2 * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2001, 2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: xfrin.c,v 1.124.2.5 2004/03/09 06:11:11 marka Exp $ */
23 #include <isc/print.h>
24 #include <isc/random.h>
25 #include <isc/string.h> /* Required for HP/UX (and others?) */
27 #include <isc/timer.h>
32 #include <dns/events.h>
33 #include <dns/journal.h>
35 #include <dns/message.h>
36 #include <dns/rdataclass.h>
37 #include <dns/rdatalist.h>
38 #include <dns/rdataset.h>
39 #include <dns/result.h>
41 #include <dns/tcpmsg.h>
42 #include <dns/timer.h>
45 #include <dns/xfrin.h>
51 * Incoming AXFR and IXFR.
55 * It would be non-sensical (or at least obtuse) to use FAIL() with an
56 * ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler
57 * from complaining about "end-of-loop code not reached".
60 do { result = (code); \
61 if (result != ISC_R_SUCCESS) goto failure; \
66 if (result != ISC_R_SUCCESS) goto failure; \
70 * The states of the *XFR state machine. We handle both IXFR and AXFR
71 * with a single integrated state machine because they cannot be distinguished
72 * immediately - an AXFR response to an IXFR request can only be detected
73 * when the first two (2) response RRs have already been received.
89 * Incoming zone transfer context.
92 struct dns_xfrin_ctx {
101 isc_socketmgr_t *socketmgr;
103 int connects; /* Connect in progress */
104 int sends; /* Send in progress */
105 int recvs; /* Receive in progress */
106 isc_boolean_t shuttingdown;
108 dns_name_t name; /* Name of zone to transfer */
109 dns_rdataclass_t rdclass;
111 isc_boolean_t checkid;
115 * Requested transfer type (dns_rdatatype_axfr or
116 * dns_rdatatype_ixfr). The actual transfer type
117 * may differ due to IXFR->AXFR fallback.
119 dns_rdatatype_t reqtype;
121 isc_sockaddr_t masteraddr;
122 isc_sockaddr_t sourceaddr;
123 isc_socket_t *socket;
125 /* Buffer for IXFR/AXFR request message */
126 isc_buffer_t qbuffer;
127 unsigned char qbuffer_data[512];
129 /* Incoming reply TCP message */
131 isc_boolean_t tcpmsg_valid;
134 dns_dbversion_t *ver;
135 dns_diff_t diff; /* Pending database changes */
136 int difflen; /* Number of pending tuples */
139 isc_uint32_t end_serial;
140 isc_boolean_t is_ixfr;
142 unsigned int nmsg; /* Number of messages recvd */
144 dns_tsigkey_t *tsigkey; /* Key used to create TSIG */
145 isc_buffer_t *lasttsig; /* The last TSIG */
146 dst_context_t *tsigctx; /* TSIG verification context */
147 unsigned int sincetsig; /* recvd since the last TSIG */
148 dns_xfrindone_t done;
151 * AXFR- and IXFR-specific data. Only one is used at a time
152 * according to the is_ixfr flag, so this could be a union,
153 * but keeping them separate makes it a bit simpler to clean
154 * things up when destroying the context.
157 dns_addrdatasetfunc_t add_func;
158 dns_dbload_t *add_private;
162 isc_uint32_t request_serial;
163 isc_uint32_t end_serial;
164 dns_journal_t *journal;
169 #define XFRIN_MAGIC ISC_MAGIC('X', 'f', 'r', 'I')
170 #define VALID_XFRIN(x) ISC_MAGIC_VALID(x, XFRIN_MAGIC)
172 /**************************************************************************/
174 * Forward declarations.
178 xfrin_create(isc_mem_t *mctx,
182 isc_timermgr_t *timermgr,
183 isc_socketmgr_t *socketmgr,
184 dns_name_t *zonename,
185 dns_rdataclass_t rdclass,
186 dns_rdatatype_t reqtype,
187 isc_sockaddr_t *masteraddr,
188 dns_tsigkey_t *tsigkey,
189 dns_xfrin_ctx_t **xfrp);
191 static isc_result_t axfr_init(dns_xfrin_ctx_t *xfr);
192 static isc_result_t axfr_makedb(dns_xfrin_ctx_t *xfr, dns_db_t **dbp);
193 static isc_result_t axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
194 dns_name_t *name, dns_ttl_t ttl,
196 static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr);
197 static isc_result_t axfr_commit(dns_xfrin_ctx_t *xfr);
199 static isc_result_t ixfr_init(dns_xfrin_ctx_t *xfr);
200 static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr);
201 static isc_result_t ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
202 dns_name_t *name, dns_ttl_t ttl,
204 static isc_result_t ixfr_commit(dns_xfrin_ctx_t *xfr);
206 static isc_result_t xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name,
207 isc_uint32_t ttl, dns_rdata_t *rdata);
209 static isc_result_t xfrin_start(dns_xfrin_ctx_t *xfr);
211 static void xfrin_connect_done(isc_task_t *task, isc_event_t *event);
212 static isc_result_t xfrin_send_request(dns_xfrin_ctx_t *xfr);
213 static void xfrin_send_done(isc_task_t *task, isc_event_t *event);
214 static void xfrin_sendlen_done(isc_task_t *task, isc_event_t *event);
215 static void xfrin_recv_done(isc_task_t *task, isc_event_t *event);
216 static void xfrin_timeout(isc_task_t *task, isc_event_t *event);
218 static void maybe_free(dns_xfrin_ctx_t *xfr);
221 xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, const char *msg);
223 render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf);
226 xfrin_logv(int level, dns_name_t *zonename, dns_rdataclass_t rdclass,
227 isc_sockaddr_t *masteraddr, const char *fmt, va_list ap)
228 ISC_FORMAT_PRINTF(5, 0);
231 xfrin_log1(int level, dns_name_t *zonename, dns_rdataclass_t rdclass,
232 isc_sockaddr_t *masteraddr, const char *fmt, ...)
