/* -*- Mode: C; tab-width: 4 -*-
*
* Copyright (c) 2002-2015 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Set mDNS_InstantiateInlines to tell mDNSEmbeddedAPI.h to instantiate inline functions, if necessary
#include "DNSCommon.h"
#include "CryptoAlg.h"
#include "anonymous.h"
// Disable certain benign warnings with Microsoft compilers
#if (defined(_MSC_VER))
// Disable "conditional expression is constant" warning for debug macros.
// Otherwise, this generates warnings for the perfectly natural construct "while(1)"
// If someone knows a variant way of writing "while(1)" that doesn't generate warning messages, please let us know
// Disable "array is too small to include a terminating null character" warning
// -- domain labels have an initial length byte, not a terminating null character
#endif
// ***************************************************************************
#endif
// Note: Microsoft's proposed "Link Local Multicast Name Resolution Protocol" (LLMNR) is essentially a limited version of
// Multicast DNS, using the same packet formats, naming syntax, and record types as Multicast DNS, but on a different UDP
// port and multicast address, which means it won't interoperate with the existing installed base of Multicast DNS responders.
// LLMNR uses IPv4 multicast address 224.0.0.252, IPv6 multicast address FF02::0001:0003, and UDP port 5355.
// Uncomment the appropriate lines below to build a special Multicast DNS responder for testing interoperability
// with Microsoft's LLMNR client code.
#define NSIPCPortAsNumber 5030 // Port used for dnsextd to talk to local nameserver bound to loopback
#define DNSEXTPortAsNumber 5352 // Port used for end-to-end DNS operations like LLQ, Updates with Leases, etc.
//#define MulticastDNSPortAsNumber 5355 // LLMNR
mDNSexport const mDNSIPPort DiscardPort = { { DiscardPortAsNumber >> 8, DiscardPortAsNumber & 0xFF } };
mDNSexport const mDNSIPPort UnicastDNSPort = { { UnicastDNSPortAsNumber >> 8, UnicastDNSPortAsNumber & 0xFF } };
mDNSexport const mDNSIPPort NATPMPAnnouncementPort = { { NATPMPAnnouncementPortAsNumber >> 8, NATPMPAnnouncementPortAsNumber & 0xFF } };
mDNSexport const mDNSIPPort NATPMPPort = { { NATPMPPortAsNumber >> 8, NATPMPPortAsNumber & 0xFF } };
mDNSexport const mDNSIPPort DNSEXTPort = { { DNSEXTPortAsNumber >> 8, DNSEXTPortAsNumber & 0xFF } };
mDNSexport const mDNSIPPort MulticastDNSPort = { { MulticastDNSPortAsNumber >> 8, MulticastDNSPortAsNumber & 0xFF } };
mDNSexport const mDNSIPPort LoopbackIPCPort = { { LoopbackIPCPortAsNumber >> 8, LoopbackIPCPortAsNumber & 0xFF } };
mDNSexport const mDNSIPPort PrivateDNSPort = { { PrivateDNSPortAsNumber >> 8, PrivateDNSPortAsNumber & 0xFF } };
mDNSexport const mDNSv6Addr onesIPv6Addr = { { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255 } };
mDNSexport const mDNSv6Addr AllHosts_v6 = { { 0xFF,0x02,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x01 } };
mDNSexport const mDNSv6Addr NDP_prefix = { { 0xFF,0x02,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x01, 0xFF,0x00,0x00,0xFB } }; // FF02:0:0:0:0:1:FF00::/104
//mDNSexport const mDNSAddr AllDNSLinkGroup_v4 = { mDNSAddrType_IPv4, { { { 224, 0, 0, 252 } } } }; // LLMNR
mDNSexport const mDNSAddr AllDNSLinkGroup_v6 = { mDNSAddrType_IPv6, { { { 0xFF,0x02,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0xFB } } } };
//mDNSexport const mDNSAddr AllDNSLinkGroup_v6 = { mDNSAddrType_IPv6, { { { 0xFF,0x02,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x01,0x00,0x03 } } } }; // LLMNR
mDNSexport const mDNSOpaque16 uQueryFlags = { { kDNSFlag0_QR_Query | kDNSFlag0_OP_StdQuery | kDNSFlag0_RD, 0 } };
mDNSexport const mDNSOpaque16 DNSSecQFlags = { { kDNSFlag0_QR_Query | kDNSFlag0_OP_StdQuery | kDNSFlag0_RD, kDNSFlag1_CD } };
mDNSexport const mDNSOpaque16 ResponseFlags = { { kDNSFlag0_QR_Response | kDNSFlag0_OP_StdQuery | kDNSFlag0_AA, 0 } };
mDNSexport const mDNSOpaque16 UpdateRespFlags = { { kDNSFlag0_QR_Response | kDNSFlag0_OP_Update, 0 } };
// ***************************************************************************
#pragma mark -
#endif
// return true for RFC1918 private addresses
{
}
{
out->l[0] = 0;
out->l[1] = 0;
out->w[4] = 0;
}
{
return mDNSfalse;
return mDNStrue;
}
{
return(intf);
}
{
}
{
{
used++;
}
return(used);
}
{
switch (rrtype)
{
case kDNSType_A: return("Addr");
case kDNSType_NS: return("NS");
case kDNSType_CNAME: return("CNAME");
case kDNSType_SOA: return("SOA");
case kDNSType_NULL: return("NULL");
case kDNSType_PTR: return("PTR");
case kDNSType_HINFO: return("HINFO");
case kDNSType_TXT: return("TXT");
case kDNSType_AAAA: return("AAAA");
case kDNSType_SRV: return("SRV");
case kDNSType_OPT: return("OPT");
case kDNSType_NSEC: return("NSEC");
case kDNSType_NSEC3: return("NSEC3");
case kDNSType_NSEC3PARAM: return("NSEC3PARAM");
case kDNSType_TSIG: return("TSIG");
case kDNSType_RRSIG: return("RRSIG");
case kDNSType_DNSKEY: return("DNSKEY");
case kDNSType_DS: return("DS");
case kDNSQType_ANY: return("ANY");
default: {
return(buffer);
}
}
}
{
switch (alg)
{
case CRYPTO_RSA_SHA1: return "RSA_SHA1";
case CRYPTO_DSA_NSEC3_SHA1: return "DSA_NSEC3_SHA1";
case CRYPTO_RSA_NSEC3_SHA1: return "RSA_NSEC3_SHA1";
case CRYPTO_RSA_SHA256: return "RSA_SHA256";
case CRYPTO_RSA_SHA512: return "RSA_SHA512";
default: {
return(algbuffer);
}
}
}
{
switch (digest)
{
case SHA1_DIGEST_TYPE: return "SHA1";
case SHA256_DIGEST_TYPE: return "SHA256";
default:
{
return(digbuffer);
}
}
}
{
}
{
}
// RFC 4034 Appendix B: Get the keyid of a DNS KEY. It is not transmitted
// explicitly on the wire.
//
// Note: This just helps narrow down the list of keys to look at. It is possible
// for two DNS keys to have the same ID i.e., key ID is not a unqiue tag. We ignore
// MD5 keys.
//
// 1st argument - the RDATA part of the DNSKEY RR
// 2nd argument - the RDLENGTH
//
{
unsigned long ac;
unsigned int i;
return ac & 0xFFFF;
}
{
int length;
if (!ctx)
{
LogMsg("baseEncode: AlgCreate failed\n");
return 0;
}
length = 0;
if (outputBuffer)
{
// Note: don't include any spaces in the format string below. This
// is also used by NSEC3 code for proving non-existence where it
// needs the base32 encoding without any spaces etc.
}
return length;
}
mDNSlocal void PrintTypeBitmap(const mDNSu8 *bmap, int bitmaplen, char *const buffer, mDNSu32 length)
{
while (bitmaplen > 0)
{
int i;
if (bitmaplen < 3)
{
break;
}
bitmaplen -= 2;
{
break;
}
{
break;
}
for (i = 0; i < wlen * 8; i++)
{
}
}
}
// Parse the fields beyond the base header. NSEC3 should have been validated.
mDNSexport void NSEC3Parse(const ResourceRecord *const rr, mDNSu8 **salt, int *hashLength, mDNSu8 **nxtName, int *bitmaplen, mDNSu8 **bitmap)
{
int hlen;
if (salt)
{
if (nsec3->saltLength)
*salt = p;
else
}
p += nsec3->saltLength;
// p is pointing at hashLength
hlen = (int)*p;
if (hashLength)
*hashLength = hlen;
p++;
if (nxtName)
*nxtName = p;
p += hlen;
if (bitmaplen)
if (bitmap)
*bitmap = p;
}
// Note slight bug: this code uses the rdlength from the ResourceRecord object, to display
// the rdata from the RDataBody object. Sometimes this could be the wrong length -- but as
// long as this routine is only used for debugging messages, it probably isn't a big problem.
mDNSexport char *GetRRDisplayString_rdb(const ResourceRecord *const rr, const RDataBody *const rd1, char *const buffer)
{
mDNSu32 length = mDNS_snprintf(buffer, MaxMsg-1, "%4d %##s %s ", rr->rdlength, rr->name->c, DNSTypeName(rr->rrtype));
if (!rr->rdlength && rr->rrtype != kDNSType_OPT) { mDNS_snprintf(buffer+length, RemSpc, "<< ZERO RDATA LENGTH >>"); return(buffer); }
{
case kDNSType_NS: // Same as PTR
case kDNSType_CNAME: // Same as PTR
break;
case kDNSType_HINFO: // Display this the same as TXT (show all constituent strings)
case kDNSType_TXT: {
{
t += 1 + t[0];
}
} break;
case kDNSType_OPT: {
{
{
case kDNSOpt_LLQ:
length += mDNS_snprintf(buffer+length, RemSpc, " ID %08X%08X", opt->u.llq.id.l[0], opt->u.llq.id.l[1]);
break;
case kDNSOpt_Lease:
break;
case kDNSOpt_Owner:
length += mDNS_snprintf(buffer+length, RemSpc, " Seq %3d", (mDNSu8)opt->u.owner.seq); // Display as unsigned
{
}
break;
case kDNSOpt_Trace:
break;
default:
break;
}
}
}
break;
case kDNSType_NSEC: {
if (UNICAST_NSEC(rr))
}
break;
case kDNSType_NSEC3: {
if (!nsec3->saltLength)
{
}
else
{
for (i = 0; i < nsec3->saltLength; i++)
{
}
}
// put a space at the end
p += nsec3->saltLength;
// p is pointing at hashLength
hashLength = (int)*p++;
// put a space at the end
p += hashLength;
}
break;
case kDNSType_RRSIG: {
unsigned long inceptClock;
unsigned long expClock;
int len;
DNSTypeName(swap16(rrsig->typeCovered)), DNSSECAlgName(rrsig->alg), rrsig->labels, swap32(rrsig->origTTL),
}
break;
case kDNSType_DNSKEY: {
length += mDNS_snprintf(buffer+length, RemSpc, "\t%d %d %s %u ", swap16(rrkey->flags), rrkey->proto,
}
break;
case kDNSType_DS: {
mDNSu8 *p;
int i;
length += mDNS_snprintf(buffer+length, RemSpc, "\t%s\t%d\t%s ", DNSSECAlgName(rrds->alg), swap16(rrds->keyTag),
{
}
}
break;
// Really should scan buffer to check if text is valid UTF-8 and only replace with dots if not
break;
}
return(buffer);
}
// See comments in mDNSEmbeddedAPI.h
#else
{
}
{
}
{
if (!seeded)
{
}
}
#endif // ! _PLATFORM_HAS_STRONG_PRNG_
mDNSexport mDNSu32 mDNSRandom(mDNSu32 max) // Returns pseudo-random result from zero to max inclusive
{
return ret;
}
{
{
{
case mDNSAddrType_None: return(mDNStrue); // Empty addresses have no data and are therefore always equal
}
}
return(mDNSfalse);
}
{
{
case mDNSAddrType_IPv4: return (mDNSBool)(mDNSSameIPv4Address(ip->ip.v4, AllDNSLinkGroup_v4.ip.v4));
case mDNSAddrType_IPv6: return (mDNSBool)(mDNSSameIPv6Address(ip->ip.v6, AllDNSLinkGroup_v6.ip.v6));
default: return(mDNSfalse);
}
}
// ***************************************************************************
#pragma mark -
#endif
{
int i;
const int len = *a++;
if (len > MAX_DOMAIN_LABEL)
for (i=0; i<len; i++)
{
}
return(mDNStrue);
}
{
while (*a || *b)
{
if (a + 1 + *a >= max)
if (!SameDomainLabel(a, b)) return(mDNSfalse);
a += 1 + *a;
b += 1 + *b;
}
return(mDNStrue);
}
{
}
{
// Domains that are defined to be resolved via link-local multicast are:
// local., 254.169.in-addr.arpa., and {8,9,A,B}.E.F.ip6.arpa.
