]>
Commit | Line | Data |
---|---|---|
9e4abcb5 SK |
1 | /* dnsmasq is Copyright (c) 2000 Simon Kelley |
2 | ||
3 | This program is free software; you can redistribute it and/or modify | |
4 | it under the terms of the GNU General Public License as published by | |
5 | the Free Software Foundation; version 2 dated June, 1991. | |
6 | ||
7 | This program is distributed in the hope that it will be useful, | |
8 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | GNU General Public License for more details. | |
11 | */ | |
12 | ||
13 | #include "dnsmasq.h" | |
14 | ||
15 | static int extract_name(HEADER *header, unsigned int plen, unsigned char **pp, | |
16 | unsigned char *name, int isExtract) | |
17 | { | |
18 | unsigned char *cp = name, *p = *pp, *p1 = NULL; | |
19 | unsigned int j, l, hops = 0; | |
20 | int retvalue = 1; | |
21 | ||
22 | while ((l = *p++)) | |
23 | { | |
24 | unsigned int label_type = l & 0xc0; | |
25 | if (label_type == 0xc0) /* pointer */ | |
26 | { | |
27 | if (p - (unsigned char *)header + 1u >= plen) | |
28 | return 0; | |
29 | ||
30 | /* get offset */ | |
31 | l = (l&0x3f) << 8; | |
32 | l |= *p++; | |
33 | if (l >= (unsigned int)plen) | |
34 | return 0; | |
35 | ||
36 | if (!p1) /* first jump, save location to go back to */ | |
37 | p1 = p; | |
38 | ||
39 | hops++; /* break malicious infinite loops */ | |
40 | if (hops > 255) | |
41 | return 0; | |
42 | ||
43 | p = l + (unsigned char *)header; | |
44 | } | |
45 | else if (label_type == 0x80) | |
46 | return 0; /* reserved */ | |
47 | else if (label_type == 0x40) | |
48 | { /* ELT */ | |
49 | unsigned int count, digs; | |
50 | ||
51 | if ((l & 0x3f) != 1) | |
52 | return 0; /* we only understand bitstrings */ | |
53 | ||
54 | if (!isExtract) | |
55 | return 0; /* Cannot compare bitsrings */ | |
56 | ||
57 | count = *p++; | |
58 | if (count == 0) | |
59 | count = 256; | |
60 | digs = ((count-1)>>2)+1; | |
61 | ||
62 | /* output is \[x<hex>/siz]. which is digs+9 chars */ | |
63 | if (cp - name + digs + 9 >= MAXDNAME) | |
64 | return 0; | |
65 | if (p - (unsigned char *)header + ((count-1)>>3) + 1u >= plen) | |
66 | return 0; | |
67 | ||
68 | *cp++ = '\\'; | |
69 | *cp++ = '['; | |
70 | *cp++ = 'x'; | |
71 | for (j=0; j<digs; j++) | |
72 | { | |
73 | unsigned int dig; | |
74 | if (j%2 == 0) | |
75 | dig = *p >> 4; | |
76 | else | |
77 | dig = *p++ & 0x0f; | |
78 | ||
79 | *cp++ = dig < 10 ? dig + '0' : dig + 'A' - 10; | |
80 | } | |
81 | cp += sprintf(cp, "/%d]", count); | |
82 | /* do this here to overwrite the zero char from sprintf */ | |
83 | *cp++ = '.'; | |
84 | } | |
85 | else | |
86 | { /* label_type = 0 -> label. */ | |
87 | if (cp - name + l + 1 >= MAXDNAME) | |
88 | return 0; | |
89 | if (p - (unsigned char *)header + 1u >= plen) | |
90 | return 0; | |
91 | for(j=0; j<l; j++, p++) | |
92 | if (isExtract) | |
93 | { | |
94 | if (legal_char(*p)) | |
95 | *cp++ = *p; | |
96 | else | |
97 | return 0; | |
98 | } | |
99 | else | |
100 | { | |
101 | unsigned char c1 = *cp, c2 = *p; | |
102 | ||
103 | if (c1 == 0) | |
104 | retvalue = 2; | |
105 | else | |
106 | { | |
107 | cp++; | |
108 | if (c1 >= 'A' && c1 <= 'Z') | |
109 | c1 += 'a' - 'A'; | |
110 | if (c2 >= 'A' && c2 <= 'Z') | |
111 | c2 += 'a' - 'A'; | |
112 | ||
113 | if (c1 != c2) | |
114 | retvalue = 2; | |
115 | } | |
116 | } | |
117 | ||
118 | if (isExtract) | |
119 | *cp++ = '.'; | |
120 | else | |
121 | if (*cp != 0 && *cp++ != '.') | |
122 | retvalue = 2; | |
123 | } | |
124 | ||
125 | if ((unsigned int)(p - (unsigned char *)header) >= plen) | |
126 | return 0; | |
127 | } | |
128 | ||
129 | if (isExtract) | |
130 | *--cp = 0; /* terminate: lose final period */ | |
131 | ||
132 | if (p1) /* we jumped via compression */ | |
133 | *pp = p1; | |
134 | else | |
135 | *pp = p; | |
136 | ||
137 | return retvalue; | |
138 | } | |
139 | ||
140 | /* Max size of input string (for IPv6) is 75 chars.) */ | |
141 | #define MAXARPANAME 75 | |
