scrubbing routines.

git-svn-id: file:///svn/unbound/trunk@354 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 6f97eede3925e34f0970137fcced1b83310245f4..75a352889d5f68b6887ee5b7fc04e2c4f1ff1e7b 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+1 June 2007: Wouter
+       - normalize incoming messages. Like unbound-java, with CNAME chain
+         checked, DNAME checked, CNAME's synthesized, glue checked.
+       - sanitize incoming messages.
+
 31 May 2007: Wouter
        - querytargets state.
        - dname_subdomain_c() routine.

diff --git a/doc/TODO b/doc/TODO
index 22903baa3a175548a1d16c453eeb19a9440c970a..d6ab8671dc2bdecfe36f30a07de40e06fa6ee1ea 100644 (file)
--- a/doc/TODO
+++ b/doc/TODO
@@ -22,3 +22,4 @@ o understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
 o understand NSEC/NSEC3, aggressive negative caching, so that updates to
   NSEC/NSEC3 will result in proper negative responses.
 o fallback without EDNS if result is NOTIMPL, now only on FORMERR like in java.
+o scrubber has slow pkt_subdomain and pkt_strict_subdomain functions.

diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
index 5d7151aafb0fd760cfe2ff626d6166b6133217c4..6d8cfc56d3d275c12590807338013147d4d99cc5 100644 (file)
--- a/iterator/iter_scrub.c
+++ b/iterator/iter_scrub.c
@@ -43,10 +43,253 @@
 #include "iterator/iter_scrub.h"
 #include "util/log.h"
 #include "util/net_help.h"
+#include "util/region-allocator.h"
 #include "util/data/msgparse.h"
 #include "util/data/dname.h"
 #include "util/data/msgreply.h"
 
