自学教程：C++ GETSHORT函数代码示例

void iwn_wapi_sm_rx_wai(struct wapi_asue_st *wpa_s, const unsigned char *src_addr, const unsigned char *buf, size_t len){	size_t plen;	struct wai_hdr *hdr;	u8 *wai_payload ;	int res = 0;	int frmlen = 0;	src_addr = src_addr;/*disable warnning*/	if(wpa_s->wapi_state <WAPISM_AL_ASSOC)	{		iwn_wpa_printf(MSG_DEBUG, "wpa_s->wapi_state <WAPISM_AL_ASSOC");		return ;	}	else if((wpa_s->ap_type == AUTH_TYPE_WAPI) && (iwn_eloop.has_cert == 0))	{		iwn_wpa_printf(MSG_DEBUG, "No cert");		return ;	}	hdr = (struct wai_hdr *) buf;	if(check_wai_frame(wpa_s, buf, len) != 0){		iwn_wpa_printf(MSG_DEBUG, "WPA: WAI frame is wrong");		return;	}	wai_payload = (u8 *) (hdr + 1);	GETSHORT((buf+6), frmlen);	//plen = iwn_ntohs(hdr->length) - sizeof(*hdr);	plen = frmlen - sizeof(*hdr);	iwn_wpa_printf(MSG_ERROR, "iwn_wapi_sm_rx_wai  plen = '%d', hdr->length = '%d'. stype = %d/n", plen, frmlen, hdr->stype);	switch (hdr->stype) {		case WAI_AUTHACTIVE:			res = waigroup_cert_1_3(wpa_s, wai_payload, plen);			if(res == -1)				wapi_supplicant_key_negotiation_state_report(WPA_ASSOCIATED);			break;                case WAI_ACCESS_AUTH_RESPONSE:                        res = waigroup_cert_3_3(wpa_s, wai_payload, plen);                        if (0 == res) {                            timer_reset();                        } else if (-1 == res) {                            timer_resend();                        } else if (-2 == res) {                            setPskIncorrect();                        }                        break;                case WAI_USK_NEGOTIATION_REQUEST:                        res = waigroup_unicast_1_3(wpa_s, wai_payload, plen);                        if(res == -1)                        	wapi_supplicant_key_negotiation_state_report(WPA_ASSOCIATED);                        else if (-2 == res) {                                setPskIncorrect();                        }                        break;                case WAI_USK_NEGOTIATION_CONFIRMATION:                        res = waigroup_unicast_3_3(wpa_s, wai_payload, plen);                        if (0 == res) {                            timer_reset();                        }  else if (-1 == res) {                            timer_resend();                        }                        break;                case WAI_MSK_ANNOUNCEMENT:                        res = waigroup_multicast_1_2(wpa_s, wai_payload,plen);			break;		case WAI_STAKEY_REQUEST:			iwn_wpa_printf(MSG_DEBUG, "WPA: receive ignore frame stype %u", hdr->stype);			break;		case WAI_PREAUTH_START:		case WAI_ACCESS_AUTH_REQUEST:		case WAI_CERT_AUTH_REQUEST:		case WAI_CERT_AUTH_RESPONSE:		case WAI_USK_NEGOTIATION_RESPONSE:		case WAI_MSK_ANNOUNCEMENT_RESPONSE:			iwn_wpa_printf(MSG_DEBUG, "WPA: receive error frame stype %u", hdr->stype);			break;		default:			iwn_wpa_printf(MSG_DEBUG, "WPA: receive unknown frame stype %u", hdr->stype);			return;	}	wpa_s->rxfrag = free_rxfrag(wpa_s->rxfrag);}

//.........这里部分代码省略.........      else if (type == T_TLSA)        {        uint8_t usage, selector, matching_type;        uint16_t i, payload_length;        uschar s[MAX_TLSA_EXPANDED_SIZE];	uschar * sp = s;        uschar * p = US rr->data;        usage = *p++;        selector = *p++;        matching_type = *p++;        /* What's left after removing the first 3 bytes above */        payload_length = rr->size - 3;        sp += sprintf(CS s, "%d%c%d%c%d%c", usage, *outsep2,		selector, *outsep2, matching_type, *outsep2);        /* Now append the cert/identifier, one hex char at a time */        for (i=0;             i < payload_length && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4);             i++)          sp += sprintf(CS sp, "%02x", (unsigned char)p[i]);        yield = string_cat(yield, &size, &ptr, s);        }      else   /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SOA, T_SRV */        {        int priority, weight, port;        uschar s[264];        uschar * p = US rr->data;	switch (type)	  {	  case T_MXH:	    /* mxh ignores the priority number and includes only the hostnames */	    GETSHORT(priority, p);	    break;	  case T_MX:	    GETSHORT(priority, p);	    sprintf(CS s, "%d%c", priority, *outsep2);	    yield = string_cat(yield, &size, &ptr, s);	    break;	  case T_SRV:	    GETSHORT(priority, p);	    GETSHORT(weight, p);	    GETSHORT(port, p);	    sprintf(CS s, "%d%c%d%c%d%c", priority, *outsep2,			      weight, *outsep2, port, *outsep2);	    yield = string_cat(yield, &size, &ptr, s);	    break;	  case T_CSA:	    /* See acl_verify_csa() for more comments about CSA. */	    GETSHORT(priority, p);	    GETSHORT(weight, p);	    GETSHORT(port, p);	    if (priority != 1) continue;      /* CSA version must be 1 */	    /* If the CSA record we found is not the one we asked for, analyse	    the subdomain assertions in the port field, else analyse the direct	    authorization status in the weight field. */	    if (Ustrcmp(found, domain) != 0)	      {	      if (port & 1) *s = 'X';         /* explicit authorization required */

//.........这里部分代码省略.........    /* Do not perform the search if the top level or 2nd level domains do not    exist. This is quite common, and when it occurs all the search queries would    go to the root or TLD name servers, which is not friendly. So we check the    AUTHORITY section; if it contains the root's SOA record or the TLD's SOA then    the TLD or the 2LD (respectively) doesn't exist and we can skip the search.    If the TLD and the 2LD exist but the explicit CSA record lookup failed, then    the AUTHORITY SOA will be the 2LD's or a subdomain thereof. */    if (rc == DNS_NOMATCH)      {      /* This is really gross. The successful return value from res_search() is      the packet length, which is stored in dnsa->answerlen. If we get a      negative DNS reply then res_search() returns -1, which causes the bounds      checks for name decompression to fail when it is treated as a packet      length, which in turn causes the authority search to fail. The correct      packet length has been lost inside libresolv, so we have to guess a      replacement value. (The only way to fix this properly would be to      re-implement res_search() and res_query() so that they don't muddle their      success and packet length return values.) For added safety we only reset      the packet length if the packet header looks plausible. */      HEADER *h = (HEADER *)dnsa->answer;      if (h->qr == 1 && h->opcode == QUERY && h->tc == 0	  && (h->rcode == NOERROR || h->rcode == NXDOMAIN)	  && ntohs(h->qdcount) == 1 && ntohs(h->ancount) == 0	  && ntohs(h->nscount) >= 1)	    dnsa->answerlen = MAXPACKET;      for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);	   rr;	   rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)	  )	if (rr->type != T_SOA) continue;	else if (strcmpic(rr->name, US"") == 0 ||		 strcmpic(rr->name, tld) == 0) return DNS_NOMATCH;	else break;      }    for (i = 0; i < limit; i++)      {      if (ipv6)	{	/* Scan through the IPv6 reverse DNS in chunks of 16 bits worth of IP	address, i.e. 4 hex chars and 4 dots, i.e. 8 chars. */	namesuff -= 8;	if (namesuff <= name) return DNS_NOMATCH;	}      else	/* Find the start of the preceding domain name label. */	do	  if (--namesuff <= name) return DNS_NOMATCH;	while (*namesuff != '.');      DEBUG(D_dns) debug_printf("CSA parent search at %s/n", namesuff + 1);      srvname = string_sprintf("_client._smtp.%s", namesuff + 1);      rc = dns_lookup(dnsa, srvname, T_SRV, NULL);      if (rc == DNS_AGAIN) return rc;      if (rc != DNS_SUCCEED) continue;      /* Check that the SRV record we have found is worth returning. We don't      just return the first one we find, because some lower level SRV record      might make stricter assertions than its parent domain. */      for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);	   rr;	   rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))	{	if (rr->type != T_SRV) continue;	/* Extract the numerical SRV fields (p is incremented) */	p = rr->data;	GETSHORT(priority, p);	GETSHORT(weight, p);	weight = weight; /* compiler quietening */	GETSHORT(port, p);	/* Check the CSA version number */	if (priority != 1) continue;	/* If it's making an interesting assertion, return this response. */	if (port & 1)	  {	  *fully_qualified_name = namesuff + 1;	  return DNS_SUCCEED;	  }	}      }    return DNS_NOMATCH;    }  default:    if (type >= 0)      return dns_lookup(dnsa, name, type, fully_qualified_name);  }/* Control should never reach here */return DNS_FAIL;}

