]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Various multi-dt fixes and CHID test (#35056)
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
74b2466e 2
73a4cd17 3#if HAVE_GCRYPT
7e8facb3 4# include <gcrypt.h>
73a4cd17
MCO		 5#endif
6
b5efdb8a 7#include "alloc-util.h"
4ad7f276 8#include "dns-domain.h"
ac684446 9#include "escape.h"
0a970718 10#include "memory-util.h"
74b2466e 11#include "resolved-dns-packet.h"
2d34cf0c 12#include "set.h"
0d609349 13#include "stdio-util.h"
8b43440b
LP		 14#include "string-table.h"
15#include "strv.h"
16#include "unaligned.h"
17#include "utf8.h"
74b2466e 18
7586f4d1
TG		 19#define EDNS0_OPT_DO (1<<15)
20
ab1a1ba5 21assert_cc(DNS_PACKET_SIZE_START > DNS_PACKET_HEADER_SIZE);
88795538 22
e18a3c73
ZJS		 23typedef struct DnsPacketRewinder {
24 DnsPacket *packet;
25 size_t saved_rindex;
26} DnsPacketRewinder;
27
28static void rewind_dns_packet(DnsPacketRewinder *rewinder) {
29 if (rewinder->packet)
30 dns_packet_rewind(rewinder->packet, rewinder->saved_rindex);
31}
32
0c4f37f0
ZJS		 33#define REWINDER_INIT(p) { \
34 .packet = (p), \
35 .saved_rindex = (p)->rindex, \
36 }
37#define CANCEL_REWINDER(rewinder) do { (rewinder).packet = NULL; } while (0)
e18a3c73 38
51027656
LP		 39int dns_packet_new(
40 DnsPacket **ret,
41 DnsProtocol protocol,
42 size_t min_alloc_dsize,
43 size_t max_size) {
44
74b2466e
LP		 45 DnsPacket *p;
46 size_t a;
47
48 assert(ret);
51027656
LP		 49 assert(max_size >= DNS_PACKET_HEADER_SIZE);
50
51 if (max_size > DNS_PACKET_SIZE_MAX)
52 max_size = DNS_PACKET_SIZE_MAX;
74b2466e 53
46a58596
BR		 54 /* The caller may not check what is going to be truly allocated, so do not allow to
55 * allocate a DNS packet bigger than DNS_PACKET_SIZE_MAX.
56 */
baaa35ad
ZJS		 57 if (min_alloc_dsize > DNS_PACKET_SIZE_MAX)
58 return log_error_errno(SYNTHETIC_ERRNO(EFBIG),
59 "Requested packet data size too big: %zu",
60 min_alloc_dsize);
46a58596
BR		 61
62 /* When dns_packet_new() is called with min_alloc_dsize == 0, allocate more than the
88795538
ZJS		 63 * absolute minimum (which is the dns packet header size), to avoid
64 * resizing immediately again after appending the first data to the packet.
65 */
46a58596 66 if (min_alloc_dsize < DNS_PACKET_HEADER_SIZE)
88795538
ZJS		 67 a = DNS_PACKET_SIZE_START;
68 else
46a58596 69 a = min_alloc_dsize;
74b2466e 70
c73ce96b
LP		 71 /* round up to next page size */
72 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
73
74 /* make sure we never allocate more than useful */
51027656
LP		 75 if (a > max_size)
76 a = max_size;
c73ce96b 77
74b2466e
LP		 78 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
79 if (!p)
80 return -ENOMEM;
81
1ed31408
LP		 82 *p = (DnsPacket) {
83 .n_ref = 1,
84 .protocol = protocol,
85 .size = DNS_PACKET_HEADER_SIZE,
86 .rindex = DNS_PACKET_HEADER_SIZE,
87 .allocated = a,
88 .max_size = max_size,
f5fbe71d
YW		 89 .opt_start = SIZE_MAX,
90 .opt_size = SIZE_MAX,
1ed31408 91 };
74b2466e
LP		 92
93 *ret = p;
94
95 return 0;
96}
97
dbfbb6e7 98void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
74b2466e 99
dbfbb6e7 100 DnsPacketHeader *h;
74b2466e 101
dbfbb6e7 102 assert(p);
74b2466e
LP		 103
104 h = DNS_PACKET_HEADER(p);
1716f6dc 105
79893116 106 switch (p->protocol) {
dbfbb6e7
DM		 107 case DNS_PROTOCOL_LLMNR:
108 assert(!truncated);
109
069360a6
LP		 110 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
111 0 /* opcode */,
112 0 /* c */,
e5abebab 113 0 /* tc */,
069360a6
LP		 114 0 /* t */,
115 0 /* ra */,
116 0 /* ad */,
117 0 /* cd */,
118 0 /* rcode */));
dbfbb6e7
DM		 119 break;
120
121 case DNS_PROTOCOL_MDNS:
122 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
123 0 /* opcode */,
124 0 /* aa */,
125 truncated /* tc */,
126 0 /* rd (ask for recursion) */,
127 0 /* ra */,
128 0 /* ad */,
129 0 /* cd */,
130 0 /* rcode */));
131 break;
132
133 default:
134 assert(!truncated);
135
069360a6
LP		 136 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
137 0 /* opcode */,
138 0 /* aa */,
139 0 /* tc */,
140 1 /* rd (ask for recursion) */,
141 0 /* ra */,
142 0 /* ad */,
24710c48 143 dnssec_checking_disabled /* cd */,
069360a6 144 0 /* rcode */));
dbfbb6e7
DM		 145 }
146}
147
46a58596 148int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t min_alloc_dsize, bool dnssec_checking_disabled) {
dbfbb6e7
DM		 149 DnsPacket *p;
150 int r;
151
152 assert(ret);
153
51027656 154 r = dns_packet_new(&p, protocol, min_alloc_dsize, DNS_PACKET_SIZE_MAX);
dbfbb6e7
DM		 155 if (r < 0)
156 return r;
157
158 /* Always set the TC bit to 0 initially.
159 * If there are multiple packets later, we'll update the bit shortly before sending.
160 */
161 dns_packet_set_flags(p, dnssec_checking_disabled, false);
74b2466e
LP		 162
163 *ret = p;
164 return 0;
165}
166
1a6cd020
LP		 167int dns_packet_dup(DnsPacket **ret, DnsPacket *p) {
168 DnsPacket *c;
169 int r;
170
171 assert(ret);
172 assert(p);
173
174 r = dns_packet_validate(p);
175 if (r < 0)
176 return r;
177
178 c = malloc(ALIGN(sizeof(DnsPacket)) + p->size);
179 if (!c)
180 return -ENOMEM;
181
182 *c = (DnsPacket) {
183 .n_ref = 1,
184 .protocol = p->protocol,
185 .size = p->size,
186 .rindex = DNS_PACKET_HEADER_SIZE,
187 .allocated = p->size,
188 .max_size = p->max_size,
f5fbe71d
YW		 189 .opt_start = SIZE_MAX,
190 .opt_size = SIZE_MAX,
1a6cd020
LP		 191 };
192
193 memcpy(DNS_PACKET_DATA(c), DNS_PACKET_DATA(p), p->size);
194
195 *ret = c;
196 return 0;
197}
198
74b2466e
LP		 199DnsPacket *dns_packet_ref(DnsPacket *p) {
200
201 if (!p)
202 return NULL;
203
a8812dd7
LP		 204 assert(!p->on_stack);
205
74b2466e
LP		 206 assert(p->n_ref > 0);
207 p->n_ref++;
208 return p;
209}
210
211static void dns_packet_free(DnsPacket *p) {
212 char *s;
213
214 assert(p);
215
faa133f3
LP		 216 dns_question_unref(p->question);
217 dns_answer_unref(p->answer);
d75acfb0 218 dns_resource_record_unref(p->opt);
322345fd 219
74b2466e
LP		 220 while ((s = hashmap_steal_first_key(p->names)))
221 free(s);
222 hashmap_free(p->names);
223
faa133f3 224 free(p->_data);
a8812dd7
LP		 225
226 if (!p->on_stack)
227 free(p);
74b2466e
LP		 228}
229
230DnsPacket *dns_packet_unref(DnsPacket *p) {
231 if (!p)
232 return NULL;
233
234 assert(p->n_ref > 0);
235
6728a58d 236 dns_packet_unref(p->more);
9c491563 237
74b2466e
LP		 238 if (p->n_ref == 1)
239 dns_packet_free(p);
240 else
241 p->n_ref--;
242
243 return NULL;
244}
245
246int dns_packet_validate(DnsPacket *p) {
247 assert(p);
248
249 if (p->size < DNS_PACKET_HEADER_SIZE)
250 return -EBADMSG;
251
c73ce96b
LP		 252 if (p->size > DNS_PACKET_SIZE_MAX)
253 return -EBADMSG;
254
623a4c97 255 return 1;
74b2466e
LP		 256}
257
258int dns_packet_validate_reply(DnsPacket *p) {
74b2466e
LP		 259 int r;
260
261 assert(p);
262
263 r = dns_packet_validate(p);
264 if (r < 0)
265 return r;
266
623a4c97
LP		 267 if (DNS_PACKET_QR(p) != 1)
268 return 0;
269
270 if (DNS_PACKET_OPCODE(p) != 0)
74b2466e
LP		 271 return -EBADMSG;
272
818ef443 273 switch (p->protocol) {
d75acfb0 274
818ef443
DM		 275 case DNS_PROTOCOL_LLMNR:
276 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
277 if (DNS_PACKET_QDCOUNT(p) != 1)
278 return -EBADMSG;
279
280 break;
281
4e5bf5e1
DM		 282 case DNS_PROTOCOL_MDNS:
283 /* RFC 6762, Section 18 */
284 if (DNS_PACKET_RCODE(p) != 0)
285 return -EBADMSG;
286
287 break;
288
818ef443
DM		 289 default:
290 break;
291 }
ea917db9 292
623a4c97
LP		 293 return 1;
294}
295
296int dns_packet_validate_query(DnsPacket *p) {
297 int r;
298
299 assert(p);
300
301 r = dns_packet_validate(p);
302 if (r < 0)
303 return r;
304
305 if (DNS_PACKET_QR(p) != 0)
306 return 0;
307
3cb10d3a 308 if (DNS_PACKET_OPCODE(p) != 0)
74b2466e
LP		 309 return -EBADMSG;
310
818ef443 311 switch (p->protocol) {
d75acfb0 312
b30bf55d 313 case DNS_PROTOCOL_DNS:
ba1749f6
YW		 314 if (DNS_PACKET_TC(p))
315 return -EBADMSG;
316
317 if (DNS_PACKET_QDCOUNT(p) != 1)
318 return -EBADMSG;
319
320 if (DNS_PACKET_ANCOUNT(p) > 0)
321 return -EBADMSG;
322
323 /* Note, in most cases, DNS query packet does not have authority section. But some query
324 * types, e.g. IXFR, have Authority sections. Hence, unlike the check for LLMNR, we do not
325 * check DNS_PACKET_NSCOUNT(p) here. */
326 break;
327
328 case DNS_PROTOCOL_LLMNR:
