void iwn_wapi_sm_rx_wai(struct wapi_asue_st *wpa_s, const unsigned char *src_addr, const unsigned char *buf, size_t len)
{
	size_t plen;
	struct wai_hdr *hdr;
	u8 *wai_payload ;
	int res = 0;
	int frmlen = 0;

	src_addr = src_addr;/*disable warnning*/

	if(wpa_s->wapi_state <WAPISM_AL_ASSOC)
	{
		iwn_wpa_printf(MSG_DEBUG, "wpa_s->wapi_state <WAPISM_AL_ASSOC");
		return ;
	}
	else if((wpa_s->ap_type == AUTH_TYPE_WAPI) && (iwn_eloop.has_cert == 0))
	{
		iwn_wpa_printf(MSG_DEBUG, "No cert");
		return ;
	}

	hdr = (struct wai_hdr *) buf;
	if(check_wai_frame(wpa_s, buf, len) != 0){
		iwn_wpa_printf(MSG_DEBUG, "WPA: WAI frame is wrong");
		return;
	}
	wai_payload = (u8 *) (hdr + 1);

	GETSHORT((buf+6), frmlen);
	//plen = iwn_ntohs(hdr->length) - sizeof(*hdr);
	plen = frmlen - sizeof(*hdr);
	iwn_wpa_printf(MSG_ERROR, "iwn_wapi_sm_rx_wai  plen = '%d', hdr->length = '%d'. stype = %d\n", plen, frmlen, hdr->stype);

	switch (hdr->stype) {
		case WAI_AUTHACTIVE:
			res = waigroup_cert_1_3(wpa_s, wai_payload, plen);
			if(res == -1)
				wapi_supplicant_key_negotiation_state_report(WPA_ASSOCIATED);
			break;
                case WAI_ACCESS_AUTH_RESPONSE:
                        res = waigroup_cert_3_3(wpa_s, wai_payload, plen);
                        if (0 == res) {
                            timer_reset();
                        } else if (-1 == res) {
                            timer_resend();
                        } else if (-2 == res) {
                            setPskIncorrect();
                        }
                        break;
                case WAI_USK_NEGOTIATION_REQUEST:
                        res = waigroup_unicast_1_3(wpa_s, wai_payload, plen);
                        if(res == -1)
                        	wapi_supplicant_key_negotiation_state_report(WPA_ASSOCIATED);
                        else if (-2 == res) {
                                setPskIncorrect();
                        }
                        break;
                case WAI_USK_NEGOTIATION_CONFIRMATION:
                        res = waigroup_unicast_3_3(wpa_s, wai_payload, plen);
                        if (0 == res) {
                            timer_reset();
                        }  else if (-1 == res) {
                            timer_resend();
                        }
                        break;
                case WAI_MSK_ANNOUNCEMENT:
                        res = waigroup_multicast_1_2(wpa_s, wai_payload,plen);
			break;

		case WAI_STAKEY_REQUEST:
			iwn_wpa_printf(MSG_DEBUG, "WPA: receive ignore frame stype %u", hdr->stype);
			break;

		case WAI_PREAUTH_START:
		case WAI_ACCESS_AUTH_REQUEST:
		case WAI_CERT_AUTH_REQUEST:
		case WAI_CERT_AUTH_RESPONSE:
		case WAI_USK_NEGOTIATION_RESPONSE:
		case WAI_MSK_ANNOUNCEMENT_RESPONSE:
			iwn_wpa_printf(MSG_DEBUG, "WPA: receive error frame stype %u", hdr->stype);
			break;

		default:
			iwn_wpa_printf(MSG_DEBUG, "WPA: receive unknown frame stype %u", hdr->stype);
			return;
	}
	wpa_s->rxfrag = free_rxfrag(wpa_s->rxfrag);
}

//.........这里部分代码省略.........
      else if (type == T_TLSA)
        {
        uint8_t usage, selector, matching_type;
        uint16_t i, payload_length;
        uschar s[MAX_TLSA_EXPANDED_SIZE];
	uschar * sp = s;
        uschar * p = US rr->data;

        usage = *p++;
        selector = *p++;
        matching_type = *p++;
        /* What's left after removing the first 3 bytes above */
        payload_length = rr->size - 3;
        sp += sprintf(CS s, "%d%c%d%c%d%c", usage, *outsep2,
		selector, *outsep2, matching_type, *outsep2);
        /* Now append the cert/identifier, one hex char at a time */
        for (i=0;
             i < payload_length && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4);
             i++)
          sp += sprintf(CS sp, "%02x", (unsigned char)p[i]);

        yield = string_cat(yield, &size, &ptr, s);
        }
      else   /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SOA, T_SRV */
        {
        int priority, weight, port;
        uschar s[264];
        uschar * p = US rr->data;

	switch (type)
	  {
	  case T_MXH:
	    /* mxh ignores the priority number and includes only the hostnames */
	    GETSHORT(priority, p);
	    break;

	  case T_MX:
	    GETSHORT(priority, p);
	    sprintf(CS s, "%d%c", priority, *outsep2);
	    yield = string_cat(yield, &size, &ptr, s);
	    break;

	  case T_SRV:
	    GETSHORT(priority, p);
	    GETSHORT(weight, p);
	    GETSHORT(port, p);
	    sprintf(CS s, "%d%c%d%c%d%c", priority, *outsep2,
			      weight, *outsep2, port, *outsep2);
	    yield = string_cat(yield, &size, &ptr, s);
	    break;

	  case T_CSA:
	    /* See acl_verify_csa() for more comments about CSA. */
	    GETSHORT(priority, p);
	    GETSHORT(weight, p);
	    GETSHORT(port, p);

	    if (priority != 1) continue;      /* CSA version must be 1 */

	    /* If the CSA record we found is not the one we asked for, analyse
	    the subdomain assertions in the port field, else analyse the direct
	    authorization status in the weight field. */

	    if (Ustrcmp(found, domain) != 0)
	      {
	      if (port & 1) *s = 'X';         /* explicit authorization required */

//.........这里部分代码省略.........