static const domainname *nR = (const domainname*)"\x3" "254" "\x3" "169" "\x7" "in-addr" "\x4" "arpa";
static const domainname *n8 = (const domainname*)"\x1" "8" "\x1" "e" "\x1" "f" "\x3" "ip6" "\x4" "arpa";
static const domainname *n9 = (const domainname*)"\x1" "9" "\x1" "e" "\x1" "f" "\x3" "ip6" "\x4" "arpa";
static const domainname *nA = (const domainname*)"\x1" "a" "\x1" "e" "\x1" "f" "\x3" "ip6" "\x4" "arpa";
static const domainname *nB = (const domainname*)"\x1" "b" "\x1" "e" "\x1" "f" "\x3" "ip6" "\x4" "arpa";
while (d->c[0])
{
d = (const domainname*)(d->c + 1 + d->c[0]);
}
return(mDNSfalse);
}
{
const mDNSu8 *p = d->c;
while (d->c[0])
{
p = d->c;
d = (const domainname*)(d->c + 1 + d->c[0]);
}
return(p);
}
// Returns length of a domain name INCLUDING the byte for the final null label
// e.g. for the root label "." it returns one
// For the FQDN "com." it returns 5 (length byte, three data bytes, final zero)
// Legal results are 1 (just root label) to 256 (MAX_DOMAIN_NAME)
// If the given domainname is invalid, result is 257 (MAX_DOMAIN_NAME+1)
{
{
}
return(MAX_DOMAIN_NAME+1);
}
// CompressedDomainNameLength returns the length of a domain name INCLUDING the byte
// for the final null label, e.g. for the root label "." it returns one.
// E.g. for the FQDN "foo.com." it returns 9
// (length, three data bytes, length, three more data bytes, final zero).
// In the case where a parent domain name is provided, and the given name is a child
// of that parent, CompressedDomainNameLength returns the length of the prefix portion
// of the child name, plus TWO bytes for the compression pointer.
// E.g. for the name "foo.com." with parent "com.", it returns 6
// (length, three data bytes, two-byte compression pointer).
mDNSexport mDNSu16 CompressedDomainNameLength(const domainname *const name, const domainname *parent)
{
while (*src)
{
if (parent && SameDomainName((const domainname *)src, parent)) return((mDNSu16)(src - name->c + 2));
}
}
// CountLabels() returns number of labels in name, excluding final root label
// (e.g. for "apple.com." CountLabels returns 2.)
{
int count = 0;
return count;
}
// SkipLeadingLabels skips over the first 'skip' labels in the domainname,
// returning a pointer to the suffix with 'skip' labels removed.
{
return(d);
}
// AppendLiteralLabelString appends a single label to an existing (possibly empty) domainname.
// The C string contains the label as-is, with no escaping, etc.
// Any dots in the name are literal dots, not label separators
// If successful, AppendLiteralLabelString returns a pointer to the next unused byte
// in the domainname bufer (i.e. the next byte after the terminating zero).
// If unable to construct a legal domain name (i.e. label more than 63 bytes, or total more than 256 bytes)
// AppendLiteralLabelString returns mDNSNULL.
{
const mDNSu8 *const lim1 = name->c + MAX_DOMAIN_NAME - 1; // Limit of how much we can add (not counting final zero)
*ptr++ = 0; // Put the null root label on the end
else return(ptr); // Success: return new value of ptr
}
// AppendDNSNameString appends zero or more labels to an existing (possibly empty) domainname.
// The C string is in conventional DNS syntax:
// Textual labels, escaped as necessary using the usual DNS '\' notation, separated by dots.
// If successful, AppendDNSNameString returns a pointer to the next unused byte
// in the domainname bufer (i.e. the next byte after the terminating zero).
// If unable to construct a legal domain name (i.e. label more than 63 bytes, or total more than 256 bytes)
// AppendDNSNameString returns mDNSNULL.
{
const mDNSu8 *const lim = name->c + MAX_DOMAIN_NAME - 1; // Limit of how much we can add (not counting final zero)
{
if (*cstr == '.') { LogMsg("AppendDNSNameString: Illegal empty label in name \"%s\"", cstring); return(mDNSNULL); }
{
if (c == '\\') // If escape character, check next character
{
{ // If three decimal digits,
}
}
*ptr++ = c; // Write the character
}
return(mDNSNULL);
}
*ptr++ = 0; // Put the null root label on the end
else return(ptr); // Success: return new value of ptr
}
// AppendDomainLabel appends a single label to a name.
// If successful, AppendDomainLabel returns a pointer to the next unused byte
// in the domainname bufer (i.e. the next byte after the terminating zero).
// If unable to construct a legal domain name (i.e. label more than 63 bytes, or total more than 256 bytes)
// AppendDomainLabel returns mDNSNULL.
{
int i;
// Check label is legal
// Check that ptr + length byte + data bytes + final zero does not exceed our limit
*ptr++ = 0; // Put the null root label on the end
return(ptr);
}
{
const mDNSu8 *const lim = name->c + MAX_DOMAIN_NAME - 1; // Limit of how much we can add (not counting final zero)
while (src[0])
{
int i;
*ptr = 0; // Put the null root label on the end
src += i;
}
return(ptr);
}
// MakeDomainLabelFromLiteralString makes a single domain label from a single literal C string (with no escaping).
// If successful, MakeDomainLabelFromLiteralString returns mDNStrue.
// If unable to convert the whole string to a legal domain label (i.e. because length is more than 63 bytes) then
// MakeDomainLabelFromLiteralString makes a legal domain label from the first 63 bytes of the string and returns mDNSfalse.
// In some cases silently truncated oversized names to 63 bytes is acceptable, so the return result may be ignored.
// In other cases silent truncation may not be acceptable, so in those cases the calling function needs to check the return result.
{
return(*cstr == 0); // Return mDNStrue if we successfully consumed all input
}
// MakeDomainNameFromDNSNameString makes a native DNS-format domainname from a C string.
// The C string is in conventional DNS syntax:
// Textual labels, escaped as necessary using the usual DNS '\' notation, separated by dots.
// If successful, MakeDomainNameFromDNSNameString returns a pointer to the next unused byte
// in the domainname bufer (i.e. the next byte after the terminating zero).
// If unable to construct a legal domain name (i.e. label more than 63 bytes, or total more than 256 bytes)
// MakeDomainNameFromDNSNameString returns mDNSNULL.
{
name->c[0] = 0; // Make an empty domain name
}
mDNSexport char *ConvertDomainLabelToCString_withescape(const domainlabel *const label, char *ptr, char esc)
{
{
if (esc)
{
else if (c <= ' ') // If non-printing ascii,
{ // Output decimal escape sequence
}
}
*ptr++ = (char)c; // Copy the character
}
*ptr = 0; // Null-terminate the string
return(ptr); // and return
}
// Note: To guarantee that there will be no possible overrun, cstr must be at least MAX_ESCAPED_DOMAIN_NAME (1009 bytes)
mDNSexport char *ConvertDomainNameToCString_withescape(const domainname *const name, char *ptr, char esc)
{
while (*src) // While more characters in the domain name
{
}
*ptr++ = 0; // Null-terminate the string
return(ptr); // and return
}
// RFC 1034 rules:
// Host names must start with a letter, end with a letter or digit,
// and have as interior characters only letters, digits, and hyphen.
// This was subsequently modified in RFC 1123 to allow the first character to be either a letter or a digit
mDNSexport void ConvertUTF8PstringToRFC1034HostLabel(const mDNSu8 UTF8Name[], domainlabel *const hostlabel)
{
{
// Delete apostrophes from source name
{
}
src++;
}
}
((((X)[2] | 0x20) == 'u' && ((X)[3] | 0x20) == 'd') || (((X)[2] | 0x20) == 't' && ((X)[3] | 0x20) == 'c')) && \
((X)[4] | 0x20) == 'p')
{
int i, len;
const char *errormsg;
#endif
// In the case where there is no name (and ONLY in that case),
// a single-label subtype is allowed as the first label of a three-part "type"
{
{
{
{
// Special support to enable the DNSServiceBrowse call made by Bonjour Browser
// For these queries, we retract the "._sub" we just added between the subtype and the main type
// Remove after Bonjour Browser is updated to use DNSServiceQueryRecord instead of DNSServiceBrowse
dst -= sizeof(SubTypeLabel);
}
}
}
}
{
}
else
name = (domainlabel*)""; // Set this up to be non-null, to avoid errors if we have to call LogMsg() below
{
LogMsg("Bad service type in %#s.%##s%##s Application protocol name must be underscore plus 1-15 characters. "
#endif
}
if (len < 2 || len >= 0x40 || (len > 16 && !SameDomainName(domain, &localdomain))) return(mDNSNULL);
if (src[1] != '_') { errormsg = "Application protocol name must begin with underscore"; goto fail; }
for (i=2; i<=len; i++)
{
// Letters and digits are allowed anywhere
// Hyphens are only allowed as interior characters
// Underscores are not supposed to be allowed at all, but for backwards compatibility with some old products we do allow them,
// with the same rule as hyphens
{
{
}
#endif
continue;
}
errormsg = "Application protocol name must contain only letters, digits, and hyphens";
{
}
#endif
goto fail;
}
if (!ValidTransportProtocol(src)) { errormsg = "Transport protocol name must be _udp or _tcp"; goto fail; }
*dst = 0;
return(dst);
fail:
return(mDNSNULL);
}
// A service name has the form: instance.application-protocol.transport-protocol.domain
// DeconstructServiceName is currently fairly forgiving: It doesn't try to enforce character
// set or length limits for the protocol names, and the final domain is allowed to be empty.
