/*

 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")

 *

 * SPDX-License-Identifier: MPL-2.0

 *

 * This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, you can obtain one at https://mozilla.org/MPL/2.0/.

 *

 * See the COPYRIGHT file distributed with this work for additional

 * information regarding copyright ownership.

 */

/*! \file */

/*

 * FIXME: Might need dns_dispatch_shuttingdown()

 */

#include <inttypes.h>

#include <stdbool.h>

#include <stdlib.h>

#include <sys/types.h>

#include <unistd.h>

#include <isc/async.h>

#include <isc/hash.h>

#include <isc/hashmap.h>

#include <isc/log.h>

#include <isc/loop.h>

#include <isc/mem.h>

#include <isc/mutex.h>

#include <isc/net.h>

#include <isc/netmgr.h>

#include <isc/portset.h>

#include <isc/random.h>

#include <isc/stats.h>

#include <isc/string.h>

#include <isc/tid.h>

#include <isc/time.h>

#include <isc/tls.h>

#include <isc/urcu.h>

#include <isc/util.h>

#include <dns/acl.h>

#include <dns/dispatch.h>

#include <dns/message.h>

#include <dns/stats.h>

#include <dns/transport.h>

#include <dns/types.h>

typedef ISC_LIST(dns_dispentry_t) dns_displist_t;

struct dns_dispatchmgr {

  /* Unlocked. */

  unsigned int magic;

  isc_refcount_t references;

  isc_mem_t *mctx;

  dns_acl_t *blackhole;

  isc_stats_t *stats;

  uint32_t nloops;

  struct cds_lfht **tcps;

  struct cds_lfht *qids;

  in_port_t *v4ports;    /*%< available ports for IPv4 */

  unsigned int nv4ports; /*%< # of available ports for IPv4 */

  in_port_t *v6ports;    /*%< available ports for IPv4 */

  unsigned int nv6ports; /*%< # of available ports for IPv4 */

};

typedef enum {

  DNS_DISPATCHSTATE_NONE = 0UL,

  DNS_DISPATCHSTATE_CONNECTING,

  DNS_DISPATCHSTATE_CONNECTED,

  DNS_DISPATCHSTATE_CANCELED,

} dns_dispatchstate_t;

struct dns_dispentry {

  unsigned int magic;

  isc_refcount_t references;

  isc_mem_t *mctx;

  dns_dispatch_t *disp;

  isc_loop_t *loop;

  isc_nmhandle_t *handle; /*%< netmgr handle for UDP connection */

  dns_dispatchstate_t state;

  dns_transport_t *transport;

  isc_tlsctx_cache_t *tlsctx_cache;

  unsigned int retries;

  unsigned int connect_timeout;

  unsigned int timeout;

  isc_time_t start;

  isc_sockaddr_t local;

  isc_sockaddr_t peer;

  in_port_t port;

  dns_messageid_t id;

  dispatch_cb_t connected;

  dispatch_cb_t sent;

  dispatch_cb_t response;

  void *arg;

  bool reading;

  isc_result_t result;

  ISC_LINK(dns_dispentry_t) alink;

  ISC_LINK(dns_dispentry_t) plink;

  ISC_LINK(dns_dispentry_t) rlink;

  struct cds_lfht_node ht_node;

  struct rcu_head rcu_head;

};

struct dns_dispatch {

  /* Unlocked. */

  unsigned int magic; /*%< magic */

  isc_tid_t tid;

  isc_socktype_t socktype;

  isc_refcount_t references;

  isc_mem_t *mctx;

  dns_dispatchmgr_t *mgr;     /*%< dispatch manager */

  isc_nmhandle_t *handle;     /*%< netmgr handle for TCP connection */

  isc_sockaddr_t local;     /*%< local address */

  isc_sockaddr_t peer;      /*%< peer address (TCP) */

  dns_transport_t *transport; /*%< TCP transport parameters */

  dns_dispatchopt_t options;

  dns_dispatchstate_t state;

  bool reading;

  dns_displist_t pending;

  dns_displist_t active;

  uint_fast32_t requests; /*%< how many requests we have */

  unsigned int timedout;

  struct cds_lfht_node ht_node;

  struct rcu_head rcu_head;

};

#define RESPONSE_MAGIC    ISC_MAGIC('D', 'r', 's', 'p')

#define VALID_RESPONSE(e) ISC_MAGIC_VALID((e), RESPONSE_MAGIC)

