[thirdparty/pdns.git] / pdns / lwres.cc

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "utility.hh"
#include "lwres.hh"
#include <iostream>
#include "dnsrecords.hh"
#include <errno.h>
#include "misc.hh"
#include <algorithm>
#include <sstream>
#include <cstring>
#include <string>
#include <vector>
#include "dns.hh"
#include "qtype.hh"
#include "pdnsexception.hh"
#include "arguments.hh"
#include "sstuff.hh"
#include "syncres.hh"
#include "dnswriter.hh"
#include "dnsparser.hh"
#include "logger.hh"
#include "dns_random.hh"
#include <boost/scoped_array.hpp>
#include <boost/algorithm/string.hpp>
#include "validate-recursor.hh"
#include "ednssubnet.hh"

#ifdef HAVE_PROTOBUF

#include "uuid-utils.hh"

static void logOutgoingQuery(const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, boost::optional<const boost::uuids::uuid&> initialRequestId, const boost::uuids::uuid& uuid, const ComboAddress& ip, const DNSName& domain, int type, uint16_t qid, bool doTCP, size_t bytes, boost::optional<Netmask>& srcmask)
{
  if(!outgoingLoggers)
    return;

  RecProtoBufMessage message(DNSProtoBufMessage::OutgoingQuery, uuid, nullptr, &ip, domain, type, QClass::IN, qid, doTCP, bytes);
  message.setServerIdentity(SyncRes::s_serverID);

  if (initialRequestId) {
    message.setInitialRequestID(*initialRequestId);
  }

  if (srcmask) {
    message.setEDNSSubnet(*srcmask);
  }

//  cerr <<message.toDebugString()<<endl;
  std::string str;
  message.serialize(str);

  for (auto& logger : *outgoingLoggers) {
    logger->queueData(str);
  }
}

static void logIncomingResponse(const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, boost::optional<const boost::uuids::uuid&> initialRequestId, const boost::uuids::uuid& uuid, const ComboAddress& ip, const DNSName& domain, int type, uint16_t qid, bool doTCP, size_t bytes, int rcode, const std::vector<DNSRecord>& records, const struct timeval& queryTime, const std::set<uint16_t>& exportTypes)
{
  if(!outgoingLoggers)
    return;

  RecProtoBufMessage message(DNSProtoBufMessage::IncomingResponse, uuid, nullptr, &ip, domain, type, QClass::IN, qid, doTCP, bytes);
  message.setServerIdentity(SyncRes::s_serverID);
  if (initialRequestId) {
    message.setInitialRequestID(*initialRequestId);
  }
  message.setQueryTime(queryTime.tv_sec, queryTime.tv_usec);
  message.setResponseCode(rcode);
  message.addRRs(records, exportTypes);

//  cerr <<message.toDebugString()<<endl;
  std::string str;
  message.serialize(str);

  for (auto& logger : *outgoingLoggers) {
    logger->queueData(str);
  }
}
#endif /* HAVE_PROTOBUF */

//! returns -2 for OS limits error, -1 for permanent error that has to do with remote **transport**, 0 for timeout, 1 for success
/** lwr is only filled out in case 1 was returned, and even when returning 1 for 'success', lwr might contain DNS errors
    Never throws! 
 */
int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, const std::set<uint16_t>& exportTypes, LWResult *lwr, bool* chained)
{
  size_t len;
  size_t bufsize=g_outgoingEDNSBufsize;
  std::string buf;
  buf.resize(bufsize);
  vector<uint8_t> vpacket;
  //  string mapped0x20=dns0x20(domain);
  uint16_t qid = dns_random(0xffff);
  DNSPacketWriter pw(vpacket, domain, type);

  pw.getHeader()->rd=sendRDQuery;
  pw.getHeader()->id=qid;
  /* RFC 6840 section 5.9:
   *  This document further specifies that validating resolvers SHOULD set
   *  the CD bit on every upstream query.  This is regardless of whether
   *  the CD bit was set on the incoming query [...]
   *
   * sendRDQuery is only true if the qname is part of a forward-zone-recurse (or
   * set in the forward-zone-file), so we use this as an indicator for it being
   * an "upstream query". To stay true to "dnssec=off means 3.X behaviour", we
   * only set +CD on forwarded query in any mode other than dnssec=off.
   */
  pw.getHeader()->cd=(sendRDQuery && g_dnssecmode != DNSSECMode::Off);