    /* Do not perform the search if the top level or 2nd level domains do not
    exist. This is quite common, and when it occurs all the search queries would
    go to the root or TLD name servers, which is not friendly. So we check the
    AUTHORITY section; if it contains the root's SOA record or the TLD's SOA then
    the TLD or the 2LD (respectively) doesn't exist and we can skip the search.
    If the TLD and the 2LD exist but the explicit CSA record lookup failed, then
    the AUTHORITY SOA will be the 2LD's or a subdomain thereof. */

    if (rc == DNS_NOMATCH)
      {
      /* This is really gross. The successful return value from res_search() is
      the packet length, which is stored in dnsa->answerlen. If we get a
      negative DNS reply then res_search() returns -1, which causes the bounds
      checks for name decompression to fail when it is treated as a packet
      length, which in turn causes the authority search to fail. The correct
      packet length has been lost inside libresolv, so we have to guess a
      replacement value. (The only way to fix this properly would be to
      re-implement res_search() and res_query() so that they don't muddle their
      success and packet length return values.) For added safety we only reset
      the packet length if the packet header looks plausible. */

      HEADER *h = (HEADER *)dnsa->answer;
      if (h->qr == 1 && h->opcode == QUERY && h->tc == 0
	  && (h->rcode == NOERROR || h->rcode == NXDOMAIN)
	  && ntohs(h->qdcount) == 1 && ntohs(h->ancount) == 0
	  && ntohs(h->nscount) >= 1)
	    dnsa->answerlen = MAXPACKET;

      for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);
	   rr;
	   rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
	  )
	if (rr->type != T_SOA) continue;
	else if (strcmpic(rr->name, US"") == 0 ||
		 strcmpic(rr->name, tld) == 0) return DNS_NOMATCH;
	else break;
      }

    for (i = 0; i < limit; i++)
      {
      if (ipv6)
	{
	/* Scan through the IPv6 reverse DNS in chunks of 16 bits worth of IP
	address, i.e. 4 hex chars and 4 dots, i.e. 8 chars. */
	namesuff -= 8;
	if (namesuff <= name) return DNS_NOMATCH;
	}
      else
	/* Find the start of the preceding domain name label. */
	do
	  if (--namesuff <= name) return DNS_NOMATCH;
	while (*namesuff != '.');

      DEBUG(D_dns) debug_printf("CSA parent search at %s\n", namesuff + 1);

      srvname = string_sprintf("_client._smtp.%s", namesuff + 1);
      rc = dns_lookup(dnsa, srvname, T_SRV, NULL);
      if (rc == DNS_AGAIN) return rc;
      if (rc != DNS_SUCCEED) continue;

      /* Check that the SRV record we have found is worth returning. We don't
      just return the first one we find, because some lower level SRV record
      might make stricter assertions than its parent domain. */

      for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
	   rr;
	   rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
	{
	if (rr->type != T_SRV) continue;

	/* Extract the numerical SRV fields (p is incremented) */
	p = rr->data;
	GETSHORT(priority, p);
	GETSHORT(weight, p);	weight = weight; /* compiler quietening */
	GETSHORT(port, p);

	/* Check the CSA version number */
	if (priority != 1) continue;

	/* If it's making an interesting assertion, return this response. */
	if (port & 1)
	  {
	  *fully_qualified_name = namesuff + 1;
	  return DNS_SUCCEED;
	  }
	}
      }
    return DNS_NOMATCH;
    }

  default:
    if (type >= 0)
      return dns_lookup(dnsa, name, type, fully_qualified_name);
  }

/* Control should never reach here */

return DNS_FAIL;
}

static unsigned char *php_parserr(unsigned char *cp, unsigned char* end,
                                  querybuf *answer,
                                  int type_to_fetch, bool store,
                                  Array &subarray) {
    unsigned short type, cls ATTRIBUTE_UNUSED, dlen;
    unsigned long ttl;
    int64_t n, i;
    unsigned short s;
    unsigned char *tp, *p;
    char name[255 + 2];  // IETF STD 13 section 3.1; 255 bytes
    int have_v6_break = 0, in_v6_break = 0;

    n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2);
    if (n < 0) {
        return NULL;
    }
    cp += n;

    CHECKCP(10);
    GETSHORT(type, cp);
    GETSHORT(cls, cp);
    GETLONG(ttl, cp);
    GETSHORT(dlen, cp);
    CHECKCP(dlen);
    if (type_to_fetch != T_ANY && type != type_to_fetch) {
        cp += dlen;
        return cp;
    }

    if (!store) {
        cp += dlen;
        return cp;
    }

    subarray.set(s_host, String(name, CopyString));
    switch (type) {
    case DNS_T_A:
        CHECKCP(4);
        subarray.set(s_type, s_A);
        snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);
        subarray.set(s_ip, String(name, CopyString));
        cp += dlen;
        break;
    case DNS_T_MX:
        CHECKCP(2);
        subarray.set(s_type, s_MX);
        GETSHORT(n, cp);
        subarray.set(s_pri, n);
    /* no break; */
    case DNS_T_CNAME:
        if (type == DNS_T_CNAME) {
            subarray.set(s_type, s_CNAME);
        }
    /* no break; */
    case DNS_T_NS:
        if (type == DNS_T_NS) {
            subarray.set(s_type, s_NS);
        }
    /* no break; */
    case DNS_T_PTR:
        if (type == DNS_T_PTR) {
            subarray.set(s_type, s_PTR);
        }
        n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
        if (n < 0) {
            return NULL;
        }
        cp += n;
        subarray.set(s_target, String(name, CopyString));
        break;
    case DNS_T_HINFO:
        /* See RFC 1010 for values */
        subarray.set(s_type, s_HINFO);
        CHECKCP(1);
        n = *cp & 0xFF;
        cp++;
        CHECKCP(n);
        subarray.set(s_cpu, String((const char *)cp, n, CopyString));
        cp += n;
        CHECKCP(1);
        n = *cp & 0xFF;
        cp++;
        CHECKCP(n);
        subarray.set(s_os, String((const char *)cp, n, CopyString));
        cp += n;
        break;
    case DNS_T_TXT: {
        int l1 = 0, l2 = 0;

