]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #30661 from rpigott/resolved-https-record
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_GCRYPT
4 # include <gcrypt.h>
5 #endif
6
7 #include "alloc-util.h"
8 #include "dns-domain.h"
9 #include "escape.h"
10 #include "memory-util.h"
11 #include "resolved-dns-packet.h"
12 #include "set.h"
13 #include "stdio-util.h"
14 #include "string-table.h"
15 #include "strv.h"
16 #include "unaligned.h"
17 #include "utf8.h"
18
19 #define EDNS0_OPT_DO (1<<15)
20
21 assert_cc(DNS_PACKET_SIZE_START > DNS_PACKET_HEADER_SIZE);
22
23 typedef struct DnsPacketRewinder {
24 DnsPacket *packet;
25 size_t saved_rindex;
26 } DnsPacketRewinder;
27
28 static void rewind_dns_packet(DnsPacketRewinder *rewinder) {
29 if (rewinder->packet)
30 dns_packet_rewind(rewinder->packet, rewinder->saved_rindex);
31 }
32
33 #define REWINDER_INIT(p) { \
34 .packet = (p), \
35 .saved_rindex = (p)->rindex, \
36 }
37 #define CANCEL_REWINDER(rewinder) do { (rewinder).packet = NULL; } while (0)
38
39 int dns_packet_new(
40 DnsPacket **ret,
41 DnsProtocol protocol,
42 size_t min_alloc_dsize,
43 size_t max_size) {
44
45 DnsPacket *p;
46 size_t a;
47
48 assert(ret);
49 assert(max_size >= DNS_PACKET_HEADER_SIZE);
50
51 if (max_size > DNS_PACKET_SIZE_MAX)
52 max_size = DNS_PACKET_SIZE_MAX;
53
54 /* The caller may not check what is going to be truly allocated, so do not allow to
55 * allocate a DNS packet bigger than DNS_PACKET_SIZE_MAX.
56 */
57 if (min_alloc_dsize > DNS_PACKET_SIZE_MAX)
58 return log_error_errno(SYNTHETIC_ERRNO(EFBIG),
59 "Requested packet data size too big: %zu",
60 min_alloc_dsize);
61
62 /* When dns_packet_new() is called with min_alloc_dsize == 0, allocate more than the
63 * absolute minimum (which is the dns packet header size), to avoid
64 * resizing immediately again after appending the first data to the packet.
65 */
66 if (min_alloc_dsize < DNS_PACKET_HEADER_SIZE)
67 a = DNS_PACKET_SIZE_START;
68 else
69 a = min_alloc_dsize;
70
71 /* round up to next page size */
72 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
73
74 /* make sure we never allocate more than useful */
75 if (a > max_size)
76 a = max_size;
77
78 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
79 if (!p)
80 return -ENOMEM;
81
82 *p = (DnsPacket) {
83 .n_ref = 1,
84 .protocol = protocol,
85 .size = DNS_PACKET_HEADER_SIZE,
86 .rindex = DNS_PACKET_HEADER_SIZE,
87 .allocated = a,
88 .max_size = max_size,
89 .opt_start = SIZE_MAX,
90 .opt_size = SIZE_MAX,
91 };
92
93 *ret = p;
94
95 return 0;
96 }
97
98 void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
99
100 DnsPacketHeader *h;
101
102 assert(p);
103
104 h = DNS_PACKET_HEADER(p);
105
106 switch (p->protocol) {
107 case DNS_PROTOCOL_LLMNR:
108 assert(!truncated);
109
110 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
111 0 /* opcode */,
112 0 /* c */,
113 0 /* tc */,
114 0 /* t */,
115 0 /* ra */,
116 0 /* ad */,
117 0 /* cd */,
118 0 /* rcode */));
119 break;
120
121 case DNS_PROTOCOL_MDNS:
122 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
123 0 /* opcode */,
124 0 /* aa */,
125 truncated /* tc */,
126 0 /* rd (ask for recursion) */,
127 0 /* ra */,
128 0 /* ad */,
129 0 /* cd */,
130 0 /* rcode */));
131 break;
132
133 default:
134 assert(!truncated);
135
136 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
137 0 /* opcode */,
138 0 /* aa */,
139 0 /* tc */,
140 1 /* rd (ask for recursion) */,
141 0 /* ra */,
142 0 /* ad */,
143 dnssec_checking_disabled /* cd */,
144 0 /* rcode */));
145 }
146 }
147
148 int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t min_alloc_dsize, bool dnssec_checking_disabled) {
149 DnsPacket *p;
150 int r;
151
152 assert(ret);
153
154 r = dns_packet_new(&p, protocol, min_alloc_dsize, DNS_PACKET_SIZE_MAX);
155 if (r < 0)
156 return r;
157
158 /* Always set the TC bit to 0 initially.
159 * If there are multiple packets later, we'll update the bit shortly before sending.
160 */
161 dns_packet_set_flags(p, dnssec_checking_disabled, false);
162
163 *ret = p;
164 return 0;
165 }
166
167 int dns_packet_dup(DnsPacket **ret, DnsPacket *p) {
168 DnsPacket *c;
169 int r;
170
171 assert(ret);
172 assert(p);
173
174 r = dns_packet_validate(p);
175 if (r < 0)
176 return r;
177
178 c = malloc(ALIGN(sizeof(DnsPacket)) + p->size);
179 if (!c)
180 return -ENOMEM;
181
182 *c = (DnsPacket) {
183 .n_ref = 1,
184 .protocol = p->protocol,
185 .size = p->size,
186 .rindex = DNS_PACKET_HEADER_SIZE,
187 .allocated = p->size,
188 .max_size = p->max_size,
189 .opt_start = SIZE_MAX,
190 .opt_size = SIZE_MAX,
191 };
192
193 memcpy(DNS_PACKET_DATA(c), DNS_PACKET_DATA(p), p->size);
194
195 *ret = c;
196 return 0;
197 }
198
199 DnsPacket *dns_packet_ref(DnsPacket *p) {
200
201 if (!p)
202 return NULL;
203
204 assert(!p->on_stack);
205
206 assert(p->n_ref > 0);
207 p->n_ref++;
208 return p;
209 }
210
211 static void dns_packet_free(DnsPacket *p) {
212 char *s;
213
214 assert(p);
215
216 dns_question_unref(p->question);
217 dns_answer_unref(p->answer);
218 dns_resource_record_unref(p->opt);
219
220 while ((s = hashmap_steal_first_key(p->names)))
221 free(s);
222 hashmap_free(p->names);
223
224 free(p->_data);
225
226 if (!p->on_stack)
227 free(p);
228 }
229
230 DnsPacket *dns_packet_unref(DnsPacket *p) {
231 if (!p)
232 return NULL;
233
234 assert(p->n_ref > 0);
235
236 dns_packet_unref(p->more);
237
238 if (p->n_ref == 1)
239 dns_packet_free(p);
240 else
241 p->n_ref--;
242
243 return NULL;
244 }
245
246 int dns_packet_validate(DnsPacket *p) {
247 assert(p);
248
249 if (p->size < DNS_PACKET_HEADER_SIZE)
250 return -EBADMSG;
251
252 if (p->size > DNS_PACKET_SIZE_MAX)
253 return -EBADMSG;
254
255 return 1;
256 }
257
258 int dns_packet_validate_reply(DnsPacket *p) {
259 int r;
260
261 assert(p);
262
263 r = dns_packet_validate(p);
264 if (r < 0)
265 return r;
266
267 if (DNS_PACKET_QR(p) != 1)
268 return 0;
269
270 if (DNS_PACKET_OPCODE(p) != 0)
271 return -EBADMSG;
272
273 switch (p->protocol) {
274
275 case DNS_PROTOCOL_LLMNR:
276 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
277 if (DNS_PACKET_QDCOUNT(p) != 1)
278 return -EBADMSG;
279
280 break;
281
282 case DNS_PROTOCOL_MDNS:
283 /* RFC 6762, Section 18 */
284 if (DNS_PACKET_RCODE(p) != 0)
285 return -EBADMSG;
286
287 break;
288
289 default:
290 break;
291 }
292
293 return 1;
294 }
295
296 int dns_packet_validate_query(DnsPacket *p) {
297 int r;
298
299 assert(p);
300
301 r = dns_packet_validate(p);
302 if (r < 0)
303 return r;
304
305 if (DNS_PACKET_QR(p) != 0)
306 return 0;
307
308 if (DNS_PACKET_OPCODE(p) != 0)
309 return -EBADMSG;
310
311 switch (p->protocol) {
312
313 case DNS_PROTOCOL_DNS:
314 if (DNS_PACKET_TC(p))
315 return -EBADMSG;
316
317 if (DNS_PACKET_QDCOUNT(p) != 1)
318 return -EBADMSG;
319
320 if (DNS_PACKET_ANCOUNT(p) > 0)
321 return -EBADMSG;
322
323 /* Note, in most cases, DNS query packet does not have authority section. But some query
324 * types, e.g. IXFR, have Authority sections. Hence, unlike the check for LLMNR, we do not
325 * check DNS_PACKET_NSCOUNT(p) here. */
326 break;
327
328 case DNS_PROTOCOL_LLMNR:
329 if (DNS_PACKET_TC(p))
330 return -EBADMSG;
331
332 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
333 if (DNS_PACKET_QDCOUNT(p) != 1)
334 return -EBADMSG;
335
336 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
337 if (DNS_PACKET_ANCOUNT(p) > 0)
338 return -EBADMSG;
339
340 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
341 if (DNS_PACKET_NSCOUNT(p) > 0)
342 return -EBADMSG;
343
344 break;
345
346 case DNS_PROTOCOL_MDNS:
347 /* Note, mDNS query may have truncation flag. So, unlike the check for DNS and LLMNR,
348 * we do not check DNS_PACKET_TC(p) here. */
349
350 /* RFC 6762, Section 18 specifies that messages with non-zero RCODE
351 * must be silently ignored, and that we must ignore the values of
352 * AA, RD, RA, AD, and CD bits. */
353 if (DNS_PACKET_RCODE(p) != 0)
354 return -EBADMSG;
355
356 break;
357
358 default:
359 break;
360 }
361
362 return 1;
363 }
364
365 static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
366 assert(p);
367
368 if (p->size + add > p->allocated) {
369 size_t a, ms;
370
371 a = PAGE_ALIGN((p->size + add) * 2);
372
373 ms = dns_packet_size_max(p);
374 if (a > ms)
375 a = ms;
376
377 if (p->size + add > a)
378 return -EMSGSIZE;
379
380 if (p->_data) {
381 void *d;
382
383 d = realloc(p->_data, a);
384 if (!d)
385 return -ENOMEM;
386
387 p->_data = d;
388 } else {
389 p->_data = malloc(a);
390 if (!p->_data)
391 return -ENOMEM;
392
393 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
394 memzero((uint8_t*) p->_data + p->size, a - p->size);
395 }
396
397 p->allocated = a;
398 }
399
400 if (start)
401 *start = p->size;
402
403 if (ret)
404 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
405
406 p->size += add;
407 return 0;
408 }
409
410 void dns_packet_truncate(DnsPacket *p, size_t sz) {
411 char *s;
412 void *n;
413
414 assert(p);
415
416 if (p->size <= sz)
417 return;
418
419 HASHMAP_FOREACH_KEY(n, s, p->names) {
420
421 if (PTR_TO_SIZE(n) < sz)
422 continue;
423
424 hashmap_remove(p->names, s);
425 free(s);
426 }
427
428 p->size = sz;
429 }
430
431 int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
432 void *q;
433 int r;
434
435 assert(p);
436
437 r = dns_packet_extend(p, l, &q, start);
438 if (r < 0)
439 return r;
440
441 memcpy_safe(q, d, l);
442 return 0;
443 }
444
445 int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