// However, if the given FQDN doesn't contain at least three labels,
// DeconstructServiceName will reject it and return mDNSfalse.
{
int i, len;
if (len >= 0x40) { debugf("DeconstructServiceName: Application protocol name too long"); return(mDNSfalse); }
if (src[1] != '_') { debugf("DeconstructServiceName: No _ at start of application protocol"); return(mDNSfalse); }
if (!ValidTransportProtocol(src))
*dst++ = 0; // Put terminator on the end of service type
while (*src)
{
if (len >= 0x40)
}
*dst++ = 0; // Put the null root label on the end
return(mDNStrue);
}
{
const mDNSu8 *a = d->c;
int i, len;
while (*a)
{
if (a + 1 + *a >= max)
{
LogMsg("DNSNameToLowerCase: ERROR!! Malformed Domain name");
return mStatus_BadParamErr;
}
len = *a++;
*b++ = len;
for (i = 0; i < len; i++)
{
*b++ = ac;
}
}
*b = 0;
return mStatus_NoError;
}
mDNSexport const mDNSu8 *NSEC3HashName(const domainname *name, rdataNSEC3 *nsec3, const mDNSu8 *AnonData, int AnonDataLen,
{
int i;
int digestlen;
{
LogMsg("NSEC3HashName: ERROR!! DNSNameToLowerCase failed");
return mDNSNULL;
}
// Note that it is "i <=". The first iteration is for digesting the name and salt.
// The iteration count does not include that.
{
if (!ctx)
{
LogMsg("NSEC3HashName: ERROR!! Cannot allocate context");
return mDNSNULL;
}
if (nsec3->saltLength)
if (AnonDataLen)
if (first)
{
}
}
return digest;
}
// Notes on UTF-8:
// 0xxxxxxx represents a 7-bit ASCII value from 0x00 to 0x7F
// 10xxxxxx is a continuation byte of a multi-byte character
// 110xxxxx is the first byte of a 2-byte character (11 effective bits; values 0x 80 - 0x 800-1)
// 1110xxxx is the first byte of a 3-byte character (16 effective bits; values 0x 800 - 0x 10000-1)
// 11110xxx is the first byte of a 4-byte character (21 effective bits; values 0x 10000 - 0x 200000-1)
// 111110xx is the first byte of a 5-byte character (26 effective bits; values 0x 200000 - 0x 4000000-1)
// 1111110x is the first byte of a 6-byte character (31 effective bits; values 0x4000000 - 0x80000000-1)
//
// UTF-16 surrogate pairs are used in UTF-16 to encode values larger than 0xFFFF.
// Although UTF-16 surrogate pairs are not supposed to appear in legal UTF-8, we want to be defensive
// about that too. (See <http://www.unicode.org/faq/utf_bom.html#34>, "What are surrogates?")
// The first of pair is a UTF-16 value in the range 0xD800-0xDBFF (11101101 1010xxxx 10xxxxxx in UTF-8),
// and the second is a UTF-16 value in the range 0xDC00-0xDFFF (11101101 1011xxxx 10xxxxxx in UTF-8).
{
{
while (length > 0)
{
// Check if the byte right after the chop point is a UTF-8 continuation byte,
// or if the character right after the chop point is the second of a UTF-16 surrogate pair.
// If so, then we continue to chop more bytes until we get to a legal chop point.
if (!continuation && !secondsurrogate) break;
}
// Having truncated characters off the end of our string, also cut off any residual white space
}
return(length);
}
// Returns true if a rich text label ends in " (nnn)", or if an RFC 1034
// name ends in "-nnn", where n is some decimal number.
{
if (RichText)
{
l--;
}
else
{
l--;
return (name->c[l] == '-');
}
}
// removes an auto-generated suffix (appended on a name collision) from a label. caller is
// responsible for ensuring that the label does indeed contain a suffix. returns the number
// from the suffix that was removed.
{
// Chop closing parentheses from RichText suffix
// Get any existing numerical suffix off the name
// Chop opening parentheses or dash from suffix
if (RichText)
{
}
else
{
}
return(val);
}
// appends a numerical suffix to a label, with the number following a whitespace and enclosed
// in parentheses (rich text) or following two consecutive hyphens (RFC 1034 domain label).
{
// Truncate trailing spaces from RichText names
while (divisor)
{
divisor /= 10;
}
}
{
// If no existing suffix, start by renaming "Foo" as "Foo (2)" or "Foo-2" as appropriate.
// If existing suffix in the range 2-9, increment it.
// If we've had ten conflicts already, there are probably too many hosts trying to use the same name,
// so add a random increment to improve the chances of finding an available name next time.
}
// ***************************************************************************
#pragma mark -
#endif
// Set up a AuthRecord with sensible default values.
// These defaults may be overwritten with new values before mDNS_Register is called
mDNSexport void mDNS_SetupResourceRecord(AuthRecord *rr, RData *RDataStorage, mDNSInterfaceID InterfaceID,
mDNSu16 rrtype, mDNSu32 ttl, mDNSu8 RecordType, AuthRecType artype, mDNSRecordCallback Callback, void *Context)
{
//
// LocalOnly auth record can be created with LocalOnly InterfaceID or a valid InterfaceID.
// Most of the applications normally create with LocalOnly InterfaceID and we store them as
// such, so that we can deliver the response to questions that specify LocalOnly InterfaceID.
// LocalOnly resource records can also be created with valid InterfaceID which happens today
{
LogMsg("mDNS_SetupResourceRecord: ERROR!! Mismatch LocalOnly record InterfaceID %p called with artype %d", InterfaceID, artype);
return;
}
{
LogMsg("mDNS_SetupResourceRecord: ERROR!! Mismatch P2P record InterfaceID %p called with artype %d", InterfaceID, artype);
return;
}
{
LogMsg("mDNS_SetupResourceRecord: ERROR!! Mismatch InterfaceAny record InterfaceID %p called with artype %d", InterfaceID, artype);
return;
}
// Don't try to store a TTL bigger than we can represent in platform time units
else if (ttl == 0) // And Zero TTL is illegal
// Field Group 1: The actual information pertaining to this resource record
// rr->resrec.rdestimate = set in mDNS_Register_internal
// rr->resrec.rdata = MUST be set by client
if (RDataStorage)
else
{
}
// Field Group 2: Persistent metadata for Authoritative Records
rr->TimeExpire = 0;
// Field Group 3: Transient state for Authoritative Records (set in mDNS_Register_internal)
// Field Group 4: Transient uDNS state for Authoritative Records (set in mDNS_Register_internal)
// For now, until the uDNS code is fully integrated, it's helpful to zero the uDNS state fields here too, just in case
// (e.g. uDNS_RegisterService short-circuits the usual mDNS_Register_internal record registration calls, so a bunch
// of fields don't get set up properly. In particular, if we don't zero rr->QueuedRData then the uDNS code crashes.)
rr->InFlightRData = 0;
rr->InFlightRDLen = 0;
rr->QueuedRData = 0;
rr->QueuedRDLen = 0;
}
mDNSexport void mDNS_SetupQuestion(DNSQuestion *const q, const mDNSInterfaceID InterfaceID, const domainname *const name,
{
q->InterfaceID = InterfaceID;
q->flags = 0;
q->qclass = kDNSClass_IN;
q->ForceMCast = mDNSfalse;
q->ReturnIntermed = mDNSfalse;
q->SuppressUnusable = mDNSfalse;
q->DenyOnCellInterface = mDNSfalse;
q->DenyOnExpInterface = mDNSfalse;
q->SearchListIndex = 0;
q->AppendSearchDomains = 0;
q->TimeoutQuestion = 0;
q->WakeOnResolve = 0;
q->ValidationRequired = 0;
q->ValidatingResponse = 0;
q->ProxyQuestion = 0;
q->pid = mDNSPlatformGetPID();
q->euid = 0;
q->DisallowPID = mDNSfalse;
q->ServiceID = -1;
q->QuestionCallback = callback;
q->QuestionContext = context;
}
{
{
case kDNSType_NS:
case kDNSType_MD:
case kDNSType_MF:
case kDNSType_CNAME:
case kDNSType_MB:
case kDNSType_MG:
case kDNSType_MR:
case kDNSType_PTR:
case kDNSType_NSAP_PTR:
case kDNSType_MX:
case kDNSType_AFSDB:
case kDNSType_RT:
case kDNSType_MINFO:
case kDNSType_PX: return DomainNameHashValue(&rdb->px.map822) + DomainNameHashValue(&rdb->px.mapx400);
case kDNSType_OPT: return 0; // OPT is a pseudo-RR container structure; makes no sense to compare
case kDNSType_NSEC: {
int dlen;
/* FALLTHROUGH */
}
default:
{
int i;
{
}
if (i < len)
{
}
return(sum);
}
}
}
// r1 has to be a full ResourceRecord including rrtype and rdlength
// r2 is just a bare RDataBody, which MUST be the same rrtype and rdlength as r1
mDNSexport mDNSBool SameRDataBody(const ResourceRecord *const r1, const RDataBody *const r2, DomainNameComparisonFn *samename)
{
{
case kDNSType_NS:
case kDNSType_MD:
case kDNSType_MF:
case kDNSType_CNAME:
case kDNSType_MB:
case kDNSType_MG:
case kDNSType_MR:
case kDNSType_PTR:
case kDNSType_NSAP_PTR:
case kDNSType_MX:
case kDNSType_AFSDB:
case kDNSType_RT:
case kDNSType_MINFO:
case kDNSType_OPT: return mDNSfalse; // OPT is a pseudo-RR container structure; makes no sense to compare
case kDNSType_NSEC: {
// If the "nxt" name changes in case, we want to delete the old
// and store just the new one. If the caller passes in SameDomainCS for "samename",
// we would return "false" when the only change between the two rdata is the case
// change in "nxt".
//
// Note: rdlength of both the RData are same (ensured by the caller) and hence we can
// use just r1->rdlength below
}
}
}
{
int wintype;
// The window that this type belongs to. NSEC has 256 windows that
// comprises of 256 types.
while (bitmaplen > 0)
{
if (bitmaplen < 3)
{
return mDNSfalse;
}
bitmaplen -= 2;
{
return mDNSfalse;
}
{
return mDNSfalse;
}
{
// First byte in the window serves 0 to 7, the next one serves 8 to 15 and so on.
// Calculate the right byte offset first.
return mDNSfalse;
// The last three bits values 0 to 7 corresponds to bit positions
// within the byte.
}
else
{
// If the windows are ordered, then we could check to see
// if wintype > win and then return early.
}
}
return mDNSfalse;
}
// Don't call this function if the resource record is not NSEC. It will return false
// which means that the type does not exist.
{
}
// Don't call this function if the resource record is not NSEC. It will return false
// which means that the type exists.
{
}
// Checks whether the RRSIG or NSEC record answers the question "q".
mDNSlocal mDNSBool DNSSECRecordAnswersQuestion(const ResourceRecord *const rr, const DNSQuestion *const q, mDNSBool *checkType)
{
// This function is called for all questions and as long as the type matches,
// return true. For the types (RRSIG and NSEC) that are specifically checked in
// this function, returning true still holds good.
return mDNStrue;
// For DS and DNSKEY questions, the types should match i.e., don't answer using CNAME
// records as it answers any question type.
