+{
+ CacheRecord *rr;
+ const mDNSu32 slot = HashSlot(&q->qname);
+ CacheGroup *cg = CacheGroupForName(m, slot, q->qnamehash, &q->qname);
+ for (rr = cg ? cg->members : mDNSNULL; rr; rr=rr->next)
+ if (rr->CRActiveQuestion == q)
+ {
+ //LogInfo("GrantCacheExtensions: new lease %d / %s", lease, CRDisplayString(m, rr));
+ RefreshCacheRecord(m, rr, lease);
+ }
+}
+
+mDNSlocal mDNSu32 GetEffectiveTTL(const uDNS_LLQType LLQType, mDNSu32 ttl) // TTL in seconds
+{
+ if (LLQType == uDNS_LLQ_Entire) ttl = kLLQ_DefLease;
+ else if (LLQType == uDNS_LLQ_Events)
+ {
+ // If the TTL is -1 for uDNS LLQ event packet, that means "remove"
+ if (ttl == 0xFFFFFFFF) ttl = 0;
+ else ttl = kLLQ_DefLease;
+ }
+ else // else not LLQ (standard uDNS response)
+ {
+ // The TTL is already capped to a maximum value in GetLargeResourceRecord, but just to be extra safe we
+ // also do this check here to make sure we can't get overflow below when we add a quarter to the TTL
+ if (ttl > 0x60000000UL / mDNSPlatformOneSecond) ttl = 0x60000000UL / mDNSPlatformOneSecond;
+
+ ttl = RRAdjustTTL(ttl);
+
+ // For mDNS, TTL zero means "delete this record"
+ // For uDNS, TTL zero means: this data is true at this moment, but don't cache it.
+ // For the sake of network efficiency, we impose a minimum effective TTL of 15 seconds.
+ // This means that we'll do our 80, 85, 90, 95% queries at 12.00, 12.75, 13.50, 14.25 seconds
+ // respectively, and then if we get no response, delete the record from the cache at 15 seconds.
+ // This gives the server up to three seconds to respond between when we send our 80% query at 12 seconds
+ // and when we delete the record at 15 seconds. Allowing cache lifetimes less than 15 seconds would
+ // (with the current code) result in the server having even less than three seconds to respond
+ // before we deleted the record and reported a "remove" event to any active questions.
+ // Furthermore, with the current code, if we were to allow a TTL of less than 2 seconds
+ // then things really break (e.g. we end up making a negative cache entry).
+ // In the future we may want to revisit this and consider properly supporting non-cached (TTL=0) uDNS answers.
+ if (ttl < 15) ttl = 15;
+ }
+
+ return ttl;
+}
+
+// When the response does not match the question directly, we still want to cache them sometimes. The current response is
+// in m->rec.
+mDNSlocal mDNSBool IsResponseAcceptable(mDNS *const m, const CacheRecord *crlist, DNSQuestion *q, mDNSBool *nseclist)
+{
+ CacheRecord *const newcr = &m->rec.r;
+ ResourceRecord *rr = &newcr->resrec;
+ const CacheRecord *cr;
+
+ *nseclist = mDNSfalse;
+ for (cr = crlist; cr != (CacheRecord*)1; cr = cr->NextInCFList)
+ {
+ domainname *target = GetRRDomainNameTarget(&cr->resrec);
+ // When we issue a query for A record, the response might contain both a CNAME and A records. Only the CNAME would
+ // match the question and we already created a cache entry in the previous pass of this loop. Now when we process
+ // the A record, it does not match the question because the record name here is the CNAME. Hence we try to
+ // match with the previous records to make it an AcceptableResponse. We have to be careful about setting the
+ // DNSServer value that we got in the previous pass. This can happen for other record types like SRV also.
+
+ if (target && cr->resrec.rdatahash == rr->namehash && SameDomainName(target, rr->name))
+ {
+ LogInfo("IsResponseAcceptable: Found a matching entry for %##s in the CacheFlushRecords %s", rr->name->c, CRDisplayString(m, cr));
+ return (mDNStrue);
+ }
+ }
+
+ // Either the question requires validation or we are validating a response with DNSSEC in which case
+ // we need to accept the RRSIGs also so that we can validate the response. It is also possible that
+ // we receive NSECs for our query which does not match the qname and we need to cache in that case
+ // too. nseclist is set if they have to be cached as part of the negative cache record.