static unsigned char *php_parserr(unsigned char *cp, unsigned char* end,                                  querybuf *answer,                                  int type_to_fetch, bool store,                                  Array &subarray) {    unsigned short type, cls ATTRIBUTE_UNUSED, dlen;    unsigned long ttl;    int64_t n, i;    unsigned short s;    unsigned char *tp, *p;    char name[255 + 2];  // IETF STD 13 section 3.1; 255 bytes    int have_v6_break = 0, in_v6_break = 0;    n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2);    if (n < 0) {        return NULL;    }    cp += n;    CHECKCP(10);    GETSHORT(type, cp);    GETSHORT(cls, cp);    GETLONG(ttl, cp);    GETSHORT(dlen, cp);    CHECKCP(dlen);    if (type_to_fetch != T_ANY && type != type_to_fetch) {        cp += dlen;        return cp;    }    if (!store) {        cp += dlen;        return cp;    }    subarray.set(s_host, String(name, CopyString));    switch (type) {    case DNS_T_A:        CHECKCP(4);        subarray.set(s_type, s_A);        snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);        subarray.set(s_ip, String(name, CopyString));        cp += dlen;        break;    case DNS_T_MX:        CHECKCP(2);        subarray.set(s_type, s_MX);        GETSHORT(n, cp);        subarray.set(s_pri, n);    /* no break; */    case DNS_T_CNAME:        if (type == DNS_T_CNAME) {            subarray.set(s_type, s_CNAME);        }    /* no break; */    case DNS_T_NS:        if (type == DNS_T_NS) {            subarray.set(s_type, s_NS);        }    /* no break; */    case DNS_T_PTR:        if (type == DNS_T_PTR) {            subarray.set(s_type, s_PTR);        }        n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);        if (n < 0) {            return NULL;        }        cp += n;        subarray.set(s_target, String(name, CopyString));        break;    case DNS_T_HINFO:        /* See RFC 1010 for values */        subarray.set(s_type, s_HINFO);        CHECKCP(1);        n = *cp & 0xFF;        cp++;        CHECKCP(n);        subarray.set(s_cpu, String((const char *)cp, n, CopyString));        cp += n;        CHECKCP(1);        n = *cp & 0xFF;        cp++;        CHECKCP(n);        subarray.set(s_os, String((const char *)cp, n, CopyString));        cp += n;        break;    case DNS_T_TXT: {        int l1 = 0, l2 = 0;        String s = String(dlen, ReserveString);        tp = (unsigned char *)s.mutableData();        while (l1 < dlen) {            n = cp[l1];            if ((n + l1) > dlen) {                // bad record, don't set anything                break;            }            memcpy(tp + l1 , cp + l1 + 1, n);            l1 = l1 + n + 1;//.........这里部分代码省略.........

static bool ProcessDNSRecords(        const unsigned char * reply,        const unsigned char * replyEnd,              unsigned char * cp,            size_t anCount,            size_t nsCount,            size_t arCount,     DNS_RECORD * results){  DNS_RECORD lastRecord = 0;  size_t rrCount = anCount + nsCount + arCount;  nsCount += anCount;  arCount += nsCount;  size_t i;  for (i = 0; i < rrCount; i++) {    int section;    if (i < anCount)      section = DnsSectionAnswer;    else if (i < nsCount)      section = DnsSectionAuthority;    else // if (i < arCount)      section = DnsSectionAddtional;    // get the name    char pName[MAXDNAME];    if (!GetDN(reply, replyEnd, cp, pName))      return false;    // get other common parts of the record    unsigned short  type;    unsigned short  dnsClass;    unsigned long ttl;    unsigned short  dlen;    GETSHORT(type,     cp);    GETSHORT(dnsClass, cp);    GETLONG (ttl,      cp);    GETSHORT(dlen,     cp);        //    // Avoid unused compiler warning    //    (void)dnsClass;    (void)ttl;    unsigned char * data = cp;    cp += dlen;    DNS_RECORD newRecord  = 0;    switch (type) {      default:        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord) + sizeof(unsigned long) + dlen);        newRecord->Data.Null.dwByteCount = dlen;        memcpy(&newRecord->Data, data, dlen);        break;      case T_SRV:        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord));        memset(newRecord, 0, sizeof(DnsRecord));        GETSHORT(newRecord->Data.SRV.wPriority, data);        GETSHORT(newRecord->Data.SRV.wWeight, data);        GETSHORT(newRecord->Data.SRV.wPort, data);        if (!GetDN(reply, replyEnd, data, newRecord->Data.SRV.pNameTarget)) {          free(newRecord);          return false;        }        break;      case T_MX:        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord));        memset(newRecord, 0, sizeof(DnsRecord));        GETSHORT(newRecord->Data.MX.wPreference,  data);        if (!GetDN(reply, replyEnd, data, newRecord->Data.MX.pNameExchange)) {          free(newRecord);          return false;        }        break;      case T_A:        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord));        memset(newRecord, 0, sizeof(DnsRecord));        GETLONG(newRecord->Data.A.IpAddress, data);        break;      case T_NS:        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord));        memset(newRecord, 0, sizeof(DnsRecord));        if (!GetDN(reply, replyEnd, data, newRecord->Data.NS.pNameHost)) {          free (newRecord);          return false;        }        break;    }    // initialise the new record    if (newRecord != 0) {//.........这里部分代码省略.........

/* * get_input - called when incoming data is available. */static voidget_input(void){    int len, i;    u_char *p;    u_short protocol;    struct protent *protp;    p = inpacket_buf;	/* point to beginning of packet buffer */    len = read_packet(inpacket_buf);    if (len < 0)	return;    if (len == 0) {	etime = time(NULL);	minutes = (etime-stime)/60;	syslog(LOG_NOTICE, "Modem hangup, connected for %d minutes", (minutes >1) ? minutes : 1);	hungup = 1;	lcp_lowerdown(0);	/* serial link is no longer available */	link_terminated(0);	return;    }    if (debug /*&& (debugflags & DBG_INPACKET)*/)	log_packet(p, len, "rcvd ", LOG_DEBUG);    if (len < PPP_HDRLEN) {	MAINDEBUG((LOG_INFO, "io(): Received short packet."));	return;    }    p += 2;				/* Skip address and control */    GETSHORT(protocol, p);    len -= PPP_HDRLEN;    /*     * Toss all non-LCP packets unless LCP is OPEN.     */    if (protocol != PPP_LCP && lcp_fsm[0].state != OPENED) {	MAINDEBUG((LOG_INFO,		   "get_input: Received non-LCP packet when LCP not open."));	return;    }    /*     * Until we get past the authentication phase, toss all packets     * except LCP, LQR and authentication packets.     */    if (phase <= PHASE_AUTHENTICATE	&& !(protocol == PPP_LCP || protocol == PPP_LQR	     || protocol == PPP_PAP || protocol == PPP_CHAP)) {	MAINDEBUG((LOG_INFO, "get_input: discarding proto 0x%x in phase %d",		   protocol, phase));	return;    }    /*     * Upcall the proper protocol input routine.     */    for (i = 0; (protp = protocols[i]) != NULL; ++i) {	if (protp->protocol == protocol && protp->enabled_flag) {	    (*protp->input)(0, p, len);	    return;	}        if (protocol == (protp->protocol & ~0x8000) && protp->enabled_flag	    && protp->datainput != NULL) {	    (*protp->datainput)(0, p, len);	    return;	}    }    if (debug)    	syslog(LOG_WARNING, "Unsupported protocol (0x%x) received", protocol);    lcp_sprotrej(0, p - PPP_HDRLEN, len + PPP_HDRLEN);}

