1 files changed, 286 insertions, 0 deletions
diff --git a/3rdParty/Unbound/src/src/iterator/iter_resptype.c b/3rdParty/Unbound/src/src/iterator/iter_resptype.c
new file mode 100644
index 0000000..2cdc5fc
--- /dev/null
+++ b/3rdParty/Unbound/src/src/iterator/iter_resptype.c
@@ -0,0 +1,286 @@
+/*
+ * iterator/iter_resptype.c - response type information and classification.
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file defines the response type. DNS Responses can be classified as
+ * one of the response types.
+ */
+#include "config.h"
+#include <ldns/packet.h>
+#include "iterator/iter_resptype.h"
+#include "iterator/iter_delegpt.h"
+#include "services/cache/dns.h"
+#include "util/net_help.h"
+#include "util/data/dname.h"
+
+enum response_type 
+response_type_from_cache(struct dns_msg* msg, 
+	struct query_info* request)
+{
+	/* If the message is NXDOMAIN, then it is an ANSWER. */
+	if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NXDOMAIN)
+		return RESPONSE_TYPE_ANSWER;
+	if(request->qtype == LDNS_RR_TYPE_ANY)
+		return RESPONSE_TYPE_ANSWER;
+	
+	/* First we look at the answer section. This can tell us if this is
+	 * CNAME or positive ANSWER. */
+	if(msg->rep->an_numrrsets > 0) {
+		/* Now look at the answer section first. 3 states: 
+		 *	o our answer is there directly,
+		 *	o our answer is there after a cname,
+		 *	o or there is just a cname. */
+		uint8_t* mname = request->qname;
+		size_t mname_len = request->qname_len;
+		size_t i;
+		for(i=0; i<msg->rep->an_numrrsets; i++) {
+			struct ub_packed_rrset_key* s = msg->rep->rrsets[i];
+
+			/* If we have encountered an answer (before or 
+			 * after a CNAME), then we are done! Note that 
+			 * if qtype == CNAME then this will be noted as 
+			 * an ANSWER before it gets treated as a CNAME, 
+			 * as it should */
+			if(ntohs(s->rk.type) == request->qtype &&
+				ntohs(s->rk.rrset_class) == request->qclass &&
+				query_dname_compare(mname, s->rk.dname) == 0) {
+				return RESPONSE_TYPE_ANSWER;
+			}
+
+			/* If we have encountered a CNAME, make sure that 
+			 * it is relevant. */
+			if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME &&
+				query_dname_compare(mname, s->rk.dname) == 0) {
+				get_cname_target(s, &mname, &mname_len);
+			}
+		}
+
+		/* if we encountered a CNAME (or a bunch of CNAMEs), and 
+		 * still got to here, then it is a CNAME response. (i.e., 
+		 * the CNAME chain didn't terminate in an answer rrset.) */
+		if(mname != request->qname) {
+			return RESPONSE_TYPE_CNAME;
+		}
+	}
+
+	/* At this point, since we don't need to detect REFERRAL or LAME 
+	 * messages, it can only be an ANSWER. */
+	return RESPONSE_TYPE_ANSWER;
+}
+
+enum response_type 
+response_type_from_server(int rdset,
+	struct dns_msg* msg, struct query_info* request, struct delegpt* dp)
+{
+	uint8_t* origzone = (uint8_t*)"\000"; /* the default */
+	struct ub_packed_rrset_key* s;
+	size_t i;
+
+	if(!msg || !request)
+		return RESPONSE_TYPE_THROWAWAY;
+	
+	/* If the message is NXDOMAIN, then it answers the question. */
+	if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NXDOMAIN) {
+		/* make sure its not recursive when we don't want it to */
+		if( (msg->rep->flags&BIT_RA) &&
+			!(msg->rep->flags&BIT_AA) && !rdset)
+				return RESPONSE_TYPE_REC_LAME;
+		/* it could be a CNAME with NXDOMAIN rcode */
+		for(i=0; i<msg->rep->an_numrrsets; i++) {
+			s = msg->rep->rrsets[i];
+			if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME &&
+				query_dname_compare(request->qname,
+				s->rk.dname) == 0) {
+				return RESPONSE_TYPE_CNAME;
+			}
+		}
+		return RESPONSE_TYPE_ANSWER;
+	}
+	
+	/* Other response codes mean (so far) to throw the response away as
+	 * meaningless and move on to the next nameserver. */
+	if(FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_NOERROR)
+		return RESPONSE_TYPE_THROWAWAY;
+
+	/* Note: TC bit has already been handled */
+
+	if(dp) {
+		origzone = dp->name;
+	}
+
+	/* First we look at the answer section. This can tell us if this is a
+	 * CNAME or ANSWER or (provisional) ANSWER. */
+	if(msg->rep->an_numrrsets > 0) {
+		uint8_t* mname = request->qname;
+		size_t mname_len = request->qname_len;
+
+		/* Now look at the answer section first. 3 states: our 
+		 * answer is there directly, our answer is there after 
+		 * a cname, or there is just a cname. */
+		for(i=0; i<msg->rep->an_numrrsets; i++) {
+			s = msg->rep->rrsets[i];
+			
+			/* if the answer section has NS rrset, and qtype ANY 
+		 	 * and the delegation is lower, and no CNAMEs followed,
+		 	 * this is a referral where the NS went to AN section */
+			if((request->qtype == LDNS_RR_TYPE_ANY ||
+				request->qtype == LDNS_RR_TYPE_NS) &&
+				ntohs(s->rk.type) == LDNS_RR_TYPE_NS &&
+				ntohs(s->rk.rrset_class) == request->qclass &&
+				dname_strict_subdomain_c(s->rk.dname, 
+				origzone)) {
+				if((msg->rep->flags&BIT_AA))
+					return RESPONSE_TYPE_ANSWER;
+				return RESPONSE_TYPE_REFERRAL;
+			}
+
+			/* If we have encountered an answer (before or 
+			 * after a CNAME), then we are done! Note that 
+			 * if qtype == CNAME then this will be noted as an
+			 * ANSWER before it gets treated as a CNAME, as 
+			 * it should. */
+			if(ntohs(s->rk.type) == request->qtype &&
+				ntohs(s->rk.rrset_class) == request->qclass &&
+				query_dname_compare(mname, s->rk.dname) == 0) {
+				if((msg->rep->flags&BIT_AA))
+					return RESPONSE_TYPE_ANSWER;
+				/* If the AA bit isn't on, and we've seen 
+				 * the answer, we only provisionally say 
+				 * 'ANSWER' -- it very well could be a 
+				 * REFERRAL. */
+				break;
+			}
+
+			/* If we have encountered a CNAME, make sure that 
+			 * it is relevant. */
+			if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME &&
+				query_dname_compare(mname, s->rk.dname) == 0) {
+				get_cname_target(s, &mname, &mname_len);
+			}
+		}
+		/* not a referral, and qtype any, thus an answer */
+		if(request->qtype == LDNS_RR_TYPE_ANY)
+			return RESPONSE_TYPE_ANSWER;
+		/* if we encountered a CNAME (or a bunch of CNAMEs), and 
+		 * still got to here, then it is a CNAME response. 