//
// - DS record comes from the parent zone where CNAME record cannot coexist and hence
// cannot possibly answer it.
//
// - For DNSKEY, one could potentially follow CNAME but there could be a DNSKEY at
// the "qname" itself. To keep it simple, we don't follow CNAME.
{
debugf("DNSSECRecordAnswersQuestion: %d type resource record matched question %##s (%s), ignoring", rr->rrtype,
return mDNSfalse;
}
// If we are validating a response using DNSSEC, we might already have the records
// for the "q->qtype" in the cache but we issued a query with DO bit set
// to get the RRSIGs e.g., if you have two questions one of which does not require
// DNSSEC validation. When the RRSIG is added to the cache, we need to deliver
// the response to the question. The RRSIG type won't match the q->qtype and hence
// we need to bypass the check in that case.
{
{
DNSTypeName(q->qtype));
return mDNSfalse;
}
DNSTypeName(q->qtype));
return mDNStrue;
}
// If the NSEC record asserts the non-existence of a name looked up by the question, we would
// typically answer that e.g., the bitmap asserts that q->qtype does not exist. If we have
// to prove the non-existence as required by ValidatingResponse and ValidationRequired question,
// then we should not answer that as it may not be the right one always. We may need more than
// one NSEC to prove the non-existence.
{
return mDNSfalse;
}
return mDNStrue;
}
// ResourceRecordAnswersQuestion returns mDNStrue if the given resource record is a valid answer to the given question.
// SameNameRecordAnswersQuestion is the same, except it skips the expensive SameDomainName() call.
// SameDomainName() is generally cheap when the names don't match, but expensive when they do match,
// because it has to check all the way to the end of the names to be sure.
// In cases where we know in advance that the names match it's especially advantageous to skip the
// SameDomainName() call because that's precisely the time when it's most expensive and least useful.
mDNSexport mDNSBool SameNameRecordAnswersQuestion(const ResourceRecord *const rr, const DNSQuestion *const q)
{
// LocalOnly/P2P questions can be answered with AuthRecordAny in this function. LocalOnly/P2P records
// are handled in LocalOnlyRecordAnswersQuestion
{
LogMsg("SameNameRecordAnswersQuestion: ERROR!! called with LocalOnly ResourceRecord %p, Question %p", rr->InterfaceID, q->InterfaceID);
return mDNSfalse;
}
if (QuerySuppressed(q))
return mDNSfalse;
if (rr->InterfaceID &&
// Resource record received via unicast, the resolver group ID should match ?
if (!rr->InterfaceID)
{
}
// If ResourceRecord received via multicast, but question was unicast, then shouldn't use record to answer this question
// CNAME answers question of any type and a negative cache record should not prevent us from querying other
// valid types at the same name.
if (rr->rrtype == kDNSType_CNAME && rr->RecordType == kDNSRecordTypePacketNegative && rr->rrtype != q->qtype)
return mDNSfalse;
// RR type CNAME matches any query type. QTYPE ANY matches any RR type. QCLASS ANY matches any RR class.
if (!mDNSPlatformValidRecordForQuestion(rr, q))
return mDNSfalse;
#endif // APPLE_OSX_mDNSResponder
if (!AnonInfoAnswersQuestion(rr, q))
return mDNSfalse;
return(mDNStrue);
}
mDNSexport mDNSBool ResourceRecordAnswersQuestion(const ResourceRecord *const rr, const DNSQuestion *const q)
{
if (!SameNameRecordAnswersQuestion(rr, q))
return mDNSfalse;
}
// We have a separate function to handle LocalOnly AuthRecords because they can be created with
// multicast resource records (which has a valid InterfaceID) which can't be used to answer
// unicast questions. ResourceRecordAnswersQuestion/SameNameRecordAnswersQuestion can't tell whether
// a resource record is multicast or LocalOnly by just looking at the ResourceRecord because
// LocalOnly records are truly identified by ARType in the AuthRecord. As P2P and LocalOnly record
// are kept in the same hash table, we use the same function to make it easy for the callers when
//
mDNSexport mDNSBool LocalOnlyRecordAnswersQuestion(AuthRecord *const ar, const DNSQuestion *const q)
{
// mDNSInterface_Any questions can be answered with LocalOnly/P2P records in this function. AuthRecord_Any
// records are handled in ResourceRecordAnswersQuestion/SameNameRecordAnswersQuestion
{
LogMsg("LocalOnlyRecordAnswersQuestion: ERROR!! called with regular AuthRecordAny %##s", rr->name->c);
return mDNSfalse;
}
// Questions with mDNSInterface_LocalOnly InterfaceID should be answered with all resource records that are
// *local* to the machine. These include resource records that have InterfaceID set to mDNSInterface_LocalOnly,
// mDNSInterface_Any and any other real InterfaceID. Hence, LocalOnly questions should not be checked against
// the InterfaceID in the resource record.
//
// mDNSInterface_Unicast does not indicate any scope and hence treat them like mDNSInterface_Any.
if (rr->InterfaceID &&
q->InterfaceID && q->InterfaceID != mDNSInterface_LocalOnly && q->InterfaceID != mDNSInterface_Unicast &&
// may have a scope e.g., fe80::1%en0. The question may be scoped or not: the InterfaceID may be set
// to mDNSInterface_Any, mDNSInterface_LocalOnly or a real InterfaceID (scoped).
//
// 1) Question: Any, LocalOnly Record: no scope. This question should be answered with this record.
//
// 2) Question: Any, LocalOnly Record: scoped. This question should be answered with the record because
// traditionally applications never specify scope e.g., getaddrinfo, but need to be able
//
// 3) Question: Scoped (LocalOnly or InterfaceID), LocalOnly Record: no scope. This is the inverse of (2).
// If we register a LocalOnly record, we need to answer a LocalOnly question. If the /etc/hosts has a
// non scoped entry, it may not make sense to answer a scoped question. But we can't tell these two
// cases apart. As we currently answer LocalOnly question with LocalOnly record, we continue to do so.
//
// 4) Question: Scoped (LocalOnly or InterfaceID), LocalOnly Record: scoped. LocalOnly questions should be
// answered with any resource record where as if it has a valid InterfaceID, the scope should match.
//
// (1) and (2) is bypassed because we check for a non-NULL InterfaceID above. For (3), the InterfaceID is NULL
// and hence bypassed above. For (4) we bypassed LocalOnly questions and checked the scope of the record
// against the question.
//
// For P2P, InterfaceIDs of the question and the record should match.
// If ResourceRecord received via multicast, but question was unicast, then shouldn't use record to answer this question.
// LocalOnly authoritative answers are exempt. LocalOnly authoritative answers are used for /etc/host entries.
// We don't want a local process to be able to create a fake LocalOnly address record for "www.bigbank.com" which would then
// cause other applications (e.g. Safari) to connect to the wrong address. The rpc to register records filters out records
// with names that don't end in local and have mDNSInterface_LocalOnly set.
//
// Note: The check is bypassed for LocalOnly and for P2P it is not needed as only .local records are registered and for
// a question to match its names, it also has to end in .local and that question can't be a unicast question (See
// Question_uDNS macro and its usage). As P2P does not enforce .local only registrations we still make this check
// and also makes it future proof.
if (ar->ARType != AuthRecordLocalOnly && rr->InterfaceID && !mDNSOpaque16IsZero(q->TargetQID)) return(mDNSfalse);
// RR type CNAME matches any query type. QTYPE ANY matches any RR type. QCLASS ANY matches any RR class.
if (!AnonInfoAnswersQuestion(rr, q))
return mDNSfalse;
}
mDNSexport mDNSBool AnyTypeRecordAnswersQuestion(const ResourceRecord *const rr, const DNSQuestion *const q)
{
// LocalOnly/P2P questions can be answered with AuthRecordAny in this function. LocalOnly/P2P records
// are handled in LocalOnlyRecordAnswersQuestion
{
LogMsg("AnyTypeRecordAnswersQuestion: ERROR!! called with LocalOnly ResourceRecord %p, Question %p", rr->InterfaceID, q->InterfaceID);
return mDNSfalse;
}
if (rr->InterfaceID &&
// Resource record received via unicast, the resolver group ID should match ?
// Note that Auth Records are normally setup with NULL InterfaceID and
// both the DNSServers are assumed to be NULL in that case
if (!rr->InterfaceID)
{
}
// If ResourceRecord received via multicast, but question was unicast, then shouldn't use record to answer this question
if (!AnonInfoAnswersQuestion(rr, q))
return mDNSfalse;
}
// This is called with both unicast resource record and multicast resource record. The question that
// received the unicast response could be the regular unicast response from a DNS server or a response
// to a mDNS QU query. The main reason we need this function is that we can't compare DNSServers between the
// question and the resource record because the resource record is not completely initialized in
// mDNSCoreReceiveResponse when this function is called.
mDNSexport mDNSBool ResourceRecordAnswersUnicastResponse(const ResourceRecord *const rr, const DNSQuestion *const q)
{
if (QuerySuppressed(q))
return mDNSfalse;
// For resource records created using multicast, the InterfaceIDs have to match
if (rr->InterfaceID &&
// If ResourceRecord received via multicast, but question was unicast, then shouldn't use record to answer this question.
// RR type CNAME matches any query type. QTYPE ANY matches any RR type. QCLASS ANY matches any RR class.
}
{
if (rr->rrclass == kDNSQClass_ANY) return(rr->rdlength); // Used in update packets to mean "Delete An RRset" (RFC 2136)
{
case kDNSType_NS:
case kDNSType_CNAME:
case kDNSType_PTR:
5 * sizeof(mDNSOpaque32));
case kDNSType_NULL:
case kDNSType_TSIG:
case kDNSType_TXT:
case kDNSType_X25:
case kDNSType_ISDN:
case kDNSType_LOC:
case kDNSType_MX:
case kDNSType_AFSDB:
case kDNSType_RT:
case kDNSType_NSEC: {
//
if (UNICAST_NSEC(rr))
else
}
}
}
// When a local client registers (or updates) a record, we use this routine to do some simple validation checks
// to help reduce the risk of bogus malformed data on the network
mDNSexport mDNSBool ValidateRData(const mDNSu16 rrtype, const mDNSu16 rdlength, const RData *const rd)
{
switch(rrtype)
{
case kDNSType_NS: // Same as PTR
case kDNSType_MD: // Same as PTR
case kDNSType_MF: // Same as PTR
case kDNSType_CNAME: // Same as PTR
//case kDNSType_SOA not checked
case kDNSType_MB: // Same as PTR
case kDNSType_MG: // Same as PTR
case kDNSType_MR: // Same as PTR
//case kDNSType_NULL not checked (no specified format, so always valid)
//case kDNSType_WKS not checked
case kDNSType_HINFO: // Same as TXT (roughly)
case kDNSType_MINFO: // Same as TXT (roughly)
case kDNSType_TXT: if (!rdlength) return(mDNSfalse); // TXT record has to be at least one byte (RFC 1035)
{
}
case kDNSType_MX: // Must be at least two-byte preference, plus domainname
// Call to DomainNameLengthLimit() implicitly enforces both requirements for us
case kDNSType_SRV: // Must be at least priority+weight+port, plus domainname
// Call to DomainNameLengthLimit() implicitly enforces both requirements for us
//case kDNSType_NSEC not checked
default: return(mDNStrue); // Allow all other types without checking
}
}
// ***************************************************************************
#pragma mark -
#endif
{
h->numQuestions = 0;
h->numAnswers = 0;
h->numAuthorities = 0;
h->numAdditionals = 0;
}
mDNSexport const mDNSu8 *FindCompressionPointer(const mDNSu8 *const base, const mDNSu8 *const end, const mDNSu8 *const domname)
{
// This loop examines each possible starting position in packet, starting end of the packet and working backwards
{
// If the length byte and first character of the label match, then check further to see
// if this location in the packet will yield a useful name compression pointer.