//.........这里部分代码省略.........		for (count = ntohs(((HEADER *)answer)->qdcount);			     count > 0;		     count--) {			n = dn_skipname(cp, answer + len);			if (n < 0) {				error = ERR_PRINTING;				done++;				break;			}			cp += n + QFIXEDSZ;			if (cp > answer + len) {				error = ERR_PRINTING;				done++;				break;			}		}		/* Answer. */		for (count = ntohs(((HEADER *)answer)->ancount);		     count > 0 && !done;		     count--) {			n = dn_expand(answer, answer + len, cp,				      dname[soacnt], sizeof dname[0]);			if (n < 0) {				error = ERR_PRINTING;				done++;				break;			}			cp += n;			if (cp + 3 * INT16SZ + INT32SZ > answer + len) {				error = ERR_PRINTING;				done++;				break;			}			GETSHORT(type, cp);			cp += INT16SZ;			cp += INT32SZ;	/* ttl */			GETSHORT(rlen, cp);			cp += rlen;			if (cp > answer + len) {				error = ERR_PRINTING;				done++;				break;			}			if (type == T_SOA && soacnt++ &&			    ns_samename(dname[0], dname[1]) == 1) {				done++;				break;			}		}		/*		 * Verify the TSIG		 */		if (key) {			if (ns_find_tsig(answer, answer + len) != NULL)				tsig_present = 1;			else				tsig_present = 0;			if (numAnswers == 1 || soacnt > 1)				tsig_required = 1;			else				tsig_required = 0;			tsig_ret = ns_verify_tcp(answer, &len, &tsig_state,						 tsig_required);			if (tsig_ret == 0) {

main (){ int i, j, hl, rc, qc, ac, p, a; int op, class, type, datalen, buflen, msgl; u_short qtype, qclass, rtype, rclass, l, l2; u_long rttl; u_char buf[100], *cp; char dn[100], *dname, *z, ping[50]; struct rrec newrr, *rec; union {	char cdat[4];	unsigned long ldat;	struct in_addr adat; } dat; union {	u_char data[DATALEN];	HEADER head; } data;  hl = sizeof (HEADER);  signal (SIGALRM, tfunc);  res_init();  printf ("Inhalt von resolv.conf/n");  printf ("domain: %s/n", _res.defdname); /* printf ("MAXDNSRCH = %d/n", MAXDNSRCH);  for (i=0; i<MAXDNSRCH; i++)	printf ("%s/n", _res.dnsrch[i]);*/  printf ("%d Name-Server/n", MAXNS);  for (i=0; i<MAXNS; i++)  	printf ("%s/n", inet_ntoa(_res.nsaddr_list[i].sin_addr));/*  printf ("number of addresses: %d /n", _res.ascount);  printf ("number of name servers: %d /n", _res.nscount);*/  /*printf ("%d %s/n", _res.ascount, inet_ntoa(_res.sort_list[0]));*/ /*  strcpy (dn, "zeus.rz.htwk-leipzig.de");  *//*  strcpy (dn, "caramba.cs.tu-berlin.de"); */ /*  strcpy (dn, "ftp.cs.tu-berlin.de");  *//*  strcpy (dn, "moses.imn.htwk-leipzig.de"); *//*  strcpy (dn, "moses"); */ do {  printf ("/nSuche nach IP-Adresse von/n");  printf ("Hostname: ");  z = gets (dn);   printf ("/n"); if (z) {  dname = dn;  strcpy (data.data, dn);  datalen = strlen(dn)+1;  op = QUERY;  buflen = sizeof(buf);/*  _res.options |= RES_DEBUG; */  _res.retrans = 10;  _res.retry = 2;   class = C_IN;   type = T_A;   rc=res_mkquery (op, dname, class, type, data.data, datalen, &newrr, buf, buflen);  buflen = rc;  alarm (10);  msgl=res_send (buf, buflen, data.data, DATALEN);  if (msgl>0) {/*  printf ("/nsend: %d/n", msgl); *//* for (i=0; i< msgl; i++) {	for (j=0; j<4; j++) dat.cdat[j] = data.data[i+j];*//*	printf ("%x ", dat.ldat); 	if (dat.ldat==x) printf ("/n%d %x/n", i, dat.ldat);   }  printf ("/n");*//*  for (i=0; i< msgl;i++) {	j = data.data[i] & 0xff; printf ("%2x ", j);   }   printf ("/n");  for (i=0; i< msgl;i++) if (data.data[i]>31) printf ("%c ", data.data[i]);  printf ("/n");*//*  printf ("%x /n", x); */  ac = data.head.ancount;  qc = data.head.qdcount;  p = hl;  printf ("Query/n");  while (qc) {    l = data.data[p];    while (l > 0 && l < 64) {/*	printf ("%d /n", p); */	for (i=1; i<=l; i++) putchar (data.data[p+i]);	       		p = p + l + 1;	l = data.data[p];	if (l) putchar ('.');    }     putchar ('/n');    p++;    cp = data.data+p; /* GETSHORT verlangt Pointervariable !! *//* einfache Zuweisung (auch mit cast) ergibt falsche Werte//.........这里部分代码省略.........

//.........这里部分代码省略.........	if (cmp_var_struct(ae_id, &(wpa_s->ae_id), wpa_s->ae_id.id_len))	{		iwn_wpa_printf(MSG_ERROR, "WPA: not same ae id!/n");		iwn_wpa_hexdump(MSG_ERROR, "ae_id", ae_id,wpa_s->ae_id.id_len+ 4);		iwn_wpa_hexdump(MSG_ERROR, "wpa_s->ae_id", (unsigned char *)&(wpa_s->ae_id),wpa_s->ae_id.id_len+ 4);		return -1;	}	request_len +=wpa_s->ae_id.id_len+ 4;	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,request_len=%d,wpa_s->ae_id.id_len=%d", __func__, __LINE__,request_len,wpa_s->ae_id.id_len);	asue_id = ae_id + wpa_s->ae_id.id_len+ 4;	if(asue_id == NULL) return -1;	if (cmp_var_struct(asue_id, &(iwn_eloop.asue_id), iwn_eloop.asue_id.id_len))	{		iwn_wpa_printf(MSG_ERROR, "WPA: not same asue id!/n");		return -1;	}	request_len +=iwn_eloop.asue_id.id_len+ 4;	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,request_len=%d,wpa_s->asue_id.id_len=%d", __func__, __LINE__,request_len,iwn_eloop.asue_id.id_len);	if(flag & BIT(3))	{		u8 *cert_pos = NULL, *asu_sign = NULL;		u16 fix_data_len=0, sign_len=0; 		tkey *pubkey = NULL;		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,iwn_eloop.asue_id.id_len=%d", __func__, __LINE__,iwn_eloop.asue_id.id_len);		cert_res = asue_id +iwn_eloop.asue_id.id_len+ 4;		if(cert_res[0] != 2)		{			iwn_wpa_printf(MSG_ERROR, "cert result flag is not 2!/n");			return -1;		}		cert_pos = cert_res + 1 +2 + 32 + 32 + 1 + 2 ;		GETSHORT((cert_pos), fix_data_len);		cert_pos = cert_pos + fix_data_len + 2;		if(cert_pos[0] != 0)		{			iwn_wpa_printf(MSG_ERROR, "cert result  is not ok!/n");			return -2;		}		GETSHORT((cert_pos + 1 + 2), fix_data_len);		asu_sign = cert_pos + fix_data_len + 1 + 2 + 2;		GETSHORT((asu_sign + 1), sign_len);		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);		GETSHORT((cert_res + 1), fix_data_len);		cert_obj = get_cert_obj(iwn_eloop.cert_info.config.used_cert);		pubkey = cert_obj->asu_pubkey;		if(!(*cert_obj->verify)(pubkey->data, pubkey->length,								cert_res,fix_data_len + 3,								asu_sign + 1 + 2 + sign_len - 48,								48))		{			iwn_wpa_hexdump(MSG_ERROR, "pubkey->data", pubkey->data,pubkey->length);			iwn_wpa_hexdump(MSG_ERROR, "cert_res", cert_res,fix_data_len + 3);			iwn_wpa_hexdump(MSG_ERROR, "asu_sign", asu_sign + 1 + 2 + sign_len - 48,48);			return -1;		}		request_len +=fix_data_len + 3+sign_len+3 ;		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,request_len=%d,len=%d", __func__, __LINE__,request_len,len);	}	{		tkey *pubkey = NULL;		u16 fix_data_len = 0;		u16 cert_flag = wpa_s->ae_cert.cert_flag;//iwn_ntohs(wpa_s->ae_cert.cert_flag);		ae_sign = payload + len - 48;		cert_obj = get_cert_obj(cert_flag);		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,wpa_s->ae_cert.len=%d", __func__, __LINE__,wpa_s->ae_cert.length);		pubkey = (*cert_obj->get_public_key)((void *)&wpa_s->ae_cert);		if(!(*cert_obj->verify)(pubkey->data, pubkey->length,							payload,request_len,							ae_sign,							48))		{			pubkey = iwn_free_buffer(pubkey, sizeof(tkey));			printf("AE sign error!!!/n");			return -1;		}		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);		pubkey = iwn_free_buffer(pubkey, sizeof(tkey));		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);		GETSHORT((payload+request_len+1), fix_data_len);		request_len += fix_data_len + 3;	}	if(len != request_len)	{		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,request_len=%d,len=%d", __func__, __LINE__,request_len,len);		return -1;	}	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);	asue_certauthbk_derivation(wpa_s);	wpa_s->wapi_state = WAPISM_CNT_RESP;	return 0;}

