]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #18007 from fw-strlen/ipv6_masq_and_dnat
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
74b2466e 2
73a4cd17
MCO		 3#if HAVE_GCRYPT
4#include <gcrypt.h>
5#endif
6
b5efdb8a 7#include "alloc-util.h"
4ad7f276 8#include "dns-domain.h"
0a970718 9#include "memory-util.h"
74b2466e 10#include "resolved-dns-packet.h"
2d34cf0c 11#include "set.h"
8b43440b
LP		 12#include "string-table.h"
13#include "strv.h"
14#include "unaligned.h"
15#include "utf8.h"
16#include "util.h"
74b2466e 17
7586f4d1
TG		 18#define EDNS0_OPT_DO (1<<15)
19
ab1a1ba5 20assert_cc(DNS_PACKET_SIZE_START > DNS_PACKET_HEADER_SIZE);
88795538 21
e18a3c73
ZJS		 22typedef struct DnsPacketRewinder {
23 DnsPacket *packet;
24 size_t saved_rindex;
25} DnsPacketRewinder;
26
27static void rewind_dns_packet(DnsPacketRewinder *rewinder) {
28 if (rewinder->packet)
29 dns_packet_rewind(rewinder->packet, rewinder->saved_rindex);
30}
31
9ed794a3
VC		 32#define INIT_REWINDER(rewinder, p) do { rewinder.packet = p; rewinder.saved_rindex = p->rindex; } while (0)
33#define CANCEL_REWINDER(rewinder) do { rewinder.packet = NULL; } while (0)
e18a3c73 34
51027656
LP		 35int dns_packet_new(
36 DnsPacket **ret,
37 DnsProtocol protocol,
38 size_t min_alloc_dsize,
39 size_t max_size) {
40
74b2466e
LP		 41 DnsPacket *p;
42 size_t a;
43
44 assert(ret);
51027656
LP		 45 assert(max_size >= DNS_PACKET_HEADER_SIZE);
46
47 if (max_size > DNS_PACKET_SIZE_MAX)
48 max_size = DNS_PACKET_SIZE_MAX;
74b2466e 49
46a58596
BR		 50 /* The caller may not check what is going to be truly allocated, so do not allow to
51 * allocate a DNS packet bigger than DNS_PACKET_SIZE_MAX.
52 */
baaa35ad
ZJS		 53 if (min_alloc_dsize > DNS_PACKET_SIZE_MAX)
54 return log_error_errno(SYNTHETIC_ERRNO(EFBIG),
55 "Requested packet data size too big: %zu",
56 min_alloc_dsize);
46a58596
BR		 57
58 /* When dns_packet_new() is called with min_alloc_dsize == 0, allocate more than the
88795538
ZJS		 59 * absolute minimum (which is the dns packet header size), to avoid
60 * resizing immediately again after appending the first data to the packet.
61 */
46a58596 62 if (min_alloc_dsize < DNS_PACKET_HEADER_SIZE)
88795538
ZJS		 63 a = DNS_PACKET_SIZE_START;
64 else
46a58596 65 a = min_alloc_dsize;
74b2466e 66
c73ce96b
LP		 67 /* round up to next page size */
68 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
69
70 /* make sure we never allocate more than useful */
51027656
LP		 71 if (a > max_size)
72 a = max_size;
c73ce96b 73
74b2466e
LP		 74 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
75 if (!p)
76 return -ENOMEM;
77
1ed31408
LP		 78 *p = (DnsPacket) {
79 .n_ref = 1,
80 .protocol = protocol,
81 .size = DNS_PACKET_HEADER_SIZE,
82 .rindex = DNS_PACKET_HEADER_SIZE,
83 .allocated = a,
84 .max_size = max_size,
85 .opt_start = (size_t) -1,
86 .opt_size = (size_t) -1,
87 };
74b2466e
LP		 88
89 *ret = p;
90
91 return 0;
92}
93
dbfbb6e7 94void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
74b2466e 95
dbfbb6e7 96 DnsPacketHeader *h;
74b2466e 97
dbfbb6e7 98 assert(p);
74b2466e
LP		 99
100 h = DNS_PACKET_HEADER(p);
1716f6dc 101
dbfbb6e7
DM		 102 switch(p->protocol) {
103 case DNS_PROTOCOL_LLMNR:
104 assert(!truncated);
105
069360a6
LP		 106 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
107 0 /* opcode */,
108 0 /* c */,
e5abebab 109 0 /* tc */,
069360a6
LP		 110 0 /* t */,
111 0 /* ra */,
112 0 /* ad */,
113 0 /* cd */,
114 0 /* rcode */));
dbfbb6e7
DM		 115 break;
116
117 case DNS_PROTOCOL_MDNS:
118 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
119 0 /* opcode */,
120 0 /* aa */,
121 truncated /* tc */,
122 0 /* rd (ask for recursion) */,
123 0 /* ra */,
124 0 /* ad */,
125 0 /* cd */,
126 0 /* rcode */));
127 break;
128
129 default:
130 assert(!truncated);
131
069360a6
LP		 132 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
133 0 /* opcode */,
134 0 /* aa */,
135 0 /* tc */,
136 1 /* rd (ask for recursion) */,
137 0 /* ra */,
138 0 /* ad */,
24710c48 139 dnssec_checking_disabled /* cd */,
069360a6 140 0 /* rcode */));
dbfbb6e7
DM		 141 }
142}
143
46a58596 144int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t min_alloc_dsize, bool dnssec_checking_disabled) {
dbfbb6e7
DM		 145 DnsPacket *p;
146 int r;
147
148 assert(ret);
149
51027656 150 r = dns_packet_new(&p, protocol, min_alloc_dsize, DNS_PACKET_SIZE_MAX);
dbfbb6e7
DM		 151 if (r < 0)
152 return r;
153
154 /* Always set the TC bit to 0 initially.
155 * If there are multiple packets later, we'll update the bit shortly before sending.
156 */
157 dns_packet_set_flags(p, dnssec_checking_disabled, false);
74b2466e
LP		 158
159 *ret = p;
160 return 0;
161}
162
1a6cd020
LP		 163int dns_packet_dup(DnsPacket **ret, DnsPacket *p) {
164 DnsPacket *c;
165 int r;
166
167 assert(ret);
168 assert(p);
169
170 r = dns_packet_validate(p);
171 if (r < 0)
172 return r;
173
174 c = malloc(ALIGN(sizeof(DnsPacket)) + p->size);
175 if (!c)
176 return -ENOMEM;
177
178 *c = (DnsPacket) {
179 .n_ref = 1,
180 .protocol = p->protocol,
181 .size = p->size,
182 .rindex = DNS_PACKET_HEADER_SIZE,
183 .allocated = p->size,
184 .max_size = p->max_size,
185 .opt_start = (size_t) -1,
186 .opt_size = (size_t) -1,
187 };
188
189 memcpy(DNS_PACKET_DATA(c), DNS_PACKET_DATA(p), p->size);
190
191 *ret = c;
192 return 0;
193}
194
74b2466e
LP		 195DnsPacket *dns_packet_ref(DnsPacket *p) {
196
197 if (!p)
198 return NULL;
199
a8812dd7
LP		 200 assert(!p->on_stack);
201
74b2466e
LP		 202 assert(p->n_ref > 0);
203 p->n_ref++;
204 return p;
205}
206
207static void dns_packet_free(DnsPacket *p) {
208 char *s;
209
210 assert(p);
211
faa133f3
LP		 212 dns_question_unref(p->question);
213 dns_answer_unref(p->answer);
d75acfb0 214 dns_resource_record_unref(p->opt);
322345fd 215
74b2466e
LP		 216 while ((s = hashmap_steal_first_key(p->names)))
217 free(s);
218 hashmap_free(p->names);
219
faa133f3 220 free(p->_data);
a8812dd7
LP		 221
222 if (!p->on_stack)
223 free(p);
74b2466e
LP		 224}
225
226DnsPacket *dns_packet_unref(DnsPacket *p) {
227 if (!p)
228 return NULL;
229
230 assert(p->n_ref > 0);
231
6728a58d 232 dns_packet_unref(p->more);
9c491563 233
74b2466e
LP		 234 if (p->n_ref == 1)
235 dns_packet_free(p);
236 else
237 p->n_ref--;
238
239 return NULL;
240}
241
242int dns_packet_validate(DnsPacket *p) {
243 assert(p);
244
245 if (p->size < DNS_PACKET_HEADER_SIZE)
246 return -EBADMSG;
247
c73ce96b
LP		 248 if (p->size > DNS_PACKET_SIZE_MAX)
249 return -EBADMSG;
250
623a4c97 251 return 1;
74b2466e
LP		 252}
253
254int dns_packet_validate_reply(DnsPacket *p) {
74b2466e
LP		 255 int r;
256
257 assert(p);
258
259 r = dns_packet_validate(p);
260 if (r < 0)
261 return r;
262
623a4c97
LP		 263 if (DNS_PACKET_QR(p) != 1)
264 return 0;
265
266 if (DNS_PACKET_OPCODE(p) != 0)
74b2466e
LP		 267 return -EBADMSG;
268
818ef443 269 switch (p->protocol) {
d75acfb0 270
818ef443
DM		 271 case DNS_PROTOCOL_LLMNR:
272 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
273 if (DNS_PACKET_QDCOUNT(p) != 1)
274 return -EBADMSG;
275
276 break;
277
4e5bf5e1
DM		 278 case DNS_PROTOCOL_MDNS:
279 /* RFC 6762, Section 18 */
280 if (DNS_PACKET_RCODE(p) != 0)
281 return -EBADMSG;
282
283 break;
284
818ef443
DM		 285 default:
286 break;
287 }
ea917db9 288
623a4c97
LP		 289 return 1;
290}
291
292int dns_packet_validate_query(DnsPacket *p) {
293 int r;
294
295 assert(p);
296
297 r = dns_packet_validate(p);
298 if (r < 0)
299 return r;
300
301 if (DNS_PACKET_QR(p) != 0)
302 return 0;
303
3cb10d3a 304 if (DNS_PACKET_OPCODE(p) != 0)
74b2466e
LP		 305 return -EBADMSG;
306
623a4c97
LP		 307 if (DNS_PACKET_TC(p))
308 return -EBADMSG;
309
818ef443 310 switch (p->protocol) {
d75acfb0 311
818ef443 312 case DNS_PROTOCOL_LLMNR:
b30bf55d 313 case DNS_PROTOCOL_DNS:
818ef443
DM		 314 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
315 if (DNS_PACKET_QDCOUNT(p) != 1)
316 return -EBADMSG;
623a4c97 317
818ef443
DM		 318 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
319 if (DNS_PACKET_ANCOUNT(p) > 0)
320 return -EBADMSG;
623a4c97 321
818ef443
DM		 322 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
323 if (DNS_PACKET_NSCOUNT(p) > 0)
324 return -EBADMSG;
325
326 break;
327
4e5bf5e1
DM		 328 case DNS_PROTOCOL_MDNS:
329 /* RFC 6762, Section 18 */
330 if (DNS_PACKET_AA(p) != 0 ||
331 DNS_PACKET_RD(p) != 0 ||
332 DNS_PACKET_RA(p) != 0 ||
333 DNS_PACKET_AD(p) != 0 ||
334 DNS_PACKET_CD(p) != 0 ||
335 DNS_PACKET_RCODE(p) != 0)
336 return -EBADMSG;
337
338 break;
339
818ef443
DM		 340 default:
341 break;
342 }
623a4c97
LP		 343
344 return 1;
74b2466e
LP		 345}
346
347static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
348 assert(p);
349
c73ce96b 350 if (p->size + add > p->allocated) {