233 ISC_FORMAT_PRINTF(5, 6);
236 xfrin_log(dns_xfrin_ctx_t *xfr, unsigned int level, const char *fmt, ...)
237 ISC_FORMAT_PRINTF(3, 4);
239 /**************************************************************************/
245 axfr_init(dns_xfrin_ctx_t *xfr) {
248 xfr->is_ixfr = ISC_FALSE;
251 dns_db_detach(&xfr->db);
253 CHECK(axfr_makedb(xfr, &xfr->db));
254 CHECK(dns_db_beginload(xfr->db, &xfr->axfr.add_func,
255 &xfr->axfr.add_private));
256 result = ISC_R_SUCCESS;
262 axfr_makedb(dns_xfrin_ctx_t *xfr, dns_db_t **dbp) {
263 return (dns_db_create(xfr->mctx, /* XXX */
264 "rbt", /* XXX guess */
268 0, NULL, /* XXX guess */
273 axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
274 dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata)
278 dns_difftuple_t *tuple = NULL;
279 CHECK(dns_difftuple_create(xfr->diff.mctx, op,
280 name, ttl, rdata, &tuple));
281 dns_diff_append(&xfr->diff, &tuple);
282 if (++xfr->difflen > 100)
283 CHECK(axfr_apply(xfr));
284 result = ISC_R_SUCCESS;
290 * Store a set of AXFR RRs in the database.
293 axfr_apply(dns_xfrin_ctx_t *xfr) {
296 CHECK(dns_diff_load(&xfr->diff,
297 xfr->axfr.add_func, xfr->axfr.add_private));
299 dns_diff_clear(&xfr->diff);
300 result = ISC_R_SUCCESS;
306 axfr_commit(dns_xfrin_ctx_t *xfr) {
309 CHECK(axfr_apply(xfr));
310 CHECK(dns_db_endload(xfr->db, &xfr->axfr.add_private));
311 CHECK(dns_zone_replacedb(xfr->zone, xfr->db, ISC_TRUE));
313 result = ISC_R_SUCCESS;
318 /**************************************************************************/
324 ixfr_init(dns_xfrin_ctx_t *xfr) {
328 if (xfr->reqtype != dns_rdatatype_ixfr) {
329 xfrin_log(xfr, ISC_LOG_ERROR,
330 "got incremental response to AXFR request");
331 return (DNS_R_FORMERR);
334 xfr->is_ixfr = ISC_TRUE;
335 INSIST(xfr->db != NULL);
338 journalfile = dns_zone_getjournal(xfr->zone);
339 if (journalfile != NULL)
340 CHECK(dns_journal_open(xfr->mctx, journalfile,
341 ISC_TRUE, &xfr->ixfr.journal));
343 result = ISC_R_SUCCESS;
349 ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
350 dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata)
354 dns_difftuple_t *tuple = NULL;
355 CHECK(dns_difftuple_create(xfr->diff.mctx, op,
356 name, ttl, rdata, &tuple));
357 dns_diff_append(&xfr->diff, &tuple);
358 if (++xfr->difflen > 100)
359 CHECK(ixfr_apply(xfr));
360 result = ISC_R_SUCCESS;
366 * Apply a set of IXFR changes to the database.
