6fb9b25791778f69002eb72be6235e20d98ec452Tinderbox User * Copyright (C) 2010, 2011, 2014, 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
c1aef54e14bb92518b1c062ba8c0292a7cb949cbAutomatic Updater/* $Id: dns64.c,v 1.8 2011/03/12 04:59:47 tbox Exp $ */
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * Prefix + suffix bits.
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * Which clients get mapped
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * addresses.
b8a9a7bef2c3060204c68aef4f3fce04afc1aaeeAutomatic Updater * IPv4 addresses to be mapped.
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * IPv6 addresses that are
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * treated as not existing.
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * Start of mapped address.
e334405421979688f2d838805ac67ee47bd62976Mark Andrewsdns_dns64_create(isc_mem_t *mctx, isc_netaddr_t *prefix,
e334405421979688f2d838805ac67ee47bd62976Mark Andrews dns_acl_t *clients, dns_acl_t *mapped, dns_acl_t *excluded,
e334405421979688f2d838805ac67ee47bd62976Mark Andrews REQUIRE(prefix != NULL && prefix->family == AF_INET6);
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt /* Legal prefix lengths from rfc6052.txt. */
e334405421979688f2d838805ac67ee47bd62976Mark Andrews REQUIRE(prefixlen == 32 || prefixlen == 40 || prefixlen == 48 ||
e334405421979688f2d838805ac67ee47bd62976Mark Andrews prefixlen == 56 || prefixlen == 64 || prefixlen == 96);
e334405421979688f2d838805ac67ee47bd62976Mark Andrews REQUIRE(isc_netaddr_prefixok(prefix, prefixlen) == ISC_R_SUCCESS);
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt /* Bits 64-71 are zeros. rfc6052.txt */
e334405421979688f2d838805ac67ee47bd62976Mark Andrews REQUIRE(memcmp(suffix->type.in6.s6_addr, zeros, nbytes) == 0);
bfde61d5194a534d800f3b90008d1f52261922c5Mark Andrews dns64 = isc_mem_get(mctx, sizeof(dns_dns64_t));
bfde61d5194a534d800f3b90008d1f52261922c5Mark Andrews memmove(dns64->bits, prefix->type.in6.s6_addr, prefixlen / 8);
bfde61d5194a534d800f3b90008d1f52261922c5Mark Andrews memmove(dns64->bits + nbytes, suffix->type.in6.s6_addr + nbytes,
e334405421979688f2d838805ac67ee47bd62976Mark Andrews isc_mem_putanddetach(&dns64->mctx, dns64, sizeof(*dns64));
e334405421979688f2d838805ac67ee47bd62976Mark Andrewsdns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
e334405421979688f2d838805ac67ee47bd62976Mark Andrews const dns_name_t *reqsigner, const dns_aclenv_t *env,
e334405421979688f2d838805ac67ee47bd62976Mark Andrews unsigned int flags, unsigned char *a, unsigned char *aaaa)
e334405421979688f2d838805ac67ee47bd62976Mark Andrews if ((dns64->flags & DNS_DNS64_RECURSIVE_ONLY) != 0 &&
e334405421979688f2d838805ac67ee47bd62976Mark Andrews if ((dns64->flags & DNS_DNS64_BREAK_DNSSEC) == 0 &&
e334405421979688f2d838805ac67ee47bd62976Mark Andrews result = dns_acl_match(reqaddr, reqsigner, dns64->clients, env,
e334405421979688f2d838805ac67ee47bd62976Mark Andrews result = dns_acl_match(&netaddr, NULL, dns64->mapped, env,
e334405421979688f2d838805ac67ee47bd62976Mark Andrews /* Copy prefix. */
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt /* Bits 64-71 are zeros. rfc6052.txt */
e334405421979688f2d838805ac67ee47bd62976Mark Andrews /* Copy mapped address. */
e334405421979688f2d838805ac67ee47bd62976Mark Andrews for (i = 0; i < 4U; i++) {
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt /* Bits 64-71 are zeros. rfc6052.txt */
e334405421979688f2d838805ac67ee47bd62976Mark Andrews /* Copy suffix. */
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt memmove(aaaa + nbytes, dns64->bits + nbytes, 16 - nbytes);
e334405421979688f2d838805ac67ee47bd62976Mark Andrewsdns_dns64_append(dns_dns64list_t *list, dns_dns64_t *dns64) {
e334405421979688f2d838805ac67ee47bd62976Mark Andrewsdns_dns64_unlink(dns_dns64list_t *list, dns_dns64_t *dns64) {
e334405421979688f2d838805ac67ee47bd62976Mark Andrewsdns_dns64_aaaaok(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
b8a9a7bef2c3060204c68aef4f3fce04afc1aaeeAutomatic Updater const dns_name_t *reqsigner, const dns_aclenv_t *env,
e334405421979688f2d838805ac67ee47bd62976Mark Andrews REQUIRE(rdataset->rdclass == dns_rdataclass_in);
e334405421979688f2d838805ac67ee47bd62976Mark Andrews REQUIRE(aaaaoklen == dns_rdataset_count(rdataset));
e334405421979688f2d838805ac67ee47bd62976Mark Andrews for (;dns64 != NULL; dns64 = ISC_LIST_NEXT(dns64, link)) {
e334405421979688f2d838805ac67ee47bd62976Mark Andrews if ((dns64->flags & DNS_DNS64_RECURSIVE_ONLY) != 0 &&
e334405421979688f2d838805ac67ee47bd62976Mark Andrews if ((dns64->flags & DNS_DNS64_BREAK_DNSSEC) == 0 &&
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * Work out if this dns64 structure applies to this client.
e334405421979688f2d838805ac67ee47bd62976Mark Andrews for (i = 0; i < aaaaoklen; i++)
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * If we are not excluding any addresses then any AAAA
e334405421979688f2d838805ac67ee47bd62976Mark Andrews for (i = 0; i < aaaaoklen; i++)
e334405421979688f2d838805ac67ee47bd62976Mark Andrews * Are all addresses ok?
e334405421979688f2d838805ac67ee47bd62976Mark Andrews for (i = 0; i < aaaaoklen; i++)