142 | static int in_arpa_name_2_addr(char *namein, struct all_addr *addrp) | |
143 | { | |
144 | int j; | |
145 | char name[MAXARPANAME+1], *cp1; | |
146 | unsigned char *addr = (unsigned char *)addrp; | |
147 | char *lastchunk = NULL, *penchunk = NULL; | |
148 | ||
149 | if (strlen(namein) > MAXARPANAME) | |
150 | return 0; | |
151 | ||
152 | memset(addrp, 0, sizeof(struct all_addr)); | |
153 | ||
154 | /* turn name into a series of asciiz strings */ | |
155 | /* j counts no of labels */ | |
156 | for(j = 1,cp1 = name; *namein; cp1++, namein++) | |
157 | if (*namein == '.') | |
158 | { | |
159 | penchunk = lastchunk; | |
160 | lastchunk = cp1 + 1; | |
161 | *cp1 = 0; | |
162 | j++; | |
163 | } | |
164 | else | |
165 | *cp1 = *namein; | |
166 | ||
167 | *cp1 = 0; | |
168 | ||
169 | if (j<3) | |
170 | return 0; | |
171 | ||
172 | if (hostname_isequal(lastchunk, "arpa") && hostname_isequal(penchunk, "in-addr")) | |
173 | { | |
174 | /* IP v4 */ | |
175 | /* address arives as a name of the form | |
176 | www.xxx.yyy.zzz.in-addr.arpa | |
177 | some of the low order address octets might be missing | |
178 | and should be set to zero. */ | |
179 | for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1) | |
180 | { | |
181 | /* check for digits only (weeds out things like | |
182 | 50.0/24.67.28.64.in-addr.arpa which are used | |
183 | as CNAME targets according to RFC 2317 */ | |
184 | char *cp; | |
185 | for (cp = cp1; *cp; cp++) | |
186 | if (!isdigit((int)*cp)) | |
187 | return 0; | |
188 | ||
189 | addr[3] = addr[2]; | |
190 | addr[2] = addr[1]; | |
191 | addr[1] = addr[0]; | |
192 | addr[0] = atoi(cp1); | |
193 | } | |
194 | ||
195 | return F_IPV4; | |
196 | } | |
197 | #ifdef HAVE_IPV6 | |
198 | else if (hostname_isequal(penchunk, "ip6") && | |
199 | (hostname_isequal(lastchunk, "int") || hostname_isequal(lastchunk, "arpa"))) | |
200 | { | |
201 | /* IP v6: | |
202 | Address arrives as 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.[int|arpa] | |
203 | or \[xfedcba9876543210fedcba9876543210/128].ip6.[int|arpa] | |
204 | ||
205 | Note that most of these the various reprentations are obsolete and | |
206 | left-over from the many DNS-for-IPv6 wars. We support all the formats | |
207 | that we can since there is no reason not to. | |
208 | */ | |
209 | ||
210 | if (*name == '\\' && *(name+1) == '[' && | |
211 | (*(name+2) == 'x' || *(name+2) == 'X')) | |
212 | { | |
213 | for (j = 0, cp1 = name+3; *cp1 && isxdigit(*cp1) && j < 32; cp1++, j++) | |
214 | { | |
215 | char xdig[2]; | |
216 | xdig[0] = *cp1; | |
217 | xdig[1] = 0; | |
218 | if (j%2) | |
219 | addr[j/2] |= strtol(xdig, NULL, 16); | |
220 | else | |
221 | addr[j/2] = strtol(xdig, NULL, 16) << 4; | |
222 | } | |
223 | ||
224 | if (*cp1 == '/' && j == 32) | |
225 | return F_IPV6; | |
226 | } | |
227 | else | |
228 | { | |
229 | for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1) | |
230 | { | |
231 | if (*(cp1+1) || !isxdigit((int)*cp1)) | |
232 | return 0; | |
233 | ||
234 | for (j = sizeof(struct all_addr)-1; j>0; j--) | |
235 | addr[j] = (addr[j] >> 4) | (addr[j-1] << 4); | |
236 | addr[0] = (addr[0] >> 4) | (strtol(cp1, NULL, 16) << 4); | |
237 | } | |
238 | ||
239 | return F_IPV6; | |
240 | } | |
241 | } | |
242 | #endif | |
243 | ||
244 | return 0; | |
245 | } | |
246 | ||
247 | static unsigned char *skip_questions(HEADER *header, unsigned int plen) | |
248 | { | |
249 | int q, qdcount = ntohs(header->qdcount); | |
250 | unsigned char *ansp = (unsigned char *)(header+1); | |
251 | ||
252 | for (q=0; q<qdcount; q++) | |
253 | { | |
254 | while (1) | |
255 | { | |
256 | unsigned int label_type = (*ansp) & 0xc0; | |
257 | ||
258 | if ((unsigned int)(ansp - (unsigned char *)header) >= plen) | |
259 | return NULL; | |
260 | ||
261 | if (label_type == 0xc0) | |
262 | { | |
263 | /* pointer for compression. */ | |
264 | ansp += 2; | |
265 | break; | |
266 | } | |
267 | else if (label_type == 0x80) | |
268 | return NULL; /* reserved */ | |