{
{
// First see if this label matches
int i;
if (i <= *name) break; // If label did not match, bail out
if (*name == 0) break; // If no more labels to match, we failed, so bail out
// The label matched, so now follow the pointer (if appropriate) and then see if the next label matches
}
}
result--; // We failed to match at this search position, so back up the tentative result pointer and try again
}
return(mDNSNULL);
}
// Put a string of dot-separated labels as length-prefixed labels
// domainname is a fully-qualified name (i.e. assumed to be ending in a dot, even if it doesn't)
// msg points to the message we're building (pass mDNSNULL if we don't want to use compression pointers)
// end points to the end of the message so far
// ptr points to where we want to put the name
// limit points to one byte past the end of the buffer that we must not overrun
// domainname is the name to put
{
if (!*np) // If just writing one-byte root label, make sure we have space for that
{
}
{
do {
if (*np > MAX_DOMAIN_LABEL)
// This check correctly allows for the final trailing root label:
// e.g.
// Suppose our domain name is exactly 256 bytes long, including the final trailing root label.
// Suppose np is now at name->c[249], and we're about to write our last non-null label ("local").
// We know that max will be at name->c[256]
// That means that np + 1 + 5 == max - 1, so we (just) pass the "if" test below, write our
// six bytes, then exit the loop, write the final terminating root label, and the domain
// name we've written is exactly 256 bytes long, exactly at the correct legal limit.
// If the name is one byte longer, then we fail the "if" test below, and correctly bail out.
if (pointer) // Use a compression pointer if we can
{
return(ptr);
}
else // Else copy one label and try again
{
int i;
// If we don't at least have enough space for this label *plus* a terminating zero on the end, give up
}
} while (*np); // While we've got characters remaining in the name, continue
}
*ptr++ = 0; // Put the final root label
return(ptr);
}
{
return ptr + sizeof(mDNSOpaque16);
}
{
}
// Copy the RDATA information. The actual in memory storage for the data might be bigger than what the rdlength
// says. Hence, the only way to copy out the data from a resource record is to use putRData.
// msg points to the message we're building (pass mDNSNULL for "msg" if we don't want to use compression pointers)
mDNSexport mDNSu8 *putRData(const DNSMessage *const msg, mDNSu8 *ptr, const mDNSu8 *const limit, const ResourceRecord *const rr)
{
{
return(ptr);
case kDNSType_NS:
case kDNSType_CNAME:
case kDNSType_PTR:
return(ptr);
case kDNSType_NULL:
case kDNSType_HINFO:
case kDNSType_TSIG:
case kDNSType_TXT:
case kDNSType_X25:
case kDNSType_ISDN:
case kDNSType_LOC:
case kDNSType_MX:
case kDNSType_AFSDB:
case kDNSType_RT:
return(ptr);
return(ptr);
case kDNSType_OPT: {
int len = 0;
{
LogMsg("ERROR: putOptRData - out of space");
return mDNSNULL;
}
{
{
case kDNSOpt_LLQ:
ptr += 8;
break;
case kDNSOpt_Lease:
break;
case kDNSOpt_Owner:
ptr += 6;
if (space >= DNSOpt_OwnerData_ID_Wake_Space)
{
ptr += 6;
{
}
}
break;
case kDNSOpt_Trace:
break;
}
}
return ptr;
}
case kDNSType_NSEC: {
// For NSEC records, rdlength represents the exact number of bytes
// of in memory storage.
// This function is called when we are sending a NSEC record as part of mDNS,
// or to copy the data to any other buffer needed which could be a mDNS or uDNS
// NSEC record. The only time compression is used that when we are sending it
// in mDNS (indicated by non-NULL "msg") and hence we handle mDNS case
// separately.
if (!UNICAST_NSEC(rr))
{
int i, j, wlen;
// For our simplified use of NSEC synthetic records:
//
// nextname is always the record's own name,
// the block number is always 0,
// the count byte is a value in the range 1-32,
// followed by the 1-32 data bytes
//
// Note: When we send the NSEC record in mDNS, the window size is set to 32.
// We need to find out what the last non-NULL byte is. If we are copying out
// from an RDATA, we have the right length. As we need to handle both the case,
// we loop to find the right value instead of blindly using len to copy.
if (!ptr) { LogInfo("putRData: Can't put name, Length %d, record %##s", limit - save, rr->name->c); return(mDNSNULL); }
if (i) // Only put a block if at least one type exists for this name
{
if (ptr + 2 + i > limit) { LogInfo("putRData: Can't put window, Length %d, i %d, record %##s", limit - ptr, i, rr->name->c); return(mDNSNULL); }
*ptr++ = 0;
}
return ptr;
}
else
{
// Sanity check whether the bitmap is good
while (len)
{
if (len < 3)
len -= 2;
}
if (ptr + rr->rdlength > limit) { LogMsg("putRData: NSEC rdlength beyond limit %##s (%s), ptr %p, rdlength %d, limit %p", rr->name->c, DNSTypeName(rr->rrtype), ptr, rr->rdlength, limit); return(mDNSNULL);}
// No compression allowed for "nxt", just copy the data.
}
}
}
}
#define IsUnicastUpdate(X) (!mDNSOpaque16IsZero((X)->h.id) && ((X)->h.flags.b[0] & kDNSFlag0_OP_Mask) == kDNSFlag0_OP_Update)
mDNSexport mDNSu8 *PutResourceRecordTTLWithLimit(DNSMessage *const msg, mDNSu8 *ptr, mDNSu16 *count, ResourceRecord *rr, mDNSu32 ttl, const mDNSu8 *limit)
{
// When sending SRV to conventional DNS server (i.e. in DNS update requests) we should not do name compression on the rdata (RFC 2782)
const DNSMessage *const rdatacompressionbase = (IsUnicastUpdate(msg) && rr->rrtype == kDNSType_SRV) ? mDNSNULL : msg;
{
LogMsg("PutResourceRecordTTLWithLimit ERROR! Attempt to put kDNSRecordTypeUnregistered %##s (%s)", rr->name->c, DNSTypeName(rr->rrtype));
return(ptr);
}
if (!ptr)
{
LogMsg("PutResourceRecordTTLWithLimit ptr is null %##s (%s)", rr->name->c, DNSTypeName(rr->rrtype));
return(mDNSNULL);
}
// If we're out-of-space, return mDNSNULL
{
LogInfo("PutResourceRecordTTLWithLimit: can't put name, out of space %##s (%s), ptr %p, limit %p", rr->name->c,
return(mDNSNULL);
}
// ptr[8] and ptr[9] filled in *after* we find out how much space the rdata takes
if (!endofrdata)
{
LogInfo("PutResourceRecordTTLWithLimit: Ran out of space in PutResourceRecord for %##s (%s), ptr %p, limit %p", rr->name->c,
return(mDNSNULL);
}
// Go back and fill in the actual number of data bytes we wrote
// (actualLength can be less than rdlength when domain name compression is used)
else LogMsg("PutResourceRecordTTL: ERROR: No target count to update for %##s (%s)", rr->name->c, DNSTypeName(rr->rrtype));
return(endofrdata);
}
mDNSlocal mDNSu8 *putEmptyResourceRecord(DNSMessage *const msg, mDNSu8 *ptr, const mDNSu8 *const limit, mDNSu16 *count, const AuthRecord *rr)
{
(*count)++;
return(ptr + 10);
}
mDNSexport mDNSu8 *putQuestion(DNSMessage *const msg, mDNSu8 *ptr, const mDNSu8 *const limit, const domainname *const name, mDNSu16 rrtype, mDNSu16 rrclass)
{
msg->h.numQuestions++;
return(ptr+4);
}
// for dynamic updates
mDNSexport mDNSu8 *putZone(DNSMessage *const msg, mDNSu8 *ptr, mDNSu8 *limit, const domainname *zone, mDNSOpaque16 zoneClass)
{
msg->h.mDNS_numZones++;
return ptr;
}
// for dynamic updates
mDNSexport mDNSu8 *putPrereqNameNotInUse(const domainname *const name, DNSMessage *const msg, mDNSu8 *const ptr, mDNSu8 *const end)
{
mDNS_SetupResourceRecord(&prereq, mDNSNULL, mDNSInterface_Any, kDNSQType_ANY, kStandardTTL, 0, AuthRecordAny, mDNSNULL, mDNSNULL);
}
// for dynamic updates
{
// deletion: specify record w/ TTL 0, class NONE
return ptr;
}
// for dynamic updates
mDNSexport mDNSu8 *putDeletionRecordWithLimit(DNSMessage *msg, mDNSu8 *ptr, ResourceRecord *rr, mDNSu8 *limit)
{
// deletion: specify record w/ TTL 0, class NONE
return ptr;
}
mDNSexport mDNSu8 *putDeleteRRSetWithLimit(DNSMessage *msg, mDNSu8 *ptr, const domainname *name, mDNSu16 rrtype, mDNSu8 *limit)
{
msg->h.mDNS_numUpdates++;
return ptr + 10;
}
// for dynamic updates
{
msg->h.mDNS_numUpdates++;
return ptr + 10;
}
// for dynamic updates
{
mDNS_SetupResourceRecord(&rr, mDNSNULL, mDNSInterface_Any, kDNSType_OPT, kStandardTTL, kDNSRecordTypeKnownUnique, AuthRecordAny, mDNSNULL, mDNSNULL);
return ptr;
}
// for dynamic updates
mDNSexport mDNSu8 *putUpdateLeaseWithLimit(DNSMessage *msg, mDNSu8 *ptr, mDNSu32 lease, mDNSu8 *limit)
{
mDNS_SetupResourceRecord(&rr, mDNSNULL, mDNSInterface_Any, kDNSType_OPT, kStandardTTL, kDNSRecordTypeKnownUnique, AuthRecordAny, mDNSNULL, mDNSNULL);
if (!ptr) { LogMsg("ERROR: putUpdateLeaseWithLimit - PutResourceRecordTTLWithLimit"); return mDNSNULL; }
return ptr;
}
{
mDNS_SetupResourceRecord(&rr, mDNSNULL, mDNSInterface_Any, kDNSType_OPT, kStandardTTL, kDNSRecordTypeKnownUnique, AuthRecordAny, mDNSNULL, mDNSNULL);
// It is still not clear what the right size is. We will have to fine tune this once we do
// a lot of testing with DNSSEC.
