		free(query_pkt_orig);
		return p;
	}
	/* Restore the original packet */
	memcpy(query_pkt, query_pkt_orig, query_pkt_orig_len);
	free(query_pkt_orig);
	return NULL;
}

void
adjust_packet(struct entry* match, uint8_t** answer_pkt, size_t *answer_len,
	uint8_t* query_pkt, size_t query_len)
{
	uint8_t* orig = *answer_pkt;
	size_t origlen = *answer_len;
	uint8_t* res;
	size_t reslen;

	/* perform the copy; if possible; must be uncompressed */
	if(match->copy_query && origlen >= LDNS_HEADER_SIZE &&
		query_len >= LDNS_HEADER_SIZE && LDNS_QDCOUNT(query_pkt)!=0
		&& LDNS_QDCOUNT(orig)==0) {
		/* no qname in output packet, insert it */
		size_t dlen = get_qname_len(query_pkt, query_len);
		reslen = origlen + dlen + 4;
		res = (uint8_t*)malloc(reslen);
		if(!res) {
			verbose(1, "out of memory; send without adjust\n");
			return;
		}
		/* copy the header, query, remainder */
		memcpy(res, orig, LDNS_HEADER_SIZE);
		memmove(res+LDNS_HEADER_SIZE, query_pkt+LDNS_HEADER_SIZE,
			dlen+4);
		memmove(res+LDNS_HEADER_SIZE+dlen+4, orig+LDNS_HEADER_SIZE,
			reslen-(LDNS_HEADER_SIZE+dlen+4));
		/* set QDCOUNT */
		sldns_write_uint16(res+4, 1);
	} else if(match->copy_query && origlen >= LDNS_HEADER_SIZE &&
		query_len >= LDNS_HEADER_SIZE && LDNS_QDCOUNT(query_pkt)!=0
		&& get_qname_len(orig, origlen) == 0) {
		/* QDCOUNT(orig)!=0 but qlen == 0, therefore, an error */
		verbose(1, "error: malformed qname; send without adjust\n");
		res = memdup(orig, origlen);
		reslen = origlen;
	} else if(match->copy_query && origlen >= LDNS_HEADER_SIZE &&
		query_len >= LDNS_HEADER_SIZE && LDNS_QDCOUNT(query_pkt)!=0
		&& LDNS_QDCOUNT(orig)!=0) {
		/* in this case olen != 0 and QDCOUNT(orig)!=0 */
		/* copy query section */
		size_t dlen = get_qname_len(query_pkt, query_len);
		size_t olen = get_qname_len(orig, origlen);
		reslen = origlen + dlen - olen;
		res = (uint8_t*)malloc(reslen);
		if(!res) {
			verbose(1, "out of memory; send without adjust\n");
			return;
		}
		/* copy the header, query, remainder */
		memcpy(res, orig, LDNS_HEADER_SIZE);
		memmove(res+LDNS_HEADER_SIZE, query_pkt+LDNS_HEADER_SIZE,
			dlen+4);
		memmove(res+LDNS_HEADER_SIZE+dlen+4,
			orig+LDNS_HEADER_SIZE+olen+4,
			reslen-(LDNS_HEADER_SIZE+dlen+4));
	} else {
		res = memdup(orig, origlen);
		reslen = origlen;
	}
	if(!res) {
		verbose(1, "out of memory; send without adjust\n");
		return;
	}
	/* copy the ID */
	if(match->copy_id && reslen >= 2 && query_len >= 2)
		res[1] = query_pkt[1];
	if(match->copy_id && reslen >= 1 && query_len >= 1)
		res[0] = query_pkt[0];

	if(match->copy_ednsdata_assume_clientsubnet) {
		/** Assume there is only one EDNS option, which is ECS.
		 * Copy source mask from query to scope mask in reply. Assume
		 * rest of ECS data in response (eg address) matches the query.
		 */
		uint8_t* walk_q = orig;
		size_t walk_qlen = origlen;
		uint8_t* walk_p = res;
		size_t walk_plen = reslen;