269 | else if (label_type == 0x40) | |
270 | { | |
271 | /* Extended label type */ | |
272 | unsigned int count; | |
273 | ||
274 | if (((*ansp++) & 0x3f) != 1) | |
275 | return NULL; /* we only understand bitstrings */ | |
276 | ||
277 | count = *(ansp++); /* Bits in bitstring */ | |
278 | ||
279 | if (count == 0) /* count == 0 means 256 bits */ | |
280 | ansp += 32; | |
281 | else | |
282 | ansp += ((count-1)>>3)+1; | |
283 | } | |
284 | else | |
285 | { /* label type == 0 Bottom six bits is length */ | |
286 | unsigned int len = (*ansp++) & 0x3f; | |
287 | if (len == 0) | |
288 | break; /* zero length label marks the end. */ | |
289 | ||
290 | ansp += len; | |
291 | } | |
292 | } | |
293 | ansp += 4; /* class and type */ | |
294 | } | |
295 | if ((unsigned int)(ansp - (unsigned char *)header) > plen) | |
296 | return NULL; | |
297 | ||
298 | return ansp; | |
299 | } | |
300 | ||
301 | /* is addr in the non-globally-routed IP space? */ | |
302 | static int private_net(struct all_addr *addrp) | |
303 | { | |
304 | struct in_addr addr = *(struct in_addr *)addrp; | |
305 | if (inet_netof(addr) == 0xA || | |
306 | (inet_netof(addr) >= 0xAC10 && inet_netof(addr) < 0xAC20) || | |
307 | (inet_netof(addr) >> 8) == 0xC0A8) | |
308 | return 1; | |
309 | else | |
310 | return 0; | |
311 | } | |
312 | ||
313 | static unsigned char *add_text_record(unsigned int nameoffset, unsigned char *p, | |
314 | unsigned long ttl, unsigned short pref, | |
315 | unsigned short type, char *name) | |
316 | { | |
317 | unsigned char *sav, *cp; | |
318 | int j; | |
319 | ||
320 | PUTSHORT(nameoffset | 0xc000, p); | |
321 | PUTSHORT(type, p); | |
322 | PUTSHORT(C_IN, p); | |
323 | PUTLONG(ttl, p); /* TTL */ | |
324 | ||
325 | sav = p; | |
326 | PUTSHORT(0, p); /* dummy RDLENGTH */ | |
327 | ||
328 | if (pref) | |
329 | PUTSHORT(pref, p); | |
330 | ||
331 | while (*name) | |
332 | { | |
333 | cp = p++; | |
334 | for (j=0; *name && (*name != '.'); name++, j++) | |
335 | *p++ = *name; | |
336 | *cp = j; | |
337 | if (*name) | |
338 | name++; | |
339 | } | |
340 | *p++ = 0; | |
341 | j = p - sav - 2; | |
342 | PUTSHORT(j, sav); /* Real RDLENGTH */ | |
343 | ||
344 | return p; | |
345 | } | |
346 | ||
347 | /* On receiving an NXDOMAIN or NODATA reply, determine which names are known | |
348 | not to exist for negative caching. name if a working buffer passed in. */ | |
349 | void extract_neg_addrs(HEADER *header, unsigned int qlen, char *name, time_t now) | |
350 | { | |
351 | unsigned char *p; | |
352 | int i, found_soa = 0; | |
353 | int qtype, qclass, rdlen; | |
354 | unsigned long ttl, minttl = 0; | |
355 | unsigned short flags = F_NEG; | |
356 | ||
357 | if (header->rcode == NXDOMAIN) | |
358 | flags |= F_NXDOMAIN; | |
359 | ||
360 | /* there may be more than one question with some questions | |
361 | answered. We don't generate negative entries from those. */ | |
362 | if (ntohs(header->ancount) != 0) | |
363 | return; | |
364 | ||
365 | if (!(p = skip_questions(header, qlen))) | |
366 | return; /* bad packet */ | |
367 | ||
368 | /* we first need to find SOA records, to get min TTL, then we | |
369 | add a NEG cache entry for each question. */ | |
370 | ||
371 | for (i=0; i<ntohs(header->nscount); i++) | |
372 | { | |
373 | if (!extract_name(header, qlen, &p, name, 1)) | |
374 | return; /* bad packet */ | |
375 | ||
376 | GETSHORT(qtype, p); | |
377 | GETSHORT(qclass, p); | |
378 | GETLONG(ttl, p); | |
379 | GETSHORT(rdlen, p); | |
380 | ||
381 | if ((qclass == C_IN) && (qtype == T_SOA)) | |
382 | { | |
383 | int dummy; | |
384 | /* MNAME */ | |
385 | if (!extract_name(header, qlen, &p, name, 1)) | |
386 | return; | |
387 | /* RNAME */ | |
388 | if (!extract_name(header, qlen, &p, name, 1)) | |
389 | return; | |
390 | GETLONG(dummy, p); /* SERIAL */ | |
391 | GETLONG(dummy, p); /* REFRESH */ | |
392 | GETLONG(dummy, p); /* RETRY */ | |
393 | GETLONG(dummy, p); /* EXPIRE */ | |
394 | if (!found_soa) | |
395 | { | |
396 | found_soa = 1; | |