struct wapi_rxfrag *iwn_wpa_defrag(struct wapi_asue_st *wpa_s, struct wapi_rxfrag *rxbuf){	u8 *buf =(u8 *)rxbuf->data;	int len = rxbuf->data_len;	struct wai_hdr *hdr = (struct wai_hdr *)buf;	u16 rxseq=0, last_rxseq=0;	u8 fragno, last_fragno;	u8 more_frag = hdr->more_frag;	struct wapi_rxfrag *wai_frame = NULL;	GETSHORT(hdr->rxseq, rxseq);	fragno = hdr->frag_sc;	/* Quick way out, if there's nothing to defragment */	if ((!more_frag) && (fragno == 0) && (wpa_s->rxfrag== NULL))	{		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);		return rxbuf;	}	/*	 * Update the time stamp.  As a side effect, it	 * also makes sure that the timer will not change	 * ni->ni_rxfrag[0] for at least 1 second, or in	 * other words, for the remaining of this function.	 */	/*	 * Validate that fragment is in order and	 * related to the previous ones.	 */	if (wpa_s->rxfrag) {		struct wai_hdr *hdr1;		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);		hdr1 = (struct wai_hdr *) wpa_s->rxfrag->data;		GETSHORT(hdr1->rxseq, last_rxseq);		last_fragno = hdr1->frag_sc;		if (rxseq != last_rxseq		    || fragno != last_fragno + 1			||(wpa_s->rxfrag->maxlen - wpa_s->rxfrag->data_len< len)			/*||(time(NULL) - wpa_s->rxfragstamp >1)*/			)		{			/*			 * Unrelated fragment or no space for it,			 * clear current fragments			 */			wpa_s->rxfrag = free_rxfrag(wpa_s->rxfrag); 		}		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);	}	/* If this is the first fragment */ 	if (wpa_s->rxfrag == NULL && fragno == 0) {		/*ni->ni_rxfrag[0] = skb;*/		wpa_s->rxfrag = malloc_rxfrag(PAGE_LEN);		/* If more frags are coming */		if (more_frag) {			wpa_put_frag(wpa_s->rxfrag, buf, len);			iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);				}	}	else {			if (wpa_s->rxfrag) {			struct wai_hdr *lhdr = (struct wai_hdr *)wpa_s->rxfrag->data;			/*			 * We know we have enough space to copy,			 * we've verified that before			 */			/* Copy current fragment at end of previous one */			/* Update tail and length */			wpa_put_frag(wpa_s->rxfrag , buf + WAI_HDR, len - WAI_HDR);						/* Keep a copy of last sequence and fragno */			*(u16 *)lhdr->rxseq = *(u16*)hdr->rxseq;			lhdr->frag_sc = hdr->frag_sc;		}	}			if (more_frag) {		/* More to come */		wai_frame = NULL;	} else {		/* Last fragment received, we're done! */		wai_frame = wpa_s->rxfrag;	}/*	wpa_s->rxfragstamp = time(0);*/	return wai_frame;}

static int waigroup_cert_1_3(struct wapi_asue_st* wpa_s, u8* payload, int len){	u8 flag = 0;	u8 *ae_auth_flag = NULL;	u8 *asu_id = NULL;	u8 *ae_cer = NULL;	u8 *ecdh = NULL;	int ret = -1;		u8 auth_act_len = WAI_FLAG_LEN  		+32		+2/*ASU ID Identifier*/		+2/*ASU ID Length*/		+2/*AE Cert type*/		+2/*AE Cert length*/		+1/*ECDH Parameter Identifier*/		+2/*ECDH Parameter Length */;	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);	wapi_supplicant_key_negotiation_state_report(WPA_4WAY_HANDSHAKE);		if(len < auth_act_len)	{		iwn_wpa_printf(MSG_ERROR, "WPA: WAI frame payload too short");		return -1;	}		flag = payload[0];	ae_auth_flag = payload+1;	asu_id = payload+1 + 32;		len -= auth_act_len;		if (AUTH_TYPE_WAPI != wpa_s->ap_type)	{		return -1;	}	else	{		int bk_up = flag & BIT(0);		wapi_states require = bk_up ? WAPISM_FINISH : WAPISM_AL_ASSOC;				if (wpa_s->wapi_state != require)		{		       /* skip the usk update check */		       if (wpa_s->usk_updated && bk_up && wpa_s->wapi_state == WAPISM_UNI_ACK)			   	;			else				return -1;		}	}	if(flag &BIT(0)){		if(memcmp(ae_auth_flag, wpa_s->ae_auth_flag, 32) !=0)		{			iwn_wpa_printf(MSG_ERROR, "WPA: ae_auth_flag not same!/n");			return -1;		}	}else{			memcpy(wpa_s->ae_auth_flag, ae_auth_flag, 32);	}		/*get ASU ID*/		GETSHORT(asu_id, wpa_s->ae_asu_id.id_flag); 	GETSHORT((asu_id+2), wpa_s->ae_asu_id.id_len);	if(len <wpa_s->ae_asu_id.id_len){				iwn_wpa_printf(MSG_ERROR, "WPA: WAI frame payload too short");		return -1;	}	else{		memcpy(wpa_s->ae_asu_id.id_data, asu_id+4, wpa_s->ae_asu_id.id_len);	}		len -= wpa_s->ae_asu_id.id_len; 	/*get AE Certificate*/	ae_cer = asu_id + 2 + 2 + wpa_s->ae_asu_id.id_len;		GETSHORT(ae_cer, wpa_s->ae_cert.cert_flag); 	GETSHORT((ae_cer+2), wpa_s->ae_cert.length); 		if(len <wpa_s->ae_cert.length){				iwn_wpa_printf(MSG_ERROR, "WPA: WAI frame payload too short");		return -1;	}	else{		memcpy(wpa_s->ae_cert.data, ae_cer+4, wpa_s->ae_cert.length);	}	len -= wpa_s->ae_cert.length;	/*get AE ID*/	iwn_wai_fixdata_id_by_ident(&wpa_s->ae_cert, &(wpa_s->ae_id), wpa_s->ae_cert.cert_flag);	iwn_wpa_hexdump(MSG_DEBUG, "AE ID: ", wpa_s->ae_id.id_data, wpa_s->ae_id.id_len);//.........这里部分代码省略.........

static int waigroup_cert_1_3_old(struct wapi_asue_st* wpa_s, u8* payload, int len){	u8 flag = 0;	u8 *ae_auth_flag = NULL;	u8 *asu_id = NULL;	u8 *ae_cer = NULL;	u8 *ecdh = NULL;	u16 fix_data_len = 0;	int  request_len = 0;	int ret = -1;		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);	/*flag*/	wpa_s->flag = 0;	flag = payload[0];	wpa_s->flag = flag;	request_len +=1;	{		if (AUTH_TYPE_WAPI != wpa_s->ap_type)		{			return -1;		}		else		{			int bk_up = flag & BIT(0);			wapi_states require = bk_up ? WAPISM_FINISH : WAPISM_AL_ASSOC;						if (wpa_s->wapi_state != require)			{			       /* skip the usk update check */			       if (wpa_s->usk_updated && bk_up && wpa_s->wapi_state == WAPISM_UNI_ACK)				   	;				else					return -1;			}		}	}	ae_auth_flag = payload+1; 	if(ae_auth_flag == NULL) 	{		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);		return -1;	}	if(flag &BIT(0)){		if(memcmp(ae_auth_flag, wpa_s->ae_auth_flag, 32) !=0)		{			iwn_wpa_printf(MSG_ERROR, "WPA: ae_auth_flag not same!/n");			return -1;		}	}else 		memcpy(wpa_s->ae_auth_flag, ae_auth_flag, 32);	request_len +=32;		asu_id = ae_auth_flag + 32;	if(asu_id == NULL) 	{		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);		return -1;	}	GETSHORT((asu_id + 2), fix_data_len);	/*iwn_wpa_hexdump(MSG_DEBUG, "asu_id ", asu_id, fix_data_len+4);*/	memcpy(&(wpa_s->ae_asu_id), asu_id ,fix_data_len + 4) ;	request_len +=2 + 2 +fix_data_len;	ae_cer = asu_id + 2 + 2 + fix_data_len;	if(ae_cer == NULL) 	{		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);		return -1;	}	GETSHORT(ae_cer, wpa_s->ae_cert.cert_flag); ae_cer +=2;	GETSHORT(ae_cer, wpa_s->ae_cert.length); ae_cer +=2;	memcpy(wpa_s->ae_cert.data, ae_cer, wpa_s->ae_cert.length);	ae_cer -= 4;	fix_data_len = wpa_s->ae_cert.length;		/*iwn_wpa_hexdump(MSG_DEBUG, "ae_cer ", ae_cer+2+2, fix_data_len);*/	request_len +=2 + 2 +fix_data_len;	{          	u16 cert_flag = 0;		/* get ae cert type */		GETSHORT(ae_cer , cert_flag);		((cert_id  *)ae_cer)->length = fix_data_len; 		iwn_wai_fixdata_id_by_ident(ae_cer, &(wpa_s->ae_id), cert_flag);		iwn_wpa_hexdump(MSG_DEBUG, "AE ID: ", wpa_s->ae_id.id_data, wpa_s->ae_id.id_len);	}	ecdh = ae_cer + 2 + 2 + fix_data_len;	if(ecdh == NULL) return -1;	wpa_s->ecdh.para_flag = ecdh[0];	GETSHORT((ecdh + 1), fix_data_len);	wpa_s->ecdh.para_len = fix_data_len;	request_len +=1 + 2 +fix_data_len;	memcpy(&(wpa_s->ecdh.para_data), ecdh+3, fix_data_len);	if(len != request_len) 	{		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);//.........这里部分代码省略.........