  string ping;
  bool weWantEDNSSubnet=false;
  uint8_t outgoingECSBits = 0;
  ComboAddress outgoingECSAddr;
  if(EDNS0Level > 0) {
    DNSPacketWriter::optvect_t opts;
    if(srcmask) {
      EDNSSubnetOpts eo;
      eo.source = *srcmask;
      outgoingECSBits = srcmask->getBits();
      outgoingECSAddr = srcmask->getNetwork();
      //      cout<<"Adding request mask: "<<eo.source.toString()<<endl;
      opts.push_back(make_pair(EDNSOptionCode::ECS, makeEDNSSubnetOptsString(eo)));
      weWantEDNSSubnet=true;
    }

    pw.addOpt(g_outgoingEDNSBufsize, 0, g_dnssecmode == DNSSECMode::Off ? 0 : EDNSOpts::DNSSECOK, opts); 
    pw.commit();
  }
  lwr->d_rcode = 0;
  lwr->d_haveEDNS = false;
  int ret;

  DTime dt;
  dt.set();
  *now=dt.getTimeval();

#ifdef HAVE_PROTOBUF
  boost::uuids::uuid uuid;
  const struct timeval queryTime = *now;

  if (outgoingLoggers) {
    uuid = getUniqueID();
    logOutgoingQuery(outgoingLoggers, context ? context->d_initialRequestId : boost::none, uuid, ip, domain, type, qid, doTCP, vpacket.size(), srcmask);
  }
#endif

  srcmask = boost::none; // this is also our return value, even if EDNS0Level == 0

  errno=0;
  if(!doTCP) {
    int queryfd;
    if(ip.sin4.sin_family==AF_INET6)
      g_stats.ipv6queries++;

    if((ret=asendto((const char*)&*vpacket.begin(), vpacket.size(), 0, ip, qid,
                    domain, type, &queryfd)) < 0) {
      return ret; // passes back the -2 EMFILE
    }

    if (queryfd == -1) {
      *chained = true;
    }

    // sleep until we see an answer to this, interface to mtasker
    
    ret=arecvfrom(buf, 0, ip, &len, qid,
                  domain, type, queryfd, now);
  }
  else {
    try {
      Socket s(ip.sin4.sin_family, SOCK_STREAM);

      s.setNonBlocking();
      ComboAddress local = getQueryLocalAddress(ip.sin4.sin_family, 0);

      s.bind(local);
        
      s.connect(ip);
      
      uint16_t tlen=htons(vpacket.size());
      char *lenP=(char*)&tlen;
      const char *msgP=(const char*)&*vpacket.begin();
      string packet=string(lenP, lenP+2)+string(msgP, msgP+vpacket.size());
      
      ret=asendtcp(packet, &s);
      if(!(ret>0))           
        return ret;
      
      packet.clear();
      ret=arecvtcp(packet, 2, &s, false);
      if(!(ret > 0))
        return ret;
      
      memcpy(&tlen, packet.c_str(), sizeof(tlen));
      len=ntohs(tlen); // switch to the 'len' shared with the rest of the function
      
      ret=arecvtcp(packet, len, &s, false);
      if(!(ret > 0))
        return ret;
      
      buf.resize(len);
      memcpy(const_cast<char*>(buf.data()), packet.c_str(), len);

      ret=1;
    }
    catch(NetworkError& ne) {
      ret = -2; // OS limits error
    }
  }

  
  lwr->d_usec=dt.udiff();
  *now=dt.getTimeval();

  if(ret <= 0) // includes 'timeout'
    return ret;

  buf.resize(len);
  lwr->d_records.clear();
  try {
    lwr->d_tcbit=0;
    MOADNSParser mdp(false, buf);
    lwr->d_aabit=mdp.d_header.aa;
    lwr->d_tcbit=mdp.d_header.tc;
    lwr->d_rcode=mdp.d_header.rcode;
    