329 if (DNS_PACKET_TC(p))
6f087266
YW		 330 return -EBADMSG;
331
818ef443
DM		 332 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
333 if (DNS_PACKET_QDCOUNT(p) != 1)
334 return -EBADMSG;
623a4c97 335
818ef443
DM		 336 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
337 if (DNS_PACKET_ANCOUNT(p) > 0)
338 return -EBADMSG;
623a4c97 339
818ef443
DM		 340 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
341 if (DNS_PACKET_NSCOUNT(p) > 0)
342 return -EBADMSG;
343
344 break;
345
4e5bf5e1 346 case DNS_PROTOCOL_MDNS:
ba1749f6
YW		 347 /* Note, mDNS query may have truncation flag. So, unlike the check for DNS and LLMNR,
348 * we do not check DNS_PACKET_TC(p) here. */
349
2aaf3765
SB		 350 /* RFC 6762, Section 18 specifies that messages with non-zero RCODE
351 * must be silently ignored, and that we must ignore the values of
352 * AA, RD, RA, AD, and CD bits. */
353 if (DNS_PACKET_RCODE(p) != 0)
4e5bf5e1
DM		 354 return -EBADMSG;
355
356 break;
357
818ef443
DM		 358 default:
359 break;
360 }
623a4c97
LP		 361
362 return 1;
74b2466e
LP		 363}
364
365static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
366 assert(p);
367
c73ce96b 368 if (p->size + add > p->allocated) {
51027656 369 size_t a, ms;
c73ce96b
LP		 370
371 a = PAGE_ALIGN((p->size + add) * 2);
51027656
LP		 372
373 ms = dns_packet_size_max(p);
374 if (a > ms)
375 a = ms;
c73ce96b
LP		 376
377 if (p->size + add > a)
378 return -EMSGSIZE;
379
faa133f3 380 if (p->_data) {
c73ce96b
LP		 381 void *d;
382
faa133f3 383 d = realloc(p->_data, a);
c73ce96b
LP		 384 if (!d)
385 return -ENOMEM;
386
faa133f3 387 p->_data = d;
c73ce96b 388 } else {
faa133f3
LP		 389 p->_data = malloc(a);
390 if (!p->_data)
c73ce96b
LP		 391 return -ENOMEM;
392
faa133f3
LP		 393 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
394 memzero((uint8_t*) p->_data + p->size, a - p->size);
c73ce96b
LP		 395 }
396
397 p->allocated = a;
398 }
74b2466e
LP		 399
400 if (start)
401 *start = p->size;
402
403 if (ret)
404 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
405
406 p->size += add;
407 return 0;
408}
409
9c5e12a4 410void dns_packet_truncate(DnsPacket *p, size_t sz) {
74b2466e
LP		 411 char *s;
412 void *n;
413
414 assert(p);
415
416 if (p->size <= sz)
417 return;
418
90e74a66 419 HASHMAP_FOREACH_KEY(n, s, p->names) {
74b2466e
LP		 420
421 if (PTR_TO_SIZE(n) < sz)
422 continue;
423
424 hashmap_remove(p->names, s);
425 free(s);
426 }
427
428 p->size = sz;
429}
430
623a4c97
LP		 431int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
432 void *q;
433 int r;
434
435 assert(p);
436
437 r = dns_packet_extend(p, l, &q, start);
438 if (r < 0)
439 return r;
440
1f66559c 441 memcpy_safe(q, d, l);
623a4c97
LP		 442 return 0;
443}
444
74b2466e
LP		 445int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
446 void *d;
447 int r;
448
449 assert(p);
450
451 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
452 if (r < 0)
453 return r;
454
455 ((uint8_t*) d)[0] = v;
456
457 return 0;
458}
459
460int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
461 void *d;
462 int r;
463
464 assert(p);
465
466 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
467 if (r < 0)
468 return r;
469
725ca0e5 470 unaligned_write_be16(d, v);
623a4c97
LP		 471
472 return 0;
473}
474
475int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
476 void *d;
477 int r;
478
479 assert(p);
480
481 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
482 if (r < 0)
483 return r;
484
725ca0e5 485 unaligned_write_be32(d, v);
74b2466e
LP		 486
487 return 0;
488}
489
490int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
74b2466e
LP		 491 assert(p);
492 assert(s);
493
c38a52da 494 return dns_packet_append_raw_string(p, s, strlen(s), start);
74b2466e
LP		 495}
496
2001c805
LP		 497int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
498 void *d;
499 int r;
500
501 assert(p);
502 assert(s || size == 0);
503
504 if (size > 255)
505 return -E2BIG;
506
507 r = dns_packet_extend(p, 1 + size, &d, start);
508 if (r < 0)
509 return r;
510
511 ((uint8_t*) d)[0] = (uint8_t) size;
512
75f32f04 513 memcpy_safe(((uint8_t*) d) + 1, s, size);
2001c805
LP		 514
515 return 0;
516}
517
a3db237b 518int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
a8812dd7 519 uint8_t *w;
74b2466e
LP		 520 int r;
521
a3db237b
LP		 522 /* Append a label to a packet. Optionally, does this in DNSSEC
523 * canonical form, if this label is marked as a candidate for
524 * it, and the canonical form logic is enabled for the
525 * packet */
526
74b2466e
LP		 527 assert(p);
528 assert(d);
529
530 if (l > DNS_LABEL_MAX)
531 return -E2BIG;
532
a8812dd7 533 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
74b2466e
LP		 534 if (r < 0)
535 return r;
536
a8812dd7
LP		 537 *(w++) = (uint8_t) l;
538
64ea42e9 539 if (p->canonical_form && canonical_candidate)
a8812dd7
LP		 540 /* Generate in canonical form, as defined by DNSSEC
541 * RFC 4034, Section 6.2, i.e. all lower-case. */
64ea42e9 542 for (size_t i = 0; i < l; i++)
b577e3d5 543 w[i] = (uint8_t) ascii_tolower(d[i]);
64ea42e9 544 else
a8812dd7
LP		 545 /* Otherwise, just copy the string unaltered. This is
546 * essential for DNS-SD, where the casing of labels
547 * matters and needs to be retained. */
548 memcpy(w, d, l);
74b2466e
LP		 549
550 return 0;
551}
552
f6a5fec6
LP		 553int dns_packet_append_name(
554 DnsPacket *p,
555 const char *name,
556 bool allow_compression,
a3db237b 557 bool canonical_candidate,
f6a5fec6
LP		 558 size_t *start) {
559
360105f1
LP		 560 _cleanup_free_ char **added_entries = NULL; /* doesn't own the strings! this is just regular pointer array, not a NULL-terminated strv! */
561 size_t n_added_entries = 0, saved_size;
74b2466e
LP		 562 int r;
563
564 assert(p);
565 assert(name);
566
e6378561
LP		 567 r = dns_name_is_valid(name);
568 if (r < 0)
569 return r;
570 if (r == 0)
571 return -EINVAL;
572
f6a5fec6
LP		 573 if (p->refuse_compression)
574 allow_compression = false;
575
74b2466e
LP		 576 saved_size = p->size;
577
e48b9a64 578 while (!dns_name_is_root(name)) {
08f904fd 579 const char *z = name;
fd7e9887 580 char label[DNS_LABEL_MAX+1];
151226ab 581 size_t n = 0;
74b2466e 582
151226ab
ZJS		 583 if (allow_compression)
584 n = PTR_TO_SIZE(hashmap_get(p->names, name));
74b2466e
LP		 585 if (n > 0) {
586 assert(n < p->size);
587
588 if (n < 0x4000) {
589 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
590 if (r < 0)
591 goto fail;
592
593 goto done;
594 }
595 }
596
7470cc4c 597 r = dns_label_unescape(&name, label, sizeof label, 0);
74b2466e
LP		 598 if (r < 0)
599 goto fail;
600
a3db237b 601 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
74b2466e
LP		 602 if (r < 0)
603 goto fail;
604
151226ab 605 if (allow_compression) {
08f904fd
LP		 606 _cleanup_free_ char *s = NULL;
607
360105f1
LP		 608 if (!GREEDY_REALLOC(added_entries, n_added_entries + 1)) {
609 r = -ENOMEM;
610 goto fail;
611 }
612
08f904fd
LP		 613 s = strdup(z);
614 if (!s) {
615 r = -ENOMEM;
616 goto fail;
617 }
618
3004fcd0 619 r = hashmap_ensure_put(&p->names, &dns_name_hash_ops, s, SIZE_TO_PTR(n));
151226ab
ZJS		 620 if (r < 0)
621 goto fail;
74b2466e 622
360105f1
LP		 623 /* Keep track of the entries we just added (note that the string is owned by the hashtable, not this array!) */
624 added_entries[n_added_entries++] = TAKE_PTR(s);
151226ab 625 }
74b2466e
LP		 626 }
627
628 r = dns_packet_append_uint8(p, 0, NULL);
629 if (r < 0)
630 return r;
631
632done:
633 if (start)
634 *start = saved_size;
635
636 return 0;
637
638fail:
360105f1
LP		 639 /* Remove all label compression names we added again */
640 FOREACH_ARRAY(s, added_entries, n_added_entries) {
641 hashmap_remove(p->names, *s);
642 free(*s);
643 }
644
74b2466e
LP		 645 dns_packet_truncate(p, saved_size);
646 return r;
647}
648
58ab31d5 649int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, const DnsAnswerFlags flags, size_t *start) {
74b2466e 650 size_t saved_size;
58ab31d5 651 uint16_t class;
74b2466e
LP		 652 int r;
653
654 assert(p);
655 assert(k);
656
657 saved_size = p->size;
658
1c02e7ba 659 r = dns_packet_append_name(p, dns_resource_key_name(k), true, true, NULL);
74b2466e
LP		 660 if (r < 0)
661 goto fail;
662
663 r = dns_packet_append_uint16(p, k->type, NULL);