//.........这里部分代码省略.........		SET_UI64_RESULT(result, NOERROR != hp->rcode || 0 == ntohs(hp->ancount) || -1 == res ? 0 : 1);		return SYSINFO_RET_OK;	}	if (NOERROR != hp->rcode || 0 == ntohs(hp->ancount) || -1 == res)	{		SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot perform DNS query."));		return SYSINFO_RET_FAIL;	}	msg_end = answer.buffer + res;	num_answers = ntohs(answer.h.ancount);	num_query = ntohs(answer.h.qdcount);	msg_ptr = answer.buffer + HFIXEDSZ;	zbx_vector_str_create(&answers);	/* skipping query records */	for (; 0 < num_query && msg_ptr < msg_end; num_query--)		msg_ptr += dn_skipname(msg_ptr, msg_end) + QFIXEDSZ;	for (; 0 < num_answers && msg_ptr < msg_end; num_answers--)	{		if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))		{			SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));			ret = SYSINFO_RET_FAIL;			goto clean;		}		offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, "%-20s", name);		GETSHORT(q_type, msg_ptr);		GETSHORT(q_class, msg_ptr);		msg_ptr += INT32SZ;		/* skipping TTL */		GETSHORT(q_len, msg_ptr);		offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %-8s", decode_type(q_type));		switch (q_type)		{			case T_A:				switch (q_class)				{					case C_IN:					case C_HS:						memcpy(&inaddr, msg_ptr, INADDRSZ);						offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s",								inet_ntoa(inaddr));						break;					default:						;				}				msg_ptr += q_len;				break;			case T_AAAA:				switch (q_class)				{					case C_IN:					case C_HS:						memcpy(&in6addr, msg_ptr, IN6ADDRSZ);						offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s",								inet_ntop(AF_INET6, &in6addr, tmp, sizeof(tmp)));						break;

/* Modified version of req_action */static enum req_actionreq_iquery(HEADER *hp, u_char **cpp, u_char *eom, int *buflenp, u_char *msg){	int dlen, alen, n, type, class, count;	char anbuf[2], *data, *fname;	/*	 * Skip domain name, get class, and type.	 */	if ((n = dn_skipname(*cpp, eom)) < 0) {	  printf("FORMERR IQuery packet name problem/n");	  hp->rcode = FORMERR;	  return (Finish);	}	*cpp += n;	GETSHORT(type, *cpp);	GETSHORT(class, *cpp);	*cpp += INT32SZ;	/* ttl */	GETSHORT(dlen, *cpp);	*cpp += dlen;	if (*cpp != eom) {	  printf("FORMERR IQuery message length off/n");	  hp->rcode = FORMERR;	  return (Finish);	}	/*	 * not all inverse queries are handled.	 * this is a meaningless switch statement to preserve original program's structure 	 */	switch (type) {	case T_A:	  if (something == 0) 	    return (Refuse);	  break;	default:	  return (Refuse);	}	printf("req: IQuery class %d type %d/n", class, type);	fname = (char *)msg + HFIXEDSZ;	alen = (char *)*cpp - fname;			/* Check to see if anbuf is large enough to store alen bytes*/	if ((size_t)alen > sizeof anbuf){	  printf("BUFFER OVERFLOW DETECTED!/n");	  return (Refuse);	}	printf("Copying %d bytes from fname to anbuf which can store %d bytes/n", alen, sizeof(anbuf)); 	/*OK*/	memcpy(anbuf, fname, alen);	data = anbuf + alen - dlen;	*cpp = (u_char *)fname;	*buflenp -= HFIXEDSZ;	count = 0;	/* ..... do some other stuff */	return (Finish);}

//.........这里部分代码省略.........    /* Make a res_query() call */    q3 = asyncns_res_query(asyncns, "_xmpp-client._tcp.gmail.com", C_IN, T_SRV);    if (!q3)        fprintf(stderr, "asyncns_res_query(): %s/n", strerror(errno));    /* Wait until the three queries are completed */    while (!asyncns_isdone(asyncns, q1)           || !asyncns_isdone(asyncns, q2)           || !asyncns_isdone(asyncns, q3)) {        if (asyncns_wait(asyncns, 1) < 0) {            fprintf(stderr, "asyncns_wait(): %s/n", strerror(errno));            goto fail;        }    }    /* Interpret the result of the name -> addr query */    if ((ret = asyncns_getaddrinfo_done(asyncns, q1, &ai)))        fprintf(stderr, "error: %s %i/n", gai_strerror(ret), ret);    else {        struct addrinfo *i;        for (i = ai; i; i = i->ai_next) {            char t[256];            const char *p = NULL;            if (i->ai_family == PF_INET)                p = inet_ntop(AF_INET, &((struct sockaddr_in*) i->ai_addr)->sin_addr, t, sizeof(t));            else if (i->ai_family == PF_INET6)                p = inet_ntop(AF_INET6, &((struct sockaddr_in6*) i->ai_addr)->sin6_addr, t, sizeof(t));            printf("%s/n", p);        }        asyncns_freeaddrinfo(ai);    }    /* Interpret the result of the addr -> name query */    if ((ret = asyncns_getnameinfo_done(asyncns, q2, host, sizeof(host), serv, sizeof(serv))))        fprintf(stderr, "error: %s %i/n", gai_strerror(ret), ret);    else        printf("%s -- %s/n", host, serv);    /* Interpret the result of the SRV lookup */    if ((ret = asyncns_res_done(asyncns, q3, &srv)) < 0) {        fprintf(stderr, "error: %s %i/n", strerror(errno), ret);    } else if (ret == 0) {        fprintf(stderr, "No reply for SRV lookup/n");    } else {        int qdcount;        int ancount;        int len;        const unsigned char *pos = srv + sizeof(HEADER);        unsigned char *end = srv + ret;        HEADER *head = (HEADER *)srv;        char name[256];        qdcount = ntohs(head->qdcount);        ancount = ntohs(head->ancount);        printf("%d answers for srv lookup:/n", ancount);        /* Ignore the questions */        while (qdcount-- > 0 && (len = dn_expand(srv, end, pos, name, 255)) >= 0) {            assert(len >= 0);            pos += len + QFIXEDSZ;        }        /* Parse the answers */        while (ancount-- > 0 && (len = dn_expand(srv, end, pos, name, 255)) >= 0) {            /* Ignore the initial string */            uint16_t pref, weight, port;            assert(len >= 0);            pos += len;            /* Ignore type, ttl, class and dlen */            pos += 10;            GETSHORT(pref, pos);            GETSHORT(weight, pos);            GETSHORT(port, pos);            len = dn_expand(srv, end, pos, name, 255);            printf("/tpreference: %2d weight: %2d port: %d host: %s/n",                   pref, weight, port, name);            pos += len;        }        asyncns_freeanswer(srv);    }    r = 0;fail:    if (asyncns)        asyncns_free(asyncns);    return r;}