    if(mdp.d_header.rcode == RCode::FormErr && mdp.d_qname.empty() && mdp.d_qtype == 0 && mdp.d_qclass == 0) {
#ifdef HAVE_PROTOBUF
      if(outgoingLoggers) {
        logIncomingResponse(outgoingLoggers, context ? context->d_initialRequestId : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_records, queryTime, exportTypes);
      }
#endif
      lwr->d_validpacket=true;
      return 1; // this is "success", the error is set in lwr->d_rcode
    }

    if(domain != mdp.d_qname) { 
      if(!mdp.d_qname.empty() && domain.toString().find((char)0) == string::npos /* ugly */) {// embedded nulls are too noisy, plus empty domains are too
        g_log<<Logger::Notice<<"Packet purporting to come from remote server "<<ip.toString()<<" contained wrong answer: '" << domain << "' != '" << mdp.d_qname << "'" << endl;
      }
      // unexpected count has already been done @ pdns_recursor.cc
      goto out;
    }

    lwr->d_records.reserve(mdp.d_answers.size());
    for(const auto& a : mdp.d_answers)
      lwr->d_records.push_back(a.first);

    EDNSOpts edo;
    if(EDNS0Level > 0 && getEDNSOpts(mdp, &edo)) {
      lwr->d_haveEDNS = true;

      if(weWantEDNSSubnet) {
        for(const auto& opt : edo.d_options) {
          if(opt.first==EDNSOptionCode::ECS) {
            EDNSSubnetOpts reso;
            if(getEDNSSubnetOptsFromString(opt.second, &reso)) {
              //	    cerr<<"EDNS Subnet response: "<<reso.source.toString()<<", scope: "<<reso.scope.toString()<<", family = "<<reso.scope.getNetwork().sin4.sin_family<<endl;
              /* rfc7871 states that 0 "indicate[s] that the answer is suitable for all addresses in FAMILY",
                 so we might want to still pass the information along to be able to differentiate between
                 IPv4 and IPv6. Still I'm pretty sure it doesn't matter in real life, so let's not duplicate
                 entries in our cache. */
              if(reso.scope.getBits()) {
                uint8_t bits = std::min(reso.scope.getBits(), outgoingECSBits);
                outgoingECSAddr.truncate(bits);
                srcmask = Netmask(outgoingECSAddr, bits);
              }
            }
          }
        }
      }
    }
        
#ifdef HAVE_PROTOBUF
    if(outgoingLoggers) {
      logIncomingResponse(outgoingLoggers, context ? context->d_initialRequestId : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_records, queryTime, exportTypes);
    }
#endif
    lwr->d_validpacket=true;
    return 1;
  }
  catch(std::exception &mde) {
    if(::arg().mustDo("log-common-errors"))
      g_log<<Logger::Notice<<"Unable to parse packet from remote server "<<ip.toString()<<": "<<mde.what()<<endl;
    lwr->d_rcode = RCode::FormErr;
    g_stats.serverParseError++;
#ifdef HAVE_PROTOBUF
    if(outgoingLoggers) {
      logIncomingResponse(outgoingLoggers, context ? context->d_initialRequestId : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_records, queryTime, exportTypes);
    }
#endif
    lwr->d_validpacket=false;
    return 1; // success - oddly enough
  }
  catch(...) {
    g_log<<Logger::Notice<<"Unknown error parsing packet from remote server"<<endl;
  }
  
  g_stats.serverParseError++; 
  
 out:
  if(!lwr->d_rcode)
    lwr->d_rcode=RCode::ServFail;