51027656 351 size_t a, ms;
c73ce96b
LP		 352
353 a = PAGE_ALIGN((p->size + add) * 2);
51027656
LP		 354
355 ms = dns_packet_size_max(p);
356 if (a > ms)
357 a = ms;
c73ce96b
LP		 358
359 if (p->size + add > a)
360 return -EMSGSIZE;
361
faa133f3 362 if (p->_data) {
c73ce96b
LP		 363 void *d;
364
faa133f3 365 d = realloc(p->_data, a);
c73ce96b
LP		 366 if (!d)
367 return -ENOMEM;
368
faa133f3 369 p->_data = d;
c73ce96b 370 } else {
faa133f3
LP		 371 p->_data = malloc(a);
372 if (!p->_data)
c73ce96b
LP		 373 return -ENOMEM;
374
faa133f3
LP		 375 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
376 memzero((uint8_t*) p->_data + p->size, a - p->size);
c73ce96b
LP		 377 }
378
379 p->allocated = a;
380 }
74b2466e
LP		 381
382 if (start)
383 *start = p->size;
384
385 if (ret)
386 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
387
388 p->size += add;
389 return 0;
390}
391
9c5e12a4 392void dns_packet_truncate(DnsPacket *p, size_t sz) {
74b2466e
LP		 393 char *s;
394 void *n;
395
396 assert(p);
397
398 if (p->size <= sz)
399 return;
400
90e74a66 401 HASHMAP_FOREACH_KEY(n, s, p->names) {
74b2466e
LP		 402
403 if (PTR_TO_SIZE(n) < sz)
404 continue;
405
406 hashmap_remove(p->names, s);
407 free(s);
408 }
409
410 p->size = sz;
411}
412
623a4c97
LP		 413int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
414 void *q;
415 int r;
416
417 assert(p);
418
419 r = dns_packet_extend(p, l, &q, start);
420 if (r < 0)
421 return r;
422
1f66559c 423 memcpy_safe(q, d, l);
623a4c97
LP		 424 return 0;
425}
426
74b2466e
LP		 427int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
428 void *d;
429 int r;
430
431 assert(p);
432
433 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
434 if (r < 0)
435 return r;
436
437 ((uint8_t*) d)[0] = v;
438
439 return 0;
440}
441
442int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
443 void *d;
444 int r;
445
446 assert(p);
447
448 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
449 if (r < 0)
450 return r;
451
725ca0e5 452 unaligned_write_be16(d, v);
623a4c97
LP		 453
454 return 0;
455}
456
457int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
458 void *d;
459 int r;
460
461 assert(p);
462
463 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
464 if (r < 0)
465 return r;
466
725ca0e5 467 unaligned_write_be32(d, v);
74b2466e
LP		 468
469 return 0;
470}
471
472int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
74b2466e
LP		 473 assert(p);
474 assert(s);
475
c38a52da 476 return dns_packet_append_raw_string(p, s, strlen(s), start);
74b2466e
LP		 477}
478
2001c805
LP		 479int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
480 void *d;
481 int r;
482
483 assert(p);
484 assert(s || size == 0);
485
486 if (size > 255)
487 return -E2BIG;
488
489 r = dns_packet_extend(p, 1 + size, &d, start);
490 if (r < 0)
491 return r;
492
493 ((uint8_t*) d)[0] = (uint8_t) size;
494
75f32f04 495 memcpy_safe(((uint8_t*) d) + 1, s, size);
2001c805
LP		 496
497 return 0;
498}
499
a3db237b 500int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
a8812dd7 501 uint8_t *w;
74b2466e
LP		 502 int r;
503
a3db237b
LP		 504 /* Append a label to a packet. Optionally, does this in DNSSEC
505 * canonical form, if this label is marked as a candidate for
506 * it, and the canonical form logic is enabled for the
507 * packet */
508
74b2466e
LP		 509 assert(p);
510 assert(d);
511
512 if (l > DNS_LABEL_MAX)
513 return -E2BIG;
514
a8812dd7 515 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
74b2466e
LP		 516 if (r < 0)
517 return r;
518
a8812dd7
LP		 519 *(w++) = (uint8_t) l;
520
a3db237b 521 if (p->canonical_form && canonical_candidate) {
a8812dd7
LP		 522 size_t i;
523
524 /* Generate in canonical form, as defined by DNSSEC
525 * RFC 4034, Section 6.2, i.e. all lower-case. */
526
b577e3d5
LP		 527 for (i = 0; i < l; i++)
528 w[i] = (uint8_t) ascii_tolower(d[i]);
a8812dd7
LP		 529 } else
530 /* Otherwise, just copy the string unaltered. This is
531 * essential for DNS-SD, where the casing of labels
532 * matters and needs to be retained. */
533 memcpy(w, d, l);
74b2466e
LP		 534
535 return 0;
536}
537
f6a5fec6
LP		 538int dns_packet_append_name(
539 DnsPacket *p,
540 const char *name,
541 bool allow_compression,
a3db237b 542 bool canonical_candidate,
f6a5fec6
LP		 543 size_t *start) {
544
74b2466e
LP		 545 size_t saved_size;
546 int r;
547
548 assert(p);
549 assert(name);
550
f6a5fec6
LP		 551 if (p->refuse_compression)
552 allow_compression = false;
553
74b2466e
LP		 554 saved_size = p->size;
555
e48b9a64 556 while (!dns_name_is_root(name)) {
08f904fd 557 const char *z = name;
74b2466e 558 char label[DNS_LABEL_MAX];
151226ab 559 size_t n = 0;
74b2466e 560
151226ab
ZJS		 561 if (allow_compression)
562 n = PTR_TO_SIZE(hashmap_get(p->names, name));
74b2466e
LP		 563 if (n > 0) {
564 assert(n < p->size);
565
566 if (n < 0x4000) {
567 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
568 if (r < 0)
569 goto fail;
570
571 goto done;
572 }
573 }
574
7470cc4c 575 r = dns_label_unescape(&name, label, sizeof label, 0);
74b2466e
LP		 576 if (r < 0)
577 goto fail;
578
a3db237b 579 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
74b2466e
LP		 580 if (r < 0)
581 goto fail;
582
151226ab 583 if (allow_compression) {
08f904fd
LP		 584 _cleanup_free_ char *s = NULL;
585
586 s = strdup(z);
587 if (!s) {
588 r = -ENOMEM;
589 goto fail;
590 }
591
3004fcd0 592 r = hashmap_ensure_put(&p->names, &dns_name_hash_ops, s, SIZE_TO_PTR(n));
151226ab
ZJS		 593 if (r < 0)
594 goto fail;
74b2466e 595
daced748 596 TAKE_PTR(s);
151226ab 597 }
74b2466e
LP		 598 }
599
600 r = dns_packet_append_uint8(p, 0, NULL);
601 if (r < 0)
602 return r;
603
604done:
605 if (start)
606 *start = saved_size;
607
608 return 0;
609
610fail:
611 dns_packet_truncate(p, saved_size);
612 return r;
613}
614
58ab31d5 615int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, const DnsAnswerFlags flags, size_t *start) {
74b2466e 616 size_t saved_size;
58ab31d5 617 uint16_t class;
74b2466e
LP		 618 int r;
619
620 assert(p);
621 assert(k);
622
623 saved_size = p->size;
624
1c02e7ba 625 r = dns_packet_append_name(p, dns_resource_key_name(k), true, true, NULL);
74b2466e
LP		 626 if (r < 0)
627 goto fail;
628
629 r = dns_packet_append_uint16(p, k->type, NULL);
630 if (r < 0)
631 goto fail;
632
58ab31d5
DR		 633 class = flags & DNS_ANSWER_CACHE_FLUSH ? k->class | MDNS_RR_CACHE_FLUSH : k->class;
634 r = dns_packet_append_uint16(p, class, NULL);
74b2466e
LP		 635 if (r < 0)
636 goto fail;
637
638 if (start)
639 *start = saved_size;
640
641 return 0;
642
643fail:
644 dns_packet_truncate(p, saved_size);
645 return r;
646}
647
e1a9f1a8 648static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
50f1e641
TG		 649 size_t saved_size;
650 int r;
651
652 assert(p);
653 assert(types);
1792f223 654 assert(length > 0);
50f1e641 655
50f1e641
TG		 656 saved_size = p->size;
657
1792f223
TG		 658 r = dns_packet_append_uint8(p, window, NULL);
659 if (r < 0)
660 goto fail;
50f1e641 661
1792f223
TG		 662 r = dns_packet_append_uint8(p, length, NULL);
663 if (r < 0)
664 goto fail;
6fa91901 665
1792f223
TG		 666 r = dns_packet_append_blob(p, types, length, NULL);
667 if (r < 0)
668 goto fail;
50f1e641
TG		 669
670 if (start)
671 *start = saved_size;
672
673 return 0;
674fail:
675 dns_packet_truncate(p, saved_size);
676 return r;
677}
678
679static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
680 uint8_t window = 0;
1792f223 681 uint8_t entry = 0;
50f1e641
TG		 682 uint8_t bitmaps[32] = {};
683 unsigned n;
684 size_t saved_size;
685 int r;
686
687 assert(p);
50f1e641
TG		 688
689 saved_size = p->size;
690
90e74a66 691 BITMAP_FOREACH(n, types) {
50f1e641
TG		 692 assert(n <= 0xffff);
693
1792f223
TG		 694 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
695 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
50f1e641
TG		 696 if (r < 0)
697 goto fail;
698
1792f223 699 zero(bitmaps);
50f1e641
TG		 700 }
701
1792f223 702 window = n >> 8;
50f1e641
TG		 703 entry = n & 255;
704
705 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
706 }
707
d0ae14ff
LP		 708 if (bitmaps[entry / 8] != 0) {
709 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
710 if (r < 0)
711 goto fail;
712 }
50f1e641
TG		 713
714 if (start)
715 *start = saved_size;
716
717 return 0;
718fail:
719 dns_packet_truncate(p, saved_size);
720 return r;
721}
722
dc913c9a 723/* Append the OPT pseudo-RR described in RFC6891 */
c36d5b5b
LP		 724int dns_packet_append_opt(
725 DnsPacket *p,
726 uint16_t max_udp_size,
727 bool edns0_do,
728 bool include_rfc6975,
729 int rcode,
730 size_t *start) {
731
dc913c9a
TG		 732 size_t saved_size;
733 int r;
734
735 assert(p);
