]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
resolved: add logic for patching OPT max udp size of existing packet
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_GCRYPT
4 #include <gcrypt.h>
5 #endif
6
7 #include "alloc-util.h"
8 #include "dns-domain.h"
9 #include "memory-util.h"
10 #include "resolved-dns-packet.h"
11 #include "set.h"
12 #include "string-table.h"
13 #include "strv.h"
14 #include "unaligned.h"
15 #include "utf8.h"
16 #include "util.h"
17
18 #define EDNS0_OPT_DO (1<<15)
19
20 assert_cc(DNS_PACKET_SIZE_START > DNS_PACKET_HEADER_SIZE);
21
22 typedef struct DnsPacketRewinder {
23 DnsPacket *packet;
24 size_t saved_rindex;
25 } DnsPacketRewinder;
26
27 static void rewind_dns_packet(DnsPacketRewinder *rewinder) {
28 if (rewinder->packet)
29 dns_packet_rewind(rewinder->packet, rewinder->saved_rindex);
30 }
31
32 #define INIT_REWINDER(rewinder, p) do { rewinder.packet = p; rewinder.saved_rindex = p->rindex; } while (0)
33 #define CANCEL_REWINDER(rewinder) do { rewinder.packet = NULL; } while (0)
34
35 int dns_packet_new(
36 DnsPacket **ret,
37 DnsProtocol protocol,
38 size_t min_alloc_dsize,
39 size_t max_size) {
40
41 DnsPacket *p;
42 size_t a;
43
44 assert(ret);
45 assert(max_size >= DNS_PACKET_HEADER_SIZE);
46
47 if (max_size > DNS_PACKET_SIZE_MAX)
48 max_size = DNS_PACKET_SIZE_MAX;
49
50 /* The caller may not check what is going to be truly allocated, so do not allow to
51 * allocate a DNS packet bigger than DNS_PACKET_SIZE_MAX.
52 */
53 if (min_alloc_dsize > DNS_PACKET_SIZE_MAX)
54 return log_error_errno(SYNTHETIC_ERRNO(EFBIG),
55 "Requested packet data size too big: %zu",
56 min_alloc_dsize);
57
58 /* When dns_packet_new() is called with min_alloc_dsize == 0, allocate more than the
59 * absolute minimum (which is the dns packet header size), to avoid
60 * resizing immediately again after appending the first data to the packet.
61 */
62 if (min_alloc_dsize < DNS_PACKET_HEADER_SIZE)
63 a = DNS_PACKET_SIZE_START;
64 else
65 a = min_alloc_dsize;
66
67 /* round up to next page size */
68 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
69
70 /* make sure we never allocate more than useful */
71 if (a > max_size)
72 a = max_size;
73
74 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
75 if (!p)
76 return -ENOMEM;
77
78 *p = (DnsPacket) {
79 .n_ref = 1,
80 .protocol = protocol,
81 .size = DNS_PACKET_HEADER_SIZE,
82 .rindex = DNS_PACKET_HEADER_SIZE,
83 .allocated = a,
84 .max_size = max_size,
85 .opt_start = (size_t) -1,
86 .opt_size = (size_t) -1,
87 };
88
89 *ret = p;
90
91 return 0;
92 }
93
94 void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
95
96 DnsPacketHeader *h;
97
98 assert(p);
99
100 h = DNS_PACKET_HEADER(p);
101
102 switch(p->protocol) {
103 case DNS_PROTOCOL_LLMNR:
104 assert(!truncated);
105
106 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
107 0 /* opcode */,
108 0 /* c */,
109 0 /* tc */,
110 0 /* t */,
111 0 /* ra */,
112 0 /* ad */,
113 0 /* cd */,
114 0 /* rcode */));
115 break;
116
117 case DNS_PROTOCOL_MDNS:
118 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
119 0 /* opcode */,
120 0 /* aa */,
121 truncated /* tc */,
122 0 /* rd (ask for recursion) */,
123 0 /* ra */,
124 0 /* ad */,
125 0 /* cd */,
126 0 /* rcode */));
127 break;
128
129 default:
130 assert(!truncated);
131
132 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
133 0 /* opcode */,
134 0 /* aa */,
135 0 /* tc */,
136 1 /* rd (ask for recursion) */,
137 0 /* ra */,
138 0 /* ad */,
139 dnssec_checking_disabled /* cd */,
140 0 /* rcode */));
141 }
142 }
143
144 int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t min_alloc_dsize, bool dnssec_checking_disabled) {
145 DnsPacket *p;
146 int r;
147
148 assert(ret);
149
150 r = dns_packet_new(&p, protocol, min_alloc_dsize, DNS_PACKET_SIZE_MAX);
151 if (r < 0)
152 return r;
153
154 /* Always set the TC bit to 0 initially.
155 * If there are multiple packets later, we'll update the bit shortly before sending.
156 */
157 dns_packet_set_flags(p, dnssec_checking_disabled, false);
158
159 *ret = p;
160 return 0;
161 }
162
163 int dns_packet_dup(DnsPacket **ret, DnsPacket *p) {
164 DnsPacket *c;
165 int r;
166
167 assert(ret);
168 assert(p);
169
170 r = dns_packet_validate(p);
171 if (r < 0)
172 return r;
173
174 c = malloc(ALIGN(sizeof(DnsPacket)) + p->size);
175 if (!c)
176 return -ENOMEM;
177
178 *c = (DnsPacket) {
179 .n_ref = 1,
180 .protocol = p->protocol,
181 .size = p->size,
182 .rindex = DNS_PACKET_HEADER_SIZE,
183 .allocated = p->size,
184 .max_size = p->max_size,
185 .opt_start = (size_t) -1,
186 .opt_size = (size_t) -1,
187 };
188
189 memcpy(DNS_PACKET_DATA(c), DNS_PACKET_DATA(p), p->size);
190
191 *ret = c;
192 return 0;
193 }
194
195 DnsPacket *dns_packet_ref(DnsPacket *p) {
196
197 if (!p)
198 return NULL;
199
200 assert(!p->on_stack);
201
202 assert(p->n_ref > 0);
203 p->n_ref++;
204 return p;
205 }
206
207 static void dns_packet_free(DnsPacket *p) {
208 char *s;
209
210 assert(p);
211
212 dns_question_unref(p->question);
213 dns_answer_unref(p->answer);
214 dns_resource_record_unref(p->opt);
215
216 while ((s = hashmap_steal_first_key(p->names)))
217 free(s);
218 hashmap_free(p->names);
219
220 free(p->_data);
221
222 if (!p->on_stack)
223 free(p);
224 }
225
226 DnsPacket *dns_packet_unref(DnsPacket *p) {
227 if (!p)
228 return NULL;
229
230 assert(p->n_ref > 0);
231
232 dns_packet_unref(p->more);
233
234 if (p->n_ref == 1)
235 dns_packet_free(p);
236 else
237 p->n_ref--;
238
239 return NULL;
240 }
241
242 int dns_packet_validate(DnsPacket *p) {
243 assert(p);
244
245 if (p->size < DNS_PACKET_HEADER_SIZE)
246 return -EBADMSG;
247
248 if (p->size > DNS_PACKET_SIZE_MAX)
249 return -EBADMSG;
250
251 return 1;
252 }
253
254 int dns_packet_validate_reply(DnsPacket *p) {
255 int r;
256
257 assert(p);
258
259 r = dns_packet_validate(p);
260 if (r < 0)
261 return r;
262
263 if (DNS_PACKET_QR(p) != 1)
264 return 0;
265
266 if (DNS_PACKET_OPCODE(p) != 0)
267 return -EBADMSG;
268
269 switch (p->protocol) {
270
271 case DNS_PROTOCOL_LLMNR:
272 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
273 if (DNS_PACKET_QDCOUNT(p) != 1)
274 return -EBADMSG;
275
276 break;
277
278 case DNS_PROTOCOL_MDNS:
279 /* RFC 6762, Section 18 */
280 if (DNS_PACKET_RCODE(p) != 0)
281 return -EBADMSG;
282
283 break;
284
285 default:
286 break;
287 }
288
289 return 1;
290 }
291
292 int dns_packet_validate_query(DnsPacket *p) {
293 int r;
294
295 assert(p);
296
297 r = dns_packet_validate(p);
298 if (r < 0)
299 return r;
300
301 if (DNS_PACKET_QR(p) != 0)
302 return 0;
303
304 if (DNS_PACKET_OPCODE(p) != 0)
305 return -EBADMSG;
306
307 if (DNS_PACKET_TC(p))
308 return -EBADMSG;
309
310 switch (p->protocol) {
311
312 case DNS_PROTOCOL_LLMNR:
313 case DNS_PROTOCOL_DNS:
314 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
315 if (DNS_PACKET_QDCOUNT(p) != 1)
316 return -EBADMSG;
317
318 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
319 if (DNS_PACKET_ANCOUNT(p) > 0)
320 return -EBADMSG;
321
322 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
323 if (DNS_PACKET_NSCOUNT(p) > 0)
324 return -EBADMSG;
325
326 break;
327
328 case DNS_PROTOCOL_MDNS:
329 /* RFC 6762, Section 18 */
330 if (DNS_PACKET_AA(p) != 0 ||
331 DNS_PACKET_RD(p) != 0 ||
332 DNS_PACKET_RA(p) != 0 ||
333 DNS_PACKET_AD(p) != 0 ||
334 DNS_PACKET_CD(p) != 0 ||