369 ixfr_apply(dns_xfrin_ctx_t *xfr) {
372 if (xfr->ver == NULL) {
373 CHECK(dns_db_newversion(xfr->db, &xfr->ver));
374 if (xfr->ixfr.journal != NULL)
375 CHECK(dns_journal_begin_transaction(xfr->ixfr.journal));
377 CHECK(dns_diff_apply(&xfr->diff, xfr->db, xfr->ver));
378 if (xfr->ixfr.journal != NULL)
379 dns_journal_writediff(xfr->ixfr.journal, &xfr->diff);
380 dns_diff_clear(&xfr->diff);
382 result = ISC_R_SUCCESS;
388 ixfr_commit(dns_xfrin_ctx_t *xfr) {
391 CHECK(ixfr_apply(xfr));
392 if (xfr->ver != NULL) {
393 /* XXX enter ready-to-commit state here */
394 if (xfr->ixfr.journal != NULL)
395 CHECK(dns_journal_commit(xfr->ixfr.journal));
396 dns_db_closeversion(xfr->db, &xfr->ver, ISC_TRUE);
397 dns_zone_markdirty(xfr->zone);
399 result = ISC_R_SUCCESS;
404 /**************************************************************************/
406 * Common AXFR/IXFR protocol code
410 * Handle a single incoming resource record according to the current
414 xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl,
420 switch (xfr->state) {
422 if (rdata->type != dns_rdatatype_soa) {
423 xfrin_log(xfr, ISC_LOG_ERROR,
424 "non-SOA response to SOA query");
427 xfr->end_serial = dns_soa_getserial(rdata);
428 if (!DNS_SERIAL_GT(xfr->end_serial,
429 xfr->ixfr.request_serial) &&
430 !dns_zone_isforced(xfr->zone)) {
431 xfrin_log(xfr, ISC_LOG_DEBUG(3),
432 "requested serial %u, "
433 "master has %u, not updating",
434 xfr->ixfr.request_serial, xfr->end_serial);
435 FAIL(DNS_R_UPTODATE);
437 xfr->state = XFRST_GOTSOA;
442 * Skip other records in the answer section.
446 case XFRST_INITIALSOA:
447 if (rdata->type != dns_rdatatype_soa) {
448 xfrin_log(xfr, ISC_LOG_ERROR,
449 "first RR in zone transfer must be SOA");
453 * Remember the serial number in the intial SOA.
454 * We need it to recognize the end of an IXFR.
456 xfr->end_serial = dns_soa_getserial(rdata);
457 if (xfr->reqtype == dns_rdatatype_ixfr &&
458 ! DNS_SERIAL_GT(xfr->end_serial, xfr->ixfr.request_serial)
459 && !dns_zone_isforced(xfr->zone))
462 * This must be the single SOA record that is
463 * sent when the current version on the master
464 * is not newer than the version in the request.
466 xfrin_log(xfr, ISC_LOG_DEBUG(3),
467 "requested serial %u, "
468 "master has %u, not updating",
469 xfr->ixfr.request_serial, xfr->end_serial);
470 FAIL(DNS_R_UPTODATE);
472 if (xfr->reqtype == dns_rdatatype_axfr)
473 xfr->checkid = ISC_FALSE;
474 xfr->state = XFRST_FIRSTDATA;
477 case XFRST_FIRSTDATA:
479 * If the transfer begins with one SOA record, it is an AXFR,
480 * if it begins with two SOAs, it is an IXFR.
482 if (xfr->reqtype == dns_rdatatype_ixfr &&
483 rdata->type == dns_rdatatype_soa &&
484 xfr->ixfr.request_serial == dns_soa_getserial(rdata)) {
485 xfrin_log(xfr, ISC_LOG_DEBUG(3),
486 "got incremental response");
487 CHECK(ixfr_init(xfr));
488 xfr->state = XFRST_IXFR_DELSOA;
490 xfrin_log(xfr, ISC_LOG_DEBUG(3),
491 "got nonincremental response");
492 CHECK(axfr_init(xfr));
493 xfr->state = XFRST_AXFR;
497 case XFRST_IXFR_DELSOA:
498 INSIST(rdata->type == dns_rdatatype_soa);
499 CHECK(ixfr_putdata(xfr, DNS_DIFFOP_DEL, name, ttl, rdata));
500 xfr->state = XFRST_IXFR_DEL;
504 if (rdata->type == dns_rdatatype_soa) {
505 isc_uint32_t soa_serial = dns_soa_getserial(rdata);
506 xfr->state = XFRST_IXFR_ADDSOA;
507 xfr->ixfr.end_serial = soa_serial;
510 CHECK(ixfr_putdata(xfr, DNS_DIFFOP_DEL, name, ttl, rdata));
513 case XFRST_IXFR_ADDSOA:
514 INSIST(rdata->type == dns_rdatatype_soa);
515 CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
516 xfr->state = XFRST_IXFR_ADD;
520 if (rdata->type == dns_rdatatype_soa) {
521 isc_uint32_t soa_serial = dns_soa_getserial(rdata);
522 CHECK(ixfr_commit(xfr));
523 if (soa_serial == xfr->end_serial) {
524 xfr->state = XFRST_END;
527 xfr->state = XFRST_IXFR_DELSOA;
531 CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
536 * Old BINDs sent cross class A records for non IN classes.