+/** RRset flag used during scrubbing. The RRset is OK. */
+#define RRSET_SCRUB_OK 0x80
+
+/** remove rrset, update loop variables */
+static void
+remove_rrset(const char* str, ldns_buffer* pkt, struct msg_parse* msg, 
+       struct rrset_parse* prev, struct rrset_parse** rrset)
+{
+       if(verbosity >= VERB_ALGO 
+               && (*rrset)->dname_len <= LDNS_MAX_DOMAINLEN) {
+               uint8_t buf[LDNS_MAX_DOMAINLEN+1];
+               dname_pkt_copy(pkt, buf, (*rrset)->dname);
+               log_nametypeclass(str, buf, 
+                       (*rrset)->type, ntohs((*rrset)->rrset_class));
+       }
+       if(prev)
+               prev->rrset_all_next = (*rrset)->rrset_all_next;
+       else    msg->rrset_first = (*rrset)->rrset_all_next;
+       if(msg->rrset_last == *rrset)
+               msg->rrset_last = prev;
+       msg->rrset_count --;
+       switch((*rrset)->section) {
+               case LDNS_SECTION_ANSWER: msg->an_rrsets--; break;
+               case LDNS_SECTION_AUTHORITY: msg->ns_rrsets--; break;
+               case LDNS_SECTION_ADDITIONAL: msg->ar_rrsets--; break;
+               default: log_assert(0);
+       }
+       msgparse_bucket_remove(msg, *rrset);
+       *rrset = (*rrset)->rrset_all_next;
+}
+
+/** return true if rr type has additional names in it */
+static int
+has_additional(uint16_t t)
+{
+       switch(t) {
+               case LDNS_RR_TYPE_MB:
+               case LDNS_RR_TYPE_MD:
+               case LDNS_RR_TYPE_MF:
+               case LDNS_RR_TYPE_NS:
+               case LDNS_RR_TYPE_MX:
+               case LDNS_RR_TYPE_KX:
+               case LDNS_RR_TYPE_SRV:
+                       return 1;
+               case LDNS_RR_TYPE_NAPTR:
+                       /* TODO: NAPTR not supported, glue stripped off */
+                       return 0;
+               default:
+                       return 0;
+       }
+       return 0;
+}
+
+/** get additional name from rrset RR, return false if no name present */
+static int
+get_additional_name(struct rrset_parse* rrset, struct rr_parse* rr, 
+       uint8_t** nm, size_t* nmlen, ldns_buffer* pkt) 
+{
+       size_t offset = 0;
+       size_t len, oldpos;
+       switch(rrset->type) {
+               case LDNS_RR_TYPE_MB:
+               case LDNS_RR_TYPE_MD:
+               case LDNS_RR_TYPE_MF:
+               case LDNS_RR_TYPE_NS:
+                       offset = 0;
+                       break;
+               case LDNS_RR_TYPE_MX:
+               case LDNS_RR_TYPE_KX:
+                       offset = 2;
+                       break;
+               case LDNS_RR_TYPE_SRV:
+                       offset = 6;
+                       break;
+               case LDNS_RR_TYPE_NAPTR:
+                       /* TODO: NAPTR not supported, glue stripped off */
+                       return 0;
+               default:
+                       return 0;
+       }
+       len = ldns_read_uint16(rr->ttl_data+sizeof(uint32_t));
+       if(len < offset+1)
+               return 0; /* rdata field too small */
+       *nm = rr->ttl_data+sizeof(uint32_t)+sizeof(uint16_t)+offset;
+       oldpos = ldns_buffer_position(pkt);
+       ldns_buffer_set_position(pkt, (size_t)(*nm - ldns_buffer_begin(pkt)));
+       *nmlen = pkt_dname_len(pkt);
+       ldns_buffer_set_position(pkt, oldpos);
+       if(*nmlen == 0)
+               return 0;
+       return 1;
+}
+
+/** Place mark on rrsets in additional section they are OK */
+static void
+mark_additional_rrset(ldns_buffer* pkt, struct msg_parse* msg, 
+       struct rrset_parse* rrset)
+{
+       /* Mark A and AAAA for NS as appropriate additional section info. */
+       uint8_t* nm = NULL;
+       size_t nmlen = 0;
+       struct rr_parse* rr;
+
+       if(!has_additional(rrset->type))
+               return;
+       for(rr = rrset->rr_first; rr; rr = rr->next) {
+               if(get_additional_name(rrset, rr, &nm, &nmlen, pkt)) {
+                       /* mark A */
+                       hashvalue_t h = pkt_hash_rrset(pkt, nm, LDNS_RR_TYPE_A, 
+                               rrset->rrset_class, 0);
+                       struct rrset_parse* r = msgparse_hashtable_lookup(
+                               msg, pkt, h, 0, nm, nmlen, 
+                               LDNS_RR_TYPE_A, rrset->rrset_class);
+                       if(r && r->section == LDNS_SECTION_ADDITIONAL) {
+                               r->flags |= RRSET_SCRUB_OK;
+                       }
+                       
+                       /* mark AAAA */
+                       h = pkt_hash_rrset(pkt, nm, LDNS_RR_TYPE_AAAA, 
+                               rrset->rrset_class, 0);
+                       r = msgparse_hashtable_lookup(msg, pkt, h, 0, nm, 
+                               nmlen, LDNS_RR_TYPE_AAAA, rrset->rrset_class);
+                       if(r && r->section == LDNS_SECTION_ADDITIONAL) {
