1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
7 #include "alloc-util.h"
8 #include "dns-domain.h"
10 #include "memory-util.h"
11 #include "resolved-dns-packet.h"
13 #include "stdio-util.h"
14 #include "string-table.h"
16 #include "unaligned.h"
19 #define EDNS0_OPT_DO (1<<15)
21 assert_cc(DNS_PACKET_SIZE_START
> DNS_PACKET_HEADER_SIZE
);
23 typedef struct DnsPacketRewinder
{
28 static void rewind_dns_packet(DnsPacketRewinder
*rewinder
) {
30 dns_packet_rewind(rewinder
->packet
, rewinder
->saved_rindex
);
33 #define REWINDER_INIT(p) { \
35 .saved_rindex = (p)->rindex, \
37 #define CANCEL_REWINDER(rewinder) do { (rewinder).packet = NULL; } while (0)
42 size_t min_alloc_dsize
,
49 assert(max_size
>= DNS_PACKET_HEADER_SIZE
);
51 if (max_size
> DNS_PACKET_SIZE_MAX
)
52 max_size
= DNS_PACKET_SIZE_MAX
;
54 /* The caller may not check what is going to be truly allocated, so do not allow to
55 * allocate a DNS packet bigger than DNS_PACKET_SIZE_MAX.
57 if (min_alloc_dsize
> DNS_PACKET_SIZE_MAX
)
58 return log_error_errno(SYNTHETIC_ERRNO(EFBIG
),
59 "Requested packet data size too big: %zu",
62 /* When dns_packet_new() is called with min_alloc_dsize == 0, allocate more than the
63 * absolute minimum (which is the dns packet header size), to avoid
64 * resizing immediately again after appending the first data to the packet.
66 if (min_alloc_dsize
< DNS_PACKET_HEADER_SIZE
)
67 a
= DNS_PACKET_SIZE_START
;
71 /* round up to next page size */
72 a
= PAGE_ALIGN(ALIGN(sizeof(DnsPacket
)) + a
) - ALIGN(sizeof(DnsPacket
));
74 /* make sure we never allocate more than useful */
78 p
= malloc0(ALIGN(sizeof(DnsPacket
)) + a
);
85 .size
= DNS_PACKET_HEADER_SIZE
,
86 .rindex
= DNS_PACKET_HEADER_SIZE
,
89 .opt_start
= SIZE_MAX
,
98 void dns_packet_set_flags(DnsPacket
*p
, bool dnssec_checking_disabled
, bool truncated
) {
104 h
= DNS_PACKET_HEADER(p
);
106 switch (p
->protocol
) {
107 case DNS_PROTOCOL_LLMNR
:
110 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
121 case DNS_PROTOCOL_MDNS
:
122 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
126 0 /* rd (ask for recursion) */,
136 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
140 1 /* rd (ask for recursion) */,
143 dnssec_checking_disabled
/* cd */,
148 int dns_packet_new_query(DnsPacket
**ret
, DnsProtocol protocol
, size_t min_alloc_dsize
, bool dnssec_checking_disabled
) {
154 r
= dns_packet_new(&p
, protocol
, min_alloc_dsize
, DNS_PACKET_SIZE_MAX
);
158 /* Always set the TC bit to 0 initially.
159 * If there are multiple packets later, we'll update the bit shortly before sending.
161 dns_packet_set_flags(p
, dnssec_checking_disabled
, false);
167 int dns_packet_dup(DnsPacket
**ret
, DnsPacket
*p
) {
174 r
= dns_packet_validate(p
);
178 c
= malloc(ALIGN(sizeof(DnsPacket
)) + p
->size
);
184 .protocol
= p
->protocol
,
186 .rindex
= DNS_PACKET_HEADER_SIZE
,
187 .allocated
= p
->size
,
188 .max_size
= p
->max_size
,
189 .opt_start
= SIZE_MAX
,
190 .opt_size
= SIZE_MAX
,
193 memcpy(DNS_PACKET_DATA(c
), DNS_PACKET_DATA(p
), p
->size
);
199 DnsPacket
*dns_packet_ref(DnsPacket
*p
) {
204 assert(!p
->on_stack
);
206 assert(p
->n_ref
> 0);
211 static void dns_packet_free(DnsPacket
*p
) {
216 dns_question_unref(p
->question
);
217 dns_answer_unref(p
->answer
);
218 dns_resource_record_unref(p
->opt
);
220 while ((s
= hashmap_steal_first_key(p
->names
)))
222 hashmap_free(p
->names
);
230 DnsPacket
*dns_packet_unref(DnsPacket
*p
) {
234 assert(p
->n_ref
> 0);
236 dns_packet_unref(p
->more
);
246 int dns_packet_validate(DnsPacket
*p
) {
249 if (p
->size
< DNS_PACKET_HEADER_SIZE
)
252 if (p
->size
> DNS_PACKET_SIZE_MAX
)
258 int dns_packet_validate_reply(DnsPacket
*p
) {
263 r
= dns_packet_validate(p
);
267 if (DNS_PACKET_QR(p
) != 1)
270 if (DNS_PACKET_OPCODE(p
) != 0)
273 switch (p
->protocol
) {
275 case DNS_PROTOCOL_LLMNR
:
276 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
277 if (DNS_PACKET_QDCOUNT(p
) != 1)
282 case DNS_PROTOCOL_MDNS
:
283 /* RFC 6762, Section 18 */
284 if (DNS_PACKET_RCODE(p
) != 0)
296 int dns_packet_validate_query(DnsPacket
*p
) {
301 r
= dns_packet_validate(p
);
305 if (DNS_PACKET_QR(p
) != 0)
308 if (DNS_PACKET_OPCODE(p
) != 0)
311 switch (p
->protocol
) {
313 case DNS_PROTOCOL_DNS
:
314 if (DNS_PACKET_TC(p
))
317 if (DNS_PACKET_QDCOUNT(p
) != 1)
320 if (DNS_PACKET_ANCOUNT(p
) > 0)
323 /* Note, in most cases, DNS query packet does not have authority section. But some query
324 * types, e.g. IXFR, have Authority sections. Hence, unlike the check for LLMNR, we do not
325 * check DNS_PACKET_NSCOUNT(p) here. */
328 case DNS_PROTOCOL_LLMNR
:
329 if (DNS_PACKET_TC(p
))
332 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
333 if (DNS_PACKET_QDCOUNT(p
) != 1)
336 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
337 if (DNS_PACKET_ANCOUNT(p
) > 0)
340 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
341 if (DNS_PACKET_NSCOUNT(p
) > 0)
346 case DNS_PROTOCOL_MDNS
:
347 /* Note, mDNS query may have truncation flag. So, unlike the check for DNS and LLMNR,
348 * we do not check DNS_PACKET_TC(p) here. */
350 /* RFC 6762, Section 18 specifies that messages with non-zero RCODE
351 * must be silently ignored, and that we must ignore the values of
352 * AA, RD, RA, AD, and CD bits. */
353 if (DNS_PACKET_RCODE(p
) != 0)
365 static int dns_packet_extend(DnsPacket
*p
, size_t add
, void **ret
, size_t *start
) {
368 if (p
->size
+ add
> p
->allocated
) {
371 a
= PAGE_ALIGN((p
->size
+ add
) * 2);
373 ms
= dns_packet_size_max(p
);
377 if (p
->size
+ add
> a
)
383 d
= realloc(p
->_data
, a
);
389 p
->_data
= malloc(a
);
393 memcpy(p
->_data
, (uint8_t*) p
+ ALIGN(sizeof(DnsPacket
)), p
->size
);
394 memzero((uint8_t*) p
->_data
+ p
->size
, a
- p
->size
);
404 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->size
;
410 void dns_packet_truncate(DnsPacket
*p
, size_t sz
) {
419 HASHMAP_FOREACH_KEY(n
, s
, p
->names
) {
421 if (PTR_TO_SIZE(n
) < sz
)
424 hashmap_remove(p
->names
, s
);
431 int dns_packet_append_blob(DnsPacket
*p
, const void *d
, size_t l
, size_t *start
) {
437 r
= dns_packet_extend(p
, l
, &q
, start
);
441 memcpy_safe(q
, d
, l
);
445 int dns_packet_append_uint8(DnsPacket
*p
, uint8_t v
, size_t *start
) {
451 r
= dns_packet_extend(p
, sizeof(uint8_t), &d
, start
);
455 ((uint8_t*) d
)[0] = v
;
460 int dns_packet_append_uint16(DnsPacket
*p
, uint16_t v
, size_t *start
) {
466 r
= dns_packet_extend(p
, sizeof(uint16_t), &d
, start
);
470 unaligned_write_be16(d
, v
);
475 int dns_packet_append_uint32(DnsPacket
*p
, uint32_t v
, size_t *start
) {
481 r
= dns_packet_extend(p