#define DISPATCH_MAGIC    ISC_MAGIC('D', 'i', 's', 'p')

#define VALID_DISPATCH(e) ISC_MAGIC_VALID((e), DISPATCH_MAGIC)

#define DNS_DISPATCHMGR_MAGIC ISC_MAGIC('D', 'M', 'g', 'r')

#define VALID_DISPATCHMGR(e)  ISC_MAGIC_VALID((e), DNS_DISPATCHMGR_MAGIC)

#if DNS_DISPATCH_TRACE

#define dns_dispentry_ref(ptr) \

  dns_dispentry__ref(ptr, __func__, __FILE__, __LINE__)

#define dns_dispentry_unref(ptr) \

  dns_dispentry__unref(ptr, __func__, __FILE__, __LINE__)

#define dns_dispentry_attach(ptr, ptrp) \

  dns_dispentry__attach(ptr, ptrp, __func__, __FILE__, __LINE__)

#define dns_dispentry_detach(ptrp) \

  dns_dispentry__detach(ptrp, __func__, __FILE__, __LINE__)

ISC_REFCOUNT_TRACE_DECL(dns_dispentry);

#else

ISC_REFCOUNT_DECL(dns_dispentry);

#endif

/*

 * The number of attempts to find unique <addr, port, query_id> combination

 */

#define QID_MAX_TRIES 64

/*

 * Initial and minimum QID table sizes.

 */

#define QIDS_INIT_SIZE (1 << 4) /* Must be power of 2 */

#define QIDS_MIN_SIZE  (1 << 4) /* Must be power of 2 */

/*

 * Statics.

 */

static void

dispatchmgr_destroy(dns_dispatchmgr_t *mgr);

static void

udp_recv(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,

   void *arg);

static void

tcp_recv(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,

   void *arg);

static void

dispentry_cancel(dns_dispentry_t *resp, isc_result_t result);

static isc_result_t

dispatch_createudp(dns_dispatchmgr_t *mgr, const isc_sockaddr_t *localaddr,

       isc_tid_t tid, dns_dispatch_t **dispp);

static void

udp_startrecv(isc_nmhandle_t *handle, dns_dispentry_t *resp);

static void

udp_dispatch_connect(dns_dispatch_t *disp, dns_dispentry_t *resp);

static void

tcp_startrecv(dns_dispatch_t *disp, dns_dispentry_t *resp);

static void

tcp_dispatch_getnext(dns_dispatch_t *disp, dns_dispentry_t *resp,

         int64_t timeout);

static void

udp_dispatch_getnext(dns_dispentry_t *resp, int64_t timeout);

static const char *

socktype2str(dns_dispentry_t *resp) {

  dns_transport_type_t transport_type = DNS_TRANSPORT_UDP;

  dns_dispatch_t *disp = resp->disp;

  if (disp->socktype == isc_socktype_tcp) {

    if (resp->transport != NULL) {

      transport_type =

        dns_transport_get_type(resp->transport);

    } else {

      transport_type = DNS_TRANSPORT_TCP;

    }

  }

  switch (transport_type) {

  case DNS_TRANSPORT_UDP:

    return "UDP";

  case DNS_TRANSPORT_TCP:

    return "TCP";

  case DNS_TRANSPORT_TLS:

    return "TLS";

  case DNS_TRANSPORT_HTTP:

    return "HTTP";

  default:

    return "<unexpected>";

  }

}

static const char *

state2str(dns_dispatchstate_t state) {

  switch (state) {

  case DNS_DISPATCHSTATE_NONE:

    return "none";

  case DNS_DISPATCHSTATE_CONNECTING:

    return "connecting";

  case DNS_DISPATCHSTATE_CONNECTED:

    return "connected";

  case DNS_DISPATCHSTATE_CANCELED:

    return "canceled";

  default:

    return "<unexpected>";

  }

}

static void

mgr_log(dns_dispatchmgr_t *mgr, int level, const char *fmt, ...)