  return -1;
}
Commit	Line	Data
e14f094b	1	/*
12471842 PL	2	* This file is part of PowerDNS or dnsdist.
	3	* Copyright -- PowerDNS.COM B.V. and its contributors
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of version 2 of the GNU General Public License as
	7	* published by the Free Software Foundation.
	8	*
	9	* In addition, for the avoidance of any doubt, permission is granted to
	10	* link this program with OpenSSL and to (re)distribute the binaries
	11	* produced as the result of such linking.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
870a0fe4 AT	22	#ifdef HAVE_CONFIG_H
	23	#include "config.h"
	24	#endif
36c5ee42	25	#include "utility.hh"
e14f094b	26	#include "lwres.hh"
e14f094b	27	#include <iostream>
81883dcc	28	#include "dnsrecords.hh"
e14f094b BH	29	#include <errno.h>
	30	#include "misc.hh"
	31	#include <algorithm>
	32	#include <sstream>
	33	#include <cstring>
	34	#include <string>
	35	#include <vector>
e14f094b BH	36	#include "dns.hh"
e14f094b BH	37	#include "qtype.hh"
5c409fa2	38	#include "pdnsexception.hh"
e14f094b	39	#include "arguments.hh"
5c633640 BH	40	#include "sstuff.hh"
5c633640 BH	41	#include "syncres.hh"
ea634573 BH	42	#include "dnswriter.hh"
ea634573 BH	43	#include "dnsparser.hh"
aab4adb0	44	#include "logger.hh"
51e2144e	45	#include "dns_random.hh"
263f6a5a	46	#include <boost/scoped_array.hpp>
51e2144e	47	#include <boost/algorithm/string.hpp>
12ce523e	48	#include "validate-recursor.hh"
c4443ccb	49	#include "ednssubnet.hh"
51e2144e	50
4898a348 RG	51	#ifdef HAVE_PROTOBUF
4898a348 RG	52
d61aa945 RG	53	#include "uuid-utils.hh"
d61aa945 RG	54
3fe06137	55	static void logOutgoingQuery(const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, boost::optional<const boost::uuids::uuid&> initialRequestId, const boost::uuids::uuid& uuid, const ComboAddress& ip, const DNSName& domain, int type, uint16_t qid, bool doTCP, size_t bytes, boost::optional<Netmask>& srcmask)
4898a348	56	{
b773359c	57	if(!outgoingLoggers)
4898a348 RG	58	return;
	59
	60	RecProtoBufMessage message(DNSProtoBufMessage::OutgoingQuery, uuid, nullptr, &ip, domain, type, QClass::IN, qid, doTCP, bytes);
c165308b RG	61	message.setServerIdentity(SyncRes::s_serverID);
c165308b RG	62
4898a348 RG	63	if (initialRequestId) {
	64	message.setInitialRequestID(*initialRequestId);
	65	}
	66
0ff13512 RG	67	if (srcmask) {
	68	message.setEDNSSubnet(*srcmask);
	69	}
	70
4898a348 RG	71	// cerr <<message.toDebugString()<<endl;
	72	std::string str;
	73	message.serialize(str);
b773359c RG	74
	75	for (auto& logger : *outgoingLoggers) {
	76	logger->queueData(str);
	77	}
4898a348 RG	78	}
4898a348 RG	79
3fe06137	80	static void logIncomingResponse(const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, boost::optional<const boost::uuids::uuid&> initialRequestId, const boost::uuids::uuid& uuid, const ComboAddress& ip, const DNSName& domain, int type, uint16_t qid, bool doTCP, size_t bytes, int rcode, const std::vector<DNSRecord>& records, const struct timeval& queryTime, const std::set<uint16_t>& exportTypes)
4898a348	81	{
b773359c	82	if(!outgoingLoggers)
4898a348 RG	83	return;
	84
	85	RecProtoBufMessage message(DNSProtoBufMessage::IncomingResponse, uuid, nullptr, &ip, domain, type, QClass::IN, qid, doTCP, bytes);
c165308b	86	message.setServerIdentity(SyncRes::s_serverID);