664 if (r < 0)
665 goto fail;
666
82d39576 667 class = flags & DNS_ANSWER_CACHE_FLUSH ? k->class | MDNS_RR_CACHE_FLUSH_OR_QU : k->class;
58ab31d5 668 r = dns_packet_append_uint16(p, class, NULL);
74b2466e
LP		 669 if (r < 0)
670 goto fail;
671
672 if (start)
673 *start = saved_size;
674
675 return 0;
676
677fail:
678 dns_packet_truncate(p, saved_size);
679 return r;
680}
681
e1a9f1a8 682static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
50f1e641
TG		 683 size_t saved_size;
684 int r;
685
686 assert(p);
687 assert(types);
1792f223 688 assert(length > 0);
50f1e641 689
50f1e641
TG		 690 saved_size = p->size;
691
1792f223
TG		 692 r = dns_packet_append_uint8(p, window, NULL);
693 if (r < 0)
694 goto fail;
50f1e641 695
1792f223
TG		 696 r = dns_packet_append_uint8(p, length, NULL);
697 if (r < 0)
698 goto fail;
6fa91901 699
1792f223
TG		 700 r = dns_packet_append_blob(p, types, length, NULL);
701 if (r < 0)
702 goto fail;
50f1e641
TG		 703
704 if (start)
705 *start = saved_size;
706
707 return 0;
708fail:
709 dns_packet_truncate(p, saved_size);
710 return r;
711}
712
713static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
714 uint8_t window = 0;
1792f223 715 uint8_t entry = 0;
50f1e641
TG		 716 uint8_t bitmaps[32] = {};
717 unsigned n;
718 size_t saved_size;
719 int r;
720
721 assert(p);
50f1e641
TG		 722
723 saved_size = p->size;
724
90e74a66 725 BITMAP_FOREACH(n, types) {
50f1e641
TG		 726 assert(n <= 0xffff);
727
1792f223
TG		 728 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
729 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
50f1e641
TG		 730 if (r < 0)
731 goto fail;
732
1792f223 733 zero(bitmaps);
50f1e641
TG		 734 }
735
1792f223 736 window = n >> 8;
50f1e641
TG		 737 entry = n & 255;
738
739 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
740 }
741
d0ae14ff
LP		 742 if (bitmaps[entry / 8] != 0) {
743 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
744 if (r < 0)
745 goto fail;
746 }
50f1e641
TG		 747
748 if (start)
749 *start = saved_size;
750
751 return 0;
752fail:
753 dns_packet_truncate(p, saved_size);
754 return r;
755}
756
dc913c9a 757/* Append the OPT pseudo-RR described in RFC6891 */
c36d5b5b
LP		 758int dns_packet_append_opt(
759 DnsPacket *p,
760 uint16_t max_udp_size,
761 bool edns0_do,
762 bool include_rfc6975,
4a6eb824 763 const char *nsid,
c36d5b5b 764 int rcode,
4a6eb824 765 size_t *ret_start) {
c36d5b5b 766
dc913c9a
TG		 767 size_t saved_size;
768 int r;
769
770 assert(p);
771 /* we must never advertise supported packet size smaller than the legacy max */
772 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
f2ed4c69
LP		 773 assert(rcode >= 0);
774 assert(rcode <= _DNS_RCODE_MAX);
dc913c9a 775
f5fbe71d 776 if (p->opt_start != SIZE_MAX)
519ef046
LP		 777 return -EBUSY;
778
f5fbe71d 779 assert(p->opt_size == SIZE_MAX);
519ef046 780
dc913c9a
TG		 781 saved_size = p->size;
782
783 /* empty name */
784 r = dns_packet_append_uint8(p, 0, NULL);
785 if (r < 0)
786 return r;
787
788 /* type */
789 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
790 if (r < 0)
791 goto fail;
792
f2ed4c69 793 /* class: maximum udp packet that can be received */
dc913c9a
TG		 794 r = dns_packet_append_uint16(p, max_udp_size, NULL);
795 if (r < 0)
796 goto fail;
797
798 /* extended RCODE and VERSION */
f2ed4c69 799 r = dns_packet_append_uint16(p, ((uint16_t) rcode & 0x0FF0) << 4, NULL);
dc913c9a
TG		 800 if (r < 0)
801 goto fail;
802
7586f4d1
TG		 803 /* flags: DNSSEC OK (DO), see RFC3225 */
804 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
dc913c9a
TG		 805 if (r < 0)
806 goto fail;
807
c36d5b5b
LP		 808 if (edns0_do && include_rfc6975) {
809 /* If DO is on and this is requested, also append RFC6975 Algorithm data. This is supposed to
810 * be done on queries, not on replies, hencer callers should turn this off when finishing off
811 * replies. */
665408ac
LP		 812
813 static const uint8_t rfc6975[] = {
814
980cb160 815 0, DNS_EDNS_OPT_DAU, /* OPTION_CODE */
7e8facb3 816#if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
73a4cd17
MCO		 817 0, 7, /* LIST_LENGTH */
818#else
665408ac 819 0, 6, /* LIST_LENGTH */
73a4cd17 820#endif
665408ac
LP		 821 DNSSEC_ALGORITHM_RSASHA1,
822 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
823 DNSSEC_ALGORITHM_RSASHA256,
824 DNSSEC_ALGORITHM_RSASHA512,
825 DNSSEC_ALGORITHM_ECDSAP256SHA256,
826 DNSSEC_ALGORITHM_ECDSAP384SHA384,
7e8facb3 827#if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
73a4cd17
MCO		 828 DNSSEC_ALGORITHM_ED25519,
829#endif
665408ac 830
980cb160 831 0, DNS_EDNS_OPT_DHU, /* OPTION_CODE */
665408ac
LP		 832 0, 3, /* LIST_LENGTH */
833 DNSSEC_DIGEST_SHA1,
834 DNSSEC_DIGEST_SHA256,
835 DNSSEC_DIGEST_SHA384,
836
980cb160 837 0, DNS_EDNS_OPT_N3U, /* OPTION_CODE */
665408ac
LP		 838 0, 1, /* LIST_LENGTH */
839 NSEC3_ALGORITHM_SHA1,
840 };
841
4a6eb824
LP		 842 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL); /* RDLENGTH */
843 if (r < 0)
844 goto fail;
845
846 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL); /* the payload, as defined above */
847
848 } else if (nsid) {
849
850 if (strlen(nsid) > UINT16_MAX - 4) {
851 r = -E2BIG;
852 goto fail;
853 }
854
855 r = dns_packet_append_uint16(p, 4 + strlen(nsid), NULL); /* RDLENGTH */
665408ac
LP		 856 if (r < 0)
857 goto fail;
858
4a6eb824
LP		 859 r = dns_packet_append_uint16(p, 3, NULL); /* OPTION-CODE: NSID */
860 if (r < 0)
861 goto fail;
862
863 r = dns_packet_append_uint16(p, strlen(nsid), NULL); /* OPTION-LENGTH */
864 if (r < 0)
865 goto fail;
866
867 r = dns_packet_append_blob(p, nsid, strlen(nsid), NULL);
665408ac
LP		 868 } else
869 r = dns_packet_append_uint16(p, 0, NULL);
dc913c9a
TG		 870 if (r < 0)
871 goto fail;
872
519ef046
LP		 873 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
874
875 p->opt_start = saved_size;
876 p->opt_size = p->size - saved_size;
877
4a6eb824
LP		 878 if (ret_start)
879 *ret_start = saved_size;
dc913c9a
TG		 880
881 return 0;
882
883fail:
884 dns_packet_truncate(p, saved_size);
885 return r;
886}
887
519ef046
LP		 888int dns_packet_truncate_opt(DnsPacket *p) {
889 assert(p);
890
f5fbe71d
YW		 891 if (p->opt_start == SIZE_MAX) {
892 assert(p->opt_size == SIZE_MAX);
519ef046
LP		 893 return 0;
894 }
895
f5fbe71d 896 assert(p->opt_size != SIZE_MAX);
519ef046
LP		 897 assert(DNS_PACKET_ARCOUNT(p) > 0);
898
899 if (p->opt_start + p->opt_size != p->size)
900 return -EBUSY;
901
902 dns_packet_truncate(p, p->opt_start);
903 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
f5fbe71d 904 p->opt_start = p->opt_size = SIZE_MAX;
519ef046
LP		 905
906 return 1;
907}
908
58ab31d5 909int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, const DnsAnswerFlags flags, size_t *start, size_t *rdata_start) {
f471bc11 910
a8812dd7 911 size_t saved_size, rdlength_offset, end, rdlength, rds;
c3ae4188 912 uint32_t ttl;
623a4c97
LP		 913 int r;
914
915 assert(p);
916 assert(rr);
917
918 saved_size = p->size;
919
58ab31d5 920 r = dns_packet_append_key(p, rr->key, flags, NULL);
623a4c97
LP		 921 if (r < 0)
922 goto fail;
923
c3ae4188
DR		 924 ttl = flags & DNS_ANSWER_GOODBYE ? 0 : rr->ttl;
925 r = dns_packet_append_uint32(p, ttl, NULL);
623a4c97
LP		 926 if (r < 0)
927 goto fail;
928
929 /* Initially we write 0 here */
930 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
931 if (r < 0)
932 goto fail;
933
a8812dd7
LP		 934 rds = p->size - saved_size;
935
52e085af 936 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
623a4c97 937
9c92ce6d
LP		 938 case DNS_TYPE_SRV:
939 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
940 if (r < 0)
941 goto fail;
942
943 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
944 if (r < 0)
945 goto fail;
946
947 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
948 if (r < 0)
949 goto fail;
950
d9a55740
LP		 951 /* RFC 2782 states "Unless and until permitted by future standards action, name compression
952 * is not to be used for this field." Hence we turn off compression here. */
953 r = dns_packet_append_name(p, rr->srv.name, /* allow_compression= */ false, /* canonical_candidate= */ true, NULL);
9c92ce6d
LP		 954 break;
955
623a4c97
LP		 956 case DNS_TYPE_PTR:
957 case DNS_TYPE_NS:
958 case DNS_TYPE_CNAME:
8ac4e9e1 959 case DNS_TYPE_DNAME:
4e58741d 960 r = dns_packet_append_name(p, rr->ptr.name, true, true, NULL);
623a4c97
LP		 961 break;
962
963 case DNS_TYPE_HINFO:
964 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
965 if (r < 0)
966 goto fail;
967
968 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
969 break;
970
9de3e329 971 case DNS_TYPE_SPF: /* exactly the same as TXT */
2001c805 972 case DNS_TYPE_TXT:
2e276efc 973
2001c805 974 if (!rr->txt.items) {
1ccda9b7
LP		 975 /* RFC 6763, section 6.1 suggests to generate
976 * single empty string for an empty array. */
977
2001c805 978 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
2e276efc
ZJS		 979 if (r < 0)
980 goto fail;
03677889 981 } else
2001c805
LP		 982 LIST_FOREACH(items, i, rr->txt.items) {
983 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
1ccda9b7
LP		 984 if (r < 0)
985 goto fail;
986 }
2e276efc 987
6a6fc3df 988 r = 0;
2e276efc 989 break;
2e276efc 990
623a4c97
LP		 991 case DNS_TYPE_A:
992 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
993 break;
994
995 case DNS_TYPE_AAAA:
996 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
997 break;
998
999 case DNS_TYPE_SOA:
4e58741d 1000 r = dns_packet_append_name(p, rr->soa.mname, true, true, NULL);
623a4c97
LP		 1001 if (r < 0)
1002 goto fail;
1003
4e58741d 1004 r = dns_packet_append_name(p, rr->soa.rname, true, true, NULL);
623a4c97
LP		 1005 if (r < 0)
1006 goto fail;
1007
1008 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
1009 if (r < 0)
1010 goto fail;
1011
1012 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
1013 if (r < 0)
1014 goto fail;
1015
1016 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
1017 if (r < 0)
1018 goto fail;
1019
1020 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
1021 if (r < 0)
1022 goto fail;
1023
1024 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
1025 break;
1026
1027 case DNS_TYPE_MX:
946c7094
ZJS		 1028 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
1029 if (r < 0)
1030 goto fail;
1031
4e58741d 1032 r = dns_packet_append_name(p, rr->mx.exchange, true, true, NULL);
946c7094
ZJS		 1033 break;
1034
0dae31d4
ZJS		 1035 case DNS_TYPE_LOC:
1036 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
1037 if (r < 0)
1038 goto fail;
1039
1040 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
1041 if (r < 0)
1042 goto fail;
1043
1044 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
1045 if (r < 0)
1046 goto fail;
1047
1048 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
1049 if (r < 0)
1050 goto fail;
1051
afbc4f26 1052 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
0dae31d4
ZJS		 1053 if (r < 0)
1054 goto fail;
1055
afbc4f26 1056 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
0dae31d4
ZJS		 1057 if (r < 0)
1058 goto fail;
1059
afbc4f26 1060 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
0dae31d4
ZJS		 1061 break;
1062
abf126a3
TG		 1063 case DNS_TYPE_DS:
1064 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
1065 if (r < 0)
1066 goto fail;
1067
1068 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
1069 if (r < 0)
1070 goto fail;
1071
1072 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
1073 if (r < 0)
1074 goto fail;
1075
1076 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
1077 break;
1078
623a4c97 1079 case DNS_TYPE_SSHFP:
42cc2eeb
LP		 1080 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
1081 if (r < 0)
1082 goto fail;
8db0d2f5 1083
42cc2eeb
LP		 1084 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
1085 if (r < 0)
1086 goto fail;
1087
549c1a25 1088 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
42cc2eeb
LP		 1089 break;
1090
8db0d2f5 1091 case DNS_TYPE_DNSKEY:
f91dc240 1092 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
8db0d2f5
ZJS		 1093 if (r < 0)
1094 goto fail;
1095
f91dc240 1096 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
8db0d2f5
ZJS		 1097 if (r < 0)
1098 goto fail;
1099
1100 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
1101 if (r < 0)
1102 goto fail;
1103
1104 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
1105 break;
1106
151226ab
ZJS		 1107 case DNS_TYPE_RRSIG:
1108 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
1109 if (r < 0)
1110 goto fail;
1111
1112 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
1113 if (r < 0)
1114 goto fail;
1115
1116 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
1117 if (r < 0)
1118 goto fail;
1119
1120 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
1121 if (r < 0)
1122 goto fail;
1123
1124 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
1125 if (r < 0)
1126 goto fail;
1127
1128 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1129 if (r < 0)
1130 goto fail;
1131
0b1b17d3 1132 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
151226ab
ZJS		 1133 if (r < 0)
1134 goto fail;
1135
a3db237b 1136 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
151226ab
ZJS		 1137 if (r < 0)
1138 goto fail;
1139
1140 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1141 break;
1142
50f1e641 1143 case DNS_TYPE_NSEC:
a3db237b 1144 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
50f1e641
TG		 1145 if (r < 0)
1146 goto fail;
1147
1148 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1149 if (r < 0)
1150 goto fail;
1151
5d45a880 1152 break;
d75acfb0 1153
5d45a880
TG		 1154 case DNS_TYPE_NSEC3:
1155 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1156 if (r < 0)
1157 goto fail;
1158
1159 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1160 if (r < 0)
1161 goto fail;
1162
1163 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1164 if (r < 0)
1165 goto fail;
1166
1167 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1168 if (r < 0)
1169 goto fail;
1170
1171 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1172 if (r < 0)
1173 goto fail;
1174
1175 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1176 if (r < 0)
1177 goto fail;
1178
1179 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1180 if (r < 0)
1181 goto fail;
1182
1183 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1184 if (r < 0)
1185 goto fail;
1186
50f1e641 1187 break;
d75acfb0 1188
48d45d2b
ZJS		 1189 case DNS_TYPE_TLSA:
1190 r = dns_packet_append_uint8(p, rr->tlsa.cert_usage, NULL);
1191 if (r < 0)
1192 goto fail;
1193
1194 r = dns_packet_append_uint8(p, rr->tlsa.selector, NULL);
1195 if (r < 0)
1196 goto fail;
1197
1198 r = dns_packet_append_uint8(p, rr->tlsa.matching_type, NULL);
1199 if (r < 0)
1200 goto fail;
1201
1202 r = dns_packet_append_blob(p, rr->tlsa.data, rr->tlsa.data_size, NULL);
1203 break;
1204
e7634d6b
RP		 1205 case DNS_TYPE_SVCB:
1206 case DNS_TYPE_HTTPS:
1207 r = dns_packet_append_uint16(p, rr->svcb.priority, NULL);
1208 if (r < 0)
1209 goto fail;
1210
1211 r = dns_packet_append_name(p, rr->svcb.target_name, false, false, NULL);
1212 if (r < 0)
1213 goto fail;
1214
1215 LIST_FOREACH(params, i, rr->svcb.params) {
1216 r = dns_packet_append_uint16(p, i->key, NULL);
1217 if (r < 0)
1218 goto fail;
1219
1220 r = dns_packet_append_uint16(p, i->length, NULL);
1221 if (r < 0)
1222 goto fail;
1223
1224 r = dns_packet_append_blob(p, i->value, i->length, NULL);
1225 if (r < 0)
1226 goto fail;
1227 }
1228 break;
1229
95052df3
ZJS		 1230 case DNS_TYPE_CAA:
1231 r = dns_packet_append_uint8(p, rr->caa.flags, NULL);
1232 if (r < 0)
1233 goto fail;
1234
1235 r = dns_packet_append_string(p, rr->caa.tag, NULL);
1236 if (r < 0)
1237 goto fail;
1238
1239 r = dns_packet_append_blob(p, rr->caa.value, rr->caa.value_size, NULL);
1240 break;
1241
17615676
LP		 1242 case DNS_TYPE_NAPTR:
1243 r = dns_packet_append_uint16(p, rr->naptr.order, NULL);
1244 if (r < 0)
1245 goto fail;
1246
1247 r = dns_packet_append_uint16(p, rr->naptr.preference, NULL);
1248 if (r < 0)
1249 goto fail;
1250
1251 r = dns_packet_append_string(p, rr->naptr.flags, NULL);
1252 if (r < 0)
1253 goto fail;
1254
1255 r = dns_packet_append_string(p, rr->naptr.services, NULL);
1256 if (r < 0)
1257 goto fail;
1258
1259 r = dns_packet_append_string(p, rr->naptr.regexp, NULL);
1260 if (r < 0)
1261 goto fail;
1262
1263 r = dns_packet_append_name(p, rr->naptr.replacement, /* allow_compression= */ false, /* canonical_candidate= */ true, NULL);