736 /* we must never advertise supported packet size smaller than the legacy max */
737 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
f2ed4c69
LP		 738 assert(rcode >= 0);
739 assert(rcode <= _DNS_RCODE_MAX);
dc913c9a 740
519ef046
LP		 741 if (p->opt_start != (size_t) -1)
742 return -EBUSY;
743
744 assert(p->opt_size == (size_t) -1);
745
dc913c9a
TG		 746 saved_size = p->size;
747
748 /* empty name */
749 r = dns_packet_append_uint8(p, 0, NULL);
750 if (r < 0)
751 return r;
752
753 /* type */
754 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
755 if (r < 0)
756 goto fail;
757
f2ed4c69 758 /* class: maximum udp packet that can be received */
dc913c9a
TG		 759 r = dns_packet_append_uint16(p, max_udp_size, NULL);
760 if (r < 0)
761 goto fail;
762
763 /* extended RCODE and VERSION */
f2ed4c69 764 r = dns_packet_append_uint16(p, ((uint16_t) rcode & 0x0FF0) << 4, NULL);
dc913c9a
TG		 765 if (r < 0)
766 goto fail;
767
7586f4d1
TG		 768 /* flags: DNSSEC OK (DO), see RFC3225 */
769 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
dc913c9a
TG		 770 if (r < 0)
771 goto fail;
772
773 /* RDLENGTH */
c36d5b5b
LP		 774 if (edns0_do && include_rfc6975) {
775 /* If DO is on and this is requested, also append RFC6975 Algorithm data. This is supposed to
776 * be done on queries, not on replies, hencer callers should turn this off when finishing off
777 * replies. */
665408ac
LP		 778
779 static const uint8_t rfc6975[] = {
780
781 0, 5, /* OPTION_CODE: DAU */
546e635a 782#if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
73a4cd17
MCO		 783 0, 7, /* LIST_LENGTH */
784#else
665408ac 785 0, 6, /* LIST_LENGTH */
73a4cd17 786#endif
665408ac
LP		 787 DNSSEC_ALGORITHM_RSASHA1,
788 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
789 DNSSEC_ALGORITHM_RSASHA256,
790 DNSSEC_ALGORITHM_RSASHA512,
791 DNSSEC_ALGORITHM_ECDSAP256SHA256,
792 DNSSEC_ALGORITHM_ECDSAP384SHA384,
546e635a 793#if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
73a4cd17
MCO		 794 DNSSEC_ALGORITHM_ED25519,
795#endif
665408ac
LP		 796
797 0, 6, /* OPTION_CODE: DHU */
798 0, 3, /* LIST_LENGTH */
799 DNSSEC_DIGEST_SHA1,
800 DNSSEC_DIGEST_SHA256,
801 DNSSEC_DIGEST_SHA384,
802
803 0, 7, /* OPTION_CODE: N3U */
804 0, 1, /* LIST_LENGTH */
805 NSEC3_ALGORITHM_SHA1,
806 };
807
808 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL);
809 if (r < 0)
810 goto fail;
811
812 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL);
813 } else
814 r = dns_packet_append_uint16(p, 0, NULL);
dc913c9a
TG		 815 if (r < 0)
816 goto fail;
817
519ef046
LP		 818 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
819
820 p->opt_start = saved_size;
821 p->opt_size = p->size - saved_size;
822
dc913c9a
TG		 823 if (start)
824 *start = saved_size;
825
826 return 0;
827
828fail:
829 dns_packet_truncate(p, saved_size);
830 return r;
831}
832
519ef046
LP		 833int dns_packet_truncate_opt(DnsPacket *p) {
834 assert(p);
835
836 if (p->opt_start == (size_t) -1) {
837 assert(p->opt_size == (size_t) -1);
838 return 0;
839 }
840
841 assert(p->opt_size != (size_t) -1);
842 assert(DNS_PACKET_ARCOUNT(p) > 0);
843
844 if (p->opt_start + p->opt_size != p->size)
845 return -EBUSY;
846
847 dns_packet_truncate(p, p->opt_start);
848 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
849 p->opt_start = p->opt_size = (size_t) -1;
850
851 return 1;
852}
853
58ab31d5 854int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, const DnsAnswerFlags flags, size_t *start, size_t *rdata_start) {
f471bc11 855
a8812dd7 856 size_t saved_size, rdlength_offset, end, rdlength, rds;
c3ae4188 857 uint32_t ttl;
623a4c97
LP		 858 int r;
859
860 assert(p);
861 assert(rr);
862
863 saved_size = p->size;
864
58ab31d5 865 r = dns_packet_append_key(p, rr->key, flags, NULL);
623a4c97
LP		 866 if (r < 0)
867 goto fail;
868
c3ae4188
DR		 869 ttl = flags & DNS_ANSWER_GOODBYE ? 0 : rr->ttl;
870 r = dns_packet_append_uint32(p, ttl, NULL);
623a4c97
LP		 871 if (r < 0)
872 goto fail;
873
874 /* Initially we write 0 here */
875 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
876 if (r < 0)
877 goto fail;
878
a8812dd7
LP		 879 rds = p->size - saved_size;
880
52e085af 881 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
623a4c97 882
9c92ce6d
LP		 883 case DNS_TYPE_SRV:
884 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
885 if (r < 0)
886 goto fail;
887
888 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
889 if (r < 0)
890 goto fail;
891
892 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
893 if (r < 0)
894 goto fail;
895
b2776a60
YW		 896 /* RFC 2782 states "Unless and until permitted by future standards
897 * action, name compression is not to be used for this field." */
4e58741d 898 r = dns_packet_append_name(p, rr->srv.name, false, true, NULL);
9c92ce6d
LP		 899 break;
900
623a4c97
LP		 901 case DNS_TYPE_PTR:
902 case DNS_TYPE_NS:
903 case DNS_TYPE_CNAME:
8ac4e9e1 904 case DNS_TYPE_DNAME:
4e58741d 905 r = dns_packet_append_name(p, rr->ptr.name, true, true, NULL);
623a4c97
LP		 906 break;
907
908 case DNS_TYPE_HINFO:
909 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
910 if (r < 0)
911 goto fail;
912
913 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
914 break;
915
9de3e329 916 case DNS_TYPE_SPF: /* exactly the same as TXT */
2001c805 917 case DNS_TYPE_TXT:
2e276efc 918
2001c805 919 if (!rr->txt.items) {
1ccda9b7
LP		 920 /* RFC 6763, section 6.1 suggests to generate
921 * single empty string for an empty array. */
922
2001c805 923 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
2e276efc
ZJS		 924 if (r < 0)
925 goto fail;
1ccda9b7 926 } else {
2001c805
LP		 927 DnsTxtItem *i;
928
929 LIST_FOREACH(items, i, rr->txt.items) {
930 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
1ccda9b7
LP		 931 if (r < 0)
932 goto fail;
933 }
2e276efc
ZJS		 934 }
935
6a6fc3df 936 r = 0;
2e276efc 937 break;
2e276efc 938
623a4c97
LP		 939 case DNS_TYPE_A:
940 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
941 break;
942
943 case DNS_TYPE_AAAA:
944 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
945 break;
946
947 case DNS_TYPE_SOA:
4e58741d 948 r = dns_packet_append_name(p, rr->soa.mname, true, true, NULL);
623a4c97
LP		 949 if (r < 0)
950 goto fail;
951
4e58741d 952 r = dns_packet_append_name(p, rr->soa.rname, true, true, NULL);
623a4c97
LP		 953 if (r < 0)
954 goto fail;
955
956 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
957 if (r < 0)
958 goto fail;
959
960 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
961 if (r < 0)
962 goto fail;
963
964 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
965 if (r < 0)
966 goto fail;
967
968 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
969 if (r < 0)
970 goto fail;
971
972 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
973 break;
974
975 case DNS_TYPE_MX:
946c7094
ZJS		 976 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
977 if (r < 0)
978 goto fail;
979
4e58741d 980 r = dns_packet_append_name(p, rr->mx.exchange, true, true, NULL);
946c7094
ZJS		 981 break;
982
0dae31d4
ZJS		 983 case DNS_TYPE_LOC:
984 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
985 if (r < 0)
986 goto fail;
987
988 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
989 if (r < 0)
990 goto fail;
991
992 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
993 if (r < 0)
994 goto fail;
995
996 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
997 if (r < 0)
998 goto fail;
999
afbc4f26 1000 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
0dae31d4
ZJS		 1001 if (r < 0)
1002 goto fail;
1003
afbc4f26 1004 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
0dae31d4
ZJS		 1005 if (r < 0)
1006 goto fail;
1007
afbc4f26 1008 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
0dae31d4
ZJS		 1009 break;
1010
abf126a3
TG		 1011 case DNS_TYPE_DS:
1012 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
1013 if (r < 0)
1014 goto fail;
1015
1016 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
1017 if (r < 0)
1018 goto fail;
1019
1020 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
1021 if (r < 0)
1022 goto fail;
1023
1024 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
1025 break;
1026
623a4c97 1027 case DNS_TYPE_SSHFP:
42cc2eeb
LP		 1028 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
1029 if (r < 0)
1030 goto fail;
8db0d2f5 1031
42cc2eeb
LP		 1032 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
1033 if (r < 0)
1034 goto fail;
1035
549c1a25 1036 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
42cc2eeb
LP		 1037 break;
1038
8db0d2f5 1039 case DNS_TYPE_DNSKEY:
f91dc240 1040 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
8db0d2f5
ZJS		 1041 if (r < 0)
1042 goto fail;
1043