335 DNS_PACKET_RCODE(p) != 0)
336 return -EBADMSG;
337
338 break;
339
340 default:
341 break;
342 }
343
344 return 1;
345 }
346
347 static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
348 assert(p);
349
350 if (p->size + add > p->allocated) {
351 size_t a, ms;
352
353 a = PAGE_ALIGN((p->size + add) * 2);
354
355 ms = dns_packet_size_max(p);
356 if (a > ms)
357 a = ms;
358
359 if (p->size + add > a)
360 return -EMSGSIZE;
361
362 if (p->_data) {
363 void *d;
364
365 d = realloc(p->_data, a);
366 if (!d)
367 return -ENOMEM;
368
369 p->_data = d;
370 } else {
371 p->_data = malloc(a);
372 if (!p->_data)
373 return -ENOMEM;
374
375 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
376 memzero((uint8_t*) p->_data + p->size, a - p->size);
377 }
378
379 p->allocated = a;
380 }
381
382 if (start)
383 *start = p->size;
384
385 if (ret)
386 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
387
388 p->size += add;
389 return 0;
390 }
391
392 void dns_packet_truncate(DnsPacket *p, size_t sz) {
393 char *s;
394 void *n;
395
396 assert(p);
397
398 if (p->size <= sz)
399 return;
400
401 HASHMAP_FOREACH_KEY(n, s, p->names) {
402
403 if (PTR_TO_SIZE(n) < sz)
404 continue;
405
406 hashmap_remove(p->names, s);
407 free(s);
408 }
409
410 p->size = sz;
411 }
412
413 int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
414 void *q;
415 int r;
416
417 assert(p);
418
419 r = dns_packet_extend(p, l, &q, start);
420 if (r < 0)
421 return r;
422
423 memcpy_safe(q, d, l);
424 return 0;
425 }
426
427 int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
428 void *d;
429 int r;
430
431 assert(p);
432
433 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
434 if (r < 0)
435 return r;
436
437 ((uint8_t*) d)[0] = v;
438
439 return 0;
440 }
441
442 int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
443 void *d;
444 int r;
445
446 assert(p);
447
448 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
449 if (r < 0)
450 return r;
451
452 unaligned_write_be16(d, v);
453
454 return 0;
455 }
456
457 int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
458 void *d;
459 int r;
460
461 assert(p);
462
463 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
464 if (r < 0)
465 return r;
466
467 unaligned_write_be32(d, v);
468
469 return 0;
470 }
471
472 int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
473 assert(p);
474 assert(s);
475
476 return dns_packet_append_raw_string(p, s, strlen(s), start);
477 }
478
479 int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
480 void *d;
481 int r;
482
483 assert(p);
484 assert(s || size == 0);
485
486 if (size > 255)
487 return -E2BIG;
488
489 r = dns_packet_extend(p, 1 + size, &d, start);
490 if (r < 0)
491 return r;
492
493 ((uint8_t*) d)[0] = (uint8_t) size;
494
495 memcpy_safe(((uint8_t*) d) + 1, s, size);
496
497 return 0;
498 }
499
500 int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
501 uint8_t *w;
502 int r;
503
504 /* Append a label to a packet. Optionally, does this in DNSSEC
505 * canonical form, if this label is marked as a candidate for
506 * it, and the canonical form logic is enabled for the
507 * packet */
508
509 assert(p);
510 assert(d);
511
512 if (l > DNS_LABEL_MAX)
513 return -E2BIG;
514
515 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
516 if (r < 0)
517 return r;
518
519 *(w++) = (uint8_t) l;
520
521 if (p->canonical_form && canonical_candidate) {
522 size_t i;
523
524 /* Generate in canonical form, as defined by DNSSEC
525 * RFC 4034, Section 6.2, i.e. all lower-case. */
526
527 for (i = 0; i < l; i++)
528 w[i] = (uint8_t) ascii_tolower(d[i]);
529 } else
530 /* Otherwise, just copy the string unaltered. This is
531 * essential for DNS-SD, where the casing of labels
532 * matters and needs to be retained. */
533 memcpy(w, d, l);
534
535 return 0;
536 }
537
538 int dns_packet_append_name(
539 DnsPacket *p,
540 const char *name,
541 bool allow_compression,
542 bool canonical_candidate,
543 size_t *start) {
544
545 size_t saved_size;
546 int r;
547
548 assert(p);
549 assert(name);
550
551 if (p->refuse_compression)
552 allow_compression = false;
553
554 saved_size = p->size;
555
556 while (!dns_name_is_root(name)) {
557 const char *z = name;
558 char label[DNS_LABEL_MAX];
559 size_t n = 0;
560
561 if (allow_compression)
562 n = PTR_TO_SIZE(hashmap_get(p->names, name));
563 if (n > 0) {
564 assert(n < p->size);
565
566 if (n < 0x4000) {
567 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
568 if (r < 0)
569 goto fail;
570
571 goto done;
572 }
573 }
574
575 r = dns_label_unescape(&name, label, sizeof label, 0);
576 if (r < 0)
577 goto fail;
578
579 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
580 if (r < 0)
581 goto fail;
582
583 if (allow_compression) {
584 _cleanup_free_ char *s = NULL;
585
586 s = strdup(z);
587 if (!s) {
588 r = -ENOMEM;
589 goto fail;
590 }
591
592 r = hashmap_ensure_put(&p->names, &dns_name_hash_ops, s, SIZE_TO_PTR(n));
593 if (r < 0)
594 goto fail;
595
596 TAKE_PTR(s);
597 }
598 }
599
600 r = dns_packet_append_uint8(p, 0, NULL);
601 if (r < 0)
602 return r;
603
604 done:
605 if (start)
606 *start = saved_size;
607
608 return 0;
609
610 fail:
611 dns_packet_truncate(p, saved_size);
612 return r;
613 }
614
615 int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, const DnsAnswerFlags flags, size_t *start) {
616 size_t saved_size;
617 uint16_t class;
618 int r;
619
620 assert(p);
621 assert(k);
622
623 saved_size = p->size;
624
625 r = dns_packet_append_name(p, dns_resource_key_name(k), true, true, NULL);
626 if (r < 0)
627 goto fail;
628
629 r = dns_packet_append_uint16(p, k->type, NULL);
630 if (r < 0)
631 goto fail;
632
633 class = flags & DNS_ANSWER_CACHE_FLUSH ? k->class | MDNS_RR_CACHE_FLUSH : k->class;
634 r = dns_packet_append_uint16(p, class, NULL);
635 if (r < 0)
636 goto fail;
637
638 if (start)
639 *start = saved_size;
640
641 return 0;
642
643 fail:
644 dns_packet_truncate(p, saved_size);
645 return r;
646 }
647
648 static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
649 size_t saved_size;
650 int r;
651
652 assert(p);
653 assert(types);
654 assert(length > 0);
655
656 saved_size = p->size;
657
658 r = dns_packet_append_uint8(p, window, NULL);
659 if (r < 0)
660 goto fail;
661
662 r = dns_packet_append_uint8(p, length, NULL);
663 if (r < 0)
664 goto fail;
665
666 r = dns_packet_append_blob(p, types, length, NULL);
667 if (r < 0)
668 goto fail;
669
670 if (start)
671 *start = saved_size;
672
673 return 0;
674 fail:
675 dns_packet_truncate(p, saved_size);
676 return r;
677 }
678
679 static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
680 uint8_t window = 0;
681 uint8_t entry = 0;
682 uint8_t bitmaps[32] = {};
683 unsigned n;
684 size_t saved_size;
685 int r;
686
687 assert(p);
688
689 saved_size = p->size;
690
691 BITMAP_FOREACH(n, types) {
692 assert(n <= 0xffff);
693
694 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
695 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
696 if (r < 0)
697 goto fail;
698
699 zero(bitmaps);
700 }
701
702 window = n >> 8;
703 entry = n & 255;
704
705 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
706 }
707
708 if (bitmaps[entry / 8] != 0) {
709 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
710 if (r < 0)
711 goto fail;
712 }
713
714 if (start)
715 *start = saved_size;
716
717 return 0;
718 fail:
719 dns_packet_truncate(p, saved_size);
720 return r;
721 }
722
723 /* Append the OPT pseudo-RR described in RFC6891 */
724 int dns_packet_append_opt(
725 DnsPacket *p,
726 uint16_t max_udp_size,
727 bool edns0_do,
728 bool include_rfc6975,
729 int rcode,
730 size_t *start) {
731
732 size_t saved_size;
733 int r;
734
735 assert(p);
736 /* we must never advertise supported packet size smaller than the legacy max */
737 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
738 assert(rcode >= 0);
739 assert(rcode <= _DNS_RCODE_MAX);
740
741 if (p->opt_start != (size_t) -1)
742 return -EBUSY;
743
744 assert(p->opt_size == (size_t) -1);
745
746 saved_size = p->size;
747
748 /* empty name */
749 r = dns_packet_append_uint8(p, 0, NULL);
750 if (r < 0)
751 return r;
752
753 /* type */
754 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
755 if (r < 0)
756 goto fail;
757
758 /* class: maximum udp packet that can be received */
759 r = dns_packet_append_uint16(p, max_udp_size, NULL);
760 if (r < 0)
761 goto fail;
762
763 /* extended RCODE and VERSION */
764 r = dns_packet_append_uint16(p, ((uint16_t) rcode & 0x0FF0) << 4, NULL);
765 if (r < 0)
766 goto fail;
767
768 /* flags: DNSSEC OK (DO), see RFC3225 */
769 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
770 if (r < 0)
771 goto fail;
772
773 /* RDLENGTH */
774 if (edns0_do && include_rfc6975) {
775 /* If DO is on and this is requested, also append RFC6975 Algorithm data. This is supposed to
776 * be done on queries, not on replies, hencer callers should turn this off when finishing off
777 * replies. */
778
779 static const uint8_t rfc6975[] = {
780
781 0, 5, /* OPTION_CODE: DAU */
782 #if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
783 0, 7, /* LIST_LENGTH */
784 #else
785 0, 6, /* LIST_LENGTH */
786 #endif
787 DNSSEC_ALGORITHM_RSASHA1,
788 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
789 DNSSEC_ALGORITHM_RSASHA256,
790 DNSSEC_ALGORITHM_RSASHA512,
791 DNSSEC_ALGORITHM_ECDSAP256SHA256,
792 DNSSEC_ALGORITHM_ECDSAP384SHA384,
793 #if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
794 DNSSEC_ALGORITHM_ED25519,
795 #endif
796
797 0, 6, /* OPTION_CODE: DHU */
798 0, 3, /* LIST_LENGTH */
799 DNSSEC_DIGEST_SHA1,
800 DNSSEC_DIGEST_SHA256,
801 DNSSEC_DIGEST_SHA384,
802
803 0, 7, /* OPTION_CODE: N3U */
804 0, 1, /* LIST_LENGTH */
805 NSEC3_ALGORITHM_SHA1,
806 };
807
808 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL);
809 if (r < 0)
810 goto fail;
811
812 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL);
813 } else
814 r = dns_packet_append_uint16(p, 0, NULL);
815 if (r < 0)
816 goto fail;
817
818 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
819
820 p->opt_start = saved_size;
821 p->opt_size = p->size - saved_size;
822
823 if (start)
824 *start = saved_size;
825
826 return 0;
827
828 fail:
829 dns_packet_truncate(p, saved_size);
830 return r;
831 }
832
833 int dns_packet_truncate_opt(DnsPacket *p) {
834 assert(p);
835
836 if (p->opt_start == (size_t) -1) {
837 assert(p->opt_size == (size_t) -1);
838 return 0;
839 }
840
841 assert(p->opt_size != (size_t) -1);
842 assert(DNS_PACKET_ARCOUNT(p) > 0);
843
844 if (p->opt_start + p->opt_size != p->size)
845 return -EBUSY;
846
847 dns_packet_truncate(p, p->opt_start);
848 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
849 p->opt_start = p->opt_size = (size_t) -1;
850
851 return 1;
852 }
853
854 int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, const DnsAnswerFlags flags, size_t *start, size_t *rdata_start) {
855
856 size_t saved_size, rdlength_offset, end, rdlength, rds;
857 uint32_t ttl;
858 int r;
859
860 assert(p);
861 assert(rr);
862
863 saved_size = p->size;
864
865 r = dns_packet_append_key(p, rr->key, flags, NULL);
866 if (r < 0)
867 goto fail;
868
869 ttl = flags & DNS_ANSWER_GOODBYE ? 0 : rr->ttl;
870 r = dns_packet_append_uint32(p, ttl, NULL);
871 if (r < 0)
872 goto fail;
873
874 /* Initially we write 0 here */
875 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
876 if (r < 0)
877 goto fail;
878
879 rds = p->size - saved_size;
880
881 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
882
883 case DNS_TYPE_SRV:
884 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
885 if (r < 0)
886 goto fail;
887
888 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
889 if (r < 0)
890 goto fail;
891
892 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
893 if (r < 0)
894 goto fail;
895
896 /* RFC 2782 states "Unless and until permitted by future standards
897 * action, name compression is not to be used for this field." */
898 r = dns_packet_append_name(p, rr->srv.name, false, true, NULL);
899 break;
900
901 case DNS_TYPE_PTR:
902 case DNS_TYPE_NS:
903 case DNS_TYPE_CNAME:
904 case DNS_TYPE_DNAME:
905 r = dns_packet_append_name(p, rr->ptr.name, true, true, NULL);
906 break;
907
908 case DNS_TYPE_HINFO:
909 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
910 if (r < 0)
911 goto fail;
912
913 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
914 break;
915
916 case DNS_TYPE_SPF: /* exactly the same as TXT */
917 case DNS_TYPE_TXT:
918
919 if (!rr->txt.items) {
920 /* RFC 6763, section 6.1 suggests to generate
921 * single empty string for an empty array. */
922
923 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
924 if (r < 0)
925 goto fail;
926 } else {
927 DnsTxtItem *i;
928
929 LIST_FOREACH(items, i, rr->txt.items) {
930 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
931 if (r < 0)
932 goto fail;
933 }
934 }
935
936 r = 0;
937 break;
938
939 case DNS_TYPE_A:
940 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
941 break;
942
943 case DNS_TYPE_AAAA:
944 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
945 break;
946
947 case DNS_TYPE_SOA:
948 r = dns_packet_append_name(p, rr->soa.mname, true, true, NULL);
949 if (r < 0)
950 goto fail;
951
952 r = dns_packet_append_name(p, rr->soa.rname, true, true, NULL);
953 if (r < 0)
954 goto fail;
955
956 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
957 if (r < 0)
958 goto fail;
959
960 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
961 if (r < 0)
962 goto fail;
963
964 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
965 if (r < 0)
966 goto fail;
967
968 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
969 if (r < 0)
970 goto fail;
971
972 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
973 break;
974
975 case DNS_TYPE_MX:
976 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
977 if (r < 0)
978 goto fail;
979
980 r = dns_packet_append_name(p, rr->mx.exchange, true, true, NULL);
981 break;
982
983 case DNS_TYPE_LOC:
984 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
985 if (r < 0)
986 goto fail;
987
988 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
989 if (r < 0)
990 goto fail;
991
992 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
993 if (r < 0)
994 goto fail;
995
996 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
997 if (r < 0)
998 goto fail;
999
1000 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
1001 if (r < 0)
1002 goto fail;
1003
1004 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
1005 if (r < 0)
1006 goto fail;
1007
1008 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
1009 break;
1010
1011 case DNS_TYPE_DS:
1012 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
1013 if (r < 0)