1264 break;
1265
d75acfb0 1266 case DNS_TYPE_OPT:
d93a16b8 1267 case DNS_TYPE_OPENPGPKEY:
52e085af 1268 case _DNS_TYPE_INVALID: /* unparsable */
623a4c97 1269 default:
0dae31d4 1270
a43a068a 1271 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.data_size, NULL);
623a4c97
LP		 1272 break;
1273 }
1274 if (r < 0)
1275 goto fail;
1276
1277 /* Let's calculate the actual data size and update the field */
1278 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1279 if (rdlength > 0xFFFF) {
555f5cdc 1280 r = -ENOSPC;
623a4c97
LP		 1281 goto fail;
1282 }
1283
1284 end = p->size;
1285 p->size = rdlength_offset;
1286 r = dns_packet_append_uint16(p, rdlength, NULL);
1287 if (r < 0)
1288 goto fail;
1289 p->size = end;
1290
351e6342
LP		 1291 if (start)
1292 *start = saved_size;
1293
a8812dd7
LP		 1294 if (rdata_start)
1295 *rdata_start = rds;
1296
623a4c97
LP		 1297 return 0;
1298
1299fail:
1300 dns_packet_truncate(p, saved_size);
1301 return r;
1302}
1303
f471bc11
LP		 1304int dns_packet_append_question(DnsPacket *p, DnsQuestion *q) {
1305 DnsResourceKey *key;
1306 int r;
1307
1308 assert(p);
1309
1310 DNS_QUESTION_FOREACH(key, q) {
58ab31d5 1311 r = dns_packet_append_key(p, key, 0, NULL);
f471bc11
LP		 1312 if (r < 0)
1313 return r;
1314 }
1315
1316 return 0;
1317}
1318
6f76e68a 1319int dns_packet_append_answer(DnsPacket *p, DnsAnswer *a, unsigned *completed) {
f471bc11 1320 DnsResourceRecord *rr;
58ab31d5 1321 DnsAnswerFlags flags;
f471bc11
LP		 1322 int r;
1323
1324 assert(p);
1325
58ab31d5
DR		 1326 DNS_ANSWER_FOREACH_FLAGS(rr, flags, a) {
1327 r = dns_packet_append_rr(p, rr, flags, NULL, NULL);
f471bc11
LP		 1328 if (r < 0)
1329 return r;
6f76e68a
LP		 1330
1331 if (completed)
1332 (*completed)++;
f471bc11
LP		 1333 }
1334
1335 return 0;
1336}
1337
74b2466e
LP		 1338int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1339 assert(p);
370999c0 1340 assert(p->rindex <= p->size);
74b2466e 1341
370999c0 1342 if (sz > p->size - p->rindex)
74b2466e
LP		 1343 return -EMSGSIZE;
1344
1345 if (ret)
1346 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1347
1348 if (start)
1349 *start = p->rindex;
1350
1351 p->rindex += sz;
1352 return 0;
1353}
1354
8ba9fd9c 1355void dns_packet_rewind(DnsPacket *p, size_t idx) {
74b2466e
LP		 1356 assert(p);
1357 assert(idx <= p->size);
1358 assert(idx >= DNS_PACKET_HEADER_SIZE);
1359
1360 p->rindex = idx;
1361}
1362
623a4c97
LP		 1363int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1364 const void *q;
1365 int r;
1366
1367 assert(p);
1368 assert(d);
1369
1370 r = dns_packet_read(p, sz, &q, start);
1371 if (r < 0)
1372 return r;
1373
1374 memcpy(d, q, sz);
1375 return 0;
1376}
1377
f5430a3e
LP		 1378static int dns_packet_read_memdup(
1379 DnsPacket *p, size_t size,
1380 void **ret, size_t *ret_size,
1381 size_t *ret_start) {
1382
1383 const void *src;
1384 size_t start;
1385 int r;
1386
1387 assert(p);
1388 assert(ret);
1389
1390 r = dns_packet_read(p, size, &src, &start);
1391 if (r < 0)
1392 return r;
1393
1394 if (size <= 0)
1395 *ret = NULL;
1396 else {
1397 void *copy;
1398
1399 copy = memdup(src, size);
1400 if (!copy)
1401 return -ENOMEM;
1402
1403 *ret = copy;
1404 }
1405
1406 if (ret_size)
1407 *ret_size = size;
1408 if (ret_start)
1409 *ret_start = start;
1410
1411 return 0;
1412}
1413
74b2466e
LP		 1414int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1415 const void *d;
1416 int r;
1417
1418 assert(p);
1419
1420 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1421 if (r < 0)
1422 return r;
1423
1424 *ret = ((uint8_t*) d)[0];
1425 return 0;
1426}
1427
1428int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1429 const void *d;
1430 int r;
1431
1432 assert(p);
1433
1434 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1435 if (r < 0)
1436 return r;
1437
81b4d94d
LP		 1438 if (ret)
1439 *ret = unaligned_read_be16(d);
725ca0e5 1440
74b2466e
LP		 1441 return 0;
1442}
1443
1444int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1445 const void *d;
1446 int r;
1447
1448 assert(p);
1449
1450 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1451 if (r < 0)
1452 return r;
1453
725ca0e5 1454 *ret = unaligned_read_be32(d);
74b2466e
LP		 1455
1456 return 0;
1457}
1458
1459int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
0c4f37f0 1460 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
7153213e 1461 _cleanup_free_ char *t = NULL;
74b2466e 1462 const void *d;
74b2466e
LP		 1463 uint8_t c;
1464 int r;
1465
7153213e
LP		 1466 assert(p);
1467
74b2466e
LP		 1468 r = dns_packet_read_uint8(p, &c, NULL);
1469 if (r < 0)
e18a3c73 1470 return r;
74b2466e
LP		 1471
1472 r = dns_packet_read(p, c, &d, NULL);
1473 if (r < 0)
e18a3c73 1474 return r;
74b2466e 1475
7153213e
LP		 1476 r = make_cstring(d, c, MAKE_CSTRING_REFUSE_TRAILING_NUL, &t);
1477 if (r < 0)
1478 return r;
74b2466e 1479
7153213e 1480 if (!utf8_is_valid(t))
e18a3c73 1481 return -EBADMSG;
74b2466e 1482
7153213e 1483 *ret = TAKE_PTR(t);
74b2466e
LP		 1484
1485 if (start)
e18a3c73
ZJS		 1486 *start = rewinder.saved_rindex;
1487 CANCEL_REWINDER(rewinder);
74b2466e
LP		 1488
1489 return 0;
74b2466e
LP		 1490}
1491
2001c805 1492int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
0c4f37f0
ZJS		 1493 assert(p);
1494
1495 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
2001c805
LP		 1496 uint8_t c;
1497 int r;
1498
2001c805
LP		 1499 r = dns_packet_read_uint8(p, &c, NULL);
1500 if (r < 0)
e18a3c73 1501 return r;
2001c805
LP		 1502
1503 r = dns_packet_read(p, c, ret, NULL);
1504 if (r < 0)
e18a3c73 1505 return r;
2001c805
LP		 1506
1507 if (size)
1508 *size = c;
1509 if (start)
e18a3c73
ZJS		 1510 *start = rewinder.saved_rindex;
1511 CANCEL_REWINDER(rewinder);
2001c805
LP		 1512
1513 return 0;
2001c805
LP		 1514}
1515
f6a5fec6
LP		 1516int dns_packet_read_name(
1517 DnsPacket *p,
81b4d94d 1518 char **ret,
f6a5fec6 1519 bool allow_compression,
81b4d94d 1520 size_t *ret_start) {
f6a5fec6 1521
0c4f37f0
ZJS		 1522 assert(p);
1523
1524 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1525 size_t after_rindex = 0, jump_barrier = p->rindex;
81b4d94d 1526 _cleanup_free_ char *name = NULL;
74b2466e 1527 bool first = true;
87d6a9fb 1528 size_t n = 0, m = 0;
74b2466e
LP		 1529 int r;
1530
f6a5fec6
LP		 1531 if (p->refuse_compression)
1532 allow_compression = false;
1533
74b2466e
LP		 1534 for (;;) {
1535 uint8_t c, d;
1536
1537 r = dns_packet_read_uint8(p, &c, NULL);
1538 if (r < 0)
e18a3c73 1539 return r;
74b2466e
LP		 1540
1541 if (c == 0)
1542 /* End of name */
1543 break;
1544 else if (c <= 63) {
74b2466e
LP		 1545 const char *label;
1546
1547 /* Literal label */
1548 r = dns_packet_read(p, c, (const void**) &label, NULL);
1549 if (r < 0)
e18a3c73 1550 return r;
74b2466e 1551
319a4f4b 1552 if (!GREEDY_REALLOC(name, n + !first + DNS_LABEL_ESCAPED_MAX))
e18a3c73 1553 return -ENOMEM;
74b2466e 1554
422baca0 1555 if (first)
74b2466e 1556 first = false;
87d6a9fb 1557 else {
81b4d94d 1558 name[n++] = '.';
87d6a9fb
LP		 1559 m++;
1560 }
422baca0 1561
81b4d94d 1562 r = dns_label_escape(label, c, name + n, DNS_LABEL_ESCAPED_MAX);
422baca0 1563 if (r < 0)
e18a3c73 1564 return r;
74b2466e 1565
74b2466e 1566 n += r;
87d6a9fb
LP		 1567 m += c;
1568
1569 if (m > DNS_HOSTNAME_MAX)
1570 return -EBADMSG;
1571
74b2466e 1572 continue;
d7a0f1f4 1573 } else if (allow_compression && FLAGS_SET(c, 0xc0)) {
74b2466e
LP		 1574 uint16_t ptr;
1575
1576 /* Pointer */
1577 r = dns_packet_read_uint8(p, &d, NULL);
1578 if (r < 0)
e18a3c73 1579 return r;
74b2466e
LP		 1580
1581 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
e18a3c73
ZJS		 1582 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier)
1583 return -EBADMSG;
74b2466e
LP		 1584
1585 if (after_rindex == 0)
1586 after_rindex = p->rindex;
1587
f131770b 1588 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
c75dbf9b 1589 jump_barrier = ptr;
74b2466e 1590 p->rindex = ptr;
e18a3c73
ZJS		 1591 } else
1592 return -EBADMSG;
74b2466e
LP		 1593 }
1594
319a4f4b 1595 if (!GREEDY_REALLOC(name, n + 1))
e18a3c73 1596 return -ENOMEM;
74b2466e 1597
81b4d94d 1598 name[n] = 0;
74b2466e
LP		 1599
1600 if (after_rindex != 0)
1601 p->rindex= after_rindex;
1602
81b4d94d
LP		 1603 if (ret)