397 | minttl = ttl; | |
398 | } | |
399 | else if (ttl < minttl) | |
400 | minttl = ttl; | |
401 | GETLONG(ttl, p); /* minTTL */ | |
402 | if (ttl < minttl) | |
403 | minttl = ttl; | |
404 | } | |
405 | else | |
406 | p += rdlen; | |
407 | ||
408 | if ((unsigned int)(p - (unsigned char *)header) > qlen) | |
409 | return; /* bad packet */ | |
410 | } | |
411 | ||
412 | if (!found_soa) | |
413 | return; /* failed to find SOA */ | |
414 | ||
415 | cache_start_insert(); | |
416 | ||
417 | p = (unsigned char *)(header+1); | |
418 | ||
419 | for (i=0; i<ntohs(header->qdcount); i++) | |
420 | { | |
421 | struct all_addr addr; | |
422 | int is_arpa; | |
423 | ||
424 | if (!extract_name(header, qlen, &p, name, 1)) | |
425 | return; /* bad packet */ | |
426 | ||
427 | GETSHORT(qtype, p); | |
428 | GETSHORT(qclass, p); | |
429 | ||
430 | if (qclass == C_IN && qtype == T_PTR && (is_arpa = in_arpa_name_2_addr(name, &addr))) | |
431 | cache_insert(name, &addr, now, minttl , is_arpa | F_REVERSE | flags); | |
432 | else if (qclass == C_IN && qtype == T_A) | |
433 | cache_insert(name, NULL, now, minttl, F_IPV4 | F_FORWARD | flags); | |
434 | #ifdef HAVE_IPV6 | |
435 | else if (qclass == C_IN && qtype == T_AAAA) | |
436 | cache_insert(name, NULL, now, minttl, F_IPV6 | F_FORWARD | flags); | |
437 | #endif | |
438 | } | |
439 | ||
440 | cache_end_insert(); | |
441 | } | |
442 | ||
443 | void extract_addresses(HEADER *header, unsigned int qlen, char *name, time_t now) | |
444 | { | |
445 | unsigned char *p, *psave, *endrr; | |
446 | int qtype, qclass, rdlen; | |
447 | unsigned long ttl; | |
448 | int i; | |
449 | ||
450 | /* skip over questions */ | |
451 | if (!(p = skip_questions(header, qlen))) | |
452 | return; /* bad packet */ | |
453 | ||
454 | cache_start_insert(); | |
455 | ||
456 | psave = p; | |
457 | ||
458 | for (i=0; i<ntohs(header->ancount); i++) | |
459 | { | |
460 | unsigned char *origname = p; | |
461 | if (!extract_name(header, qlen, &p, name, 1)) | |
462 | return; /* bad packet */ | |
463 | ||
464 | GETSHORT(qtype, p); | |
465 | GETSHORT(qclass, p); | |
466 | GETLONG(ttl, p); | |
467 | GETSHORT(rdlen, p); | |
468 | ||
469 | endrr = p + rdlen; | |
470 | if ((unsigned int)(endrr - (unsigned char *)header) > qlen) | |
471 | return; /* bad packet */ | |
472 | ||
473 | if (qclass != C_IN) | |
474 | { | |
475 | p = endrr; | |
476 | continue; | |
477 | } | |
478 | ||
479 | if (qtype == T_A) /* A record. */ | |
480 | cache_insert(name, (struct all_addr *)p, now, | |
481 | ttl, F_IPV4 | F_FORWARD); | |
482 | #ifdef HAVE_IPV6 | |
483 | else if (qtype == T_AAAA) /* IPV6 address record. */ | |
484 | cache_insert(name, (struct all_addr *)p, now, | |
485 | ttl, F_IPV6 | F_FORWARD); | |
486 | #endif | |
487 | else if (qtype == T_PTR) | |
488 | { | |
489 | /* PTR record */ | |
490 | struct all_addr addr; | |
491 | int name_encoding = in_arpa_name_2_addr(name, &addr); | |
492 | if (name_encoding) | |
493 | { | |
494 | if (!extract_name(header, qlen, &p, name, 1)) | |
495 | return; /* bad packet */ | |
496 | cache_insert(name, &addr, now, | |
497 | ttl, name_encoding | F_REVERSE); | |
498 | } | |
499 | } | |
500 | else if (qtype == T_CNAME) | |
501 | { | |
502 | /* CNAME, search whole answer section again */ | |
503 | unsigned char *endrr1; | |
504 | unsigned long cttl; | |
505 | int j; | |
506 | unsigned char *targp = p; | |
507 | ||
508 | p = psave; /* rewind p */ | |
509 | for (j=0; j<ntohs(header->ancount); j++) | |
510 | { | |
511 | int res; | |
512 | unsigned char *tmp = targp; | |
513 | /* copy since it gets altered by extract_name */ | |
514 | /* get CNAME target each time round */ | |
515 | if (!extract_name(header, qlen, &tmp, name, 1)) | |
516 | return; /* bad packet */ | |
517 | /* compare this name with target of CNAME in name buffer */ | |
518 | if (!(res = extract_name(header, qlen, &p, name, 0))) | |
519 | return; /* bad packet */ | |
520 | ||
521 | GETSHORT(qtype, p); | |
522 | GETSHORT(qclass, p); | |