446 void *d;
447 int r;
448
449 assert(p);
450
451 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
452 if (r < 0)
453 return r;
454
455 ((uint8_t*) d)[0] = v;
456
457 return 0;
458 }
459
460 int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
461 void *d;
462 int r;
463
464 assert(p);
465
466 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
467 if (r < 0)
468 return r;
469
470 unaligned_write_be16(d, v);
471
472 return 0;
473 }
474
475 int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
476 void *d;
477 int r;
478
479 assert(p);
480
481 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
482 if (r < 0)
483 return r;
484
485 unaligned_write_be32(d, v);
486
487 return 0;
488 }
489
490 int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
491 assert(p);
492 assert(s);
493
494 return dns_packet_append_raw_string(p, s, strlen(s), start);
495 }
496
497 int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
498 void *d;
499 int r;
500
501 assert(p);
502 assert(s || size == 0);
503
504 if (size > 255)
505 return -E2BIG;
506
507 r = dns_packet_extend(p, 1 + size, &d, start);
508 if (r < 0)
509 return r;
510
511 ((uint8_t*) d)[0] = (uint8_t) size;
512
513 memcpy_safe(((uint8_t*) d) + 1, s, size);
514
515 return 0;
516 }
517
518 int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
519 uint8_t *w;
520 int r;
521
522 /* Append a label to a packet. Optionally, does this in DNSSEC
523 * canonical form, if this label is marked as a candidate for
524 * it, and the canonical form logic is enabled for the
525 * packet */
526
527 assert(p);
528 assert(d);
529
530 if (l > DNS_LABEL_MAX)
531 return -E2BIG;
532
533 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
534 if (r < 0)
535 return r;
536
537 *(w++) = (uint8_t) l;
538
539 if (p->canonical_form && canonical_candidate)
540 /* Generate in canonical form, as defined by DNSSEC
541 * RFC 4034, Section 6.2, i.e. all lower-case. */
542 for (size_t i = 0; i < l; i++)
543 w[i] = (uint8_t) ascii_tolower(d[i]);
544 else
545 /* Otherwise, just copy the string unaltered. This is
546 * essential for DNS-SD, where the casing of labels
547 * matters and needs to be retained. */
548 memcpy(w, d, l);
549
550 return 0;
551 }
552
553 int dns_packet_append_name(
554 DnsPacket *p,
555 const char *name,
556 bool allow_compression,
557 bool canonical_candidate,
558 size_t *start) {
559
560 size_t saved_size;
561 int r;
562
563 assert(p);
564 assert(name);
565
566 if (p->refuse_compression)
567 allow_compression = false;
568
569 saved_size = p->size;
570
571 while (!dns_name_is_root(name)) {
572 const char *z = name;
573 char label[DNS_LABEL_MAX+1];
574 size_t n = 0;
575
576 if (allow_compression)
577 n = PTR_TO_SIZE(hashmap_get(p->names, name));
578 if (n > 0) {
579 assert(n < p->size);
580
581 if (n < 0x4000) {
582 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
583 if (r < 0)
584 goto fail;
585
586 goto done;
587 }
588 }
589
590 r = dns_label_unescape(&name, label, sizeof label, 0);
591 if (r < 0)
592 goto fail;
593
594 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
595 if (r < 0)
596 goto fail;
597
598 if (allow_compression) {
599 _cleanup_free_ char *s = NULL;
600
601 s = strdup(z);
602 if (!s) {
603 r = -ENOMEM;
604 goto fail;
605 }
606
607 r = hashmap_ensure_put(&p->names, &dns_name_hash_ops, s, SIZE_TO_PTR(n));
608 if (r < 0)
609 goto fail;
610
611 TAKE_PTR(s);
612 }
613 }
614
615 r = dns_packet_append_uint8(p, 0, NULL);
616 if (r < 0)
617 return r;
618
619 done:
620 if (start)
621 *start = saved_size;
622
623 return 0;
624
625 fail:
626 dns_packet_truncate(p, saved_size);
627 return r;
628 }
629
630 int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, const DnsAnswerFlags flags, size_t *start) {
631 size_t saved_size;
632 uint16_t class;
633 int r;
634
635 assert(p);
636 assert(k);
637
638 saved_size = p->size;
639
640 r = dns_packet_append_name(p, dns_resource_key_name(k), true, true, NULL);
641 if (r < 0)
642 goto fail;
643
644 r = dns_packet_append_uint16(p, k->type, NULL);
645 if (r < 0)
646 goto fail;
647
648 class = flags & DNS_ANSWER_CACHE_FLUSH ? k->class | MDNS_RR_CACHE_FLUSH_OR_QU : k->class;
649 r = dns_packet_append_uint16(p, class, NULL);
650 if (r < 0)
651 goto fail;
652
653 if (start)
654 *start = saved_size;
655
656 return 0;
657
658 fail:
659 dns_packet_truncate(p, saved_size);
660 return r;
661 }
662
663 static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
664 size_t saved_size;
665 int r;
666
667 assert(p);
668 assert(types);
669 assert(length > 0);
670
671 saved_size = p->size;
672
673 r = dns_packet_append_uint8(p, window, NULL);
674 if (r < 0)
675 goto fail;
676
677 r = dns_packet_append_uint8(p, length, NULL);
678 if (r < 0)
679 goto fail;
680
681 r = dns_packet_append_blob(p, types, length, NULL);
682 if (r < 0)
683 goto fail;
684
685 if (start)
686 *start = saved_size;
687
688 return 0;
689 fail:
690 dns_packet_truncate(p, saved_size);
691 return r;
692 }
693
694 static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
695 uint8_t window = 0;
696 uint8_t entry = 0;
697 uint8_t bitmaps[32] = {};
698 unsigned n;
699 size_t saved_size;
700 int r;
701
702 assert(p);
703
704 saved_size = p->size;
705
706 BITMAP_FOREACH(n, types) {
707 assert(n <= 0xffff);
708
709 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
710 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
711 if (r < 0)
712 goto fail;
713
714 zero(bitmaps);
715 }
716
717 window = n >> 8;
718 entry = n & 255;
719
720 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
721 }
722
723 if (bitmaps[entry / 8] != 0) {
724 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
725 if (r < 0)
726 goto fail;
727 }
728
729 if (start)
730 *start = saved_size;
731
732 return 0;
733 fail:
734 dns_packet_truncate(p, saved_size);
735 return r;
736 }
737
738 /* Append the OPT pseudo-RR described in RFC6891 */
739 int dns_packet_append_opt(
740 DnsPacket *p,
741 uint16_t max_udp_size,
742 bool edns0_do,
743 bool include_rfc6975,
744 const char *nsid,
745 int rcode,
746 size_t *ret_start) {
747
748 size_t saved_size;
749 int r;
750
751 assert(p);
752 /* we must never advertise supported packet size smaller than the legacy max */
753 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
754 assert(rcode >= 0);
755 assert(rcode <= _DNS_RCODE_MAX);
756
757 if (p->opt_start != SIZE_MAX)
758 return -EBUSY;
759
760 assert(p->opt_size == SIZE_MAX);
761
762 saved_size = p->size;
763
764 /* empty name */
765 r = dns_packet_append_uint8(p, 0, NULL);
766 if (r < 0)
767 return r;
768
769 /* type */
770 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
771 if (r < 0)
772 goto fail;
773
774 /* class: maximum udp packet that can be received */
775 r = dns_packet_append_uint16(p, max_udp_size, NULL);
776 if (r < 0)
777 goto fail;
778
779 /* extended RCODE and VERSION */
780 r = dns_packet_append_uint16(p, ((uint16_t) rcode & 0x0FF0) << 4, NULL);
781 if (r < 0)
782 goto fail;
783
784 /* flags: DNSSEC OK (DO), see RFC3225 */
785 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
786 if (r < 0)
787 goto fail;
788
789 if (edns0_do && include_rfc6975) {
790 /* If DO is on and this is requested, also append RFC6975 Algorithm data. This is supposed to
791 * be done on queries, not on replies, hencer callers should turn this off when finishing off
792 * replies. */
793
794 static const uint8_t rfc6975[] = {
795
796 0, DNS_EDNS_OPT_DAU, /* OPTION_CODE */
797 #if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
798 0, 7, /* LIST_LENGTH */
799 #else
800 0, 6, /* LIST_LENGTH */
801 #endif
802 DNSSEC_ALGORITHM_RSASHA1,
803 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
804 DNSSEC_ALGORITHM_RSASHA256,
805 DNSSEC_ALGORITHM_RSASHA512,
806 DNSSEC_ALGORITHM_ECDSAP256SHA256,
807 DNSSEC_ALGORITHM_ECDSAP384SHA384,
808 #if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
809 DNSSEC_ALGORITHM_ED25519,
810 #endif
811
812 0, DNS_EDNS_OPT_DHU, /* OPTION_CODE */
813 0, 3, /* LIST_LENGTH */
814 DNSSEC_DIGEST_SHA1,
815 DNSSEC_DIGEST_SHA256,
816 DNSSEC_DIGEST_SHA384,
817
818 0, DNS_EDNS_OPT_N3U, /* OPTION_CODE */
819 0, 1, /* LIST_LENGTH */
820 NSEC3_ALGORITHM_SHA1,
821 };
822
823 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL); /* RDLENGTH */
824 if (r < 0)
825 goto fail;
826
827 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL); /* the payload, as defined above */
828
829 } else if (nsid) {
830
831 if (strlen(nsid) > UINT16_MAX - 4) {
832 r = -E2BIG;
833 goto fail;
834 }
835
836 r = dns_packet_append_uint16(p, 4 + strlen(nsid), NULL); /* RDLENGTH */
837 if (r < 0)
838 goto fail;
839
840 r = dns_packet_append_uint16(p, 3, NULL); /* OPTION-CODE: NSID */
841 if (r < 0)
842 goto fail;
843
844 r = dns_packet_append_uint16(p, strlen(nsid), NULL); /* OPTION-LENGTH */
845 if (r < 0)
846 goto fail;
847
848 r = dns_packet_append_blob(p, nsid, strlen(nsid), NULL);
849 } else
850 r = dns_packet_append_uint16(p, 0, NULL);
851 if (r < 0)
852 goto fail;
853
854 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
855
856 p->opt_start = saved_size;
857 p->opt_size = p->size - saved_size;
858
859 if (ret_start)
860 *ret_start = saved_size;
861
862 return 0;
863
864 fail:
865 dns_packet_truncate(p, saved_size);
866 return r;
867 }
868
869 int dns_packet_truncate_opt(DnsPacket *p) {
870 assert(p);
871
872 if (p->opt_start == SIZE_MAX) {
873 assert(p->opt_size == SIZE_MAX);
874 return 0;
875 }
876
877 assert(p->opt_size != SIZE_MAX);
878 assert(DNS_PACKET_ARCOUNT(p) > 0);