4898a348 RG	87	if (initialRequestId) {
	88	message.setInitialRequestID(*initialRequestId);
	89	}
	90	message.setQueryTime(queryTime.tv_sec, queryTime.tv_usec);
	91	message.setResponseCode(rcode);
0bd2e252	92	message.addRRs(records, exportTypes);
4898a348 RG	93
	94	// cerr <<message.toDebugString()<<endl;
	95	std::string str;
	96	message.serialize(str);
b773359c RG	97
	98	for (auto& logger : *outgoingLoggers) {
	99	logger->queueData(str);
	100	}
4898a348 RG	101	}
	102	#endif /* HAVE_PROTOBUF */
	103
81883dcc BH	104	//! returns -2 for OS limits error, -1 for permanent error that has to do with remote transport, 0 for timeout, 1 for success
	105	/** lwr is only filled out in case 1 was returned, and even when returning 1 for 'success', lwr might contain DNS errors
	106	Never throws!
	107	*/
3fe06137	108	int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, const std::set<uint16_t>& exportTypes, LWResult lwr, bool chained)
e14f094b	109	{
a683e8bd RG	110	size_t len;
a683e8bd RG	111	size_t bufsize=g_outgoingEDNSBufsize;
78f56b38 RG	112	std::string buf;
78f56b38 RG	113	buf.resize(bufsize);
ea634573	114	vector<uint8_t> vpacket;
51e2144e	115	// string mapped0x20=dns0x20(domain);
4898a348	116	uint16_t qid = dns_random(0xffff);
ea634573 BH	117	DNSPacketWriter pw(vpacket, domain, type);
ea634573 BH	118
c1d73d94	119	pw.getHeader()->rd=sendRDQuery;
4898a348	120	pw.getHeader()->id=qid;
5a7d2a18 PL	121	/* RFC 6840 section 5.9:
	122	* This document further specifies that validating resolvers SHOULD set
	123	* the CD bit on every upstream query. This is regardless of whether
	124	* the CD bit was set on the incoming query [...]
	125	*
	126	* sendRDQuery is only true if the qname is part of a forward-zone-recurse (or
	127	* set in the forward-zone-file), so we use this as an indicator for it being
	128	* an "upstream query". To stay true to "dnssec=off means 3.X behaviour", we
	129	* only set +CD on forwarded query in any mode other than dnssec=off.
	130	*/
e7b18884	131	pw.getHeader()->cd=(sendRDQuery && g_dnssecmode != DNSSECMode::Off);
5a7d2a18	132
81883dcc	133	string ping;
7bb598a0	134	bool weWantEDNSSubnet=false;
30d4402d RG	135	uint8_t outgoingECSBits = 0;
30d4402d RG	136	ComboAddress outgoingECSAddr;
fe61f5d8	137	if(EDNS0Level > 0) {
81883dcc	138	DNSPacketWriter::optvect_t opts;
376effcf	139	if(srcmask) {
	140	EDNSSubnetOpts eo;
	141	eo.source = *srcmask;
30d4402d RG	142	outgoingECSBits = srcmask->getBits();
30d4402d RG	143	outgoingECSAddr = srcmask->getNetwork();
bf4ab707	144	// cout<<"Adding request mask: "<<eo.source.toString()<<endl;
30d4402d	145	opts.push_back(make_pair(EDNSOptionCode::ECS, makeEDNSSubnetOptsString(eo)));
7bb598a0	146	weWantEDNSSubnet=true;
376effcf	147	}
93d4a890	148
12ce523e	149	pw.addOpt(g_outgoingEDNSBufsize, 0, g_dnssecmode == DNSSECMode::Off ? 0 : EDNSOpts::DNSSECOK, opts);
2188dcc3 BH	150	pw.commit();
2188dcc3 BH	151	}
81883dcc	152	lwr->d_rcode = 0;
81883dcc	153	lwr->d_haveEDNS = false;
eefd15f9 BH	154	int ret;
	155
	156	DTime dt;
4c4765c1	157	dt.set();
4c4765c1	158	*now=dt.getTimeval();
4898a348 RG	159
	160	#ifdef HAVE_PROTOBUF
	161	boost::uuids::uuid uuid;
	162	const struct timeval queryTime = *now;
	163
b773359c	164	if (outgoingLoggers) {
d61aa945	165	uuid = getUniqueID();