  ISC_FORMAT_PRINTF(3, 4);

static void

mgr_log(dns_dispatchmgr_t *mgr, int level, const char *fmt, ...) {

  char msgbuf[2048];

  va_list ap;

  if (!isc_log_wouldlog(level)) {

    return;

  }

  va_start(ap, fmt);

  vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);

  va_end(ap);

  isc_log_write(DNS_LOGCATEGORY_DISPATCH, DNS_LOGMODULE_DISPATCH, level,

          "dispatchmgr %p: %s", mgr, msgbuf);

}

static void

inc_stats(dns_dispatchmgr_t *mgr, isc_statscounter_t counter) {

  if (mgr->stats != NULL) {

    isc_stats_increment(mgr->stats, counter);

  }

}

static void

dec_stats(dns_dispatchmgr_t *mgr, isc_statscounter_t counter) {

  if (mgr->stats != NULL) {

    isc_stats_decrement(mgr->stats, counter);

  }

}

static void

dispatch_log(dns_dispatch_t *disp, int level, const char *fmt, ...)

  ISC_FORMAT_PRINTF(3, 4);

static void

dispatch_log(dns_dispatch_t *disp, int level, const char *fmt, ...) {

  char msgbuf[2048];

  va_list ap;

  int r;

  if (!isc_log_wouldlog(level)) {

    return;

  }

  va_start(ap, fmt);

  r = vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);

  if (r < 0) {

    msgbuf[0] = '\0';

  } else if ((unsigned int)r >= sizeof(msgbuf)) {

    /* Truncated */

    msgbuf[sizeof(msgbuf) - 1] = '\0';

  }

  va_end(ap);

  isc_log_write(DNS_LOGCATEGORY_DISPATCH, DNS_LOGMODULE_DISPATCH, level,

          "dispatch %p: %s", disp, msgbuf);

}

static void

dispentry_log(dns_dispentry_t *resp, int level, const char *fmt, ...)

  ISC_FORMAT_PRINTF(3, 4);

static void

dispentry_log(dns_dispentry_t *resp, int level, const char *fmt, ...) {

  char msgbuf[2048];

  va_list ap;

  int r;

  if (!isc_log_wouldlog(level)) {

    return;

  }

  va_start(ap, fmt);

  r = vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);

  if (r < 0) {

    msgbuf[0] = '\0';

  } else if ((unsigned int)r >= sizeof(msgbuf)) {

    /* Truncated */

    msgbuf[sizeof(msgbuf) - 1] = '\0';

  }

  va_end(ap);

  dispatch_log(resp->disp, level, "%s response %p: %s",

         socktype2str(resp), resp, msgbuf);

}

/*%

 * Choose a random port number for a dispatch entry.

 */

static isc_result_t

setup_socket(dns_dispatch_t *disp, dns_dispentry_t *resp,

       const isc_sockaddr_t *dest, in_port_t *portp) {

  dns_dispatchmgr_t *mgr = disp->mgr;

  unsigned int nports;

  in_port_t *ports = NULL;

  in_port_t port = *portp;

  if (resp->retries++ > 5) {

    return ISC_R_FAILURE;

  }

  if (isc_sockaddr_pf(&disp->local) == AF_INET) {

    nports = mgr->nv4ports;

    ports = mgr->v4ports;

  } else {

    nports = mgr->nv6ports;

    ports = mgr->v6ports;

  }

  if (nports == 0) {

    return ISC_R_ADDRNOTAVAIL;

  }

  resp->local = disp->local;

  resp->peer = *dest;

  if (port == 0) {

    port = ports[isc_random_uniform(nports)];

    isc_sockaddr_setport(&resp->local, port);

    *portp = port;

  }

  resp->port = port;

  return ISC_R_SUCCESS;

}

static uint32_t

qid_hash(const dns_dispentry_t *dispentry) {

  isc_hash32_t hash;

  isc_hash32_init(&hash);

  isc_sockaddr_hash_ex(&hash, &dispentry->peer, true);

  isc_hash32_hash(&hash, &dispentry->id, sizeof(dispentry->id), true);

  isc_hash32_hash(&hash, &dispentry->port, sizeof(dispentry->port), true);

  return isc_hash32_finalize(&hash);

}

static int

qid_match(struct cds_lfht_node *node, const void *key0) {

  const dns_dispentry_t *dispentry =

    caa_container_of(node, dns_dispentry_t, ht_node);

  const dns_dispentry_t *key = key0;

  return dispentry->id == key->id && dispentry->port == key->port &&

         isc_sockaddr_equal(&dispentry->peer, &key->peer);

}

static void

dispentry_destroy_rcu(struct rcu_head *rcu_head) {

  dns_dispentry_t *resp = caa_container_of(rcu_head, dns_dispentry_t,

             rcu_head);

  isc_mem_putanddetach(&resp->mctx, resp, sizeof(*resp));

}

static void

dispentry_destroy(dns_dispentry_t *resp) {

  dns_dispatch_t *disp = resp->disp;

  /*

   * We need to call this from here in case there's an external event that

   * shuts down our dispatch (like ISC_R_SHUTTINGDOWN).