879
880 if (p->opt_start + p->opt_size != p->size)
881 return -EBUSY;
882
883 dns_packet_truncate(p, p->opt_start);
884 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
885 p->opt_start = p->opt_size = SIZE_MAX;
886
887 return 1;
888 }
889
890 int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, const DnsAnswerFlags flags, size_t *start, size_t *rdata_start) {
891
892 size_t saved_size, rdlength_offset, end, rdlength, rds;
893 uint32_t ttl;
894 int r;
895
896 assert(p);
897 assert(rr);
898
899 saved_size = p->size;
900
901 r = dns_packet_append_key(p, rr->key, flags, NULL);
902 if (r < 0)
903 goto fail;
904
905 ttl = flags & DNS_ANSWER_GOODBYE ? 0 : rr->ttl;
906 r = dns_packet_append_uint32(p, ttl, NULL);
907 if (r < 0)
908 goto fail;
909
910 /* Initially we write 0 here */
911 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
912 if (r < 0)
913 goto fail;
914
915 rds = p->size - saved_size;
916
917 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
918
919 case DNS_TYPE_SRV:
920 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
921 if (r < 0)
922 goto fail;
923
924 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
925 if (r < 0)
926 goto fail;
927
928 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
929 if (r < 0)
930 goto fail;
931
932 /* RFC 2782 states "Unless and until permitted by future standards action, name compression
933 * is not to be used for this field." Hence we turn off compression here. */
934 r = dns_packet_append_name(p, rr->srv.name, /* allow_compression= */ false, /* canonical_candidate= */ true, NULL);
935 break;
936
937 case DNS_TYPE_PTR:
938 case DNS_TYPE_NS:
939 case DNS_TYPE_CNAME:
940 case DNS_TYPE_DNAME:
941 r = dns_packet_append_name(p, rr->ptr.name, true, true, NULL);
942 break;
943
944 case DNS_TYPE_HINFO:
945 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
946 if (r < 0)
947 goto fail;
948
949 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
950 break;
951
952 case DNS_TYPE_SPF: /* exactly the same as TXT */
953 case DNS_TYPE_TXT:
954
955 if (!rr->txt.items) {
956 /* RFC 6763, section 6.1 suggests to generate
957 * single empty string for an empty array. */
958
959 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
960 if (r < 0)
961 goto fail;
962 } else
963 LIST_FOREACH(items, i, rr->txt.items) {
964 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
965 if (r < 0)
966 goto fail;
967 }
968
969 r = 0;
970 break;
971
972 case DNS_TYPE_A:
973 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
974 break;
975
976 case DNS_TYPE_AAAA:
977 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
978 break;
979
980 case DNS_TYPE_SOA:
981 r = dns_packet_append_name(p, rr->soa.mname, true, true, NULL);
982 if (r < 0)
983 goto fail;
984
985 r = dns_packet_append_name(p, rr->soa.rname, true, true, NULL);
986 if (r < 0)
987 goto fail;
988
989 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
990 if (r < 0)
991 goto fail;
992
993 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
994 if (r < 0)
995 goto fail;
996
997 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
998 if (r < 0)
999 goto fail;
1000
1001 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
1002 if (r < 0)
1003 goto fail;
1004
1005 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
1006 break;
1007
1008 case DNS_TYPE_MX:
1009 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
1010 if (r < 0)
1011 goto fail;
1012
1013 r = dns_packet_append_name(p, rr->mx.exchange, true, true, NULL);
1014 break;
1015
1016 case DNS_TYPE_LOC:
1017 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
1018 if (r < 0)
1019 goto fail;
1020
1021 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
1022 if (r < 0)
1023 goto fail;
1024
1025 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
1026 if (r < 0)
1027 goto fail;
1028
1029 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
1030 if (r < 0)
1031 goto fail;
1032
1033 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
1034 if (r < 0)
1035 goto fail;
1036
1037 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
1038 if (r < 0)
1039 goto fail;
1040
1041 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
1042 break;
1043
1044 case DNS_TYPE_DS:
1045 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
1046 if (r < 0)
1047 goto fail;
1048
1049 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
1050 if (r < 0)
1051 goto fail;
1052
1053 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
1054 if (r < 0)
1055 goto fail;
1056
1057 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
1058 break;
1059
1060 case DNS_TYPE_SSHFP:
1061 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
1062 if (r < 0)
1063 goto fail;
1064
1065 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
1066 if (r < 0)
1067 goto fail;
1068
1069 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
1070 break;
1071
1072 case DNS_TYPE_DNSKEY:
1073 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
1074 if (r < 0)
1075 goto fail;
1076
1077 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
1078 if (r < 0)
1079 goto fail;
1080
1081 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
1082 if (r < 0)
1083 goto fail;
1084
1085 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
1086 break;
1087
1088 case DNS_TYPE_RRSIG:
1089 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
1090 if (r < 0)
1091 goto fail;
1092
1093 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
1094 if (r < 0)
1095 goto fail;
1096
1097 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
1098 if (r < 0)
1099 goto fail;
1100
1101 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
1102 if (r < 0)
1103 goto fail;
1104
1105 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
1106 if (r < 0)
1107 goto fail;
1108
1109 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1110 if (r < 0)
1111 goto fail;
1112
1113 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
1114 if (r < 0)
1115 goto fail;
1116
1117 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
1118 if (r < 0)
1119 goto fail;
1120
1121 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1122 break;
1123
1124 case DNS_TYPE_NSEC:
1125 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
1126 if (r < 0)
1127 goto fail;
1128
1129 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1130 if (r < 0)
1131 goto fail;
1132
1133 break;
1134
1135 case DNS_TYPE_NSEC3:
1136 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1137 if (r < 0)
1138 goto fail;
1139
1140 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1141 if (r < 0)
1142 goto fail;
1143
1144 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1145 if (r < 0)
1146 goto fail;
1147
1148 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1149 if (r < 0)
1150 goto fail;
1151
1152 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1153 if (r < 0)
1154 goto fail;
1155
1156 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1157 if (r < 0)
1158 goto fail;
1159
1160 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1161 if (r < 0)
1162 goto fail;
1163
1164 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1165 if (r < 0)
1166 goto fail;
1167
1168 break;
1169
1170 case DNS_TYPE_TLSA:
1171 r = dns_packet_append_uint8(p, rr->tlsa.cert_usage, NULL);
1172 if (r < 0)
1173 goto fail;
1174
1175 r = dns_packet_append_uint8(p, rr->tlsa.selector, NULL);
1176 if (r < 0)
1177 goto fail;
1178
1179 r = dns_packet_append_uint8(p, rr->tlsa.matching_type, NULL);
1180 if (r < 0)
1181 goto fail;
1182
1183 r = dns_packet_append_blob(p, rr->tlsa.data, rr->tlsa.data_size, NULL);
1184 break;
1185
1186 case DNS_TYPE_SVCB:
1187 case DNS_TYPE_HTTPS:
1188 r = dns_packet_append_uint16(p, rr->svcb.priority, NULL);
1189 if (r < 0)
1190 goto fail;
1191
1192 r = dns_packet_append_name(p, rr->svcb.target_name, false, false, NULL);
1193 if (r < 0)
1194 goto fail;
1195
1196 LIST_FOREACH(params, i, rr->svcb.params) {
1197 r = dns_packet_append_uint16(p, i->key, NULL);
1198 if (r < 0)
1199 goto fail;
1200
1201 r = dns_packet_append_uint16(p, i->length, NULL);
1202 if (r < 0)
1203 goto fail;
1204
1205 r = dns_packet_append_blob(p, i->value, i->length, NULL);
1206 if (r < 0)
1207 goto fail;
1208 }
1209 break;
1210
1211 case DNS_TYPE_CAA:
1212 r = dns_packet_append_uint8(p, rr->caa.flags, NULL);
1213 if (r < 0)
1214 goto fail;
1215
1216 r = dns_packet_append_string(p, rr->caa.tag, NULL);
1217 if (r < 0)
1218 goto fail;
1219
1220 r = dns_packet_append_blob(p, rr->caa.value, rr->caa.value_size, NULL);
1221 break;
1222
1223 case DNS_TYPE_OPT:
1224 case DNS_TYPE_OPENPGPKEY:
1225 case _DNS_TYPE_INVALID: /* unparsable */
1226 default:
1227
1228 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.data_size, NULL);
1229 break;
1230 }
1231 if (r < 0)
1232 goto fail;
1233
1234 /* Let's calculate the actual data size and update the field */
1235 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1236 if (rdlength > 0xFFFF) {
1237 r = -ENOSPC;
1238 goto fail;
1239 }
1240
1241 end = p->size;
1242 p->size = rdlength_offset;
1243 r = dns_packet_append_uint16(p, rdlength, NULL);
1244 if (r < 0)
1245 goto fail;
1246 p->size = end;
1247
1248 if (start)
1249 *start = saved_size;
1250
1251 if (rdata_start)
1252 *rdata_start = rds;
1253
1254 return 0;
1255
1256 fail:
1257 dns_packet_truncate(p, saved_size);
1258 return r;
1259 }
1260
1261 int dns_packet_append_question(DnsPacket *p, DnsQuestion *q) {
1262 DnsResourceKey *key;
1263 int r;
1264
1265 assert(p);