char *ipinfo_lookup(const char *domain) {    unsigned char answer[PACKETSZ],  *pt;    char host[128];    char *txt;    int len, exp, size, txtlen, type;    if(res_init() < 0) {        fprintf(stderr,"@res_init failed/n");        return NULL;    }    memset(answer, 0, PACKETSZ);    if((len = res_query(domain, C_IN, T_TXT, answer, PACKETSZ)) < 0) {#ifdef IIDEBUG        if (iihash)            syslog(LOG_INFO, "Malloc-txt: %s", UNKN);#endif        return (iihash)?strdup(UNKN):UNKN;    }    pt = answer + sizeof(HEADER);    if((exp = dn_expand(answer, answer + len, pt, host, sizeof(host))) < 0) {        printf("@dn_expand failed/n"); return NULL;    }    pt += exp;    GETSHORT(type, pt);    if(type != T_TXT) {        printf("@Broken DNS reply./n"); return NULL;    }    pt += INT16SZ; /* class */    if((exp = dn_expand(answer, answer + len, pt, host, sizeof(host))) < 0) {        printf("@second dn_expand failed/n"); return NULL;    }    pt += exp;    GETSHORT(type, pt);    if(type != T_TXT) {        printf("@Not a TXT record/n"); return NULL;    }    pt += INT16SZ; /* class */    pt += INT32SZ; /* ttl */    GETSHORT(size, pt);    txtlen = *pt;    if(txtlen >= size || !txtlen) {        printf("@Broken TXT record (txtlen = %d, size = %d)/n", txtlen, size); return NULL;    }    if (txtlen > NAMELEN)        txtlen = NAMELEN;    if (iihash) {        if (!(txt = malloc(txtlen + 1)))            return NULL;    } else        txt = (char*)txtrec;    pt++;    strncpy(txt, (char*) pt, txtlen);    txt[txtlen] = 0;#ifdef IIDEBUG    if (iihash)        syslog(LOG_INFO, "Malloc-txt(%p): %s", txt, txt);#endif    return txt;}

static voiddo_section(const res_state statp,	   ns_msg *handle, ns_sect section,	   int pflag, FILE *file){	int n, sflag, rrnum;	static int buflen = 2048;	char *buf;	ns_opcode opcode;	ns_rr rr;	/*	 * Print answer records.	 */	sflag = (statp->pfcode & pflag);	if (statp->pfcode && !sflag)		return;	buf = malloc(buflen);	if (buf == NULL) {		fprintf(file, ";; memory allocation failure/n");		return;	}	opcode = (ns_opcode) ns_msg_getflag(*handle, ns_f_opcode);	rrnum = 0;	for (;;) {		if (ns_parserr(handle, section, rrnum, &rr)) {			if (errno != ENODEV)				fprintf(file, ";; ns_parserr: %s/n",					strerror(errno));			else if (rrnum > 0 && sflag != 0 &&				 (statp->pfcode & RES_PRF_HEAD1))				putc('/n', file);			goto cleanup;		}		if (rrnum == 0 && sflag != 0 && (statp->pfcode & RES_PRF_HEAD1))			fprintf(file, ";; %s SECTION:/n",				p_section(section, opcode));		if (section == ns_s_qd)			fprintf(file, ";;/t%s, type = %s, class = %s/n",				ns_rr_name(rr),				p_type(ns_rr_type(rr)),				p_class(ns_rr_class(rr)));		else if (section == ns_s_ar && ns_rr_type(rr) == ns_t_opt) {			u_int16_t optcode, optlen, rdatalen = ns_rr_rdlen(rr);			u_int32_t ttl = ns_rr_ttl(rr);			fprintf(file,				"; EDNS: version: %u, udp=%u, flags=%04x/n",				(ttl>>16)&0xff, ns_rr_class(rr), ttl&0xffff);			while (rdatalen >= 4) {				const u_char *cp = ns_rr_rdata(rr);				int i;				GETSHORT(optcode, cp);				GETSHORT(optlen, cp);				if (optcode == NS_OPT_NSID) {					fputs("; NSID: ", file);					if (optlen == 0) {						fputs("; NSID/n", file);					} else {						fputs("; NSID: ", file);						for (i = 0; i < optlen; i++)							fprintf(file, "%02x ",								cp[i]);						fputs(" (",file);						for (i = 0; i < optlen; i++)							fprintf(file, "%c",								isprint(cp[i])?								cp[i] : '.');						fputs(")/n", file);					}				} else {					if (optlen == 0) {						fprintf(file, "; OPT=%u/n",							optcode);					} else {						fprintf(file, "; OPT=%u: ",							optcode);						for (i = 0; i < optlen; i++)							fprintf(file, "%02x ",								cp[i]);						fputs(" (",file);						for (i = 0; i < optlen; i++)							fprintf(file, "%c",								isprint(cp[i]) ?									cp[i] : '.');						fputs(")/n", file);					}				}				rdatalen -= 4 + optlen;			}		} else {

/* * fsm_input - Input packet. */voidfsm_input(fsm *f, u_char *inpacket, int l){  u_char *inp = inpacket;  u_char code, id;  int len;  /*  * Parse header (code, id and length).  * If packet too short, drop it.  */  if (l < HEADERLEN) {    FSMDEBUG((LOG_WARNING, "fsm_input(%x): Rcvd short header./n",          f->protocol));    return;  }  GETCHAR(code, inp);  GETCHAR(id, inp);  GETSHORT(len, inp);  if (len < HEADERLEN) {    FSMDEBUG((LOG_INFO, "fsm_input(%x): Rcvd illegal length./n",        f->protocol));    return;  }  if (len > l) {    FSMDEBUG((LOG_INFO, "fsm_input(%x): Rcvd short packet./n",        f->protocol));    return;  }  len -= HEADERLEN;    /* subtract header length */  if( f->state == LS_INITIAL || f->state == LS_STARTING ) {    FSMDEBUG((LOG_INFO, "fsm_input(%x): Rcvd packet in state %d (%s)./n",        f->protocol, f->state, ppperr_strerr[f->state]));    return;  }  FSMDEBUG((LOG_INFO, "fsm_input(%s):%d,%d,%d/n", PROTO_NAME(f), code, id, l));  /*   * Action depends on code.   */  switch (code) {    case CONFREQ:      fsm_rconfreq(f, id, inp, len);      break;        case CONFACK:      fsm_rconfack(f, id, inp, len);      break;        case CONFNAK:    case CONFREJ:      fsm_rconfnakrej(f, code, id, inp, len);      break;        case TERMREQ:      fsm_rtermreq(f, id, inp, len);      break;        case TERMACK:      fsm_rtermack(f);      break;        case CODEREJ:      fsm_rcoderej(f, inp, len);      break;        default:      if( !f->callbacks->extcode ||          !(*f->callbacks->extcode)(f, code, id, inp, len) ) {        fsm_sdata(f, CODEREJ, ++f->id, inpacket, len + HEADERLEN);      }      break;  }}

/* ns_verify * Parameters: *	statp		res stuff *	msg		received message *	msglen		length of message *	key		tsig key used for verifying. *	querysig	(response), the signature in the query *	querysiglen	(response), the length of the signature in the query *	sig		(query), a buffer to hold the signature *	siglen		(query), input - length of signature buffer *				 output - length of signature * * Errors: *	- bad input (-1) *	- invalid dns message (NS_TSIG_ERROR_FORMERR) *	- TSIG is not present (NS_TSIG_ERROR_NO_TSIG) *	- key doesn't match (-ns_r_badkey) *	- TSIG verification fails with BADKEY (-ns_r_badkey) *	- TSIG verification fails with BADSIG (-ns_r_badsig) *	- TSIG verification fails with BADTIME (-ns_r_badtime) *	- TSIG verification succeeds, error set to BAKEY (ns_r_badkey) *	- TSIG verification succeeds, error set to BADSIG (ns_r_badsig) *	- TSIG verification succeeds, error set to BADTIME (ns_r_badtime) */isc_result_tns_verify(u_char *msg, unsigned *msglen, void *k,	  const u_char *querysig, unsigned querysiglen,	  u_char *sig, unsigned *siglen, time_t *timesigned, int nostrip){	HEADER *hp = (HEADER *)msg;	DST_KEY *key = (DST_KEY *)k;	u_char *cp = msg, *eom;	char name[MAXDNAME], alg[MAXDNAME];	u_char *recstart, *rdatastart;	u_char *sigstart, *otherstart;	unsigned n;	int error;	u_int16_t type, length;	u_int16_t fudge, sigfieldlen, id, otherfieldlen;	dst_init();	if (msg == NULL || msglen == NULL || *msglen < 0)		return ISC_R_INVALIDARG;	eom = msg + *msglen;	recstart = ns_find_tsig(msg, eom);	if (recstart == NULL)		return ISC_R_NO_TSIG;	cp = recstart;	/* Read the key name. */	n = dn_expand(msg, eom, cp, name, MAXDNAME);	if (n < 0)		return ISC_R_FORMERR;	cp += n;	/* Read the type. */	BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ);	GETSHORT(type, cp);	if (type != ns_t_tsig)		return ISC_R_NO_TSIG;	/* Skip the class and TTL, save the length. */	cp += INT16SZ + INT32SZ;	GETSHORT(length, cp);	if (eom - cp != length)		return ISC_R_FORMERR;	/* Read the algorithm name. */	rdatastart = cp;	n = dn_expand(msg, eom, cp, alg, MAXDNAME);	if (n < 0)		return ISC_R_FORMERR;	if (ns_samename(alg, NS_TSIG_ALG_HMAC_MD5) != 1)		return ISC_R_INVALIDKEY;	cp += n;	/* Read the time signed and fudge. */	BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ);	cp += INT16SZ;	GETLONG((*timesigned), cp);	GETSHORT(fudge, cp);	/* Read the signature. */	BOUNDS_CHECK(cp, INT16SZ);	GETSHORT(sigfieldlen, cp);	BOUNDS_CHECK(cp, sigfieldlen);	sigstart = cp;	cp += sigfieldlen;	/* Read the original id and error. */	BOUNDS_CHECK(cp, 2*INT16SZ);	GETSHORT(id, cp);	GETSHORT(error, cp);	/* Parse the other data. */	BOUNDS_CHECK(cp, INT16SZ);	GETSHORT(otherfieldlen, cp);//.........这里部分代码省略.........