523 | GETLONG(cttl, p); | |
524 | GETSHORT(rdlen, p); | |
525 | ||
526 | endrr1 = p+rdlen; | |
527 | if ((unsigned int)(endrr1 - (unsigned char *)header) > qlen) | |
528 | return; /* bad packet */ | |
529 | ||
530 | /* is this RR name same as target of CNAME */ | |
531 | if ((qclass != C_IN) || (res == 2)) | |
532 | { | |
533 | p = endrr1; | |
534 | continue; | |
535 | } | |
536 | ||
537 | /* match, use name of CNAME, data from this RR | |
538 | use min TTL of two */ | |
539 | ||
540 | if (ttl < cttl) | |
541 | cttl = ttl; | |
542 | ||
543 | /* get orig. name back again */ | |
544 | tmp = origname; | |
545 | if (!extract_name(header, qlen, &tmp, name, 1)) | |
546 | return; | |
547 | ||
548 | if (qtype == T_A) /* A record. */ | |
549 | cache_insert(name, (struct all_addr *)p, now, | |
550 | cttl, F_IPV4 | F_FORWARD); | |
551 | #ifdef HAVE_IPV6 | |
552 | else if (qtype == T_AAAA) /* IPV6 address record. */ | |
553 | cache_insert(name, (struct all_addr *)p, now, | |
554 | cttl, F_IPV6 | F_FORWARD); | |
555 | #endif | |
556 | else if (qtype == T_PTR) | |
557 | { | |
558 | /* PTR record extract address from CNAME name */ | |
559 | struct all_addr addr; | |
560 | int name_encoding = in_arpa_name_2_addr(name, &addr); | |
561 | if (name_encoding) | |
562 | { | |
563 | if (!extract_name(header, qlen, &p, name, 1)) | |
564 | return; /* bad packet */ | |
565 | cache_insert(name, &addr, now, cttl, | |
566 | name_encoding | F_REVERSE); | |
567 | } | |
568 | } | |
569 | p = endrr1; | |
570 | } | |
571 | } | |
572 | p = endrr; | |
573 | } | |
574 | ||
575 | cache_end_insert(); | |
576 | } | |
577 | ||
578 | /* If the packet holds exactly one query | |
579 | return 1 and leave the name from the query in name. */ | |
580 | ||
581 | unsigned short extract_request(HEADER *header,unsigned int qlen, char *name) | |
582 | { | |
583 | unsigned char *p = (unsigned char *)(header+1); | |
584 | int qtype, qclass; | |
585 | ||
586 | if (ntohs(header->qdcount) != 1 || header->opcode != QUERY) | |
587 | return 0; /* must be exactly one query. */ | |
588 | ||
589 | if (!extract_name(header, qlen, &p, name, 1)) | |
590 | return 0; /* bad packet */ | |
591 | ||
592 | GETSHORT(qtype, p); | |
593 | GETSHORT(qclass, p); | |
594 | ||
595 | if (qclass == C_IN) | |
596 | { | |
597 | if (qtype == T_A) | |
598 | return F_IPV4; | |
599 | if (qtype == T_AAAA) | |
600 | return F_IPV6; | |
601 | if (qtype == T_ANY) | |
602 | return F_IPV4 | F_IPV6; | |
603 | } | |
604 | ||
605 | return F_QUERY; | |
606 | } | |
607 | ||
608 | ||
609 | int setup_reply(HEADER *header, unsigned int qlen, | |
610 | struct all_addr *addrp, unsigned short flags, unsigned long ttl) | |
611 | { | |
612 | unsigned char *p = skip_questions(header, qlen); | |
613 | ||
614 | header->qr = 1; /* response */ | |
615 | header->aa = 0; /* authoritive */ | |
616 | header->ra = 1; /* recursion if available */ | |
617 | header->tc = 0; /* not truncated */ | |
618 | header->nscount = htons(0); | |
619 | header->arcount = htons(0); | |
620 | header->ancount = htons(0); /* no answers unless changed below*/ | |
621 | if (flags == F_NEG) | |
622 | header->rcode = SERVFAIL; /* couldn't get memory */ | |
623 | else if (flags == F_NOERR) | |
624 | header->rcode = NOERROR; /* empty domain */ | |
625 | else if (flags == F_NXDOMAIN) | |
626 | header->rcode = NXDOMAIN; | |
627 | else if (p && flags == F_IPV4) | |
628 | { /* we know the address */ | |
629 | header->rcode = NOERROR; | |
630 | header->ancount = htons(1); | |
631 | header->aa = 1; | |
632 | PUTSHORT (sizeof(HEADER) | 0xc000, p); | |
633 | PUTSHORT(T_A, p); | |
634 | PUTSHORT(C_IN, p); | |
635 | PUTLONG(ttl, p); /* TTL */ | |
636 | PUTSHORT(INADDRSZ, p); | |
637 | memcpy(p, addrp, INADDRSZ); | |
638 | p += INADDRSZ; | |
639 | } | |
640 | #ifdef HAVE_IPV6 | |
641 | else if (p && flags == F_IPV6) | |
642 | { | |
643 | header->rcode = NOERROR; | |
644 | header->ancount = htons(1); | |
645 | header->aa = 1; | |