+ if (q && DNSSECQuestion(q))
+ {
+ mDNSBool same = SameDomainName(&q->qname, rr->name);
+ if (same && (q->qtype == rr->rrtype || rr->rrtype == kDNSType_CNAME))
+ {
+ LogInfo("IsResponseAcceptable: Accepting, same name and qtype %s, CR %s", DNSTypeName(q->qtype),
+ CRDisplayString(m, newcr));
+ return mDNStrue;
+ }
+ // We cache RRSIGS if it covers the question type or NSEC. If it covers a NSEC,
+ // "nseclist" is set
+ if (rr->rrtype == kDNSType_RRSIG)
+ {
+ RDataBody2 *const rdb = (RDataBody2 *)newcr->smallrdatastorage.data;
+ rdataRRSig *rrsig = &rdb->rrsig;
+ mDNSu16 typeCovered = swap16(rrsig->typeCovered);
+
+ // Note the ordering. If we are looking up the NSEC record, then the RRSIG's typeCovered
+ // would match the qtype and they are cached normally as they are not used to prove the
+ // non-existence of any name. In that case, it is like any other normal dnssec validation
+ // and hence nseclist should not be set.
+
+ if (same && ((typeCovered == q->qtype) || (typeCovered == kDNSType_CNAME)))
+ {
+ LogInfo("IsResponseAcceptable: Accepting RRSIG %s matches question type %s", CRDisplayString(m, newcr),
+ DNSTypeName(q->qtype));
+ return mDNStrue;
+ }
+ else if (typeCovered == kDNSType_NSEC || typeCovered == kDNSType_NSEC3)
+ {
+ LogInfo("IsResponseAcceptable: Accepting RRSIG %s matches %s type (nseclist = 1)", CRDisplayString(m, newcr), DNSTypeName(typeCovered));
+ *nseclist = mDNStrue;
+ return mDNStrue;
+ }
+ else if (typeCovered == kDNSType_SOA)
+ {
+ LogInfo("IsResponseAcceptable: Accepting RRSIG %s matches SOA type (nseclist = 1)", CRDisplayString(m, newcr));
+ *nseclist = mDNStrue;
+ return mDNStrue;
+ }
+ else return mDNSfalse;
+ }
+ if (rr->rrtype == kDNSType_NSEC)
+ {
+ if (!UNICAST_NSEC(rr))
+ {
+ LogMsg("IsResponseAcceptable: ERROR!! Not a unicast NSEC %s", CRDisplayString(m, newcr));
+ return mDNSfalse;
+ }
+ LogInfo("IsResponseAcceptable: Accepting NSEC %s (nseclist = 1)", CRDisplayString(m, newcr));
+ *nseclist = mDNStrue;
+ return mDNStrue;
+ }
+ if (rr->rrtype == kDNSType_SOA)
+ {
+ LogInfo("IsResponseAcceptable: Accepting SOA %s (nseclist = 1)", CRDisplayString(m, newcr));
+ *nseclist = mDNStrue;
+ return mDNStrue;
+ }
+ else if (rr->rrtype == kDNSType_NSEC3)
+ {
+ LogInfo("IsResponseAcceptable: Accepting NSEC3 %s (nseclist = 1)", CRDisplayString(m, newcr));
+ *nseclist = mDNStrue;
+ return mDNStrue;
+ }
+ }
+ return mDNSfalse;
+}
+
+mDNSlocal void FreeNSECRecords(mDNS *const m, CacheRecord *NSECRecords)
+{
+ CacheRecord *rp, *next;
+
+ for (rp = NSECRecords; rp; rp = next)
+ {
+ next = rp->next;
+ ReleaseCacheRecord(m, rp);
+ }
+}
+
+// If we received zero DNSSEC records even when the DO/EDNS0 bit was set, we need to provide this
+// information to ValidatingResponse question to indicate the DNSSEC status to the application
+mDNSlocal void mDNSCoreReceiveNoDNSSECAnswers(mDNS *const m, const DNSMessage *const response, const mDNSu8 *end, const mDNSAddr *dstaddr,
+ mDNSIPPort dstport, const mDNSInterfaceID InterfaceID)
+{
+ int i;
+ const mDNSu8 *ptr = response->data;
+
+ for (i = 0; i < response->h.numQuestions && ptr && ptr < end; i++)
+ {
+ DNSQuestion pktq;
+ DNSQuestion *qptr = mDNSNULL;
+ ptr = getQuestion(response, ptr, end, InterfaceID, &pktq);
+ if (ptr && (qptr = ExpectingUnicastResponseForQuestion(m, dstport, response->h.id, &pktq, !dstaddr)) &&
+ qptr->ValidatingResponse)
+ {
+ DNSQuestion *next, *q;
+
+ if (qptr->DuplicateOf)
+ LogMsg("mDNSCoreReceiveNoDNSSECAnswers: ERROR!! qptr %##s (%s) Duplicate question matching response", qptr->qname.c, DNSTypeName(qptr->qtype));
+
+ // Be careful to call the callback for duplicate questions first and then the original
+ // question. If we called the callback on the original question, it could stop and
+ // a duplicate question would become the original question.