+                               r->flags |= RRSET_SCRUB_OK;
+                       }
+               }
+       }
+}
+
+/** Get target name of a CNAME */
+static int
+parse_get_cname_target(struct rrset_parse* rrset, uint8_t** sname, 
+       size_t* snamelen)
+{
+       if(rrset->rr_count != 1) {
+               verbose(VERB_ALGO, "Found CNAME rrset with "
+                       "size > 1: %d", rrset->rr_count);
+               return 0;
+       }
+       if(rrset->rr_first->size < sizeof(uint16_t)+1)
+               return 0; /* CNAME rdata too small */
+       *sname = rrset->rr_first->ttl_data + sizeof(uint32_t)
+               + sizeof(uint16_t); /* skip ttl, rdatalen */
+       *snamelen = rrset->rr_first->size - sizeof(uint16_t);
+       return 1;
+}
+
+/** Synthesize CNAME from DNAME, false if too long */
+static int 
+synth_cname(uint8_t* qname, size_t qnamelen, struct rrset_parse* dname_rrset, 
+       uint8_t* alias, size_t* aliaslen, ldns_buffer* pkt)
+{
+       /* we already know that sname is a strict subdomain of DNAME owner */
+       uint8_t* dtarg = NULL;
+       size_t dtarglen;
+       if(!parse_get_cname_target(dname_rrset, &dtarg, &dtarglen))
+               return 0; 
+       log_assert(qnamelen > dname_rrset->dname_len);
+       /* DNAME from com. to net. with qname example.com. -> example.net. */
+       /* so: \3com\0 to \3net\0 and qname \7example\3com\0 */
+       *aliaslen = qnamelen + dtarglen - dname_rrset->dname_len;
+       if(*aliaslen > LDNS_MAX_DOMAINLEN)
+               return 0; /* should have been RCODE YXDOMAIN */
+       /* decompress dnames into buffer, we know it fits */
+       dname_pkt_copy(pkt, alias, qname);
+       dname_pkt_copy(pkt, alias+(qnamelen-dname_rrset->dname_len), dtarg);
+       return 1;
+}
+
+/** synthesize a CNAME rrset */
+static struct rrset_parse*
+synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias, 
+       size_t aliaslen, struct region* region, struct msg_parse* msg, 
+       struct rrset_parse* rrset, struct rrset_parse* prev,
+       struct rrset_parse* nx, ldns_buffer* pkt)
+{
+       struct rrset_parse* cn = (struct rrset_parse*)region_alloc(region,
+               sizeof(struct rrset_parse));
+       if(!cn)
+               return NULL;
+       memset(cn, 0, sizeof(*cn));
+       cn->rr_first = (struct rr_parse*)region_alloc(region, 
+               sizeof(struct rr_parse));
+       if(!cn->rr_first)
+               return NULL;
+       cn->rr_last = cn->rr_first;
+       /* CNAME from sname to alias */
+       cn->dname = (uint8_t*)region_alloc_init(region, *sname, *snamelen);
+       cn->dname_len = *snamelen;
+       cn->type = LDNS_RR_TYPE_CNAME;
+       cn->section = rrset->section;
+       cn->rrset_class = rrset->rrset_class;
+       cn->rr_count = 1;
+       cn->size = sizeof(uint16_t) + aliaslen;
+       cn->hash=pkt_hash_rrset(pkt, cn->dname, cn->type, cn->rrset_class, 0);
+       /* allocate TTL + rdatalen + uncompressed dname */
+       memset(cn->rr_first, 0, sizeof(struct rr_parse));
+       cn->rr_first->ttl_data = (uint8_t*)region_alloc(region, 
+               sizeof(uint32_t)+sizeof(uint16_t)+aliaslen);
+       if(!cn->rr_first->ttl_data)
+               return NULL;
+       ldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */
+       ldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen);
+       memmove(cn->rr_first->ttl_data+6, alias, aliaslen);
+       cn->rr_first->size = sizeof(uint16_t)+aliaslen;
+
+       /* link it in */
+       cn->rrset_all_next = nx;
+       if(prev)
+               prev->rrset_all_next = cn;
+       else    msg->rrset_first = cn;
+       if(nx == NULL)
+               msg->rrset_last = cn;
+       msg->rrset_count ++;
+       msg->an_rrsets++;
+       /* it is not inserted in the msg hashtable. */
+
+       *sname = cn->rr_first->ttl_data + sizeof(uint32_t)+sizeof(uint16_t);
+       *snamelen = aliaslen;
+       return cn;
+}
+
+/** check if DNAME applies to a name */
+static int
+pkt_strict_sub(ldns_buffer* pkt, uint8_t* sname, uint8_t* dr)
+{
+       uint8_t buf[LDNS_MAX_DOMAINLEN+1];
+       /* decompress DNAME name */
+       dname_pkt_copy(pkt, buf, dr);
+       return dname_strict_subdomain_c(sname, buf);
+}
+
+/** check subdomain with decompression */
+static int
+pkt_sub(ldns_buffer* pkt, uint8_t* sname, uint8_t* dr)
+{
+       uint8_t buf[LDNS_MAX_DOMAINLEN+1];
+       /* decompress DNAME name */
+       dname_pkt_copy(pkt, buf, dr);
+       return dname_subdomain_c(sname, buf);
+}
+
 /**
  * This routine normalizes a response. This includes removing "irrelevant"
  * records from the answer and additional sections and (re)synthesizing
@@ -64,7 +307,7 @@ scrub_normalize(ldns_buffer* pkt, struct msg_parse* msg,
 {
        uint8_t* sname = qinfo->qname;
        size_t snamelen = qinfo->qname_len;
-       struct rrset_parse* rrset, *prev=NULL;
+       struct rrset_parse* rrset, *prev;
 
