+ }
+
+ if (ctx.cnt) return ctx.cnt;
+ return EAI_NODATA;
+}
+
+static int name_from_dns_search(struct address buf[static MAXADDRS], char canon[static 256], const char *name, int family)
+{
+ char search[256];
+ struct resolvconf conf;
+ size_t l, dots;
+ char *p, *z;
+
+ if (__get_resolv_conf(&conf, search, sizeof search) < 0) return -1;
+
+ /* Count dots, suppress search when >=ndots or name ends in
+ * a dot, which is an explicit request for global scope. */
+ for (dots=l=0; name[l]; l++) if (name[l]=='.') dots++;
+ if (dots >= conf.ndots || name[l-1]=='.') *search = 0;
+
+ /* Strip final dot for canon, fail if multiple trailing dots. */
+ if (name[l-1]=='.') l--;
+ if (!l || name[l-1]=='.') return EAI_NONAME;
+
+ /* This can never happen; the caller already checked length. */
+ if (l >= 256) return EAI_NONAME;
+
+ /* Name with search domain appended is setup in canon[]. This both
+ * provides the desired default canonical name (if the requested
+ * name is not a CNAME record) and serves as a buffer for passing
+ * the full requested name to name_from_dns. */
+ memcpy(canon, name, l);
+ canon[l] = '.';
+
+ for (p=search; *p; p=z) {
+ for (; isspace(*p); p++);
+ for (z=p; *z && !isspace(*z); z++);
+ if (z==p) break;
+ if (z-p < 256 - l - 1) {
+ memcpy(canon+l+1, p, z-p);
+ canon[z-p+1+l] = 0;
+ int cnt = name_from_dns(buf, canon, canon, family, &conf);
+ if (cnt) return cnt;
+ }
+ }
+
+ canon[l] = 0;
+ return name_from_dns(buf, canon, name, family, &conf);
+}
+
+static const struct policy {
+ unsigned char addr[16];
+ unsigned char len, mask;
+ unsigned char prec, label;
+} defpolicy[] = {
+ { "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1", 15, 0xff, 50, 0 },
+ { "\0\0\0\0\0\0\0\0\0\0\xff\xff", 11, 0xff, 35, 4 },
+ { "\x20\2", 1, 0xff, 30, 2 },
+ { "\x20\1", 3, 0xff, 5, 5 },
+ { "\xfc", 0, 0xfe, 3, 13 },
+#if 0
+ /* These are deprecated and/or returned to the address
+ * pool, so despite the RFC, treating them as special
+ * is probably wrong. */
+ { "", 11, 0xff, 1, 3 },
+ { "\xfe\xc0", 1, 0xc0, 1, 11 },
+ { "\x3f\xfe", 1, 0xff, 1, 12 },
+#endif
+ /* Last rule must match all addresses to stop loop. */
+ { "", 0, 0, 40, 1 },
+};