b773359c	166	logOutgoingQuery(outgoingLoggers, context ? context->d_initialRequestId : boost::none, uuid, ip, domain, type, qid, doTCP, vpacket.size(), srcmask);
4898a348 RG	167	}
	168	#endif
	169
0ff13512 RG	170	srcmask = boost::none; // this is also our return value, even if EDNS0Level == 0
0ff13512 RG	171
263f6a5a	172	errno=0;
5c633640	173	if(!doTCP) {
4ef015cd	174	int queryfd;
996c89cc BH	175	if(ip.sin4.sin_family==AF_INET6)
	176	g_stats.ipv6queries++;
	177
4898a348	178	if((ret=asendto((const char)&vpacket.begin(), vpacket.size(), 0, ip, qid,
232f0877	179	domain, type, &queryfd)) < 0) {
998a4334	180	return ret; // passes back the -2 EMFILE
5c633640	181	}
deca7d8f RG	182
	183	if (queryfd == -1) {
	184	*chained = true;
	185	}
	186
5c633640 BH	187	// sleep until we see an answer to this, interface to mtasker
5c633640 BH	188
f128d20d	189	ret=arecvfrom(buf, 0, ip, &len, qid,
232f0877	190	domain, type, queryfd, now);
e14f094b	191	}
5c633640	192	else {
998a4334	193	try {
93f4e5ce	194	Socket s(ip.sin4.sin_family, SOCK_STREAM);
fdf05fd4	195
998a4334	196	s.setNonBlocking();
1652a63e	197	ComboAddress local = getQueryLocalAddress(ip.sin4.sin_family, 0);
3ac2a2ab	198
5a38281c	199	s.bind(local);
4957a608	200
1bde6efa	201	s.connect(ip);
998a4334	202
263f6a5a BH	203	uint16_t tlen=htons(vpacket.size());
263f6a5a BH	204	char lenP=(char)&tlen;
998a4334 BH	205	const char msgP=(const char)&*vpacket.begin();
	206	string packet=string(lenP, lenP+2)+string(msgP, msgP+vpacket.size());
	207
	208	ret=asendtcp(packet, &s);
	209	if(!(ret>0))
4957a608	210	return ret;
998a4334 BH	211
998a4334 BH	212	packet.clear();
825fa717	213	ret=arecvtcp(packet, 2, &s, false);
998a4334	214	if(!(ret > 0))
4957a608	215	return ret;
998a4334	216
a683e8bd	217	memcpy(&tlen, packet.c_str(), sizeof(tlen));
263f6a5a	218	len=ntohs(tlen); // switch to the 'len' shared with the rest of the function
998a4334	219
825fa717	220	ret=arecvtcp(packet, len, &s, false);
998a4334	221	if(!(ret > 0))
4957a608	222	return ret;
998a4334	223
78f56b38 RG	224	buf.resize(len);
78f56b38 RG	225	memcpy(const_cast<char*>(buf.data()), packet.c_str(), len);
263f6a5a	226
998a4334 BH	227	ret=1;
	228	}
	229	catch(NetworkError& ne) {
	230	ret = -2; // OS limits error
66ab6a63	231	}
5c633640	232	}
998a4334	233
81883dcc	234
26de3092 BH	235	lwr->d_usec=dt.udiff();
	236	*now=dt.getTimeval();
	237
263f6a5a BH	238	if(ret <= 0) // includes 'timeout'
263f6a5a BH	239	return ret;
e14f094b	240
78f56b38	241	buf.resize(len);
e325f20c	242	lwr->d_records.clear();
c836dc19	243	try {
f1f85f12	244	lwr->d_tcbit=0;
78f56b38	245	MOADNSParser mdp(false, buf);
263f6a5a BH	246	lwr->d_aabit=mdp.d_header.aa;
	247	lwr->d_tcbit=mdp.d_header.tc;
	248	lwr->d_rcode=mdp.d_header.rcode;
	249
81883dcc	250	if(mdp.d_header.rcode == RCode::FormErr && mdp.d_qname.empty() && mdp.d_qtype == 0 && mdp.d_qclass == 0) {
4898a348	251	#ifdef HAVE_PROTOBUF
b773359c RG	252	if(outgoingLoggers) {
b773359c RG	253	logIncomingResponse(outgoingLoggers, context ? context->d_initialRequestId : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_records, queryTime, exportTypes);
4898a348 RG	254	}
4898a348 RG	255	#endif
269ac73d	256	lwr->d_validpacket=true;
81883dcc BH	257	return 1; // this is "success", the error is set in lwr->d_rcode
	258	}
	259