f91dc240 1044 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
8db0d2f5
ZJS		 1045 if (r < 0)
1046 goto fail;
1047
1048 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
1049 if (r < 0)
1050 goto fail;
1051
1052 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
1053 break;
1054
151226ab
ZJS		 1055 case DNS_TYPE_RRSIG:
1056 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
1057 if (r < 0)
1058 goto fail;
1059
1060 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
1061 if (r < 0)
1062 goto fail;
1063
1064 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
1065 if (r < 0)
1066 goto fail;
1067
1068 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
1069 if (r < 0)
1070 goto fail;
1071
1072 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
1073 if (r < 0)
1074 goto fail;
1075
1076 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1077 if (r < 0)
1078 goto fail;
1079
0b1b17d3 1080 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
151226ab
ZJS		 1081 if (r < 0)
1082 goto fail;
1083
a3db237b 1084 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
151226ab
ZJS		 1085 if (r < 0)
1086 goto fail;
1087
1088 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1089 break;
1090
50f1e641 1091 case DNS_TYPE_NSEC:
a3db237b 1092 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
50f1e641
TG		 1093 if (r < 0)
1094 goto fail;
1095
1096 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1097 if (r < 0)
1098 goto fail;
1099
5d45a880 1100 break;
d75acfb0 1101
5d45a880
TG		 1102 case DNS_TYPE_NSEC3:
1103 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1104 if (r < 0)
1105 goto fail;
1106
1107 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1108 if (r < 0)
1109 goto fail;
1110
1111 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1112 if (r < 0)
1113 goto fail;
1114
1115 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1116 if (r < 0)
1117 goto fail;
1118
1119 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1120 if (r < 0)
1121 goto fail;
1122
1123 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1124 if (r < 0)
1125 goto fail;
1126
1127 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1128 if (r < 0)
1129 goto fail;
1130
1131 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1132 if (r < 0)
1133 goto fail;
1134
50f1e641 1135 break;
d75acfb0 1136
48d45d2b
ZJS		 1137 case DNS_TYPE_TLSA:
1138 r = dns_packet_append_uint8(p, rr->tlsa.cert_usage, NULL);
1139 if (r < 0)
1140 goto fail;
1141
1142 r = dns_packet_append_uint8(p, rr->tlsa.selector, NULL);
1143 if (r < 0)
1144 goto fail;
1145
1146 r = dns_packet_append_uint8(p, rr->tlsa.matching_type, NULL);
1147 if (r < 0)
1148 goto fail;
1149
1150 r = dns_packet_append_blob(p, rr->tlsa.data, rr->tlsa.data_size, NULL);
1151 break;
1152
95052df3
ZJS		 1153 case DNS_TYPE_CAA:
1154 r = dns_packet_append_uint8(p, rr->caa.flags, NULL);
1155 if (r < 0)
1156 goto fail;
1157
1158 r = dns_packet_append_string(p, rr->caa.tag, NULL);
1159 if (r < 0)
1160 goto fail;
1161
1162 r = dns_packet_append_blob(p, rr->caa.value, rr->caa.value_size, NULL);
1163 break;
1164
d75acfb0 1165 case DNS_TYPE_OPT:
d93a16b8 1166 case DNS_TYPE_OPENPGPKEY:
52e085af 1167 case _DNS_TYPE_INVALID: /* unparsable */
623a4c97 1168 default:
0dae31d4 1169
a43a068a 1170 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.data_size, NULL);
623a4c97
LP		 1171 break;
1172 }
1173 if (r < 0)
1174 goto fail;
1175
1176 /* Let's calculate the actual data size and update the field */
1177 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1178 if (rdlength > 0xFFFF) {
555f5cdc 1179 r = -ENOSPC;
623a4c97
LP		 1180 goto fail;
1181 }
1182
1183 end = p->size;
1184 p->size = rdlength_offset;
1185 r = dns_packet_append_uint16(p, rdlength, NULL);
1186 if (r < 0)
1187 goto fail;
1188 p->size = end;
1189
351e6342
LP		 1190 if (start)
1191 *start = saved_size;
1192
a8812dd7
LP		 1193 if (rdata_start)
1194 *rdata_start = rds;
1195
623a4c97
LP		 1196 return 0;
1197
1198fail:
1199 dns_packet_truncate(p, saved_size);
1200 return r;
1201}
1202
f471bc11
LP		 1203int dns_packet_append_question(DnsPacket *p, DnsQuestion *q) {
1204 DnsResourceKey *key;
1205 int r;
1206
1207 assert(p);
1208
1209 DNS_QUESTION_FOREACH(key, q) {
58ab31d5 1210 r = dns_packet_append_key(p, key, 0, NULL);
f471bc11
LP		 1211 if (r < 0)
1212 return r;
1213 }
1214
1215 return 0;
1216}
1217
6f76e68a 1218int dns_packet_append_answer(DnsPacket *p, DnsAnswer *a, unsigned *completed) {
f471bc11 1219 DnsResourceRecord *rr;
58ab31d5 1220 DnsAnswerFlags flags;
f471bc11
LP		 1221 int r;
1222
1223 assert(p);
1224
58ab31d5
DR		 1225 DNS_ANSWER_FOREACH_FLAGS(rr, flags, a) {
1226 r = dns_packet_append_rr(p, rr, flags, NULL, NULL);
f471bc11
LP		 1227 if (r < 0)
1228 return r;
6f76e68a
LP		 1229
1230 if (completed)
1231 (*completed)++;
f471bc11
LP		 1232 }
1233
1234 return 0;
1235}
1236
74b2466e
LP		 1237int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1238 assert(p);
1239
1240 if (p->rindex + sz > p->size)
1241 return -EMSGSIZE;
1242
1243 if (ret)
1244 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1245
1246 if (start)
1247 *start = p->rindex;
1248
1249 p->rindex += sz;
1250 return 0;
1251}
1252
8ba9fd9c 1253void dns_packet_rewind(DnsPacket *p, size_t idx) {
74b2466e
LP		 1254 assert(p);
1255 assert(idx <= p->size);
1256 assert(idx >= DNS_PACKET_HEADER_SIZE);
1257
1258 p->rindex = idx;
1259}
1260
623a4c97
LP		 1261int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1262 const void *q;
1263 int r;
1264
1265 assert(p);
1266 assert(d);
1267
1268 r = dns_packet_read(p, sz, &q, start);
1269 if (r < 0)
1270 return r;
1271
1272 memcpy(d, q, sz);
1273 return 0;
1274}
1275
f5430a3e
LP		 1276static int dns_packet_read_memdup(
1277 DnsPacket *p, size_t size,
1278 void **ret, size_t *ret_size,
1279 size_t *ret_start) {
1280
1281 const void *src;
1282 size_t start;
1283 int r;
1284
1285 assert(p);
1286 assert(ret);
1287
1288 r = dns_packet_read(p, size, &src, &start);
1289 if (r < 0)
1290 return r;
1291
1292 if (size <= 0)
1293 *ret = NULL;
1294 else {
1295 void *copy;
1296
1297 copy = memdup(src, size);
1298 if (!copy)
1299 return -ENOMEM;
1300
1301 *ret = copy;
1302 }
1303
1304 if (ret_size)
1305 *ret_size = size;
1306 if (ret_start)
1307 *ret_start = start;
1308
1309 return 0;
1310}
1311
74b2466e
LP		 1312int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1313 const void *d;
1314 int r;
1315
1316 assert(p);
1317
1318 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1319 if (r < 0)
1320 return r;
1321
1322 *ret = ((uint8_t*) d)[0];
1323 return 0;
1324}
1325
1326int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1327 const void *d;
1328 int r;
1329
1330 assert(p);
1331
1332 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1333 if (r < 0)
1334 return r;
1335
81b4d94d
LP		 1336 if (ret)
1337 *ret = unaligned_read_be16(d);
725ca0e5 1338
74b2466e
LP		 1339 return 0;
1340}
1341
1342int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1343 const void *d;
1344 int r;
1345
1346 assert(p);
1347
1348 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1349 if (r < 0)
1350 return r;
1351
725ca0e5 1352 *ret = unaligned_read_be32(d);
74b2466e
LP		 1353
1354 return 0;
1355}
1356
1357int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
e18a3c73 1358 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
74b2466e
LP		 1359 const void *d;
1360 char *t;
1361 uint8_t c;
1362 int r;
1363
1364 assert(p);
e18a3c73 1365 INIT_REWINDER(rewinder, p);
74b2466e
LP		 1366
1367 r = dns_packet_read_uint8(p, &c, NULL);
1368 if (r < 0)
e18a3c73 1369 return r;
74b2466e
LP		 1370
1371 r = dns_packet_read(p, c, &d, NULL);
1372 if (r < 0)
e18a3c73 1373 return r;
74b2466e 1374
e18a3c73
ZJS		 1375 if (memchr(d, 0, c))
1376 return -EBADMSG;
74b2466e
LP		 1377
1378 t = strndup(d, c);
e18a3c73
ZJS		 1379 if (!t)
1380 return -ENOMEM;
74b2466e
LP		 1381
1382 if (!utf8_is_valid(t)) {
1383 free(t);
e18a3c73 1384 return -EBADMSG;
74b2466e
LP		 1385 }
1386
1387 *ret = t;
1388
1389 if (start)
e18a3c73
ZJS		 1390 *start = rewinder.saved_rindex;
1391 CANCEL_REWINDER(rewinder);
74b2466e
LP		 1392
1393 return 0;
74b2466e
LP		 1394}
1395
2001c805 1396int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
e18a3c73 1397 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
2001c805
LP		 1398 uint8_t c;
1399 int r;
1400
1401 assert(p);
e18a3c73 1402 INIT_REWINDER(rewinder, p);
2001c805
LP		 1403
1404 r = dns_packet_read_uint8(p, &c, NULL);
1405 if (r < 0)
e18a3c73 1406 return r;
2001c805
LP		 1407
1408 r = dns_packet_read(p, c, ret, NULL);
1409 if (r < 0)
e18a3c73 1410 return r;
2001c805
LP		 1411
1412 if (size)
1413 *size = c;
1414 if (start)
e18a3c73
ZJS		 1415 *start = rewinder.saved_rindex;
