+ entry = g_hash_table_lookup(cache, question);
+ if (!entry)
+ return NULL;
+
+ type = cache_check_validity(question, type, entry);
+ if (type == 0)
+ return NULL;
+
+ *qtype = type;
+ return entry;
+}
+
+/*
+ * Get a label/name from DNS resource record. The function decompresses the
+ * label if necessary. The function does not convert the name to presentation
+ * form. This means that the result string will contain label lengths instead
+ * of dots between labels. We intentionally do not want to convert to dotted
+ * format so that we can cache the wire format string directly.
+ */
+static int get_name(int counter,
+ unsigned char *pkt, unsigned char *start, unsigned char *max,
+ unsigned char *output, int output_max, int *output_len,
+ unsigned char **end, char *name, size_t max_name, int *name_len)
+{
+ unsigned char *p;
+
+ /* Limit recursion to 10 (this means up to 10 labels in domain name) */
+ if (counter > 10)
+ return -EINVAL;
+
+ p = start;
+ while (*p) {
+ if ((*p & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
+ uint16_t offset = (*p & 0x3F) * 256 + *(p + 1);
+
+ if (offset >= max - pkt)
+ return -ENOBUFS;
+
+ if (!*end)
+ *end = p + 2;
+
+ return get_name(counter + 1, pkt, pkt + offset, max,
+ output, output_max, output_len, end,
+ name, max_name, name_len);
+ } else {
+ unsigned label_len = *p;
+
+ if (pkt + label_len > max)
+ return -ENOBUFS;
+
+ if (*output_len > output_max)
+ return -ENOBUFS;
+
+ if ((*name_len + 1 + label_len + 1) > max_name)
+ return -ENOBUFS;
+
+ /*
+ * We need the original name in order to check
+ * if this answer is the correct one.
+ */
+ name[(*name_len)++] = label_len;
+ memcpy(name + *name_len, p + 1, label_len + 1);
+ *name_len += label_len;
+
+ /* We compress the result */
+ output[0] = NS_CMPRSFLGS;
+ output[1] = 0x0C;
+ *output_len = 2;
+
+ p += label_len + 1;
+
+ if (!*end)
+ *end = p;
+
+ if (p >= max)
+ return -ENOBUFS;
+ }
+ }
+
+ return 0;
+}
+
+static int parse_rr(unsigned char *buf, unsigned char *start,
+ unsigned char *max,
+ unsigned char *response, unsigned int *response_size,
+ uint16_t *type, uint16_t *class, int *ttl, int *rdlen,
+ unsigned char **end,
+ char *name, size_t max_name)
+{
+ struct domain_rr *rr;
+ int err, offset;
+ int name_len = 0, output_len = 0, max_rsp = *response_size;
+
+ err = get_name(0, buf, start, max, response, max_rsp,
+ &output_len, end, name, max_name, &name_len);
+ if (err < 0)
+ return err;
+
+ offset = output_len;
+
+ if ((unsigned int) offset > *response_size)
+ return -ENOBUFS;
+
+ rr = (void *) (*end);
+
+ if (!rr)
+ return -EINVAL;
+
+ *type = ntohs(rr->type);
+ *class = ntohs(rr->class);
+ *ttl = ntohl(rr->ttl);
+ *rdlen = ntohs(rr->rdlen);
+
+ if (*ttl < 0)
+ return -EINVAL;
+
+ memcpy(response + offset, *end, sizeof(struct domain_rr));
+
+ offset += sizeof(struct domain_rr);
+ *end += sizeof(struct domain_rr);
+
+ if ((unsigned int) (offset + *rdlen) > *response_size)
+ return -ENOBUFS;
+
+ memcpy(response + offset, *end, *rdlen);
+
+ *end += *rdlen;
+
+ *response_size = offset + *rdlen;
+
+ return 0;
+}
+
+static bool check_alias(GSList *aliases, char *name)
+{
+ GSList *list;
+
+ if (aliases) {
+ for (list = aliases; list; list = list->next) {
+ int len = strlen((char *)list->data);
+ if (strncmp((char *)list->data, name, len) == 0)
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static int parse_response(unsigned char *buf, int buflen,
+ char *question, int qlen,
+ uint16_t *type, uint16_t *class, int *ttl,
+ unsigned char *response, unsigned int *response_len,
+ uint16_t *answers)
+{
+ struct domain_hdr *hdr = (void *) buf;
+ struct domain_question *q;
+ unsigned char *ptr;
+ uint16_t qdcount = ntohs(hdr->qdcount);
+ uint16_t ancount = ntohs(hdr->ancount);
+ int err, i;
+ uint16_t qtype, qclass;
+ unsigned char *next = NULL;
+ unsigned int maxlen = *response_len;
+ GSList *aliases = NULL, *list;