646 | PUTSHORT (sizeof(HEADER) | 0xc000, p); | |
647 | PUTSHORT(T_AAAA, p); | |
648 | PUTSHORT(C_IN, p); | |
649 | PUTLONG(ttl, p); /* TTL */ | |
650 | PUTSHORT(IN6ADDRSZ, p); | |
651 | memcpy(p, addrp, IN6ADDRSZ); | |
652 | p += IN6ADDRSZ; | |
653 | } | |
654 | #endif | |
655 | else /* nowhere to forward to */ | |
656 | header->rcode = REFUSED; | |
657 | ||
658 | return p - (unsigned char *)header; | |
659 | } | |
660 | ||
661 | ||
662 | /* Is the packet a reply with the answer address equal to addr? | |
663 | If so mung is into an NXDOMAIN reply and also put that information | |
664 | in the cache. */ | |
665 | int check_for_bogus_wildcard(HEADER *header, unsigned int qlen, char *name, | |
666 | struct bogus_addr *baddr, time_t now) | |
667 | { | |
668 | unsigned char *p; | |
669 | int i, qtype, qclass, rdlen; | |
670 | unsigned long ttl; | |
671 | struct bogus_addr *baddrp; | |
672 | ||
673 | /* skip over questions */ | |
674 | if (!(p = skip_questions(header, qlen))) | |
675 | return 0; /* bad packet */ | |
676 | ||
677 | for (i=0; i<ntohs(header->ancount); i++) | |
678 | { | |
679 | if (!extract_name(header, qlen, &p, name, 1)) | |
680 | return 0; /* bad packet */ | |
681 | ||
682 | GETSHORT(qtype, p); | |
683 | GETSHORT(qclass, p); | |
684 | GETLONG(ttl, p); | |
685 | GETSHORT(rdlen, p); | |
686 | ||
687 | if (qclass == C_IN && qtype == T_A) | |
688 | for (baddrp = baddr; baddrp; baddrp = baddrp->next) | |
689 | if (memcmp(&baddrp->addr, p, INADDRSZ) == 0) | |
690 | { | |
691 | /* Found a bogus address. Mangle the packet into an NXDOMAIN reply */ | |
692 | header->aa = 0; | |
693 | header->ra = 1; /* recursion if available */ | |
694 | header->nscount = htons(0); | |
695 | header->arcount = htons(0); | |
696 | header->ancount = htons(0); | |
697 | header->rcode = NXDOMAIN; | |
698 | ||
699 | cache_start_insert(); | |
700 | cache_insert(name, NULL, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN | F_CONFIG); | |
701 | cache_end_insert(); | |
702 | ||
703 | return 1; | |
704 | } | |
705 | ||
706 | p += rdlen; | |
707 | } | |
708 | ||
709 | return 0; | |
710 | } | |
711 | ||
712 | /* return zero if we can't answer from cache, or packet size if we can */ | |
713 | int answer_request(HEADER *header, char *limit, unsigned int qlen, char *mxname, | |
714 | char *mxtarget, unsigned int options, time_t now, | |
715 | unsigned long local_ttl, char *name) | |
716 | { | |
717 | unsigned char *p, *ansp; | |
718 | int qtype, qclass, is_arpa; | |
719 | struct all_addr addr; | |
720 | unsigned int nameoffset; | |
721 | int q, qdcount = ntohs(header->qdcount); | |
722 | int ans, anscount = 0; | |
723 | struct crec *crecp; | |
724 | int nxdomain = 0, auth = 1; | |
725 | ||
726 | if (!qdcount || header->opcode != QUERY ) | |
727 | return 0; | |
728 | ||
729 | /* determine end of question section (we put answers there) */ | |
730 | if (!(ansp = skip_questions(header, qlen))) | |
731 | return 0; /* bad packet */ | |
732 | ||
733 | /* now process each question, answers go in RRs after the question */ | |
734 | p = (unsigned char *)(header+1); | |
735 | ||
736 | for (q=0; q<qdcount; q++) | |
737 | { | |
738 | /* save pointer to name for copying into answers */ | |
739 | nameoffset = p - (unsigned char *)header; | |
740 | ||
741 | /* now extract name as .-concatenated string into name */ | |
742 | if (!extract_name(header, qlen, &p, name, 1)) | |
743 | return 0; /* bad packet */ | |
744 | ||
745 | /* see if it's w.z.y.z.in-addr.arpa format */ | |
746 | ||
747 | is_arpa = in_arpa_name_2_addr(name, &addr); | |
748 | ||
749 | GETSHORT(qtype, p); | |
750 | GETSHORT(qclass, p); | |
751 | ||
752 | ans = 0; /* have we answered this question */ | |
753 | ||
754 | if (qclass == C_CHAOS) | |
755 | /* special query to get version. */ | |
756 | { | |
757 | if (qtype == T_TXT) | |
758 | { | |
759 | int len; | |
760 | if (hostname_isequal(name, "version.bind")) | |
761 | sprintf(name, "dnsmasq-%s", VERSION); | |