		if(!pkt_find_edns_opt(&walk_q, &walk_qlen)) {
			walk_qlen = 0;
		}
		if(!pkt_find_edns_opt(&walk_p, &walk_plen)) {
			walk_plen = 0;
		}
		/* class + ttl + rdlen + optcode + optlen + ecs fam + ecs source
		 * + ecs scope = index 15 */
		if(walk_qlen >= 15 && walk_plen >= 15) {
			walk_p[15] = walk_q[14];
		}
		if(match->increment_ecs_scope) {
			walk_p[15]++;
		}
	}

	if(match->sleeptime > 0) {
		verbose(3, "sleeping for %d seconds\n", match->sleeptime);
#ifdef HAVE_SLEEP
		sleep(match->sleeptime);
#else
		Sleep(match->sleeptime * 1000);
#endif
	}
	*answer_pkt = res;
	*answer_len = reslen;
}

/*
 * Parses data buffer to a query, finds the correct answer
 * and calls the given function for every packet to send.
 */
void
handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count,
	enum transport_type transport, void (*sendfunc)(uint8_t*, size_t, void*),
	void* userdata, FILE* verbose_out)
{
	struct reply_packet *p;
	uint8_t *outbuf = NULL;
	size_t outlen = 0;
	struct entry* entry = NULL;

	verbose(1, "query %d: id %d: %s %d bytes: ", ++(*count),
		(int)(inlen>=2?LDNS_ID_WIRE(inbuf):0),
		(transport==transport_tcp)?"TCP":"UDP", (int)inlen);
	if(verbose_out) {
		char* out = sldns_wire2str_pkt(inbuf, (size_t)inlen);
		printf("%s\n", out);
		free(out);
	}

	/* fill up answer packet */
	entry = find_match(entries, inbuf, (size_t)inlen, transport);
	if(!entry || !entry->reply_list) {
		verbose(1, "no answer packet for this query, no reply.\n");
		return;
	}
	for(p = entry->reply_list; p; p = p->next)
	{
		verbose(3, "Answer pkt:\n");
		if (p->reply_from_hex) {
			/* try to adjust the hex packet, if it can be
			 * parsed, we can use adjust rules. if not,
			 * send packet literally */
			/* still try to adjust ID if others fail */
			outlen = sldns_buffer_limit(p->reply_from_hex);
			outbuf = sldns_buffer_begin(p->reply_from_hex);
		} else {
			outbuf = p->reply_pkt;
			outlen = p->reply_len;
		}
		if(!outbuf) {
			verbose(1, "out of memory\n");
			return;
		}
		/* copies outbuf in memory allocation */
		adjust_packet(entry, &outbuf, &outlen, inbuf, (size_t)inlen);
		verbose(1, "Answer packet size: %u bytes.\n", (unsigned int)outlen);
		if(verbose_out) {
			char* out = sldns_wire2str_pkt(outbuf, outlen);
			printf("%s\n", out);
			free(out);
		}
		if(p->packet_sleep) {
			verbose(3, "sleeping for next packet %d secs\n",
				p->packet_sleep);
#ifdef HAVE_SLEEP
			sleep(p->packet_sleep);
#else
			Sleep(p->packet_sleep * 1000);
#endif
			verbose(3, "wakeup for next packet "
				"(slept %d secs)\n", p->packet_sleep);
		}
		sendfunc(outbuf, outlen, userdata);
		free(outbuf);
		outbuf = NULL;
		outlen = 0;
	}
}

/** delete the list of reply packets */
void delete_replylist(struct reply_packet* replist)
{
	struct reply_packet *p=replist, *np;
	while(p) {
		np = p->next;
		free(p->reply_pkt);
		sldns_buffer_free(p->reply_from_hex);
		sldns_buffer_free(p->raw_ednsdata);
		free(p);
		p=np;
	}
}

void delete_entry(struct entry* list)
{
	struct entry *p=list, *np;
	while(p) {
		np = p->next;
		delete_replylist(p->reply_list);
		free(p);
		p = np;
	}
}