+ char name[NS_MAXDNAME + 1];
+
+ if (buflen < 12)
+ return -EINVAL;
+
+ debug("qr %d qdcount %d", hdr->qr, qdcount);
+
+ /* We currently only cache responses where question count is 1 */
+ if (hdr->qr != 1 || qdcount != 1)
+ return -EINVAL;
+
+ ptr = buf + sizeof(struct domain_hdr);
+
+ strncpy(question, (char *) ptr, qlen);
+ qlen = strlen(question);
+ ptr += qlen + 1; /* skip \0 */
+
+ q = (void *) ptr;
+ qtype = ntohs(q->type);
+
+ /* We cache only A and AAAA records */
+ if (qtype != 1 && qtype != 28)
+ return -ENOMSG;
+
+ qclass = ntohs(q->class);
+
+ ptr += 2 + 2; /* ptr points now to answers */
+
+ err = -ENOMSG;
+ *response_len = 0;
+ *answers = 0;
+
+ memset(name, 0, sizeof(name));
+
+ /*
+ * We have a bunch of answers (like A, AAAA, CNAME etc) to
+ * A or AAAA question. We traverse the answers and parse the
+ * resource records. Only A and AAAA records are cached, all
+ * the other records in answers are skipped.
+ */
+ for (i = 0; i < ancount; i++) {
+ /*
+ * Get one address at a time to this buffer.
+ * The max size of the answer is
+ * 2 (pointer) + 2 (type) + 2 (class) +
+ * 4 (ttl) + 2 (rdlen) + addr (16 or 4) = 28
+ * for A or AAAA record.
+ * For CNAME the size can be bigger.
+ */
+ unsigned char rsp[NS_MAXCDNAME];
+ unsigned int rsp_len = sizeof(rsp) - 1;
+ int ret, rdlen;
+
+ memset(rsp, 0, sizeof(rsp));
+
+ ret = parse_rr(buf, ptr, buf + buflen, rsp, &rsp_len,
+ type, class, ttl, &rdlen, &next, name,
+ sizeof(name) - 1);
+ if (ret != 0) {
+ err = ret;
+ goto out;
+ }
+
+ /*
+ * Now rsp contains compressed or uncompressed resource
+ * record. Next we check if this record answers the question.
+ * The name var contains the uncompressed label.
+ * One tricky bit is the CNAME records as they alias
+ * the name we might be interested in.
+ */
+
+ /*
+ * Go to next answer if the class is not the one we are
+ * looking for.
+ */
+ if (*class != qclass) {
+ ptr = next;
+ next = NULL;
+ continue;
+ }
+
+ /*
+ * Try to resolve aliases also, type is CNAME(5).
+ * This is important as otherwise the aliased names would not
+ * be cached at all as the cache would not contain the aliased
+ * question.
+ *
+ * If any CNAME is found in DNS packet, then we cache the alias
+ * IP address instead of the question (as the server
+ * said that question has only an alias).
+ * This means in practice that if e.g., ipv6.google.com is
+ * queried, DNS server returns CNAME of that name which is
+ * ipv6.l.google.com. We then cache the address of the CNAME
+ * but return the question name to client. So the alias
+ * status of the name is not saved in cache and thus not
+ * returned to the client. We do not return DNS packets from
+ * cache to client saying that ipv6.google.com is an alias to
+ * ipv6.l.google.com but we return instead a DNS packet that
+ * says ipv6.google.com has address xxx which is in fact the
+ * address of ipv6.l.google.com. For caching purposes this
+ * should not cause any issues.
+ */
+ if (*type == 5 && strncmp(question, name, qlen) == 0) {
+ /*
+ * So now the alias answered the question. This is
+ * not very useful from caching point of view as
+ * the following A or AAAA records will not match the
+ * question. We need to find the real A/AAAA record
+ * of the alias and cache that.
+ */
+ unsigned char *end = NULL;
+ int name_len = 0, output_len = 0;
+
+ memset(rsp, 0, sizeof(rsp));
+ rsp_len = sizeof(rsp) - 1;
+
+ /*
+ * Alias is in rdata part of the message,
+ * and next-rdlen points to it. So we need to get
+ * the real name of the alias.
+ */
+ ret = get_name(0, buf, next - rdlen, buf + buflen,
+ rsp, rsp_len, &output_len, &end,
+ name, sizeof(name) - 1, &name_len);
+ if (ret != 0) {
+ /* just ignore the error at this point */
+ ptr = next;
+ next = NULL;
+ continue;
+ }
+
+ /*
+ * We should now have the alias of the entry we might
+ * want to cache. Just remember it for a while.