538 if (rdata->type == dns_rdatatype_a &&
539 rdata->rdclass != xfr->rdclass &&
540 xfr->rdclass != dns_rdataclass_in)
542 CHECK(axfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
543 if (rdata->type == dns_rdatatype_soa) {
544 CHECK(axfr_commit(xfr));
545 xfr->state = XFRST_END;
550 FAIL(DNS_R_EXTRADATA);
555 result = ISC_R_SUCCESS;
561 dns_xfrin_create(dns_zone_t *zone, dns_rdatatype_t xfrtype,
562 isc_sockaddr_t *masteraddr, dns_tsigkey_t *tsigkey,
563 isc_mem_t *mctx, isc_timermgr_t *timermgr,
564 isc_socketmgr_t *socketmgr, isc_task_t *task,
565 dns_xfrindone_t done, dns_xfrin_ctx_t **xfrp)
567 dns_name_t *zonename = dns_zone_getorigin(zone);
568 dns_xfrin_ctx_t *xfr;
572 REQUIRE(xfrp != NULL && *xfrp == NULL);
574 (void)dns_zone_getdb(zone, &db);
576 CHECK(xfrin_create(mctx, zone, db, task, timermgr, socketmgr, zonename,
577 dns_zone_getclass(zone), xfrtype, masteraddr,
580 CHECK(xfrin_start(xfr));
589 if (result != ISC_R_SUCCESS)
590 xfrin_log1(ISC_LOG_ERROR, zonename, dns_zone_getclass(zone),
591 masteraddr, "zone transfer setup failed");
596 dns_xfrin_shutdown(dns_xfrin_ctx_t *xfr) {
597 if (! xfr->shuttingdown)
598 xfrin_fail(xfr, ISC_R_CANCELED, "shut down");
602 dns_xfrin_attach(dns_xfrin_ctx_t *source, dns_xfrin_ctx_t **target) {
603 REQUIRE(target != NULL && *target == NULL);
609 dns_xfrin_detach(dns_xfrin_ctx_t **xfrp) {
610 dns_xfrin_ctx_t *xfr = *xfrp;
611 INSIST(xfr->refcount > 0);
618 xfrin_cancelio(dns_xfrin_ctx_t *xfr) {
619 if (xfr->connects > 0) {
620 isc_socket_cancel(xfr->socket, xfr->task,
621 ISC_SOCKCANCEL_CONNECT);
622 } else if (xfr->recvs > 0) {
623 dns_tcpmsg_cancelread(&xfr->tcpmsg);
624 } else if (xfr->sends > 0) {
625 isc_socket_cancel(xfr->socket, xfr->task,
626 ISC_SOCKCANCEL_SEND);
631 xfrin_reset(dns_xfrin_ctx_t *xfr) {
632 REQUIRE(VALID_XFRIN(xfr));
634 xfrin_log(xfr, ISC_LOG_INFO, "resetting");
638 if (xfr->socket != NULL)
639 isc_socket_detach(&xfr->socket);
641 if (xfr->lasttsig != NULL)
642 isc_buffer_free(&xfr->lasttsig);
644 dns_diff_clear(&xfr->diff);
647 if (xfr->ixfr.journal != NULL)
648 dns_journal_destroy(&xfr->ixfr.journal);
650 if (xfr->axfr.add_private != NULL) {
651 (void)dns_db_endload(xfr->db, &xfr->axfr.add_private);
652 xfr->axfr.add_func = NULL;
655 if (xfr->tcpmsg_valid) {
656 dns_tcpmsg_invalidate(&xfr->tcpmsg);
657 xfr->tcpmsg_valid = ISC_FALSE;
660 if (xfr->ver != NULL)
661 dns_db_closeversion(xfr->db, &xfr->ver, ISC_FALSE);
666 xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, const char *msg) {
667 if (result != DNS_R_UPTODATE) {
668 xfrin_log(xfr, ISC_LOG_ERROR, "%s: %s",
669 msg, isc_result_totext(result));
671 /* Pass special result code to force AXFR retry */
672 result = DNS_R_BADIXFR;
675 if (xfr->done != NULL) {
676 (xfr->done)(xfr->zone, result);
679 xfr->shuttingdown = ISC_TRUE;
684 xfrin_create(isc_mem_t *mctx,
688 isc_timermgr_t *timermgr,
689 isc_socketmgr_t *socketmgr,
690 dns_name_t *zonename,
691 dns_rdataclass_t rdclass,
692 dns_rdatatype_t reqtype,
693 isc_sockaddr_t *masteraddr,
694 dns_tsigkey_t *tsigkey,
695 dns_xfrin_ctx_t **xfrp)
697 dns_xfrin_ctx_t *xfr = NULL;
701 xfr = isc_mem_get(mctx, sizeof(*xfr));
703 return (ISC_R_NOMEMORY);
707 dns_zone_iattach(zone, &xfr->zone);
709 isc_task_attach(task, &xfr->task);
711 xfr->socketmgr = socketmgr;
717 xfr->shuttingdown = ISC_FALSE;
719 dns_name_init(&xfr->name, NULL);
720 xfr->rdclass = rdclass;
721 isc_random_get(&tmp);
722 xfr->checkid = ISC_TRUE;
723 xfr->id = (isc_uint16_t)(tmp & 0xffff);
724 xfr->reqtype = reqtype;
731 xfr->tcpmsg_valid = ISC_FALSE;
735 dns_db_attach(db, &xfr->db);
737 dns_diff_init(xfr->mctx, &xfr->diff);
740 xfr->state = XFRST_INITIALSOA;
747 dns_tsigkey_attach(tsigkey, &xfr->tsigkey);
748 xfr->lasttsig = NULL;
751 xfr->is_ixfr = ISC_FALSE;
753 /* ixfr.request_serial */