1266
1267 DNS_QUESTION_FOREACH(key, q) {
1268 r = dns_packet_append_key(p, key, 0, NULL);
1269 if (r < 0)
1270 return r;
1271 }
1272
1273 return 0;
1274 }
1275
1276 int dns_packet_append_answer(DnsPacket *p, DnsAnswer *a, unsigned *completed) {
1277 DnsResourceRecord *rr;
1278 DnsAnswerFlags flags;
1279 int r;
1280
1281 assert(p);
1282
1283 DNS_ANSWER_FOREACH_FLAGS(rr, flags, a) {
1284 r = dns_packet_append_rr(p, rr, flags, NULL, NULL);
1285 if (r < 0)
1286 return r;
1287
1288 if (completed)
1289 (*completed)++;
1290 }
1291
1292 return 0;
1293 }
1294
1295 int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1296 assert(p);
1297 assert(p->rindex <= p->size);
1298
1299 if (sz > p->size - p->rindex)
1300 return -EMSGSIZE;
1301
1302 if (ret)
1303 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1304
1305 if (start)
1306 *start = p->rindex;
1307
1308 p->rindex += sz;
1309 return 0;
1310 }
1311
1312 void dns_packet_rewind(DnsPacket *p, size_t idx) {
1313 assert(p);
1314 assert(idx <= p->size);
1315 assert(idx >= DNS_PACKET_HEADER_SIZE);
1316
1317 p->rindex = idx;
1318 }
1319
1320 int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1321 const void *q;
1322 int r;
1323
1324 assert(p);
1325 assert(d);
1326
1327 r = dns_packet_read(p, sz, &q, start);
1328 if (r < 0)
1329 return r;
1330
1331 memcpy(d, q, sz);
1332 return 0;
1333 }
1334
1335 static int dns_packet_read_memdup(
1336 DnsPacket *p, size_t size,
1337 void **ret, size_t *ret_size,
1338 size_t *ret_start) {
1339
1340 const void *src;
1341 size_t start;
1342 int r;
1343
1344 assert(p);
1345 assert(ret);
1346
1347 r = dns_packet_read(p, size, &src, &start);
1348 if (r < 0)
1349 return r;
1350
1351 if (size <= 0)
1352 *ret = NULL;
1353 else {
1354 void *copy;
1355
1356 copy = memdup(src, size);
1357 if (!copy)
1358 return -ENOMEM;
1359
1360 *ret = copy;
1361 }
1362
1363 if (ret_size)
1364 *ret_size = size;
1365 if (ret_start)
1366 *ret_start = start;
1367
1368 return 0;
1369 }
1370
1371 int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1372 const void *d;
1373 int r;
1374
1375 assert(p);
1376
1377 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1378 if (r < 0)
1379 return r;
1380
1381 *ret = ((uint8_t*) d)[0];
1382 return 0;
1383 }
1384
1385 int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1386 const void *d;
1387 int r;
1388
1389 assert(p);
1390
1391 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1392 if (r < 0)
1393 return r;
1394
1395 if (ret)
1396 *ret = unaligned_read_be16(d);
1397
1398 return 0;
1399 }
1400
1401 int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1402 const void *d;
1403 int r;
1404
1405 assert(p);
1406
1407 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1408 if (r < 0)
1409 return r;
1410
1411 *ret = unaligned_read_be32(d);
1412
1413 return 0;
1414 }
1415
1416 int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
1417 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1418 _cleanup_free_ char *t = NULL;
1419 const void *d;
1420 uint8_t c;
1421 int r;
1422
1423 assert(p);
1424
1425 r = dns_packet_read_uint8(p, &c, NULL);
1426 if (r < 0)
1427 return r;
1428
1429 r = dns_packet_read(p, c, &d, NULL);
1430 if (r < 0)
1431 return r;
1432
1433 r = make_cstring(d, c, MAKE_CSTRING_REFUSE_TRAILING_NUL, &t);
1434 if (r < 0)
1435 return r;
1436
1437 if (!utf8_is_valid(t))
1438 return -EBADMSG;
1439
1440 *ret = TAKE_PTR(t);
1441
1442 if (start)
1443 *start = rewinder.saved_rindex;
1444 CANCEL_REWINDER(rewinder);
1445
1446 return 0;
1447 }
1448
1449 int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
1450 assert(p);
1451
1452 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1453 uint8_t c;
1454 int r;
1455
1456 r = dns_packet_read_uint8(p, &c, NULL);
1457 if (r < 0)
1458 return r;
1459
1460 r = dns_packet_read(p, c, ret, NULL);
1461 if (r < 0)
1462 return r;
1463
1464 if (size)
1465 *size = c;
1466 if (start)
1467 *start = rewinder.saved_rindex;
1468 CANCEL_REWINDER(rewinder);
1469
1470 return 0;
1471 }
1472
1473 int dns_packet_read_name(
1474 DnsPacket *p,
1475 char **ret,
1476 bool allow_compression,
1477 size_t *ret_start) {
1478
1479 assert(p);
1480
1481 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1482 size_t after_rindex = 0, jump_barrier = p->rindex;
1483 _cleanup_free_ char *name = NULL;
1484 bool first = true;
1485 size_t n = 0;
1486 int r;
1487
1488 if (p->refuse_compression)
1489 allow_compression = false;
1490
1491 for (;;) {
1492 uint8_t c, d;
1493
1494 r = dns_packet_read_uint8(p, &c, NULL);
1495 if (r < 0)
1496 return r;
1497
1498 if (c == 0)
1499 /* End of name */
1500 break;
1501 else if (c <= 63) {
1502 const char *label;
1503
1504 /* Literal label */
1505 r = dns_packet_read(p, c, (const void**) &label, NULL);
1506 if (r < 0)
1507 return r;
1508
1509 if (!GREEDY_REALLOC(name, n + !first + DNS_LABEL_ESCAPED_MAX))
1510 return -ENOMEM;
1511
1512 if (first)
1513 first = false;
1514 else
1515 name[n++] = '.';
1516
1517 r = dns_label_escape(label, c, name + n, DNS_LABEL_ESCAPED_MAX);
1518 if (r < 0)
1519 return r;
1520
1521 n += r;
1522 continue;
1523 } else if (allow_compression && FLAGS_SET(c, 0xc0)) {
1524 uint16_t ptr;
1525
1526 /* Pointer */
1527 r = dns_packet_read_uint8(p, &d, NULL);
1528 if (r < 0)
1529 return r;
1530
1531 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
1532 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier)
1533 return -EBADMSG;
1534
1535 if (after_rindex == 0)
1536 after_rindex = p->rindex;
1537
1538 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1539 jump_barrier = ptr;
1540 p->rindex = ptr;
1541 } else
1542 return -EBADMSG;
1543 }
1544
1545 if (!GREEDY_REALLOC(name, n + 1))
1546 return -ENOMEM;
1547
1548 name[n] = 0;
1549
1550 if (after_rindex != 0)
1551 p->rindex= after_rindex;
1552
1553 if (ret)
1554 *ret = TAKE_PTR(name);
1555 if (ret_start)
1556 *ret_start = rewinder.saved_rindex;
1557
1558 CANCEL_REWINDER(rewinder);
1559
1560 return 0;
1561 }
1562
1563 static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
1564 assert(p);
1565 assert(types);
1566
1567 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1568 uint8_t window, length;
1569 const uint8_t *bitmap;
1570 uint8_t bit = 0;
1571 bool found = false;
1572 int r;
1573
1574 r = bitmap_ensure_allocated(types);
1575 if (r < 0)
1576 return r;
1577
1578 r = dns_packet_read_uint8(p, &window, NULL);
1579 if (r < 0)
1580 return r;
1581
1582 r = dns_packet_read_uint8(p, &length, NULL);
1583 if (r < 0)
1584 return r;
1585
1586 if (length == 0 || length > 32)
1587 return -EBADMSG;
1588
1589 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1590 if (r < 0)
1591 return r;
1592
1593 for (uint8_t i = 0; i < length; i++) {
1594 uint8_t bitmask = 1 << 7;
1595
1596 if (!bitmap[i]) {
1597 found = false;
1598 bit += 8;
1599 continue;
1600 }
1601
1602 found = true;
1603
1604 for (; bitmask; bit++, bitmask >>= 1)
1605 if (bitmap[i] & bitmask) {
1606 uint16_t n;
1607
1608 n = (uint16_t) window << 8 | (uint16_t) bit;
1609
1610 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1611 if (dns_type_is_pseudo(n))
1612 continue;
1613
1614 r = bitmap_set(*types, n);
1615 if (r < 0)
1616 return r;
1617 }
1618 }
1619
1620 if (!found)
1621 return -EBADMSG;
1622
1623 if (start)
1624 *start = rewinder.saved_rindex;
1625 CANCEL_REWINDER(rewinder);
1626
1627 return 0;
1628 }
1629
1630 static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
1631 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1632 int r;
1633
1634 while (p->rindex - rewinder.saved_rindex < size) {
1635 r = dns_packet_read_type_window(p, types, NULL);
1636 if (r < 0)
1637 return r;
1638
1639 assert(p->rindex >= rewinder.saved_rindex);
1640
1641 /* don't read past end of current RR */
1642 if (p->rindex - rewinder.saved_rindex > size)
1643 return -EBADMSG;
1644 }
1645
1646 if (p->rindex - rewinder.saved_rindex != size)
1647 return -EBADMSG;
1648
1649 if (start)
1650 *start = rewinder.saved_rindex;
1651 CANCEL_REWINDER(rewinder);
1652
1653 return 0;
1654 }
1655
1656 int dns_packet_read_key(
1657 DnsPacket *p,
1658 DnsResourceKey **ret,
1659 bool *ret_cache_flush_or_qu,
1660 size_t *ret_start) {
1661
1662 assert(p);
1663
1664 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1665 _cleanup_free_ char *name = NULL;
1666 bool cache_flush_or_qu = false;
1667 uint16_t class, type;
1668 int r;
1669
1670 r = dns_packet_read_name(p, &name, true, NULL);
1671 if (r < 0)
1672 return r;
1673
1674 r = dns_packet_read_uint16(p, &type, NULL);
1675 if (r < 0)
1676 return r;
1677
1678 r = dns_packet_read_uint16(p, &class, NULL);
1679 if (r < 0)
1680 return r;
1681
1682 if (p->protocol == DNS_PROTOCOL_MDNS) {
1683 /* See RFC6762, sections 5.4 and 10.2 */
1684
1685 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH_OR_QU)) {
1686 class &= ~MDNS_RR_CACHE_FLUSH_OR_QU;
1687 cache_flush_or_qu = true;
1688 }
1689 }
1690
1691 if (ret) {
1692 DnsResourceKey *key;
1693
1694 key = dns_resource_key_new_consume(class, type, name);
1695 if (!key)
1696 return -ENOMEM;
1697
1698 TAKE_PTR(name);
1699 *ret = key;
1700 }
1701
1702 if (ret_cache_flush_or_qu)
1703 *ret_cache_flush_or_qu = cache_flush_or_qu;
1704 if (ret_start)
1705 *ret_start = rewinder.saved_rindex;
1706
1707 CANCEL_REWINDER(rewinder);
1708 return 0;
1709 }
1710
1711 static bool loc_size_ok(uint8_t size) {
1712 uint8_t m = size >> 4, e = size & 0xF;
1713
1714 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1715 }
1716
1717 static bool dns_svc_param_is_valid(DnsSvcParam *i) {