+ * We check the alias list when we have parsed the
+ * A or AAAA record.
+ */
+ aliases = g_slist_prepend(aliases, g_strdup(name));
+
+ ptr = next;
+ next = NULL;
+ continue;
+ }
+
+ if (*type == qtype) {
+ /*
+ * We found correct type (A or AAAA)
+ */
+ if (check_alias(aliases, name) ||
+ (!aliases && strncmp(question, name,
+ qlen) == 0)) {
+ /*
+ * We found an alias or the name of the rr
+ * matches the question. If so, we append
+ * the compressed label to the cache.
+ * The end result is a response buffer that
+ * will contain one or more cached and
+ * compressed resource records.
+ */
+ if (*response_len + rsp_len > maxlen) {
+ err = -ENOBUFS;
+ goto out;
+ }
+ memcpy(response + *response_len, rsp, rsp_len);
+ *response_len += rsp_len;
+ (*answers)++;
+ err = 0;
+ }
+ }
+
+ ptr = next;
+ next = NULL;
+ }
+
+out:
+ for (list = aliases; list; list = list->next)
+ g_free(list->data);
+ g_slist_free(aliases);
+
+ return err;
+}
+
+struct cache_timeout {
+ time_t current_time;
+ int max_timeout;
+ int try_harder;
+};
+
+static gboolean cache_check_entry(gpointer key, gpointer value,
+ gpointer user_data)
+{
+ struct cache_timeout *data = user_data;
+ struct cache_entry *entry = value;
+ int max_timeout;
+
+ /* Scale the number of hits by half as part of cache aging */
+
+ entry->hits /= 2;
+
+ /*
+ * If either IPv4 or IPv6 cached entry has expired, we
+ * remove both from the cache.
+ */
+
+ if (entry->ipv4 && entry->ipv4->timeout > 0) {
+ max_timeout = entry->ipv4->cache_until;
+ if (max_timeout > data->max_timeout)
+ data->max_timeout = max_timeout;
+
+ if (entry->ipv4->cache_until < data->current_time)
+ return TRUE;
+ }
+
+ if (entry->ipv6 && entry->ipv6->timeout > 0) {
+ max_timeout = entry->ipv6->cache_until;
+ if (max_timeout > data->max_timeout)
+ data->max_timeout = max_timeout;
+
+ if (entry->ipv6->cache_until < data->current_time)
+ return TRUE;
+ }
+
+ /*
+ * if we're asked to try harder, also remove entries that have
+ * few hits
+ */
+ if (data->try_harder && entry->hits < 4)
+ return TRUE;
+
+ return FALSE;
+}
+
+static void cache_cleanup(void)
+{
+ static int max_timeout;
+ struct cache_timeout data;
+ int count = 0;
+
+ data.current_time = time(NULL);
+ data.max_timeout = 0;
+ data.try_harder = 0;
+
+ /*
+ * In the first pass, we only remove entries that have timed out.
+ * We use a cache of the first time to expire to do this only
+ * when it makes sense.
+ */
+ if (max_timeout <= data.current_time) {
+ count = g_hash_table_foreach_remove(cache, cache_check_entry,
+ &data);
+ }
+ debug("removed %d in the first pass", count);
+
+ /*
+ * In the second pass, if the first pass turned up blank,
+ * we also expire entries with a low hit count,
+ * while aging the hit count at the same time.
+ */
+ data.try_harder = 1;
+ if (count == 0)
+ count = g_hash_table_foreach_remove(cache, cache_check_entry,
+ &data);
+
+ if (count == 0)
+ /*
+ * If we could not remove anything, then remember
+ * what is the max timeout and do nothing if we
+ * have not yet reached it. This will prevent
+ * constant traversal of the cache if it is full.
+ */
+ max_timeout = data.max_timeout;
+ else
+ max_timeout = 0;
+}
+
+static gboolean cache_invalidate_entry(gpointer key, gpointer value,
+ gpointer user_data)
+{
+ struct cache_entry *entry = value;
+
+ /* first, delete any expired elements */
+ cache_enforce_validity(entry);
+
+ /* if anything is not expired, mark the entry for refresh */
+ if (entry->hits > 0 && (entry->ipv4 || entry->ipv6))
+ entry->want_refresh = true;
+
+ /* delete the cached data */
+ if (entry->ipv4) {
+ g_free(entry->ipv4->data);
+ g_free(entry->ipv4);
+ entry->ipv4 = NULL;
+ }
+
+ if (entry->ipv6) {
+ g_free(entry->ipv6->data);
+ g_free(entry->ipv6);
+ entry->ipv6 = NULL;
+ }
+
+ /* keep the entry if we want it refreshed, delete it otherwise */
+ if (entry->want_refresh)
+ return FALSE;
+ else
+ return TRUE;
+}
+
+/*
+ * cache_invalidate is called from places where the DNS landscape
+ * has changed, say because connections are added or we entered a VPN.