1604 *ret = TAKE_PTR(name);
1605 if (ret_start)
1606 *ret_start = rewinder.saved_rindex;
74b2466e 1607
e18a3c73 1608 CANCEL_REWINDER(rewinder);
74b2466e
LP		 1609
1610 return 0;
74b2466e
LP		 1611}
1612
50f1e641 1613static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
0c4f37f0
ZJS		 1614 assert(p);
1615 assert(types);
1616
1617 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
1618 uint8_t window, length;
50f1e641 1619 const uint8_t *bitmap;
2ad613ad 1620 uint8_t bit = 0;
50f1e641 1621 bool found = false;
50f1e641
TG		 1622 int r;
1623
50f1e641
TG		 1624 r = bitmap_ensure_allocated(types);
1625 if (r < 0)
e18a3c73 1626 return r;
50f1e641
TG		 1627
1628 r = dns_packet_read_uint8(p, &window, NULL);
1629 if (r < 0)
e18a3c73 1630 return r;
50f1e641
TG		 1631
1632 r = dns_packet_read_uint8(p, &length, NULL);
1633 if (r < 0)
e18a3c73 1634 return r;
50f1e641
TG		 1635
1636 if (length == 0 || length > 32)
1637 return -EBADMSG;
1638
1639 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1640 if (r < 0)
e18a3c73 1641 return r;
50f1e641 1642
64ea42e9 1643 for (uint8_t i = 0; i < length; i++) {
50f1e641 1644 uint8_t bitmask = 1 << 7;
50f1e641
TG		 1645
1646 if (!bitmap[i]) {
1647 found = false;
2ad613ad 1648 bit += 8;
50f1e641
TG		 1649 continue;
1650 }
1651
1652 found = true;
1653
9f939335 1654 for (; bitmask; bit++, bitmask >>= 1)
50f1e641
TG		 1655 if (bitmap[i] & bitmask) {
1656 uint16_t n;
1657
50f1e641
TG		 1658 n = (uint16_t) window << 8 | (uint16_t) bit;
1659
8e6edc49
TG		 1660 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1661 if (dns_type_is_pseudo(n))
1662 continue;
1663
50f1e641
TG		 1664 r = bitmap_set(*types, n);
1665 if (r < 0)
e18a3c73 1666 return r;
50f1e641 1667 }
50f1e641
TG		 1668 }
1669
1670 if (!found)
1671 return -EBADMSG;
1672
1673 if (start)
e18a3c73
ZJS		 1674 *start = rewinder.saved_rindex;
1675 CANCEL_REWINDER(rewinder);
50f1e641
TG		 1676
1677 return 0;
50f1e641
TG		 1678}
1679
89492aaf 1680static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
0c4f37f0 1681 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
89492aaf
TG		 1682 int r;
1683
370999c0 1684 while (p->rindex - rewinder.saved_rindex < size) {
89492aaf
TG		 1685 r = dns_packet_read_type_window(p, types, NULL);
1686 if (r < 0)
e18a3c73 1687 return r;
89492aaf 1688
370999c0
YW		 1689 assert(p->rindex >= rewinder.saved_rindex);
1690
89492aaf 1691 /* don't read past end of current RR */
370999c0 1692 if (p->rindex - rewinder.saved_rindex > size)
e18a3c73 1693 return -EBADMSG;
89492aaf
TG		 1694 }
1695
370999c0 1696 if (p->rindex - rewinder.saved_rindex != size)
e18a3c73 1697 return -EBADMSG;
89492aaf
TG		 1698
1699 if (start)
e18a3c73
ZJS		 1700 *start = rewinder.saved_rindex;
1701 CANCEL_REWINDER(rewinder);
89492aaf
TG		 1702
1703 return 0;
89492aaf
TG		 1704}
1705
81b4d94d
LP		 1706int dns_packet_read_key(
1707 DnsPacket *p,
1708 DnsResourceKey **ret,
82d39576 1709 bool *ret_cache_flush_or_qu,
81b4d94d
LP		 1710 size_t *ret_start) {
1711
0c4f37f0
ZJS		 1712 assert(p);
1713
1714 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
faa133f3 1715 _cleanup_free_ char *name = NULL;
82d39576 1716 bool cache_flush_or_qu = false;
faa133f3 1717 uint16_t class, type;
74b2466e
LP		 1718 int r;
1719
151226ab 1720 r = dns_packet_read_name(p, &name, true, NULL);
74b2466e 1721 if (r < 0)
e18a3c73 1722 return r;
74b2466e 1723
faa133f3 1724 r = dns_packet_read_uint16(p, &type, NULL);
74b2466e 1725 if (r < 0)
e18a3c73 1726 return r;
74b2466e 1727
faa133f3 1728 r = dns_packet_read_uint16(p, &class, NULL);
74b2466e 1729 if (r < 0)
e18a3c73 1730 return r;
74b2466e 1731
23502de3 1732 if (p->protocol == DNS_PROTOCOL_MDNS) {
82d39576 1733 /* See RFC6762, sections 5.4 and 10.2 */
23502de3 1734
82d39576
SB		 1735 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH_OR_QU)) {
1736 class &= ~MDNS_RR_CACHE_FLUSH_OR_QU;
1737 cache_flush_or_qu = true;
d2579eec 1738 }
23502de3
DM		 1739 }
1740
81b4d94d
LP		 1741 if (ret) {
1742 DnsResourceKey *key;
faa133f3 1743
81b4d94d
LP		 1744 key = dns_resource_key_new_consume(class, type, name);
1745 if (!key)
1746 return -ENOMEM;
1747
1748 TAKE_PTR(name);
1749 *ret = key;
1750 }
74b2466e 1751
82d39576
SB		 1752 if (ret_cache_flush_or_qu)
1753 *ret_cache_flush_or_qu = cache_flush_or_qu;
81b4d94d
LP		 1754 if (ret_start)
1755 *ret_start = rewinder.saved_rindex;
74b2466e 1756
81b4d94d 1757 CANCEL_REWINDER(rewinder);
74b2466e 1758 return 0;
74b2466e
LP		 1759}
1760
afbc4f26
ZJS		 1761static bool loc_size_ok(uint8_t size) {
1762 uint8_t m = size >> 4, e = size & 0xF;
1763
1764 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1765}
1766
e7634d6b
RP		 1767static bool dns_svc_param_is_valid(DnsSvcParam *i) {
1768 if (!i)
1769 return false;
1770
1771 switch (i->key) {
1772 /* RFC 9460, section 7.1.1: alpn-ids must exactly fill SvcParamValue */
1773 case DNS_SVC_PARAM_KEY_ALPN: {
1774 size_t sz = 0;
1775 if (i->length <= 0)
1776 return false;
1777 while (sz < i->length)
1778 sz += 1 + i->value[sz]; /* N.B. will not overflow */
1779 return sz == i->length;
1780 }
1781
1782 /* RFC 9460, section 7.1.1: value must be empty */
1783 case DNS_SVC_PARAM_KEY_NO_DEFAULT_ALPN:
1784 return i->length == 0;
1785
1786 /* RFC 9460, section 7.2 */
1787 case DNS_SVC_PARAM_KEY_PORT:
1788 return i->length == 2;
1789
1790 /* RFC 9460, section 7.3: addrs must exactly fill SvcParamValue */
1791 case DNS_SVC_PARAM_KEY_IPV4HINT:
1792 return i->length % (sizeof (struct in_addr)) == 0;
1793 case DNS_SVC_PARAM_KEY_IPV6HINT:
1794 return i->length % (sizeof (struct in6_addr)) == 0;
1795
1796 /* Otherwise, permit any value */
1797 default:
1798 return true;
1799 }
1800}
1801
81b4d94d
LP		 1802int dns_packet_read_rr(
1803 DnsPacket *p,
1804 DnsResourceRecord **ret,
1805 bool *ret_cache_flush,
1806 size_t *ret_start) {
1807
0c4f37f0
ZJS		 1808 assert(p);
1809
1810 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
faa133f3
LP		 1811 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1812 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
e18a3c73 1813 size_t offset;
74b2466e 1814 uint16_t rdlength;
d2579eec 1815 bool cache_flush;
74b2466e
LP		 1816 int r;
1817
d2579eec 1818 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
74b2466e 1819 if (r < 0)
e18a3c73 1820 return r;
74b2466e 1821
e18a3c73
ZJS		 1822 if (!dns_class_is_valid_rr(key->class) || !dns_type_is_valid_rr(key->type))
1823 return -EBADMSG;
0e2bcd6a 1824
faa133f3 1825 rr = dns_resource_record_new(key);
e18a3c73
ZJS		 1826 if (!rr)
1827 return -ENOMEM;
faa133f3 1828
74b2466e
LP		 1829 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1830 if (r < 0)
e18a3c73 1831 return r;
74b2466e 1832
13178797
JC		 1833 /* RFC 2181, Section 8, suggests to treat a TTL with the MSB set as a zero TTL. We avoid doing this
1834 * for OPT records so that all 8 bits of the extended RCODE may be used .*/
1835 if (key->type != DNS_TYPE_OPT && rr->ttl & UINT32_C(0x80000000))
0d0b52d7
LP		 1836 rr->ttl = 0;
1837
74b2466e
LP		 1838 r = dns_packet_read_uint16(p, &rdlength, NULL);
1839 if (r < 0)
e18a3c73 1840 return r;
74b2466e 1841
370999c0 1842 if (rdlength > p->size - p->rindex)
e18a3c73 1843 return -EBADMSG;
74b2466e
LP		 1844
1845 offset = p->rindex;
1846
faa133f3 1847 switch (rr->key->type) {
74b2466e 1848
9c92ce6d
LP		 1849 case DNS_TYPE_SRV:
1850 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1851 if (r < 0)
e18a3c73 1852 return r;
9c92ce6d
LP		 1853 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1854 if (r < 0)
e18a3c73 1855 return r;
9c92ce6d
LP		 1856 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1857 if (r < 0)
e18a3c73 1858 return r;
d9a55740
LP		 1859
1860 /* RFC 2782 states "Unless and until permitted by future standards action, name compression
1861 * is not to be used for this field." Nonetheless, we support it here, in the interest of
1862 * increasing compatibility with implementations that do not implement this correctly. After
1863 * all we didn't do this right once upon a time ourselves (see
1864 * https://github.com/systemd/systemd/issues/9793). */
1865 r = dns_packet_read_name(p, &rr->srv.name, /* allow_compression= */ true, NULL);
9c92ce6d
LP		 1866 break;
1867
74b2466e
LP		 1868 case DNS_TYPE_PTR:
1869 case DNS_TYPE_NS:
1870 case DNS_TYPE_CNAME:
8ac4e9e1 1871 case DNS_TYPE_DNAME:
151226ab 1872 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
74b2466e
LP		 1873 break;
1874
1875 case DNS_TYPE_HINFO:
1876 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1877 if (r < 0)
e18a3c73 1878 return r;
74b2466e
LP		 1879
1880 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1881 break;
1882
9de3e329 1883 case DNS_TYPE_SPF: /* exactly the same as TXT */
1ccda9b7
LP		 1884 case DNS_TYPE_TXT:
1885 if (rdlength <= 0) {
ebb779dc
DR		 1886 r = dns_txt_item_new_empty(&rr->txt.items);
1887 if (r < 0)
1888 return r;
1ccda9b7 1889 } else {
2001c805
LP		 1890 DnsTxtItem *last = NULL;
1891
370999c0 1892 while (p->rindex - offset < rdlength) {
2001c805
LP		 1893 DnsTxtItem *i;
1894 const void *data;
1895 size_t sz;
2e276efc 1896
2001c805 1897 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1ccda9b7 1898 if (r < 0)
2001c805 1899 return r;
1ccda9b7 1900
2001c805
LP		 1901 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1902 if (!i)
1903 return -ENOMEM;
1904
1905 memcpy(i->data, data, sz);
1906 i->length = sz;
1907
1908 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1909 last = i;
1ccda9b7 1910 }
6a6fc3df
LP		 1911 }
1912
1913 r = 0;
2e276efc 1914 break;
2e276efc 1915
74b2466e 1916 case DNS_TYPE_A:
623a4c97 1917 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
74b2466e
LP		 1918 break;
1919
1920 case DNS_TYPE_AAAA:
623a4c97 1921 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
74b2466e
LP		 1922 break;
1923
7e8e0422 1924 case DNS_TYPE_SOA:
151226ab 1925 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
7e8e0422 1926 if (r < 0)
e18a3c73 1927 return r;
7e8e0422 1928
151226ab 1929 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
7e8e0422 1930 if (r < 0)
e18a3c73 1931 return r;
7e8e0422
LP		 1932
1933 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1934 if (r < 0)
e18a3c73 1935 return r;
7e8e0422
LP		 1936
1937 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1938 if (r < 0)
e18a3c73 1939 return r;
7e8e0422
LP		 1940
1941 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1942 if (r < 0)
e18a3c73 1943 return r;
7e8e0422
LP		 1944
1945 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1946 if (r < 0)
e18a3c73 1947 return r;
7e8e0422
LP		 1948
1949 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1950 break;
1951
623a4c97 1952 case DNS_TYPE_MX:
946c7094
ZJS		 1953 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1954 if (r < 0)
e18a3c73 1955 return r;
946c7094 1956
151226ab 1957 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
946c7094
ZJS		 1958 break;
1959
0dae31d4
ZJS		 1960 case DNS_TYPE_LOC: {
1961 uint8_t t;
1962 size_t pos;
1963
1964 r = dns_packet_read_uint8(p, &t, &pos);
1965 if (r < 0)
e18a3c73 1966 return r;
0dae31d4
ZJS		 1967
1968 if (t == 0) {
1969 rr->loc.version = t;
1970
1971 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1972 if (r < 0)
e18a3c73 1973 return r;
0dae31d4 1974
e18a3c73
ZJS		 1975 if (!loc_size_ok(rr->loc.size))
1976 return -EBADMSG;
afbc4f26 1977
0dae31d4
ZJS		 1978 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1979 if (r < 0)
e18a3c73 1980 return r;
0dae31d4 1981
e18a3c73
ZJS		 1982 if (!loc_size_ok(rr->loc.horiz_pre))
1983 return -EBADMSG;
afbc4f26 1984
0dae31d4
ZJS		 1985 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1986 if (r < 0)
e18a3c73 1987 return r;
0dae31d4 1988
e18a3c73
ZJS		 1989 if (!loc_size_ok(rr->loc.vert_pre))
1990 return -EBADMSG;
afbc4f26 1991
0dae31d4
ZJS		 1992 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1993 if (r < 0)
e18a3c73 1994 return r;
0dae31d4
ZJS		 1995
1996 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1997 if (r < 0)
e18a3c73 1998 return r;
0dae31d4
ZJS		 1999
2000 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
2001 if (r < 0)
e18a3c73 2002 return r;
0dae31d4
ZJS		 2003
2004 break;
2005 } else {
2006 dns_packet_rewind(p, pos);
52e085af
ZJS		 2007 rr->unparsable = true;
2008 goto unparsable;
0dae31d4
ZJS		 2009 }
2010 }
2011
abf126a3
TG		 2012 case DNS_TYPE_DS:
2013 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
2014 if (r < 0)
e18a3c73 2015 return r;
abf126a3
TG		 2016
2017 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
2018 if (r < 0)
e18a3c73 2019 return r;
abf126a3
TG		 2020
2021 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
2022 if (r < 0)
e18a3c73 2023 return r;
abf126a3 2024
8a0f6d1f
SL		 2025 if (rdlength < 4)
2026 return -EBADMSG;
2027
f5430a3e
LP		 2028 r = dns_packet_read_memdup(p, rdlength - 4,
2029 &rr->ds.digest, &rr->ds.digest_size,
2030 NULL);
abf126a3 2031 if (r < 0)
e18a3c73 2032 return r;
abf126a3 2033
e18a3c73 2034 if (rr->ds.digest_size <= 0)
f1d178cc
TG		 2035 /* the accepted size depends on the algorithm, but for now
2036 just ensure that the value is greater than zero */
e18a3c73 2037 return -EBADMSG;
f1d178cc 2038
abf126a3 2039 break;
d75acfb0 2040
623a4c97 2041 case DNS_TYPE_SSHFP:
42cc2eeb
LP		 2042 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
2043 if (r < 0)
e18a3c73 2044 return r;
42cc2eeb
LP		 2045
2046 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
2047 if (r < 0)
e18a3c73 2048 return r;
42cc2eeb 2049
8a0f6d1f
SL		 2050 if (rdlength < 2)
2051 return -EBADMSG;
2052
f5430a3e 2053 r = dns_packet_read_memdup(p, rdlength - 2,
549c1a25 2054 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
f5430a3e 2055 NULL);
f1d178cc 2056
e18a3c73 2057 if (rr->sshfp.fingerprint_size <= 0)
f1d178cc
TG		 2058 /* the accepted size depends on the algorithm, but for now
2059 just ensure that the value is greater than zero */
e18a3c73 2060 return -EBADMSG;
f1d178cc 2061
8db0d2f5
ZJS		 2062 break;
2063
f91dc240
LP		 2064 case DNS_TYPE_DNSKEY:
2065 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
8db0d2f5 2066 if (r < 0)
e18a3c73 2067 return r;
8db0d2f5 2068
f91dc240 2069 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
8db0d2f5 2070 if (r < 0)
e18a3c73 2071 return r;
8db0d2f5 2072
8db0d2f5
ZJS		 2073 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
2074 if (r < 0)
e18a3c73 2075 return r;
8db0d2f5 2076
8a0f6d1f
SL		 2077 if (rdlength < 4)
2078 return -EBADMSG;
2079
f5430a3e
LP		 2080 r = dns_packet_read_memdup(p, rdlength - 4,
2081 &rr->dnskey.key, &rr->dnskey.key_size,
2082 NULL);
f1d178cc 2083
e18a3c73 2084 if (rr->dnskey.key_size <= 0)
f1d178cc
TG		 2085 /* the accepted size depends on the algorithm, but for now
2086 just ensure that the value is greater than zero */
e18a3c73 2087 return -EBADMSG;
f1d178cc 2088
42cc2eeb
LP		 2089 break;
2090
151226ab
ZJS		 2091 case DNS_TYPE_RRSIG:
2092 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
2093 if (r < 0)
e18a3c73 2094 return r;
151226ab
ZJS		 2095
2096 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
2097 if (r < 0)
e18a3c73 2098 return r;
151226ab
ZJS		 2099
2100 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
2101 if (r < 0)
e18a3c73 2102 return r;
151226ab
ZJS		 2103
2104 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
2105 if (r < 0)
e18a3c73 2106 return r;
151226ab
ZJS		 2107
2108 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
2109 if (r < 0)
e18a3c73 2110 return r;
151226ab
ZJS		 2111
2112 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
2113 if (r < 0)
e18a3c73 2114 return r;
151226ab
ZJS		 2115
2116 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
2117 if (r < 0)
e18a3c73 2118 return r;
151226ab
ZJS		 2119
2120 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
2121 if (r < 0)
e18a3c73 2122 return r;
151226ab 2123
370999c0 2124 if (rdlength < p->rindex - offset)
8a0f6d1f
SL		 2125 return -EBADMSG;
2126
f5430a3e
LP		 2127 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
2128 &rr->rrsig.signature, &rr->rrsig.signature_size,
2129 NULL);
f1d178cc 2130
e18a3c73 2131 if (rr->rrsig.signature_size <= 0)
f1d178cc
TG		 2132 /* the accepted size depends on the algorithm, but for now
2133 just ensure that the value is greater than zero */
e18a3c73 2134 return -EBADMSG;
f1d178cc 2135
151226ab
ZJS		 2136 break;
2137
d84e543d
DM		 2138 case DNS_TYPE_NSEC: {
2139
2140 /*
5238e957 2141 * RFC6762, section 18.14 explicitly states mDNS should use name compression.