1718 if (!i)
1719 return false;
1720
1721 switch (i->key) {
1722 /* RFC 9460, section 7.1.1: alpn-ids must exactly fill SvcParamValue */
1723 case DNS_SVC_PARAM_KEY_ALPN: {
1724 size_t sz = 0;
1725 if (i->length <= 0)
1726 return false;
1727 while (sz < i->length)
1728 sz += 1 + i->value[sz]; /* N.B. will not overflow */
1729 return sz == i->length;
1730 }
1731
1732 /* RFC 9460, section 7.1.1: value must be empty */
1733 case DNS_SVC_PARAM_KEY_NO_DEFAULT_ALPN:
1734 return i->length == 0;
1735
1736 /* RFC 9460, section 7.2 */
1737 case DNS_SVC_PARAM_KEY_PORT:
1738 return i->length == 2;
1739
1740 /* RFC 9460, section 7.3: addrs must exactly fill SvcParamValue */
1741 case DNS_SVC_PARAM_KEY_IPV4HINT:
1742 return i->length % (sizeof (struct in_addr)) == 0;
1743 case DNS_SVC_PARAM_KEY_IPV6HINT:
1744 return i->length % (sizeof (struct in6_addr)) == 0;
1745
1746 /* Otherwise, permit any value */
1747 default:
1748 return true;
1749 }
1750 }
1751
1752 int dns_packet_read_rr(
1753 DnsPacket *p,
1754 DnsResourceRecord **ret,
1755 bool *ret_cache_flush,
1756 size_t *ret_start) {
1757
1758 assert(p);
1759
1760 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1761 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1762 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
1763 size_t offset;
1764 uint16_t rdlength;
1765 bool cache_flush;
1766 int r;
1767
1768 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
1769 if (r < 0)
1770 return r;
1771
1772 if (!dns_class_is_valid_rr(key->class) || !dns_type_is_valid_rr(key->type))
1773 return -EBADMSG;
1774
1775 rr = dns_resource_record_new(key);
1776 if (!rr)
1777 return -ENOMEM;
1778
1779 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1780 if (r < 0)
1781 return r;
1782
1783 /* RFC 2181, Section 8, suggests to
1784 * treat a TTL with the MSB set as a zero TTL. */
1785 if (rr->ttl & UINT32_C(0x80000000))
1786 rr->ttl = 0;
1787
1788 r = dns_packet_read_uint16(p, &rdlength, NULL);
1789 if (r < 0)
1790 return r;
1791
1792 if (rdlength > p->size - p->rindex)
1793 return -EBADMSG;
1794
1795 offset = p->rindex;
1796
1797 switch (rr->key->type) {
1798
1799 case DNS_TYPE_SRV:
1800 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1801 if (r < 0)
1802 return r;
1803 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1804 if (r < 0)
1805 return r;
1806 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1807 if (r < 0)
1808 return r;
1809
1810 /* RFC 2782 states "Unless and until permitted by future standards action, name compression
1811 * is not to be used for this field." Nonetheless, we support it here, in the interest of
1812 * increasing compatibility with implementations that do not implement this correctly. After
1813 * all we didn't do this right once upon a time ourselves (see
1814 * https://github.com/systemd/systemd/issues/9793). */
1815 r = dns_packet_read_name(p, &rr->srv.name, /* allow_compression= */ true, NULL);
1816 break;
1817
1818 case DNS_TYPE_PTR:
1819 case DNS_TYPE_NS:
1820 case DNS_TYPE_CNAME:
1821 case DNS_TYPE_DNAME:
1822 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
1823 break;
1824
1825 case DNS_TYPE_HINFO:
1826 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1827 if (r < 0)
1828 return r;
1829
1830 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1831 break;
1832
1833 case DNS_TYPE_SPF: /* exactly the same as TXT */
1834 case DNS_TYPE_TXT:
1835 if (rdlength <= 0) {
1836 r = dns_txt_item_new_empty(&rr->txt.items);
1837 if (r < 0)
1838 return r;
1839 } else {
1840 DnsTxtItem *last = NULL;
1841
1842 while (p->rindex - offset < rdlength) {
1843 DnsTxtItem *i;
1844 const void *data;
1845 size_t sz;
1846
1847 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1848 if (r < 0)
1849 return r;
1850
1851 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1852 if (!i)
1853 return -ENOMEM;
1854
1855 memcpy(i->data, data, sz);
1856 i->length = sz;
1857
1858 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1859 last = i;
1860 }
1861 }
1862
1863 r = 0;
1864 break;
1865
1866 case DNS_TYPE_A:
1867 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
1868 break;
1869
1870 case DNS_TYPE_AAAA:
1871 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
1872 break;
1873
1874 case DNS_TYPE_SOA:
1875 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
1876 if (r < 0)
1877 return r;
1878
1879 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
1880 if (r < 0)
1881 return r;
1882
1883 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1884 if (r < 0)
1885 return r;
1886
1887 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1888 if (r < 0)
1889 return r;
1890
1891 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1892 if (r < 0)
1893 return r;
1894
1895 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1896 if (r < 0)
1897 return r;
1898
1899 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1900 break;
1901
1902 case DNS_TYPE_MX:
1903 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1904 if (r < 0)
1905 return r;
1906
1907 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
1908 break;
1909
1910 case DNS_TYPE_LOC: {
1911 uint8_t t;
1912 size_t pos;
1913
1914 r = dns_packet_read_uint8(p, &t, &pos);
1915 if (r < 0)
1916 return r;
1917
1918 if (t == 0) {
1919 rr->loc.version = t;
1920
1921 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1922 if (r < 0)
1923 return r;
1924
1925 if (!loc_size_ok(rr->loc.size))
1926 return -EBADMSG;
1927
1928 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1929 if (r < 0)
1930 return r;
1931
1932 if (!loc_size_ok(rr->loc.horiz_pre))
1933 return -EBADMSG;
1934
1935 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1936 if (r < 0)
1937 return r;
1938
1939 if (!loc_size_ok(rr->loc.vert_pre))
1940 return -EBADMSG;
1941
1942 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1943 if (r < 0)
1944 return r;
1945
1946 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1947 if (r < 0)
1948 return r;
1949
1950 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
1951 if (r < 0)
1952 return r;
1953
1954 break;
1955 } else {
1956 dns_packet_rewind(p, pos);
1957 rr->unparsable = true;
1958 goto unparsable;
1959 }
1960 }
1961
1962 case DNS_TYPE_DS:
1963 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
1964 if (r < 0)
1965 return r;
1966
1967 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
1968 if (r < 0)
1969 return r;
1970
1971 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
1972 if (r < 0)
1973 return r;
1974
1975 if (rdlength < 4)
1976 return -EBADMSG;
1977
1978 r = dns_packet_read_memdup(p, rdlength - 4,
1979 &rr->ds.digest, &rr->ds.digest_size,
1980 NULL);
1981 if (r < 0)
1982 return r;
1983
1984 if (rr->ds.digest_size <= 0)
1985 /* the accepted size depends on the algorithm, but for now
1986 just ensure that the value is greater than zero */
1987 return -EBADMSG;
1988
1989 break;
1990
1991 case DNS_TYPE_SSHFP:
1992 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
1993 if (r < 0)
1994 return r;
1995
1996 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
1997 if (r < 0)
1998 return r;
1999
2000 if (rdlength < 2)
2001 return -EBADMSG;
2002
2003 r = dns_packet_read_memdup(p, rdlength - 2,
2004 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
2005 NULL);
2006
2007 if (rr->sshfp.fingerprint_size <= 0)
2008 /* the accepted size depends on the algorithm, but for now
2009 just ensure that the value is greater than zero */
2010 return -EBADMSG;
2011
2012 break;
2013
2014 case DNS_TYPE_DNSKEY:
2015 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
2016 if (r < 0)
2017 return r;
2018
2019 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
2020 if (r < 0)
2021 return r;
2022
2023 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
2024 if (r < 0)
2025 return r;
2026
2027 if (rdlength < 4)
2028 return -EBADMSG;
2029
2030 r = dns_packet_read_memdup(p, rdlength - 4,
2031 &rr->dnskey.key, &rr->dnskey.key_size,
2032 NULL);
2033
2034 if (rr->dnskey.key_size <= 0)
2035 /* the accepted size depends on the algorithm, but for now
2036 just ensure that the value is greater than zero */
2037 return -EBADMSG;
2038
2039 break;
2040
2041 case DNS_TYPE_RRSIG:
2042 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
2043 if (r < 0)
2044 return r;
2045
2046 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
2047 if (r < 0)
2048 return r;
2049
2050 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
2051 if (r < 0)
2052 return r;
2053
2054 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
2055 if (r < 0)
2056 return r;
2057
2058 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
2059 if (r < 0)
2060 return r;
2061
2062 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
2063 if (r < 0)
2064 return r;
2065
2066 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
2067 if (r < 0)
2068 return r;
2069
2070 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
2071 if (r < 0)
2072 return r;
2073
2074 if (rdlength < p->rindex - offset)
2075 return -EBADMSG;
2076
2077 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
2078 &rr->rrsig.signature, &rr->rrsig.signature_size,
2079 NULL);
2080
2081 if (rr->rrsig.signature_size <= 0)
2082 /* the accepted size depends on the algorithm, but for now
2083 just ensure that the value is greater than zero */
2084 return -EBADMSG;
2085
2086 break;
2087
2088 case DNS_TYPE_NSEC: {
2089
2090 /*
2091 * RFC6762, section 18.14 explicitly states mDNS should use name compression.