+ * The logic is to wipe all cache data, but mark all non-expired
+ * parts of the cache for refresh rather than deleting the whole cache.
+ */
+static void cache_invalidate(void)
+{
+ debug("Invalidating the DNS cache %p", cache);
+
+ if (!cache)
+ return;
+
+ g_hash_table_foreach_remove(cache, cache_invalidate_entry, NULL);
+}
+
+static void cache_refresh_entry(struct cache_entry *entry)
+{
+
+ cache_enforce_validity(entry);
+
+ if (entry->hits > 2 && !entry->ipv4)
+ entry->want_refresh = true;
+ if (entry->hits > 2 && !entry->ipv6)
+ entry->want_refresh = true;
+
+ if (entry->want_refresh) {
+ char *c;
+ char dns_name[NS_MAXDNAME + 1];
+ entry->want_refresh = false;
+
+ /* turn a DNS name into a hostname with dots */
+ strncpy(dns_name, entry->key, NS_MAXDNAME);
+ c = dns_name;
+ while (c && *c) {
+ int jump;
+ jump = *c;
+ *c = '.';
+ c += jump + 1;
+ }
+ debug("Refreshing %s\n", dns_name);
+ /* then refresh the hostname */
+ refresh_dns_entry(entry, &dns_name[1]);
+ }
+}
+
+static void cache_refresh_iterator(gpointer key, gpointer value,
+ gpointer user_data)
+{
+ struct cache_entry *entry = value;
+
+ cache_refresh_entry(entry);
+}
+
+static void cache_refresh(void)
+{
+ if (!cache)
+ return;
+
+ g_hash_table_foreach(cache, cache_refresh_iterator, NULL);
+}
+
+static int reply_query_type(unsigned char *msg, int len)
+{
+ unsigned char *c;
+ int l;
+ int type;
+
+ /* skip the header */
+ c = msg + sizeof(struct domain_hdr);
+ len -= sizeof(struct domain_hdr);
+
+ if (len < 0)
+ return 0;
+
+ /* now the query, which is a name and 2 16 bit words */
+ l = dns_name_length(c);
+ c += l;
+ type = c[0] << 8 | c[1];
+
+ return type;
+}
+
+static int cache_update(struct server_data *srv, unsigned char *msg,
+ unsigned int msg_len)
+{
+ int offset = protocol_offset(srv->protocol);
+ int err, qlen, ttl = 0;
+ uint16_t answers = 0, type = 0, class = 0;
+ struct domain_hdr *hdr = (void *)(msg + offset);
+ struct domain_question *q;
+ struct cache_entry *entry;
+ struct cache_data *data;
+ char question[NS_MAXDNAME + 1];
+ unsigned char response[NS_MAXDNAME + 1];
+ unsigned char *ptr;
+ unsigned int rsplen;
+ bool new_entry = true;
+ time_t current_time;
+
+ if (cache_size >= MAX_CACHE_SIZE) {
+ cache_cleanup();
+ if (cache_size >= MAX_CACHE_SIZE)
+ return 0;
+ }
+
+ current_time = time(NULL);
+
+ /* don't do a cache refresh more than twice a minute */
+ if (next_refresh < current_time) {
+ cache_refresh();
+ next_refresh = current_time + 30;
+ }
+
+ if (offset < 0)
+ return 0;
+
+ debug("offset %d hdr %p msg %p rcode %d", offset, hdr, msg, hdr->rcode);
+
+ /* Continue only if response code is 0 (=ok) */
+ if (hdr->rcode != ns_r_noerror)
+ return 0;
+
+ if (!cache)
+ create_cache();
+
+ rsplen = sizeof(response) - 1;
+ question[sizeof(question) - 1] = '\0';
+
+ err = parse_response(msg + offset, msg_len - offset,
+ question, sizeof(question) - 1,
+ &type, &class, &ttl,
+ response, &rsplen, &answers);
+
+ /*
+ * special case: if we do a ipv6 lookup and get no result
+ * for a record that's already in our ipv4 cache.. we want
+ * to cache the negative response.