+		 * (This is regardless of the AA bit at this point) */
+		if(mname != request->qname) {
+			return RESPONSE_TYPE_CNAME;
+		}
+	}
+
+	/* Looking at the authority section, we just look and see if 
+	 * there is a SOA record, that means a NOERROR/NODATA */
+	for(i = msg->rep->an_numrrsets; i < (msg->rep->an_numrrsets +
+		msg->rep->ns_numrrsets); i++) {
+		s = msg->rep->rrsets[i];
+
+		/* The normal way of detecting NOERROR/NODATA. */
+		if(ntohs(s->rk.type) == LDNS_RR_TYPE_SOA &&
+			dname_subdomain_c(request->qname, s->rk.dname)) {
+			/* we do our own recursion, thank you */
+			if( (msg->rep->flags&BIT_RA) &&
+				!(msg->rep->flags&BIT_AA) && !rdset)
+				return RESPONSE_TYPE_REC_LAME;
+			return RESPONSE_TYPE_ANSWER;
+		}
+	}
+	/* Looking at the authority section, we just look and see if 
+	 * there is a delegation NS set, turning it into a delegation. 
+	 * Otherwise, we will have to conclude ANSWER (either it is 
+	 * NOERROR/NODATA, or an non-authoritative answer). */
+	for(i = msg->rep->an_numrrsets; i < (msg->rep->an_numrrsets +
+		msg->rep->ns_numrrsets); i++) {
+		s = msg->rep->rrsets[i];
+
+		/* Detect REFERRAL/LAME/ANSWER based on the relationship 
+		 * of the NS set to the originating zone name. */
+		if(ntohs(s->rk.type) == LDNS_RR_TYPE_NS) {
+			/* If we are getting an NS set for the zone we 
+			 * thought we were contacting, then it is an answer.*/
+			if(query_dname_compare(s->rk.dname, origzone) == 0) {
+				/* see if mistakenly a recursive server was
+				 * deployed and is responding nonAA */
+				if( (msg->rep->flags&BIT_RA) &&
+					!(msg->rep->flags&BIT_AA) && !rdset)
+					return RESPONSE_TYPE_REC_LAME;
+				/* Or if a lame server is deployed,
+				 * which gives ns==zone delegation from cache 
+				 * without AA bit as well, with nodata nosoa*/
+				/* real answer must be +AA and SOA RFC(2308),
+				 * so this is wrong, and we SERVFAIL it if
+				 * this is the only possible reply, if it
+				 * is misdeployed the THROWAWAY makes us pick
+				 * the next server from the selection */
+				if(msg->rep->an_numrrsets==0 &&
+					!(msg->rep->flags&BIT_AA) && !rdset)
+					return RESPONSE_TYPE_THROWAWAY;
+				return RESPONSE_TYPE_ANSWER;
+			}
+			/* If we are getting a referral upwards (or to 
+			 * the same zone), then the server is 'lame'. */
+			if(dname_subdomain_c(origzone, s->rk.dname)) {
+				if(rdset) /* forward or reclame not LAME */
+					return RESPONSE_TYPE_THROWAWAY;
+				return RESPONSE_TYPE_LAME;
+			}
+			/* If the NS set is below the delegation point we 
+			 * are on, and it is non-authoritative, then it is 
+			 * a referral, otherwise it is an answer. */
+			if(dname_subdomain_c(s->rk.dname, origzone)) {
+				/* NOTE: I no longer remember in what case 
+				 * we would like this to be an answer. 
+				 * NODATA should have a SOA or nothing, 
+				 * not an NS rrset. 
+				 * True, referrals should not have the AA 
+				 * bit set, but... */
+				 
+				/* if((msg->rep->flags&BIT_AA))
+					return RESPONSE_TYPE_ANSWER; */
+				return RESPONSE_TYPE_REFERRAL;
+			}
+			/* Otherwise, the NS set is irrelevant. */
+		}
+	}
+
+	/* If we've gotten this far, this is NOERROR/NODATA (which could 
+	 * be an entirely empty message) */
+	/* check if recursive answer; saying it has empty cache */
+	if( (msg->rep->flags&BIT_RA) && !(msg->rep->flags&BIT_AA) && !rdset)
+		return RESPONSE_TYPE_REC_LAME;
+	return RESPONSE_TYPE_ANSWER;
+}