        if(FLAGS_GET_RCODE(msg->flags) != LDNS_RCODE_NOERROR &&
                FLAGS_GET_RCODE(msg->flags) != LDNS_RCODE_NXDOMAIN)
@@ -74,69 +317,169 @@ scrub_normalize(ldns_buffer* pkt, struct msg_parse* msg,
         * synthesized CNAMEs from DNAMEs
         * This will strip out-of-order CNAMEs as well. */
 
-       for(rrset = msg->rrset_first; rrset; (prev=rrset),(rrset=rrset->rrset_all_next)) 
-       {
-               if(rrset->section != LDNS_SECTION_ANSWER)
-                       continue;
+       /* walk through the parse packet rrset list, keep track of previous
+        * for insert and delete ease, and examine every RRset */
+       prev = NULL;
+       rrset = msg->rrset_first;
+       while(rrset && rrset->section == LDNS_SECTION_ANSWER) {
                if(rrset->type == LDNS_RR_TYPE_DNAME && 
-                       dname_strict_subdomain_c(sname, rrset->dname)) {
+                       pkt_strict_sub(pkt, sname, rrset->dname)) {
+                       /* check if next rrset is correct CNAME. else,
+                        * synthesize a CNAME */
+                       struct rrset_parse* nx = rrset->rrset_all_next;
+                       uint8_t alias[LDNS_MAX_DOMAINLEN+1];
+                       size_t aliaslen = 0;
                        if(rrset->rr_count != 1) {
                                verbose(VERB_ALGO, "Found DNAME rrset with "
                                        "size > 1: %d", rrset->rr_count);
                                return 0;
                        }
-                       /* check if next rrset is correct CNAME. else,
-                        * synthesize a CNAME */
-                       /* if nametoolong, return 0 (should been YXDOMAIN) */
+                       if(!synth_cname(sname, snamelen, rrset, alias, 
+                               &aliaslen, pkt)) {
+                               verbose(VERB_ALGO, "synthesized CNAME "
+                                       "too long");
+                               return 0;
+                       }
+                       if(nx && nx->type == LDNS_RR_TYPE_CNAME && 
+                          dname_pkt_compare(pkt, sname, nx->dname) == 0) {
+                               /* check next cname */
+                               uint8_t* t = NULL;
+                               size_t tlen = 0;
+                               if(!parse_get_cname_target(rrset, &t, &tlen))
+                                       return 0;
+                               if(dname_pkt_compare(pkt, alias, t) == 0) {
+                                       /* it's OK and better capitalized */
+                                       prev = rrset;
+                                       rrset = nx;
+                                       continue;
+                               }
+                               /* synth ourselves */
+                       }
+                       /* synth a CNAME rrset */
+                       prev = synth_cname_rrset(&sname, &snamelen, alias, 
+                               aliaslen, region, msg, rrset, prev, nx, pkt);
+                       if(!prev) {
+                               log_err("out of memory synthesizing CNAME");
+                               return 0;
+                       }
+                       /* FIXME: resolve the conflict between synthesized 
+                        * CNAME ttls and the cache. */
+                       rrset = nx;
                        continue;
+
                }
 
                /* The only records in the ANSWER section not allowed to */
                if(dname_pkt_compare(pkt, sname, rrset->dname) != 0) {
-                       /* TODO remove_rrset(pkt, msg, prev, rrset); */
+                       remove_rrset("normalize: removing irrelevant RRset:", 
+                               pkt, msg, prev, &rrset);
                        continue;
                }
 
                /* Follow the CNAME chain. */
                if(rrset->type == LDNS_RR_TYPE_CNAME) {
-                       if(rrset->rr_count != 1) {
-                               verbose(VERB_ALGO, "Found CNAME rrset with "
-                                       "size > 1: %d", rrset->rr_count);
+                       if(!parse_get_cname_target(rrset, &sname, &snamelen))
                                return 0;
-                       }
-                       if(rrset->rr_first->size < sizeof(uint16_t)+1)
-                               return 0; /* CNAME rdata too small */
-                       sname = rrset->rr_first->ttl_data + sizeof(uint32_t)
-                               + sizeof(uint16_t); /* skip ttl, rdatalen */
-                       snamelen = rrset->rr_first->size - sizeof(uint16_t);
+                       prev = rrset;
+                       rrset = rrset->rrset_all_next;
+                       continue;
                }
 