, sizeof(uint32_t), &d
, start
);
485 unaligned_write_be32(d
, v
);
490 int dns_packet_append_string(DnsPacket
*p
, const char *s
, size_t *start
) {
494 return dns_packet_append_raw_string(p
, s
, strlen(s
), start
);
497 int dns_packet_append_raw_string(DnsPacket
*p
, const void *s
, size_t size
, size_t *start
) {
502 assert(s
|| size
== 0);
507 r
= dns_packet_extend(p
, 1 + size
, &d
, start
);
511 ((uint8_t*) d
)[0] = (uint8_t) size
;
513 memcpy_safe(((uint8_t*) d
) + 1, s
, size
);
518 int dns_packet_append_label(DnsPacket
*p
, const char *d
, size_t l
, bool canonical_candidate
, size_t *start
) {
522 /* Append a label to a packet. Optionally, does this in DNSSEC
523 * canonical form, if this label is marked as a candidate for
524 * it, and the canonical form logic is enabled for the
530 if (l
> DNS_LABEL_MAX
)
533 r
= dns_packet_extend(p
, 1 + l
, (void**) &w
, start
);
537 *(w
++) = (uint8_t) l
;
539 if (p
->canonical_form
&& canonical_candidate
)
540 /* Generate in canonical form, as defined by DNSSEC
541 * RFC 4034, Section 6.2, i.e. all lower-case. */
542 for (size_t i
= 0; i
< l
; i
++)
543 w
[i
] = (uint8_t) ascii_tolower(d
[i
]);
545 /* Otherwise, just copy the string unaltered. This is
546 * essential for DNS-SD, where the casing of labels
547 * matters and needs to be retained. */
553 int dns_packet_append_name(
556 bool allow_compression
,
557 bool canonical_candidate
,
566 if (p
->refuse_compression
)
567 allow_compression
= false;
569 saved_size
= p
->size
;
571 while (!dns_name_is_root(name
)) {
572 const char *z
= name
;
573 char label
[DNS_LABEL_MAX
+1];
576 if (allow_compression
)
577 n
= PTR_TO_SIZE(hashmap_get(p
->names
, name
));
582 r
= dns_packet_append_uint16(p
, 0xC000 | n
, NULL
);
590 r
= dns_label_unescape(&name
, label
, sizeof label
, 0);
594 r
= dns_packet_append_label(p
, label
, r
, canonical_candidate
, &n
);
598 if (allow_compression
) {
599 _cleanup_free_
char *s
= NULL
;
607 r
= hashmap_ensure_put(&p
->names
, &dns_name_hash_ops
, s
, SIZE_TO_PTR(n
));
615 r
= dns_packet_append_uint8(p
, 0, NULL
);
626 dns_packet_truncate(p
, saved_size
);
630 int dns_packet_append_key(DnsPacket
*p
, const DnsResourceKey
*k
, const DnsAnswerFlags flags
, size_t *start
) {
638 saved_size
= p
->size
;
640 r
= dns_packet_append_name(p
, dns_resource_key_name(k
), true, true, NULL
);
644 r
= dns_packet_append_uint16(p
, k
->type
, NULL
);
648 class = flags
& DNS_ANSWER_CACHE_FLUSH
? k
->class | MDNS_RR_CACHE_FLUSH_OR_QU
: k
->class;
649 r
= dns_packet_append_uint16(p
, class, NULL
);
659 dns_packet_truncate(p
, saved_size
);
663 static int dns_packet_append_type_window(DnsPacket
*p
, uint8_t window
, uint8_t length
, const uint8_t *types
, size_t *start
) {
671 saved_size
= p
->size
;
673 r
= dns_packet_append_uint8(p
, window
, NULL
);
677 r
= dns_packet_append_uint8(p
, length
, NULL
);
681 r
= dns_packet_append_blob(p
, types
, length
, NULL
);
690 dns_packet_truncate(p
, saved_size
);
694 static int dns_packet_append_types(DnsPacket
*p
, Bitmap
*types
, size_t *start
) {
697 uint8_t bitmaps
[32] = {};
704 saved_size
= p
->size
;
706 BITMAP_FOREACH(n
, types
) {
709 if ((n
>> 8) != window
&& bitmaps
[entry
/ 8] != 0) {
710 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
720 bitmaps
[entry
/ 8] |= 1 << (7 - (entry
% 8));
723 if (bitmaps
[entry
/ 8] != 0) {
724 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
734 dns_packet_truncate(p
, saved_size
);
738 /* Append the OPT pseudo-RR described in RFC6891 */
739 int dns_packet_append_opt(
741 uint16_t max_udp_size
,
743 bool include_rfc6975
,
752 /* we must never advertise supported packet size smaller than the legacy max */
753 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
755 assert(rcode
<= _DNS_RCODE_MAX
);
757 if (p
->opt_start
!= SIZE_MAX
)
760 assert(p
->opt_size
== SIZE_MAX
);
762 saved_size
= p
->size
;
765 r
= dns_packet_append_uint8(p
, 0, NULL
);
770 r
= dns_packet_append_uint16(p
, DNS_TYPE_OPT
, NULL
);
774 /* class: maximum udp packet that can be received */
775 r
= dns_packet_append_uint16(p
, max_udp_size
, NULL
);
779 /* extended RCODE and VERSION */
780 r
= dns_packet_append_uint16(p
, ((uint16_t) rcode
& 0x0FF0) << 4, NULL
);
784 /* flags: DNSSEC OK (DO), see RFC3225 */
785 r
= dns_packet_append_uint16(p
, edns0_do
? EDNS0_OPT_DO
: 0, NULL
);
789 if (edns0_do
&& include_rfc6975
) {
790 /* If DO is on and this is requested, also append RFC6975 Algorithm data. This is supposed to
791 * be done on queries, not on replies, hencer callers should turn this off when finishing off
794 static const uint8_t rfc6975
[] = {
796 0, DNS_EDNS_OPT_DAU
, /* OPTION_CODE */
797 #if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
798 0, 7, /* LIST_LENGTH */
800 0, 6, /* LIST_LENGTH */
802 DNSSEC_ALGORITHM_RSASHA1
,
803 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1
,
804 DNSSEC_ALGORITHM_RSASHA256
,
805 DNSSEC_ALGORITHM_RSASHA512
,
806 DNSSEC_ALGORITHM_ECDSAP256SHA256
,
807 DNSSEC_ALGORITHM_ECDSAP384SHA384
,
808 #if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
809 DNSSEC_ALGORITHM_ED25519
,
812 0, DNS_EDNS_OPT_DHU
, /* OPTION_CODE */
813 0, 3, /* LIST_LENGTH */
815 DNSSEC_DIGEST_SHA256
,
816 DNSSEC_DIGEST_SHA384
,
818 0, DNS_EDNS_OPT_N3U
, /* OPTION_CODE */
819 0, 1, /* LIST_LENGTH */
820 NSEC3_ALGORITHM_SHA1
,
823 r
= dns_packet_append_uint16(p
, sizeof(rfc6975
), NULL
); /* RDLENGTH */
827 r
= dns_packet_append_blob(p
, rfc6975
, sizeof(rfc6975
), NULL
); /* the payload, as defined above */
831 if (strlen(nsid
) > UINT16_MAX
- 4) {
836 r
= dns_packet_append_uint16(p
, 4 + strlen(nsid
), NULL
); /* RDLENGTH */
840 r
= dns_packet_append_uint16(p
, 3, NULL
); /* OPTION-CODE: NSID */
844 r
= dns_packet_append_uint16(p
, strlen(nsid
), NULL
); /* OPTION-LENGTH */
848 r
= dns_packet_append_blob(p
, nsid
, strlen(nsid
), NULL
);
850 r
= dns_packet_append_uint16(p
, 0, NULL
);
854 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) + 1);
856 p
->opt_start
= saved_size
;
857 p
->opt_size
= p
->size
- saved_size
;
860 *ret_start
= saved_size
;
865 dns_packet_truncate(p
, saved_size
);
869 int dns_packet_truncate_opt(DnsPacket
*p
) {
872 if (p
->opt_start
== SIZE_MAX
) {
873 assert(p
->opt_size
== SIZE_MAX
);
877 assert(p
->opt_size
!= SIZE_MAX
);
878 assert(DNS_PACKET_ARCOUNT(p
) > 0);
880 if (p
->opt_start
+ p
->opt_size
!= p
->size
)
883 dns_packet_truncate(p
, p
->opt_start
);
884 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) - 1);
885 p
->opt_start
= p
->opt_size
= SIZE_MAX
;
890 int dns_packet_append_rr(DnsPacket
*p
, const DnsResourceRecord
