NLnetLabs · wtoorop · Jan 14, 2025 · Jan 14, 2025 · Jan 14, 2025 · Jan 15, 2025
diff --git a/.gitignore b/.gitignore
@@ -43,8 +43,12 @@
 /tpkg/long/result.*
 /tpkg/long/.done-*
 /tpkg/long/*.log
+build/
 
 # Eclipse IDE Project Settings
 .cproject
 .project
 .settings/
+
+# IDEA Project settings
+.idea/
diff --git a/.gitmodules b/.gitmodules
@@ -1,3 +1,3 @@
 [submodule "simdzone"]
 	path = simdzone
-	url = https://github.com/NLnetLabs/simdzone.git
+	url = https://github.com/WP-Official/simdzone.git
diff --git a/configure.ac b/configure.ac
@@ -966,6 +966,15 @@ case "$enable_zone_stats" in
 		;;
 esac
 
+AC_ARG_ENABLE(deleg, AS_HELP_STRING([--enable-ideleg],[Enables the use of the draft IDELEG RR type]))
+case "$enable_deleg" in
+	yes)
+		AC_DEFINE_UNQUOTED([USE_IDELEG], [], [Define this to enable IDELEG draft RR type])
+		;;
+	no|''|*)
+		;;
+esac
+
 AC_ARG_ENABLE(checking, AS_HELP_STRING([--enable-checking],[Enable internal runtime checks]))
 case "$enable_checking" in
         yes)
@@ -1083,7 +1092,7 @@ AC_INCLUDES_DEFAULT
 #include <openssl/x509v3.h>
 #endif
 ])
-	AC_CHECK_DECL([TLS1_3_VERSION], 
+	AC_CHECK_DECL([TLS1_3_VERSION],
 		[AC_DEFINE([HAVE_TLS_1_3], [1], [Define if TLS 1.3 is supported by OpenSSL])],
 		[AC_MSG_WARN([No TLS 1.3, therefore XFR-over-TLS is disabled])], [[#include <openssl/ssl.h>]])
 

diff --git a/dname.c b/dname.c
@@ -618,3 +618,81 @@ is_dname_subdomain_of_case(const uint8_t* d, unsigned int len,
 	/* The trailing portion is not at a label point. */
 	return 0;
 }
+
+dname_type*
+label_plus_dname(const char* label, const dname_type* dname)
+{
+	static struct {
+		dname_type dname;
+		uint8_t bytes[MAXDOMAINLEN + 128 /* max number of labels */];
+	} ATTR_PACKED name;
+	size_t i, ll;
+
+	if (!label || !dname || dname->label_count > 127)
+		return NULL;
+	ll = strlen(label);
+	if ((int)dname->name_size + ll + 1 > MAXDOMAINLEN)
+		return NULL;
+
+	/* In reversed order and first copy with memmove, so we can nest.
+	 * i.e. label_plus_dname(label1, label_plus_dname(label2, dname))
+	 */
+	memmove(name.bytes + dname->label_count
+			+ 1 /* label_count increases by one */
+			+ 1 /* label type/length byte for label */ + ll,
+		((void*)dname) + sizeof(dname_type) + dname->label_count,
+		dname->name_size);
+	memcpy(name.bytes + dname->label_count
+			+ 1 /* label_count increases by one */
+			+ 1 /* label type/length byte for label */, label, ll);
+	name.bytes[dname->label_count + 1] = ll; /* label type/length byte */
+	name.bytes[dname->label_count] = 0; /* first label follows last
+										 * label_offsets element */
+	for (i = 0; i < dname->label_count; i++)
+		name.bytes[i] = ((uint8_t*)(void*)dname)[sizeof(dname_type)+i]
+			+ 1 /* label type/length byte for label */ + ll;
+	name.dname.label_count = dname->label_count + 1 /* label_count incr. */;
+	name.dname.name_size   = dname->name_size   + ll
+												+ 1 /* label length */;
+	return &name.dname;
+}
+
+dname_type*
+labels_plus_dname(const dname_type* labels, size_t amount_to_be_copied, dname_type* dname)
+{
+	static struct {
+		dname_type dname;
+		uint8_t bytes[MAXDOMAINLEN + 128 /* max number of labels */];
+	} ATTR_PACKED name;
+	size_t i;
+	uint8_t copied_label_size;
+	copied_label_size = 0;
+	if (!amount_to_be_copied) return dname; // If the size is 0 we return the original dname
+	if (!labels || !dname || dname->label_count > 127 ||
+		amount_to_be_copied > labels->label_count)
+		return NULL;
+
+	for (i = 0; i < amount_to_be_copied; i++)
+	{
+		copied_label_size += label_length(dname_label(labels, labels->label_count - i - 1));
+	}
+	if ((int)dname->name_size + copied_label_size + 1 > MAXDOMAINLEN)
+		return NULL;
+
+	name.dname.label_count = dname->label_count + amount_to_be_copied;
+	name.dname.name_size   = dname->name_size   + copied_label_size + amount_to_be_copied;
+	/* In reversed order and first copy with memmove, so we can nest.
+	 * i.e. labels_plus_dname(labels1, 1,labels_plus_dname(label2, 2, dname))
+	 */
+	memmove(name.bytes + copied_label_size + name.dname.label_count + 1, ((void*)dname) + sizeof(dname_type) + dname->label_count, dname->name_size);
+	memcpy(name.bytes + name.dname.label_count,
+		((void*)labels) + sizeof(dname_type) + labels->label_count,
+		copied_label_size + amount_to_be_copied);
+
+
+	name.bytes[dname->label_count] = 0;
+	for (i = 0; i < dname->label_count; i++)
+		name.bytes[i] = ((uint8_t*)(void*)dname)[sizeof(dname_type)+i]
+			 + copied_label_size /* label type/length byte for label */ + amount_to_be_copied;
+	return &name.dname;
+}
diff --git a/dname.h b/dname.h
@@ -403,4 +403,11 @@ int dname_equal_nocase(uint8_t* a, uint8_t* b, uint16_t len);
 int is_dname_subdomain_of_case(const uint8_t* d, unsigned int len,
 	const uint8_t* d2, unsigned int len2);
 