1014 goto fail;
1015
1016 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
1017 if (r < 0)
1018 goto fail;
1019
1020 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
1021 if (r < 0)
1022 goto fail;
1023
1024 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
1025 break;
1026
1027 case DNS_TYPE_SSHFP:
1028 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
1029 if (r < 0)
1030 goto fail;
1031
1032 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
1033 if (r < 0)
1034 goto fail;
1035
1036 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
1037 break;
1038
1039 case DNS_TYPE_DNSKEY:
1040 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
1041 if (r < 0)
1042 goto fail;
1043
1044 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
1045 if (r < 0)
1046 goto fail;
1047
1048 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
1049 if (r < 0)
1050 goto fail;
1051
1052 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
1053 break;
1054
1055 case DNS_TYPE_RRSIG:
1056 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
1057 if (r < 0)
1058 goto fail;
1059
1060 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
1061 if (r < 0)
1062 goto fail;
1063
1064 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
1065 if (r < 0)
1066 goto fail;
1067
1068 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
1069 if (r < 0)
1070 goto fail;
1071
1072 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
1073 if (r < 0)
1074 goto fail;
1075
1076 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1077 if (r < 0)
1078 goto fail;
1079
1080 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
1081 if (r < 0)
1082 goto fail;
1083
1084 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
1085 if (r < 0)
1086 goto fail;
1087
1088 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1089 break;
1090
1091 case DNS_TYPE_NSEC:
1092 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
1093 if (r < 0)
1094 goto fail;
1095
1096 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1097 if (r < 0)
1098 goto fail;
1099
1100 break;
1101
1102 case DNS_TYPE_NSEC3:
1103 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1104 if (r < 0)
1105 goto fail;
1106
1107 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1108 if (r < 0)
1109 goto fail;
1110
1111 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1112 if (r < 0)
1113 goto fail;
1114
1115 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1116 if (r < 0)
1117 goto fail;
1118
1119 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1120 if (r < 0)
1121 goto fail;
1122
1123 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1124 if (r < 0)
1125 goto fail;
1126
1127 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1128 if (r < 0)
1129 goto fail;
1130
1131 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1132 if (r < 0)
1133 goto fail;
1134
1135 break;
1136
1137 case DNS_TYPE_TLSA:
1138 r = dns_packet_append_uint8(p, rr->tlsa.cert_usage, NULL);
1139 if (r < 0)
1140 goto fail;
1141
1142 r = dns_packet_append_uint8(p, rr->tlsa.selector, NULL);
1143 if (r < 0)
1144 goto fail;
1145
1146 r = dns_packet_append_uint8(p, rr->tlsa.matching_type, NULL);
1147 if (r < 0)
1148 goto fail;
1149
1150 r = dns_packet_append_blob(p, rr->tlsa.data, rr->tlsa.data_size, NULL);
1151 break;
1152
1153 case DNS_TYPE_CAA:
1154 r = dns_packet_append_uint8(p, rr->caa.flags, NULL);
1155 if (r < 0)
1156 goto fail;
1157
1158 r = dns_packet_append_string(p, rr->caa.tag, NULL);
1159 if (r < 0)
1160 goto fail;
1161
1162 r = dns_packet_append_blob(p, rr->caa.value, rr->caa.value_size, NULL);
1163 break;
1164
1165 case DNS_TYPE_OPT:
1166 case DNS_TYPE_OPENPGPKEY:
1167 case _DNS_TYPE_INVALID: /* unparsable */
1168 default:
1169
1170 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.data_size, NULL);
1171 break;
1172 }
1173 if (r < 0)
1174 goto fail;
1175
1176 /* Let's calculate the actual data size and update the field */
1177 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1178 if (rdlength > 0xFFFF) {
1179 r = -ENOSPC;
1180 goto fail;
1181 }
1182
1183 end = p->size;
1184 p->size = rdlength_offset;
1185 r = dns_packet_append_uint16(p, rdlength, NULL);
1186 if (r < 0)
1187 goto fail;
1188 p->size = end;
1189
1190 if (start)
1191 *start = saved_size;
1192
1193 if (rdata_start)
1194 *rdata_start = rds;
1195
1196 return 0;
1197
1198 fail:
1199 dns_packet_truncate(p, saved_size);
1200 return r;
1201 }
1202
1203 int dns_packet_append_question(DnsPacket *p, DnsQuestion *q) {
1204 DnsResourceKey *key;
1205 int r;
1206
1207 assert(p);
1208
1209 DNS_QUESTION_FOREACH(key, q) {
1210 r = dns_packet_append_key(p, key, 0, NULL);
1211 if (r < 0)
1212 return r;
1213 }
1214
1215 return 0;
1216 }
1217
1218 int dns_packet_append_answer(DnsPacket *p, DnsAnswer *a) {
1219 DnsResourceRecord *rr;
1220 DnsAnswerFlags flags;
1221 int r;
1222
1223 assert(p);
1224
1225 DNS_ANSWER_FOREACH_FLAGS(rr, flags, a) {
1226 r = dns_packet_append_rr(p, rr, flags, NULL, NULL);
1227 if (r < 0)
1228 return r;
1229 }
1230
1231 return 0;
1232 }
1233
1234 int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1235 assert(p);
1236
1237 if (p->rindex + sz > p->size)
1238 return -EMSGSIZE;
1239
1240 if (ret)
1241 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1242
1243 if (start)
1244 *start = p->rindex;
1245
1246 p->rindex += sz;
1247 return 0;
1248 }
1249
1250 void dns_packet_rewind(DnsPacket *p, size_t idx) {
1251 assert(p);
1252 assert(idx <= p->size);
1253 assert(idx >= DNS_PACKET_HEADER_SIZE);
1254
1255 p->rindex = idx;
1256 }
1257
1258 int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1259 const void *q;
1260 int r;
1261
1262 assert(p);
1263 assert(d);
1264
1265 r = dns_packet_read(p, sz, &q, start);
1266 if (r < 0)
1267 return r;
1268
1269 memcpy(d, q, sz);
1270 return 0;
1271 }
1272
1273 static int dns_packet_read_memdup(
1274 DnsPacket *p, size_t size,
1275 void **ret, size_t *ret_size,
1276 size_t *ret_start) {
1277
1278 const void *src;
1279 size_t start;
1280 int r;
1281
1282 assert(p);
1283 assert(ret);
1284
1285 r = dns_packet_read(p, size, &src, &start);
1286 if (r < 0)
1287 return r;
1288
1289 if (size <= 0)
1290 *ret = NULL;
1291 else {
1292 void *copy;
1293
1294 copy = memdup(src, size);
1295 if (!copy)
1296 return -ENOMEM;
1297
1298 *ret = copy;
1299 }
1300
1301 if (ret_size)
1302 *ret_size = size;
1303 if (ret_start)
1304 *ret_start = start;
1305
1306 return 0;
1307 }
1308
1309 int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1310 const void *d;
1311 int r;
1312
1313 assert(p);
1314
1315 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1316 if (r < 0)
1317 return r;
1318
1319 *ret = ((uint8_t*) d)[0];
1320 return 0;
1321 }
1322
1323 int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1324 const void *d;
1325 int r;
1326
1327 assert(p);
1328
1329 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1330 if (r < 0)
1331 return r;
1332
1333 *ret = unaligned_read_be16(d);
1334
1335 return 0;
1336 }
1337
1338 int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1339 const void *d;
1340 int r;
1341
1342 assert(p);
1343
1344 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1345 if (r < 0)
1346 return r;
1347
1348 *ret = unaligned_read_be32(d);
1349
1350 return 0;
1351 }
1352
1353 int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