*rr
, const DnsAnswerFlags flags
, size_t *start
, size_t *rdata_start
) {
892 size_t saved_size
, rdlength_offset
, end
, rdlength
, rds
;
899 saved_size
= p
->size
;
901 r
= dns_packet_append_key(p
, rr
->key
, flags
, NULL
);
905 ttl
= flags
& DNS_ANSWER_GOODBYE
? 0 : rr
->ttl
;
906 r
= dns_packet_append_uint32(p
, ttl
, NULL
);
910 /* Initially we write 0 here */
911 r
= dns_packet_append_uint16(p
, 0, &rdlength_offset
);
915 rds
= p
->size
- saved_size
;
917 switch (rr
->unparsable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
920 r
= dns_packet_append_uint16(p
, rr
->srv
.priority
, NULL
);
924 r
= dns_packet_append_uint16(p
, rr
->srv
.weight
, NULL
);
928 r
= dns_packet_append_uint16(p
, rr
->srv
.port
, NULL
);
932 /* RFC 2782 states "Unless and until permitted by future standards action, name compression
933 * is not to be used for this field." Hence we turn off compression here. */
934 r
= dns_packet_append_name(p
, rr
->srv
.name
, /* allow_compression= */ false, /* canonical_candidate= */ true, NULL
);
941 r
= dns_packet_append_name(p
, rr
->ptr
.name
, true, true, NULL
);
945 r
= dns_packet_append_string(p
, rr
->hinfo
.cpu
, NULL
);
949 r
= dns_packet_append_string(p
, rr
->hinfo
.os
, NULL
);
952 case DNS_TYPE_SPF
: /* exactly the same as TXT */
955 if (!rr
->txt
.items
) {
956 /* RFC 6763, section 6.1 suggests to generate
957 * single empty string for an empty array. */
959 r
= dns_packet_append_raw_string(p
, NULL
, 0, NULL
);
963 LIST_FOREACH(items
, i
, rr
->txt
.items
) {
964 r
= dns_packet_append_raw_string(p
, i
->data
, i
->length
, NULL
);
973 r
= dns_packet_append_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
977 r
= dns_packet_append_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
981 r
= dns_packet_append_name(p
, rr
->soa
.mname
, true, true, NULL
);
985 r
= dns_packet_append_name(p
, rr
->soa
.rname
, true, true, NULL
);
989 r
= dns_packet_append_uint32(p
, rr
->soa
.serial
, NULL
);
993 r
= dns_packet_append_uint32(p
, rr
->soa
.refresh
, NULL
);
997 r
= dns_packet_append_uint32(p
, rr
->soa
.retry
, NULL
);
1001 r
= dns_packet_append_uint32(p
, rr
->soa
.expire
, NULL
);
1005 r
= dns_packet_append_uint32(p
, rr
->soa
.minimum
, NULL
);
1009 r
= dns_packet_append_uint16(p
, rr
->mx
.priority
, NULL
);
1013 r
= dns_packet_append_name(p
, rr
->mx
.exchange
, true, true, NULL
);
1017 r
= dns_packet_append_uint8(p
, rr
->loc
.version
, NULL
);
1021 r
= dns_packet_append_uint8(p
, rr
->loc
.size
, NULL
);
1025 r
= dns_packet_append_uint8(p
, rr
->loc
.horiz_pre
, NULL
);
1029 r
= dns_packet_append_uint8(p
, rr
->loc
.vert_pre
, NULL
);
1033 r
= dns_packet_append_uint32(p
, rr
->loc
.latitude
, NULL
);
1037 r
= dns_packet_append_uint32(p
, rr
->loc
.longitude
, NULL
);
1041 r
= dns_packet_append_uint32(p
, rr
->loc
.altitude
, NULL
);
1045 r
= dns_packet_append_uint16(p
, rr
->ds
.key_tag
, NULL
);
1049 r
= dns_packet_append_uint8(p
, rr
->ds
.algorithm
, NULL
);
1053 r
= dns_packet_append_uint8(p
, rr
->ds
.digest_type
, NULL
);
1057 r
= dns_packet_append_blob(p
, rr
->ds
.digest
, rr
->ds
.digest_size
, NULL
);
1060 case DNS_TYPE_SSHFP
:
1061 r
= dns_packet_append_uint8(p
, rr
->sshfp
.algorithm
, NULL
);
1065 r
= dns_packet_append_uint8(p
, rr
->sshfp
.fptype
, NULL
);
1069 r
= dns_packet_append_blob(p
, rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, NULL
);
1072 case DNS_TYPE_DNSKEY
:
1073 r
= dns_packet_append_uint16(p
, rr
->dnskey
.flags
, NULL
);
1077 r
= dns_packet_append_uint8(p
, rr
->dnskey
.protocol
, NULL
);
1081 r
= dns_packet_append_uint8(p
, rr
->dnskey
.algorithm
, NULL
);
1085 r
= dns_packet_append_blob(p
, rr
->dnskey
.key
, rr
->dnskey
.key_size
, NULL
);
1088 case DNS_TYPE_RRSIG
:
1089 r
= dns_packet_append_uint16(p
, rr
->rrsig
.type_covered
, NULL
);
1093 r
= dns_packet_append_uint8(p
, rr
->rrsig
.algorithm
, NULL
);
1097 r
= dns_packet_append_uint8(p
, rr
->rrsig
.labels
, NULL
);
1101 r
= dns_packet_append_uint32(p
, rr
->rrsig
.original_ttl
, NULL
);
1105 r
= dns_packet_append_uint32(p
, rr
->rrsig
.expiration
, NULL
);
1109 r
= dns_packet_append_uint32(p
, rr
->rrsig
.inception
, NULL
);
1113 r
= dns_packet_append_uint16(p
, rr
->rrsig
.key_tag
, NULL
);
1117 r
= dns_packet_append_name(p
, rr
->rrsig
.signer
, false, true, NULL
);
1121 r
= dns_packet_append_blob(p
, rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, NULL
);
1125 r
= dns_packet_append_name(p
, rr
->nsec
.next_domain_name
, false, false, NULL
);
1129 r
= dns_packet_append_types(p
, rr
->nsec
.types
, NULL
);
1135 case DNS_TYPE_NSEC3
:
1136 r
= dns_packet_append_uint8(p
, rr
->nsec3
.algorithm
, NULL
);
1140 r
= dns_packet_append_uint8(p
, rr
->nsec3
.flags
, NULL
);
1144 r
= dns_packet_append_uint16(p
, rr
->nsec3
.iterations
, NULL
);
1148 r
= dns_packet_append_uint8(p
, rr
->nsec3
.salt_size
, NULL
);
1152 r
= dns_packet_append_blob(p
, rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, NULL
);
1156 r
= dns_packet_append_uint8(p
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1160 r
= dns_packet_append_blob(p
, rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1164 r
= dns_packet_append_types(p
, rr
->nsec3
.types
, NULL
);
1171 r
= dns_packet_append_uint8(p
, rr
->tlsa
.cert_usage
, NULL
);
1175 r
= dns_packet_append_uint8(p
, rr
->tlsa
.selector
, NULL
);
1179 r
= dns_packet_append_uint8(p
, rr
->tlsa
.matching_type
, NULL
);
1183 r
= dns_packet_append_blob(p
, rr
->tlsa
.data
, rr
->tlsa
.data_size
, NULL
);
1187 case DNS_TYPE_HTTPS
:
1188 r
= dns_packet_append_uint16(p
, rr
->svcb
.priority
, NULL
);
1192 r
= dns_packet_append_name(p
, rr
->svcb
.target_name
, false, false, NULL
);
1196 LIST_FOREACH(params
, i
, rr
->svcb
.params
) {
1197 r
= dns_packet_append_uint16(p
, i
->key
, NULL
);
1201 r
= dns_packet_append_uint16(p
, i
->length
, NULL
);
1205 r
= dns_packet_append_blob(p
, i
->value
, i
->length
, NULL
);
1212 r
= dns_packet_append_uint8(p
, rr
->caa
.flags
, NULL
);
1216 r
= dns_packet_append_string(p
, rr
->caa
.tag
, NULL
);
1220 r
= dns_packet_append_blob(p
, rr
->caa
.value
, rr
->caa
.value_size
, NULL
);
1224 case DNS_TYPE_OPENPGPKEY
:
1225 case _DNS_TYPE_INVALID
: /* unparsable */
1228 r
= dns_packet_append_blob(p
, rr
->generic
.data
, rr
->generic
.data_size
, NULL
);
1234 /* Let's calculate the actual data size and update the field */
1235 rdlength
= p
->size
- rdlength_offset
- sizeof(uint16_t);
1236 if (rdlength
> 0xFFFF) {
1242 p
->size
= rdlength_offset
;
1243 r
= dns_packet_append_uint16(p
, rdlength
, NULL
);
1249 *start
= saved_size
;
1257 dns_packet_truncate(p