        String s = String(dlen, ReserveString);
        tp = (unsigned char *)s.mutableData();

        while (l1 < dlen) {
            n = cp[l1];
            if ((n + l1) > dlen) {
                // bad record, don't set anything
                break;
            }
            memcpy(tp + l1 , cp + l1 + 1, n);
            l1 = l1 + n + 1;
//.........这里部分代码省略.........

static bool ProcessDNSRecords(
        const unsigned char * reply,
        const unsigned char * replyEnd,
              unsigned char * cp,
            size_t anCount,
            size_t nsCount,
            size_t arCount,
     DNS_RECORD * results)
{
  DNS_RECORD lastRecord = 0;

  size_t rrCount = anCount + nsCount + arCount;
  nsCount += anCount;
  arCount += nsCount;

  size_t i;
  for (i = 0; i < rrCount; i++) {

    int section;
    if (i < anCount)
      section = DnsSectionAnswer;
    else if (i < nsCount)
      section = DnsSectionAuthority;
    else // if (i < arCount)
      section = DnsSectionAddtional;

    // get the name
    char pName[MAXDNAME];
    if (!GetDN(reply, replyEnd, cp, pName))
      return false;

    // get other common parts of the record
    unsigned short  type;
    unsigned short  dnsClass;
    unsigned long ttl;
    unsigned short  dlen;

    GETSHORT(type,     cp);
    GETSHORT(dnsClass, cp);
    GETLONG (ttl,      cp);
    GETSHORT(dlen,     cp);
    
    //
    // Avoid unused compiler warning
    //
    (void)dnsClass;
    (void)ttl;

    unsigned char * data = cp;
    cp += dlen;

    DNS_RECORD newRecord  = 0;

    switch (type) {
      default:
        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord) + sizeof(unsigned long) + dlen);
        newRecord->Data.Null.dwByteCount = dlen;
        memcpy(&newRecord->Data, data, dlen);
        break;

      case T_SRV:
        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord));
        memset(newRecord, 0, sizeof(DnsRecord));
        GETSHORT(newRecord->Data.SRV.wPriority, data);
        GETSHORT(newRecord->Data.SRV.wWeight, data);
        GETSHORT(newRecord->Data.SRV.wPort, data);
        if (!GetDN(reply, replyEnd, data, newRecord->Data.SRV.pNameTarget)) {
          free(newRecord);
          return false;
        }
        break;

      case T_MX:
        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord));
        memset(newRecord, 0, sizeof(DnsRecord));
        GETSHORT(newRecord->Data.MX.wPreference,  data);
        if (!GetDN(reply, replyEnd, data, newRecord->Data.MX.pNameExchange)) {
          free(newRecord);
          return false;
        }
        break;

      case T_A:
        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord));
        memset(newRecord, 0, sizeof(DnsRecord));
        GETLONG(newRecord->Data.A.IpAddress, data);
        break;

      case T_NS:
        newRecord = (DNS_RECORD)malloc(sizeof(DnsRecord));
        memset(newRecord, 0, sizeof(DnsRecord));
        if (!GetDN(reply, replyEnd, data, newRecord->Data.NS.pNameHost)) {
          free (newRecord);
          return false;
        }
        break;
    }

    // initialise the new record
    if (newRecord != 0) {
//.........这里部分代码省略.........

/*
 * get_input - called when incoming data is available.
 */
static void
get_input(void)
{
    int len, i;
    u_char *p;
    u_short protocol;
    struct protent *protp;

    p = inpacket_buf;	/* point to beginning of packet buffer */

    len = read_packet(inpacket_buf);
    if (len < 0)
	return;

    if (len == 0) {
	etime = time(NULL);
	minutes = (etime-stime)/60;
	syslog(LOG_NOTICE, "Modem hangup, connected for %d minutes", (minutes >1) ? minutes : 1);
	hungup = 1;
	lcp_lowerdown(0);	/* serial link is no longer available */
	link_terminated(0);
	return;
    }

    if (debug /*&& (debugflags & DBG_INPACKET)*/)
	log_packet(p, len, "rcvd ", LOG_DEBUG);

    if (len < PPP_HDRLEN) {
	MAINDEBUG((LOG_INFO, "io(): Received short packet."));
	return;
    }

    p += 2;				/* Skip address and control */
    GETSHORT(protocol, p);
    len -= PPP_HDRLEN;

    /*
     * Toss all non-LCP packets unless LCP is OPEN.
     */
    if (protocol != PPP_LCP && lcp_fsm[0].state != OPENED) {
	MAINDEBUG((LOG_INFO,
		   "get_input: Received non-LCP packet when LCP not open."));
	return;
    }

    /*
     * Until we get past the authentication phase, toss all packets
     * except LCP, LQR and authentication packets.
     */
    if (phase <= PHASE_AUTHENTICATE
	&& !(protocol == PPP_LCP || protocol == PPP_LQR
	     || protocol == PPP_PAP || protocol == PPP_CHAP)) {
	MAINDEBUG((LOG_INFO, "get_input: discarding proto 0x%x in phase %d",
		   protocol, phase));
	return;
    }

    /*
     * Upcall the proper protocol input routine.
     */
    for (i = 0; (protp = protocols[i]) != NULL; ++i) {
	if (protp->protocol == protocol && protp->enabled_flag) {
	    (*protp->input)(0, p, len);
	    return;
	}
        if (protocol == (protp->protocol & ~0x8000) && protp->enabled_flag
	    && protp->datainput != NULL) {
	    (*protp->datainput)(0, p, len);
	    return;
	}
    }

    if (debug)
    	syslog(LOG_WARNING, "Unsupported protocol (0x%x) received", protocol);
    lcp_sprotrej(0, p - PPP_HDRLEN, len + PPP_HDRLEN);
}