+ */
+ if ((err == -ENOMSG || err == -ENOBUFS) &&
+ reply_query_type(msg + offset,
+ msg_len - offset) == 28) {
+ entry = g_hash_table_lookup(cache, question);
+ if (entry && entry->ipv4 && !entry->ipv6) {
+ int cache_offset = 0;
+
+ data = g_try_new(struct cache_data, 1);
+ if (!data)
+ return -ENOMEM;
+ data->inserted = entry->ipv4->inserted;
+ data->type = type;
+ data->answers = ntohs(hdr->ancount);
+ data->timeout = entry->ipv4->timeout;
+ if (srv->protocol == IPPROTO_UDP)
+ cache_offset = 2;
+ data->data_len = msg_len + cache_offset;
+ data->data = ptr = g_malloc(data->data_len);
+ ptr[0] = (data->data_len - 2) / 256;
+ ptr[1] = (data->data_len - 2) - ptr[0] * 256;
+ if (srv->protocol == IPPROTO_UDP)
+ ptr += 2;
+ data->valid_until = entry->ipv4->valid_until;
+ data->cache_until = entry->ipv4->cache_until;
+ memcpy(ptr, msg, msg_len);
+ entry->ipv6 = data;
+ /*
+ * we will get a "hit" when we serve the response
+ * out of the cache
+ */
+ entry->hits--;
+ if (entry->hits < 0)
+ entry->hits = 0;
+ return 0;
+ }
+ }
+
+ if (err < 0 || ttl == 0)
+ return 0;
+
+ qlen = strlen(question);
+
+ /*
+ * If the cache contains already data, check if the
+ * type of the cached data is the same and do not add
+ * to cache if data is already there.
+ * This is needed so that we can cache both A and AAAA
+ * records for the same name.
+ */
+ entry = g_hash_table_lookup(cache, question);
+ if (!entry) {
+ entry = g_try_new(struct cache_entry, 1);
+ if (!entry)
+ return -ENOMEM;
+
+ data = g_try_new(struct cache_data, 1);
+ if (!data) {
+ g_free(entry);
+ return -ENOMEM;
+ }
+
+ entry->key = g_strdup(question);
+ entry->ipv4 = entry->ipv6 = NULL;
+ entry->want_refresh = false;
+ entry->hits = 0;
+
+ if (type == 1)
+ entry->ipv4 = data;
+ else
+ entry->ipv6 = data;
+ } else {
+ if (type == 1 && entry->ipv4)
+ return 0;
+
+ if (type == 28 && entry->ipv6)
+ return 0;
+
+ data = g_try_new(struct cache_data, 1);
+ if (!data)
+ return -ENOMEM;
+
+ if (type == 1)
+ entry->ipv4 = data;
+ else
+ entry->ipv6 = data;
+
+ /*
+ * compensate for the hit we'll get for serving
+ * the response out of the cache
+ */
+ entry->hits--;
+ if (entry->hits < 0)
+ entry->hits = 0;
+
+ new_entry = false;
+ }
+
+ if (ttl < MIN_CACHE_TTL)
+ ttl = MIN_CACHE_TTL;
+
+ data->inserted = current_time;
+ data->type = type;
+ data->answers = answers;
+ data->timeout = ttl;
+ /*
+ * The "2" in start of the length is the TCP offset. We allocate it
+ * here even for UDP packet because it simplifies the sending
+ * of cached packet.
+ */
+ data->data_len = 2 + 12 + qlen + 1 + 2 + 2 + rsplen;
+ data->data = ptr = g_malloc(data->data_len);
+ data->valid_until = current_time + ttl;
+
+ /*
+ * Restrict the cached DNS record TTL to some sane value
+ * in order to prevent data staying in the cache too long.
+ */
+ if (ttl > MAX_CACHE_TTL)
+ ttl = MAX_CACHE_TTL;
+
+ data->cache_until = round_down_ttl(current_time + ttl, ttl);
+
+ if (!data->data) {
+ g_free(entry->key);
+ g_free(data);
+ g_free(entry);
+ return -ENOMEM;
+ }
+
+ /*
+ * We cache the two extra bytes at the start of the message
+ * in a TCP packet. When sending UDP packet, we skip the first
+ * two bytes. This way we do not need to know the format
+ * (UDP/TCP) of the cached message.