, saved_size
);
1261 int dns_packet_append_question(DnsPacket
*p
, DnsQuestion
*q
) {
1262 DnsResourceKey
*key
;
1267 DNS_QUESTION_FOREACH(key
, q
) {
1268 r
= dns_packet_append_key(p
, key
, 0, NULL
);
1276 int dns_packet_append_answer(DnsPacket
*p
, DnsAnswer
*a
, unsigned *completed
) {
1277 DnsResourceRecord
*rr
;
1278 DnsAnswerFlags flags
;
1283 DNS_ANSWER_FOREACH_FLAGS(rr
, flags
, a
) {
1284 r
= dns_packet_append_rr(p
, rr
, flags
, NULL
, NULL
);
1295 int dns_packet_read(DnsPacket
*p
, size_t sz
, const void **ret
, size_t *start
) {
1297 assert(p
->rindex
<= p
->size
);
1299 if (sz
> p
->size
- p
->rindex
)
1303 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->rindex
;
1312 void dns_packet_rewind(DnsPacket
*p
, size_t idx
) {
1314 assert(idx
<= p
->size
);
1315 assert(idx
>= DNS_PACKET_HEADER_SIZE
);
1320 int dns_packet_read_blob(DnsPacket
*p
, void *d
, size_t sz
, size_t *start
) {
1327 r
= dns_packet_read(p
, sz
, &q
, start
);
1335 static int dns_packet_read_memdup(
1336 DnsPacket
*p
, size_t size
,
1337 void **ret
, size_t *ret_size
,
1338 size_t *ret_start
) {
1347 r
= dns_packet_read(p
, size
, &src
, &start
);
1356 copy
= memdup(src
, size
);
1371 int dns_packet_read_uint8(DnsPacket
*p
, uint8_t *ret
, size_t *start
) {
1377 r
= dns_packet_read(p
, sizeof(uint8_t), &d
, start
);
1381 *ret
= ((uint8_t*) d
)[0];
1385 int dns_packet_read_uint16(DnsPacket
*p
, uint16_t *ret
, size_t *start
) {
1391 r
= dns_packet_read(p
, sizeof(uint16_t), &d
, start
);
1396 *ret
= unaligned_read_be16(d
);
1401 int dns_packet_read_uint32(DnsPacket
*p
, uint32_t *ret
, size_t *start
) {
1407 r
= dns_packet_read(p
, sizeof(uint32_t), &d
, start
);
1411 *ret
= unaligned_read_be32(d
);
1416 int dns_packet_read_string(DnsPacket
*p
, char **ret
, size_t *start
) {
1417 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
1418 _cleanup_free_
char *t
= NULL
;
1425 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1429 r
= dns_packet_read(p
, c
, &d
, NULL
);
1433 r
= make_cstring(d
, c
, MAKE_CSTRING_REFUSE_TRAILING_NUL
, &t
);
1437 if (!utf8_is_valid(t
))
1443 *start
= rewinder
.saved_rindex
;
1444 CANCEL_REWINDER(rewinder
);
1449 int dns_packet_read_raw_string(DnsPacket
*p
, const void **ret
, size_t *size
, size_t *start
) {
1452 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
1456 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1460 r
= dns_packet_read(p
, c
, ret
, NULL
);
1467 *start
= rewinder
.saved_rindex
;
1468 CANCEL_REWINDER(rewinder
);
1473 int dns_packet_read_name(
1476 bool allow_compression
,
1477 size_t *ret_start
) {
1481 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
1482 size_t after_rindex
= 0, jump_barrier
= p
->rindex
;
1483 _cleanup_free_
char *name
= NULL
;
1488 if (p
->refuse_compression
)
1489 allow_compression
= false;
1494 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1505 r
= dns_packet_read(p
, c
, (const void**) &label
, NULL
);
1509 if (!GREEDY_REALLOC(name
, n
+ !first
+ DNS_LABEL_ESCAPED_MAX
))
1517 r
= dns_label_escape(label
, c
, name
+ n
, DNS_LABEL_ESCAPED_MAX
);
1523 } else if (allow_compression
&& FLAGS_SET(c
, 0xc0)) {
1527 r
= dns_packet_read_uint8(p
, &d
, NULL
);
1531 ptr
= (uint16_t) (c
& ~0xc0) << 8 | (uint16_t) d
;
1532 if (ptr
< DNS_PACKET_HEADER_SIZE
|| ptr
>= jump_barrier
)
1535 if (after_rindex
== 0)
1536 after_rindex
= p
->rindex
;
1538 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1545 if (!GREEDY_REALLOC(name
, n
+ 1))
1550 if (after_rindex
!= 0)
1551 p
->rindex
= after_rindex
;
1554 *ret
= TAKE_PTR(name
);
1556 *ret_start
= rewinder
.saved_rindex
;
1558 CANCEL_REWINDER(rewinder
);
1563 static int dns_packet_read_type_window(DnsPacket
*p
, Bitmap
**types
, size_t *start
) {
1567 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
1568 uint8_t window
, length
;
1569 const uint8_t *bitmap
;
1574 r
= bitmap_ensure_allocated(types
);
1578 r
= dns_packet_read_uint8(p
, &window
, NULL
);
1582 r
= dns_packet_read_uint8(p
, &length
, NULL
);
1586 if (length
== 0 || length
> 32)
1589 r
= dns_packet_read(p
, length
, (const void **)&bitmap
, NULL
);
1593 for (uint8_t i
= 0; i
< length
; i
++) {
1594 uint8_t bitmask
= 1 << 7;
1604 for (; bitmask
; bit
++, bitmask
>>= 1)
1605 if (bitmap
[i
] & bitmask
) {
1608 n
= (uint16_t) window
<< 8 | (uint16_t) bit
;
1610 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1611 if (dns_type_is_pseudo(n
))
1614 r
= bitmap_set(*types
, n
);
1624 *start
= rewinder
.saved_rindex
;
1625 CANCEL_REWINDER(rewinder
);
1630 static int dns_packet_read_type_windows(DnsPacket
*p
, Bitmap
**types
, size_t size
, size_t *start
) {
1631 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
1634 while (p
->rindex
- rewinder
.saved_rindex
< size
) {
1635 r
= dns_packet_read_type_window(p
, types
, NULL
);
1639 assert(p
->rindex
>= rewinder
.saved_rindex
);
1641 /* don't read past end of current RR */
1642 if (p
->rindex
- rewinder
.saved_rindex
> size
)
1646 if (p
->rindex
- rewinder
.saved_rindex
!= size
)
1650 *start
= rewinder
.saved_rindex
;
1651 CANCEL_REWINDER(rewinder
);
1656 int dns_packet_read_key(
1658 DnsResourceKey
**ret
,
1659 bool *ret_cache_flush_or_qu
,
1660 size_t *ret_start
) {
1664 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
1665 _cleanup_free_
char *name
= NULL
;
1666 bool cache_flush_or_qu
= false;
1667 uint16_t class, type
;
1670 r
= dns_packet_read_name(p
, &name
, true, NULL
);
1674 r
= dns_packet_read_uint16(p
, &type
, NULL
);
1678 r
= dns_packet_read_uint16(p
, &class, NULL
);
1682 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
1683 /* See RFC6762, sections 5.4 and 10.2 */
1685 if (type
!= DNS_TYPE_OPT
&& (class & MDNS_RR_CACHE_FLUSH_OR_QU
)) {
1686 class &= ~MDNS_RR_CACHE_FLUSH_OR_QU
;
1687 cache_flush_or_qu
= true;
1692 DnsResourceKey
*key
;
1694 key
= dns_resource_key_new_consume(class, type
, name
);
1702 if (ret_cache_flush_or_qu
)
1703 *ret_cache_flush_or_qu
= cache_flush_or_qu
;
1705 *ret_start
= rewinder
.saved_rindex
;
1707 CANCEL_REWINDER(rewinder
);
1711 static bool loc_size_ok(uint8_t size
) {
1712 uint8_t m
= size
>> 4, e
= size
& 0xF;
1714 return m
<= 9 && e
<= 9 && (m
> 0 || e
== 0);
1717 static bool dns_svc_param_is_valid(DnsSvcParam
*i
) {
1722 /* RFC 9460, section 7.1.1: alpn-ids must exactly fill SvcParamValue */
1723 case DNS_SVC_PARAM_KEY_ALPN
: {
1727 while (sz
< i
->length
)
1728 sz
+= 1 + i
->value
[sz
]; /* N.B. will not overflow */
1729 return sz
== i
->length
;
1732 /* RFC 9460, section 7.1.1: value must be empty */
1733 case DNS_SVC_PARAM_KEY_NO_DEFAULT_ALPN
:
1734 return i
->length
== 0;
