1 /* 2 * iterator/iter_delegpt.h - delegation point with NS and address information. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file implements the Delegation Point. It contains a list of name servers 40 * and their addresses if known. 41 */ 42 43 #ifndef ITERATOR_ITER_DELEGPT_H 44 #define ITERATOR_ITER_DELEGPT_H 45 #include "util/log.h" 46 struct regional; 47 struct delegpt_ns; 48 struct delegpt_addr; 49 struct dns_msg; 50 struct ub_packed_rrset_key; 51 struct msgreply_entry; 52 53 /** 54 * Delegation Point. 55 * For a domain name, the NS rrset, and the A and AAAA records for those. 56 */ 57 struct delegpt { 58 /** the domain name of the delegation point. */ 59 uint8_t* name; 60 /** length of the delegation point name */ 61 size_t namelen; 62 /** number of labels in delegation point */ 63 int namelabs; 64 65 /** the nameservers, names from the NS RRset rdata. */ 66 struct delegpt_ns* nslist; 67 /** the target addresses for delegation */ 68 struct delegpt_addr* target_list; 69 /** the list of usable targets; subset of target_list 70 * the items in this list are not part of the result list. */ 71 struct delegpt_addr* usable_list; 72 /** the list of returned targets; subset of target_list */ 73 struct delegpt_addr* result_list; 74 75 /** if true, the NS RRset was bogus. All info is bad. */ 76 int bogus; 77 /** if true, the parent-side NS record has been applied: 78 * its names have been added and their addresses can follow later. 79 * Also true if the delegationpoint was created from a delegation 80 * message and thus contains the parent-side-info already. */ 81 uint8_t has_parent_side_NS; 82 /** for assertions on type of delegpt */ 83 uint8_t dp_type_mlc; 84 /** use SSL for upstream query */ 85 uint8_t ssl_upstream; 86 /** delegpt from authoritative zone that is locally hosted */ 87 uint8_t auth_dp; 88 /*** no cache */ 89 int no_cache; 90 }; 91 92 /** 93 * Nameservers for a delegation point. 94 */ 95 struct delegpt_ns { 96 /** next in list */ 97 struct delegpt_ns* next; 98 /** name of nameserver */ 99 uint8_t* name; 100 /** length of name */ 101 size_t namelen; 102 /** 103 * If the name has been resolved. false if not queried for yet. 104 * true if the A, AAAA queries have been generated. 105 * marked true if those queries fail. 106 * and marked true if got4 and got6 are both true. 107 */ 108 int resolved; 109 /** if the ipv4 address is in the delegpt, 0=not, 1=yes 2=negative, 110 * negative means it was done, but no content. */ 111 uint8_t got4; 112 /** if the ipv6 address is in the delegpt, 0=not, 1=yes 2=negative */ 113 uint8_t got6; 114 /** 115 * If the name is parent-side only and thus dispreferred. 116 * Its addresses become dispreferred as well 117 */ 118 uint8_t lame; 119 /** if the parent-side ipv4 address has been looked up (last resort). 120 * Also enabled if a parent-side cache entry exists, or a parent-side 121 * negative-cache entry exists. */ 122 uint8_t done_pside4; 123 /** if the parent-side ipv6 address has been looked up (last resort). 124 * Also enabled if a parent-side cache entry exists, or a parent-side 125 * negative-cache entry exists. */ 126 uint8_t done_pside6; 127 }; 128 129 /** 130 * Address of target nameserver in delegation point. 131 */ 132 struct delegpt_addr { 133 /** next delegation point in results */ 134 struct delegpt_addr* next_result; 135 /** next delegation point in usable list */ 136 struct delegpt_addr* next_usable; 137 /** next delegation point in all targets list */ 138 struct delegpt_addr* next_target; 139 140 /** delegation point address */ 141 struct sockaddr_storage addr; 142 /** length of addr */ 143 socklen_t addrlen; 144 /** number of attempts for this addr */ 145 int attempts; 146 /** rtt stored here in the selection algorithm */ 147 int sel_rtt; 148 /** if true, the A or AAAA RR was bogus, so this address is bad. 149 * Also check the dp->bogus to see if everything is bogus. */ 150 uint8_t bogus; 151 /** if true, this address is dispreferred: it is a lame IP address */ 152 uint8_t lame; 153 /** if the address is dnsseclame, but this cannot be cached, this 154 * option is useful to mark the address dnsseclame. 155 * This value is not copied in addr-copy and dp-copy. */ 156 uint8_t dnsseclame; 157 /** the TLS authentication name, (if not NULL) to use. */ 158 char* tls_auth_name; 159 }; 160 161 /** 162 * Create new delegation point. 163 * @param regional: where to allocate it. 164 * @return new delegation point or NULL on error. 165 */ 166 struct delegpt* delegpt_create(struct regional* regional); 167 168 /** 169 * Create a copy of a delegation point. 170 * @param dp: delegation point to copy. 171 * @param regional: where to allocate it. 172 * @return new delegation point or NULL on error. 173 */ 174 struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* regional); 175 176 /** 177 * Set name of delegation point. 178 * @param dp: delegation point. 179 * @param regional: where to allocate the name copy. 180 * @param name: name to use. 181 * @return false on error. 