                /* Otherwise, make sure that the RRset matches the qtype. */
                if(qinfo->qtype != LDNS_RR_TYPE_ANY && 
                        qinfo->qtype != rrset->type) {
-                       /*TODO: remove_rrset(); */
+                       remove_rrset("normalize: removing irrelevant RRset:", 
+                               pkt, msg, prev, &rrset);
+                       continue;
                }
 
-               /* Otherwise, fetch the additional names from the 
-                * relevant rrset. */
-               /* store additional names from rrset rdata */
+               /* Mark the additional names from relevant rrset as OK. */
+               mark_additional_rrset(pkt, msg, rrset);
+               
+               prev = rrset;
+               rrset = rrset->rrset_all_next;
        }
 
-       /* Get additional names from AUTHORITY */
-       /* go through authority section, store add. names from rrdat rdata */
+       /* Mark additional names from AUTHORITY */
+       while(rrset && rrset->section == LDNS_SECTION_AUTHORITY) {
+               mark_additional_rrset(pkt, msg, rrset);
+               prev = rrset;
+               rrset = rrset->rrset_all_next;
+       }
 
        /* For each record in the additional section, remove it if it is an
         * address record and not in the collection of additional names 
         * found in ANSWER and AUTHORITY. */
+       /* These records have not been marked OK previously */
+       while(rrset && rrset->section == LDNS_SECTION_ADDITIONAL) {
+               /* FIXME: what about other types? */
+               if(rrset->type==LDNS_RR_TYPE_A || 
+                       rrset->type==LDNS_RR_TYPE_AAAA) 
+               {
+                       if((rrset->flags & RRSET_SCRUB_OK)) {
+                               /* remove flag to clean up flags variable */
+                               rrset->flags &= ~RRSET_SCRUB_OK;
+                       } else {
+                               remove_rrset("normalize: removing irrelevant "
+                                       "RRset:", pkt, msg, prev, &rrset);
+                               continue;
+                       }
+               }
+               prev = rrset;
+               rrset = rrset->rrset_all_next;
+       }
        
-       /* FIXME: what about other types? */
+       return 1;
+}
+
+/**
+ * Given a response event, remove suspect RRsets from the response.
+ * "Suspect" rrsets are potentially poison. Note that this routine expects
+ * the response to be in a "normalized" state -- that is, all "irrelevant"
+ * RRsets have already been removed, CNAMEs are in order, etc.
+ *
+ * @param pkt: packet.
+ * @param msg: msg to normalize.
+ * @param zonename: name of server zone.
+ * @return 0 on error.
+ */
+static int
+scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg, uint8_t* zonename)
+{
+       struct rrset_parse* rrset, *prev;
+       prev = NULL;
+       rrset = msg->rrset_first;
+
+       /* At this point, we brutally remove ALL rrsets that aren't 
+        * children of the originating zone. The idea here is that, 
+        * as far as we know, the server that we contacted is ONLY 
+        * authoritative for the originating zone. It, of course, MAY 
+        * be authoriative for any other zones, and of course, MAY 
+        * NOT be authoritative for some subdomains of the originating 
+        * zone. */
+       while(rrset) {
+               
+               /* skip DNAME records -- they will always be followed by a 
+                * synthesized CNAME, which will be relevant.
+                * FIXME: should this do something differently with DNAME 
+                * rrsets NOT in Section.ANSWER? */
+               /* But since DNAME records are also subdomains of the zone,
+                * same check can be used */
+
+               if(!pkt_sub(pkt, rrset->dname, zonename)) {
+                       remove_rrset("sanitize: removing potential poison "
+                               "RRset:", pkt, msg, prev, &rrset);
+                       continue;
+               }
+               prev = rrset;
+               rrset = rrset->rrset_all_next;
+       }
        return 1;
 }
 
 int 
 scrub_message(ldns_buffer* pkt, struct msg_parse* msg, 
-       struct query_info* qinfo, uint8_t* zonename, size_t zonelen,
-       struct region* region)
+       struct query_info* qinfo, uint8_t* zonename, struct region* region)
 {
        /* things to check:
         * if qdcount > 0 : qinfo.
@@ -158,8 +501,11 @@ scrub_message(ldns_buffer* pkt, struct msg_parse* msg,
                        return 0;
        }
 