1416 CANCEL_REWINDER(rewinder);
2001c805
LP		 1417
1418 return 0;
2001c805
LP		 1419}
1420
f6a5fec6
LP		 1421int dns_packet_read_name(
1422 DnsPacket *p,
81b4d94d 1423 char **ret,
f6a5fec6 1424 bool allow_compression,
81b4d94d 1425 size_t *ret_start) {
f6a5fec6 1426
e18a3c73
ZJS		 1427 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1428 size_t after_rindex = 0, jump_barrier;
81b4d94d 1429 _cleanup_free_ char *name = NULL;
74b2466e
LP		 1430 size_t n = 0, allocated = 0;
1431 bool first = true;
1432 int r;
1433
1434 assert(p);
81b4d94d 1435
e18a3c73
ZJS		 1436 INIT_REWINDER(rewinder, p);
1437 jump_barrier = p->rindex;
74b2466e 1438
f6a5fec6
LP		 1439 if (p->refuse_compression)
1440 allow_compression = false;
1441
74b2466e
LP		 1442 for (;;) {
1443 uint8_t c, d;
1444
1445 r = dns_packet_read_uint8(p, &c, NULL);
1446 if (r < 0)
e18a3c73 1447 return r;
74b2466e
LP		 1448
1449 if (c == 0)
1450 /* End of name */
1451 break;
1452 else if (c <= 63) {
74b2466e
LP		 1453 const char *label;
1454
1455 /* Literal label */
1456 r = dns_packet_read(p, c, (const void**) &label, NULL);
1457 if (r < 0)
e18a3c73 1458 return r;
74b2466e 1459
81b4d94d 1460 if (!GREEDY_REALLOC(name, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
e18a3c73 1461 return -ENOMEM;
74b2466e 1462
422baca0 1463 if (first)
74b2466e 1464 first = false;
422baca0 1465 else
81b4d94d 1466 name[n++] = '.';
422baca0 1467
81b4d94d 1468 r = dns_label_escape(label, c, name + n, DNS_LABEL_ESCAPED_MAX);
422baca0 1469 if (r < 0)
e18a3c73 1470 return r;
74b2466e 1471
74b2466e
LP		 1472 n += r;
1473 continue;
d7a0f1f4 1474 } else if (allow_compression && FLAGS_SET(c, 0xc0)) {
74b2466e
LP		 1475 uint16_t ptr;
1476
1477 /* Pointer */
1478 r = dns_packet_read_uint8(p, &d, NULL);
1479 if (r < 0)
e18a3c73 1480 return r;
74b2466e
LP		 1481
1482 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
e18a3c73
ZJS		 1483 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier)
1484 return -EBADMSG;
74b2466e
LP		 1485
1486 if (after_rindex == 0)
1487 after_rindex = p->rindex;
1488
f131770b 1489 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
c75dbf9b 1490 jump_barrier = ptr;
74b2466e 1491 p->rindex = ptr;
e18a3c73
ZJS		 1492 } else
1493 return -EBADMSG;
74b2466e
LP		 1494 }
1495
81b4d94d 1496 if (!GREEDY_REALLOC(name, allocated, n + 1))
e18a3c73 1497 return -ENOMEM;
74b2466e 1498
81b4d94d 1499 name[n] = 0;
74b2466e
LP		 1500
1501 if (after_rindex != 0)
1502 p->rindex= after_rindex;
1503
81b4d94d
LP		 1504 if (ret)
1505 *ret = TAKE_PTR(name);
1506 if (ret_start)
1507 *ret_start = rewinder.saved_rindex;
74b2466e 1508
e18a3c73 1509 CANCEL_REWINDER(rewinder);
74b2466e
LP		 1510
1511 return 0;
74b2466e
LP		 1512}
1513
50f1e641
TG		 1514static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
1515 uint8_t window;
1516 uint8_t length;
1517 const uint8_t *bitmap;
2ad613ad 1518 uint8_t bit = 0;
50f1e641
TG		 1519 unsigned i;
1520 bool found = false;
e18a3c73 1521 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
50f1e641
TG		 1522 int r;
1523
1524 assert(p);
1525 assert(types);
e18a3c73 1526 INIT_REWINDER(rewinder, p);
50f1e641
TG		 1527
1528 r = bitmap_ensure_allocated(types);
1529 if (r < 0)
e18a3c73 1530 return r;
50f1e641
TG		 1531
1532 r = dns_packet_read_uint8(p, &window, NULL);
1533 if (r < 0)
e18a3c73 1534 return r;
50f1e641
TG		 1535
1536 r = dns_packet_read_uint8(p, &length, NULL);
1537 if (r < 0)
e18a3c73 1538 return r;
50f1e641
TG		 1539
1540 if (length == 0 || length > 32)
1541 return -EBADMSG;
1542
1543 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1544 if (r < 0)
e18a3c73 1545 return r;
50f1e641
TG		 1546
1547 for (i = 0; i < length; i++) {
1548 uint8_t bitmask = 1 << 7;
50f1e641
TG		 1549
1550 if (!bitmap[i]) {
1551 found = false;
2ad613ad 1552 bit += 8;
50f1e641
TG		 1553 continue;
1554 }
1555
1556 found = true;
1557
9f939335 1558 for (; bitmask; bit++, bitmask >>= 1)
50f1e641
TG		 1559 if (bitmap[i] & bitmask) {
1560 uint16_t n;
1561
50f1e641
TG		 1562 n = (uint16_t) window << 8 | (uint16_t) bit;
1563
8e6edc49
TG		 1564 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1565 if (dns_type_is_pseudo(n))
1566 continue;
1567
50f1e641
TG		 1568 r = bitmap_set(*types, n);
1569 if (r < 0)
e18a3c73 1570 return r;
50f1e641 1571 }
50f1e641
TG		 1572 }
1573
1574 if (!found)
1575 return -EBADMSG;
1576
1577 if (start)
e18a3c73
ZJS		 1578 *start = rewinder.saved_rindex;
1579 CANCEL_REWINDER(rewinder);
50f1e641
TG		 1580
1581 return 0;
50f1e641
TG		 1582}
1583
89492aaf 1584static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
e18a3c73 1585 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
89492aaf
TG		 1586 int r;
1587
e18a3c73 1588 INIT_REWINDER(rewinder, p);
89492aaf 1589
e18a3c73 1590 while (p->rindex < rewinder.saved_rindex + size) {
89492aaf
TG		 1591 r = dns_packet_read_type_window(p, types, NULL);
1592 if (r < 0)
e18a3c73 1593 return r;
89492aaf
TG		 1594
1595 /* don't read past end of current RR */
e18a3c73
ZJS		 1596 if (p->rindex > rewinder.saved_rindex + size)
1597 return -EBADMSG;
89492aaf
TG		 1598 }
1599
e18a3c73
ZJS		 1600 if (p->rindex != rewinder.saved_rindex + size)
1601 return -EBADMSG;
89492aaf
TG		 1602
1603 if (start)
e18a3c73
ZJS		 1604 *start = rewinder.saved_rindex;
1605 CANCEL_REWINDER(rewinder);
89492aaf
TG		 1606
1607 return 0;
89492aaf
TG		 1608}
1609
81b4d94d
LP		 1610int dns_packet_read_key(
1611 DnsPacket *p,
1612 DnsResourceKey **ret,
1613 bool *ret_cache_flush,
1614 size_t *ret_start) {
1615
e18a3c73 1616 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
faa133f3 1617 _cleanup_free_ char *name = NULL;
d2579eec 1618 bool cache_flush = false;
faa133f3 1619 uint16_t class, type;
74b2466e
LP		 1620 int r;
1621
1622 assert(p);
e18a3c73 1623 INIT_REWINDER(rewinder, p);
74b2466e 1624
151226ab 1625 r = dns_packet_read_name(p, &name, true, NULL);
74b2466e 1626 if (r < 0)
e18a3c73 1627 return r;
74b2466e 1628
faa133f3 1629 r = dns_packet_read_uint16(p, &type, NULL);
74b2466e 1630 if (r < 0)
e18a3c73 1631 return r;
74b2466e 1632
faa133f3 1633 r = dns_packet_read_uint16(p, &class, NULL);
74b2466e 1634 if (r < 0)
e18a3c73 1635 return r;
74b2466e 1636
23502de3
DM		 1637 if (p->protocol == DNS_PROTOCOL_MDNS) {
1638 /* See RFC6762, Section 10.2 */
1639
d2579eec 1640 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH)) {
23502de3 1641 class &= ~MDNS_RR_CACHE_FLUSH;
d2579eec
LP		 1642 cache_flush = true;
1643 }
23502de3
DM		 1644 }
1645
81b4d94d
LP		 1646 if (ret) {
1647 DnsResourceKey *key;
faa133f3 1648
81b4d94d
LP		 1649 key = dns_resource_key_new_consume(class, type, name);
1650 if (!key)
1651 return -ENOMEM;
1652
1653 TAKE_PTR(name);
1654 *ret = key;
1655 }
74b2466e 1656
d2579eec
LP		 1657 if (ret_cache_flush)
1658 *ret_cache_flush = cache_flush;
81b4d94d
LP		 1659 if (ret_start)
1660 *ret_start = rewinder.saved_rindex;
74b2466e 1661
81b4d94d 1662 CANCEL_REWINDER(rewinder);
74b2466e 1663 return 0;
74b2466e
LP		 1664}
1665
afbc4f26
ZJS		 1666static bool loc_size_ok(uint8_t size) {
1667 uint8_t m = size >> 4, e = size & 0xF;
1668
1669 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1670}
1671
81b4d94d
LP		 1672int dns_packet_read_rr(
1673 DnsPacket *p,
1674 DnsResourceRecord **ret,
1675 bool *ret_cache_flush,
1676 size_t *ret_start) {
1677
faa133f3
LP		 1678 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1679 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
e18a3c73
ZJS		 1680 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1681 size_t offset;
74b2466e 1682 uint16_t rdlength;
d2579eec 1683 bool cache_flush;
74b2466e
LP		 1684 int r;
1685
1686 assert(p);
74b2466e 1687
e18a3c73 1688 INIT_REWINDER(rewinder, p);
74b2466e 1689
d2579eec 1690 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
74b2466e 1691 if (r < 0)
e18a3c73 1692 return r;
74b2466e 1693
e18a3c73
ZJS		 1694 if (!dns_class_is_valid_rr(key->class) || !dns_type_is_valid_rr(key->type))
1695 return -EBADMSG;
0e2bcd6a 1696
faa133f3 1697 rr = dns_resource_record_new(key);
e18a3c73
ZJS		 1698 if (!rr)
1699 return -ENOMEM;
faa133f3 1700
74b2466e
LP		 1701 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1702 if (r < 0)
e18a3c73 1703 return r;
74b2466e 1704
0d0b52d7
LP		 1705 /* RFC 2181, Section 8, suggests to
1706 * treat a TTL with the MSB set as a zero TTL. */
1707 if (rr->ttl & UINT32_C(0x80000000))
1708 rr->ttl = 0;
1709
74b2466e
LP		 1710 r = dns_packet_read_uint16(p, &rdlength, NULL);
1711 if (r < 0)
e18a3c73 1712 return r;
74b2466e 1713
e18a3c73
ZJS		 1714 if (p->rindex + rdlength > p->size)
1715 return -EBADMSG;
74b2466e
LP		 1716
1717 offset = p->rindex;
1718
faa133f3 1719 switch (rr->key->type) {
74b2466e 1720
9c92ce6d