1354 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1355 const void *d;
1356 char *t;
1357 uint8_t c;
1358 int r;
1359
1360 assert(p);
1361 INIT_REWINDER(rewinder, p);
1362
1363 r = dns_packet_read_uint8(p, &c, NULL);
1364 if (r < 0)
1365 return r;
1366
1367 r = dns_packet_read(p, c, &d, NULL);
1368 if (r < 0)
1369 return r;
1370
1371 if (memchr(d, 0, c))
1372 return -EBADMSG;
1373
1374 t = strndup(d, c);
1375 if (!t)
1376 return -ENOMEM;
1377
1378 if (!utf8_is_valid(t)) {
1379 free(t);
1380 return -EBADMSG;
1381 }
1382
1383 *ret = t;
1384
1385 if (start)
1386 *start = rewinder.saved_rindex;
1387 CANCEL_REWINDER(rewinder);
1388
1389 return 0;
1390 }
1391
1392 int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
1393 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1394 uint8_t c;
1395 int r;
1396
1397 assert(p);
1398 INIT_REWINDER(rewinder, p);
1399
1400 r = dns_packet_read_uint8(p, &c, NULL);
1401 if (r < 0)
1402 return r;
1403
1404 r = dns_packet_read(p, c, ret, NULL);
1405 if (r < 0)
1406 return r;
1407
1408 if (size)
1409 *size = c;
1410 if (start)
1411 *start = rewinder.saved_rindex;
1412 CANCEL_REWINDER(rewinder);
1413
1414 return 0;
1415 }
1416
1417 int dns_packet_read_name(
1418 DnsPacket *p,
1419 char **_ret,
1420 bool allow_compression,
1421 size_t *start) {
1422
1423 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1424 size_t after_rindex = 0, jump_barrier;
1425 _cleanup_free_ char *ret = NULL;
1426 size_t n = 0, allocated = 0;
1427 bool first = true;
1428 int r;
1429
1430 assert(p);
1431 assert(_ret);
1432 INIT_REWINDER(rewinder, p);
1433 jump_barrier = p->rindex;
1434
1435 if (p->refuse_compression)
1436 allow_compression = false;
1437
1438 for (;;) {
1439 uint8_t c, d;
1440
1441 r = dns_packet_read_uint8(p, &c, NULL);
1442 if (r < 0)
1443 return r;
1444
1445 if (c == 0)
1446 /* End of name */
1447 break;
1448 else if (c <= 63) {
1449 const char *label;
1450
1451 /* Literal label */
1452 r = dns_packet_read(p, c, (const void**) &label, NULL);
1453 if (r < 0)
1454 return r;
1455
1456 if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
1457 return -ENOMEM;
1458
1459 if (first)
1460 first = false;
1461 else
1462 ret[n++] = '.';
1463
1464 r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
1465 if (r < 0)
1466 return r;
1467
1468 n += r;
1469 continue;
1470 } else if (allow_compression && FLAGS_SET(c, 0xc0)) {
1471 uint16_t ptr;
1472
1473 /* Pointer */
1474 r = dns_packet_read_uint8(p, &d, NULL);
1475 if (r < 0)
1476 return r;
1477
1478 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
1479 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier)
1480 return -EBADMSG;
1481
1482 if (after_rindex == 0)
1483 after_rindex = p->rindex;
1484
1485 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1486 jump_barrier = ptr;
1487 p->rindex = ptr;
1488 } else
1489 return -EBADMSG;
1490 }
1491
1492 if (!GREEDY_REALLOC(ret, allocated, n + 1))
1493 return -ENOMEM;
1494
1495 ret[n] = 0;
1496
1497 if (after_rindex != 0)
1498 p->rindex= after_rindex;
1499
1500 *_ret = TAKE_PTR(ret);
1501
1502 if (start)
1503 *start = rewinder.saved_rindex;
1504 CANCEL_REWINDER(rewinder);
1505
1506 return 0;
1507 }
1508
1509 static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
1510 uint8_t window;
1511 uint8_t length;
1512 const uint8_t *bitmap;
1513 uint8_t bit = 0;
1514 unsigned i;
1515 bool found = false;
1516 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1517 int r;
1518
1519 assert(p);
1520 assert(types);
1521 INIT_REWINDER(rewinder, p);
1522
1523 r = bitmap_ensure_allocated(types);
1524 if (r < 0)
1525 return r;
1526
1527 r = dns_packet_read_uint8(p, &window, NULL);
1528 if (r < 0)
1529 return r;
1530
1531 r = dns_packet_read_uint8(p, &length, NULL);
1532 if (r < 0)
1533 return r;
1534
1535 if (length == 0 || length > 32)
1536 return -EBADMSG;
1537
1538 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1539 if (r < 0)
1540 return r;
1541
1542 for (i = 0; i < length; i++) {
1543 uint8_t bitmask = 1 << 7;
1544
1545 if (!bitmap[i]) {
1546 found = false;
1547 bit += 8;
1548 continue;
1549 }
1550
1551 found = true;
1552
1553 for (; bitmask; bit++, bitmask >>= 1)
1554 if (bitmap[i] & bitmask) {
1555 uint16_t n;
1556
1557 n = (uint16_t) window << 8 | (uint16_t) bit;
1558
1559 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1560 if (dns_type_is_pseudo(n))
1561 continue;
1562
1563 r = bitmap_set(*types, n);
1564 if (r < 0)
1565 return r;
1566 }
1567 }
1568
1569 if (!found)
1570 return -EBADMSG;
1571
1572 if (start)
1573 *start = rewinder.saved_rindex;
1574 CANCEL_REWINDER(rewinder);
1575
1576 return 0;
1577 }
1578
1579 static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
1580 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1581 int r;
1582
1583 INIT_REWINDER(rewinder, p);
1584
1585 while (p->rindex < rewinder.saved_rindex + size) {
1586 r = dns_packet_read_type_window(p, types, NULL);
1587 if (r < 0)
1588 return r;
1589
1590 /* don't read past end of current RR */
1591 if (p->rindex > rewinder.saved_rindex + size)
1592 return -EBADMSG;
1593 }
1594
1595 if (p->rindex != rewinder.saved_rindex + size)
1596 return -EBADMSG;
1597
1598 if (start)
1599 *start = rewinder.saved_rindex;
1600 CANCEL_REWINDER(rewinder);
1601
1602 return 0;
1603 }
1604
1605 int dns_packet_read_key(DnsPacket *p, DnsResourceKey **ret, bool *ret_cache_flush, size_t *start) {
1606 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1607 _cleanup_free_ char *name = NULL;
1608 bool cache_flush = false;
1609 uint16_t class, type;
1610 DnsResourceKey *key;
1611 int r;
1612
1613 assert(p);
1614 assert(ret);
1615 INIT_REWINDER(rewinder, p);
1616
1617 r = dns_packet_read_name(p, &name, true, NULL);
1618 if (r < 0)
1619 return r;
1620
1621 r = dns_packet_read_uint16(p, &type, NULL);
1622 if (r < 0)
1623 return r;
1624
1625 r = dns_packet_read_uint16(p, &class, NULL);
1626 if (r < 0)
1627 return r;
1628
1629 if (p->protocol == DNS_PROTOCOL_MDNS) {
1630 /* See RFC6762, Section 10.2 */
1631
1632 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH)) {
1633 class &= ~MDNS_RR_CACHE_FLUSH;
1634 cache_flush = true;
1635 }
1636 }
1637
1638 key = dns_resource_key_new_consume(class, type, name);
1639 if (!key)
1640 return -ENOMEM;
1641
1642 name = NULL;
1643 *ret = key;
1644
1645 if (ret_cache_flush)
1646 *ret_cache_flush = cache_flush;
1647 if (start)
1648 *start = rewinder.saved_rindex;
1649 CANCEL_REWINDER(rewinder);
1650
1651 return 0;
1652 }
1653
1654 static bool loc_size_ok(uint8_t size) {
1655 uint8_t m = size >> 4, e = size & 0xF;
1656
1657 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1658 }
1659
1660 int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, bool *ret_cache_flush, size_t *start) {
1661 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1662 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
1663 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1664 size_t offset;
1665 uint16_t rdlength;
1666 bool cache_flush;
1667 int r;
1668
1669 assert(p);
1670 assert(ret);
1671
1672 INIT_REWINDER(rewinder, p);
1673
1674 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
1675 if (r < 0)
1676 return r;
1677
1678 if (!dns_class_is_valid_rr(key->class) || !dns_type_is_valid_rr(key->type))
1679 return -EBADMSG;
1680
1681 rr = dns_resource_record_new(key);
1682 if (!rr)
1683 return -ENOMEM;
1684