754 /* ixfr.end_serial */
755 xfr->ixfr.journal = NULL;
757 xfr->axfr.add_func = NULL;
758 xfr->axfr.add_private = NULL;
760 CHECK(dns_name_dup(zonename, mctx, &xfr->name));
762 CHECK(isc_timer_create(timermgr, isc_timertype_inactive, NULL, NULL,
763 task, xfrin_timeout, xfr, &xfr->timer));
764 CHECK(dns_timer_setidle(xfr->timer,
765 dns_zone_getmaxxfrin(xfr->zone),
766 dns_zone_getidlein(xfr->zone),
769 xfr->masteraddr = *masteraddr;
771 switch (isc_sockaddr_pf(masteraddr)) {
773 xfr->sourceaddr = *dns_zone_getxfrsource4(zone);
776 xfr->sourceaddr = *dns_zone_getxfrsource6(zone);
781 isc_sockaddr_setport(&xfr->sourceaddr, 0);
783 isc_buffer_init(&xfr->qbuffer, xfr->qbuffer_data,
784 sizeof(xfr->qbuffer_data));
786 xfr->magic = XFRIN_MAGIC;
788 return (ISC_R_SUCCESS);
791 xfrin_fail(xfr, result, "failed creating transfer context");
796 xfrin_start(dns_xfrin_ctx_t *xfr) {
798 CHECK(isc_socket_create(xfr->socketmgr,
799 isc_sockaddr_pf(&xfr->sourceaddr),
802 CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr));
803 CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task,
804 xfrin_connect_done, xfr));
806 return (ISC_R_SUCCESS);
808 xfrin_fail(xfr, result, "failed setting up socket");
812 /* XXX the resolver could use this, too */
815 render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf) {
817 isc_boolean_t cleanup_cctx = ISC_FALSE;
820 CHECK(dns_compress_init(&cctx, -1, mctx));
821 cleanup_cctx = ISC_TRUE;
822 CHECK(dns_message_renderbegin(msg, &cctx, buf));
823 CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0));
824 CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0));
825 CHECK(dns_message_rendersection(msg, DNS_SECTION_AUTHORITY, 0));
826 CHECK(dns_message_rendersection(msg, DNS_SECTION_ADDITIONAL, 0));
827 CHECK(dns_message_renderend(msg));
828 result = ISC_R_SUCCESS;
831 dns_compress_invalidate(&cctx);
836 * A connection has been established.
839 xfrin_connect_done(isc_task_t *task, isc_event_t *event) {
840 isc_socket_connev_t *cev = (isc_socket_connev_t *) event;
841 dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
842 isc_result_t evresult = cev->result;
845 REQUIRE(VALID_XFRIN(xfr));
849 INSIST(event->ev_type == ISC_SOCKEVENT_CONNECT);
850 isc_event_free(&event);
853 if (xfr->shuttingdown) {
859 xfrin_log(xfr, ISC_LOG_DEBUG(3), "connected");
861 dns_tcpmsg_init(xfr->mctx, xfr->socket, &xfr->tcpmsg);
862 xfr->tcpmsg_valid = ISC_TRUE;
864 CHECK(xfrin_send_request(xfr));
866 if (result != ISC_R_SUCCESS)
867 xfrin_fail(xfr, result, "failed to connect");
871 * Convert a tuple into a dns_name_t suitable for inserting
872 * into the given dns_message_t.
875 tuple2msgname(dns_difftuple_t *tuple, dns_message_t *msg, dns_name_t **target)
878 dns_rdata_t *rdata = NULL;
879 dns_rdatalist_t *rdl = NULL;
880 dns_rdataset_t *rds = NULL;
881 dns_name_t *name = NULL;
883 REQUIRE(target != NULL && *target == NULL);
885 CHECK(dns_message_gettemprdata(msg, &rdata));
886 dns_rdata_init(rdata);
887 dns_rdata_clone(&tuple->rdata, rdata);
889 CHECK(dns_message_gettemprdatalist(msg, &rdl));
890 dns_rdatalist_init(rdl);
891 rdl->type = tuple->rdata.type;
892 rdl->rdclass = tuple->rdata.rdclass;
893 rdl->ttl = tuple->ttl;
894 ISC_LIST_APPEND(rdl->rdata, rdata, link);
896 CHECK(dns_message_gettemprdataset(msg, &rds));
897 dns_rdataset_init(rds);
898 CHECK(dns_rdatalist_tordataset(rdl, rds));
900 CHECK(dns_message_gettempname(msg, &name));
901 dns_name_init(name, NULL);
902 dns_name_clone(&tuple->name, name);
903 ISC_LIST_APPEND(name->list, rds, link);
906 return (ISC_R_SUCCESS);
911 dns_rdataset_disassociate(rds);
912 dns_message_puttemprdataset(msg, &rds);
914 ISC_LIST_UNLINK(rdl->rdata, rdata, link);
915 dns_message_puttemprdatalist(msg, &rdl);
918 dns_message_puttemprdata(msg, &rdata);
925 * Build an *XFR request and send its length prefix.