-       /* normalize the response */
+       /* normalize the response, this cleans up the additional.  */
        if(!scrub_normalize(pkt, msg, qinfo, region))
                return 0;
+       /* delete all out-of-zone information */
+       if(!scrub_sanitize(pkt, msg, zonename))
+               return 0;
        return 1;
 }

diff --git a/iterator/iter_scrub.h b/iterator/iter_scrub.h
index 8f32cea961abd3396124b45c5f63f83b1c9b45ad..68f3ce9b239b53d0b1f8175fcbea0313204bee4e 100644 (file)
--- a/iterator/iter_scrub.h
+++ b/iterator/iter_scrub.h
@@ -54,12 +54,10 @@ struct region;
  * @param qinfo: the query info that was sent to the server. Checked.
  * @param zonename: the name of the last delegation point.
  *     Used to determine out of bailiwick information.
- * @param zonelen: length of zonename.
  * @param region: where to allocate (new) parts of the message.
  * @return: false if the message is total waste. true if scrubbed with success.
  */
 int scrub_message(ldns_buffer* pkt, struct msg_parse* msg, 
-       struct query_info* qinfo, uint8_t* zonename, size_t zonelen, 
-       struct region* region);
+       struct query_info* qinfo, uint8_t* zonename, struct region* region);
 
 #endif /* ITERATOR_ITER_SCRUB_H */

diff --git a/iterator/iterator.c b/iterator/iterator.c
index 412b075bade6385bb56c3e2d278140a8e38d6d6d..c6c22f00be6da5d6e4401f92dab2162d85d65b55 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -1218,8 +1218,8 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq,
                goto handle_it;
 
        /* normalize and sanitize: easy to delete items from linked lists */
-       if(!scrub_message(pkt, prs, &qstate->qinfo, 
-               iq->dp->name, iq->dp->namelen, qstate->scratch))
+       if(!scrub_message(pkt, prs, &qstate->qinfo, iq->dp->name, 
+               qstate->scratch))
                goto handle_it;
 
        /* allocate response dns_msg in region */

diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index 8a47f22f1e950918d51a87d4071a9443a62f4513..ac01bddcc09e4dfca5d71cc7a7375c70f0bd6503 100644 (file)
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -152,8 +152,7 @@ pkt_rrset_flags(ldns_buffer* pkt, uint16_t type)
        return f;
 }
 
-/** Calculate hash value for rrset in packet. */
-static hashvalue_t
+hashvalue_t
 pkt_hash_rrset(ldns_buffer* pkt, uint8_t* dname, uint16_t type, 
        uint16_t dclass, uint32_t rrset_flags)
 {
@@ -181,12 +180,9 @@ rrset_parse_equals(struct rrset_parse* p, ldns_buffer* pkt, hashvalue_t h,
 }
 
 
-/**
- * Lookup in msg hashtable to find a rrset
- */
-static struct rrset_parse*
-hashtable_lookup(struct msg_parse* msg, ldns_buffer* pkt, hashvalue_t h, 
-       uint32_t rrset_flags, uint8_t* dname, size_t dnamelen, 
+struct rrset_parse*
+msgparse_hashtable_lookup(struct msg_parse* msg, ldns_buffer* pkt, 
+       hashvalue_t h, uint32_t rrset_flags, uint8_t* dname, size_t dnamelen, 
        uint16_t type, uint16_t dclass)
 {
        struct rrset_parse* p = msg->hashtable[h & (PARSE_TABLE_SIZE-1)];
@@ -228,9 +224,8 @@ pkt_rrsig_covered_equals(ldns_buffer* pkt, uint8_t* here, uint16_t type)
        return 0;
 }
 