// set the DO bit
ttl |= 0x8000;
return end;
}
mDNSexport mDNSu8 *putHINFO(const mDNS *const m, DNSMessage *const msg, mDNSu8 *end, DomainAuthInfo *authInfo, mDNSu8 *limit)
{
{
mDNS_SetupResourceRecord(&hinfo, mDNSNULL, mDNSInterface_Any, kDNSType_HINFO, 0, kDNSRecordTypeUnique, AuthRecordAny, mDNSNULL, mDNSNULL);
h += 1 + (int)h[0];
return newptr;
}
else
return end;
}
// ***************************************************************************
#pragma mark -
#endif
{
const mDNSu8 *c;
{
}
return(sum);
}
{
if (NewRData)
{
}
// Must not try to get target pointer until after updating rr->rdata
}
mDNSexport const mDNSu8 *skipDomainName(const DNSMessage *const msg, const mDNSu8 *ptr, const mDNSu8 *const end)
{
while (1) // Read sequence of labels
{
switch (len & 0xC0)
{
if (total + 1 + len >= MAX_DOMAIN_NAME) // Remember: expect at least one more byte for the root label
break;
case 0x40: debugf("skipDomainName: Extended EDNS0 label types 0x%X not supported", len); return(mDNSNULL);
}
}
}
// Routine to fetch an FQDN from the DNS message, following compression pointers if necessary.
mDNSexport const mDNSu8 *getDomainName(const DNSMessage *const msg, const mDNSu8 *ptr, const mDNSu8 *const end,
domainname *const name)
{
*np = 0; // Tentatively place the root label here (may be overwritten if we have more labels)
while (1) // Read sequence of labels
{
if (len == 0) break; // If length is zero, that means this name is complete
switch (len & 0xC0)
{
int i;
*np = 0; // Tentatively place the root label here (may be overwritten if we have more labels)
break;
case 0x40: debugf("getDomainName: Extended EDNS0 label types 0x%X not supported in name %##s", len, name->c);
return(mDNSNULL);
case 0x80: debugf("getDomainName: Illegal label length 0x%X in domain name %##s", len, name->c); return(mDNSNULL);
{ debugf("getDomainName: Illegal compression pointer not within packet boundaries"); return(mDNSNULL); }
if (*ptr & 0xC0)
break;
}
}
else return(ptr);
}
mDNSexport const mDNSu8 *skipResourceRecord(const DNSMessage *msg, const mDNSu8 *ptr, const mDNSu8 *end)
{
if (ptr + 10 > end) { debugf("skipResourceRecord: Malformed RR -- no type/class/ttl/len!"); return(mDNSNULL); }
ptr += 10;
if (ptr + pktrdlength > end) { debugf("skipResourceRecord: RDATA exceeds end of packet"); return(mDNSNULL); }
return(ptr + pktrdlength);
}
{
{
if (len < 3)
{
return mDNSNULL;
}
len -= 2;
{
return mDNSNULL;
}
{
return mDNSNULL;
}
}
}
// This function is called with "msg" when we receive a DNS message and needs to parse a single resource record
// pointed to by "ptr". Some resource records like SOA, SRV are converted to host order and also expanded
// (domainnames are expanded to 255 bytes) when stored in memory.
//
// This function can also be called with "NULL" msg to parse a single resource record pointed to by ptr.
// The caller can do this only if the names in the resource records are compressed and validity of the
// resource record has already been done before. DNSSEC currently uses it this way.
{
{
case kDNSType_A:
if (rdlength != sizeof(mDNSv4Addr))
goto fail;
break;
case kDNSType_NS:
case kDNSType_MD:
case kDNSType_MF:
case kDNSType_CNAME:
case kDNSType_MB:
case kDNSType_MG:
case kDNSType_MR:
case kDNSType_PTR:
case kDNSType_NSAP_PTR:
case kDNSType_DNAME:
if (msg)
{
}
else
{
}
{
goto fail;
}
break;
case kDNSType_SOA:
if (msg)
{
}
else
{
}
if (!ptr)
{
debugf("SetRData: Malformed SOA RDATA mname");
goto fail;
}
if (msg)
{
}
else
{
}
if (!ptr)
{
debugf("SetRData: Malformed SOA RDATA rname");
goto fail;
}
{
debugf("SetRData: Malformed SOA RDATA");
goto fail;
}
rdb->soa.serial = (mDNSs32) ((mDNSs32)ptr[0x00] << 24 | (mDNSs32)ptr[0x01] << 16 | (mDNSs32)ptr[0x02] << 8 | ptr[0x03]);
rdb->soa.refresh = (mDNSu32) ((mDNSu32)ptr[0x04] << 24 | (mDNSu32)ptr[0x05] << 16 | (mDNSu32)ptr[0x06] << 8 | ptr[0x07]);
rdb->soa.retry = (mDNSu32) ((mDNSu32)ptr[0x08] << 24 | (mDNSu32)ptr[0x09] << 16 | (mDNSu32)ptr[0x0A] << 8 | ptr[0x0B]);
rdb->soa.expire = (mDNSu32) ((mDNSu32)ptr[0x0C] << 24 | (mDNSu32)ptr[0x0D] << 16 | (mDNSu32)ptr[0x0E] << 8 | ptr[0x0F]);
rdb->soa.min = (mDNSu32) ((mDNSu32)ptr[0x10] << 24 | (mDNSu32)ptr[0x11] << 16 | (mDNSu32)ptr[0x12] << 8 | ptr[0x13]);
break;
case kDNSType_NULL:
case kDNSType_HINFO:
case kDNSType_TXT:
case kDNSType_X25:
case kDNSType_ISDN:
case kDNSType_LOC:
case kDNSType_DHCID:
break;
case kDNSType_MX:
case kDNSType_AFSDB:
case kDNSType_RT:
case kDNSType_KX:
// Preference + domainname
if (rdlength < 3)
goto fail;
ptr += 2;
if (msg)
{
}
else
{
}
{
debugf("SetRData: Malformed MX name");
goto fail;
}
break;
case kDNSType_MINFO:
case kDNSType_RP:
// Domainname + domainname
if (msg)
{
}
else
{
}
if (!ptr)
{
debugf("SetRData: Malformed RP mbox");
goto fail;
}
if (msg)
{
}
else
{
}
{
debugf("SetRData: Malformed RP txt");
goto fail;
}
break;
case kDNSType_PX:
// Preference + domainname + domainname
if (rdlength < 4)
goto fail;
ptr += 2;
if (msg)
{
}
else
{
}
if (!ptr)
{
debugf("SetRData: Malformed PX map822");
goto fail;
}
if (msg)
{
}
else
{
}
{
debugf("SetRData: Malformed PX mapx400");
goto fail;
}
break;
case kDNSType_AAAA:
if (rdlength != sizeof(mDNSv6Addr))
goto fail;
break;
case kDNSType_SRV:
// Priority + weight + port + domainname
if (rdlength < 7)
goto fail;
ptr += 6;
if (msg)
{
}
else
{
}
{
debugf("SetRData: Malformed SRV RDATA name");
goto fail;
}
break;
case kDNSType_NAPTR:
{
// Make sure the data is parseable and within the limits. DNSSEC code looks at
// the domain name in the end for a valid domainname.
//
// Fixed length: Order, preference (4 bytes)
// Variable length: flags, service, regexp, domainname
if (rdlength < 8)
goto fail;
// Order, preference.
ptr += 4;
// Parse flags, Service and Regexp
// length in the first byte does not include the length byte itself
{
LogInfo("SetRData: Malformed NAPTR flags");
goto fail;
}
// Service
{
LogInfo("SetRData: Malformed NAPTR service");
goto fail;
}
// Regexp
{
LogInfo("SetRData: Malformed NAPTR regexp");
goto fail;
}
// RFC 2915 states that name compression is not allowed for this field. But RFC 3597
// states that for NAPTR we should decompress. We make sure that we store the full
// name rather than the compressed name
if (msg)
{
}
else
{
}
{
LogInfo("SetRData: Malformed NAPTR RDATA name");
goto fail;
}
// The uncompressed size should not exceed the limits
{
LogInfo("SetRData: Malformed NAPTR rdlength %d, rr->resrec.rdlength %d, "
goto fail;
}
break;
}
case kDNSType_OPT: {
{
ptr += 4;
{
case kDNSOpt_LLQ:
{
opt->u.llq.llqlease = (mDNSu32) ((mDNSu32)ptr[14] << 24 | (mDNSu32)ptr[15] << 16 | (mDNSu32)ptr[16] << 8 | ptr[17]);
opt++;
}
break;
case kDNSOpt_Lease:
{
opt->u.updatelease = (mDNSu32) ((mDNSu32)ptr[0] << 24 | (mDNSu32)ptr[1] << 16 | (mDNSu32)ptr[2] << 8 | ptr[3]);
opt++;
}
break;
case kDNSOpt_Owner:
{
{
// This mDNSPlatformMemCopy is safe because the ValidOwnerLength(opt->optlen) check above
// ensures that opt->optlen is no more than DNSOpt_OwnerData_ID_Wake_PW6_Space - 4
mDNSPlatformMemCopy(opt->u.owner.password.b, ptr+14, opt->optlen - (DNSOpt_OwnerData_ID_Wake_Space-4));
}
opt++;
}
break;
case kDNSOpt_Trace:
{
opt->u.tracer.mDNSv = (mDNSu32) ((mDNSu32)ptr[1] << 24 | (mDNSu32)ptr[2] << 16 | (mDNSu32)ptr[3] << 8 | ptr[4]);
opt++;
}
else
{
opt++;
}
break;
}
}
break;
}
case kDNSType_NSEC: {
if (msg)
{
}
else
{
}
if (!ptr)
{
LogInfo("SetRData: Malformed NSEC nextname");
goto fail;
}
// Multicast NSECs use name compression for this field unlike the unicast case which
// does not use compression. And multicast case always succeeds in compression. So,
// the rdlength includes only the compressed space in that case. So, can't
// use the DomainNameLength of name to reduce the length here.
if (!ptr)
goto fail;
{
LogInfo("SetRData: Malformed NSEC length not right");
goto fail;
}
// Initialize the right length here. When we call SetNewRData below which in turn calls
// GetRDLength and for NSEC case, it assumes that rdlength is intitialized
// Do we have space after the name expansion ?
{
LogInfo("SetRData: Malformed NSEC rdlength %d, rr->resrec.rdlength %d, "
goto fail;
}
break;
}
case kDNSType_NSEC3:
{
{
goto fail;
}
{
goto fail;
}
{
goto fail;
}
p += nsec3->saltLength;
// There should at least be one byte beyond saltLength
if (p >= end)
{
goto fail;
}
// p is pointing at hashLength
hashLength = (int)*p++;
if (!hashLength)
{
LogInfo("SetRData: hashLength zero");
goto fail;
}
p += hashLength;
if (p > end)
{
goto fail;
}
if (!p)
goto fail;
break;
}
case kDNSType_TKEY:
case kDNSType_TSIG:
{
// The name should not be compressed. But we take the conservative approach
// and uncompress the name before we store it.
if (msg)
{
}
else
{
}
if (!ptr)
{
goto fail;
}
break;
}
case kDNSType_RRSIG:
{
{
goto fail;
}
if (msg)
{
}
else
{
}
if (!sig)
{
LogInfo("SetRData: Malformed RRSIG record");
goto fail;
}
{
LogInfo("SetRData: Malformed RRSIG record, signer name compression");
goto fail;
}
// Just ensure that we have at least one byte of the signature
{
goto fail;
}
break;
}
case kDNSType_DNSKEY:
{
{
goto fail;
}
break;
}
case kDNSType_DS:
{
{
goto fail;
}
break;
}
default:
debugf("SetRData: Warning! Reading resource type %d (%s) as opaque data",
// Note: Just because we don't understand the record type, that doesn't
// mean we fail. The DNS protocol specifies rdlength, so we can
// safely skip over unknown records and ignore them.