//.........这里部分代码省略.........
		for (count = ntohs(((HEADER *)answer)->qdcount);	
		     count > 0;
		     count--) {
			n = dn_skipname(cp, answer + len);
			if (n < 0) {
				error = ERR_PRINTING;
				done++;
				break;
			}
			cp += n + QFIXEDSZ;
			if (cp > answer + len) {
				error = ERR_PRINTING;
				done++;
				break;
			}
		}
		/* Answer. */
		for (count = ntohs(((HEADER *)answer)->ancount);
		     count > 0 && !done;
		     count--) {
			n = dn_expand(answer, answer + len, cp,
				      dname[soacnt], sizeof dname[0]);
			if (n < 0) {
				error = ERR_PRINTING;
				done++;
				break;
			}
			cp += n;
			if (cp + 3 * INT16SZ + INT32SZ > answer + len) {
				error = ERR_PRINTING;
				done++;
				break;
			}
			GETSHORT(type, cp);
			cp += INT16SZ;
			cp += INT32SZ;	/* ttl */
			GETSHORT(rlen, cp);
			cp += rlen;
			if (cp > answer + len) {
				error = ERR_PRINTING;
				done++;
				break;
			}
			if (type == T_SOA && soacnt++ &&
			    ns_samename(dname[0], dname[1]) == 1) {
				done++;
				break;
			}
		}

		/*
		 * Verify the TSIG
		 */

		if (key) {
			if (ns_find_tsig(answer, answer + len) != NULL)
				tsig_present = 1;
			else
				tsig_present = 0;
			if (numAnswers == 1 || soacnt > 1)
				tsig_required = 1;
			else
				tsig_required = 0;
			tsig_ret = ns_verify_tcp(answer, &len, &tsig_state,
						 tsig_required);
			if (tsig_ret == 0) {

main ()
{
 int i, j, hl, rc, qc, ac, p, a;
 int op, class, type, datalen, buflen, msgl;
 u_short qtype, qclass, rtype, rclass, l, l2;
 u_long rttl;
 u_char buf[100], *cp;
 char dn[100], *dname, *z, ping[50];
 struct rrec newrr, *rec;
 union {
	char cdat[4];
	unsigned long ldat;
	struct in_addr adat;
 } dat;
 union {
	u_char data[DATALEN];
	HEADER head;
 } data;

  hl = sizeof (HEADER);
  signal (SIGALRM, tfunc);
  res_init();
  printf ("Inhalt von resolv.conf\n");
  printf ("domain: %s\n", _res.defdname);
 /* printf ("MAXDNSRCH = %d\n", MAXDNSRCH);
  for (i=0; i<MAXDNSRCH; i++)
	printf ("%s\n", _res.dnsrch[i]);
*/
  printf ("%d Name-Server\n", MAXNS);
  for (i=0; i<MAXNS; i++)
  	printf ("%s\n", inet_ntoa(_res.nsaddr_list[i].sin_addr));
/*  printf ("number of addresses: %d \n", _res.ascount);
  printf ("number of name servers: %d \n", _res.nscount);
*/
  /*printf ("%d %s\n", _res.ascount, inet_ntoa(_res.sort_list[0]));*/
 
/*  strcpy (dn, "zeus.rz.htwk-leipzig.de");  */
/*  strcpy (dn, "caramba.cs.tu-berlin.de"); */ 
/*  strcpy (dn, "ftp.cs.tu-berlin.de");  */
/*  strcpy (dn, "moses.imn.htwk-leipzig.de"); */
/*  strcpy (dn, "moses"); */

 do {
  printf ("\nSuche nach IP-Adresse von\n");
  printf ("Hostname: ");
  z = gets (dn); 
  printf ("\n");
 if (z) {
  dname = dn;
  strcpy (data.data, dn);
  datalen = strlen(dn)+1;
  op = QUERY;
  buflen = sizeof(buf);
/*  _res.options |= RES_DEBUG; */
  _res.retrans = 10;
  _res.retry = 2; 
  class = C_IN; 
  type = T_A; 
  rc=res_mkquery (op, dname, class, type, data.data, datalen, &newrr, buf, buflen);

  buflen = rc;
  alarm (10);
  msgl=res_send (buf, buflen, data.data, DATALEN);
  if (msgl>0) {

/*  printf ("\nsend: %d\n", msgl); */
/* for (i=0; i< msgl; i++) {
	for (j=0; j<4; j++) dat.cdat[j] = data.data[i+j];
*/
/*	printf ("%x ", dat.ldat); 
	if (dat.ldat==x) printf ("\n%d %x\n", i, dat.ldat); 
  }
  printf ("\n");
*/
/*  for (i=0; i< msgl;i++) {
	j = data.data[i] & 0xff; printf ("%2x ", j); 
  } 
  printf ("\n");
  for (i=0; i< msgl;i++) if (data.data[i]>31) printf ("%c ", data.data[i]);
  printf ("\n");
*/
/*  printf ("%x \n", x); 
*/
  ac = data.head.ancount;
  qc = data.head.qdcount;
  p = hl;
  printf ("Query\n");
  while (qc) {
    l = data.data[p];
    while (l > 0 && l < 64) {
/*	printf ("%d \n", p); */
	for (i=1; i<=l; i++) putchar (data.data[p+i]);	       	
	p = p + l + 1;
	l = data.data[p];
	if (l) putchar ('.');
    } 
    putchar ('\n');
    p++;
    cp = data.data+p; /* GETSHORT verlangt Pointervariable !! */
/* einfache Zuweisung (auch mit cast) ergibt falsche Werte
//.........这里部分代码省略.........