+ */
+ if (srv->protocol == IPPROTO_UDP)
+ memcpy(ptr + 2, msg, offset + 12);
+ else
+ memcpy(ptr, msg, offset + 12);
+
+ ptr[0] = (data->data_len - 2) / 256;
+ ptr[1] = (data->data_len - 2) - ptr[0] * 256;
+ if (srv->protocol == IPPROTO_UDP)
+ ptr += 2;
+
+ memcpy(ptr + offset + 12, question, qlen + 1); /* copy also the \0 */
+
+ q = (void *) (ptr + offset + 12 + qlen + 1);
+ q->type = htons(type);
+ q->class = htons(class);
+ memcpy(ptr + offset + 12 + qlen + 1 + sizeof(struct domain_question),
+ response, rsplen);
+
+ if (new_entry) {
+ g_hash_table_replace(cache, entry->key, entry);
+ cache_size++;
+ }
+
+ debug("cache %d %squestion \"%s\" type %d ttl %d size %zd packet %u "
+ "dns len %u",
+ cache_size, new_entry ? "new " : "old ",
+ question, type, ttl,
+ sizeof(*entry) + sizeof(*data) + data->data_len + qlen,
+ data->data_len,
+ srv->protocol == IPPROTO_TCP ?
+ (unsigned int)(data->data[0] * 256 + data->data[1]) :
+ data->data_len);
+
+ return 0;
+}
+
+static int ns_resolv(struct server_data *server, struct request_data *req,
+ gpointer request, gpointer name)
+{
+ GList *list;
+ int sk, err, type = 0;
+ char *dot, *lookup = (char *) name;
+ struct cache_entry *entry;
+
+ entry = cache_check(request, &type, req->protocol);
+ if (entry) {
+ int ttl_left = 0;
+ struct cache_data *data;
+
+ debug("cache hit %s type %s", lookup, type == 1 ? "A" : "AAAA");
+ if (type == 1)
+ data = entry->ipv4;
+ else
+ data = entry->ipv6;
+
+ if (data) {
+ ttl_left = data->valid_until - time(NULL);
+ entry->hits++;
+ }
+
+ if (data && req->protocol == IPPROTO_TCP) {
+ send_cached_response(req->client_sk, data->data,
+ data->data_len, NULL, 0, IPPROTO_TCP,
+ req->srcid, data->answers, ttl_left);
+ return 1;
+ }
+
+ if (data && req->protocol == IPPROTO_UDP) {
+ int udp_sk = get_req_udp_socket(req);
+
+ if (udp_sk < 0)
+ return -EIO;
+
+ send_cached_response(udp_sk, data->data,
+ data->data_len, &req->sa, req->sa_len,
+ IPPROTO_UDP, req->srcid, data->answers,
+ ttl_left);
+ return 1;
+ }
+ }
+
+#if defined TIZEN_EXT
+ if (server->protocol == IPPROTO_UDP) {
+ GList *domains;
+ struct server_data *new_server = NULL;
+
+ new_server = create_server_sec(server->index, NULL,
+ server->server, IPPROTO_UDP);
+
+ if (new_server != NULL) {
+ for (domains = server->domains; domains;
+ domains = domains->next) {
+ char *dom = domains->data;
+
+ DBG("Adding domain %s to %s",
+ dom, new_server->server);
+
+ new_server->domains = g_list_append(
+ new_server->domains,
+ g_strdup(dom));
+ }
+
+ server = new_server;
+ }
+ }
+#endif
+ sk = g_io_channel_unix_get_fd(server->channel);
+
+ err = sendto(sk, request, req->request_len, MSG_NOSIGNAL,
+ server->server_addr, server->server_addr_len);
+ if (err < 0) {
+ debug("Cannot send message to server %s sock %d "
+ "protocol %d (%s/%d)",
+ server->server, sk, server->protocol,
+ strerror(errno), errno);
+ return -EIO;
+ }
+
+ req->numserv++;
+
+ /* If we have more than one dot, we don't add domains */
+ dot = strchr(lookup, '.');
+ if (dot && dot != lookup + strlen(lookup) - 1)
+ return 0;
+
+ if (server->domains && server->domains->data)
+ req->append_domain = true;
+
+ for (list = server->domains; list; list = list->next) {
+ char *domain;
+ unsigned char alt[1024];