LP		 1721 case DNS_TYPE_SRV:
1722 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1723 if (r < 0)
e18a3c73 1724 return r;
9c92ce6d
LP		 1725 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1726 if (r < 0)
e18a3c73 1727 return r;
9c92ce6d
LP		 1728 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1729 if (r < 0)
e18a3c73 1730 return r;
151226ab 1731 r = dns_packet_read_name(p, &rr->srv.name, true, NULL);
9c92ce6d
LP		 1732 break;
1733
74b2466e
LP		 1734 case DNS_TYPE_PTR:
1735 case DNS_TYPE_NS:
1736 case DNS_TYPE_CNAME:
8ac4e9e1 1737 case DNS_TYPE_DNAME:
151226ab 1738 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
74b2466e
LP		 1739 break;
1740
1741 case DNS_TYPE_HINFO:
1742 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1743 if (r < 0)
e18a3c73 1744 return r;
74b2466e
LP		 1745
1746 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1747 break;
1748
9de3e329 1749 case DNS_TYPE_SPF: /* exactly the same as TXT */
1ccda9b7
LP		 1750 case DNS_TYPE_TXT:
1751 if (rdlength <= 0) {
ebb779dc
DR		 1752 r = dns_txt_item_new_empty(&rr->txt.items);
1753 if (r < 0)
1754 return r;
1ccda9b7 1755 } else {
2001c805
LP		 1756 DnsTxtItem *last = NULL;
1757
1ccda9b7 1758 while (p->rindex < offset + rdlength) {
2001c805
LP		 1759 DnsTxtItem *i;
1760 const void *data;
1761 size_t sz;
2e276efc 1762
2001c805 1763 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1ccda9b7 1764 if (r < 0)
2001c805 1765 return r;
1ccda9b7 1766
2001c805
LP		 1767 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1768 if (!i)
1769 return -ENOMEM;
1770
1771 memcpy(i->data, data, sz);
1772 i->length = sz;
1773
1774 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1775 last = i;
1ccda9b7 1776 }
6a6fc3df
LP		 1777 }
1778
1779 r = 0;
2e276efc 1780 break;
2e276efc 1781
74b2466e 1782 case DNS_TYPE_A:
623a4c97 1783 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
74b2466e
LP		 1784 break;
1785
1786 case DNS_TYPE_AAAA:
623a4c97 1787 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
74b2466e
LP		 1788 break;
1789
7e8e0422 1790 case DNS_TYPE_SOA:
151226ab 1791 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
7e8e0422 1792 if (r < 0)
e18a3c73 1793 return r;
7e8e0422 1794
151226ab 1795 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
7e8e0422 1796 if (r < 0)
e18a3c73 1797 return r;
7e8e0422
LP		 1798
1799 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1800 if (r < 0)
e18a3c73 1801 return r;
7e8e0422
LP		 1802
1803 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1804 if (r < 0)
e18a3c73 1805 return r;
7e8e0422
LP		 1806
1807 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1808 if (r < 0)
e18a3c73 1809 return r;
7e8e0422
LP		 1810
1811 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1812 if (r < 0)
e18a3c73 1813 return r;
7e8e0422
LP		 1814
1815 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1816 break;
1817
623a4c97 1818 case DNS_TYPE_MX:
946c7094
ZJS		 1819 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1820 if (r < 0)
e18a3c73 1821 return r;
946c7094 1822
151226ab 1823 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
946c7094
ZJS		 1824 break;
1825
0dae31d4
ZJS		 1826 case DNS_TYPE_LOC: {
1827 uint8_t t;
1828 size_t pos;
1829
1830 r = dns_packet_read_uint8(p, &t, &pos);
1831 if (r < 0)
e18a3c73 1832 return r;
0dae31d4
ZJS		 1833
1834 if (t == 0) {
1835 rr->loc.version = t;
1836
1837 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1838 if (r < 0)
e18a3c73 1839 return r;
0dae31d4 1840
e18a3c73
ZJS		 1841 if (!loc_size_ok(rr->loc.size))
1842 return -EBADMSG;
afbc4f26 1843
0dae31d4
ZJS		 1844 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1845 if (r < 0)
e18a3c73 1846 return r;
0dae31d4 1847
e18a3c73
ZJS		 1848 if (!loc_size_ok(rr->loc.horiz_pre))
1849 return -EBADMSG;
afbc4f26 1850
0dae31d4
ZJS		 1851 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1852 if (r < 0)
e18a3c73 1853 return r;
0dae31d4 1854
e18a3c73
ZJS		 1855 if (!loc_size_ok(rr->loc.vert_pre))
1856 return -EBADMSG;
afbc4f26 1857
0dae31d4
ZJS		 1858 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1859 if (r < 0)
e18a3c73 1860 return r;
0dae31d4
ZJS		 1861
1862 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1863 if (r < 0)
e18a3c73 1864 return r;
0dae31d4
ZJS		 1865
1866 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
1867 if (r < 0)
e18a3c73 1868 return r;
0dae31d4
ZJS		 1869
1870 break;
1871 } else {
1872 dns_packet_rewind(p, pos);
52e085af
ZJS		 1873 rr->unparsable = true;
1874 goto unparsable;
0dae31d4
ZJS		 1875 }
1876 }
1877
abf126a3
TG		 1878 case DNS_TYPE_DS:
1879 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
1880 if (r < 0)
e18a3c73 1881 return r;
abf126a3
TG		 1882
1883 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
1884 if (r < 0)
e18a3c73 1885 return r;
abf126a3
TG		 1886
1887 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
1888 if (r < 0)
e18a3c73 1889 return r;
abf126a3 1890
8a0f6d1f
SL		 1891 if (rdlength < 4)
1892 return -EBADMSG;
1893
f5430a3e
LP		 1894 r = dns_packet_read_memdup(p, rdlength - 4,
1895 &rr->ds.digest, &rr->ds.digest_size,
1896 NULL);
abf126a3 1897 if (r < 0)
e18a3c73 1898 return r;
abf126a3 1899
e18a3c73 1900 if (rr->ds.digest_size <= 0)
f1d178cc
TG		 1901 /* the accepted size depends on the algorithm, but for now
1902 just ensure that the value is greater than zero */
e18a3c73 1903 return -EBADMSG;
f1d178cc 1904
abf126a3 1905 break;
d75acfb0 1906
623a4c97 1907 case DNS_TYPE_SSHFP:
42cc2eeb
LP		 1908 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
1909 if (r < 0)
e18a3c73 1910 return r;
42cc2eeb
LP		 1911
1912 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
1913 if (r < 0)
e18a3c73 1914 return r;
42cc2eeb 1915
8a0f6d1f
SL		 1916 if (rdlength < 2)
1917 return -EBADMSG;
1918
f5430a3e 1919 r = dns_packet_read_memdup(p, rdlength - 2,
549c1a25 1920 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
f5430a3e 1921 NULL);
f1d178cc 1922
e18a3c73 1923 if (rr->sshfp.fingerprint_size <= 0)
f1d178cc
TG		 1924 /* the accepted size depends on the algorithm, but for now
1925 just ensure that the value is greater than zero */
e18a3c73 1926 return -EBADMSG;
f1d178cc 1927
8db0d2f5
ZJS		 1928 break;
1929
f91dc240
LP		 1930 case DNS_TYPE_DNSKEY:
1931 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
8db0d2f5 1932 if (r < 0)
e18a3c73 1933 return r;
8db0d2f5 1934
f91dc240 1935 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
8db0d2f5 1936 if (r < 0)
e18a3c73 1937 return r;
8db0d2f5 1938
8db0d2f5
ZJS		 1939 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
1940 if (r < 0)
e18a3c73 1941 return r;
8db0d2f5 1942
8a0f6d1f
SL		 1943 if (rdlength < 4)
1944 return -EBADMSG;
1945
f5430a3e
LP		 1946 r = dns_packet_read_memdup(p, rdlength - 4,
1947 &rr->dnskey.key, &rr->dnskey.key_size,
1948 NULL);
f1d178cc 1949
e18a3c73 1950 if (rr->dnskey.key_size <= 0)
f1d178cc
TG		 1951 /* the accepted size depends on the algorithm, but for now
1952 just ensure that the value is greater than zero */
e18a3c73 1953 return -EBADMSG;
f1d178cc 1954
42cc2eeb
LP		 1955 break;
1956
151226ab
ZJS		 1957 case DNS_TYPE_RRSIG:
1958 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
1959 if (r < 0)
e18a3c73 1960 return r;
151226ab
ZJS		 1961
1962 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
1963 if (r < 0)
e18a3c73 1964 return r;
151226ab
ZJS		 1965
1966 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
1967 if (r < 0)
e18a3c73 1968 return r;
151226ab
ZJS		 1969
1970 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
1971 if (r < 0)
e18a3c73 1972 return r;
151226ab
ZJS		 1973
1974 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
1975 if (r < 0)
e18a3c73 1976 return r;
151226ab
ZJS		 1977
1978 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
1979 if (r < 0)
e18a3c73 1980 return r;
151226ab
ZJS		 1981
1982 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
1983 if (r < 0)
e18a3c73 1984 return r;
151226ab
ZJS		 1985
1986 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
1987 if (r < 0)
e18a3c73 1988 return r;
151226ab 1989
8a0f6d1f
SL		 1990 if (rdlength + offset < p->rindex)
1991 return -EBADMSG;
1992
f5430a3e
LP		 1993 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
1994 &rr->rrsig.signature, &rr->rrsig.signature_size,
1995 NULL);
f1d178cc 1996
e18a3c73 1997 if (rr->rrsig.signature_size <= 0)
f1d178cc
TG		 1998 /* the accepted size depends on the algorithm, but for now
1999 just ensure that the value is greater than zero */
e18a3c73 2000 return -EBADMSG;
f1d178cc 2001
151226ab
ZJS		 2002 break;
2003
d84e543d
DM		 2004 case DNS_TYPE_NSEC: {
2005
2006 /*
5238e957 2007 * RFC6762, section 18.14 explicitly states mDNS should use name compression.