+ mDNS_DropLockBeforeCallback(); // Allow client (and us) to legally make mDNS API calls
+ for (q = qptr->next ; q && q != m->NewQuestions; q = next)
+ {
+ next = q->next;
+ if (q->DuplicateOf == qptr)
+ {
+ if (q->ValidatingResponse)
+ LogInfo("mDNSCoreReceiveNoDNSSECAnswers: qptr %##s (%s) Duplicate question found", q->qname.c, DNSTypeName(q->qtype));
+ else
+ LogMsg("mDNSCoreReceiveNoDNSSECAnswers: ERROR!! qptr %##s (%s) Duplicate question not ValidatingResponse", q->qname.c, DNSTypeName(q->qtype));
+ if (q->QuestionCallback)
+ q->QuestionCallback(m, q, mDNSNULL, QC_nodnssec);
+ }
+ }
+ if (qptr->QuestionCallback)
+ qptr->QuestionCallback(m, qptr, mDNSNULL, QC_nodnssec);
+ mDNS_ReclaimLockAfterCallback(); // Decrement mDNS_reentrancy to block mDNS API calls again
+ }
+ }
+}
+
+mDNSlocal void mDNSCoreReceiveNoUnicastAnswers(mDNS *const m, const DNSMessage *const response, const mDNSu8 *end, const mDNSAddr *dstaddr,
+ mDNSIPPort dstport, const mDNSInterfaceID InterfaceID, uDNS_LLQType LLQType, mDNSu8 rcode, CacheRecord *NSECRecords)
+{
+ int i;
+ const mDNSu8 *ptr = response->data;
+ CacheRecord *SOARecord = mDNSNULL;
+
+ for (i = 0; i < response->h.numQuestions && ptr && ptr < end; i++)
+ {
+ DNSQuestion q;
+ DNSQuestion *qptr = mDNSNULL;
+ ptr = getQuestion(response, ptr, end, InterfaceID, &q);
+ if (ptr && (qptr = ExpectingUnicastResponseForQuestion(m, dstport, response->h.id, &q, !dstaddr)))
+ {
+ CacheRecord *rr, *neg = mDNSNULL;
+ mDNSu32 slot = HashSlot(&q.qname);
+ CacheGroup *cg = CacheGroupForName(m, slot, q.qnamehash, &q.qname);
+ for (rr = cg ? cg->members : mDNSNULL; rr; rr=rr->next)
+ if (SameNameRecordAnswersQuestion(&rr->resrec, qptr))
+ {
+ // 1. If we got a fresh answer to this query, then don't need to generate a negative entry
+ if (RRExpireTime(rr) - m->timenow > 0) break;
+ // 2. If we already had a negative entry, keep track of it so we can resurrect it instead of creating a new one
+ if (rr->resrec.RecordType == kDNSRecordTypePacketNegative) neg = rr;
+ }
+ // When we're doing parallel unicast and multicast queries for dot-local names (for supporting Microsoft
+ // Active Directory sites) we don't want to waste memory making negative cache entries for all the unicast answers.
+ // Otherwise we just fill up our cache with negative entries for just about every single multicast name we ever look up
+ // (since the Microsoft Active Directory server is going to assert that pretty much every single multicast name doesn't exist).
+ // This is not only a waste of memory, but there's also the problem of those negative entries confusing us later -- e.g. we
+ // suppress sending our mDNS query packet because we think we already have a valid (negative) answer to that query in our cache.
+ // The one exception is that we *DO* want to make a negative cache entry for "local. SOA", for the (common) case where we're
+ // *not* on a Microsoft Active Directory network, and there is no authoritative server for "local". Note that this is not
+ // in conflict with the mDNS spec, because that spec says, "Multicast DNS Zones have no SOA record," so it's okay to cache
+ // negative answers for "local. SOA" from a uDNS server, because the mDNS spec already says that such records do not exist :-)
+ //
+ // By suppressing negative responses, it might take longer to timeout a .local question as it might be expecting a
+ // response e.g., we deliver a positive "A" response and suppress negative "AAAA" response and the upper layer may
+ // be waiting longer to get the AAAA response before returning the "A" response to the application. To handle this
+ // case without creating the negative cache entries, we generate a negative response and let the layer above us
+ // do the appropriate thing. This negative response is also needed for appending new search domains.