   */

  dispentry_cancel(resp, ISC_R_CANCELED);

  INSIST(disp->requests > 0);

  disp->requests--;

  resp->magic = 0;

  INSIST(!ISC_LINK_LINKED(resp, plink));

  INSIST(!ISC_LINK_LINKED(resp, alink));

  INSIST(!ISC_LINK_LINKED(resp, rlink));

  dispentry_log(resp, ISC_LOG_DEBUG(90), "destroying");

  if (resp->handle != NULL) {

    dispentry_log(resp, ISC_LOG_DEBUG(90),

            "detaching handle %p from %p", resp->handle,

            &resp->handle);

    isc_nmhandle_detach(&resp->handle);

  }

  if (resp->tlsctx_cache != NULL) {

    isc_tlsctx_cache_detach(&resp->tlsctx_cache);

  }

  if (resp->transport != NULL) {

    dns_transport_detach(&resp->transport);

  }

  dns_dispatch_detach(&disp); /* DISPATCH001 */

  call_rcu(&resp->rcu_head, dispentry_destroy_rcu);

}

#if DNS_DISPATCH_TRACE

ISC_REFCOUNT_TRACE_IMPL(dns_dispentry, dispentry_destroy);

#else

ISC_REFCOUNT_IMPL(dns_dispentry, dispentry_destroy);

#endif

/*

 * How long in milliseconds has it been since this dispentry

 * started reading?

 */

static unsigned int

dispentry_runtime(dns_dispentry_t *resp, const isc_time_t *now) {

  if (isc_time_isepoch(&resp->start)) {

    return 0;

  }

  return isc_time_microdiff(now, &resp->start) / 1000;

}

/*

 * General flow:

 *

 * If I/O result == CANCELED or error, free the buffer.

 *

 * If query, free the buffer, restart.

 *

 * If response:

 *  Allocate event, fill in details.

 *    If cannot allocate, free buffer, restart.

 *  find target.  If not found, free buffer, restart.

 *  if event queue is not empty, queue.  else, send.

 *  restart.

 */

static void

udp_recv(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,

   void *arg) {

  dns_dispentry_t *resp = (dns_dispentry_t *)arg;

  dns_dispatch_t *disp = NULL;

  dns_messageid_t id;

  isc_result_t dres;

  isc_buffer_t source;

  unsigned int flags;

  isc_sockaddr_t peer;

  isc_netaddr_t netaddr;

  int match;

  int64_t timeout = 0;

  bool respond = true;

  isc_time_t now;

  REQUIRE(VALID_RESPONSE(resp));

  REQUIRE(VALID_DISPATCH(resp->disp));

  disp = resp->disp;

  REQUIRE(disp->tid == isc_tid());

  INSIST(resp->reading);

  resp->reading = false;

  if (resp->state == DNS_DISPATCHSTATE_CANCELED) {

    /*

     * Nobody is interested in the callback if the response

     * has been canceled already.  Detach from the response

     * and the handle.

     */

    respond = false;

    eresult = ISC_R_CANCELED;

  }

  dispentry_log(resp, ISC_LOG_DEBUG(90),

          "read callback:%s, requests %" PRIuFAST32,

          isc_result_totext(eresult), disp->requests);

  if (eresult != ISC_R_SUCCESS) {

    /*

     * This is most likely a network error on a connected

     * socket, a timeout, or the query has been canceled.

     * It makes no sense to check the address or parse the

     * packet, but we can return the error to the caller.

     */

    goto done;

  }

  peer = isc_nmhandle_peeraddr(handle);

  isc_netaddr_fromsockaddr(&netaddr, &peer);

  /*

   * If this is from a blackholed address, drop it.