+ struct domain_hdr *hdr = (void *) &alt;
+ int altlen, domlen, offset;
+
+ domain = list->data;
+
+ if (!domain)
+ continue;
+
+ offset = protocol_offset(server->protocol);
+ if (offset < 0)
+ return offset;
+
+ domlen = strlen(domain) + 1;
+ if (domlen < 5)
+ return -EINVAL;
+
+ alt[offset] = req->altid & 0xff;
+ alt[offset + 1] = req->altid >> 8;
+
+ memcpy(alt + offset + 2, request + offset + 2, 10);
+ hdr->qdcount = htons(1);
+
+ altlen = append_query(alt + offset + 12, sizeof(alt) - 12,
+ name, domain);
+ if (altlen < 0)
+ return -EINVAL;
+
+ altlen += 12;
+
+ memcpy(alt + offset + altlen,
+ request + offset + altlen - domlen,
+ req->request_len - altlen - offset + domlen);
+
+ if (server->protocol == IPPROTO_TCP) {
+ int req_len = req->request_len + domlen - 2;
+
+ alt[0] = (req_len >> 8) & 0xff;
+ alt[1] = req_len & 0xff;
+ }
+
+ debug("req %p dstid 0x%04x altid 0x%04x", req, req->dstid,
+ req->altid);
+
+ err = send(sk, alt, req->request_len + domlen, MSG_NOSIGNAL);
+ if (err < 0)
+ return -EIO;
+
+ req->numserv++;
+ }
+
+ return 0;
+}
+
+static char *convert_label(char *start, char *end, char *ptr, char *uptr,
+ int remaining_len, int *used_comp, int *used_uncomp)
+{
+ int pos, comp_pos;
+ char name[NS_MAXLABEL];
+
+ pos = dn_expand((u_char *)start, (u_char *)end, (u_char *)ptr,
+ name, NS_MAXLABEL);
+ if (pos < 0) {
+ debug("uncompress error [%d/%s]", errno, strerror(errno));
+ goto out;
+ }
+
+ /*
+ * We need to compress back the name so that we get back to internal
+ * label presentation.
+ */
+ comp_pos = dn_comp(name, (u_char *)uptr, remaining_len, NULL, NULL);
+ if (comp_pos < 0) {
+ debug("compress error [%d/%s]", errno, strerror(errno));
+ goto out;
+ }
+
+ *used_comp = pos;
+ *used_uncomp = comp_pos;
+
+ return ptr;
+
+out:
+ return NULL;
+}
+
+static char *uncompress(int16_t field_count, char *start, char *end,
+ char *ptr, char *uncompressed, int uncomp_len,
+ char **uncompressed_ptr)
+{
+ char *uptr = *uncompressed_ptr; /* position in result buffer */
+
+ debug("count %d ptr %p end %p uptr %p", field_count, ptr, end, uptr);
+
+ while (field_count-- > 0 && ptr < end) {
+ int dlen; /* data field length */
+ int ulen; /* uncompress length */
+ int pos; /* position in compressed string */
+ char name[NS_MAXLABEL]; /* tmp label */
+ uint16_t dns_type, dns_class;
+ int comp_pos;
+
+ if (!convert_label(start, end, ptr, name, NS_MAXLABEL,
+ &pos, &comp_pos))
+ goto out;
+
+ /*
+ * Copy the uncompressed resource record, type, class and \0 to
+ * tmp buffer.
+ */
+
+ ulen = strlen(name);
+ strncpy(uptr, name, uncomp_len - (uptr - uncompressed));
+
+ debug("pos %d ulen %d left %d name %s", pos, ulen,
+ (int)(uncomp_len - (uptr - uncompressed)), uptr);
+
+ uptr += ulen;
+ *uptr++ = '\0';
+
+ ptr += pos;
+
+ /*
+ * We copy also the fixed portion of the result (type, class,
+ * ttl, address length and the address)
+ */
+ memcpy(uptr, ptr, NS_RRFIXEDSZ);
+
+ dns_type = uptr[0] << 8 | uptr[1];
+ dns_class = uptr[2] << 8 | uptr[3];
+
+ if (dns_class != ns_c_in)
+ goto out;
+
+ ptr += NS_RRFIXEDSZ;
+ uptr += NS_RRFIXEDSZ;
+
+ /*
+ * Then the variable portion of the result (data length).
+ * Typically this portion is also compressed
+ * so we need to uncompress it also when necessary.