-/** remove rrset from hash list */
-static void
-bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset)
+void
+msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset)
 {
        struct rrset_parse** p;
        p = &msg->hashtable[ rrset->hash & (PARSE_TABLE_SIZE-1) ];
@@ -377,7 +372,7 @@ change_rrsig_rrset(struct rrset_parse* sigset, struct msg_parse* msg,
                return dataset;
        }
        /* changeover the type of the rrset to data set */
-       bucket_remove(msg, dataset);
+       msgparse_bucket_remove(msg, dataset);
        /* insert into new hash bucket */
        dataset->rrset_bucket_next = msg->hashtable[hash&(PARSE_TABLE_SIZE-1)];
        msg->hashtable[hash&(PARSE_TABLE_SIZE-1)] = dataset;
@@ -454,15 +449,16 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname,
                ldns_buffer_current(pkt), &covtype)) {
                *hash = pkt_hash_rrset(pkt, dname, covtype, dclass, 
                        *rrset_flags);
-               *rrset_prev = hashtable_lookup(msg, pkt, *hash, *rrset_flags, 
-                       dname, dnamelen, covtype, dclass);
+               *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, 
+                       *rrset_flags, dname, dnamelen, covtype, dclass);
                if(!*rrset_prev && covtype == LDNS_RR_TYPE_NSEC) {
                        /* if NSEC try with NSEC apex bit twiddled */
                        *rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX;
                        *hash = pkt_hash_rrset(pkt, dname, covtype, dclass, 
                                *rrset_flags);
-                       *rrset_prev = hashtable_lookup(msg, pkt, *hash, 
-                               *rrset_flags, dname, dnamelen, covtype, dclass);
+                       *rrset_prev = msgparse_hashtable_lookup(msg, pkt, 
+                               *hash, *rrset_flags, dname, dnamelen, covtype, 
+                               dclass);
                }
                if(*rrset_prev) {
                        *prev_dname_first = (*rrset_prev)->dname;
@@ -478,8 +474,9 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname,
                /* find matching rrsig */
                *hash = pkt_hash_rrset(pkt, dname, LDNS_RR_TYPE_RRSIG, 
                        dclass, *rrset_flags);
-               *rrset_prev = hashtable_lookup(msg, pkt, *hash, *rrset_flags, 
-                       dname, dnamelen, LDNS_RR_TYPE_RRSIG, dclass);
+               *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, 
+                       *rrset_flags, dname, dnamelen, LDNS_RR_TYPE_RRSIG, 
+                       dclass);
                if(*rrset_prev && rrset_has_sigover(pkt, *rrset_prev, type,
                        &hasother)) {
                        /* yes! */
@@ -497,7 +494,7 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname,
        }
 
        *hash = pkt_hash_rrset(pkt, dname, type, dclass, *rrset_flags);
-       *rrset_prev = hashtable_lookup(msg, pkt, *hash, *rrset_flags, 
+       *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, *rrset_flags, 
                dname, dnamelen, type, dclass);
        if(*rrset_prev)
                *prev_dname_first = (*rrset_prev)->dname;

diff --git a/util/data/msgparse.h b/util/data/msgparse.h
index 16b568f2d61e8c2897d3d7c4a713f21020954ba1..e0b8a228cfb273fb871a9fbec0d627dfcf65b1ff 100644 (file)
--- a/util/data/msgparse.h
+++ b/util/data/msgparse.h
@@ -255,4 +255,39 @@ int parse_extract_edns(struct msg_parse* msg, struct edns_data* edns);
  */
 int parse_edns_from_pkt(ldns_buffer* pkt, struct edns_data* edns);
 
+/**
+ * Calculate hash value for rrset in packet.
+ * @param pkt: the packet.
+ * @param dname: pointer to uncompressed dname, or compressed dname in packet.
+ * @param type: rrset type in host order.
+ * @param dclass: rrset class in network order.
+ * @param rrset_flags: rrset flags (same as packed_rrset flags).
+ * @return hash value
+ */
+hashvalue_t pkt_hash_rrset(ldns_buffer* pkt, uint8_t* dname, uint16_t type,
+        uint16_t dclass, uint32_t rrset_flags);
+
+/**
+ * Lookup in msg hashtable to find a rrset.
+ * @param msg: with the hashtable.
+ * @param pkt: packet for compressed names.
+ * @param h: hash value
+ * @param rrset_flags: flags of rrset sought for.
+ * @param dname: name of rrset sought for.
+ * @param dnamelen: len of dname.
+ * @param type: rrset type, host order.
+ * @param dclass: rrset class, network order.
+ * @return NULL or the rrset_parse if found.
+ */
+struct rrset_parse* msgparse_hashtable_lookup(struct msg_parse* msg, 
+       ldns_buffer* pkt, hashvalue_t h, uint32_t rrset_flags, 
+       uint8_t* dname, size_t dnamelen, uint16_t type, uint16_t dclass);
+
+/**
+ * Remove rrset from hash table.
+ * @param msg: with hashtable.
+ * @param rrset: with hash value and id info.
+ */
+void msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset);
+
 #endif /* UTIL_DATA_MSGPARSE_H */