//.........这里部分代码省略.........
	if (cmp_var_struct(ae_id, &(wpa_s->ae_id), wpa_s->ae_id.id_len))
	{
		iwn_wpa_printf(MSG_ERROR, "WPA: not same ae id!\n");
		iwn_wpa_hexdump(MSG_ERROR, "ae_id", ae_id,wpa_s->ae_id.id_len+ 4);
		iwn_wpa_hexdump(MSG_ERROR, "wpa_s->ae_id", (unsigned char *)&(wpa_s->ae_id),wpa_s->ae_id.id_len+ 4);
		return -1;
	}
	request_len +=wpa_s->ae_id.id_len+ 4;
	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,request_len=%d,wpa_s->ae_id.id_len=%d", __func__, __LINE__,request_len,wpa_s->ae_id.id_len);
	asue_id = ae_id + wpa_s->ae_id.id_len+ 4;
	if(asue_id == NULL) return -1;
	if (cmp_var_struct(asue_id, &(iwn_eloop.asue_id), iwn_eloop.asue_id.id_len))
	{
		iwn_wpa_printf(MSG_ERROR, "WPA: not same asue id!\n");
		return -1;
	}
	request_len +=iwn_eloop.asue_id.id_len+ 4;
	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,request_len=%d,wpa_s->asue_id.id_len=%d", __func__, __LINE__,request_len,iwn_eloop.asue_id.id_len);


	if(flag & BIT(3))
	{
		u8 *cert_pos = NULL, *asu_sign = NULL;
		u16 fix_data_len=0, sign_len=0; 
		tkey *pubkey = NULL;
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,iwn_eloop.asue_id.id_len=%d", __func__, __LINE__,iwn_eloop.asue_id.id_len);

		cert_res = asue_id +iwn_eloop.asue_id.id_len+ 4;
		if(cert_res[0] != 2)
		{
			iwn_wpa_printf(MSG_ERROR, "cert result flag is not 2!\n");
			return -1;
		}
		cert_pos = cert_res + 1 +2 + 32 + 32 + 1 + 2 ;
		GETSHORT((cert_pos), fix_data_len);
		cert_pos = cert_pos + fix_data_len + 2;
		if(cert_pos[0] != 0)
		{
			iwn_wpa_printf(MSG_ERROR, "cert result  is not ok!\n");
			return -2;
		}
		GETSHORT((cert_pos + 1 + 2), fix_data_len);
		asu_sign = cert_pos + fix_data_len + 1 + 2 + 2;
		GETSHORT((asu_sign + 1), sign_len);
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);

		GETSHORT((cert_res + 1), fix_data_len);
		cert_obj = get_cert_obj(iwn_eloop.cert_info.config.used_cert);
		pubkey = cert_obj->asu_pubkey;
		if(!(*cert_obj->verify)(pubkey->data, pubkey->length,
								cert_res,fix_data_len + 3,
								asu_sign + 1 + 2 + sign_len - 48,
								48))
		{
			iwn_wpa_hexdump(MSG_ERROR, "pubkey->data", pubkey->data,pubkey->length);
			iwn_wpa_hexdump(MSG_ERROR, "cert_res", cert_res,fix_data_len + 3);
			iwn_wpa_hexdump(MSG_ERROR, "asu_sign", asu_sign + 1 + 2 + sign_len - 48,48);
			return -1;
		}
		request_len +=fix_data_len + 3+sign_len+3 ;
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,request_len=%d,len=%d", __func__, __LINE__,request_len,len);

	}
	{
		tkey *pubkey = NULL;
		u16 fix_data_len = 0;
		u16 cert_flag = wpa_s->ae_cert.cert_flag;//iwn_ntohs(wpa_s->ae_cert.cert_flag);

		ae_sign = payload + len - 48;
		cert_obj = get_cert_obj(cert_flag);
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,wpa_s->ae_cert.len=%d", __func__, __LINE__,wpa_s->ae_cert.length);
		pubkey = (*cert_obj->get_public_key)((void *)&wpa_s->ae_cert);
		if(!(*cert_obj->verify)(pubkey->data, pubkey->length,
							payload,request_len,
							ae_sign,
							48))
		{
			pubkey = iwn_free_buffer(pubkey, sizeof(tkey));
			printf("AE sign error!!!\n");
			return -1;
		}
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
		pubkey = iwn_free_buffer(pubkey, sizeof(tkey));
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
		GETSHORT((payload+request_len+1), fix_data_len);
		request_len += fix_data_len + 3;
	}
	if(len != request_len)
	{
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d,request_len=%d,len=%d", __func__, __LINE__,request_len,len);
		return -1;
	}

	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
	asue_certauthbk_derivation(wpa_s);

	wpa_s->wapi_state = WAPISM_CNT_RESP;

	return 0;
}

struct wapi_rxfrag *iwn_wpa_defrag(struct wapi_asue_st *wpa_s, struct wapi_rxfrag *rxbuf)
{
	u8 *buf =(u8 *)rxbuf->data;
	int len = rxbuf->data_len;

	struct wai_hdr *hdr = (struct wai_hdr *)buf;
	u16 rxseq=0, last_rxseq=0;
	u8 fragno, last_fragno;
	u8 more_frag = hdr->more_frag;

	struct wapi_rxfrag *wai_frame = NULL;
	GETSHORT(hdr->rxseq, rxseq);
	fragno = hdr->frag_sc;

	/* Quick way out, if there's nothing to defragment */
	if ((!more_frag) && (fragno == 0) && (wpa_s->rxfrag== NULL))
	{
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
		return rxbuf;
	}

	/*
	 * Update the time stamp.  As a side effect, it
	 * also makes sure that the timer will not change
	 * ni->ni_rxfrag[0] for at least 1 second, or in
	 * other words, for the remaining of this function.
	 */
	/*
	 * Validate that fragment is in order and
	 * related to the previous ones.
	 */
	if (wpa_s->rxfrag) {
		struct wai_hdr *hdr1;
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);

		hdr1 = (struct wai_hdr *) wpa_s->rxfrag->data;
		GETSHORT(hdr1->rxseq, last_rxseq);
		last_fragno = hdr1->frag_sc;
		if (rxseq != last_rxseq
		    || fragno != last_fragno + 1
			||(wpa_s->rxfrag->maxlen - wpa_s->rxfrag->data_len< len)
			/*||(time(NULL) - wpa_s->rxfragstamp >1)*/
			)
		{
			/*
			 * Unrelated fragment or no space for it,
			 * clear current fragments
			 */
			wpa_s->rxfrag = free_rxfrag(wpa_s->rxfrag); 
		}
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
	}
	/* If this is the first fragment */
 	if (wpa_s->rxfrag == NULL && fragno == 0) {
		/*ni->ni_rxfrag[0] = skb;*/
		wpa_s->rxfrag = malloc_rxfrag(PAGE_LEN);
		/* If more frags are coming */
		if (more_frag) {
			wpa_put_frag(wpa_s->rxfrag, buf, len);
			iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
		