1685 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1686 if (r < 0)
1687 return r;
1688
1689 /* RFC 2181, Section 8, suggests to
1690 * treat a TTL with the MSB set as a zero TTL. */
1691 if (rr->ttl & UINT32_C(0x80000000))
1692 rr->ttl = 0;
1693
1694 r = dns_packet_read_uint16(p, &rdlength, NULL);
1695 if (r < 0)
1696 return r;
1697
1698 if (p->rindex + rdlength > p->size)
1699 return -EBADMSG;
1700
1701 offset = p->rindex;
1702
1703 switch (rr->key->type) {
1704
1705 case DNS_TYPE_SRV:
1706 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1707 if (r < 0)
1708 return r;
1709 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1710 if (r < 0)
1711 return r;
1712 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1713 if (r < 0)
1714 return r;
1715 r = dns_packet_read_name(p, &rr->srv.name, true, NULL);
1716 break;
1717
1718 case DNS_TYPE_PTR:
1719 case DNS_TYPE_NS:
1720 case DNS_TYPE_CNAME:
1721 case DNS_TYPE_DNAME:
1722 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
1723 break;
1724
1725 case DNS_TYPE_HINFO:
1726 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1727 if (r < 0)
1728 return r;
1729
1730 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1731 break;
1732
1733 case DNS_TYPE_SPF: /* exactly the same as TXT */
1734 case DNS_TYPE_TXT:
1735 if (rdlength <= 0) {
1736 r = dns_txt_item_new_empty(&rr->txt.items);
1737 if (r < 0)
1738 return r;
1739 } else {
1740 DnsTxtItem *last = NULL;
1741
1742 while (p->rindex < offset + rdlength) {
1743 DnsTxtItem *i;
1744 const void *data;
1745 size_t sz;
1746
1747 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1748 if (r < 0)
1749 return r;
1750
1751 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1752 if (!i)
1753 return -ENOMEM;
1754
1755 memcpy(i->data, data, sz);
1756 i->length = sz;
1757
1758 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1759 last = i;
1760 }
1761 }
1762
1763 r = 0;
1764 break;
1765
1766 case DNS_TYPE_A:
1767 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
1768 break;
1769
1770 case DNS_TYPE_AAAA:
1771 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
1772 break;
1773
1774 case DNS_TYPE_SOA:
1775 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
1776 if (r < 0)
1777 return r;
1778
1779 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
1780 if (r < 0)
1781 return r;
1782
1783 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1784 if (r < 0)
1785 return r;
1786
1787 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1788 if (r < 0)
1789 return r;
1790
1791 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1792 if (r < 0)
1793 return r;
1794
1795 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1796 if (r < 0)
1797 return r;
1798
1799 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1800 break;
1801
1802 case DNS_TYPE_MX:
1803 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1804 if (r < 0)
1805 return r;
1806
1807 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
1808 break;
1809
1810 case DNS_TYPE_LOC: {
1811 uint8_t t;
1812 size_t pos;
1813
1814 r = dns_packet_read_uint8(p, &t, &pos);
1815 if (r < 0)
1816 return r;
1817
1818 if (t == 0) {
1819 rr->loc.version = t;
1820
1821 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1822 if (r < 0)
1823 return r;
1824
1825 if (!loc_size_ok(rr->loc.size))
1826 return -EBADMSG;
1827
1828 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1829 if (r < 0)
1830 return r;
1831
1832 if (!loc_size_ok(rr->loc.horiz_pre))
1833 return -EBADMSG;
1834
1835 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1836 if (r < 0)
1837 return r;
1838
1839 if (!loc_size_ok(rr->loc.vert_pre))
1840 return -EBADMSG;
1841
1842 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1843 if (r < 0)
1844 return r;
1845
1846 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1847 if (r < 0)
1848 return r;
1849
1850 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
1851 if (r < 0)
1852 return r;
1853
1854 break;
1855 } else {
1856 dns_packet_rewind(p, pos);
1857 rr->unparsable = true;
1858 goto unparsable;
1859 }
1860 }
1861
1862 case DNS_TYPE_DS:
1863 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
1864 if (r < 0)
1865 return r;
1866
1867 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
1868 if (r < 0)
1869 return r;
1870
1871 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
1872 if (r < 0)
1873 return r;
1874
1875 if (rdlength < 4)
1876 return -EBADMSG;
1877
1878 r = dns_packet_read_memdup(p, rdlength - 4,
1879 &rr->ds.digest, &rr->ds.digest_size,
1880 NULL);
1881 if (r < 0)
1882 return r;
1883
1884 if (rr->ds.digest_size <= 0)
1885 /* the accepted size depends on the algorithm, but for now
1886 just ensure that the value is greater than zero */
1887 return -EBADMSG;
1888
1889 break;
1890
1891 case DNS_TYPE_SSHFP:
1892 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
1893 if (r < 0)
1894 return r;
1895
1896 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
1897 if (r < 0)
1898 return r;
1899
1900 if (rdlength < 2)
1901 return -EBADMSG;
1902
1903 r = dns_packet_read_memdup(p, rdlength - 2,
1904 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
1905 NULL);
1906
1907 if (rr->sshfp.fingerprint_size <= 0)
1908 /* the accepted size depends on the algorithm, but for now
1909 just ensure that the value is greater than zero */
1910 return -EBADMSG;
1911
1912 break;
1913
1914 case DNS_TYPE_DNSKEY:
1915 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
1916 if (r < 0)
1917 return r;
1918
1919 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
1920 if (r < 0)
1921 return r;
1922
1923 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
1924 if (r < 0)
1925 return r;
1926
1927 if (rdlength < 4)
1928 return -EBADMSG;
1929
1930 r = dns_packet_read_memdup(p, rdlength - 4,
1931 &rr->dnskey.key, &rr->dnskey.key_size,
1932 NULL);
1933
1934 if (rr->dnskey.key_size <= 0)
1935 /* the accepted size depends on the algorithm, but for now
1936 just ensure that the value is greater than zero */
1937 return -EBADMSG;
1938
1939 break;
1940
1941 case DNS_TYPE_RRSIG:
1942 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
1943 if (r < 0)
1944 return r;
1945
1946 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
1947 if (r < 0)
1948 return r;
1949
1950 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
1951 if (r < 0)
1952 return r;
1953
1954 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
1955 if (r < 0)
1956 return r;
1957
1958 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
1959 if (r < 0)
1960 return r;
1961
1962 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
1963 if (r < 0)
1964 return r;
1965
1966 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
1967 if (r < 0)
1968 return r;
1969
1970 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
1971 if (r < 0)
1972 return r;
1973
1974 if (rdlength + offset < p->rindex)
1975 return -EBADMSG;
1976
1977 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
1978 &rr->rrsig.signature, &rr->rrsig.signature_size,
1979 NULL);
1980
1981 if (rr->rrsig.signature_size <= 0)
1982 /* the accepted size depends on the algorithm, but for now
1983 just ensure that the value is greater than zero */
1984 return -EBADMSG;
1985
1986 break;
1987
1988 case DNS_TYPE_NSEC: {
1989
1990 /*
1991 * RFC6762, section 18.14 explicitly states mDNS should use name compression.