2092 * This contradicts RFC3845, section 2.1.1
2093 */
2094
2095 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
2096
2097 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
2098 if (r < 0)
2099 return r;
2100
2101 if (rdlength < p->rindex - offset)
2102 return -EBADMSG;
2103
2104 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
2105
2106 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
2107 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
2108 * without the NSEC bit set. */
2109
2110 break;
2111 }
2112 case DNS_TYPE_NSEC3: {
2113 uint8_t size;
2114
2115 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
2116 if (r < 0)
2117 return r;
2118
2119 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
2120 if (r < 0)
2121 return r;
2122
2123 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
2124 if (r < 0)
2125 return r;
2126
2127 /* this may be zero */
2128 r = dns_packet_read_uint8(p, &size, NULL);
2129 if (r < 0)
2130 return r;
2131
2132 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
2133 if (r < 0)
2134 return r;
2135
2136 r = dns_packet_read_uint8(p, &size, NULL);
2137 if (r < 0)
2138 return r;
2139
2140 if (size <= 0)
2141 return -EBADMSG;
2142
2143 r = dns_packet_read_memdup(p, size,
2144 &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size,
2145 NULL);
2146 if (r < 0)
2147 return r;
2148
2149 if (rdlength < p->rindex - offset)
2150 return -EBADMSG;
2151
2152 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
2153
2154 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
2155
2156 break;
2157 }
2158
2159 case DNS_TYPE_TLSA:
2160 r = dns_packet_read_uint8(p, &rr->tlsa.cert_usage, NULL);
2161 if (r < 0)
2162 return r;
2163
2164 r = dns_packet_read_uint8(p, &rr->tlsa.selector, NULL);
2165 if (r < 0)
2166 return r;
2167
2168 r = dns_packet_read_uint8(p, &rr->tlsa.matching_type, NULL);
2169 if (r < 0)
2170 return r;
2171
2172 if (rdlength < 3)
2173 return -EBADMSG;
2174
2175 r = dns_packet_read_memdup(p, rdlength - 3,
2176 &rr->tlsa.data, &rr->tlsa.data_size,
2177 NULL);
2178
2179 if (rr->tlsa.data_size <= 0)
2180 /* the accepted size depends on the algorithm, but for now
2181 just ensure that the value is greater than zero */
2182 return -EBADMSG;
2183
2184 break;
2185
2186 case DNS_TYPE_SVCB:
2187 case DNS_TYPE_HTTPS:
2188 r = dns_packet_read_uint16(p, &rr->svcb.priority, NULL);
2189 if (r < 0)
2190 return r;
2191
2192 r = dns_packet_read_name(p, &rr->svcb.target_name, false /* uncompressed */, NULL);
2193 if (r < 0)
2194 return r;
2195
2196 DnsSvcParam *last = NULL;
2197 while (p->rindex - offset < rdlength) {
2198 _cleanup_free_ DnsSvcParam *i = NULL;
2199 uint16_t svc_param_key;
2200 uint16_t sz;
2201
2202 r = dns_packet_read_uint16(p, &svc_param_key, NULL);
2203 if (r < 0)
2204 return r;
2205 /* RFC 9460, section 2.2 says we must consider an RR malformed if SvcParamKeys are
2206 * not in strictly increasing order */
2207 if (last && last->key >= svc_param_key)
2208 return -EBADMSG;
2209
2210 r = dns_packet_read_uint16(p, &sz, NULL);
2211 if (r < 0)
2212 return r;
2213
2214 i = malloc0(offsetof(DnsSvcParam, value) + sz);
2215 if (!i)
2216 return -ENOMEM;
2217
2218 i->key = svc_param_key;
2219 i->length = sz;
2220 r = dns_packet_read_blob(p, &i->value, sz, NULL);
2221 if (r < 0)
2222 return r;
2223 if (!dns_svc_param_is_valid(i))
2224 return -EBADMSG;
2225
2226 LIST_INSERT_AFTER(params, rr->svcb.params, last, i);
2227 last = TAKE_PTR(i);
2228 }
2229
2230 break;
2231
2232 case DNS_TYPE_CAA:
2233 r = dns_packet_read_uint8(p, &rr->caa.flags, NULL);
2234 if (r < 0)
2235 return r;
2236
2237 r = dns_packet_read_string(p, &rr->caa.tag, NULL);
2238 if (r < 0)
2239 return r;
2240
2241 if (rdlength < p->rindex - offset)
2242 return -EBADMSG;
2243
2244 r = dns_packet_read_memdup(p,
2245 rdlength + offset - p->rindex,
2246 &rr->caa.value, &rr->caa.value_size, NULL);
2247
2248 break;
2249
2250 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
2251 case DNS_TYPE_OPENPGPKEY:
2252 default:
2253 unparsable:
2254 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.data_size, NULL);
2255
2256 break;
2257 }
2258 if (r < 0)
2259 return r;
2260 if (p->rindex - offset != rdlength)
2261 return -EBADMSG;
2262
2263 if (ret)
2264 *ret = TAKE_PTR(rr);
2265 if (ret_cache_flush)
2266 *ret_cache_flush = cache_flush;
2267 if (ret_start)
2268 *ret_start = rewinder.saved_rindex;
2269
2270 CANCEL_REWINDER(rewinder);
2271 return 0;
2272 }
2273
2274 static bool opt_is_good(DnsResourceRecord *rr, bool *rfc6975) {
2275 const uint8_t* p;
2276 bool found_dau_dhu_n3u = false;
2277 size_t l;
2278
2279 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2280 * a reply). */
2281
2282 assert(rr);
2283 assert(rr->key->type == DNS_TYPE_OPT);
2284
2285 /* Check that the version is 0 */
2286 if (((rr->ttl >> 16) & UINT32_C(0xFF)) != 0) {
2287 *rfc6975 = false;
2288 return true; /* if it's not version 0, it's OK, but we will ignore the OPT field contents */
2289 }
2290
2291 p = rr->opt.data;
2292 l = rr->opt.data_size;
2293 while (l > 0) {
2294 uint16_t option_code, option_length;
2295
2296 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2297 if (l < 4U)
2298 return false;
2299
2300 option_code = unaligned_read_be16(p);
2301 option_length = unaligned_read_be16(p + 2);
2302
2303 if (l < option_length + 4U)
2304 return false;
2305
2306 /* RFC 6975 DAU, DHU or N3U fields found. */
2307 if (IN_SET(option_code, DNS_EDNS_OPT_DAU, DNS_EDNS_OPT_DHU, DNS_EDNS_OPT_N3U))
2308 found_dau_dhu_n3u = true;
2309
2310 p += option_length + 4U;
2311 l -= option_length + 4U;
2312 }
2313
2314 *rfc6975 = found_dau_dhu_n3u;
2315 return true;
2316 }
2317
2318 static int dns_packet_extract_question(DnsPacket *p, DnsQuestion **ret_question) {
2319 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2320 unsigned n;
2321 int r;
2322
2323 n = DNS_PACKET_QDCOUNT(p);
2324 if (n > 0) {
2325 question = dns_question_new(n);
2326 if (!question)
2327 return -ENOMEM;
2328
2329 _cleanup_set_free_ Set *keys = NULL; /* references to keys are kept by Question */
2330
2331 keys = set_new(&dns_resource_key_hash_ops);
2332 if (!keys)
2333 return log_oom();
2334
2335 r = set_reserve(keys, n * 2); /* Higher multipliers give slightly higher efficiency through
2336 * hash collisions, but the gains quickly drop off after 2. */
2337 if (r < 0)
2338 return r;
2339
2340 for (unsigned i = 0; i < n; i++) {
2341 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
2342 bool qu;
2343
2344 r = dns_packet_read_key(p, &key, &qu, NULL);
2345 if (r < 0)
2346 return r;
2347
2348 if (!dns_type_is_valid_query(key->type))
2349 return -EBADMSG;
2350
2351 r = set_put(keys, key);
2352 if (r < 0)
2353 return r;
2354 if (r == 0)
2355 /* Already in the Question, let's skip */
2356 continue;
2357
2358 r = dns_question_add_raw(question, key, qu ? DNS_QUESTION_WANTS_UNICAST_REPLY : 0);
2359 if (r < 0)
2360 return r;
2361 }
2362 }
2363
2364 *ret_question = TAKE_PTR(question);
2365
2366 return 0;
2367 }
2368
2369 static int dns_packet_extract_answer(DnsPacket *p, DnsAnswer **ret_answer) {
2370 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2371 unsigned n;
2372 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL;
2373 bool bad_opt = false;
2374 int r;
2375
2376 n = DNS_PACKET_RRCOUNT(p);
2377 if (n == 0)
2378 return 0;
2379
2380 answer = dns_answer_new(n);
2381 if (!answer)
2382 return -ENOMEM;
2383
2384 for (unsigned i = 0; i < n; i++) {
2385 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2386 bool cache_flush = false;
2387 size_t start;
2388
2389 if (p->rindex == p->size && p->opt) {
2390 /* If we reached the end of the packet already, but there are still more RRs
2391 * declared, then that's a corrupt packet. Let's accept the packet anyway, since it's
2392 * apparently a common bug in routers. Let's however suppress OPT support in this
2393 * case, so that we force the rest of the logic into lowest DNS baseline support. Or
2394 * to say this differently: if the DNS server doesn't even get the RR counts right,
2395 * it's highly unlikely it gets EDNS right. */
2396 log_debug("More resource records declared in packet than included, suppressing OPT.");
2397 bad_opt = true;
2398 break;
2399 }
2400
2401 r = dns_packet_read_rr(p, &rr, &cache_flush, &start);
2402 if (r < 0)
2403 return r;
2404
2405 /* Try to reduce memory usage a bit */
2406 if (previous)
2407 dns_resource_key_reduce(&rr->key, &previous->key);
2408
2409 if (rr->key->type == DNS_TYPE_OPT) {
2410 bool has_rfc6975;
2411
2412 if (p->opt || bad_opt) {
2413 /* Multiple OPT RRs? if so, let's ignore all, because there's
2414 * something wrong with the server, and if one is valid we wouldn't
2415 * know which one. */
2416 log_debug("Multiple OPT RRs detected, ignoring all.");
2417 bad_opt = true;
2418 continue;
2419 }
2420
2421 if (!dns_name_is_root(dns_resource_key_name(rr->key))) {
2422 /* If the OPT RR is not owned by the root domain, then it is bad,
2423 * let's ignore it. */
2424 log_debug("OPT RR is not owned by root domain, ignoring.");
2425 bad_opt = true;
2426 continue;
2427 }
2428
2429 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2430 /* OPT RR is in the wrong section? Some Belkin routers do this. This
2431 * is a hint the EDNS implementation is borked, like the Belkin one
2432 * is, hence ignore it. */
2433 log_debug("OPT RR in wrong section, ignoring.");
2434 bad_opt = true;
2435 continue;
2436 }
2437
2438 if (!opt_is_good(rr, &has_rfc6975)) {
2439 log_debug("Malformed OPT RR, ignoring.");
2440 bad_opt = true;
2441 continue;
2442 }
2443
2444 if (DNS_PACKET_QR(p)) {
2445 /* Additional checks for responses */
2446
2447 if (!DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(rr))
2448 /* If this is a reply and we don't know the EDNS version
2449 * then something is weird... */
2450 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2451 "EDNS version newer that our request, bad server.");
2452
2453 if (has_rfc6975) {
2454 /* If the OPT RR contains RFC6975 algorithm data, then this
2455 * is indication that the server just copied the OPT it got
2456 * from us (which contained that data) back into the reply.