928 xfrin_send_request(dns_xfrin_ctx_t *xfr) {
931 isc_region_t lregion;
932 dns_rdataset_t *qrdataset = NULL;
933 dns_message_t *msg = NULL;
934 unsigned char length[2];
935 dns_difftuple_t *soatuple = NULL;
936 dns_name_t *qname = NULL;
937 dns_dbversion_t *ver = NULL;
938 dns_name_t *msgsoaname = NULL;
940 /* Create the request message */
941 CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTRENDER, &msg));
942 CHECK(dns_message_settsigkey(msg, xfr->tsigkey));
944 /* Create a name for the question section. */
945 CHECK(dns_message_gettempname(msg, &qname));
946 dns_name_init(qname, NULL);
947 dns_name_clone(&xfr->name, qname);
949 /* Formulate the question and attach it to the question name. */
950 CHECK(dns_message_gettemprdataset(msg, &qrdataset));
951 dns_rdataset_init(qrdataset);
952 dns_rdataset_makequestion(qrdataset, xfr->rdclass, xfr->reqtype);
953 ISC_LIST_APPEND(qname->list, qrdataset, link);
956 dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
959 if (xfr->reqtype == dns_rdatatype_ixfr) {
960 /* Get the SOA and add it to the authority section. */
961 /* XXX is using the current version the right thing? */
962 dns_db_currentversion(xfr->db, &ver);
963 CHECK(dns_db_createsoatuple(xfr->db, ver, xfr->mctx,
964 DNS_DIFFOP_EXISTS, &soatuple));
965 xfr->ixfr.request_serial = dns_soa_getserial(&soatuple->rdata);
966 xfrin_log(xfr, ISC_LOG_DEBUG(3),
967 "requesting IXFR for serial %u",
968 xfr->ixfr.request_serial);
970 CHECK(tuple2msgname(soatuple, msg, &msgsoaname));
971 dns_message_addname(msg, msgsoaname, DNS_SECTION_AUTHORITY);
974 xfr->checkid = ISC_TRUE;
978 CHECK(render(msg, xfr->mctx, &xfr->qbuffer));
981 * Free the last tsig, if there is one.
983 if (xfr->lasttsig != NULL)
984 isc_buffer_free(&xfr->lasttsig);
987 * Save the query TSIG and don't let message_destroy free it.
989 CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
991 isc_buffer_usedregion(&xfr->qbuffer, ®ion);
992 INSIST(region.length <= 65535);
994 length[0] = region.length >> 8;
995 length[1] = region.length & 0xFF;
996 lregion.base = length;
998 CHECK(isc_socket_send(xfr->socket, &lregion, xfr->task,
999 xfrin_sendlen_done, xfr));
1004 dns_message_puttempname(msg, &qname);
1005 if (qrdataset != NULL)
1006 dns_message_puttemprdataset(msg, &qrdataset);
1008 dns_message_destroy(&msg);
1009 if (soatuple != NULL)
1010 dns_difftuple_free(&soatuple);
1012 dns_db_closeversion(xfr->db, &ver, ISC_FALSE);
1016 /* XXX there should be library support for sending DNS TCP messages */
1019 xfrin_sendlen_done(isc_task_t *task, isc_event_t *event) {
1020 isc_socketevent_t *sev = (isc_socketevent_t *) event;
1021 dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
1022 isc_result_t evresult = sev->result;
1023 isc_result_t result;
1024 isc_region_t region;
1026 REQUIRE(VALID_XFRIN(xfr));
1030 INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE);
1031 isc_event_free(&event);
1034 if (xfr->shuttingdown) {
1039 xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request length prefix");
1042 isc_buffer_usedregion(&xfr->qbuffer, ®ion);
1043 CHECK(isc_socket_send(xfr->socket, ®ion, xfr->task,
1044 xfrin_send_done, xfr));
1047 if (result != ISC_R_SUCCESS)
1048 xfrin_fail(xfr, result, "failed sending request length prefix");
1053 xfrin_send_done(isc_task_t *task, isc_event_t *event) {
1054 isc_socketevent_t *sev = (isc_socketevent_t *) event;
1055 dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
1056 isc_result_t result;
1058 REQUIRE(VALID_XFRIN(xfr));
1062 INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE);