bool HHVM_FUNCTION(getmxrr, const String& hostname,                   VRefParam mxhostsRef,                   VRefParam weightsRef /* = null */) {    IOStatusHelper io("dns_get_mx", hostname.data());    int count, qdc;    unsigned short type, weight;    unsigned char ans[MAXPACKET];    char buf[255 + 1];  // IETF STD 13 section 3.1; 255 bytes    unsigned char *cp, *end;    Array mxhosts;    Array weights;    SCOPE_EXIT {        mxhostsRef.assignIfRef(mxhosts);        weightsRef.assignIfRef(weights);    };    /* Go! */    struct __res_state *res;    res = ResolverInit::s_res.get()->getResolver();    if (res == NULL) {        return false;    }    int i = res_nsearch(res, hostname.data(), C_IN, DNS_T_MX,                        (unsigned char*)&ans, sizeof(ans));    if (i < 0) {        res_nclose(res);        php_dns_free_res(res);        return false;    }    if (i > (int)sizeof(ans)) {        i = sizeof(ans);    }    HEADER *hp = (HEADER *)&ans;    cp = (unsigned char *)&ans + HFIXEDSZ;    end = (unsigned char *)&ans +i;    for (qdc = ntohs((unsigned short)hp->qdcount); qdc--; cp += i + QFIXEDSZ) {        if ((i = dn_skipname(cp, end)) < 0 ) {            res_nclose(res);            php_dns_free_res(res);            return false;        }    }    count = ntohs((unsigned short)hp->ancount);    while (--count >= 0 && cp < end) {        if ((i = dn_skipname(cp, end)) < 0 ) {            res_nclose(res);            php_dns_free_res(res);            return false;        }        cp += i;        GETSHORT(type, cp);        cp += INT16SZ + INT32SZ;        GETSHORT(i, cp);        if (type != DNS_T_MX) {            cp += i;            continue;        }        GETSHORT(weight, cp);        if ((i = dn_expand(ans, end, cp, buf, sizeof(buf)-1)) < 0) {            res_nclose(res);            php_dns_free_res(res);            return false;        }        cp += i;        mxhosts.append(String(buf, CopyString));        weights.append(weight);    }    res_nclose(res);    php_dns_free_res(res);    return true;}

isc_result_tns_verify_tcp(u_char *msg, unsigned *msglen, ns_tcp_tsig_state *state,	      int required){	HEADER *hp = (HEADER *)msg;	u_char *recstart, *rdatastart, *sigstart;	unsigned sigfieldlen, otherfieldlen;	u_char *cp, *eom = msg + *msglen, *cp2;	char name[MAXDNAME], alg[MAXDNAME];	u_char buf[MAXDNAME];	int n, type, length, fudge, id, error;	time_t timesigned;	if (msg == NULL || msglen == NULL || state == NULL)		return ISC_R_INVALIDARG;	state->counter++;	if (state->counter == 0)		return (ns_verify(msg, msglen, state->key,				  state->sig, state->siglen,				  state->sig, &state->siglen, &timesigned, 0));	if (state->siglen > 0) {		u_int16_t siglen_n = htons(state->siglen);		dst_verify_data(SIG_MODE_INIT, state->key, &state->ctx,				NULL, 0, NULL, 0);		dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,				(u_char *)&siglen_n, INT16SZ, NULL, 0);		dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,				state->sig, state->siglen, NULL, 0);		state->siglen = 0;	}	cp = recstart = ns_find_tsig(msg, eom);	if (recstart == NULL) {		if (required)			return ISC_R_NO_TSIG;		dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,				msg, *msglen, NULL, 0);		return ISC_R_SUCCESS;	}	hp->arcount = htons(ntohs(hp->arcount) - 1);	dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,			msg, (unsigned)(recstart - msg), NULL, 0);		/* Read the key name. */	n = dn_expand(msg, eom, cp, name, MAXDNAME);	if (n < 0)		return ISC_R_FORMERR;	cp += n;	/* Read the type. */	BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ);	GETSHORT(type, cp);	if (type != ns_t_tsig)		return ISC_R_NO_TSIG;	/* Skip the class and TTL, save the length. */	cp += INT16SZ + INT32SZ;	GETSHORT(length, cp);	if (eom - cp != length)		return ISC_R_FORMERR;	/* Read the algorithm name. */	rdatastart = cp;	n = dn_expand(msg, eom, cp, alg, MAXDNAME);	if (n < 0)		return ISC_R_FORMERR;	if (ns_samename(alg, NS_TSIG_ALG_HMAC_MD5) != 1)		return ISC_R_BADKEY;	cp += n;	/* Verify that the key used is OK. */	if ((ns_samename(state->key->dk_key_name, name) != 1 ||	     state->key->dk_alg != KEY_HMAC_MD5))		return ISC_R_BADKEY;	/* Read the time signed and fudge. */	BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ);	cp += INT16SZ;	GETLONG(timesigned, cp);	GETSHORT(fudge, cp);	/* Read the signature. */	BOUNDS_CHECK(cp, INT16SZ);	GETSHORT(sigfieldlen, cp);	BOUNDS_CHECK(cp, sigfieldlen);	sigstart = cp;	cp += sigfieldlen;	/* Read the original id and error. */	BOUNDS_CHECK(cp, 2*INT16SZ);	GETSHORT(id, cp);	GETSHORT(error, cp);	/* Parse the other data. */	BOUNDS_CHECK(cp, INT16SZ);//.........这里部分代码省略.........

/* * fsm_input - Input packet. */void fsm_input(fsm *f, u_char *inpacket, int l) {    u_char *inp;    u_char code, id;    int len;    /*     * Parse header (code, id and length).     * If packet too short, drop it.     */    inp = inpacket;    if (l < HEADERLEN) {	FSMDEBUG(("fsm_input(%x): Rcvd short header.", f->protocol));	return;    }    GETCHAR(code, inp);    GETCHAR(id, inp);    GETSHORT(len, inp);    if (len < HEADERLEN) {	FSMDEBUG(("fsm_input(%x): Rcvd illegal length.", f->protocol));	return;    }    if (len > l) {	FSMDEBUG(("fsm_input(%x): Rcvd short packet.", f->protocol));	return;    }    len -= HEADERLEN;		/* subtract header length */    if( f->state == PPP_FSM_INITIAL || f->state == PPP_FSM_STARTING ){	FSMDEBUG(("fsm_input(%x): Rcvd packet in state %d.",		  f->protocol, f->state));	return;    }    /*     * Action depends on code.     */    switch (code) {    case CONFREQ:	fsm_rconfreq(f, id, inp, len);	break;        case CONFACK:	fsm_rconfack(f, id, inp, len);	break;        case CONFNAK:    case CONFREJ:	fsm_rconfnakrej(f, code, id, inp, len);	break;        case TERMREQ:	fsm_rtermreq(f, id, inp, len);	break;        case TERMACK:	fsm_rtermack(f);	break;        case CODEREJ:	fsm_rcoderej(f, inp, len);	break;        default:	if( !f->callbacks->extcode	   || !(*f->callbacks->extcode)(f, code, id, inp, len) )	    fsm_sdata(f, CODEREJ, ++f->id, inpacket, len + HEADERLEN);	break;    }}