// We also grab a binary copy of the rdata anyway, since the caller
// might know how to interpret it even if we don't.
break;
}
return mDNStrue;
fail:
return mDNSfalse;
}
mDNSexport const mDNSu8 *GetLargeResourceRecord(mDNS *const m, const DNSMessage *const msg, const mDNSu8 *ptr,
const mDNSu8 *end, const mDNSInterfaceID InterfaceID, mDNSu8 RecordType, LargeCacheRecord *const largecr)
{
LogFatalError("GetLargeResourceRecord: m->rec appears to be already in use for %s", CRDisplayString(m, &m->rec.r));
rr->DelayDelivery = 0;
rr->NextRequiredQuery = m ? m->timenow : 0; // Will be updated to the real value when we call SetNextCacheCheckTimeForRecord()
rr->UnansweredQueries = 0;
rr->LastUnansweredTime= 0;
rr->MPUnansweredQ = 0;
rr->MPLastUnansweredQT= 0;
rr->MPUnansweredKA = 0;
#endif
ptr = getDomainName(msg, ptr, end, &largecr->namestorage); // Will bail out correctly if ptr is NULL
if (ptr + 10 > end) { debugf("GetLargeResourceRecord: Malformed RR -- no type/class/ttl/len!"); return(mDNSNULL); }
rr->resrec.rroriginalttl = (mDNSu32) ((mDNSu32)ptr[4] << 24 | (mDNSu32)ptr[5] << 16 | (mDNSu32)ptr[6] << 8 | ptr[7]);
if (rr->resrec.rroriginalttl > 0x70000000UL / mDNSPlatformOneSecond && (mDNSs32)rr->resrec.rroriginalttl != -1)
// Note: We don't have to adjust m->NextCacheCheck here -- this is just getting a record into memory for
// us to look at. If we decide to copy it into the cache, then we'll update m->NextCacheCheck accordingly.
// If mDNS record has cache-flush bit set, we mark it unique
// For uDNS records, all are implicitly deemed unique (a single DNS server is always
// authoritative for the entire RRSet), unless this is a truncated response
ptr += 10;
if (ptr + pktrdlength > end) { debugf("GetLargeResourceRecord: RDATA exceeds end of packet"); return(mDNSNULL); }
if (pktrdlength > MaximumRDSize)
{
LogInfo("GetLargeResourceRecord: %s rdata size (%d) exceeds storage (%d)",
goto fail;
}
// IMPORTANT: Any record type we understand and unpack into a structure containing domainnames needs to have corresponding
// cases in SameRDataBody() and RDataHashValue() to do a semantic comparison (or checksum) of the structure instead of a blind
// bitwise memory compare (or sum). This is because a domainname is a fixed size structure holding variable-length data.
// Any bytes past the logical end of the name are undefined, and a blind bitwise memory compare may indicate that
// two domainnames are different when semantically they are the same name and it's only the unused bytes that differ.
if (rr->resrec.rrclass == kDNSQClass_ANY && pktrdlength == 0) // Used in update packets to mean "Delete An RRset" (RFC 2136)
goto fail;
// Success! Now fill in RecordType to show this record contains valid data
return(end);
fail:
// If we were unable to parse the rdata in this record, we indicate that by
// returing a 'kDNSRecordTypePacketNegative' record with rdlength set to zero
return(end);
}
{
if (!ptr) { debugf("skipQuestion: Malformed domain name in DNS question section"); return(mDNSNULL); }
if (ptr+4 > end) { debugf("skipQuestion: Malformed DNS question section -- no query type and class!"); return(mDNSNULL); }
return(ptr+4);
}
mDNSexport const mDNSu8 *getQuestion(const DNSMessage *msg, const mDNSu8 *ptr, const mDNSu8 *end, const mDNSInterfaceID InterfaceID,
{
if (!InterfaceID) question->TargetQID = onesID; // In DNSQuestions we use TargetQID as the indicator of whether it's unicast or multicast
if (ptr+4 > end) { debugf("Malformed DNS question section -- no query type and class!"); return(mDNSNULL); }
return(ptr+4);
}
{
int i;
return(ptr);
}
{
int i;
return(ptr);
}
{
int i;
return (ptr);
}
mDNSexport const mDNSu8 *LocateOptRR(const DNSMessage *const msg, const mDNSu8 *const end, int minsize)
{
int i;
// Locate the OPT record.
// According to RFC 2671, "One OPT pseudo-RR can be added to the additional data section of either a request or a response."
// This implies that there may be *at most* one OPT record per DNS message, in the Additional Section,
// but not necessarily the *last* entry in the Additional Section.
{
ptr[0] == 0 && // Name must be root label
return(ptr);
else
}
return(mDNSNULL);
}
// On success, GetLLQOptData returns pointer to storage within shared "m->rec";
// it is caller's responsibilty to clear m->rec.r.resrec.RecordType after use
// Note: An OPT RDataBody actually contains one or more variable-length rdataOPT objects packed together
// The code that currently calls this assumes there's only one, instead of iterating through the set
mDNSexport const rdataOPT *GetLLQOptData(mDNS *const m, const DNSMessage *const msg, const mDNSu8 *const end)
{
if (ptr)
{
if (ptr && m->rec.r.resrec.RecordType != kDNSRecordTypePacketNegative) return(&m->rec.r.resrec.rdata->u.opt[0]);
}
return(mDNSNULL);
}
// Get the lease life of records in a dynamic update
// returns 0 on error or if no lease present
{
if (ptr && m->rec.r.resrec.rdlength >= DNSOpt_LeaseData_Space && m->rec.r.resrec.rdata->u.opt[0].opt == kDNSOpt_Lease)
return(result);
}
mDNSlocal const mDNSu8 *DumpRecords(mDNS *const m, const DNSMessage *const msg, const mDNSu8 *ptr, const mDNSu8 *const end, int count, char *label)
{
int i;
{
// This puts a LargeCacheRecord on the stack instead of using the shared m->rec storage,
// but since it's only used for debugging (and probably only on OS X, not on
// embedded systems) putting a 9kB object on the stack isn't a big problem.
ptr = GetLargeResourceRecord(m, msg, ptr, end, mDNSInterface_Any, kDNSRecordTypePacketAns, &largecr);
if (ptr) LogMsg("%2d TTL%8d %s", i, largecr.r.resrec.rroriginalttl, CRDisplayString(m, &largecr.r));
}
return(ptr);
}
#define DNS_OP_Name(X) ( \
(X) == kDNSFlag0_OP_StdQuery ? "" : \
(X) == kDNSFlag0_OP_Iquery ? "Iquery " : \
(X) == kDNSFlag0_OP_Status ? "Status " : \
(X) == kDNSFlag0_OP_Unused3 ? "Unused3 " : \
(X) == kDNSFlag0_OP_Notify ? "Notify " : \
#define DNS_RC_Name(X) ( \
(X) == kDNSFlag1_RC_NoErr ? "NoErr" : \
(X) == kDNSFlag1_RC_FormErr ? "FormErr" : \
(X) == kDNSFlag1_RC_ServFail ? "ServFail" : \
(X) == kDNSFlag1_RC_NXDomain ? "NXDomain" : \
(X) == kDNSFlag1_RC_NotImpl ? "NotImpl" : \
(X) == kDNSFlag1_RC_Refused ? "Refused" : \
(X) == kDNSFlag1_RC_YXDomain ? "YXDomain" : \
(X) == kDNSFlag1_RC_YXRRSet ? "YXRRSet" : \
(X) == kDNSFlag1_RC_NXRRSet ? "NXRRSet" : \
(X) == kDNSFlag1_RC_NotAuth ? "NotAuth" : \
// Note: DumpPacket expects the packet header fields in host byte order, not network byte order
{
int i;
DNSQuestion q;
else tbuffer[mDNS_snprintf(tbuffer, sizeof(tbuffer), "ERROR %d %sing", status, sent ? "Send" : "Receive")] = 0;
LogMsg("-- %s %s DNS %s%s (flags %02X%02X) RCODE: %s (%d) %s%s%s%s%s%sID: %d %d bytes from %s%d%s%s --",
);
{
}
LogMsg("--------------");
}
// ***************************************************************************
#pragma mark -
#endif
// Stub definition of TCPSocket_struct so we can access flags field. (Rest of TCPSocket_struct is platform-dependent.)
// Stub definition of UDPSocket_struct so we can access port field. (Rest of UDPSocket_struct is platform-dependent.)
// Note: When we sign a DNS message using DNSDigest_SignMessage(), the current real-time clock value is used, which
// is why we generally defer signing until we send the message, to ensure the signature is as fresh as possible.
{
// maintain outbound packet statistics
m->MulticastPacketsSent++;
else
m->UnicastPacketsSent++;
#endif // APPLE_OSX_mDNSResponder
// Zero-length message data is okay (e.g. for a DNS Update ack, where all we need is an ID and an error code
{
return mStatus_BadParamErr;
}
if (!newend) LogMsg("mDNSSendDNSMessage: putHINFO failed msg %p end %p, limit %p", msg->data, end, limit); // Not fatal
// Put all the integer values in IETF byte-order (MSB first, LSB second)
if (authInfo) DNSDigest_SignMessage(msg, &end, authInfo, 0); // DNSDigest_SignMessage operates on message in network byte order
if (!end) { LogMsg("mDNSSendDNSMessage: DNSDigest_SignMessage failed"); status = mStatus_NoMemoryErr; }
else
{
// Send the packet on the wire
if (!sock)
status = mDNSPlatformSendUDP(m, msg, end, InterfaceID, src, dst, dstport, useBackgroundTrafficClass);
else
{
char *buf;
long nsent;
// Try to send them in one packet if we can allocate enough memory
if (buf)
{
{
}
}
else
{
if (nsent != 2)
{
}
else
{
{
}
}
}
}
}
// Swap the integer values back the way they were (remember that numAdditionals may have been changed by putHINFO and/or SignMessage)
// Dump the packet with the HINFO and TSIG
}
// put the number of additionals back the way it was
return(status);
}
// ***************************************************************************
#pragma mark -
#endif
{
// MUST grab the platform lock FIRST!