1065 xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request data");
1068 CHECK(dns_tcpmsg_readmessage(&xfr->tcpmsg, xfr->task,
1069 xfrin_recv_done, xfr));
1072 isc_event_free(&event);
1073 if (result != ISC_R_SUCCESS)
1074 xfrin_fail(xfr, result, "failed sending request data");
1079 xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
1080 dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) ev->ev_arg;
1081 isc_result_t result;
1082 dns_message_t *msg = NULL;
1084 dns_tcpmsg_t *tcpmsg;
1085 dns_name_t *tsigowner = NULL;
1087 REQUIRE(VALID_XFRIN(xfr));
1091 INSIST(ev->ev_type == DNS_EVENT_TCPMSG);
1092 tcpmsg = ev->ev_sender;
1093 isc_event_free(&ev);
1096 if (xfr->shuttingdown) {
1101 CHECK(tcpmsg->result);
1103 xfrin_log(xfr, ISC_LOG_DEBUG(7), "received %u bytes",
1104 tcpmsg->buffer.used);
1106 CHECK(isc_timer_touch(xfr->timer));
1108 CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTPARSE, &msg));
1110 dns_message_settsigkey(msg, xfr->tsigkey);
1111 dns_message_setquerytsig(msg, xfr->lasttsig);
1112 msg->tsigctx = xfr->tsigctx;
1114 msg->tcp_continuation = 1;
1116 result = dns_message_parse(msg, &tcpmsg->buffer,
1117 DNS_MESSAGEPARSE_PRESERVEORDER);
1119 if (result != ISC_R_SUCCESS || msg->rcode != dns_rcode_noerror ||
1120 (xfr->checkid && msg->id != xfr->id)) {
1121 if (result == ISC_R_SUCCESS)
1122 result = ISC_RESULTCLASS_DNSRCODE + msg->rcode; /*XXX*/
1123 if (result == ISC_R_SUCCESS || result == DNS_R_NOERROR)
1124 result = DNS_R_UNEXPECTEDID;
1125 if (xfr->reqtype == dns_rdatatype_axfr ||
1126 xfr->reqtype == dns_rdatatype_soa)
1128 xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR",
1129 isc_result_totext(result));
1131 dns_message_destroy(&msg);
1133 xfr->reqtype = dns_rdatatype_soa;
1134 xfr->state = XFRST_SOAQUERY;
1140 * Does the server know about IXFR? If it doesn't we will get
1141 * a message with a empty answer section or a potentially a CNAME /
1142 * DNAME, the later is handled by xfr_rr() which will return FORMERR
1143 * if the first RR in the answer section is not a SOA record.
1145 if (xfr->reqtype == dns_rdatatype_ixfr &&
1146 xfr->state == XFRST_INITIALSOA &&
1147 msg->counts[DNS_SECTION_ANSWER] == 0) {
1148 xfrin_log(xfr, ISC_LOG_DEBUG(3),
1149 "empty answer section, retrying with AXFR");
1154 result = dns_message_checksig(msg, dns_zone_getview(xfr->zone));
1155 if (result != ISC_R_SUCCESS) {
1156 xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s",
1157 isc_result_totext(result));
1161 for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
1162 result == ISC_R_SUCCESS;
1163 result = dns_message_nextname(msg, DNS_SECTION_ANSWER))
1165 dns_rdataset_t *rds;
1168 dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
1169 for (rds = ISC_LIST_HEAD(name->list);
1171 rds = ISC_LIST_NEXT(rds, link))
1173 for (result = dns_rdataset_first(rds);
1174 result == ISC_R_SUCCESS;
1175 result = dns_rdataset_next(rds))
1177 dns_rdata_t rdata = DNS_RDATA_INIT;
1178 dns_rdataset_current(rds, &rdata);
1179 CHECK(xfr_rr(xfr, name, rds->ttl, &rdata));
1183 if (result != ISC_R_NOMORE)
1186 if (dns_message_gettsig(msg, &tsigowner) != NULL) {
1188 * Reset the counter.
1193 * Free the last tsig, if there is one.
1195 if (xfr->lasttsig != NULL)
1196 isc_buffer_free(&xfr->lasttsig);
1199 * Update the last tsig pointer.
1201 CHECK(dns_message_getquerytsig(msg, xfr->mctx,
1204 } else if (dns_message_gettsigkey(msg) != NULL) {
1206 if (xfr->sincetsig > 100 ||
1207 xfr->nmsg == 0 || xfr->state == XFRST_END)
1209 result = DNS_R_EXPECTEDTSIG;
1215 * Update the number of messages received.
1220 * Copy the context back.