+ if (!InterfaceID && q.qtype != kDNSType_SOA && IsLocalDomain(&q.qname))
+ {
+ if (!rr)
+ {
+ LogInfo("mDNSCoreReceiveNoUnicastAnswers: Generate negative response for %##s (%s)", q.qname.c, DNSTypeName(q.qtype));
+ m->CurrentQuestion = qptr;
+ // We are not creating a cache record in this case, we need to pass back
+ // the error we got so that the proxy code can return the right one to
+ // the application
+ if (qptr->ProxyQuestion)
+ qptr->responseFlags = response->h.flags;
+ GenerateNegativeResponse(m, QC_forceresponse);
+ m->CurrentQuestion = mDNSNULL;
+ }
+ else
+ {
+ LogInfo("mDNSCoreReceiveNoUnicastAnswers: Skipping check and not creating a negative cache entry for %##s (%s)", q.qname.c, DNSTypeName(q.qtype));
+ }
+ }
+ else
+ {
+ if (!rr)
+ {
+ // We start off assuming a negative caching TTL of 60 seconds
+ // but then look to see if we can find an SOA authority record to tell us a better value we should be using
+ mDNSu32 negttl = 60;
+ int repeat = 0;
+ const domainname *name = &q.qname;
+ mDNSu32 hash = q.qnamehash;
+
+ // Special case for our special Microsoft Active Directory "local SOA" check.
+ // Some cheap home gateways don't include an SOA record in the authority section when
+ // they send negative responses, so we don't know how long to cache the negative result.
+ // Because we don't want to keep hitting the root name servers with our query to find
+ // if we're on a network using Microsoft Active Directory using "local" as a private
+ // internal top-level domain, we make sure to cache the negative result for at least one day.
+ if (q.qtype == kDNSType_SOA && SameDomainName(&q.qname, &localdomain)) negttl = 60 * 60 * 24;
+
+ // If we're going to make (or update) a negative entry, then look for the appropriate TTL from the SOA record
+ if (response->h.numAuthorities && (ptr = LocateAuthorities(response, end)) != mDNSNULL)
+ {
+ ptr = GetLargeResourceRecord(m, response, ptr, end, InterfaceID, kDNSRecordTypePacketAuth, &m->rec);
+ if (ptr && m->rec.r.resrec.RecordType != kDNSRecordTypePacketNegative && m->rec.r.resrec.rrtype == kDNSType_SOA)
+ {
+ const mDNSu32 s = HashSlot(m->rec.r.resrec.name);
+ CacheGroup *cgSOA = CacheGroupForRecord(m, s, &m->rec.r.resrec);
+ const rdataSOA *const soa = (const rdataSOA *)m->rec.r.resrec.rdata->u.data;
+ mDNSu32 ttl_s = soa->min;
+ // We use the lesser of the SOA.MIN field and the SOA record's TTL, *except*
+ // for the SOA record for ".", where the record is reported as non-cacheable
+ // (TTL zero) for some reason, so in this case we just take the SOA record's TTL as-is
+ if (ttl_s > m->rec.r.resrec.rroriginalttl && m->rec.r.resrec.name->c[0])
+ ttl_s = m->rec.r.resrec.rroriginalttl;
+ if (negttl < ttl_s) negttl = ttl_s;
+
+ // Create the SOA record as we may have to return this to the questions
+ // that we are acting as a proxy for currently or in the future.
+ SOARecord = CreateNewCacheEntry(m, s, cgSOA, 1, mDNSfalse, mDNSNULL);
+
+ // Special check for SOA queries: If we queried for a.b.c.d.com, and got no answer,
+ // with an Authority Section SOA record for d.com, then this is a hint that the authority
+ // is d.com, and consequently SOA records b.c.d.com and c.d.com don't exist either.
+ // To do this we set the repeat count so the while loop below will make a series of negative cache entries for us
+ //
+ // For ProxyQuestions, we don't do this as we need to create additional SOA records to cache them
+ // along with the negative cache record. For simplicity, we don't create the additional records.
+ if (!qptr->ProxyQuestion && q.qtype == kDNSType_SOA)
+ {
+ int qcount = CountLabels(&q.qname);
+ int scount = CountLabels(m->rec.r.resrec.name);
+ if (qcount - 1 > scount)
+ if (SameDomainName(SkipLeadingLabels(&q.qname, qcount - scount), m->rec.r.resrec.name))
+ repeat = qcount - 1 - scount;
+ }
+ }
+ m->rec.r.resrec.RecordType = 0; // Clear RecordType to show we're not still using it
+ }
+
+ // If we already had a negative entry in the cache, then we double our existing negative TTL. This is to avoid
+ // the case where the record doesn't exist (e.g. particularly for things like our lb._dns-sd._udp.<domain> query),
+ // and the server returns no SOA record (or an SOA record with a small MIN TTL) so we assume a TTL
+ // of 60 seconds, and we end up polling the server every minute for a record that doesn't exist.
+ // With this fix in place, when this happens, we double the effective TTL each time (up to one hour),
+ // so that we back off our polling rate and don't keep hitting the server continually.