1992 * This contradicts RFC3845, section 2.1.1
1993 */
1994
1995 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
1996
1997 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
1998 if (r < 0)
1999 return r;
2000
2001 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
2002
2003 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
2004 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
2005 * without the NSEC bit set. */
2006
2007 break;
2008 }
2009 case DNS_TYPE_NSEC3: {
2010 uint8_t size;
2011
2012 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
2013 if (r < 0)
2014 return r;
2015
2016 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
2017 if (r < 0)
2018 return r;
2019
2020 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
2021 if (r < 0)
2022 return r;
2023
2024 /* this may be zero */
2025 r = dns_packet_read_uint8(p, &size, NULL);
2026 if (r < 0)
2027 return r;
2028
2029 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
2030 if (r < 0)
2031 return r;
2032
2033 r = dns_packet_read_uint8(p, &size, NULL);
2034 if (r < 0)
2035 return r;
2036
2037 if (size <= 0)
2038 return -EBADMSG;
2039
2040 r = dns_packet_read_memdup(p, size,
2041 &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size,
2042 NULL);
2043 if (r < 0)
2044 return r;
2045
2046 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
2047
2048 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
2049
2050 break;
2051 }
2052
2053 case DNS_TYPE_TLSA:
2054 r = dns_packet_read_uint8(p, &rr->tlsa.cert_usage, NULL);
2055 if (r < 0)
2056 return r;
2057
2058 r = dns_packet_read_uint8(p, &rr->tlsa.selector, NULL);
2059 if (r < 0)
2060 return r;
2061
2062 r = dns_packet_read_uint8(p, &rr->tlsa.matching_type, NULL);
2063 if (r < 0)
2064 return r;
2065
2066 if (rdlength < 3)
2067 return -EBADMSG;
2068
2069 r = dns_packet_read_memdup(p, rdlength - 3,
2070 &rr->tlsa.data, &rr->tlsa.data_size,
2071 NULL);
2072
2073 if (rr->tlsa.data_size <= 0)
2074 /* the accepted size depends on the algorithm, but for now
2075 just ensure that the value is greater than zero */
2076 return -EBADMSG;
2077
2078 break;
2079
2080 case DNS_TYPE_CAA:
2081 r = dns_packet_read_uint8(p, &rr->caa.flags, NULL);
2082 if (r < 0)
2083 return r;
2084
2085 r = dns_packet_read_string(p, &rr->caa.tag, NULL);
2086 if (r < 0)
2087 return r;
2088
2089 if (rdlength + offset < p->rindex)
2090 return -EBADMSG;
2091
2092 r = dns_packet_read_memdup(p,
2093 rdlength + offset - p->rindex,
2094 &rr->caa.value, &rr->caa.value_size, NULL);
2095
2096 break;
2097
2098 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
2099 case DNS_TYPE_OPENPGPKEY:
2100 default:
2101 unparsable:
2102 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.data_size, NULL);
2103
2104 break;
2105 }
2106 if (r < 0)
2107 return r;
2108 if (p->rindex != offset + rdlength)
2109 return -EBADMSG;
2110
2111 *ret = TAKE_PTR(rr);
2112
2113 if (ret_cache_flush)
2114 *ret_cache_flush = cache_flush;
2115 if (start)
2116 *start = rewinder.saved_rindex;
2117 CANCEL_REWINDER(rewinder);
2118
2119 return 0;
2120 }
2121
2122 static bool opt_is_good(DnsResourceRecord *rr, bool *rfc6975) {
2123 const uint8_t* p;
2124 bool found_dau_dhu_n3u = false;
2125 size_t l;
2126
2127 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2128 * a reply). */
2129
2130 assert(rr);
2131 assert(rr->key->type == DNS_TYPE_OPT);
2132
2133 /* Check that the version is 0 */
2134 if (((rr->ttl >> 16) & UINT32_C(0xFF)) != 0) {
2135 *rfc6975 = false;
2136 return true; /* if it's not version 0, it's OK, but we will ignore the OPT field contents */
2137 }
2138
2139 p = rr->opt.data;
2140 l = rr->opt.data_size;
2141 while (l > 0) {
2142 uint16_t option_code, option_length;
2143
2144 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2145 if (l < 4U)
2146 return false;
2147
2148 option_code = unaligned_read_be16(p);
2149 option_length = unaligned_read_be16(p + 2);
2150
2151 if (l < option_length + 4U)
2152 return false;
2153
2154 /* RFC 6975 DAU, DHU or N3U fields found. */
2155 if (IN_SET(option_code, 5, 6, 7))
2156 found_dau_dhu_n3u = true;
2157
2158 p += option_length + 4U;
2159 l -= option_length + 4U;
2160 }
2161
2162 *rfc6975 = found_dau_dhu_n3u;
2163 return true;
2164 }
2165
2166 static int dns_packet_extract_question(DnsPacket *p, DnsQuestion **ret_question) {
2167 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2168 unsigned n, i;
2169 int r;
2170
2171 n = DNS_PACKET_QDCOUNT(p);
2172 if (n > 0) {
2173 question = dns_question_new(n);
2174 if (!question)
2175 return -ENOMEM;
2176
2177 _cleanup_set_free_ Set *keys = NULL; /* references to keys are kept by Question */
2178
2179 keys = set_new(&dns_resource_key_hash_ops);
2180 if (!keys)
2181 return log_oom();
2182
2183 r = set_reserve(keys, n * 2); /* Higher multipliers give slightly higher efficiency through
2184 * hash collisions, but the gains quickly drop off after 2. */
2185 if (r < 0)
2186 return r;
2187
2188 for (i = 0; i < n; i++) {
2189 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
2190 bool cache_flush;
2191
2192 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
2193 if (r < 0)
2194 return r;
2195
2196 if (cache_flush)
2197 return -EBADMSG;
2198
2199 if (!dns_type_is_valid_query(key->type))
2200 return -EBADMSG;
2201
2202 r = set_put(keys, key);
2203 if (r < 0)
2204 return r;
2205 if (r == 0)
2206 /* Already in the Question, let's skip */
2207 continue;
2208
2209 r = dns_question_add_raw(question, key);
2210 if (r < 0)
2211 return r;
2212 }
2213 }
2214
2215 *ret_question = TAKE_PTR(question);
2216
2217 return 0;
2218 }
2219
2220 static int dns_packet_extract_answer(DnsPacket *p, DnsAnswer **ret_answer) {
2221 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2222 unsigned n, i;
2223 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL;
2224 bool bad_opt = false;
2225 int r;
2226
2227 n = DNS_PACKET_RRCOUNT(p);
2228 if (n == 0)
2229 return 0;
2230
2231 answer = dns_answer_new(n);
2232 if (!answer)
2233 return -ENOMEM;
2234
2235 for (i = 0; i < n; i++) {
2236 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2237 bool cache_flush = false;
2238 size_t start;
2239
2240 r = dns_packet_read_rr(p, &rr, &cache_flush, &start);
2241 if (r < 0)
2242 return r;
2243
2244 /* Try to reduce memory usage a bit */
2245 if (previous)
2246 dns_resource_key_reduce(&rr->key, &previous->key);
2247
2248 if (rr->key->type == DNS_TYPE_OPT) {
2249 bool has_rfc6975;
2250
2251 if (p->opt || bad_opt) {
2252 /* Multiple OPT RRs? if so, let's ignore all, because there's
2253 * something wrong with the server, and if one is valid we wouldn't
2254 * know which one. */
2255 log_debug("Multiple OPT RRs detected, ignoring all.");
2256 bad_opt = true;
2257 continue;
2258 }
2259
2260 if (!dns_name_is_root(dns_resource_key_name(rr->key))) {
2261 /* If the OPT RR is not owned by the root domain, then it is bad,
2262 * let's ignore it. */
2263 log_debug("OPT RR is not owned by root domain, ignoring.");
2264 bad_opt = true;
2265 continue;
2266 }
2267
2268 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2269 /* OPT RR is in the wrong section? Some Belkin routers do this. This
2270 * is a hint the EDNS implementation is borked, like the Belkin one
2271 * is, hence ignore it. */
2272 log_debug("OPT RR in wrong section, ignoring.");
2273 bad_opt = true;
2274 continue;
2275 }
2276
2277 if (!opt_is_good(rr, &has_rfc6975)) {
2278 log_debug("Malformed OPT RR, ignoring.");
2279 bad_opt = true;
2280 continue;
2281 }
2282
2283 if (DNS_PACKET_QR(p)) {
2284 /* Additional checks for responses */
2285
2286 if (!DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(rr))
2287 /* If this is a reply and we don't know the EDNS version
2288 * then something is weird... */
2289 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2290 "EDNS version newer that our request, bad server.");
2291
2292 if (has_rfc6975) {
2293 /* If the OPT RR contains RFC6975 algorithm data, then this
2294 * is indication that the server just copied the OPT it got
2295 * from us (which contained that data) back into the reply.