		}
	}
	else {
			if (wpa_s->rxfrag) {
			struct wai_hdr *lhdr = (struct wai_hdr *)wpa_s->rxfrag->data;

			/*
			 * We know we have enough space to copy,
			 * we've verified that before
			 */
			/* Copy current fragment at end of previous one */
			/* Update tail and length */
			wpa_put_frag(wpa_s->rxfrag , buf + WAI_HDR, len - WAI_HDR);
			
			/* Keep a copy of last sequence and fragno */
			*(u16 *)lhdr->rxseq = *(u16*)hdr->rxseq;
			lhdr->frag_sc = hdr->frag_sc;
		}
	}
		
	if (more_frag) {
		/* More to come */
		wai_frame = NULL;
	} else {
		/* Last fragment received, we're done! */
		wai_frame = wpa_s->rxfrag;
	}
/*	wpa_s->rxfragstamp = time(0);*/
	return wai_frame;
}

static int waigroup_cert_1_3(struct wapi_asue_st* wpa_s, u8* payload, int len)
{
	u8 flag = 0;
	u8 *ae_auth_flag = NULL;
	u8 *asu_id = NULL;
	u8 *ae_cer = NULL;
	u8 *ecdh = NULL;
	int ret = -1;
	

	u8 auth_act_len = WAI_FLAG_LEN  
		+32
		+2/*ASU ID Identifier*/
		+2/*ASU ID Length*/
		+2/*AE Cert type*/
		+2/*AE Cert length*/
		+1/*ECDH Parameter Identifier*/
		+2/*ECDH Parameter Length */;

	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);

	wapi_supplicant_key_negotiation_state_report(WPA_4WAY_HANDSHAKE);
	
	if(len < auth_act_len)
	{
		iwn_wpa_printf(MSG_ERROR, "WPA: WAI frame payload too short");
		return -1;
	}
	

	flag = payload[0];
	ae_auth_flag = payload+1;
	asu_id = payload+1 + 32;
	
	len -= auth_act_len;
	
	if (AUTH_TYPE_WAPI != wpa_s->ap_type)
	{
		return -1;
	}
	else
	{
		int bk_up = flag & BIT(0);
		wapi_states require = bk_up ? WAPISM_FINISH : WAPISM_AL_ASSOC;
		
		if (wpa_s->wapi_state != require)
		{
		       /* skip the usk update check */
		       if (wpa_s->usk_updated && bk_up && wpa_s->wapi_state == WAPISM_UNI_ACK)
			   	;
			else
				return -1;
		}
	}

	if(flag &BIT(0)){
		if(memcmp(ae_auth_flag, wpa_s->ae_auth_flag, 32) !=0)
		{
			iwn_wpa_printf(MSG_ERROR, "WPA: ae_auth_flag not same!\n");
			return -1;
		}
	}else{
	
		memcpy(wpa_s->ae_auth_flag, ae_auth_flag, 32);
	}
	
	/*get ASU ID*/	
	GETSHORT(asu_id, wpa_s->ae_asu_id.id_flag); 
	GETSHORT((asu_id+2), wpa_s->ae_asu_id.id_len);

	if(len <wpa_s->ae_asu_id.id_len){
		
		iwn_wpa_printf(MSG_ERROR, "WPA: WAI frame payload too short");
		return -1;
	}
	else{
		memcpy(wpa_s->ae_asu_id.id_data, asu_id+4, wpa_s->ae_asu_id.id_len);
	}
	
	len -= wpa_s->ae_asu_id.id_len; 

	/*get AE Certificate*/
	ae_cer = asu_id + 2 + 2 + wpa_s->ae_asu_id.id_len;
	
	GETSHORT(ae_cer, wpa_s->ae_cert.cert_flag); 
	GETSHORT((ae_cer+2), wpa_s->ae_cert.length); 
	
	if(len <wpa_s->ae_cert.length){
		
		iwn_wpa_printf(MSG_ERROR, "WPA: WAI frame payload too short");
		return -1;
	}
	else{
		memcpy(wpa_s->ae_cert.data, ae_cer+4, wpa_s->ae_cert.length);
	}
	len -= wpa_s->ae_cert.length;

	/*get AE ID*/
	iwn_wai_fixdata_id_by_ident(&wpa_s->ae_cert, &(wpa_s->ae_id), wpa_s->ae_cert.cert_flag);
	iwn_wpa_hexdump(MSG_DEBUG, "AE ID: ", wpa_s->ae_id.id_data, wpa_s->ae_id.id_len);
//.........这里部分代码省略.........

static int waigroup_cert_1_3_old(struct wapi_asue_st* wpa_s, u8* payload, int len)
{
	u8 flag = 0;
	u8 *ae_auth_flag = NULL;
	u8 *asu_id = NULL;
	u8 *ae_cer = NULL;
	u8 *ecdh = NULL;
	u16 fix_data_len = 0;
	int  request_len = 0;
	int ret = -1;
	
	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
	/*flag*/
	wpa_s->flag = 0;
	flag = payload[0];
	wpa_s->flag = flag;
	request_len +=1;