   */

  if (disp->mgr->blackhole != NULL &&

      dns_acl_match(&netaddr, NULL, disp->mgr->blackhole, NULL, &match,

        NULL) == ISC_R_SUCCESS &&

      match > 0)

  {

    if (isc_log_wouldlog(ISC_LOG_DEBUG(10))) {

      char netaddrstr[ISC_NETADDR_FORMATSIZE];

      isc_netaddr_format(&netaddr, netaddrstr,

             sizeof(netaddrstr));

      dispentry_log(resp, ISC_LOG_DEBUG(10),

              "blackholed packet from %s", netaddrstr);

    }

    goto next;

  }

  /*

   * Peek into the buffer to see what we can see.

   */

  id = resp->id;

  isc_buffer_init(&source, region->base, region->length);

  isc_buffer_add(&source, region->length);

  dres = dns_message_peekheader(&source, &id, &flags);

  if (dres != ISC_R_SUCCESS) {

    char netaddrstr[ISC_NETADDR_FORMATSIZE];

    isc_netaddr_format(&netaddr, netaddrstr, sizeof(netaddrstr));

    dispentry_log(resp, ISC_LOG_DEBUG(10),

            "got garbage packet from %s", netaddrstr);

    goto next;

  }

  dispentry_log(resp, ISC_LOG_DEBUG(92),

          "got valid DNS message header, /QR %c, id %u",

          ((flags & DNS_MESSAGEFLAG_QR) != 0) ? '1' : '0', id);

  /*

   * Look at the message flags.  If it's a query, ignore it.

   */

  if ((flags & DNS_MESSAGEFLAG_QR) == 0) {

    goto next;

  }

  /*

   * The QID and the address must match the expected ones.

   */

  if (resp->id != id || !isc_sockaddr_equal(&peer, &resp->peer)) {

    dispentry_log(resp, ISC_LOG_DEBUG(90),

            "response doesn't match");

    inc_stats(disp->mgr, dns_resstatscounter_mismatch);

    goto next;

  }

  /*

   * We have the right resp, so call the caller back.

   */

  goto done;

next:

  /*

   * This is the wrong response.  Check whether there is still enough

   * time to wait for the correct one to arrive before the timeout fires.

   */

  now = isc_loop_now(resp->loop);

  if (resp->timeout > 0) {

    timeout = resp->timeout - dispentry_runtime(resp, &now);

    if (timeout <= 0) {

      /*

       * The time window for receiving the correct response is

       * already closed, libuv has just not processed the

       * socket timer yet.  Invoke the read callback,

       * indicating a timeout.

       */

      eresult = ISC_R_TIMEDOUT;

      goto done;

    }

  }

  /*

   * Do not invoke the read callback just yet and instead wait for the

   * proper response to arrive until the original timeout fires.

   */

  respond = false;

  udp_dispatch_getnext(resp, timeout);

done:

  if (respond) {

    dispentry_log(resp, ISC_LOG_DEBUG(90),

            "UDP read callback on %p: %s", handle,

            isc_result_totext(eresult));

    resp->response(eresult, region, resp->arg);

  }

  dns_dispentry_detach(&resp); /* DISPENTRY003 */

}

static isc_result_t

tcp_recv_oldest(dns_dispatch_t *disp, dns_dispentry_t **respp) {

  dns_dispentry_t *resp = NULL;

  resp = ISC_LIST_HEAD(disp->active);

  if (resp != NULL) {

    disp->timedout++;

    *respp = resp;

    return ISC_R_TIMEDOUT;

  }

  return ISC_R_NOTFOUND;

}

/*

 * NOTE: Must be RCU read locked!

 */

static isc_result_t

tcp_recv_success(dns_dispatch_t *disp, isc_region_t *region,

     isc_sockaddr_t *peer, dns_dispentry_t **respp) {

  isc_buffer_t source;

  dns_messageid_t id;

  unsigned int flags;

  isc_result_t result = ISC_R_SUCCESS;

  dispatch_log(disp, ISC_LOG_DEBUG(90),

         "TCP read success, length == %d, addr = %p",

         region->length, region->base);

  /*

   * Peek into the buffer to see what we can see.

   */

  isc_buffer_init(&source, region->base, region->length);

  isc_buffer_add(&source, region->length);

  result = dns_message_peekheader(&source, &id, &flags);

  if (result != ISC_R_SUCCESS) {

    dispatch_log(disp, ISC_LOG_DEBUG(10), "got garbage packet");

    return ISC_R_UNEXPECTED;

  }

  dispatch_log(disp, ISC_LOG_DEBUG(92),

         "got valid DNS message header, /QR %c, id %u",

         ((flags & DNS_MESSAGEFLAG_QR) != 0) ? '1' : '0', id);

  /*

   * Look at the message flags.  If it's a query, ignore it and keep

   * reading.