+ if (neg)
+ {
+ if (negttl < neg->resrec.rroriginalttl * 2)
+ negttl = neg->resrec.rroriginalttl * 2;
+ if (negttl > 3600)
+ negttl = 3600;
+ }
+
+ negttl = GetEffectiveTTL(LLQType, negttl); // Add 25% grace period if necessary
+
+ // If we already had a negative cache entry just update it, else make one or more new negative cache entries.
+ if (neg)
+ {
+ LogInfo("mDNSCoreReceiveNoUnicastAnswers: Renewing negative TTL from %d to %d %s", neg->resrec.rroriginalttl, negttl, CRDisplayString(m, neg));
+ RefreshCacheRecord(m, neg, negttl);
+ // When we created the cache for the first time and answered the question, the question's
+ // interval was set to MaxQuestionInterval. If the cache is about to expire and we are resending
+ // the queries, the interval should still be at MaxQuestionInterval. If the query is being
+ // restarted (setting it to InitialQuestionInterval) for other reasons e.g., wakeup,
+ // we should reset its question interval here to MaxQuestionInterval.
+ ResetQuestionState(m, qptr);
+ if (DNSSECQuestion(qptr))
+ neg->CRDNSSECQuestion = 1;
+ // Update the NSEC records again.
+ // TBD: Need to purge and revalidate if the cached NSECS and the new set are not same.
+ if (NSECRecords)
+ {
+ if (!AddNSECSForCacheRecord(m, NSECRecords, neg, rcode))
+ {
+ // We might just have an SOA record for zones that are not signed and hence don't log
+ // this as an error
+ LogInfo("mDNSCoreReceiveNoUnicastAnswers: AddNSECSForCacheRecord failed to add NSEC for negcr %s during refresh", CRDisplayString(m, neg));
+ FreeNSECRecords(m, NSECRecords);
+ neg->CRDNSSECQuestion = 0;
+ }
+ NSECRecords = mDNSNULL;
+ }
+ if (SOARecord)
+ {
+ if (neg->soa)
+ ReleaseCacheRecord(m, neg->soa);
+ neg->soa = SOARecord;
+ SOARecord = mDNSNULL;
+ }
+ }
+ else while (1)
+ {
+ CacheRecord *negcr;
+ debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, name->c, DNSTypeName(q.qtype));
+ MakeNegativeCacheRecord(m, &m->rec.r, name, hash, q.qtype, q.qclass, negttl, mDNSInterface_Any, qptr->qDNSServer);
+ m->rec.r.responseFlags = response->h.flags;
+ // We create SOA records above which might create new cache groups. Earlier
+ // in the function we looked up the cache group for the name and it could have
+ // been NULL. If we pass NULL cg to new cache entries that we create below,
+ // it will create additional cache groups for the same name. To avoid that,
+ // look up the cache group again to re-initialize cg again.
+ cg = CacheGroupForName(m, slot, hash, name);
+ if (NSECRecords && DNSSECQuestion(qptr))
+ {
+ // Create the cache entry with delay and then add the NSEC records
+ // to it and add it immediately.
+ negcr = CreateNewCacheEntry(m, slot, cg, 1, mDNStrue, mDNSNULL);
+ if (negcr)
+ {
+ negcr->CRDNSSECQuestion = 0;
+ if (!AddNSECSForCacheRecord(m, NSECRecords, negcr, rcode))
+ {
+ LogInfo("mDNSCoreReceiveNoUnicastAnswers: AddNSECSForCacheRecord failed to add NSEC for negcr %s",
+ CRDisplayString(m, negcr));
+ FreeNSECRecords(m, NSECRecords);
+ }
+ else
+ {
+ negcr->CRDNSSECQuestion = 1;
+ LogInfo("mDNSCoreReceiveNoUnicastAnswers: AddNSECSForCacheRecord added neg NSEC for %s", CRDisplayString(m, negcr));
+ }
+ NSECRecords = mDNSNULL;
+ negcr->DelayDelivery = 0;
+ CacheRecordDeferredAdd(m, negcr);
+ }
+ m->rec.r.resrec.RecordType = 0; // Clear RecordType to show we're not still using it
+ break;
+ }
+ else
+ {
+ // Need to add with a delay so that we can tag the SOA record
+ negcr = CreateNewCacheEntry(m, slot, cg, 1, mDNStrue, mDNSNULL);
+ if (negcr)
+ {
+ negcr->CRDNSSECQuestion = 0;
+ if (DNSSECQuestion(qptr))
+ negcr->CRDNSSECQuestion = 1;
+ negcr->DelayDelivery = 0;
+
+ if (SOARecord)
+ {
+ if (negcr->soa)