+/** return dname with label prepended to dname */
+dname_type* label_plus_dname(const char* label,const dname_type* dname);
+
+/** return dname with amount_of_labels from labels prepended to dname */
+dname_type* labels_plus_dname(const dname_type* labels,
+	size_t amount_to_be_copied, dname_type* dname);
+
 #endif /* DNAME_H */
diff --git a/dns.c b/dns.c
@@ -416,7 +416,7 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)]
 	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
 	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
 	  },
-	  { RDATA_ZF_SHORT   , RDATA_ZF_DNAME   
+	  { RDATA_ZF_SHORT   , RDATA_ZF_DNAME
 	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
 	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
 	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
@@ -922,6 +922,57 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)]
 	{ TYPE_DLV, "DLV", 4, 4,
 	  { RDATA_WF_SHORT, RDATA_WF_BYTE, RDATA_WF_BYTE, RDATA_WF_BINARY },
 	  { RDATA_ZF_SHORT, RDATA_ZF_ALGORITHM, RDATA_ZF_BYTE, RDATA_ZF_HEX } },
+#ifdef USE_IDELEG
+	/* 65280 IDELEG*/
+	{ TYPE_IDELEG, "IDELEG", 2, MAXRDATALEN,
+	  { RDATA_WF_SHORT                        /* SvcFieldPriority */
+	  , RDATA_WF_UNCOMPRESSED_DNAME           /* SvcDomainName */
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM  /* SvcFieldValue */
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM
+	  },
+	  { RDATA_ZF_SHORT   , RDATA_ZF_DNAME
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM
+	  } },
+#endif
 };
 
 rrtype_descriptor_type *
@@ -933,6 +984,10 @@ rrtype_descriptor_by_type(uint16_t type)
 		return &rrtype_descriptors[PSEUDO_TYPE_DLV];
 	else if (type == TYPE_TA)
 		return &rrtype_descriptors[PSEUDO_TYPE_TA];
+#ifdef USE_IDELEG
+	else if (type == TYPE_IDELEG)
+		return &rrtype_descriptors[PSEUDO_TYPE_IDELEG];
+#endif
 	return &rrtype_descriptors[0];
 }
 

diff --git a/dns.h b/dns.h
@@ -175,8 +175,16 @@ typedef enum nsd_rc nsd_rc_type;
 
 #define TYPE_TA		32768	/* http://www.watson.org/~weiler/INI1999-19.pdf */
 #define TYPE_DLV	32769	/* RFC 4431 */
+
+#ifdef USE_IDELEG
+#define TYPE_IDELEG	65280	/* IETF IDELEG draft*/
+#endif
+
 #define PSEUDO_TYPE_TA	RRTYPE_DESCRIPTORS_LENGTH
 #define PSEUDO_TYPE_DLV	(RRTYPE_DESCRIPTORS_LENGTH + 1)
+#ifdef USE_IDELEG
+#define PSEUDO_TYPE_IDELEG	(RRTYPE_DESCRIPTORS_LENGTH + 2)
+#endif
 
 #define SVCB_KEY_MANDATORY		0
 #define SVCB_KEY_ALPN			1
@@ -299,7 +307,7 @@ typedef struct rrtype_descriptor rrtype_descriptor_type;
  * Indexed by type.  The special type "0" can be used to get a
  * descriptor for unknown types (with one binary rdata).
  *
- * CLA + 1
+ * IPN + 1
  */
 #define RRTYPE_DESCRIPTORS_LENGTH  (TYPE_IPN + 1)
 rrtype_descriptor_type *rrtype_descriptor_by_name(const char *name);

diff --git a/namedb.c b/namedb.c
@@ -34,7 +34,7 @@ allocate_domain_info(domain_table_type* table,
 	result = (domain_type *) region_alloc(table->region,
 					      sizeof(domain_type));
 #ifdef USE_RADIX_TREE
-	result->dname 
+	result->dname
 #else
 	result->node.key
 #endif
@@ -600,6 +600,68 @@ domain_find_ns_rrsets(domain_type* domain, zone_type* zone, rrset_type **ns)
 	return NULL;
 }
 