   */

  if ((flags & DNS_MESSAGEFLAG_QR) == 0) {

    dispatch_log(disp, ISC_LOG_DEBUG(10),

           "got DNS query instead of answer");

    return ISC_R_UNEXPECTED;

  }

  /*

   * We have a valid response; find the associated dispentry object

   * and call the caller back.

   */

  dns_dispentry_t key = {

    .id = id,

    .peer = *peer,

    .port = isc_sockaddr_getport(&disp->local),

  };

  struct cds_lfht_iter iter;

  cds_lfht_lookup(disp->mgr->qids, qid_hash(&key), qid_match, &key,

      &iter);

  dns_dispentry_t *resp = cds_lfht_entry(cds_lfht_iter_get_node(&iter),

                 dns_dispentry_t, ht_node);

  /* Skip responses that are not ours */

  if (resp != NULL && resp->disp == disp) {

    if (!resp->reading) {

      /*

       * We already got a message for this QID and weren't

       * expecting any more.

       */

      result = ISC_R_UNEXPECTED;

    } else {

      *respp = resp;

    }

  } else {

    result = ISC_R_NOTFOUND;

  }

  dispatch_log(disp, ISC_LOG_DEBUG(90),

         "search for response in hashtable: %s",

         isc_result_totext(result));

  return result;

}

static void

tcp_recv_add(dns_displist_t *resps, dns_dispentry_t *resp,

       isc_result_t result) {

  dns_dispentry_ref(resp); /* DISPENTRY009 */

  ISC_LIST_UNLINK(resp->disp->active, resp, alink);

  ISC_LIST_APPEND(*resps, resp, rlink);

  INSIST(resp->reading);

  resp->reading = false;

  resp->result = result;

}

static void

tcp_recv_shutdown(dns_dispatch_t *disp, dns_displist_t *resps,

      isc_result_t result) {

  /*

   * If there are any active responses, shut them all down.

   */

  ISC_LIST_FOREACH(disp->active, resp, alink) {

    tcp_recv_add(resps, resp, result);

  }

  disp->state = DNS_DISPATCHSTATE_CANCELED;

}

static void

tcp_recv_processall(dns_displist_t *resps, isc_region_t *region) {

  ISC_LIST_FOREACH(*resps, resp, rlink) {

    ISC_LIST_UNLINK(*resps, resp, rlink);

    dispentry_log(resp, ISC_LOG_DEBUG(90), "read callback: %s",

            isc_result_totext(resp->result));

    resp->response(resp->result, region, resp->arg);

    dns_dispentry_detach(&resp); /* DISPENTRY009 */

  }

}

/*

 * General flow:

 *

 * If I/O result == CANCELED, EOF, or error, notify everyone as the

 * various queues drain.

 *

 * If response:

 *  Allocate event, fill in details.

 *    If cannot allocate, restart.

 *  find target.  If not found, restart.

 *  if event queue is not empty, queue.  else, send.

 *  restart.

 */

static void

tcp_recv(isc_nmhandle_t *handle, isc_result_t result, isc_region_t *region,

   void *arg) {

  dns_dispatch_t *disp = (dns_dispatch_t *)arg;

  dns_dispentry_t *resp = NULL;

  char buf[ISC_SOCKADDR_FORMATSIZE];

  isc_sockaddr_t peer;

  dns_displist_t resps = ISC_LIST_INITIALIZER;

  isc_time_t now;

  int timeout = 0;

  REQUIRE(VALID_DISPATCH(disp));

  REQUIRE(disp->tid == isc_tid());

  INSIST(disp->reading);

  disp->reading = false;

  dispatch_log(disp, ISC_LOG_DEBUG(90),

         "TCP read:%s:requests %" PRIuFAST32,

         isc_result_totext(result), disp->requests);

  peer = isc_nmhandle_peeraddr(handle);

  rcu_read_lock();

  /*

   * Phase 1: Process timeout and success.

   */

  switch (result) {

  case ISC_R_TIMEDOUT:

    /*

     * Time out the oldest response in the active queue.