d84e543d
DM		 2008 * This contradicts RFC3845, section 2.1.1
2009 */
2010
2011 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
2012
2013 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
50f1e641 2014 if (r < 0)
e18a3c73 2015 return r;
50f1e641 2016
89492aaf 2017 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
89492aaf 2018
09eaf68c
TG		 2019 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
2020 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
2021 * without the NSEC bit set. */
50f1e641
TG		 2022
2023 break;
d84e543d 2024 }
5d45a880
TG		 2025 case DNS_TYPE_NSEC3: {
2026 uint8_t size;
2027
2028 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
2029 if (r < 0)
e18a3c73 2030 return r;
5d45a880
TG		 2031
2032 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
2033 if (r < 0)
e18a3c73 2034 return r;
5d45a880
TG		 2035
2036 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
2037 if (r < 0)
e18a3c73 2038 return r;
5d45a880 2039
f1d178cc 2040 /* this may be zero */
5d45a880
TG		 2041 r = dns_packet_read_uint8(p, &size, NULL);
2042 if (r < 0)
e18a3c73 2043 return r;
5d45a880 2044
f5430a3e 2045 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
5d45a880 2046 if (r < 0)
e18a3c73 2047 return r;
5d45a880 2048
5d45a880
TG		 2049 r = dns_packet_read_uint8(p, &size, NULL);
2050 if (r < 0)
e18a3c73 2051 return r;
5d45a880 2052
e18a3c73
ZJS		 2053 if (size <= 0)
2054 return -EBADMSG;
f1d178cc 2055
e18a3c73
ZJS		 2056 r = dns_packet_read_memdup(p, size,
2057 &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size,
2058 NULL);
5d45a880 2059 if (r < 0)
e18a3c73 2060 return r;
5d45a880 2061
6b9308d1 2062 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
5d45a880 2063
0bbd72b2
TG		 2064 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
2065
5d45a880
TG		 2066 break;
2067 }
d75acfb0 2068
48d45d2b
ZJS		 2069 case DNS_TYPE_TLSA:
2070 r = dns_packet_read_uint8(p, &rr->tlsa.cert_usage, NULL);
2071 if (r < 0)
e18a3c73 2072 return r;
48d45d2b
ZJS		 2073
2074 r = dns_packet_read_uint8(p, &rr->tlsa.selector, NULL);
2075 if (r < 0)
e18a3c73 2076 return r;
48d45d2b
ZJS		 2077
2078 r = dns_packet_read_uint8(p, &rr->tlsa.matching_type, NULL);
2079 if (r < 0)
e18a3c73 2080 return r;
48d45d2b 2081
8a0f6d1f
SL		 2082 if (rdlength < 3)
2083 return -EBADMSG;
2084
48d45d2b
ZJS		 2085 r = dns_packet_read_memdup(p, rdlength - 3,
2086 &rr->tlsa.data, &rr->tlsa.data_size,
2087 NULL);
e18a3c73
ZJS		 2088
2089 if (rr->tlsa.data_size <= 0)
48d45d2b
ZJS		 2090 /* the accepted size depends on the algorithm, but for now
2091 just ensure that the value is greater than zero */
e18a3c73 2092 return -EBADMSG;
48d45d2b
ZJS		 2093
2094 break;
2095
95052df3
ZJS		 2096 case DNS_TYPE_CAA:
2097 r = dns_packet_read_uint8(p, &rr->caa.flags, NULL);
2098 if (r < 0)
2099 return r;
2100
2101 r = dns_packet_read_string(p, &rr->caa.tag, NULL);
2102 if (r < 0)
2103 return r;
2104
8a0f6d1f
SL		 2105 if (rdlength + offset < p->rindex)
2106 return -EBADMSG;
2107
95052df3
ZJS		 2108 r = dns_packet_read_memdup(p,
2109 rdlength + offset - p->rindex,
2110 &rr->caa.value, &rr->caa.value_size, NULL);
48d45d2b
ZJS		 2111
2112 break;
2113
d75acfb0 2114 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
d93a16b8 2115 case DNS_TYPE_OPENPGPKEY:
74b2466e 2116 default:
52e085af 2117 unparsable:
a43a068a 2118 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.data_size, NULL);
e18a3c73 2119
74b2466e
LP		 2120 break;
2121 }
2122 if (r < 0)
e18a3c73
ZJS		 2123 return r;
2124 if (p->rindex != offset + rdlength)
2125 return -EBADMSG;
74b2466e 2126
81b4d94d
LP		 2127 if (ret)
2128 *ret = TAKE_PTR(rr);
d2579eec
LP		 2129 if (ret_cache_flush)
2130 *ret_cache_flush = cache_flush;
81b4d94d
LP		 2131 if (ret_start)
2132 *ret_start = rewinder.saved_rindex;
74b2466e 2133
81b4d94d 2134 CANCEL_REWINDER(rewinder);
74b2466e 2135 return 0;
74b2466e
LP		 2136}
2137
c3f7000e
LP		 2138static bool opt_is_good(DnsResourceRecord *rr, bool *rfc6975) {
2139 const uint8_t* p;
2140 bool found_dau_dhu_n3u = false;
2141 size_t l;
2142
2143 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2144 * a reply). */
2145
2146 assert(rr);
2147 assert(rr->key->type == DNS_TYPE_OPT);
2148
2149 /* Check that the version is 0 */
b30bf55d
LP		 2150 if (((rr->ttl >> 16) & UINT32_C(0xFF)) != 0) {
2151 *rfc6975 = false;
2152 return true; /* if it's not version 0, it's OK, but we will ignore the OPT field contents */
2153 }
c3f7000e
LP		 2154
2155 p = rr->opt.data;
a43a068a 2156 l = rr->opt.data_size;
c3f7000e
LP		 2157 while (l > 0) {
2158 uint16_t option_code, option_length;
2159
2160 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2161 if (l < 4U)
2162 return false;
2163
2164 option_code = unaligned_read_be16(p);
2165 option_length = unaligned_read_be16(p + 2);
2166
2167 if (l < option_length + 4U)
2168 return false;
2169
2170 /* RFC 6975 DAU, DHU or N3U fields found. */
2171 if (IN_SET(option_code, 5, 6, 7))
2172 found_dau_dhu_n3u = true;
2173
2174 p += option_length + 4U;
2175 l -= option_length + 4U;
2176 }
2177
2178 *rfc6975 = found_dau_dhu_n3u;
2179 return true;
2180}
2181
4a49e560 2182static int dns_packet_extract_question(DnsPacket *p, DnsQuestion **ret_question) {
faa133f3 2183 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
faa133f3 2184 unsigned n, i;
74b2466e
LP		 2185 int r;
2186
3cb10d3a 2187 n = DNS_PACKET_QDCOUNT(p);
faa133f3
LP		 2188 if (n > 0) {
2189 question = dns_question_new(n);
e18a3c73
ZJS		 2190 if (!question)
2191 return -ENOMEM;
74b2466e 2192
2d34cf0c
ZJS		 2193 _cleanup_set_free_ Set *keys = NULL; /* references to keys are kept by Question */
2194
2195 keys = set_new(&dns_resource_key_hash_ops);
2196 if (!keys)
2197 return log_oom();
2198
2199 r = set_reserve(keys, n * 2); /* Higher multipliers give slightly higher efficiency through
e9665ac2 2200 * hash collisions, but the gains quickly drop off after 2. */
2d34cf0c
ZJS		 2201 if (r < 0)
2202 return r;
2203
faa133f3
LP		 2204 for (i = 0; i < n; i++) {
2205 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
d2579eec 2206 bool cache_flush;
74b2466e 2207
d2579eec 2208 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
faa133f3 2209 if (r < 0)
e18a3c73 2210 return r;
74b2466e 2211
e18a3c73
ZJS		 2212 if (cache_flush)
2213 return -EBADMSG;
d2579eec 2214
e18a3c73
ZJS		 2215 if (!dns_type_is_valid_query(key->type))
2216 return -EBADMSG;
c463eb78 2217
2d34cf0c
ZJS		 2218 r = set_put(keys, key);
2219 if (r < 0)
2220 return r;
2221 if (r == 0)
2222 /* Already in the Question, let's skip */
2223 continue;
2224
2225 r = dns_question_add_raw(question, key);
faa133f3 2226 if (r < 0)
e18a3c73 2227 return r;
faa133f3
LP		 2228 }
2229 }
322345fd 2230
1cc6c93a
YW		 2231 *ret_question = TAKE_PTR(question);
2232
4a49e560
ZJS		 2233 return 0;
2234}
2235
2236static int dns_packet_extract_answer(DnsPacket *p, DnsAnswer **ret_answer) {
2237 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2238 unsigned n, i;
2239 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL;
2240 bool bad_opt = false;
2241 int r;
2242
faa133f3 2243 n = DNS_PACKET_RRCOUNT(p);
4a49e560
ZJS		 2244 if (n == 0)
2245 return 0;
c3f7000e 2246
4a49e560
ZJS		 2247 answer = dns_answer_new(n);
2248 if (!answer)
2249 return -ENOMEM;
322345fd 2250
4a49e560
ZJS		 2251 for (i = 0; i < n; i++) {
2252 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2253 bool cache_flush = false;
93748b26 2254 size_t start;
322345fd 2255
18674159
LP		 2256 if (p->rindex == p->size) {
2257 /* If we reached the end of the packet already, but there are still more RRs
2258 * declared, then that's a corrupt packet. Let's accept the packet anyway, since it's
2259 * apparently a common bug in routers. Let's however suppress OPT support in this
2260 * case, so that we force the rest of the logic into lowest DNS baseline support. Or
2261 * to say this differently: if the DNS server doesn't even get the RR counts right,
2262 * it's highly unlikely it gets EDNS right. */
2263 log_debug("More resource records declared in packet than included, suppressing OPT.");
2264 bad_opt = true;
2265 break;
2266 }
2267
93748b26 2268 r = dns_packet_read_rr(p, &rr, &cache_flush, &start);
4a49e560
ZJS		 2269 if (r < 0)
2270 return r;
322345fd 2271
4a49e560
ZJS		 2272 /* Try to reduce memory usage a bit */
2273 if (previous)
2274 dns_resource_key_reduce(&rr->key, &previous->key);
f57e3cd5 2275
4a49e560
ZJS		 2276 if (rr->key->type == DNS_TYPE_OPT) {
2277 bool has_rfc6975;
c3f7000e 2278
4a49e560
ZJS		 2279 if (p->opt || bad_opt) {
2280 /* Multiple OPT RRs? if so, let's ignore all, because there's
2281 * something wrong with the server, and if one is valid we wouldn't
2282 * know which one. */
2283 log_debug("Multiple OPT RRs detected, ignoring all.");
2284 bad_opt = true;
2285 continue;
2286 }
e6b57b37 2287
4a49e560
ZJS		 2288 if (!dns_name_is_root(dns_resource_key_name(rr->key))) {
2289 /* If the OPT RR is not owned by the root domain, then it is bad,
2290 * let's ignore it. */
2291 log_debug("OPT RR is not owned by root domain, ignoring.");
2292 bad_opt = true;
2293 continue;
2294 }
c3f7000e 2295
4a49e560
ZJS		 2296 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2297 /* OPT RR is in the wrong section? Some Belkin routers do this. This
2298 * is a hint the EDNS implementation is borked, like the Belkin one
2299 * is, hence ignore it. */
2300 log_debug("OPT RR in wrong section, ignoring.");
2301 bad_opt = true;
2302 continue;
2303 }
2304
2305 if (!opt_is_good(rr, &has_rfc6975)) {
2306 log_debug("Malformed OPT RR, ignoring.");
2307 bad_opt = true;
2308 continue;
2309 }
2310
2311 if (DNS_PACKET_QR(p)) {
2312 /* Additional checks for responses */
2313
d7a0f1f4 2314 if (!DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(rr))
4a49e560
ZJS		 2315 /* If this is a reply and we don't know the EDNS version
2316 * then something is weird... */
d7a0f1f4
FS		 2317 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2318 "EDNS version newer that our request, bad server.");
ff7febd5 2319
4a49e560
ZJS		 2320 if (has_rfc6975) {
2321 /* If the OPT RR contains RFC6975 algorithm data, then this
2322 * is indication that the server just copied the OPT it got
2323 * from us (which contained that data) back into the reply.