1736 /* RFC 9460, section 7.2 */
1737 case DNS_SVC_PARAM_KEY_PORT
:
1738 return i
->length
== 2;
1740 /* RFC 9460, section 7.3: addrs must exactly fill SvcParamValue */
1741 case DNS_SVC_PARAM_KEY_IPV4HINT
:
1742 return i
->length
% (sizeof (struct in_addr
)) == 0;
1743 case DNS_SVC_PARAM_KEY_IPV6HINT
:
1744 return i
->length
% (sizeof (struct in6_addr
)) == 0;
1746 /* Otherwise, permit any value */
1752 int dns_packet_read_rr(
1754 DnsResourceRecord
**ret
,
1755 bool *ret_cache_flush
,
1756 size_t *ret_start
) {
1760 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
1761 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1762 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1768 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
1772 if (!dns_class_is_valid_rr(key
->class) || !dns_type_is_valid_rr(key
->type
))
1775 rr
= dns_resource_record_new(key
);
1779 r
= dns_packet_read_uint32(p
, &rr
->ttl
, NULL
);
1783 /* RFC 2181, Section 8, suggests to
1784 * treat a TTL with the MSB set as a zero TTL. */
1785 if (rr
->ttl
& UINT32_C(0x80000000))
1788 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
1792 if (rdlength
> p
->size
- p
->rindex
)
1797 switch (rr
->key
->type
) {
1800 r
= dns_packet_read_uint16(p
, &rr
->srv
.priority
, NULL
);
1803 r
= dns_packet_read_uint16(p
, &rr
->srv
.weight
, NULL
);
1806 r
= dns_packet_read_uint16(p
, &rr
->srv
.port
, NULL
);
1810 /* RFC 2782 states "Unless and until permitted by future standards action, name compression
1811 * is not to be used for this field." Nonetheless, we support it here, in the interest of
1812 * increasing compatibility with implementations that do not implement this correctly. After
1813 * all we didn't do this right once upon a time ourselves (see
1814 * https://github.com/systemd/systemd/issues/9793). */
1815 r
= dns_packet_read_name(p
, &rr
->srv
.name
, /* allow_compression= */ true, NULL
);
1820 case DNS_TYPE_CNAME
:
1821 case DNS_TYPE_DNAME
:
1822 r
= dns_packet_read_name(p
, &rr
->ptr
.name
, true, NULL
);
1825 case DNS_TYPE_HINFO
:
1826 r
= dns_packet_read_string(p
, &rr
->hinfo
.cpu
, NULL
);
1830 r
= dns_packet_read_string(p
, &rr
->hinfo
.os
, NULL
);
1833 case DNS_TYPE_SPF
: /* exactly the same as TXT */
1835 if (rdlength
<= 0) {
1836 r
= dns_txt_item_new_empty(&rr
->txt
.items
);
1840 DnsTxtItem
*last
= NULL
;
1842 while (p
->rindex
- offset
< rdlength
) {
1847 r
= dns_packet_read_raw_string(p
, &data
, &sz
, NULL
);
1851 i
= malloc0(offsetof(DnsTxtItem
, data
) + sz
+ 1); /* extra NUL byte at the end */
1855 memcpy(i
->data
, data
, sz
);
1858 LIST_INSERT_AFTER(items
, rr
->txt
.items
, last
, i
);
1867 r
= dns_packet_read_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
1871 r
= dns_packet_read_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
1875 r
= dns_packet_read_name(p
, &rr
->soa
.mname
, true, NULL
);
1879 r
= dns_packet_read_name(p
, &rr
->soa
.rname
, true, NULL
);
1883 r
= dns_packet_read_uint32(p
, &rr
->soa
.serial
, NULL
);
1887 r
= dns_packet_read_uint32(p
, &rr
->soa
.refresh
, NULL
);
1891 r
= dns_packet_read_uint32(p
, &rr
->soa
.retry
, NULL
);
1895 r
= dns_packet_read_uint32(p
, &rr
->soa
.expire
, NULL
);
1899 r
= dns_packet_read_uint32(p
, &rr
->soa
.minimum
, NULL
);
1903 r
= dns_packet_read_uint16(p
, &rr
->mx
.priority
, NULL
);
1907 r
= dns_packet_read_name(p
, &rr
->mx
.exchange
, true, NULL
);
1910 case DNS_TYPE_LOC
: {
1914 r
= dns_packet_read_uint8(p
, &t
, &pos
);
1919 rr
->loc
.version
= t
;
1921 r
= dns_packet_read_uint8(p
, &rr
->loc
.size
, NULL
);
1925 if (!loc_size_ok(rr
->loc
.size
))
1928 r
= dns_packet_read_uint8(p
, &rr
->loc
.horiz_pre
, NULL
);
1932 if (!loc_size_ok(rr
->loc
.horiz_pre
))
1935 r
= dns_packet_read_uint8(p
, &rr
->loc
.vert_pre
, NULL
);
1939 if (!loc_size_ok(rr
->loc
.vert_pre
))
1942 r
= dns_packet_read_uint32(p
, &rr
->loc
.latitude
, NULL
);
1946 r
= dns_packet_read_uint32(p
, &rr
->loc
.longitude
, NULL
);
1950 r
= dns_packet_read_uint32(p
, &rr
->loc
.altitude
, NULL
);
1956 dns_packet_rewind(p
, pos
);
1957 rr
->unparsable
= true;
1963 r
= dns_packet_read_uint16(p
, &rr
->ds
.key_tag
, NULL
);
1967 r
= dns_packet_read_uint8(p
, &rr
->ds
.algorithm
, NULL
);
1971 r
= dns_packet_read_uint8(p
, &rr
->ds
.digest_type
, NULL
);
1978 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1979 &rr
->ds
.digest
, &rr
->ds
.digest_size
,
1984 if (rr
->ds
.digest_size
<= 0)
1985 /* the accepted size depends on the algorithm, but for now
1986 just ensure that the value is greater than zero */
1991 case DNS_TYPE_SSHFP
:
1992 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.algorithm
, NULL
);
1996 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.fptype
, NULL
);
2003 r
= dns_packet_read_memdup(p
, rdlength
- 2,
2004 &rr
->sshfp
.fingerprint
, &rr
->sshfp
.fingerprint_size
,
2007 if (rr
->sshfp
.fingerprint_size
<= 0)
2008 /* the accepted size depends on the algorithm, but for now
2009 just ensure that the value is greater than zero */
2014 case DNS_TYPE_DNSKEY
:
2015 r
= dns_packet_read_uint16(p
, &rr
->dnskey
.flags
, NULL
);
2019 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.protocol
, NULL
);
2023 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.algorithm
, NULL
);
2030 r
= dns_packet_read_memdup(p
, rdlength
- 4,
2031 &rr
->dnskey
.key
, &rr
->dnskey
.key_size
,
2034 if (rr
->dnskey
.key_size
<= 0)
2035 /* the accepted size depends on the algorithm, but for now
2036 just ensure that the value is greater than zero */
2041 case DNS_TYPE_RRSIG
:
2042 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.type_covered
, NULL
);
2046 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.algorithm
, NULL
);
2050 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.labels
, NULL
);
2054 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.original_ttl
, NULL
);
2058 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.expiration
, NULL
);
2062 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.inception
, NULL
);
2066 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.key_tag
, NULL
);
2070 r
= dns_packet_read_name(p
, &rr
->rrsig
.signer
, false, NULL
);
2074 if (rdlength
< p
->rindex
- offset
)
2077 r
= dns_packet_read_memdup(p
, offset
+ rdlength
- p
->rindex
,
2078 &rr
->rrsig
.signature
, &rr
->rrsig
.signature_size
,
2081 if (rr
->rrsig
.signature_size
<= 0)
2082 /* the accepted size depends on the algorithm, but for now
2083 just ensure that the value is greater than zero */
2088 case DNS_TYPE_NSEC
: {
2091 * RFC6762, section 18.14 explicitly states mDNS should use name compression.