2457 * If so, then it doesn't properly support EDNS, as RFC6975
2458 * makes it very clear that the algorithm data should only
2459 * be contained in questions, never in replies. Crappy
2460 * Belkin routers copy the OPT data for example, hence let's
2461 * detect this so that we downgrade early. */
2462 log_debug("OPT RR contains RFC6975 data, ignoring.");
2463 bad_opt = true;
2464 continue;
2465 }
2466 }
2467
2468 p->opt = dns_resource_record_ref(rr);
2469 p->opt_start = start;
2470 assert(p->rindex >= start);
2471 p->opt_size = p->rindex - start;
2472 } else {
2473 DnsAnswerFlags flags = 0;
2474
2475 if (p->protocol == DNS_PROTOCOL_MDNS) {
2476 flags |= DNS_ANSWER_REFUSE_TTL_NO_MATCH;
2477 if (!cache_flush)
2478 flags |= DNS_ANSWER_SHARED_OWNER;
2479 }
2480
2481 /* According to RFC 4795, section 2.9. only the RRs from the Answer section shall be
2482 * cached. Hence mark only those RRs as cacheable by default, but not the ones from
2483 * the Additional or Authority sections.
2484 * This restriction does not apply to mDNS records (RFC 6762). */
2485 if (i < DNS_PACKET_ANCOUNT(p))
2486 flags |= DNS_ANSWER_CACHEABLE|DNS_ANSWER_SECTION_ANSWER;
2487 else if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p))
2488 flags |= DNS_ANSWER_SECTION_AUTHORITY;
2489 else {
2490 flags |= DNS_ANSWER_SECTION_ADDITIONAL;
2491 if (p->protocol == DNS_PROTOCOL_MDNS)
2492 flags |= DNS_ANSWER_CACHEABLE;
2493 }
2494
2495 r = dns_answer_add(answer, rr, p->ifindex, flags, NULL);
2496 if (r < 0)
2497 return r;
2498 }
2499
2500 /* Remember this RR, so that we can potentially merge its ->key object with the
2501 * next RR. Note that we only do this if we actually decided to keep the RR around.
2502 */
2503 DNS_RR_REPLACE(previous, dns_resource_record_ref(rr));
2504 }
2505
2506 if (bad_opt) {
2507 p->opt = dns_resource_record_unref(p->opt);
2508 p->opt_start = p->opt_size = SIZE_MAX;
2509 }
2510
2511 *ret_answer = TAKE_PTR(answer);
2512
2513 return 0;
2514 }
2515
2516 int dns_packet_extract(DnsPacket *p) {
2517 assert(p);
2518
2519 if (p->extracted)
2520 return 0;
2521
2522 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2523 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2524 _unused_ _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
2525 int r;
2526
2527 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2528
2529 r = dns_packet_extract_question(p, &question);
2530 if (r < 0)
2531 return r;
2532
2533 r = dns_packet_extract_answer(p, &answer);
2534 if (r < 0)
2535 return r;
2536
2537 if (p->rindex < p->size) {
2538 log_debug("Trailing garbage in packet, suppressing OPT.");
2539 p->opt = dns_resource_record_unref(p->opt);
2540 p->opt_start = p->opt_size = SIZE_MAX;
2541 }
2542
2543 p->question = TAKE_PTR(question);
2544 p->answer = TAKE_PTR(answer);
2545 p->extracted = true;
2546
2547 /* no CANCEL, always rewind */
2548 return 0;
2549 }
2550
2551 int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2552 int r;
2553
2554 assert(p);
2555 assert(key);
2556
2557 /* Checks if the specified packet is a reply for the specified
2558 * key and the specified key is the only one in the question
2559 * section. */
2560
2561 if (DNS_PACKET_QR(p) != 1)
2562 return 0;
2563
2564 /* Let's unpack the packet, if that hasn't happened yet. */
2565 r = dns_packet_extract(p);
2566 if (r < 0)
2567 return r;
2568
2569 if (!p->question)
2570 return 0;
2571
2572 if (p->question->n_keys != 1)
2573 return 0;
2574
2575 return dns_resource_key_equal(dns_question_first_key(p->question), key);
2576 }
2577
2578 int dns_packet_patch_max_udp_size(DnsPacket *p, uint16_t max_udp_size) {
2579 assert(p);
2580 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
2581
2582 if (p->opt_start == SIZE_MAX) /* No OPT section, nothing to patch */
2583 return 0;
2584
2585 assert(p->opt_size != SIZE_MAX);
2586 assert(p->opt_size >= 5);
2587
2588 unaligned_write_be16(DNS_PACKET_DATA(p) + p->opt_start + 3, max_udp_size);
2589 return 1;
2590 }
2591
2592 static int patch_rr(DnsPacket *p, usec_t age) {
2593 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
2594 size_t ttl_index;
2595 uint32_t ttl;
2596 uint16_t type, rdlength;
2597 int r;
2598
2599 /* Patches the RR at the current rindex, subtracts the specified time from the TTL */
2600
2601 r = dns_packet_read_name(p, NULL, true, NULL);
2602 if (r < 0)
2603 return r;
2604
2605 r = dns_packet_read_uint16(p, &type, NULL);
2606 if (r < 0)
2607 return r;
2608
2609 r = dns_packet_read_uint16(p, NULL, NULL);
2610 if (r < 0)
2611 return r;
2612
2613 r = dns_packet_read_uint32(p, &ttl, &ttl_index);
2614 if (r < 0)
2615 return r;
2616
2617 if (type != DNS_TYPE_OPT) { /* The TTL of the OPT field is not actually a TTL, skip it */
2618 ttl = LESS_BY(ttl * USEC_PER_SEC, age) / USEC_PER_SEC;
2619 unaligned_write_be32(DNS_PACKET_DATA(p) + ttl_index, ttl);
2620 }
2621
2622 r = dns_packet_read_uint16(p, &rdlength, NULL);
2623 if (r < 0)
2624 return r;
2625
2626 r = dns_packet_read(p, rdlength, NULL, NULL);
2627 if (r < 0)
2628 return r;
2629
2630 CANCEL_REWINDER(rewinder);
2631 return 0;
2632 }
2633
2634 int dns_packet_patch_ttls(DnsPacket *p, usec_t timestamp) {
2635 assert(p);
2636 assert(timestamp_is_set(timestamp));
2637
2638 /* Adjusts all TTLs in the packet by subtracting the time difference between now and the specified timestamp */
2639
2640 _unused_ _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
2641 unsigned n;
2642 usec_t k;
2643 int r;
2644
2645 k = now(CLOCK_BOOTTIME);
2646 assert(k >= timestamp);
2647 k -= timestamp;
2648
2649 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2650
2651 n = DNS_PACKET_QDCOUNT(p);
2652 for (unsigned i = 0; i < n; i++) {
2653 r = dns_packet_read_key(p, NULL, NULL, NULL);
2654 if (r < 0)
2655 return r;
2656 }
2657
2658 n = DNS_PACKET_RRCOUNT(p);
2659 for (unsigned i = 0; i < n; i++) {
2660
2661 /* DNS servers suck, hence the RR count is in many servers off. If we reached the end
2662 * prematurely, accept that, exit early */
2663 if (p->rindex == p->size)
2664 break;
2665
2666 r = patch_rr(p, k);
2667 if (r < 0)
2668 return r;
2669 }
2670
2671 return 0;
2672 }
2673
2674 static void dns_packet_hash_func(const DnsPacket *s, struct siphash *state) {
2675 assert(s);
2676
2677 siphash24_compress_typesafe(s->size, state);
2678 siphash24_compress(DNS_PACKET_DATA((DnsPacket*) s), s->size, state);
2679 }
2680
2681 static int dns_packet_compare_func(const DnsPacket *x, const DnsPacket *y) {
2682 int r;
2683
2684 r = CMP(x->size, y->size);
2685 if (r != 0)
2686 return r;
2687
2688 return memcmp(DNS_PACKET_DATA((DnsPacket*) x), DNS_PACKET_DATA((DnsPacket*) y), x->size);
2689 }
2690
2691 DEFINE_HASH_OPS(dns_packet_hash_ops, DnsPacket, dns_packet_hash_func, dns_packet_compare_func);
2692
2693 bool dns_packet_equal(const DnsPacket *a, const DnsPacket *b) {
2694 return dns_packet_compare_func(a, b) == 0;
2695 }
2696
2697 int dns_packet_ede_rcode(DnsPacket *p, int *ret_ede_rcode, char **ret_ede_msg) {
2698 const uint8_t *d;
2699 size_t l;
2700 int r;
2701
2702 assert(p);
2703
2704 if (!p->opt)
2705 return -ENOENT;
2706
2707 d = p->opt->opt.data;
2708 l = p->opt->opt.data_size;
2709
2710 while (l > 0) {
2711 uint16_t code, length;
2712
2713 if (l < 4U)
2714 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2715 "EDNS0 variable part has invalid size.");
2716
2717 code = unaligned_read_be16(d);
2718 length = unaligned_read_be16(d + 2);
2719
2720 if (l < 4U + length)
2721 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2722 "Truncated option in EDNS0 variable part.");