+ ReleaseCacheRecord(m, negcr->soa);
+ negcr->soa = SOARecord;
+ SOARecord = mDNSNULL;
+ }
+ CacheRecordDeferredAdd(m, negcr);
+ }
+ }
+ m->rec.r.responseFlags = zeroID;
+ m->rec.r.resrec.RecordType = 0; // Clear RecordType to show we're not still using it
+ if (!repeat) break;
+ repeat--;
+ name = (const domainname *)(name->c + 1 + name->c[0]);
+ hash = DomainNameHashValue(name);
+ slot = HashSlot(name);
+ cg = CacheGroupForName(m, slot, hash, name);
+ }
+ }
+ }
+ }
+ }
+ if (NSECRecords) { LogInfo("mDNSCoreReceiveNoUnicastAnswers: NSECRecords not used"); FreeNSECRecords(m, NSECRecords); }
+ if (SOARecord) { LogInfo("mDNSCoreReceiveNoUnicastAnswers: SOARecord not used"); ReleaseCacheRecord(m, SOARecord); }
+}
+
+mDNSlocal void mDNSCorePrintStoredProxyRecords(mDNS *const m)
+{
+ AuthRecord *rrPtr = mDNSNULL;
+ LogSPS("Stored Proxy records :");
+ for (rrPtr = m->SPSRRSet; rrPtr; rrPtr = rrPtr->next)
+ {
+ LogSPS("%s", ARDisplayString(m, rrPtr));
+ }
+}
+
+mDNSlocal mDNSBool mDNSCoreRegisteredProxyRecord(mDNS *const m, AuthRecord *rr)
+{
+ AuthRecord *rrPtr = mDNSNULL;
+
+ for (rrPtr = m->SPSRRSet; rrPtr; rrPtr = rrPtr->next)
+ {
+ if (IdenticalResourceRecord(&rrPtr->resrec, &rr->resrec))
+ {
+ LogSPS("mDNSCoreRegisteredProxyRecord: Ignoring packet registered with sleep proxy : %s ", ARDisplayString(m, rr));
+ return mDNStrue;
+ }
+ }
+ mDNSCorePrintStoredProxyRecords(m);
+ return mDNSfalse;
+}
+
+mDNSlocal CacheRecord* mDNSCoreReceiveCacheCheck(mDNS *const m, const DNSMessage *const response, uDNS_LLQType LLQType,
+ const mDNSu32 slot, CacheGroup *cg, DNSQuestion *unicastQuestion, CacheRecord ***cfp, CacheRecord **NSECCachePtr,
+ mDNSInterfaceID InterfaceID)
+{
+ CacheRecord *rr;
+ CacheRecord **cflocal = *cfp;
+
+ for (rr = cg ? cg->members : mDNSNULL; rr; rr=rr->next)
+ {
+ mDNSBool match;
+ // Resource record received via unicast, the resGroupID should match ?
+ if (!InterfaceID)
+ {
+ mDNSu16 id1 = (rr->resrec.rDNSServer ? rr->resrec.rDNSServer->resGroupID : 0);
+ mDNSu16 id2 = (m->rec.r.resrec.rDNSServer ? m->rec.r.resrec.rDNSServer->resGroupID : 0);
+ match = (id1 == id2);
+ }
+ else
+ match = (rr->resrec.InterfaceID == InterfaceID);
+ // If we found this exact resource record, refresh its TTL
+ if (match && IdenticalSameNameRecord(&m->rec.r.resrec, &rr->resrec))
+ {
+ if (m->rec.r.resrec.rdlength > InlineCacheRDSize)
+ verbosedebugf("mDNSCoreReceiveCacheCheck: Found record size %5d interface %p already in cache: %s",
+ m->rec.r.resrec.rdlength, InterfaceID, CRDisplayString(m, &m->rec.r));
+
+ if (m->rec.r.resrec.RecordType & kDNSRecordTypePacketUniqueMask)
+ {
+ // If this packet record has the kDNSClass_UniqueRRSet flag set, then add it to our cache flushing list
+ if (rr->NextInCFList == mDNSNULL && *cfp != &rr->NextInCFList && LLQType != uDNS_LLQ_Events)
+ {
+ *cflocal = rr;
+ cflocal = &rr->NextInCFList;
+ *cflocal = (CacheRecord*)1;
+ *cfp = &rr->NextInCFList;
+ }
+
+ // If this packet record is marked unique, and our previous cached copy was not, then fix it
+ if (!(rr->resrec.RecordType & kDNSRecordTypePacketUniqueMask))
+ {
+ DNSQuestion *q;
+ for (q = m->Questions; q; q=q->next)
+ {
+ if (ResourceRecordAnswersQuestion(&rr->resrec, q))
+ q->UniqueAnswers++;
+ }
+ rr->resrec.RecordType = m->rec.r.resrec.RecordType;
+ }
+ }
+
+ if (!SameRDataBody(&m->rec.r.resrec, &rr->resrec.rdata->u, SameDomainNameCS))
+ {
+ // If the rdata of the packet record differs in name capitalization from the record in our cache
+ // then mDNSPlatformMemSame will detect this. In this case, throw the old record away, so that clients get
+ // a 'remove' event for the record with the old capitalization, and then an 'add' event for the new one.