WORD _getshort (const BYTE *x)   /* in <arpa/nameserv.h> */{  WORD res;  GETSHORT (res, x);  return (res);}

dns_record *dns_next_rr(dns_answer *dnsa, dns_scan *dnss, int reset){HEADER *h = (HEADER *)dnsa->answer;int namelen;/* Reset the saved data when requested to, and skip to the first required RR */if (reset != RESET_NEXT)  {  dnss->rrcount = ntohs(h->qdcount);  dnss->aptr = dnsa->answer + sizeof(HEADER);  /* Skip over questions; failure to expand the name just gives up */  while (dnss->rrcount-- > 0)    {    namelen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,      dnss->aptr, (DN_EXPAND_ARG4_TYPE) &(dnss->srr.name), DNS_MAXNAME);    if (namelen < 0) { dnss->rrcount = 0; return NULL; }    dnss->aptr += namelen + 4;    /* skip name & type & class */    }  /* Get the number of answer records. */  dnss->rrcount = ntohs(h->ancount);  /* Skip over answers if we want to look at the authority section. Also skip  the NS records (i.e. authority section) if wanting to look at the additional  records. */  if (reset == RESET_ADDITIONAL) dnss->rrcount += ntohs(h->nscount);  if (reset == RESET_AUTHORITY || reset == RESET_ADDITIONAL)    {    while (dnss->rrcount-- > 0)      {      namelen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,        dnss->aptr, (DN_EXPAND_ARG4_TYPE) &(dnss->srr.name), DNS_MAXNAME);      if (namelen < 0) { dnss->rrcount = 0; return NULL; }      dnss->aptr += namelen + 8;            /* skip name, type, class & TTL */      GETSHORT(dnss->srr.size, dnss->aptr); /* size of data portion */      dnss->aptr += dnss->srr.size;         /* skip over it */      }    dnss->rrcount = (reset == RESET_AUTHORITY)      ? ntohs(h->nscount) : ntohs(h->arcount);    }  }/* The variable dnss->aptr is now pointing at the next RR, and dnss->rrcountcontains the number of RR records left. */if (dnss->rrcount-- <= 0) return NULL;/* If expanding the RR domain name fails, behave as if no more records(something safe). */namelen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, dnss->aptr,  (DN_EXPAND_ARG4_TYPE) &(dnss->srr.name), DNS_MAXNAME);if (namelen < 0) { dnss->rrcount = 0; return NULL; }/* Move the pointer past the name and fill in the rest of the data structurefrom the following bytes. */dnss->aptr += namelen;GETSHORT(dnss->srr.type, dnss->aptr); /* Record type */dnss->aptr += 6;                      /* Don't want class or TTL */GETSHORT(dnss->srr.size, dnss->aptr); /* Size of data portion */dnss->srr.data = dnss->aptr;          /* The record's data follows */dnss->aptr += dnss->srr.size;         /* Advance to next RR *//* Return a pointer to the dns_record structure within the dns_answer. This isfor convenience so that the scans can use nice-looking for loops. */return &(dnss->srr);}

static unsigned char *php_parserr(unsigned char *cp, querybuf *answer,                                  int type_to_fetch, bool store,                                  Array &subarray) {  unsigned short type, cls ATTRIBUTE_UNUSED, dlen;  unsigned long ttl;  int64_t n, i;  unsigned short s;  unsigned char *tp, *p;  char name[MAXHOSTNAMELEN];  int have_v6_break = 0, in_v6_break = 0;  n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2);  if (n < 0) {    return NULL;  }  cp += n;  GETSHORT(type, cp);  GETSHORT(cls, cp);  GETLONG(ttl, cp);  GETSHORT(dlen, cp);  if (type_to_fetch != T_ANY && type != type_to_fetch) {    cp += dlen;    return cp;  }  if (!store) {    cp += dlen;    return cp;  }  subarray.set(s_host, String(name, CopyString));  switch (type) {  case DNS_T_A:    subarray.set(s_type, s_A);    snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);    subarray.set(s_ip, String(name, CopyString));    cp += dlen;    break;  case DNS_T_MX:    subarray.set(s_type, s_MX);    GETSHORT(n, cp);    subarray.set(s_pri, n);    /* no break; */  case DNS_T_CNAME:    if (type == DNS_T_CNAME) {      subarray.set(s_type, s_CNAME);    }    /* no break; */  case DNS_T_NS:    if (type == DNS_T_NS) {      subarray.set(s_type, s_NS);    }    /* no break; */  case DNS_T_PTR:    if (type == DNS_T_PTR) {      subarray.set(s_type, s_PTR);    }    n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);    if (n < 0) {      return NULL;    }    cp += n;    subarray.set(s_target, String(name, CopyString));    break;  case DNS_T_HINFO:    /* See RFC 1010 for values */    subarray.set(s_type, s_HINFO);    n = *cp & 0xFF;    cp++;    subarray.set(s_cpu, String((const char *)cp, n, CopyString));    cp += n;    n = *cp & 0xFF;    cp++;    subarray.set(s_os, String((const char *)cp, n, CopyString));    cp += n;    break;  case DNS_T_TXT: {    int ll = 0;    subarray.set(s_type, s_TXT);    String s = String(dlen, ReserveString);    tp = (unsigned char *)s.bufferSlice().ptr;    while (ll < dlen) {      n = cp[ll];      memcpy(tp + ll , cp + ll + 1, n);      ll = ll + n + 1;    }    s.setSize(dlen > 0 ? dlen - 1 : 0);    cp += dlen;    subarray.set(s_txt, s);    break;  }  case DNS_T_SOA:    subarray.set(s_type, s_SOA);    n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);    if (n < 0) {      return NULL;//.........这里部分代码省略.........

/* Receive packet */voidl2tp_ctrl_input(l2tpd *_this, int listener_index, struct sockaddr *peer,    struct sockaddr *sock, void *nat_t_ctx, u_char *pkt, int pktlen){	int i, len, offsiz, reqlen, is_ctrl;	uint16_t mestype;	struct l2tp_avp *avp, *avp0;	l2tp_ctrl *ctrl;	l2tp_call *call;	char buf[L2TP_AVP_MAXSIZ], errmsg[256];	time_t curr_time;	u_char *pkt0;	struct l2tp_header hdr;	char hbuf[NI_MAXHOST + NI_MAXSERV + 16];	ctrl = NULL;	curr_time = get_monosec();	pkt0 = pkt;	L2TP_CTRL_ASSERT(peer->sa_family == sock->sa_family);	L2TP_CTRL_ASSERT(peer->sa_family == AF_INET ||	    peer->sa_family == AF_INET6)    /*     * Parse L2TP Header     */	memset(&hdr, 0, sizeof(hdr));	if (pktlen < 2) {		snprintf(errmsg, sizeof(errmsg), "a short packet.  "		    "length=%d", pktlen);		goto bad_packet;	}	memcpy(&hdr, pkt, 2);	pkt += 2;	if (hdr.ver != L2TP_HEADER_VERSION_RFC2661) {		/* XXX: only RFC2661 is supported */		snprintf(errmsg, sizeof(errmsg),		    "Unsupported version at header = %d", hdr.ver);		goto bad_packet;	}	is_ctrl = (hdr.t != 0)? 1 : 0;	/* calc required length */	reqlen = 6;		/* for Flags, Tunnel-Id, Session-Id field */	if (hdr.l) reqlen += 2;	/* for Length field (opt) */	if (hdr.s) reqlen += 4;	/* for Ns, Nr field (opt) */	if (hdr.o) reqlen += 2;	/* for Offset Size field (opt) */	if (reqlen > pktlen) {		snprintf(errmsg, sizeof(errmsg),		    "a short packet. length=%d", pktlen);		goto bad_packet;	}	if (hdr.l != 0) {		GETSHORT(hdr.length, pkt);		if (hdr.length > pktlen) {			snprintf(errmsg, sizeof(errmsg),			    "Actual packet size is smaller than the length "			    "field %d < %d", pktlen, hdr.length);			goto bad_packet;		}		pktlen = hdr.length;	/* remove trailing trash */	}	GETSHORT(hdr.tunnel_id, pkt);	GETSHORT(hdr.session_id, pkt);	if (hdr.s != 0) {		GETSHORT(hdr.ns, pkt);		GETSHORT(hdr.nr, pkt);	}	if (hdr.o != 0) {		GETSHORT(offsiz, pkt);		if (pktlen < offsiz) {			snprintf(errmsg, sizeof(errmsg),			    "offset field is bigger than remaining packet "			    "length %d > %d", offsiz, pktlen);			goto bad_packet;		}		pkt += offsiz;	}	L2TP_CTRL_ASSERT(pkt - pkt0 == reqlen);	pktlen -= (pkt - pkt0);	/* cut down the length of header */	ctrl = NULL;	memset(buf, 0, sizeof(buf));	mestype = 0;	avp = NULL;	if (is_ctrl) {		avp0 = (struct l2tp_avp *)buf;		avp = avp_find_message_type_avp(avp0, pkt, pktlen);		if (avp != NULL)			mestype = avp->attr_value[0] << 8 | avp->attr_value[1];	}	ctrl = l2tpd_get_ctrl(_this, hdr.tunnel_id);	if (ctrl == NULL) {		/* new control */		if (!is_ctrl) {			snprintf(errmsg, sizeof(errmsg),			    "bad data message: tunnelId=%d is not "//.........这里部分代码省略.........