762 | else if (hostname_isequal(name, "authors.bind")) | |
763 | sprintf(name, "Simon Kelley"); | |
764 | else | |
765 | *name = 0; | |
766 | len = strlen(name); | |
767 | PUTSHORT(nameoffset | 0xc000, ansp); | |
768 | PUTSHORT(T_TXT, ansp); | |
769 | PUTSHORT(C_CHAOS, ansp); | |
770 | PUTLONG(0, ansp); | |
771 | PUTSHORT(len+1, ansp); | |
772 | *ansp++ = len; | |
773 | memcpy(ansp, name, len); | |
774 | ansp += len; | |
775 | ans = 1; | |
776 | anscount++; | |
777 | ||
778 | if (((unsigned char *)limit - ansp) < 0) | |
779 | return 0; | |
780 | } | |
781 | else | |
782 | return 0; | |
783 | } | |
784 | else if (qclass != C_IN) | |
785 | return 0; /* we can't answer non-inet queries */ | |
786 | else | |
787 | { | |
788 | ||
789 | if ((options & OPT_FILTER) && (qtype == T_SOA || qtype == T_SRV)) | |
790 | ans = 1; | |
791 | ||
792 | if (qtype == T_PTR || qtype == T_ANY) | |
793 | { | |
794 | crecp = NULL; | |
795 | while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa))) | |
796 | { | |
797 | unsigned long ttl; | |
798 | /* Return 0 ttl for DHCP entries, which might change | |
799 | before the lease expires. */ | |
800 | if (crecp->flags & (F_IMMORTAL | F_DHCP)) | |
801 | ttl = local_ttl; | |
802 | else | |
803 | ttl = crecp->ttd - now; | |
804 | ||
805 | /* don't answer wildcard queries with data not from /etc/hosts | |
806 | or dhcp leases */ | |
807 | if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP))) | |
808 | return 0; | |
809 | ||
810 | ans = 1; | |
811 | if (crecp->flags & F_NEG) | |
812 | { | |
813 | log_query(crecp->flags & ~F_FORWARD, name, &addr); | |
814 | auth = 0; | |
815 | if (crecp->flags & F_NXDOMAIN) | |
816 | nxdomain = 1; | |
817 | } | |
818 | else | |
819 | { | |
820 | if (!(crecp->flags & (F_HOSTS | F_DHCP))) | |
821 | auth = 0; | |
822 | ansp = add_text_record(nameoffset, ansp, ttl, 0, T_PTR, | |
823 | cache_get_name(crecp)); | |
824 | ||
825 | log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr); | |
826 | anscount++; | |
827 | ||
828 | /* if last answer exceeded packet size, give up */ | |
829 | if (((unsigned char *)limit - ansp) < 0) | |
830 | return 0; | |
831 | } | |
832 | } | |
833 | ||
834 | /* if not in cache, enabled and private IPV4 address, fake up answer */ | |
835 | if (ans == 0 && is_arpa == F_IPV4 && | |
836 | (options & OPT_BOGUSPRIV) && | |
837 | private_net(&addr)) | |
838 | { | |
839 | struct in_addr addr4 = *((struct in_addr *)&addr); | |
840 | ansp = add_text_record(nameoffset, ansp, local_ttl, 0, T_PTR, inet_ntoa(addr4)); | |
841 | log_query(F_CONFIG | F_REVERSE | F_IPV4, inet_ntoa(addr4), &addr); | |
842 | anscount++; | |
843 | ans = 1; | |
844 | ||
845 | if (((unsigned char *)limit - ansp) < 0) | |
846 | return 0; | |
847 | } | |
848 | } | |
849 | ||
850 | if (qtype == T_A || qtype == T_ANY) | |
851 | { | |
852 | /* T_ANY queries for hostnames with underscores are spam | |
853 | from win2k - don't forward them. */ | |
854 | if ((options & OPT_FILTER) && | |
855 | qtype == T_ANY && | |
856 | (strchr(name, '_') != NULL)) | |
857 | ans = 1; | |
858 | else | |
859 | { | |
860 | crecp = NULL; | |
861 | while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4))) | |
862 | { | |
863 | unsigned long ttl; | |
864 | if (crecp->flags & (F_IMMORTAL | F_DHCP)) | |
865 | ttl = local_ttl; | |
866 | else | |
867 | ttl = crecp->ttd - now; | |
868 | ||
869 | /* don't answer wildcard queries with data not from /etc/hosts | |
870 | or DHCP leases */ | |
871 | if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP))) | |
872 | return 0; | |
873 | ||
874 | /* If we have negative cache entry, it's OK | |
875 | to return no answer. */ | |
876 | ans = 1; | |
877 | ||
878 | if (crecp->flags & F_NEG) | |
879 | { | |
880 | log_query(crecp->flags, name, NULL); | |
881 | auth = 0; | |
882 | if (crecp->flags & F_NXDOMAIN) | |
883 | nxdomain = 1; | |
884 | } | |
885 | else | |
886 | { | |
887 | if (!(crecp->flags & (F_HOSTS | F_DHCP))) | |
888 | auth = 0; | |