2723
2724 if (code == DNS_EDNS_OPT_EXT_ERROR) {
2725 _cleanup_free_ char *msg = NULL;
2726
2727 if (length < 2U)
2728 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2729 "EDNS0 truncated EDE info code.");
2730
2731 r = make_cstring((char *) d + 6, length - 2U, MAKE_CSTRING_ALLOW_TRAILING_NUL, &msg);
2732 if (r < 0)
2733 return log_debug_errno(r, "Invalid EDE text in opt.");
2734
2735 if (ret_ede_msg) {
2736 if (!utf8_is_valid(msg)) {
2737 _cleanup_free_ char *msg_escaped = NULL;
2738
2739 msg_escaped = cescape(msg);
2740 if (!msg_escaped)
2741 return log_oom_debug();
2742
2743 *ret_ede_msg = TAKE_PTR(msg_escaped);
2744 } else
2745 *ret_ede_msg = TAKE_PTR(msg);
2746 }
2747
2748 if (ret_ede_rcode)
2749 *ret_ede_rcode = unaligned_read_be16(d + 4);
2750
2751 return 0;
2752 }
2753
2754 d += 4U + length;
2755 l -= 4U + length;
2756 }
2757
2758 return -ENOENT;
2759 }
2760
2761 bool dns_ede_rcode_is_dnssec(int ede_rcode) {
2762 return IN_SET(ede_rcode,
2763 DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG,
2764 DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST,
2765 DNS_EDE_RCODE_DNSSEC_INDETERMINATE,
2766 DNS_EDE_RCODE_DNSSEC_BOGUS,
2767 DNS_EDE_RCODE_SIG_EXPIRED,
2768 DNS_EDE_RCODE_SIG_NOT_YET_VALID,
2769 DNS_EDE_RCODE_DNSKEY_MISSING,
2770 DNS_EDE_RCODE_RRSIG_MISSING,
2771 DNS_EDE_RCODE_NO_ZONE_KEY_BIT,
2772 DNS_EDE_RCODE_NSEC_MISSING
2773 );
2774 }
2775
2776 int dns_packet_has_nsid_request(DnsPacket *p) {
2777 bool has_nsid = false;
2778 const uint8_t *d;
2779 size_t l;
2780
2781 assert(p);
2782
2783 if (!p->opt)
2784 return false;
2785
2786 d = p->opt->opt.data;
2787 l = p->opt->opt.data_size;
2788
2789 while (l > 0) {
2790 uint16_t code, length;
2791
2792 if (l < 4U)
2793 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2794 "EDNS0 variable part has invalid size.");
2795
2796 code = unaligned_read_be16(d);
2797 length = unaligned_read_be16(d + 2);
2798
2799 if (l < 4U + length)
2800 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2801 "Truncated option in EDNS0 variable part.");
2802
2803 if (code == DNS_EDNS_OPT_NSID) {
2804 if (has_nsid)
2805 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2806 "Duplicate NSID option in EDNS0 variable part.");
2807
2808 if (length != 0)
2809 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2810 "Non-empty NSID option in DNS request.");
2811
2812 has_nsid = true;
2813 }
2814
2815 d += 4U + length;
2816 l -= 4U + length;
2817 }
2818
2819 return has_nsid;
2820 }
2821
2822 size_t dns_packet_size_unfragmented(DnsPacket *p) {
2823 assert(p);
2824
2825 if (p->fragsize == 0) /* Wasn't fragmented */
2826 return p->size;
2827
2828 /* The fragment size (p->fragsize) covers the whole (fragmented) IP packet, while the regular packet
2829 * size (p->size) only covers the DNS part. Thus, subtract the UDP header from the largest fragment
2830 * size, in order to determine which size of DNS packet would have gone through without
2831 * fragmenting. */
2832
2833 return LESS_BY(p->fragsize, udp_header_size(p->family));
2834 }
2835
2836 static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
2837 [DNS_RCODE_SUCCESS] = "SUCCESS",
2838 [DNS_RCODE_FORMERR] = "FORMERR",
2839 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2840 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2841 [DNS_RCODE_NOTIMP] = "NOTIMP",
2842 [DNS_RCODE_REFUSED] = "REFUSED",
2843 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2844 [DNS_RCODE_YXRRSET] = "YRRSET",
2845 [DNS_RCODE_NXRRSET] = "NXRRSET",
2846 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2847 [DNS_RCODE_NOTZONE] = "NOTZONE",
2848 [DNS_RCODE_DSOTYPENI] = "DSOTYPENI",
2849 [DNS_RCODE_BADVERS] = "BADVERS",
2850 [DNS_RCODE_BADKEY] = "BADKEY",
2851 [DNS_RCODE_BADTIME] = "BADTIME",
2852 [DNS_RCODE_BADMODE] = "BADMODE",
2853 [DNS_RCODE_BADNAME] = "BADNAME",
2854 [DNS_RCODE_BADALG] = "BADALG",
2855 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
2856 [DNS_RCODE_BADCOOKIE] = "BADCOOKIE",
2857 };
2858 DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
2859
2860 const char *format_dns_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]) {
2861 const char *p = dns_rcode_to_string(i);
2862 if (p)
2863 return p;
2864
2865 return snprintf_ok(buf, DECIMAL_STR_MAX(int), "%i", i);
2866 }
2867
2868 static const char* const dns_ede_rcode_table[_DNS_EDE_RCODE_MAX_DEFINED] = {
2869 [DNS_EDE_RCODE_OTHER] = "Other",
2870 [DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG] = "Unsupported DNSKEY Algorithm",
2871 [DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST] = "Unsupported DS Digest Type",
2872 [DNS_EDE_RCODE_STALE_ANSWER] = "Stale Answer",
2873 [DNS_EDE_RCODE_FORGED_ANSWER] = "Forged Answer",
2874 [DNS_EDE_RCODE_DNSSEC_INDETERMINATE] = "DNSSEC Indeterminate",
2875 [DNS_EDE_RCODE_DNSSEC_BOGUS] = "DNSSEC Bogus",
2876 [DNS_EDE_RCODE_SIG_EXPIRED] = "Signature Expired",
2877 [DNS_EDE_RCODE_SIG_NOT_YET_VALID] = "Signature Not Yet Valid",
2878 [DNS_EDE_RCODE_DNSKEY_MISSING] = "DNSKEY Missing",
2879 [DNS_EDE_RCODE_RRSIG_MISSING] = "RRSIG Missing",
2880 [DNS_EDE_RCODE_NO_ZONE_KEY_BIT] = "No Zone Key Bit Set",
2881 [DNS_EDE_RCODE_NSEC_MISSING] = "NSEC Missing",
2882 [DNS_EDE_RCODE_CACHED_ERROR] = "Cached Error",
2883 [DNS_EDE_RCODE_NOT_READY] = "Not Ready",
2884 [DNS_EDE_RCODE_BLOCKED] = "Blocked",
2885 [DNS_EDE_RCODE_CENSORED] = "Censored",
2886 [DNS_EDE_RCODE_FILTERED] = "Filtered",
2887 [DNS_EDE_RCODE_PROHIBITIED] = "Prohibited",
2888 [DNS_EDE_RCODE_STALE_NXDOMAIN_ANSWER] = "Stale NXDOMAIN Answer",
2889 [DNS_EDE_RCODE_NOT_AUTHORITATIVE] = "Not Authoritative",
2890 [DNS_EDE_RCODE_NOT_SUPPORTED] = "Not Supported",
2891 [DNS_EDE_RCODE_UNREACH_AUTHORITY] = "No Reachable Authority",
2892 [DNS_EDE_RCODE_NET_ERROR] = "Network Error",
2893 [DNS_EDE_RCODE_INVALID_DATA] = "Invalid Data",
2894 [DNS_EDE_RCODE_SIG_NEVER] = "Signature Never Valid",
2895 [DNS_EDE_RCODE_TOO_EARLY] = "Too Early",
2896 [DNS_EDE_RCODE_UNSUPPORTED_NSEC3_ITER] = "Unsupported NSEC3 Iterations",
2897 [DNS_EDE_RCODE_TRANSPORT_POLICY] = "Impossible Transport Policy",
2898 [DNS_EDE_RCODE_SYNTHESIZED] = "Synthesized",
2899 };
2900 DEFINE_STRING_TABLE_LOOKUP_TO_STRING(dns_ede_rcode, int);
2901
2902 const char *format_dns_ede_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]) {
2903 const char *p = dns_ede_rcode_to_string(i);
2904 if (p)
2905 return p;
2906
2907 return snprintf_ok(buf, DECIMAL_STR_MAX(int), "%i", i);
2908 }
2909
2910 static const char* const dns_svc_param_key_table[_DNS_SVC_PARAM_KEY_MAX_DEFINED] = {
2911 [DNS_SVC_PARAM_KEY_MANDATORY] = "mandatory",
2912 [DNS_SVC_PARAM_KEY_ALPN] = "alpn",
2913 [DNS_SVC_PARAM_KEY_NO_DEFAULT_ALPN] = "no-default-alpn",
2914 [DNS_SVC_PARAM_KEY_PORT] = "port",
2915 [DNS_SVC_PARAM_KEY_IPV4HINT] = "ipv4hint",
2916 [DNS_SVC_PARAM_KEY_ECH] = "ech",
2917 [DNS_SVC_PARAM_KEY_IPV6HINT] = "ipv6hint",
2918 [DNS_SVC_PARAM_KEY_DOHPATH] = "dohpath",
2919 [DNS_SVC_PARAM_KEY_OHTTP] = "ohttp",
2920 };
2921 DEFINE_STRING_TABLE_LOOKUP_TO_STRING(dns_svc_param_key, int);
2922
2923 const char *format_dns_svc_param_key(uint16_t i, char buf[static DECIMAL_STR_MAX(uint16_t)+3]) {
2924 const char *p = dns_svc_param_key_to_string(i);
2925 if (p)
2926 return p;
2927
2928 return snprintf_ok(buf, DECIMAL_STR_MAX(uint16_t)+3, "key%i", i);
2929 }
2930
2931 static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
2932 [DNS_PROTOCOL_DNS] = "dns",
2933 [DNS_PROTOCOL_MDNS] = "mdns",
2934 [DNS_PROTOCOL_LLMNR] = "llmnr",
2935 };
2936 DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.