+ */
+ if (dns_type == ns_t_cname) {
+ if (!convert_label(start, end, ptr, uptr,
+ uncomp_len - (uptr - uncompressed),
+ &pos, &comp_pos))
+ goto out;
+
+ uptr[-2] = comp_pos << 8;
+ uptr[-1] = comp_pos & 0xff;
+
+ uptr += comp_pos;
+ ptr += pos;
+
+ } else if (dns_type == ns_t_a || dns_type == ns_t_aaaa) {
+ dlen = uptr[-2] << 8 | uptr[-1];
+
+ if (ptr + dlen > end) {
+ debug("data len %d too long", dlen);
+ goto out;
+ }
+
+ memcpy(uptr, ptr, dlen);
+ uptr += dlen;
+ ptr += dlen;
+
+ } else if (dns_type == ns_t_soa) {
+ int total_len = 0;
+ char *len_ptr;
+
+ /* Primary name server expansion */
+ if (!convert_label(start, end, ptr, uptr,
+ uncomp_len - (uptr - uncompressed),
+ &pos, &comp_pos))
+ goto out;
+
+ total_len += comp_pos;
+ len_ptr = &uptr[-2];
+ ptr += pos;
+ uptr += comp_pos;
+
+ /* Responsible authority's mailbox */
+ if (!convert_label(start, end, ptr, uptr,
+ uncomp_len - (uptr - uncompressed),
+ &pos, &comp_pos))
+ goto out;
+
+ total_len += comp_pos;
+ ptr += pos;
+ uptr += comp_pos;
+
+ /*
+ * Copy rest of the soa fields (serial number,
+ * refresh interval, retry interval, expiration
+ * limit and minimum ttl). They are 20 bytes long.
+ */
+ memcpy(uptr, ptr, 20);
+ uptr += 20;
+ ptr += 20;
+ total_len += 20;
+
+ /*
+ * Finally fix the length of the data part
+ */
+ len_ptr[0] = total_len << 8;
+ len_ptr[1] = total_len & 0xff;
+ }
+
+ *uncompressed_ptr = uptr;
+ }
+
+ return ptr;
+
+out:
+ return NULL;
+}
+
+static int strip_domains(char *name, char *answers, int maxlen)
+{
+ uint16_t data_len;
+ int name_len = strlen(name);
+ char *ptr, *start = answers, *end = answers + maxlen;
+
+ while (maxlen > 0) {
+ ptr = strstr(answers, name);
+ if (ptr) {
+ char *domain = ptr + name_len;
+
+ if (*domain) {
+ int domain_len = strlen(domain);
+
+ memmove(answers + name_len,
+ domain + domain_len,
+ end - (domain + domain_len));
+
+ end -= domain_len;
+ maxlen -= domain_len;
+ }
+ }
+
+ answers += strlen(answers) + 1;
+ answers += 2 + 2 + 4; /* skip type, class and ttl fields */
+
+ data_len = answers[0] << 8 | answers[1];
+ answers += 2; /* skip the length field */
+
+ if (answers + data_len > end)
+ return -EINVAL;
+
+ answers += data_len;
+ maxlen -= answers - ptr;
+ }
+
+ return end - start;
+}
+
+static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol,
+ struct server_data *data)
+{
+ struct domain_hdr *hdr;
+ struct request_data *req;
+ int dns_id, sk, err, offset = protocol_offset(protocol);
+
+ if (offset < 0)
+ return offset;
+
+ hdr = (void *)(reply + offset);
+ dns_id = reply[offset] | reply[offset + 1] << 8;
+
+ debug("Received %d bytes (id 0x%04x)", reply_len, dns_id);
+
+ req = find_request(dns_id);
+ if (!req)
+ return -EINVAL;
+
+ debug("req %p dstid 0x%04x altid 0x%04x rcode %d",
+ req, req->dstid, req->altid, hdr->rcode);
+
+ reply[offset] = req->srcid & 0xff;
+ reply[offset + 1] = req->srcid >> 8;
+
+ req->numresp++;
+
+ if (hdr->rcode == ns_r_noerror || !req->resp) {
+ unsigned char *new_reply = NULL;
+
+ /*
+ * If the domain name was append
+ * remove it before forwarding the reply.
+ * If there were more than one question, then this
+ * domain name ripping can be hairy so avoid that
+ * and bail out in that that case.
+ *
+ * The reason we are doing this magic is that if the
+ * user's DNS client tries to resolv hostname without
+ * domain part, it also expects to get the result without
+ * a domain name part.
+ */
+ if (req->append_domain && ntohs(hdr->qdcount) == 1) {
+ uint16_t domain_len = 0;
+ uint16_t header_len;
+ uint16_t dns_type, dns_class;
+ uint8_t host_len, dns_type_pos;
+ char uncompressed[NS_MAXDNAME], *uptr;
+ char *ptr, *eom = (char *)reply + reply_len;
+
+ /*
+ * ptr points to the first char of the hostname.
+ * ->hostname.domain.net
+ */
+ header_len = offset + sizeof(struct domain_hdr);
+ ptr = (char *)reply + header_len;
+
+ host_len = *ptr;
+ if (host_len > 0)
+ domain_len = strnlen(ptr + 1 + host_len,
+ reply_len - header_len);
+
+ /*
+ * If the query type is anything other than A or AAAA,
+ * then bail out and pass the message as is.
+ * We only want to deal with IPv4 or IPv6 addresses.