182 */ 183 int delegpt_set_name(struct delegpt* dp, struct regional* regional, 184 uint8_t* name); 185 186 /** 187 * Add a name to the delegation point. 188 * @param dp: delegation point. 189 * @param regional: where to allocate the info. 190 * @param name: domain name in wire format. 191 * @param lame: name is lame, disprefer it. 192 * @return false on error. 193 */ 194 int delegpt_add_ns(struct delegpt* dp, struct regional* regional, 195 uint8_t* name, uint8_t lame); 196 197 /** 198 * Add NS rrset; calls add_ns repeatedly. 199 * @param dp: delegation point. 200 * @param regional: where to allocate the info. 201 * @param ns_rrset: NS rrset. 202 * @param lame: rrset is lame, disprefer it. 203 * @return 0 on alloc error. 204 */ 205 int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, 206 struct ub_packed_rrset_key* ns_rrset, uint8_t lame); 207 208 /** 209 * Add target address to the delegation point. 210 * @param dp: delegation point. 211 * @param regional: where to allocate the info. 212 * @param name: name for which target was found (must be in nslist). 213 * This name is marked resolved. 214 * @param namelen: length of name. 215 * @param addr: the address. 216 * @param addrlen: the length of addr. 217 * @param bogus: security status for the address, pass true if bogus. 218 * @param lame: address is lame. 219 * @param additions: will be set to 1 if a new address is added 220 * @return false on error. 221 */ 222 int delegpt_add_target(struct delegpt* dp, struct regional* regional, 223 uint8_t* name, size_t namelen, struct sockaddr_storage* addr, 224 socklen_t addrlen, uint8_t bogus, uint8_t lame, int* additions); 225 226 /** 227 * Add A RRset to delegpt. 228 * @param dp: delegation point. 229 * @param regional: where to allocate the info. 230 * @param rrset: RRset A to add. 231 * @param lame: rrset is lame, disprefer it. 232 * @param additions: will be set to 1 if a new address is added 233 * @return 0 on alloc error. 234 */ 235 int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, 236 struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); 237 238 /** 239 * Add AAAA RRset to delegpt. 240 * @param dp: delegation point. 241 * @param regional: where to allocate the info. 242 * @param rrset: RRset AAAA to add. 243 * @param lame: rrset is lame, disprefer it. 244 * @param additions: will be set to 1 if a new address is added 245 * @return 0 on alloc error. 246 */ 247 int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, 248 struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); 249 250 /** 251 * Add any RRset to delegpt. 252 * Does not check for duplicates added. 253 * @param dp: delegation point. 254 * @param regional: where to allocate the info. 255 * @param rrset: RRset to add, NS, A, AAAA. 256 * @param lame: rrset is lame, disprefer it. 257 * @param additions: will be set to 1 if a new address is added 258 * @return 0 on alloc error. 259 */ 260 int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, 261 struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); 262 263 /** 264 * Add address to the delegation point. No servername is associated or checked. 265 * @param dp: delegation point. 266 * @param regional: where to allocate the info. 267 * @param addr: the address. 268 * @param addrlen: the length of addr. 269 * @param bogus: if address is bogus. 270 * @param lame: if address is lame. 271 * @param tls_auth_name: TLS authentication name (or NULL). 272 * @param additions: will be set to 1 if a new address is added 273 * @return false on error. 274 */ 275 int delegpt_add_addr(struct delegpt* dp, struct regional* regional, 276 struct sockaddr_storage* addr, socklen_t addrlen, 277 uint8_t bogus, uint8_t lame, char* tls_auth_name, int* additions); 278 279 /** 280 * Find NS record in name list of delegation point. 281 * @param dp: delegation point. 282 * @param name: name of nameserver to look for, uncompressed wireformat. 283 * @param namelen: length of name. 284 * @return the ns structure or NULL if not found. 285 */ 286 struct delegpt_ns* delegpt_find_ns(struct delegpt* dp, uint8_t* name, 287 size_t namelen); 288 289 /** 290 * Find address record in total list of delegation point. 291 * @param dp: delegation point. 292 * @param addr: address 293 * @param addrlen: length of addr 294 * @return the addr structure or NULL if not found. 295 */ 296 struct delegpt_addr* delegpt_find_addr(struct delegpt* dp, 297 struct sockaddr_storage* addr, socklen_t addrlen); 298 299 /** 300 * Print the delegation point to the log. For debugging. 301 * @param v: verbosity value that is needed to emit to log. 302 * @param dp: delegation point. 303 */ 304 void delegpt_log(enum verbosity_value v, struct delegpt* dp); 305 306 /** count NS and number missing for logging */ 307 void delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing); 308 309 /** count addresses, and number in result and available lists, for logging */ 310 void delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres, 311 size_t* numavail); 312 313 /** 314 * Add all usable targets to the result list. 315 * @param dp: delegation point. 