mDNSPlatformLock(m);
// Normally, mDNS_reentrancy is zero and so is mDNS_busy
// However, when we call a client callback mDNS_busy is one, and we increment mDNS_reentrancy too
// If that client callback does mDNS API calls, mDNS_reentrancy and mDNS_busy will both be one
// If mDNS_busy != mDNS_reentrancy that's a bad sign
if (m->mDNS_busy != m->mDNS_reentrancy)
LogFatalError("%s: mDNS_Lock: Locking failure! mDNS_busy (%ld) != mDNS_reentrancy (%ld)", functionname, m->mDNS_busy, m->mDNS_reentrancy);
// If this is an initial entry into the mDNSCore code, set m->timenow
// else, if this is a re-entrant entry into the mDNSCore code, m->timenow should already be set
if (m->mDNS_busy == 0)
{
if (m->timenow)
LogMsg("%s: mDNS_Lock: m->timenow already set (%ld/%ld)", functionname, m->timenow, mDNS_TimeNow_NoLock(m));
m->timenow = mDNS_TimeNow_NoLock(m);
}
else if (m->timenow == 0)
{
m->timenow = mDNS_TimeNow_NoLock(m);
}
if (m->timenow_last - m->timenow > 0)
{
LogMsg("%s: mDNSPlatformRawTime went backwards by %ld ticks; setting correction factor to %ld", functionname, m->timenow_last - m->timenow, m->timenow_adjust);
m->timenow = m->timenow_last;
}
m->timenow_last = m->timenow;
// Increment mDNS_busy so we'll recognise re-entrant calls
m->mDNS_busy++;
}
{
return mDNSNULL;
}
{
if (m->mDNSPlatformStatus != mStatus_NoError) return(e);
if (m->NewQuestions)
{
else return(m->timenow);
}
if (m->NewLocalOnlyQuestions) return(m->timenow);
if (m->NewLocalOnlyRecords) return(m->timenow);
if (m->SPSProxyListChanged) return(m->timenow);
if (m->LocalRemoveEvents) return(m->timenow);
#ifndef UNICAST_DISABLED
if (e - m->NextuDNSEvent > 0) e = m->NextuDNSEvent;
if (e - m->NextScheduledNATOp > 0) e = m->NextScheduledNATOp;
#endif
if (e - m->NextCacheCheck > 0) e = m->NextCacheCheck;
if (e - m->NextScheduledSPS > 0) e = m->NextScheduledSPS;
if (e - m->NextScheduledKA > 0) e = m->NextScheduledKA;
// NextScheduledSPRetry only valid when DelaySleep not set
if (!m->DelaySleep && m->SleepLimit && e - m->NextScheduledSPRetry > 0) e = m->NextScheduledSPRetry;
if (m->SuppressSending)
{
if (e - m->SuppressSending > 0) e = m->SuppressSending;
}
else
{
if (e - m->NextScheduledQuery > 0) e = m->NextScheduledQuery;
if (e - m->NextScheduledProbe > 0) e = m->NextScheduledProbe;
if (e - m->NextScheduledResponse > 0) e = m->NextScheduledResponse;
}
if (e - m->NextScheduledStopTime > 0) e = m->NextScheduledStopTime;
return(e);
}
{
int TSE = 0;
mDNS_Lock(m);
LogMsg("Task Scheduling Error: *** Continuously busy for more than a second");
// Note: To accurately diagnose *why* we're busy, the debugging code here needs to mirror the logic in GetNextScheduledEvent above
if (m->NewQuestions && (!m->NewQuestions->DelayAnswering || m->timenow - m->NewQuestions->DelayAnswering >= 0))
LogTSE("Task Scheduling Error: NewQuestion %##s (%s)",
if (m->NewLocalOnlyQuestions)
LogTSE("Task Scheduling Error: NewLocalOnlyQuestions %##s (%s)",
if (m->NewLocalRecords)
{
rr = AnyLocalRecordReady(m);
}
#ifndef UNICAST_DISABLED
if (m->timenow - m->NextuDNSEvent >= 0)
if (m->timenow - m->NextScheduledNATOp >= 0)
#endif
if (m->timenow - m->NextCacheCheck >= 0)
if (m->timenow - m->NextScheduledSPS >= 0)
if (m->timenow - m->NextScheduledKA >= 0)
if (m->timenow - m->NextScheduledQuery >= 0)
if (m->timenow - m->NextScheduledProbe >= 0)
if (m->timenow - m->NextScheduledResponse >= 0)
LogTSE("Task Scheduling Error: m->NextScheduledResponse %d", m->timenow - m->NextScheduledResponse);
if (m->timenow - m->NextScheduledStopTime >= 0)
LogTSE("Task Scheduling Error: m->NextScheduledStopTime %d", m->timenow - m->NextScheduledStopTime);
if (m->timenow - m->NextScheduledEvent >= 0)
else LogMsg("Task Scheduling Error: *** %d potential cause%s identified (significant only if the same cause consistently appears)", TSE, TSE > 1 ? "s" : "");
mDNS_Unlock(m);
}
{
// Decrement mDNS_busy
m->mDNS_busy--;
// Check for locking failures
if (m->mDNS_busy != m->mDNS_reentrancy)
LogFatalError("%s: mDNS_Unlock: Locking failure! mDNS_busy (%ld) != mDNS_reentrancy (%ld)", functionname, m->mDNS_busy, m->mDNS_reentrancy);
// If this is a final exit from the mDNSCore code, set m->NextScheduledEvent and clear m->timenow
if (m->mDNS_busy == 0)
{
m->NextScheduledEvent = GetNextScheduledEvent(m);
m->timenow = 0;
}
// MUST release the platform lock LAST!
}
// ***************************************************************************
#pragma mark -
#endif
static const struct mDNSprintf_format
{
char altForm;
unsigned int fieldWidth;
unsigned int precision;
} mDNSprintf_format_default = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
{
int c;
if (buflen == 0) return(0);
buflen--; // Pre-reserve one space in the buffer for the terminating null
{
if (c != '%')
{
*sbuffer++ = (char)c;
}
else
{
unsigned int i=0, j;
// The mDNS Vsprintf Argument Conversion Buffer is used as a temporary holding area for
// generating decimal numbers, hexdecimal numbers, IP addresses, domain name strings, etc.
// The size needs to be enough for a 256-byte domain name plus some error text.
struct mDNSprintf_format F = mDNSprintf_format_default;
while (1) // decode flags
{
c = *++fmt;
else if (c == '#') F.altForm++;
else break;
}
if (c == '*') // decode field width
{
if (f < 0) { f = -f; F.leftJustify = 1; }
F.fieldWidth = (unsigned int)f;
c = *++fmt;
}
else
{
}
if (c == '.') // decode precision
{
if ((c = *++fmt) == '*')
F.havePrecision = 1;
}
if (F.leftJustify) F.zeroPad = 0;
conv:
switch (c) // perform appropriate conversion
{
unsigned long n;
case 'l': // fall through
case 'd':
if (F.hSize) n = (short) n;
if ((long) n < 0) { n = (unsigned long)-(long)n; F.sign = '-'; }
goto decimal;
if (F.hSize) n = (unsigned short) n;
F.sign = 0;
goto decimal;
decimal: if (!F.havePrecision)
{
if (F.zeroPad)
{
F.precision = F.fieldWidth;
}
}
for (i = 0; n; n /= 10, i++) *--s = (char)(n % 10 + '0');
for (; i < F.precision; i++) *--s = '0';
break;
if (F.hSize) n = (unsigned short) n;
if (!F.havePrecision)
{
}
for (i = 0; n; n /= 8, i++) *--s = (char)(n % 8 + '0');
for (; i < F.precision; i++) *--s = '0';
break;
case 'a': {
else
{
s = mDNS_VACB; // Adjust s to point to the start of the buffer, not the end
if (F.altForm)
{
{
default: F.precision = 0; break;
}
}
else switch (F.precision)
{
a[0], a[1], a[2], a[3]); break;
a[0], a[1], a[2], a[3], a[4], a[5]); break;
"%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X",
a[0x0], a[0x1], a[0x2], a[0x3], a[0x4], a[0x5], a[0x6], a[0x7],
a[0x8], a[0x9], a[0xA], a[0xB], a[0xC], a[0xD], a[0xE], a[0xF]); break;
" address size (i.e. %.4a=IPv4, %.6a=Ethernet, %.16a=IPv6) >>"); break;
}
}
}
break;
goto hexadecimal;
if (F.hSize) n = (unsigned short) n;
if (!F.havePrecision)
{
if (F.zeroPad)
{
F.precision = F.fieldWidth;
}
}
for (; i < F.precision; i++) *--s = '0';
break;
else switch (F.altForm)
{
case 0: i=0;
if (!F.havePrecision) // C string
while (s[i]) i++;
else
{
while ((i < F.precision) && s[i]) i++;
// Make sure we don't truncate in the middle of a UTF-8 character
// If last character we got was any kind of UTF-8 multi-byte character,
// then see if we have to back up.
// This is not as easy as the similar checks below, because
// here we can't assume it's safe to examine the *next* byte, so we
// have to confine ourselves to working only backwards in the string.
j = i; // Record where we got to
// Now, back up until we find first non-continuation-char
while (i>0 && (s[i-1] & 0xC0) == 0x80) i--;
// Now s[i-1] is the first non-continuation-char
// and (j-i) is the number of continuation-chars we found
if (i>0 && (s[i-1] & 0xC0) == 0xC0) // If we found a start-char
{
i--; // Tentatively eliminate this start-char as well
// Now (j-i) is the number of characters we're considering eliminating.
// To be legal UTF-8, the start-char must contain (j-i) one-bits,
// followed by a zero bit. If we shift it right by (7-(j-i)) bits
// (with sign extension) then the result has to be 0xFE.
// If this is right, then we reinstate the tentatively eliminated bytes.
if (((j-i) < 7) && (((s[i] >> (7-(j-i))) & 0xFF) == 0xFE)) i = j;
}
}
break;
case 1: i = (unsigned char) *s++; break; // Pascal string
case 2: { // DNS label-sequence name
unsigned char *a = (unsigned char *)s;
s = mDNS_VACB; // Adjust s to point to the start of the buffer, not the end
if (*a == 0) *s++ = '.'; // Special case for root DNS name
while (*a)
{
if (*a > 63)
if (s + *a >= &mDNS_VACB[254])
// Need to use ConvertDomainLabelToCString to do proper escaping here,
// so it's clear what's a literal dot and what's a label separator
a += 1 + *a;
}
s = mDNS_VACB; // Reset s back to the start of the buffer
break;
}
}
// Make sure we don't truncate in the middle of a UTF-8 character (see similar comment below)
if (F.havePrecision && i > F.precision)
break;
else *(int *) s = (int)nwritten;
continue;
default: s = mDNS_VACB;
case '%': *sbuffer++ = (char)c;
break;
}
do {
*sbuffer++ = ' ';
} while (i < --F.fieldWidth);
// Make sure we don't truncate in the middle of a UTF-8 character.
// Note: s[i] is the first eliminated character; i.e. the next character *after* the last character of the
// allowed output. If s[i] is a UTF-8 continuation character, then we've cut a unicode character in half,
// so back up 'i' until s[i] is no longer a UTF-8 continuation character. (if the input was proprly
// formed, s[i] will now be the UTF-8 start character of the multi-byte character we just eliminated).
for (j=0; j<i; j++) *sbuffer++ = *s++; // Write the converted result
nwritten += i;
for (; i < F.fieldWidth; i++) // Pad on the right
{
*sbuffer++ = ' ';
}
}
}
exit:
*sbuffer++ = 0;
return(nwritten);
}
{
return(length);
}