	{
		if (AUTH_TYPE_WAPI != wpa_s->ap_type)
		{
			return -1;
		}
		else
		{
			int bk_up = flag & BIT(0);
			wapi_states require = bk_up ? WAPISM_FINISH : WAPISM_AL_ASSOC;
			
			if (wpa_s->wapi_state != require)
			{
			       /* skip the usk update check */
			       if (wpa_s->usk_updated && bk_up && wpa_s->wapi_state == WAPISM_UNI_ACK)
				   	;
				else
					return -1;
			}
		}
	}

	ae_auth_flag = payload+1; 
	if(ae_auth_flag == NULL) 
	{
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
		return -1;
	}
	if(flag &BIT(0)){
		if(memcmp(ae_auth_flag, wpa_s->ae_auth_flag, 32) !=0)
		{
			iwn_wpa_printf(MSG_ERROR, "WPA: ae_auth_flag not same!\n");
			return -1;
		}
	}else 
		memcpy(wpa_s->ae_auth_flag, ae_auth_flag, 32);
	request_len +=32;
	
	asu_id = ae_auth_flag + 32;
	if(asu_id == NULL) 
	{
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
		return -1;
	}
	GETSHORT((asu_id + 2), fix_data_len);
	/*iwn_wpa_hexdump(MSG_DEBUG, "asu_id ", asu_id, fix_data_len+4);*/
	memcpy(&(wpa_s->ae_asu_id), asu_id ,fix_data_len + 4) ;
	request_len +=2 + 2 +fix_data_len;
	ae_cer = asu_id + 2 + 2 + fix_data_len;
	if(ae_cer == NULL) 
	{
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
		return -1;
	}

	GETSHORT(ae_cer, wpa_s->ae_cert.cert_flag); ae_cer +=2;
	GETSHORT(ae_cer, wpa_s->ae_cert.length); ae_cer +=2;
	memcpy(wpa_s->ae_cert.data, ae_cer, wpa_s->ae_cert.length);
	ae_cer -= 4;
	fix_data_len = wpa_s->ae_cert.length;
	
	/*iwn_wpa_hexdump(MSG_DEBUG, "ae_cer ", ae_cer+2+2, fix_data_len);*/
	request_len +=2 + 2 +fix_data_len;
	{
          	u16 cert_flag = 0;

		/* get ae cert type */
		GETSHORT(ae_cer , cert_flag);
		((cert_id  *)ae_cer)->length = fix_data_len; 
		iwn_wai_fixdata_id_by_ident(ae_cer, &(wpa_s->ae_id), cert_flag);
		iwn_wpa_hexdump(MSG_DEBUG, "AE ID: ", wpa_s->ae_id.id_data, wpa_s->ae_id.id_len);

	}
	ecdh = ae_cer + 2 + 2 + fix_data_len;
	if(ecdh == NULL) return -1;
	wpa_s->ecdh.para_flag = ecdh[0];
	GETSHORT((ecdh + 1), fix_data_len);
	wpa_s->ecdh.para_len = fix_data_len;
	request_len +=1 + 2 +fix_data_len;
	memcpy(&(wpa_s->ecdh.para_data), ecdh+3, fix_data_len);
	if(len != request_len) 
	{
		iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
//.........这里部分代码省略.........

//.........这里部分代码省略.........
		SET_UI64_RESULT(result, NOERROR != hp->rcode || 0 == ntohs(hp->ancount) || -1 == res ? 0 : 1);
		return SYSINFO_RET_OK;
	}

	if (NOERROR != hp->rcode || 0 == ntohs(hp->ancount) || -1 == res)
	{
		SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot perform DNS query."));
		return SYSINFO_RET_FAIL;
	}

	msg_end = answer.buffer + res;

	num_answers = ntohs(answer.h.ancount);
	num_query = ntohs(answer.h.qdcount);

	msg_ptr = answer.buffer + HFIXEDSZ;
	zbx_vector_str_create(&answers);

	/* skipping query records */
	for (; 0 < num_query && msg_ptr < msg_end; num_query--)
		msg_ptr += dn_skipname(msg_ptr, msg_end) + QFIXEDSZ;

	for (; 0 < num_answers && msg_ptr < msg_end; num_answers--)
	{
		if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))
		{
			SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
			ret = SYSINFO_RET_FAIL;
			goto clean;
		}

		offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, "%-20s", name);

		GETSHORT(q_type, msg_ptr);
		GETSHORT(q_class, msg_ptr);
		msg_ptr += INT32SZ;		/* skipping TTL */
		GETSHORT(q_len, msg_ptr);
		offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %-8s", decode_type(q_type));

		switch (q_type)
		{
			case T_A:
				switch (q_class)
				{
					case C_IN:
					case C_HS:
						memcpy(&inaddr, msg_ptr, INADDRSZ);
						offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s",
								inet_ntoa(inaddr));
						break;
					default:
						;
				}

				msg_ptr += q_len;

				break;
			case T_AAAA:
				switch (q_class)
				{
					case C_IN:
					case C_HS:
						memcpy(&in6addr, msg_ptr, IN6ADDRSZ);
						offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s",
								inet_ntop(AF_INET6, &in6addr, tmp, sizeof(tmp)));
						break;

/* Modified version of req_action */
static enum req_action
req_iquery(HEADER *hp, u_char **cpp, u_char *eom, int *buflenp, u_char *msg)
{
	int dlen, alen, n, type, class, count;
	char anbuf[2], *data, *fname;

	/*
	 * Skip domain name, get class, and type.
	 */
	if ((n = dn_skipname(*cpp, eom)) < 0) {
	  printf("FORMERR IQuery packet name problem\n");
	  hp->rcode = FORMERR;
	  return (Finish);
	}
	*cpp += n;
	GETSHORT(type, *cpp);
	GETSHORT(class, *cpp);
	*cpp += INT32SZ;	/* ttl */
	GETSHORT(dlen, *cpp);
	*cpp += dlen;
	if (*cpp != eom) {
	  printf("FORMERR IQuery message length off\n");
	  hp->rcode = FORMERR;
	  return (Finish);
	}

	/*
	 * not all inverse queries are handled.
	 * this is a meaningless switch statement to preserve original program's structure 
	 */

	switch (type) {
	case T_A:
	  if (something == 0) 
	    return (Refuse);
	  break;
	default:
	  return (Refuse);
	}
	printf("req: IQuery class %d type %d\n", class, type);

	fname = (char *)msg + HFIXEDSZ;
	alen = (char *)*cpp - fname;
	
	

	/* Check to see if anbuf is large enough to store alen bytes*/
	if ((size_t)alen > sizeof anbuf){
	  printf("BUFFER OVERFLOW DETECTED!\n");
	  return (Refuse);
	}
	printf("Copying %d bytes from fname to anbuf which can store %d bytes\n", alen, sizeof(anbuf)); 

	/*OK*/
	memcpy(anbuf, fname, alen);
	data = anbuf + alen - dlen;
	*cpp = (u_char *)fname;
	*buflenp -= HFIXEDSZ;
	count = 0;


	/* ..... do some other stuff */

	return (Finish);
}

//.........这里部分代码省略.........