     */

    result = tcp_recv_oldest(disp, &resp);

    break;

  case ISC_R_SUCCESS:

    /* We got an answer */

    result = tcp_recv_success(disp, region, &peer, &resp);

    break;

  default:

    break;

  }

  if (resp != NULL) {

    tcp_recv_add(&resps, resp, result);

  }

  /*

   * Phase 2: Look if we timed out before.

   */

  if (result == ISC_R_NOTFOUND) {

    if (disp->timedout > 0) {

      /* There was active query that timed-out before */

      disp->timedout--;

    } else {

      result = ISC_R_UNEXPECTED;

    }

  }

  /*

   * Phase 3: Trigger timeouts.  It's possible that the responses would

   * have been timed out out already, but non-matching TCP reads have

   * prevented this.

   */

  resp = ISC_LIST_HEAD(disp->active);

  if (resp != NULL) {

    now = isc_loop_now(resp->loop);

  }

  while (resp != NULL) {

    dns_dispentry_t *next = ISC_LIST_NEXT(resp, alink);

    if (resp->timeout > 0) {

      timeout = resp->timeout - dispentry_runtime(resp, &now);

      if (timeout <= 0) {

        tcp_recv_add(&resps, resp, ISC_R_TIMEDOUT);

      }

    }

    resp = next;

  }

  /*

   * Phase 4: log if we errored out.

   */

  switch (result) {

  case ISC_R_SUCCESS:

  case ISC_R_TIMEDOUT:

  case ISC_R_NOTFOUND:

    break;

  case ISC_R_SHUTTINGDOWN:

  case ISC_R_CANCELED:

  case ISC_R_EOF:

  case ISC_R_CONNECTIONRESET:

    isc_sockaddr_format(&peer, buf, sizeof(buf));

    dispatch_log(disp, ISC_LOG_DEBUG(90),

           "shutting down TCP: %s: %s", buf,

           isc_result_totext(result));

    tcp_recv_shutdown(disp, &resps, result);

    break;

  default:

    isc_sockaddr_format(&peer, buf, sizeof(buf));

    dispatch_log(disp, ISC_LOG_ERROR,

           "shutting down due to TCP "

           "receive error: %s: %s",

           buf, isc_result_totext(result));

    tcp_recv_shutdown(disp, &resps, result);

    break;

  }

  /*

   * Phase 5: Resume reading if there are still active responses

   */

  resp = ISC_LIST_HEAD(disp->active);

  if (resp != NULL) {

    if (resp->timeout > 0) {

      timeout = resp->timeout - dispentry_runtime(resp, &now);

      INSIST(timeout > 0);

    }

    tcp_startrecv(disp, resp);

    if (timeout > 0) {

      isc_nmhandle_settimeout(handle, timeout);

    }

  }

  rcu_read_unlock();

  /*

   * Phase 6: Process all scheduled callbacks.

   */

  tcp_recv_processall(&resps, region);

  dns_dispatch_detach(&disp); /* DISPATCH002 */

}

/*%

 * Create a temporary port list to set the initial default set of dispatch

 * ephemeral ports.  This is almost meaningless as the application will

 * normally set the ports explicitly, but is provided to fill some minor corner

 * cases.

 */

static void

create_default_portset(isc_mem_t *mctx, int family, isc_portset_t **portsetp) {

  in_port_t low, high;

  isc_net_getudpportrange(family, &low, &high);

  isc_portset_create(mctx, portsetp);

  isc_portset_addrange(*portsetp, low, high);

}

static isc_result_t

setavailports(dns_dispatchmgr_t *mgr, isc_portset_t *v4portset,

        isc_portset_t *v6portset) {

  in_port_t *v4ports, *v6ports, p = 0;

  unsigned int nv4ports, nv6ports, i4 = 0, i6 = 0;

  nv4ports = isc_portset_nports(v4portset);

  nv6ports = isc_portset_nports(v6portset);

  v4ports = NULL;

  if (nv4ports != 0) {

    v4ports = isc_mem_cget(mgr->mctx, nv4ports, sizeof(in_port_t));

  }

  v6ports = NULL;

  if (nv6ports != 0) {

    v6ports = isc_mem_cget(mgr->mctx, nv6ports, sizeof(in_port_t));

  }

  do {

    if (isc_portset_isset(v4portset, p)) {

      INSIST(i4 < nv4ports);

      v4ports[i4++] = p;

    }

    if (isc_portset_isset(v6portset, p)) {

      INSIST(i6 < nv6ports);

      v6ports[i6++] = p;

    }