+#ifdef USE_IDELEG
+rrset_type *
+domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone,
+	namedb_type* db, domain_type** ideleg_domain, dname_type** ideleg_dname)
+{
+	rrset_type* result;
+	*ideleg_dname = labels_plus_dname(delegation_domain->dname,
+		delegation_domain->dname->label_count - zone->apex->dname->label_count,
+		label_plus_dname("_deleg", zone->apex->dname));
+	*ideleg_domain = domain_table_find(db->domains, *ideleg_dname);
+	if (!*ideleg_domain)
+		return NULL;
+	result = domain_find_rrset(*ideleg_domain, zone, TYPE_IDELEG);
+
+	return result;
+}
+
+rrset_type *
+domain_find_deleg_wildcard_rrsets(dname_type* ideleg_dname, zone_type* zone,
+	region_type* region, namedb_type* db, domain_type** wildcard_match)
+{
+	domain_type* closest_match;
+	domain_type* closest_encloser;
+	domain_type* wildcard_child;
+	domain_type* match;
+	namedb_lookup(db, ideleg_dname, &closest_match, &closest_encloser);
+	wildcard_child = domain_wildcard_child(closest_encloser);
+	if (!wildcard_child || !wildcard_child->is_existing)
+	{
+		return NULL;
+	}
+	match = (domain_type *) region_alloc(region,
+					 sizeof(domain_type));
+#ifdef USE_RADIX_TREE
+	match->rnode = NULL;
+	match->dname = ideleg_dname;
+#else
+	memcpy(&match->node, &wildcard_child->node, sizeof(rbnode_type));
+	match->node.parent = NULL;
+#endif
+	match->parent = closest_encloser;
+	match->wildcard_child_closest_match = match;
+	// match->number = domain_number;
+	match->rrsets = wildcard_child->rrsets;
+	match->is_existing = wildcard_child->is_existing;
+#ifdef NSEC3
+	match->nsec3 = wildcard_child->nsec3;
+	/* copy over these entries:
+	match->nsec3_is_exact = wildcard_child->nsec3_is_exact;
+	match->nsec3_cover = wildcard_child->nsec3_cover;
+	match->nsec3_wcard_child_cover = wildcard_child->nsec3_wcard_child_cover;
+	match->nsec3_ds_parent_is_exact = wildcard_child->nsec3_ds_parent_is_exact;
+	match->nsec3_ds_parent_cover = wildcard_child->nsec3_ds_parent_cover;
+	*/
+
+#endif
+
+	*wildcard_match = match;
+	return domain_find_rrset(wildcard_child, zone, TYPE_IDELEG);
+}
+#endif
+
 domain_type *
 find_dname_above(domain_type* domain, zone_type* zone)
 {

diff --git a/namedb.h b/namedb.h
@@ -372,7 +372,7 @@ zone_type *namedb_find_zone(namedb_type *db, const dname_type *dname);
 /*
  * Delete a domain name from the domain table.  Removes dname_info node.
  * Only deletes if usage is 0, has no rrsets and no children.  Checks parents
- * for deletion as well.  Adjusts numberlist(domain.number), and 
+ * for deletion as well.  Adjusts numberlist(domain.number), and
  * wcard_child closest match.
  */
 void domain_table_deldomain(namedb_type* db, domain_type* domain);
@@ -474,4 +474,10 @@ void zone_rr_iter_init(zone_rr_iter_type *iter, zone_type *zone);
 
 rr_type *zone_rr_iter_next(zone_rr_iter_type *iter);
 
+#ifdef USE_IDELEG
+rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, domain_type **ideleg_domain, dname_type **ideleg_dname);
+
+rrset_type *domain_find_deleg_wildcard_rrsets(dname_type* ideleg_dname, zone_type* zone, region_type* region, namedb_type* db, domain_type** wildcard_match);
+#endif
+
 #endif /* NAMEDB_H */
diff --git a/nsec3.c b/nsec3.c
@@ -360,7 +360,7 @@ hash_tree_clear(rbtree_type* tree)
 	 * then mean setting the key value of the nodes to NULL to indicate
 	 * absence of the prehash.
 	 * But since prehash structs are separatly allocated, this is no longer
-	 * necessary as currently the prehash structs are simply recycled and 
+	 * necessary as currently the prehash structs are simply recycled and
 	 * NULLed.
 	 *
 	 * rbnode_type* n;