316 */ 317 void delegpt_add_unused_targets(struct delegpt* dp); 318 319 /** 320 * Count number of missing targets. These are ns names with no resolved flag. 321 * @param dp: delegation point. 322 * @return number of missing targets (or 0). 323 */ 324 size_t delegpt_count_missing_targets(struct delegpt* dp); 325 326 /** count total number of targets in dp */ 327 size_t delegpt_count_targets(struct delegpt* dp); 328 329 /** 330 * Create new delegation point from a dns message 331 * 332 * Note that this method does not actually test to see if the message is an 333 * actual referral. It really is just checking to see if it can construct a 334 * delegation point, so the message could be of some other type (some ANSWER 335 * messages, some CNAME messages, generally.) Note that the resulting 336 * DelegationPoint will contain targets for all "relevant" glue (i.e., 337 * address records whose ownernames match the target of one of the NS 338 * records), so if policy dictates that some glue should be discarded beyond 339 * that, discard it before calling this method. Note that this method will 340 * find "glue" in either the ADDITIONAL section or the ANSWER section. 341 * 342 * @param msg: the dns message, referral. 343 * @param regional: where to allocate delegation point. 344 * @return new delegation point or NULL on alloc error, or if the 345 * message was not appropriate. 346 */ 347 struct delegpt* delegpt_from_message(struct dns_msg* msg, 348 struct regional* regional); 349 350 /** 351 * Mark negative return in delegation point for specific nameserver. 352 * sets the got4 or got6 to negative, updates the ns->resolved. 353 * @param ns: the nameserver in the delegpt. 354 * @param qtype: A or AAAA (host order). 355 */ 356 void delegpt_mark_neg(struct delegpt_ns* ns, uint16_t qtype); 357 358 /** 359 * Add negative message to delegation point. 360 * @param dp: delegation point. 361 * @param msg: the message added, marks off A or AAAA from an NS entry. 362 */ 363 void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg); 364 365 /** 366 * Register the fact that there is no ipv6 and thus AAAAs are not going 367 * to be queried for or be useful. 368 * @param dp: the delegation point. Updated to reflect no ipv6. 369 */ 370 void delegpt_no_ipv6(struct delegpt* dp); 371 372 /** 373 * Register the fact that there is no ipv4 and thus As are not going 374 * to be queried for or be useful. 375 * @param dp: the delegation point. Updated to reflect no ipv4. 376 */ 377 void delegpt_no_ipv4(struct delegpt* dp); 378 379 /** 380 * create malloced delegation point, with the given name 381 * @param name: uncompressed wireformat of delegpt name. 382 * @return NULL on alloc failure 383 */ 384 struct delegpt* delegpt_create_mlc(uint8_t* name); 385 386 /** 387 * free malloced delegation point. 388 * @param dp: must have been created with delegpt_create_mlc, free'd. 389 */ 390 void delegpt_free_mlc(struct delegpt* dp); 391 392 /** 393 * Set name of delegation point. 394 * @param dp: delegation point. malloced. 395 * @param name: name to use. 396 * @return false on error. 397 */ 398 int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name); 399 400 /** 401 * add a name to malloced delegation point. 402 * @param dp: must have been created with delegpt_create_mlc. 403 * @param name: the name to add. 404 * @param lame: the name is lame, disprefer. 405 * @return false on error. 406 */ 407 int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame); 408 409 /** 410 * add an address to a malloced delegation point. 411 * @param dp: must have been created with delegpt_create_mlc. 412 * @param addr: the address. 413 * @param addrlen: the length of addr. 414 * @param bogus: if address is bogus. 415 * @param lame: if address is lame. 416 * @param tls_auth_name: TLS authentication name (or NULL). 417 * @return false on error. 418 */ 419 int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, 420 socklen_t addrlen, uint8_t bogus, uint8_t lame, char* tls_auth_name); 421 422 /** 423 * Add target address to the delegation point. 424 * @param dp: must have been created with delegpt_create_mlc. 425 * @param name: name for which target was found (must be in nslist). 426 * This name is marked resolved. 427 * @param namelen: length of name. 428 * @param addr: the address. 429 * @param addrlen: the length of addr. 430 * @param bogus: security status for the address, pass true if bogus. 431 * @param lame: address is lame. 432 * @return false on error. 433 */ 434 int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, 435 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, 436 uint8_t lame); 437 438 /** get memory in use by dp */ 439 size_t delegpt_get_mem(struct delegpt* dp); 440 441 #endif /* ITERATOR_ITER_DELEGPT_H */ 442