1222 xfr->tsigctx = msg->tsigctx;
1224 dns_message_destroy(&msg);
1226 if (xfr->state == XFRST_GOTSOA) {
1227 xfr->reqtype = dns_rdatatype_axfr;
1228 xfr->state = XFRST_INITIALSOA;
1229 CHECK(xfrin_send_request(xfr));
1230 } else if (xfr->state == XFRST_END) {
1232 * Inform the caller we succeeded.
1234 if (xfr->done != NULL) {
1235 (xfr->done)(xfr->zone, ISC_R_SUCCESS);
1239 * We should have no outstanding events at this
1240 * point, thus maybe_free() should succeed.
1242 xfr->shuttingdown = ISC_TRUE;
1246 * Read the next message.
1248 CHECK(dns_tcpmsg_readmessage(&xfr->tcpmsg, xfr->task,
1249 xfrin_recv_done, xfr));
1256 dns_message_destroy(&msg);
1257 if (result != ISC_R_SUCCESS)
1258 xfrin_fail(xfr, result, "failed while receiving responses");
1262 xfrin_timeout(isc_task_t *task, isc_event_t *event) {
1263 dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
1265 REQUIRE(VALID_XFRIN(xfr));
1269 isc_event_free(&event);
1271 * This will log "giving up: timeout".
1273 xfrin_fail(xfr, ISC_R_TIMEDOUT, "giving up");
1277 maybe_free(dns_xfrin_ctx_t *xfr) {
1278 REQUIRE(VALID_XFRIN(xfr));
1280 if (! xfr->shuttingdown || xfr->refcount != 0 ||
1281 xfr->connects != 0 || xfr->sends != 0 ||
1285 xfrin_log(xfr, ISC_LOG_INFO, "end of transfer");
1287 if (xfr->socket != NULL)
1288 isc_socket_detach(&xfr->socket);
1290 if (xfr->timer != NULL)
1291 isc_timer_detach(&xfr->timer);
1293 if (xfr->task != NULL)
1294 isc_task_detach(&xfr->task);
1296 if (xfr->tsigkey != NULL)
1297 dns_tsigkey_detach(&xfr->tsigkey);
1299 if (xfr->lasttsig != NULL)
1300 isc_buffer_free(&xfr->lasttsig);
1302 dns_diff_clear(&xfr->diff);
1304 if (xfr->ixfr.journal != NULL)
1305 dns_journal_destroy(&xfr->ixfr.journal);
1307 if (xfr->axfr.add_private != NULL)
1308 (void)dns_db_endload(xfr->db, &xfr->axfr.add_private);
1310 if (xfr->tcpmsg_valid)
1311 dns_tcpmsg_invalidate(&xfr->tcpmsg);
1313 if ((xfr->name.attributes & DNS_NAMEATTR_DYNAMIC) != 0)
1314 dns_name_free(&xfr->name, xfr->mctx);
1316 if (xfr->ver != NULL)
1317 dns_db_closeversion(xfr->db, &xfr->ver, ISC_FALSE);
1319 if (xfr->db != NULL)
1320 dns_db_detach(&xfr->db);
1322 if (xfr->zone != NULL)
1323 dns_zone_idetach(&xfr->zone);
1325 isc_mem_put(xfr->mctx, xfr, sizeof(*xfr));
1329 * Log incoming zone transfer messages in a format like
1330 * transfer of <zone> from <address>: <message>
1333 xfrin_logv(int level, dns_name_t *zonename, dns_rdataclass_t rdclass,
1334 isc_sockaddr_t *masteraddr, const char *fmt, va_list ap)
1336 char zntext[DNS_NAME_FORMATSIZE];
1337 char mastertext[ISC_SOCKADDR_FORMATSIZE];
1338 char classtext[DNS_RDATACLASS_FORMATSIZE];
1341 dns_name_format(zonename, zntext, sizeof(zntext));
1342 dns_rdataclass_format(rdclass, classtext, sizeof(classtext));
1343 isc_sockaddr_format(masteraddr, mastertext, sizeof(mastertext));
1344 vsnprintf(msgtext, sizeof(msgtext), fmt, ap);
1346 isc_log_write(dns_lctx, DNS_LOGCATEGORY_XFER_IN,
1347 DNS_LOGMODULE_XFER_IN, level,
1348 "transfer of '%s/%s' from %s: %s",
1349 zntext, classtext, mastertext, msgtext);
1353 * Logging function for use when a xfrin_ctx_t has not yet been created.
1357 xfrin_log1(int level, dns_name_t *zonename, dns_rdataclass_t rdclass,
1358 isc_sockaddr_t *masteraddr, const char *fmt, ...)
1362 if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE)
1366 xfrin_logv(level, zonename, rdclass, masteraddr, fmt, ap);
1371 * Logging function for use when there is a xfrin_ctx_t.
1375 xfrin_log(dns_xfrin_ctx_t *xfr, unsigned int level, const char *fmt, ...)
1379 if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE)
1383 xfrin_logv(level, &xfr->name, xfr->rdclass, &xfr->masteraddr, fmt, ap);
nant's projects / dragonfly.git / blob