    /* Make a res_query() call */
    q3 = asyncns_res_query(asyncns, "_xmpp-client._tcp.gmail.com", C_IN, T_SRV);

    if (!q3)
        fprintf(stderr, "asyncns_res_query(): %s\n", strerror(errno));

    /* Wait until the three queries are completed */
    while (!asyncns_isdone(asyncns, q1)
           || !asyncns_isdone(asyncns, q2)
           || !asyncns_isdone(asyncns, q3)) {
        if (asyncns_wait(asyncns, 1) < 0) {
            fprintf(stderr, "asyncns_wait(): %s\n", strerror(errno));
            goto fail;
        }
    }

    /* Interpret the result of the name -> addr query */
    if ((ret = asyncns_getaddrinfo_done(asyncns, q1, &ai)))
        fprintf(stderr, "error: %s %i\n", gai_strerror(ret), ret);
    else {
        struct addrinfo *i;

        for (i = ai; i; i = i->ai_next) {
            char t[256];
            const char *p = NULL;

            if (i->ai_family == PF_INET)
                p = inet_ntop(AF_INET, &((struct sockaddr_in*) i->ai_addr)->sin_addr, t, sizeof(t));
            else if (i->ai_family == PF_INET6)
                p = inet_ntop(AF_INET6, &((struct sockaddr_in6*) i->ai_addr)->sin6_addr, t, sizeof(t));

            printf("%s\n", p);
        }

        asyncns_freeaddrinfo(ai);
    }

    /* Interpret the result of the addr -> name query */
    if ((ret = asyncns_getnameinfo_done(asyncns, q2, host, sizeof(host), serv, sizeof(serv))))
        fprintf(stderr, "error: %s %i\n", gai_strerror(ret), ret);
    else
        printf("%s -- %s\n", host, serv);

    /* Interpret the result of the SRV lookup */
    if ((ret = asyncns_res_done(asyncns, q3, &srv)) < 0) {
        fprintf(stderr, "error: %s %i\n", strerror(errno), ret);
    } else if (ret == 0) {
        fprintf(stderr, "No reply for SRV lookup\n");
    } else {
        int qdcount;
        int ancount;
        int len;
        const unsigned char *pos = srv + sizeof(HEADER);
        unsigned char *end = srv + ret;
        HEADER *head = (HEADER *)srv;
        char name[256];

        qdcount = ntohs(head->qdcount);
        ancount = ntohs(head->ancount);

        printf("%d answers for srv lookup:\n", ancount);

        /* Ignore the questions */
        while (qdcount-- > 0 && (len = dn_expand(srv, end, pos, name, 255)) >= 0) {
            assert(len >= 0);
            pos += len + QFIXEDSZ;
        }

        /* Parse the answers */
        while (ancount-- > 0 && (len = dn_expand(srv, end, pos, name, 255)) >= 0) {
            /* Ignore the initial string */
            uint16_t pref, weight, port;
            assert(len >= 0);
            pos += len;
            /* Ignore type, ttl, class and dlen */
            pos += 10;

            GETSHORT(pref, pos);
            GETSHORT(weight, pos);
            GETSHORT(port, pos);
            len = dn_expand(srv, end, pos, name, 255);
            printf("\tpreference: %2d weight: %2d port: %d host: %s\n",
                   pref, weight, port, name);

            pos += len;
        }

        asyncns_freeanswer(srv);
    }

    r = 0;

fail:

    if (asyncns)
        asyncns_free(asyncns);

    return r;
}

char *ipinfo_lookup(const char *domain) {
    unsigned char answer[PACKETSZ],  *pt;
    char host[128];
    char *txt;
    int len, exp, size, txtlen, type;


    if(res_init() < 0) {
        fprintf(stderr,"@res_init failed\n");
        return NULL;
    }

    memset(answer, 0, PACKETSZ);
    if((len = res_query(domain, C_IN, T_TXT, answer, PACKETSZ)) < 0) {
#ifdef IIDEBUG
        if (iihash)
            syslog(LOG_INFO, "Malloc-txt: %s", UNKN);
#endif
        return (iihash)?strdup(UNKN):UNKN;
    }

    pt = answer + sizeof(HEADER);

    if((exp = dn_expand(answer, answer + len, pt, host, sizeof(host))) < 0) {
        printf("@dn_expand failed\n"); return NULL;
    }

    pt += exp;

    GETSHORT(type, pt);
    if(type != T_TXT) {
        printf("@Broken DNS reply.\n"); return NULL;
    }

    pt += INT16SZ; /* class */

    if((exp = dn_expand(answer, answer + len, pt, host, sizeof(host))) < 0) {
        printf("@second dn_expand failed\n"); return NULL;
    }

    pt += exp;
    GETSHORT(type, pt);
    if(type != T_TXT) {
        printf("@Not a TXT record\n"); return NULL;
    }

    pt += INT16SZ; /* class */
    pt += INT32SZ; /* ttl */
    GETSHORT(size, pt);
    txtlen = *pt;


    if(txtlen >= size || !txtlen) {
        printf("@Broken TXT record (txtlen = %d, size = %d)\n", txtlen, size); return NULL;
    }

    if (txtlen > NAMELEN)
        txtlen = NAMELEN;

    if (iihash) {
        if (!(txt = malloc(txtlen + 1)))
            return NULL;
    } else
        txt = (char*)txtrec;

    pt++;
    strncpy(txt, (char*) pt, txtlen);
    txt[txtlen] = 0;

#ifdef IIDEBUG
    if (iihash)
        syslog(LOG_INFO, "Malloc-txt(%p): %s", txt, txt);
#endif

    return txt;
}