2324 * If so, then it doesn't properly support EDNS, as RFC6975
2325 * makes it very clear that the algorithm data should only
2326 * be contained in questions, never in replies. Crappy
2327 * Belkin routers copy the OPT data for example, hence let's
2328 * detect this so that we downgrade early. */
dffb8277 2329 log_debug("OPT RR contains RFC6975 data, ignoring.");
c3f7000e
LP		 2330 bad_opt = true;
2331 continue;
2332 }
4a49e560 2333 }
e6b57b37 2334
4a49e560 2335 p->opt = dns_resource_record_ref(rr);
93748b26
LP		 2336 p->opt_start = start;
2337 assert(p->rindex >= start);
2338 p->opt_size = p->rindex - start;
4a49e560 2339 } else {
fa4e74b8
LP		 2340 DnsAnswerFlags flags = 0;
2341
2342 if (p->protocol == DNS_PROTOCOL_MDNS && !cache_flush)
2343 flags |= DNS_ANSWER_SHARED_OWNER;
2344
2345 /* According to RFC 4795, section 2.9. only the RRs from the Answer section shall be
2346 * cached. Hence mark only those RRs as cacheable by default, but not the ones from
2347 * the Additional or Authority sections. */
2348 if (i < DNS_PACKET_ANCOUNT(p))
2349 flags |= DNS_ANSWER_CACHEABLE|DNS_ANSWER_SECTION_ANSWER;
2350 else if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p))
2351 flags |= DNS_ANSWER_SECTION_AUTHORITY;
2352 else
2353 flags |= DNS_ANSWER_SECTION_ADDITIONAL;
4a49e560 2354
04617bf8 2355 r = dns_answer_add(answer, rr, p->ifindex, flags, NULL);
4a49e560
ZJS		 2356 if (r < 0)
2357 return r;
2358 }
d75acfb0 2359
4a49e560
ZJS		 2360 /* Remember this RR, so that we potentically can merge it's ->key object with the
2361 * next RR. Note that we only do this if we actually decided to keep the RR around.
2362 */
2363 dns_resource_record_unref(previous);
2364 previous = dns_resource_record_ref(rr);
2365 }
105e1512 2366
18674159 2367 if (bad_opt) {
4a49e560 2368 p->opt = dns_resource_record_unref(p->opt);
18674159
LP		 2369 p->opt_start = p->opt_size = SIZE_MAX;
2370 }
105e1512 2371
1cc6c93a
YW		 2372 *ret_answer = TAKE_PTR(answer);
2373
4a49e560
ZJS		 2374 return 0;
2375}
ebc8a106 2376
4a49e560
ZJS		 2377int dns_packet_extract(DnsPacket *p) {
2378 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2379 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2380 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = {};
2381 int r;
c3f7000e 2382
4a49e560
ZJS		 2383 if (p->extracted)
2384 return 0;
2385
2386 INIT_REWINDER(rewinder, p);
2387 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2388
2389 r = dns_packet_extract_question(p, &question);
2390 if (r < 0)
2391 return r;
2392
2393 r = dns_packet_extract_answer(p, &answer);
2394 if (r < 0)
2395 return r;
322345fd 2396
894c7b77
LP		 2397 if (p->rindex < p->size) {
2398 log_debug("Trailing garbage in packet, suppressing OPT.");
2399 p->opt = dns_resource_record_unref(p->opt);
2400 p->opt_start = p->opt_size = SIZE_MAX;
2401 }
2402
1cc6c93a
YW		 2403 p->question = TAKE_PTR(question);
2404 p->answer = TAKE_PTR(answer);
322345fd 2405
a4076574
LP		 2406 p->extracted = true;
2407
e18a3c73
ZJS		 2408 /* no CANCEL, always rewind */
2409 return 0;
322345fd
LP		 2410}
2411
8af5b883
LP		 2412int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2413 int r;
2414
2415 assert(p);
2416 assert(key);
2417
2418 /* Checks if the specified packet is a reply for the specified
2419 * key and the specified key is the only one in the question
2420 * section. */
2421
2422 if (DNS_PACKET_QR(p) != 1)
2423 return 0;
2424
2425 /* Let's unpack the packet, if that hasn't happened yet. */
2426 r = dns_packet_extract(p);
2427 if (r < 0)
2428 return r;
2429
a924f43f
EV		 2430 if (!p->question)
2431 return 0;
2432
8af5b883
LP		 2433 if (p->question->n_keys != 1)
2434 return 0;
2435
2436 return dns_resource_key_equal(p->question->keys[0], key);
2437}
2438
93748b26
LP		 2439int dns_packet_patch_max_udp_size(DnsPacket *p, uint16_t max_udp_size) {
2440 assert(p);
2441 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
2442
2443 if (p->opt_start == (size_t) -1) /* No OPT section, nothing to patch */
2444 return 0;
2445
2446 assert(p->opt_size != (size_t) -1);
2447 assert(p->opt_size >= 5);
2448
2449 unaligned_write_be16(DNS_PACKET_DATA(p) + p->opt_start + 3, max_udp_size);
2450 return 1;
2451}
2452
81b4d94d
LP		 2453static int patch_rr(DnsPacket *p, usec_t age) {
2454 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
2455 size_t ttl_index;
2456 uint32_t ttl;
2457 uint16_t type, rdlength;
2458 int r;
2459
2460 INIT_REWINDER(rewinder, p);
2461
0f1f933b 2462 /* Patches the RR at the current rindex, subtracts the specified time from the TTL */
81b4d94d
LP		 2463
2464 r = dns_packet_read_name(p, NULL, true, NULL);
2465 if (r < 0)
2466 return r;
2467
2468 r = dns_packet_read_uint16(p, &type, NULL);
2469 if (r < 0)
2470 return r;
2471
2472 r = dns_packet_read_uint16(p, NULL, NULL);
2473 if (r < 0)
2474 return r;
2475
2476 r = dns_packet_read_uint32(p, &ttl, &ttl_index);
2477 if (r < 0)
2478 return r;
2479
2480 if (type != DNS_TYPE_OPT) { /* The TTL of the OPT field is not actually a TTL, skip it */
2481 ttl = LESS_BY(ttl * USEC_PER_SEC, age) / USEC_PER_SEC;
2482 unaligned_write_be32(DNS_PACKET_DATA(p) + ttl_index, ttl);
2483 }
2484
2485 r = dns_packet_read_uint16(p, &rdlength, NULL);
2486 if (r < 0)
2487 return r;
2488
2489 r = dns_packet_read(p, rdlength, NULL, NULL);
2490 if (r < 0)
2491 return r;
2492
2493 CANCEL_REWINDER(rewinder);
2494 return 0;
2495}
2496
2497int dns_packet_patch_ttls(DnsPacket *p, usec_t timestamp) {
2498 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = {};
2499 unsigned i, n;
2500 usec_t k;
2501 int r;
2502
2503 assert(p);
2504 assert(timestamp_is_set(timestamp));
2505
2506 /* Adjusts all TTLs in the packet by subtracting the time difference between now and the specified timestamp */
2507
2508 k = now(clock_boottime_or_monotonic());
2509 assert(k >= timestamp);
2510 k -= timestamp;
2511
2512 INIT_REWINDER(rewinder, p);
2513
2514 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2515
2516 n = DNS_PACKET_QDCOUNT(p);
2517 for (i = 0; i < n; i++) {
2518 r = dns_packet_read_key(p, NULL, NULL, NULL);
2519 if (r < 0)
2520 return r;
2521 }
2522
2523 n = DNS_PACKET_RRCOUNT(p);
2524 for (i = 0; i < n; i++) {
2525
2526 /* DNS servers suck, hence the RR count is in many servers off. If we reached the end
2527 * prematurely, accept that, exit early */
2528 if (p->rindex == p->size)
2529 break;
2530
2531 r = patch_rr(p, k);
2532 if (r < 0)
2533 return r;
2534 }
2535
2536 return 0;
2537}
2538
7a08d314 2539static void dns_packet_hash_func(const DnsPacket *s, struct siphash *state) {
98767d75
IT		 2540 assert(s);
2541
2542 siphash24_compress(&s->size, sizeof(s->size), state);
2543 siphash24_compress(DNS_PACKET_DATA((DnsPacket*) s), s->size, state);
2544}
2545
7a08d314 2546static int dns_packet_compare_func(const DnsPacket *x, const DnsPacket *y) {
a0edd02e 2547 int r;
98767d75 2548
a0edd02e
FB		 2549 r = CMP(x->size, y->size);
2550 if (r != 0)
2551 return r;
98767d75
IT		 2552
2553 return memcmp(DNS_PACKET_DATA((DnsPacket*) x), DNS_PACKET_DATA((DnsPacket*) y), x->size);
2554}
2555
7a08d314 2556DEFINE_HASH_OPS(dns_packet_hash_ops, DnsPacket, dns_packet_hash_func, dns_packet_compare_func);
98767d75 2557
a9fd8837
LP		 2558bool dns_packet_equal(const DnsPacket *a, const DnsPacket *b) {
2559 return dns_packet_compare_func(a, b) == 0;
2560}
2561
74b2466e
LP		 2562static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
2563 [DNS_RCODE_SUCCESS] = "SUCCESS",
2564 [DNS_RCODE_FORMERR] = "FORMERR",
2565 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2566 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2567 [DNS_RCODE_NOTIMP] = "NOTIMP",
2568 [DNS_RCODE_REFUSED] = "REFUSED",
2569 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2570 [DNS_RCODE_YXRRSET] = "YRRSET",
2571 [DNS_RCODE_NXRRSET] = "NXRRSET",
2572 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2573 [DNS_RCODE_NOTZONE] = "NOTZONE",
2574 [DNS_RCODE_BADVERS] = "BADVERS",
2575 [DNS_RCODE_BADKEY] = "BADKEY",
2576 [DNS_RCODE_BADTIME] = "BADTIME",
2577 [DNS_RCODE_BADMODE] = "BADMODE",
2578 [DNS_RCODE_BADNAME] = "BADNAME",
2579 [DNS_RCODE_BADALG] = "BADALG",
2580 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
6f21e066 2581 [DNS_RCODE_BADCOOKIE] = "BADCOOKIE",
74b2466e
LP		 2582};
2583DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
1716f6dc
LP		 2584
2585static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
2586 [DNS_PROTOCOL_DNS] = "dns",
2587 [DNS_PROTOCOL_MDNS] = "mdns",
2588 [DNS_PROTOCOL_LLMNR] = "llmnr",
2589};
2590DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.