+ // <rdar://problem/4015377> mDNS -F returns the same domain multiple times with different casing
+ rr->resrec.rroriginalttl = 0;
+ rr->TimeRcvd = m->timenow;
+ rr->UnansweredQueries = MaxUnansweredQueries;
+ SetNextCacheCheckTimeForRecord(m, rr);
+ LogInfo("mDNSCoreReceiveCacheCheck: Discarding due to domainname case change old: %s", CRDisplayString(m, rr));
+ LogInfo("mDNSCoreReceiveCacheCheck: Discarding due to domainname case change new: %s", CRDisplayString(m, &m->rec.r));
+ LogInfo("mDNSCoreReceiveCacheCheck: Discarding due to domainname case change in %d slot %3d in %d %d",
+ NextCacheCheckEvent(rr) - m->timenow, slot, m->rrcache_nextcheck[slot] - m->timenow, m->NextCacheCheck - m->timenow);
+ // DO NOT break out here -- we want to continue as if we never found it
+ }
+ else if (!IdenticalAnonInfo(m->rec.r.resrec.AnonInfo, rr->resrec.AnonInfo))
+ {
+ // If the NSEC3 record changed, a few possibilities
+ //
+ // 1) the peer reinitialized e.g., after network change and still part of the
+ // same set.
+ // 2) the peer went to a different set but we did not see the goodbyes. If we just
+ // update the nsec3 record, it would be incorrect. Flush the cache so that we
+ // can deliver a RMV followed by ADD.
+ // 3) if the peer is ourselves and we see the goodbye when moving to a different set
+ // and so we flush the cache and create a new cache record with the new set information.
+ // Now we move back to the original set. In this case, we can't just update the
+ // NSEC3 record alone. We need to flush so that we can deliver an RMV followed by ADD
+ // when we create the new cache entry.
+ //
+ // Note: For case (1), we could avoid flushing the cache but we can't tell the difference
+ // from the other cases.
+ rr->resrec.rroriginalttl = 0;
+ rr->TimeRcvd = m->timenow;
+ rr->UnansweredQueries = MaxUnansweredQueries;
+ SetNextCacheCheckTimeForRecord(m, rr);
+ LogInfo("mDNSCoreReceiveCacheCheck: AnonInfo changed for %s", CRDisplayString(m, rr));
+ // DO NOT break out here -- we want to continue as if we never found it. When we return
+ // from this function, we will create a new cache entry with the new NSEC3 record
+ }
+ else if (m->rec.r.resrec.rroriginalttl > 0)
+ {
+ DNSQuestion *q;
+
+ m->mDNSStats.CacheRefreshed++;
+
+ if (rr->resrec.rroriginalttl == 0) debugf("uDNS rescuing %s", CRDisplayString(m, rr));
+ RefreshCacheRecord(m, rr, m->rec.r.resrec.rroriginalttl);
+ rr->responseFlags = response->h.flags;
+
+ // If we may have NSEC records returned with the answer (which we don't know yet as it
+ // has not been processed), we need to cache them along with the first cache
+ // record in the list that answers the question so that it can be used for validation
+ // later. The "type" check below is to make sure that we cache on the cache record
+ // that would answer the question. It is possible that we might cache additional things
+ // e.g., MX question might cache A records also, and we want to cache the NSEC on
+ // the record that answers the question.
+ if (response->h.numAnswers && unicastQuestion && unicastQuestion->qtype == rr->resrec.rrtype
+ && !(*NSECCachePtr))
+ {
+ LogInfo("mDNSCoreReceiveCacheCheck: rescuing RR %s", CRDisplayString(m, rr));
+ *NSECCachePtr = rr;
+ }
+ // We have to reset the question interval to MaxQuestionInterval so that we don't keep
+ // polling the network once we get a valid response back. For the first time when a new
+ // cache entry is created, AnswerCurrentQuestionWithResourceRecord does that.
+ // Subsequently, if we reissue questions from within the mDNSResponder e.g., DNS server
+ // configuration changed, without flushing the cache, we reset the question interval here.
+ // Currently, we do this for for both multicast and unicast questions as long as the record
+ // type is unique. For unicast, resource record is always unique and for multicast it is
+ // true for records like A etc. but not for PTR.