889 | log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr); | |
890 | ||
891 | /* copy question as first part of answer (use compression) */ | |
892 | PUTSHORT(nameoffset | 0xc000, ansp); | |
893 | PUTSHORT(T_A, ansp); | |
894 | PUTSHORT(C_IN, ansp); | |
895 | PUTLONG(ttl, ansp); /* TTL */ | |
896 | ||
897 | PUTSHORT(INADDRSZ, ansp); | |
898 | memcpy(ansp, &crecp->addr, INADDRSZ); | |
899 | ansp += INADDRSZ; | |
900 | anscount++; | |
901 | ||
902 | if (((unsigned char *)limit - ansp) < 0) | |
903 | return 0; | |
904 | } | |
905 | ||
906 | } | |
907 | } | |
908 | } | |
909 | ||
910 | #ifdef HAVE_IPV6 | |
911 | if (qtype == T_AAAA || qtype == T_ANY) | |
912 | { | |
913 | /* T_ANY queries for hostnames with underscores are spam | |
914 | from win2k - don't forward them. */ | |
915 | if ((options & OPT_FILTER) && | |
916 | qtype == T_ANY | |
917 | && (strchr(name, '_') != NULL)) | |
918 | ans = 1; | |
919 | else | |
920 | { | |
921 | crecp = NULL; | |
922 | while ((crecp = cache_find_by_name(crecp, name, now, F_IPV6))) | |
923 | { | |
924 | unsigned long ttl; | |
925 | if (crecp->flags & (F_IMMORTAL | F_DHCP)) | |
926 | ttl = local_ttl; | |
927 | else | |
928 | ttl = crecp->ttd - now; | |
929 | ||
930 | /* don't answer wildcard queries with data not from /etc/hosts | |
931 | or DHCP leases */ | |
932 | if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP))) | |
933 | return 0; | |
934 | ||
935 | /* If we have negative cache entry, it's OK | |
936 | to return no answer. */ | |
937 | ans = 1; | |
938 | ||
939 | if (crecp->flags & F_NEG) | |
940 | { | |
941 | log_query(crecp->flags, name, NULL); | |
942 | auth = 0; | |
943 | if (crecp->flags & F_NXDOMAIN) | |
944 | nxdomain = 1; | |
945 | } | |
946 | else | |
947 | { | |
948 | if (!(crecp->flags & (F_HOSTS | F_DHCP))) | |
949 | auth = 0; | |
950 | log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr); | |
951 | ||
952 | /* copy question as first part of answer (use compression) */ | |
953 | PUTSHORT(nameoffset | 0xc000, ansp); | |
954 | PUTSHORT(T_AAAA, ansp); | |
955 | PUTSHORT(C_IN, ansp); | |
956 | PUTLONG(ttl, ansp); /* TTL */ | |
957 | ||
958 | PUTSHORT(IN6ADDRSZ, ansp); | |
959 | memcpy(ansp, &crecp->addr, IN6ADDRSZ); | |
960 | ansp += IN6ADDRSZ; | |
961 | anscount++; | |
962 | ||
963 | if (((unsigned char *)limit - ansp) < 0) | |
964 | return 0; | |
965 | } | |
966 | } | |
967 | } | |
968 | } | |
969 | #endif | |
970 | ||
971 | if (qtype == T_MX || qtype == T_ANY) | |
972 | { | |
973 | if (mxname && hostname_isequal(name, mxname)) | |
974 | { | |
975 | ansp = add_text_record(nameoffset, ansp, local_ttl, 1, T_MX, mxtarget); | |
976 | anscount++; | |
977 | ans = 1; | |
978 | } | |
979 | else if ((options & (OPT_SELFMX | OPT_LOCALMX)) && | |
980 | cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP)) | |
981 | { | |
982 | ansp = add_text_record(nameoffset, ansp, local_ttl, 1, T_MX, | |
983 | (options & OPT_SELFMX) ? name : mxtarget); | |
984 | anscount++; | |
985 | ans = 1; | |
986 | } | |
987 | if (((unsigned char *)limit - ansp) < 0) | |
988 | return 0; | |
989 | } | |
990 | ||
991 | if (qtype == T_MAILB) | |
992 | ans = 1, nxdomain = 1; | |
993 | ||
994 | } | |
995 | ||
996 | if (!ans) | |
997 | return 0; /* failed to answer a question */ | |
998 | ||
999 | } | |
1000 | ||
1001 | /* done all questions, set up header and return length of result */ | |
1002 | header->qr = 1; /* response */ | |
1003 | header->aa = auth; /* authoritive - only hosts and DHCP derived names. */ | |
1004 | header->ra = 1; /* recursion if available */ | |
1005 | header->tc = 0; /* truncation */ | |
1006 | if (anscount == 0 && nxdomain) | |
1007 | header->rcode = NXDOMAIN; | |
1008 | else | |
1009 | header->rcode = NOERROR; /* no error */ | |
1010 | header->ancount = htons(anscount); | |
1011 | header->nscount = htons(0); | |
1012 | header->arcount = htons(0); | |
1013 | return ansp - (unsigned char *)header; | |
1014 | } | |
1015 | ||
1016 | ||
1017 | ||
1018 | ||
1019 |