2092 * This contradicts RFC3845, section 2.1.1
2095 bool allow_compressed
= p
->protocol
== DNS_PROTOCOL_MDNS
;
2097 r
= dns_packet_read_name(p
, &rr
->nsec
.next_domain_name
, allow_compressed
, NULL
);
2101 if (rdlength
< p
->rindex
- offset
)
2104 r
= dns_packet_read_type_windows(p
, &rr
->nsec
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
2106 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
2107 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
2108 * without the NSEC bit set. */
2112 case DNS_TYPE_NSEC3
: {
2115 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.algorithm
, NULL
);
2119 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.flags
, NULL
);
2123 r
= dns_packet_read_uint16(p
, &rr
->nsec3
.iterations
, NULL
);
2127 /* this may be zero */
2128 r
= dns_packet_read_uint8(p
, &size
, NULL
);
2132 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.salt
, &rr
->nsec3
.salt_size
, NULL
);
2136 r
= dns_packet_read_uint8(p
, &size
, NULL
);
2143 r
= dns_packet_read_memdup(p
, size
,
2144 &rr
->nsec3
.next_hashed_name
, &rr
->nsec3
.next_hashed_name_size
,
2149 if (rdlength
< p
->rindex
- offset
)
2152 r
= dns_packet_read_type_windows(p
, &rr
->nsec3
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
2154 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
2160 r
= dns_packet_read_uint8(p
, &rr
->tlsa
.cert_usage
, NULL
);
2164 r
= dns_packet_read_uint8(p
, &rr
->tlsa
.selector
, NULL
);
2168 r
= dns_packet_read_uint8(p
, &rr
->tlsa
.matching_type
, NULL
);
2175 r
= dns_packet_read_memdup(p
, rdlength
- 3,
2176 &rr
->tlsa
.data
, &rr
->tlsa
.data_size
,
2179 if (rr
->tlsa
.data_size
<= 0)
2180 /* the accepted size depends on the algorithm, but for now
2181 just ensure that the value is greater than zero */
2187 case DNS_TYPE_HTTPS
:
2188 r
= dns_packet_read_uint16(p
, &rr
->svcb
.priority
, NULL
);
2192 r
= dns_packet_read_name(p
, &rr
->svcb
.target_name
, false /* uncompressed */, NULL
);
2196 DnsSvcParam
*last
= NULL
;
2197 while (p
->rindex
- offset
< rdlength
) {
2198 _cleanup_free_ DnsSvcParam
*i
= NULL
;
2199 uint16_t svc_param_key
;
2202 r
= dns_packet_read_uint16(p
, &svc_param_key
, NULL
);
2205 /* RFC 9460, section 2.2 says we must consider an RR malformed if SvcParamKeys are
2206 * not in strictly increasing order */
2207 if (last
&& last
->key
>= svc_param_key
)
2210 r
= dns_packet_read_uint16(p
, &sz
, NULL
);
2214 i
= malloc0(offsetof(DnsSvcParam
, value
) + sz
);
2218 i
->key
= svc_param_key
;
2220 r
= dns_packet_read_blob(p
, &i
->value
, sz
, NULL
);
2223 if (!dns_svc_param_is_valid(i
))
2226 LIST_INSERT_AFTER(params
, rr
->svcb
.params
, last
, i
);
2233 r
= dns_packet_read_uint8(p
, &rr
->caa
.flags
, NULL
);
2237 r
= dns_packet_read_string(p
, &rr
->caa
.tag
, NULL
);
2241 if (rdlength
< p
->rindex
- offset
)
2244 r
= dns_packet_read_memdup(p
,
2245 rdlength
+ offset
- p
->rindex
,
2246 &rr
->caa
.value
, &rr
->caa
.value_size
, NULL
);
2250 case DNS_TYPE_OPT
: /* we only care about the header of OPT for now. */
2251 case DNS_TYPE_OPENPGPKEY
:
2254 r
= dns_packet_read_memdup(p
, rdlength
, &rr
->generic
.data
, &rr
->generic
.data_size
, NULL
);
2260 if (p
->rindex
- offset
!= rdlength
)
2264 *ret
= TAKE_PTR(rr
);
2265 if (ret_cache_flush
)
2266 *ret_cache_flush
= cache_flush
;
2268 *ret_start
= rewinder
.saved_rindex
;
2270 CANCEL_REWINDER(rewinder
);
2274 static bool opt_is_good(DnsResourceRecord
*rr
, bool *rfc6975
) {
2276 bool found_dau_dhu_n3u
= false;
2279 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2283 assert(rr
->key
->type
== DNS_TYPE_OPT
);
2285 /* Check that the version is 0 */
2286 if (((rr
->ttl
>> 16) & UINT32_C(0xFF)) != 0) {
2288 return true; /* if it's not version 0, it's OK, but we will ignore the OPT field contents */
2292 l
= rr
->opt
.data_size
;
2294 uint16_t option_code
, option_length
;
2296 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2300 option_code
= unaligned_read_be16(p
);
2301 option_length
= unaligned_read_be16(p
+ 2);
2303 if (l
< option_length
+ 4U)
2306 /* RFC 6975 DAU, DHU or N3U fields found. */
2307 if (IN_SET(option_code
, DNS_EDNS_OPT_DAU
, DNS_EDNS_OPT_DHU
, DNS_EDNS_OPT_N3U
))
2308 found_dau_dhu_n3u
= true;
2310 p
+= option_length
+ 4U;
2311 l
-= option_length
+ 4U;
2314 *rfc6975
= found_dau_dhu_n3u
;
2318 static int dns_packet_extract_question(DnsPacket
*p
, DnsQuestion
**ret_question
) {
2319 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
2323 n
= DNS_PACKET_QDCOUNT(p
);
2325 question
= dns_question_new(n
);
2329 _cleanup_set_free_ Set
*keys
= NULL
; /* references to keys are kept by Question */
2331 keys
= set_new(&dns_resource_key_hash_ops
);
2335 r
= set_reserve(keys
, n
* 2); /* Higher multipliers give slightly higher efficiency through
2336 * hash collisions, but the gains quickly drop off after 2. */
2340 for (unsigned i
= 0; i
< n
; i
++) {
2341 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
2344 r
= dns_packet_read_key(p
, &key
, &qu
, NULL
);
2348 if (!dns_type_is_valid_query(key
->type
))
2351 r
= set_put(keys
, key
);
2355 /* Already in the Question, let's skip */
2358 r
= dns_question_add_raw(question
, key
, qu
? DNS_QUESTION_WANTS_UNICAST_REPLY
: 0);
2364 *ret_question
= TAKE_PTR(question
);
2369 static int dns_packet_extract_answer(DnsPacket
*p
, DnsAnswer
**ret_answer
) {
2370 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
2372 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*previous
= NULL
;
2373 bool bad_opt
= false;
2376 n
= DNS_PACKET_RRCOUNT(p
);
2380 answer
= dns_answer_new(n
);
2384 for (unsigned i
= 0; i
< n
; i
++) {
2385 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
2386 bool cache_flush
= false;
2389 if (p
->rindex
== p
->size
&& p
->opt
) {
2390 /* If we reached the end of the packet already, but there are still more RRs
2391 * declared, then that's a corrupt packet. Let's accept the packet anyway, since it's
2392 * apparently a common bug in routers. Let's however suppress OPT support in this
2393 * case, so that we force the rest of the logic into lowest DNS baseline support. Or
2394 * to say this differently: if the DNS server doesn't even get the RR counts right,
2395 * it's highly unlikely it gets EDNS right. */
2396 log_debug("More resource records declared in packet than included, suppressing OPT.");
2401 r
= dns_packet_read_rr(p
, &rr
, &cache_flush
, &start
);
2405 /* Try to reduce memory usage a bit */
2407 dns_resource_key_reduce(&rr
->key
, &previous
->key
);
2409 if (rr
->key
->type
== DNS_TYPE_OPT
) {
2412 if (p
->opt
|| bad_opt
) {
2413 /* Multiple OPT RRs? if so, let's ignore all, because there's
2414 * something wrong with the server, and if one is valid we wouldn't
2415 * know which one. */
2416 log_debug("Multiple OPT RRs detected, ignoring all.");
2421 if (!dns_name_is_root(dns_resource_key_name(rr
->key
))) {
2422 /* If the OPT RR is not owned by the root domain, then it is bad,
2423 * let's ignore it. */
2424 log_debug("OPT RR is not owned by root domain, ignoring.");
2429 if (i
< DNS_PACKET_ANCOUNT(p
) + DNS_PACKET_NSCOUNT(p
)) {
2430 /* OPT RR is in the wrong section? Some Belkin routers do this. This
2431 * is a hint the EDNS implementation is borked, like the Belkin one
2432 * is, hence ignore it. */
2433 log_debug("OPT RR in wrong section, ignoring.");
2438 if (!opt_is_good(rr
, &has_rfc6975
)) {
2439 log_debug("Malformed OPT RR, ignoring.");
2444 if (DNS_PACKET_QR(p
)) {
2445 /* Additional checks for responses */
2447 if (!DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(rr
))
2448 /* If this is a reply and we don't know the EDNS version
2449 * then something is weird... */
2450 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG
),
2451 "EDNS version newer that our request, bad server.");
2454 /* If the OPT RR contains RFC6975 algorithm data, then this
2455 * is indication that the server just copied the OPT it got
2456 * from us (which contained that data) back into the reply.