+ if (rr->resrec.RecordType & kDNSRecordTypePacketUniqueMask)
+ {
+ for (q = m->Questions; q; q=q->next)
+ {
+ if (!q->DuplicateOf && !q->LongLived &&
+ ActiveQuestion(q) && ResourceRecordAnswersQuestion(&rr->resrec, q))
+ {
+ ResetQuestionState(m, q);
+ debugf("mDNSCoreReceiveCacheCheck: Set MaxQuestionInterval for %p %##s (%s)", q, q->qname.c, DNSTypeName(q->qtype));
+ break; // Why break here? Aren't there other questions we might want to look at?-- SC July 2010
+ }
+ }
+ }
+ break;
+ }
+ else
+ {
+
+ // If the packet TTL is zero, that means we're deleting this record.
+ // To give other hosts on the network a chance to protest, we push the deletion
+ // out one second into the future. Also, we set UnansweredQueries to MaxUnansweredQueries.
+ // Otherwise, we'll do final queries for this record at 80% and 90% of its apparent
+ // lifetime (800ms and 900ms from now) which is a pointless waste of network bandwidth.
+ // If record's current expiry time is more than a second from now, we set it to expire in one second.
+ // If the record is already going to expire in less than one second anyway, we leave it alone --
+ // we don't want to let the goodbye packet *extend* the record's lifetime in our cache.
+ debugf("DE for %s", CRDisplayString(m, rr));
+ if (RRExpireTime(rr) - m->timenow > mDNSPlatformOneSecond)
+ {
+ rr->resrec.rroriginalttl = 1;
+ rr->TimeRcvd = m->timenow;
+ rr->UnansweredQueries = MaxUnansweredQueries;
+ SetNextCacheCheckTimeForRecord(m, rr);
+ }
+ break;
+ }
+ }
+ }
+ return rr;
+}
+
+mDNSlocal void mDNSParseNSEC3Records(mDNS *const m, const DNSMessage *const response, const mDNSu8 *end,
+ const mDNSInterfaceID InterfaceID, CacheRecord **NSEC3Records)
+{
+ const mDNSu8 *ptr = response->data;
+ CacheRecord *rr;
+ int i;
+
+ if (!response->h.numAuthorities)
+ return;
+ ptr = LocateAuthorities(response, end);
+ if (!ptr)
+ {
+ LogInfo("mDNSParseNSEC3Records: ERROR can't locate authorities");
+ return;
+ }
+ for (i = 0; i < response->h.numAuthorities && ptr && ptr < end; i++)
+ {
+ mDNSu32 slot;
+ CacheGroup *cg;
+
+ ptr = GetLargeResourceRecord(m, response, ptr, end, InterfaceID, kDNSRecordTypePacketAuth, &m->rec);
+ if (!ptr || m->rec.r.resrec.RecordType == kDNSRecordTypePacketNegative || m->rec.r.resrec.rrtype != kDNSType_NSEC3)
+ {
+ debugf("mDNSParseNSEC3Records: ptr %p, Record %s, ignoring", ptr, CRDisplayString(m, &m->rec.r));
+ m->rec.r.resrec.RecordType = 0;
+ continue;
+ }
+ slot = HashSlot(m->rec.r.resrec.name);
+ cg = CacheGroupForRecord(m, slot, &m->rec.r.resrec);
+ // Create the cache entry but don't add it to the cache it. We need
+ // to cache this along with the main cache record.
+ rr = CreateNewCacheEntry(m, slot, cg, 0, mDNSfalse, mDNSNULL);
+ if (rr)
+ {
+ debugf("mDNSParseNSEC3Records: %s", CRDisplayString(m, rr));
+ *NSEC3Records = rr;
+ NSEC3Records = &rr->next;
+ }
+ m->rec.r.resrec.RecordType = 0; // Clear RecordType to show we're not still using it
+ }
+}
+
+mDNSlocal void mDNSCoreResetRecord(mDNS *const m)
+{
+ m->rec.r.resrec.RecordType = 0; // Clear RecordType to show we're not still using it
+ if (m->rec.r.resrec.AnonInfo)
+ {
+ FreeAnonInfo(m->rec.r.resrec.AnonInfo);
+ m->rec.r.resrec.AnonInfo = mDNSNULL;
+ }
+}
+
+#define DEVICE_INFO_RECORD_LABELS 4
+
+// Determine if the record is an instance of _device-info._tcp.local.
+mDNSlocal mDNSBool IsDeviceInfoRecord(const domainname *d)
+{
+ const domainname *afterInstance;
+
+ if (CountLabels(d) != DEVICE_INFO_RECORD_LABELS)
+ return mDNSfalse;
+
+ // skip the instance name
+ afterInstance = SkipLeadingLabels(d, 1);
+ if (SameDomainName(afterInstance, &LocalDeviceInfoName))
+ return mDNStrue;
+
+ return mDNSfalse;
+}
projects / apple / mdnsresponder.git / blobdiff