2296 * If so, then it doesn't properly support EDNS, as RFC6975
2297 * makes it very clear that the algorithm data should only
2298 * be contained in questions, never in replies. Crappy
2299 * Belkin routers copy the OPT data for example, hence let's
2300 * detect this so that we downgrade early. */
2301 log_debug("OPT RR contains RFC6975 data, ignoring.");
2302 bad_opt = true;
2303 continue;
2304 }
2305 }
2306
2307 p->opt = dns_resource_record_ref(rr);
2308 p->opt_start = start;
2309 assert(p->rindex >= start);
2310 p->opt_size = p->rindex - start;
2311 } else {
2312 /* According to RFC 4795, section 2.9. only the RRs from the Answer section
2313 * shall be cached. Hence mark only those RRs as cacheable by default, but
2314 * not the ones from the Additional or Authority sections. */
2315 DnsAnswerFlags flags =
2316 (i < DNS_PACKET_ANCOUNT(p) ? DNS_ANSWER_CACHEABLE : 0) |
2317 (p->protocol == DNS_PROTOCOL_MDNS && !cache_flush ? DNS_ANSWER_SHARED_OWNER : 0);
2318
2319 r = dns_answer_add(answer, rr, p->ifindex, flags);
2320 if (r < 0)
2321 return r;
2322 }
2323
2324 /* Remember this RR, so that we potentically can merge it's ->key object with the
2325 * next RR. Note that we only do this if we actually decided to keep the RR around.
2326 */
2327 dns_resource_record_unref(previous);
2328 previous = dns_resource_record_ref(rr);
2329 }
2330
2331 if (bad_opt)
2332 p->opt = dns_resource_record_unref(p->opt);
2333
2334 *ret_answer = TAKE_PTR(answer);
2335
2336 return 0;
2337 }
2338
2339 int dns_packet_extract(DnsPacket *p) {
2340 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2341 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2342 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = {};
2343 int r;
2344
2345 if (p->extracted)
2346 return 0;
2347
2348 INIT_REWINDER(rewinder, p);
2349 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2350
2351 r = dns_packet_extract_question(p, &question);
2352 if (r < 0)
2353 return r;
2354
2355 r = dns_packet_extract_answer(p, &answer);
2356 if (r < 0)
2357 return r;
2358
2359 p->question = TAKE_PTR(question);
2360 p->answer = TAKE_PTR(answer);
2361
2362 p->extracted = true;
2363
2364 /* no CANCEL, always rewind */
2365 return 0;
2366 }
2367
2368 int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2369 int r;
2370
2371 assert(p);
2372 assert(key);
2373
2374 /* Checks if the specified packet is a reply for the specified
2375 * key and the specified key is the only one in the question
2376 * section. */
2377
2378 if (DNS_PACKET_QR(p) != 1)
2379 return 0;
2380
2381 /* Let's unpack the packet, if that hasn't happened yet. */
2382 r = dns_packet_extract(p);
2383 if (r < 0)
2384 return r;
2385
2386 if (!p->question)
2387 return 0;
2388
2389 if (p->question->n_keys != 1)
2390 return 0;
2391
2392 return dns_resource_key_equal(p->question->keys[0], key);
2393 }
2394
2395 int dns_packet_patch_max_udp_size(DnsPacket *p, uint16_t max_udp_size) {
2396 assert(p);
2397 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
2398
2399 if (p->opt_start == (size_t) -1) /* No OPT section, nothing to patch */
2400 return 0;
2401
2402 assert(p->opt_size != (size_t) -1);
2403 assert(p->opt_size >= 5);
2404
2405 unaligned_write_be16(DNS_PACKET_DATA(p) + p->opt_start + 3, max_udp_size);
2406 return 1;
2407 }
2408
2409 static void dns_packet_hash_func(const DnsPacket *s, struct siphash *state) {
2410 assert(s);
2411
2412 siphash24_compress(&s->size, sizeof(s->size), state);
2413 siphash24_compress(DNS_PACKET_DATA((DnsPacket*) s), s->size, state);
2414 }
2415
2416 static int dns_packet_compare_func(const DnsPacket *x, const DnsPacket *y) {
2417 int r;
2418
2419 r = CMP(x->size, y->size);
2420 if (r != 0)
2421 return r;
2422
2423 return memcmp(DNS_PACKET_DATA((DnsPacket*) x), DNS_PACKET_DATA((DnsPacket*) y), x->size);
2424 }
2425
2426 DEFINE_HASH_OPS(dns_packet_hash_ops, DnsPacket, dns_packet_hash_func, dns_packet_compare_func);
2427
2428 static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
2429 [DNS_RCODE_SUCCESS] = "SUCCESS",
2430 [DNS_RCODE_FORMERR] = "FORMERR",
2431 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2432 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2433 [DNS_RCODE_NOTIMP] = "NOTIMP",
2434 [DNS_RCODE_REFUSED] = "REFUSED",
2435 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2436 [DNS_RCODE_YXRRSET] = "YRRSET",
2437 [DNS_RCODE_NXRRSET] = "NXRRSET",
2438 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2439 [DNS_RCODE_NOTZONE] = "NOTZONE",
2440 [DNS_RCODE_BADVERS] = "BADVERS",
2441 [DNS_RCODE_BADKEY] = "BADKEY",
2442 [DNS_RCODE_BADTIME] = "BADTIME",
2443 [DNS_RCODE_BADMODE] = "BADMODE",
2444 [DNS_RCODE_BADNAME] = "BADNAME",
2445 [DNS_RCODE_BADALG] = "BADALG",
2446 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
2447 [DNS_RCODE_BADCOOKIE] = "BADCOOKIE",
2448 };
2449 DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
2450
2451 static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
2452 [DNS_PROTOCOL_DNS] = "dns",
2453 [DNS_PROTOCOL_MDNS] = "mdns",
2454 [DNS_PROTOCOL_LLMNR] = "llmnr",
2455 };
2456 DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.