e325f20c	260	if(domain != mdp.d_qname) {
c5c066bf	261	if(!mdp.d_qname.empty() && domain.toString().find((char)0) == string::npos /* ugly */) {// embedded nulls are too noisy, plus empty domains are too
e6a9dde5	262	g_log<<Logger::Notice<<"Packet purporting to come from remote server "<<ip.toString()<<" contained wrong answer: '" << domain << "' != '" << mdp.d_qname << "'" << endl;
01608dca	263	}
284aa5c2	264	// unexpected count has already been done @ pdns_recursor.cc
2353fffa BH	265	goto out;
2353fffa BH	266	}
f128d20d RG	267
f128d20d RG	268	lwr->d_records.reserve(mdp.d_answers.size());
e325f20c	269	for(const auto& a : mdp.d_answers)
e325f20c	270	lwr->d_records.push_back(a.first);
81883dcc BH	271
81883dcc BH	272	EDNSOpts edo;
57769f13	273	if(EDNS0Level > 0 && getEDNSOpts(mdp, &edo)) {
81883dcc	274	lwr->d_haveEDNS = true;
376effcf	275
7bb598a0	276	if(weWantEDNSSubnet) {
7bb598a0	277	for(const auto& opt : edo.d_options) {
30d4402d	278	if(opt.first==EDNSOptionCode::ECS) {
7bb598a0	279	EDNSSubnetOpts reso;
	280	if(getEDNSSubnetOptsFromString(opt.second, &reso)) {
	281	// cerr<<"EDNS Subnet response: "<<reso.source.toString()<<", scope: "<<reso.scope.toString()<<", family = "<<reso.scope.getNetwork().sin4.sin_family<<endl;
fe61f5d8 RG	282	/* rfc7871 states that 0 "indicate[s] that the answer is suitable for all addresses in FAMILY",
	283	so we might want to still pass the information along to be able to differentiate between
	284	IPv4 and IPv6. Still I'm pretty sure it doesn't matter in real life, so let's not duplicate
	285	entries in our cache. */
30d4402d RG	286	if(reso.scope.getBits()) {
	287	uint8_t bits = std::min(reso.scope.getBits(), outgoingECSBits);
	288	outgoingECSAddr.truncate(bits);
	289	srcmask = Netmask(outgoingECSAddr, bits);
	290	}
7bb598a0	291	}
	292	}
	293	}
376effcf	294	}
81883dcc BH	295	}
81883dcc BH	296
4898a348	297	#ifdef HAVE_PROTOBUF
b773359c RG	298	if(outgoingLoggers) {
b773359c RG	299	logIncomingResponse(outgoingLoggers, context ? context->d_initialRequestId : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_records, queryTime, exportTypes);
4898a348 RG	300	}
4898a348 RG	301	#endif
269ac73d	302	lwr->d_validpacket=true;
263f6a5a	303	return 1;
c836dc19	304	}
fdbf35ac	305	catch(std::exception &mde) {
aab4adb0	306	if(::arg().mustDo("log-common-errors"))
e6a9dde5	307	g_log<<Logger::Notice<<"Unable to parse packet from remote server "<<ip.toString()<<": "<<mde.what()<<endl;
81883dcc	308	lwr->d_rcode = RCode::FormErr;
4898a348 RG	309	g_stats.serverParseError++;
4898a348 RG	310	#ifdef HAVE_PROTOBUF
b773359c RG	311	if(outgoingLoggers) {
b773359c RG	312	logIncomingResponse(outgoingLoggers, context ? context->d_initialRequestId : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_records, queryTime, exportTypes);
4898a348 RG	313	}
4898a348 RG	314	#endif
269ac73d	315	lwr->d_validpacket=false;
81883dcc	316	return 1; // success - oddly enough
aab4adb0	317	}
c836dc19	318	catch(...) {
e6a9dde5	319	g_log<<Logger::Notice<<"Unknown error parsing packet from remote server"<<endl;
c836dc19	320	}
263f6a5a	321
aab4adb0	322	g_stats.serverParseError++;
263f6a5a	323
2353fffa	324	out:
81883dcc BH	325	if(!lwr->d_rcode)
81883dcc BH	326	lwr->d_rcode=RCode::ServFail;
263f6a5a BH	327
263f6a5a BH	328	return -1;
e14f094b BH	329	}
e14f094b BH	330