2457 * If so, then it doesn't properly support EDNS, as RFC6975
2458 * makes it very clear that the algorithm data should only
2459 * be contained in questions, never in replies. Crappy
2460 * Belkin routers copy the OPT data for example, hence let's
2461 * detect this so that we downgrade early. */
2462 log_debug("OPT RR contains RFC6975 data, ignoring.");
2468 p
->opt
= dns_resource_record_ref(rr
);
2469 p
->opt_start
= start
;
2470 assert(p
->rindex
>= start
);
2471 p
->opt_size
= p
->rindex
- start
;
2473 DnsAnswerFlags flags
= 0;
2475 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
2476 flags
|= DNS_ANSWER_REFUSE_TTL_NO_MATCH
;
2478 flags
|= DNS_ANSWER_SHARED_OWNER
;
2481 /* According to RFC 4795, section 2.9. only the RRs from the Answer section shall be
2482 * cached. Hence mark only those RRs as cacheable by default, but not the ones from
2483 * the Additional or Authority sections.
2484 * This restriction does not apply to mDNS records (RFC 6762). */
2485 if (i
< DNS_PACKET_ANCOUNT(p
))
2486 flags
|= DNS_ANSWER_CACHEABLE
|DNS_ANSWER_SECTION_ANSWER
;
2487 else if (i
< DNS_PACKET_ANCOUNT(p
) + DNS_PACKET_NSCOUNT(p
))
2488 flags
|= DNS_ANSWER_SECTION_AUTHORITY
;
2490 flags
|= DNS_ANSWER_SECTION_ADDITIONAL
;
2491 if (p
->protocol
== DNS_PROTOCOL_MDNS
)
2492 flags
|= DNS_ANSWER_CACHEABLE
;
2495 r
= dns_answer_add(answer
, rr
, p
->ifindex
, flags
, NULL
);
2500 /* Remember this RR, so that we can potentially merge its ->key object with the
2501 * next RR. Note that we only do this if we actually decided to keep the RR around.
2503 DNS_RR_REPLACE(previous
, dns_resource_record_ref(rr
));
2507 p
->opt
= dns_resource_record_unref(p
->opt
);
2508 p
->opt_start
= p
->opt_size
= SIZE_MAX
;
2511 *ret_answer
= TAKE_PTR(answer
);
2516 int dns_packet_extract(DnsPacket
*p
) {
2522 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
2523 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
2524 _unused_
_cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
2527 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
2529 r
= dns_packet_extract_question(p
, &question
);
2533 r
= dns_packet_extract_answer(p
, &answer
);
2537 if (p
->rindex
< p
->size
) {
2538 log_debug("Trailing garbage in packet, suppressing OPT.");
2539 p
->opt
= dns_resource_record_unref(p
->opt
);
2540 p
->opt_start
= p
->opt_size
= SIZE_MAX
;
2543 p
->question
= TAKE_PTR(question
);
2544 p
->answer
= TAKE_PTR(answer
);
2545 p
->extracted
= true;
2547 /* no CANCEL, always rewind */
2551 int dns_packet_is_reply_for(DnsPacket
*p
, const DnsResourceKey
*key
) {
2557 /* Checks if the specified packet is a reply for the specified
2558 * key and the specified key is the only one in the question
2561 if (DNS_PACKET_QR(p
) != 1)
2564 /* Let's unpack the packet, if that hasn't happened yet. */
2565 r
= dns_packet_extract(p
);
2572 if (p
->question
->n_keys
!= 1)
2575 return dns_resource_key_equal(dns_question_first_key(p
->question
), key
);
2578 int dns_packet_patch_max_udp_size(DnsPacket
*p
, uint16_t max_udp_size
) {
2580 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
2582 if (p
->opt_start
== SIZE_MAX
) /* No OPT section, nothing to patch */
2585 assert(p
->opt_size
!= SIZE_MAX
);
2586 assert(p
->opt_size
>= 5);
2588 unaligned_write_be16(DNS_PACKET_DATA(p
) + p
->opt_start
+ 3, max_udp_size
);
2592 static int patch_rr(DnsPacket
*p
, usec_t age
) {
2593 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
2596 uint16_t type
, rdlength
;
2599 /* Patches the RR at the current rindex, subtracts the specified time from the TTL */
2601 r
= dns_packet_read_name(p
, NULL
, true, NULL
);
2605 r
= dns_packet_read_uint16(p
, &type
, NULL
);
2609 r
= dns_packet_read_uint16(p
, NULL
, NULL
);
2613 r
= dns_packet_read_uint32(p
, &ttl
, &ttl_index
);
2617 if (type
!= DNS_TYPE_OPT
) { /* The TTL of the OPT field is not actually a TTL, skip it */
2618 ttl
= LESS_BY(ttl
* USEC_PER_SEC
, age
) / USEC_PER_SEC
;
2619 unaligned_write_be32(DNS_PACKET_DATA(p
) + ttl_index
, ttl
);
2622 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
2626 r
= dns_packet_read(p
, rdlength
, NULL
, NULL
);
2630 CANCEL_REWINDER(rewinder
);
2634 int dns_packet_patch_ttls(DnsPacket
*p
, usec_t timestamp
) {
2636 assert(timestamp_is_set(timestamp
));
2638 /* Adjusts all TTLs in the packet by subtracting the time difference between now and the specified timestamp */
2640 _unused_
_cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= REWINDER_INIT(p
);
2645 k
= now(CLOCK_BOOTTIME
);
2646 assert(k
>= timestamp
);
2649 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
2651 n
= DNS_PACKET_QDCOUNT(p
);
2652 for (unsigned i
= 0; i
< n
; i
++) {
2653 r
= dns_packet_read_key(p
, NULL
, NULL
, NULL
);
2658 n
= DNS_PACKET_RRCOUNT(p
);
2659 for (unsigned i
= 0; i
< n
; i
++) {
2661 /* DNS servers suck, hence the RR count is in many servers off. If we reached the end
2662 * prematurely, accept that, exit early */
2663 if (p
->rindex
== p
->size
)
2674 static void dns_packet_hash_func(const DnsPacket
*s
, struct siphash
*state
) {
2677 siphash24_compress_typesafe(s
->size
, state
);
2678 siphash24_compress(DNS_PACKET_DATA((DnsPacket
*) s
), s
->size
, state
);
2681 static int dns_packet_compare_func(const DnsPacket
*x
, const DnsPacket
*y
) {
2684 r
= CMP(x
->size
, y
->size
);
2688 return memcmp(DNS_PACKET_DATA((DnsPacket
*) x
), DNS_PACKET_DATA((DnsPacket
*) y
), x
->size
);
2691 DEFINE_HASH_OPS(dns_packet_hash_ops
, DnsPacket
, dns_packet_hash_func
, dns_packet_compare_func
);
2693 bool dns_packet_equal(const DnsPacket
*a
, const DnsPacket
*b
) {
2694 return dns_packet_compare_func(a
, b
) == 0;
2697 int dns_packet_ede_rcode(DnsPacket
*p
, int *ret_ede_rcode
, char **ret_ede_msg
) {
2707 d
= p
->opt
->opt
.data
;
2708 l
= p
->opt
->opt
.data_size
;
2711 uint16_t code
, length
;
2714 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG
),
2715 "EDNS0 variable part has invalid size.");
2717 code
= unaligned_read_be16(d
);
2718 length
= unaligned_read_be16(d
+ 2);
2720 if (l
< 4U + length
)
2721 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG
),
2722 "Truncated option in EDNS0 variable part.");
2724 if (code
== DNS_EDNS_OPT_EXT_ERROR
) {
2725 _cleanup_free_
char *msg
= NULL
;
2728 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG
),
2729 "EDNS0 truncated EDE info code.");
2731 r
= make_cstring((char *) d
+ 6, length
- 2U, MAKE_CSTRING_ALLOW_TRAILING_NUL
, &msg
);
2733 return log_debug_errno(r
, "Invalid EDE text in opt.");
2736 if (!utf8_is_valid(msg
)) {
2737 _cleanup_free_
char *msg_escaped
= NULL
;
2739 msg_escaped
= cescape(msg
);
2741 return log_oom_debug();
2743 *ret_ede_msg
= TAKE_PTR(msg_escaped
);
2745 *ret_ede_msg
= TAKE_PTR(msg
);
2749 *ret_ede_rcode
= unaligned_read_be16(d
+ 4);
2761 bool dns_ede_rcode_is_dnssec(int ede_rcode
) {
2762 return IN_SET(ede_rcode
,
2763 DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG
,
2764 DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST
,
2765 DNS_EDE_RCODE_DNSSEC_INDETERMINATE
,
2766 DNS_EDE_RCODE_DNSSEC_BOGUS
,
2767 DNS_EDE_RCODE_SIG_EXPIRED
,
2768 DNS_EDE_RCODE_SIG_NOT_YET_VALID
,
2769 DNS_EDE_RCODE_DNSKEY_MISSING
,
2770 DNS_EDE_RCODE_RRSIG_MISSING
,
2771 DNS_EDE_RCODE_NO_ZONE_KEY_BIT
,
2772 DNS_EDE_RCODE_NSEC_MISSING
2776 int dns_packet_has_nsid_request(DnsPacket
*p
) {
2777 bool has_nsid
= false;
2786 d
= p
->opt
->opt
.data
;
2787 l
= p
->opt
->opt
.data_size
;
2790 uint16_t code
, length
;
2793 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG
),
2794 "EDNS0 variable part has invalid size.");
2796 code
= unaligned_read_be16(d
);
2797 length
= unaligned_read_be16(d
+ 2);
2799 if (l
< 4U + length
)
2800 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG
),
2801 "Truncated option in EDNS0 variable part.");
2803 if (code
== DNS_EDNS_OPT_NSID
) {
2805 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG
),
2806 "Duplicate NSID option in EDNS0 variable part.");
2809 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG
),
2810 "Non-empty NSID option in DNS request.");
2822 size_t dns_packet_size_unfragmented(DnsPacket
*p
) {
2825 if (p
->fragsize
== 0) /* Wasn't fragmented */
2828 /* The fragment size (p->fragsize) covers the whole (fragmented) IP packet, while the regular packet
2829 * size (p->size) only covers the DNS part. Thus, subtract the UDP header from the largest fragment
2830 * size, in order to determine which size of DNS packet would have gone through without
2833 return LESS_BY(p
->fragsize
, udp_header_size(p
->family
));
2836 static const char* const dns_rcode_table
[_DNS_RCODE_MAX_DEFINED
] = {
2837 [DNS_RCODE_SUCCESS
] = "SUCCESS",
2838 [DNS_RCODE_FORMERR
] = "FORMERR",
2839 [DNS_RCODE_SERVFAIL
] = "SERVFAIL",
2840 [DNS_RCODE_NXDOMAIN
] = "NXDOMAIN",
2841 [DNS_RCODE_NOTIMP
] = "NOTIMP",
2842 [DNS_RCODE_REFUSED
] = "REFUSED",
2843 [DNS_RCODE_YXDOMAIN
] = "YXDOMAIN",
2844 [DNS_RCODE_YXRRSET
] = "YRRSET",
2845 [DNS_RCODE_NXRRSET
] = "NXRRSET",
2846 [DNS_RCODE_NOTAUTH
] = "NOTAUTH",
2847 [DNS_RCODE_NOTZONE
] = "NOTZONE",
2848 [DNS_RCODE_DSOTYPENI
] = "DSOTYPENI",
2849 [DNS_RCODE_BADVERS
] = "BADVERS",
2850 [DNS_RCODE_BADKEY
] = "BADKEY",
2851 [DNS_RCODE_BADTIME
] = "BADTIME",
2852 [DNS_RCODE_BADMODE
] = "BADMODE",
2853 [DNS_RCODE_BADNAME
] = "BADNAME",
2854 [DNS_RCODE_BADALG
] = "BADALG",
2855 [DNS_RCODE_BADTRUNC
] = "BADTRUNC",
2856 [DNS_RCODE_BADCOOKIE
] = "BADCOOKIE",
2858 DEFINE_STRING_TABLE_LOOKUP(dns_rcode
, int);
2860 const char *format_dns_rcode(int i
, char buf
[static DECIMAL_STR_MAX(int)]) {
2861 const char *p
= dns_rcode_to_string(i
);
2865 return snprintf_ok(buf
, DECIMAL_STR_MAX(int), "%i", i
);
2868 static const char* const dns_ede_rcode_table
[_DNS_EDE_RCODE_MAX_DEFINED
] = {
2869 [DNS_EDE_RCODE_OTHER
] = "Other",
2870 [DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG
] = "Unsupported DNSKEY Algorithm",
2871 [DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST
] = "Unsupported DS Digest Type",
2872 [DNS_EDE_RCODE_STALE_ANSWER
] = "Stale Answer",
2873 [DNS_EDE_RCODE_FORGED_ANSWER
] = "Forged Answer",
2874 [DNS_EDE_RCODE_DNSSEC_INDETERMINATE
] = "DNSSEC Indeterminate",
2875 [DNS_EDE_RCODE_DNSSEC_BOGUS
] = "DNSSEC Bogus",
2876 [DNS_EDE_RCODE_SIG_EXPIRED
] = "Signature Expired",
2877 [DNS_EDE_RCODE_SIG_NOT_YET_VALID
] = "Signature Not Yet Valid",
2878 [DNS_EDE_RCODE_DNSKEY_MISSING
] = "DNSKEY Missing",
2879 [DNS_EDE_RCODE_RRSIG_MISSING
] = "RRSIG Missing",
2880 [DNS_EDE_RCODE_NO_ZONE_KEY_BIT
] = "No Zone Key Bit Set",
2881 [DNS_EDE_RCODE_NSEC_MISSING
] = "NSEC Missing",
2882 [DNS_EDE_RCODE_CACHED_ERROR
] = "Cached Error",
2883 [DNS_EDE_RCODE_NOT_READY
] = "Not Ready",
2884 [DNS_EDE_RCODE_BLOCKED
] = "Blocked",
2885 [DNS_EDE_RCODE_CENSORED
] = "Censored",
2886 [DNS_EDE_RCODE_FILTERED
] = "Filtered",
2887 [DNS_EDE_RCODE_PROHIBITIED
] = "Prohibited",
2888 [DNS_EDE_RCODE_STALE_NXDOMAIN_ANSWER
] = "Stale NXDOMAIN Answer",
2889 [DNS_EDE_RCODE_NOT_AUTHORITATIVE
] = "Not Authoritative",
2890 [DNS_EDE_RCODE_NOT_SUPPORTED
] = "Not Supported",
2891 [DNS_EDE_RCODE_UNREACH_AUTHORITY
] = "No Reachable Authority",
2892 [DNS_EDE_RCODE_NET_ERROR
] = "Network Error",
2893 [DNS_EDE_RCODE_INVALID_DATA
] = "Invalid Data",
2894 [DNS_EDE_RCODE_SIG_NEVER
] = "Signature Never Valid",
2895 [DNS_EDE_RCODE_TOO_EARLY
] = "Too Early",
2896 [DNS_EDE_RCODE_UNSUPPORTED_NSEC3_ITER
] = "Unsupported NSEC3 Iterations",
2897 [DNS_EDE_RCODE_TRANSPORT_POLICY
] = "Impossible Transport Policy",
2898 [DNS_EDE_RCODE_SYNTHESIZED
] = "Synthesized",
2900 DEFINE_STRING_TABLE_LOOKUP_TO_STRING(dns_ede_rcode
, int);
2902 const char *format_dns_ede_rcode(int i
, char buf
[static DECIMAL_STR_MAX(int)]) {
2903 const char *p
= dns_ede_rcode_to_string(i
);
2907 return snprintf_ok(buf
, DECIMAL_STR_MAX(int), "%i", i
);
2910 static const char* const dns_svc_param_key_table
[_DNS_SVC_PARAM_KEY_MAX_DEFINED
] = {
2911 [DNS_SVC_PARAM_KEY_MANDATORY
] = "mandatory",
2912 [DNS_SVC_PARAM_KEY_ALPN
] = "alpn",
2913 [DNS_SVC_PARAM_KEY_NO_DEFAULT_ALPN
] = "no-default-alpn",
2914 [DNS_SVC_PARAM_KEY_PORT
] = "port",
2915 [DNS_SVC_PARAM_KEY_IPV4HINT
] = "ipv4hint",
2916 [DNS_SVC_PARAM_KEY_ECH
] = "ech",
2917 [DNS_SVC_PARAM_KEY_IPV6HINT
] = "ipv6hint",
2918 [DNS_SVC_PARAM_KEY_DOHPATH
] = "dohpath",
2919 [DNS_SVC_PARAM_KEY_OHTTP
] = "ohttp",
2921 DEFINE_STRING_TABLE_LOOKUP_TO_STRING(dns_svc_param_key
, int);
2923 const char *format_dns_svc_param_key(uint16_t i
, char buf
[static DECIMAL_STR_MAX(uint16_t)+3]) {
2924 const char *p
= dns_svc_param_key_to_string(i
);
2928 return snprintf_ok(buf
, DECIMAL_STR_MAX(uint16_t)+3, "key%i", i
);
2931 static const char* const dns_protocol_table
[_DNS_PROTOCOL_MAX
] = {
2932 [DNS_PROTOCOL_DNS
] = "dns",
2933 [DNS_PROTOCOL_MDNS
] = "mdns",
2934 [DNS_PROTOCOL_LLMNR
] = "llmnr",
2936 DEFINE_STRING_TABLE_LOOKUP(dns_protocol
, DnsProtocol
);