d84e543d
DM		 2142 * This contradicts RFC3845, section 2.1.1
2143 */
2144
2145 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
2146
2147 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
50f1e641 2148 if (r < 0)
e18a3c73 2149 return r;
50f1e641 2150
370999c0
YW		 2151 if (rdlength < p->rindex - offset)
2152 return -EBADMSG;
2153
89492aaf 2154 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
89492aaf 2155
09eaf68c
TG		 2156 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
2157 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
2158 * without the NSEC bit set. */
50f1e641
TG		 2159
2160 break;
d84e543d 2161 }
5d45a880
TG		 2162 case DNS_TYPE_NSEC3: {
2163 uint8_t size;
2164
2165 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
2166 if (r < 0)
e18a3c73 2167 return r;
5d45a880
TG		 2168
2169 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
2170 if (r < 0)
e18a3c73 2171 return r;
5d45a880
TG		 2172
2173 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
2174 if (r < 0)
e18a3c73 2175 return r;
5d45a880 2176
f1d178cc 2177 /* this may be zero */
5d45a880
TG		 2178 r = dns_packet_read_uint8(p, &size, NULL);
2179 if (r < 0)
e18a3c73 2180 return r;
5d45a880 2181
f5430a3e 2182 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
5d45a880 2183 if (r < 0)
e18a3c73 2184 return r;
5d45a880 2185
5d45a880
TG		 2186 r = dns_packet_read_uint8(p, &size, NULL);
2187 if (r < 0)
e18a3c73 2188 return r;
5d45a880 2189
e18a3c73
ZJS		 2190 if (size <= 0)
2191 return -EBADMSG;
f1d178cc 2192
e18a3c73
ZJS		 2193 r = dns_packet_read_memdup(p, size,
2194 &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size,
2195 NULL);
5d45a880 2196 if (r < 0)
e18a3c73 2197 return r;
5d45a880 2198
370999c0
YW		 2199 if (rdlength < p->rindex - offset)
2200 return -EBADMSG;
2201
6b9308d1 2202 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
5d45a880 2203
0bbd72b2
TG		 2204 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
2205
5d45a880
TG		 2206 break;
2207 }
d75acfb0 2208
48d45d2b
ZJS		 2209 case DNS_TYPE_TLSA:
2210 r = dns_packet_read_uint8(p, &rr->tlsa.cert_usage, NULL);
2211 if (r < 0)
e18a3c73 2212 return r;
48d45d2b
ZJS		 2213
2214 r = dns_packet_read_uint8(p, &rr->tlsa.selector, NULL);
2215 if (r < 0)
e18a3c73 2216 return r;
48d45d2b
ZJS		 2217
2218 r = dns_packet_read_uint8(p, &rr->tlsa.matching_type, NULL);
2219 if (r < 0)
e18a3c73 2220 return r;
48d45d2b 2221
8a0f6d1f
SL		 2222 if (rdlength < 3)
2223 return -EBADMSG;
2224
48d45d2b
ZJS		 2225 r = dns_packet_read_memdup(p, rdlength - 3,
2226 &rr->tlsa.data, &rr->tlsa.data_size,
2227 NULL);
e18a3c73
ZJS		 2228
2229 if (rr->tlsa.data_size <= 0)
48d45d2b
ZJS		 2230 /* the accepted size depends on the algorithm, but for now
2231 just ensure that the value is greater than zero */
e18a3c73 2232 return -EBADMSG;
48d45d2b
ZJS		 2233
2234 break;
2235
e7634d6b
RP		 2236 case DNS_TYPE_SVCB:
2237 case DNS_TYPE_HTTPS:
2238 r = dns_packet_read_uint16(p, &rr->svcb.priority, NULL);
2239 if (r < 0)
2240 return r;
2241
2242 r = dns_packet_read_name(p, &rr->svcb.target_name, false /* uncompressed */, NULL);
2243 if (r < 0)
2244 return r;
2245
2246 DnsSvcParam *last = NULL;
2247 while (p->rindex - offset < rdlength) {
2248 _cleanup_free_ DnsSvcParam *i = NULL;
2249 uint16_t svc_param_key;
2250 uint16_t sz;
2251
2252 r = dns_packet_read_uint16(p, &svc_param_key, NULL);
2253 if (r < 0)
2254 return r;
2255 /* RFC 9460, section 2.2 says we must consider an RR malformed if SvcParamKeys are
2256 * not in strictly increasing order */
2257 if (last && last->key >= svc_param_key)
2258 return -EBADMSG;
2259
2260 r = dns_packet_read_uint16(p, &sz, NULL);
2261 if (r < 0)
2262 return r;
2263
2264 i = malloc0(offsetof(DnsSvcParam, value) + sz);
2265 if (!i)
2266 return -ENOMEM;
2267
2268 i->key = svc_param_key;
2269 i->length = sz;
2270 r = dns_packet_read_blob(p, &i->value, sz, NULL);
2271 if (r < 0)
2272 return r;
2273 if (!dns_svc_param_is_valid(i))
2274 return -EBADMSG;
2275
2276 LIST_INSERT_AFTER(params, rr->svcb.params, last, i);
2277 last = TAKE_PTR(i);
2278 }
2279
2280 break;
2281
95052df3
ZJS		 2282 case DNS_TYPE_CAA:
2283 r = dns_packet_read_uint8(p, &rr->caa.flags, NULL);
2284 if (r < 0)
2285 return r;
2286
2287 r = dns_packet_read_string(p, &rr->caa.tag, NULL);
2288 if (r < 0)
2289 return r;
2290
370999c0 2291 if (rdlength < p->rindex - offset)
8a0f6d1f
SL		 2292 return -EBADMSG;
2293
95052df3
ZJS		 2294 r = dns_packet_read_memdup(p,
2295 rdlength + offset - p->rindex,
2296 &rr->caa.value, &rr->caa.value_size, NULL);
48d45d2b
ZJS		 2297
2298 break;
2299
17615676
LP		 2300 case DNS_TYPE_NAPTR:
2301 r = dns_packet_read_uint16(p, &rr->naptr.order, NULL);
2302 if (r < 0)
2303 return r;
2304
2305 r = dns_packet_read_uint16(p, &rr->naptr.preference, NULL);
2306 if (r < 0)
2307 return r;
2308
2309 r = dns_packet_read_string(p, &rr->naptr.flags, NULL);
2310 if (r < 0)
2311 return r;
2312
2313 r = dns_packet_read_string(p, &rr->naptr.services, NULL);
2314 if (r < 0)
2315 return r;
2316
2317 r = dns_packet_read_string(p, &rr->naptr.regexp, NULL);
2318 if (r < 0)
2319 return r;
2320
2321 r = dns_packet_read_name(p, &rr->naptr.replacement, /* allow_compressed= */ false, NULL);
2322 break;
2323
d75acfb0 2324 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
d93a16b8 2325 case DNS_TYPE_OPENPGPKEY:
74b2466e 2326 default:
52e085af 2327 unparsable:
a43a068a 2328 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.data_size, NULL);
e18a3c73 2329
74b2466e
LP		 2330 break;
2331 }
2332 if (r < 0)
e18a3c73 2333 return r;
370999c0 2334 if (p->rindex - offset != rdlength)
e18a3c73 2335 return -EBADMSG;
74b2466e 2336
81b4d94d
LP		 2337 if (ret)
2338 *ret = TAKE_PTR(rr);
d2579eec
LP		 2339 if (ret_cache_flush)
2340 *ret_cache_flush = cache_flush;
81b4d94d
LP		 2341 if (ret_start)
2342 *ret_start = rewinder.saved_rindex;
74b2466e 2343
81b4d94d 2344 CANCEL_REWINDER(rewinder);
74b2466e 2345 return 0;
74b2466e
LP		 2346}
2347
c3f7000e
LP		 2348static bool opt_is_good(DnsResourceRecord *rr, bool *rfc6975) {
2349 const uint8_t* p;
2350 bool found_dau_dhu_n3u = false;
2351 size_t l;
2352
2353 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2354 * a reply). */
2355
2356 assert(rr);
2357 assert(rr->key->type == DNS_TYPE_OPT);
2358
2359 /* Check that the version is 0 */
b30bf55d
LP		 2360 if (((rr->ttl >> 16) & UINT32_C(0xFF)) != 0) {
2361 *rfc6975 = false;
2362 return true; /* if it's not version 0, it's OK, but we will ignore the OPT field contents */
2363 }
c3f7000e
LP		 2364
2365 p = rr->opt.data;
a43a068a 2366 l = rr->opt.data_size;
c3f7000e
LP		 2367 while (l > 0) {
2368 uint16_t option_code, option_length;
2369
2370 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2371 if (l < 4U)
2372 return false;
2373
2374 option_code = unaligned_read_be16(p);
2375 option_length = unaligned_read_be16(p + 2);
2376
2377 if (l < option_length + 4U)
2378 return false;
2379
2380 /* RFC 6975 DAU, DHU or N3U fields found. */
980cb160 2381 if (IN_SET(option_code, DNS_EDNS_OPT_DAU, DNS_EDNS_OPT_DHU, DNS_EDNS_OPT_N3U))
c3f7000e
LP		 2382 found_dau_dhu_n3u = true;
2383
2384 p += option_length + 4U;
2385 l -= option_length + 4U;
2386 }
2387
2388 *rfc6975 = found_dau_dhu_n3u;
2389 return true;
2390}
2391
4a49e560 2392static int dns_packet_extract_question(DnsPacket *p, DnsQuestion **ret_question) {
faa133f3 2393 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
64ea42e9 2394 unsigned n;
74b2466e
LP		 2395 int r;
2396
3cb10d3a 2397 n = DNS_PACKET_QDCOUNT(p);
faa133f3
LP		 2398 if (n > 0) {
2399 question = dns_question_new(n);
e18a3c73
ZJS		 2400 if (!question)
2401 return -ENOMEM;
74b2466e 2402
2d34cf0c
ZJS		 2403 _cleanup_set_free_ Set *keys = NULL; /* references to keys are kept by Question */
2404
2405 keys = set_new(&dns_resource_key_hash_ops);
2406 if (!keys)
2407 return log_oom();
2408
2409 r = set_reserve(keys, n * 2); /* Higher multipliers give slightly higher efficiency through
e9665ac2 2410 * hash collisions, but the gains quickly drop off after 2. */
2d34cf0c
ZJS		 2411 if (r < 0)
2412 return r;
2413
64ea42e9 2414 for (unsigned i = 0; i < n; i++) {
faa133f3 2415 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
82d39576 2416 bool qu;
74b2466e 2417
82d39576 2418 r = dns_packet_read_key(p, &key, &qu, NULL);
faa133f3 2419 if (r < 0)
e18a3c73 2420 return r;
74b2466e 2421
e18a3c73
ZJS		 2422 if (!dns_type_is_valid_query(key->type))
2423 return -EBADMSG;
c463eb78 2424
2d34cf0c
ZJS		 2425 r = set_put(keys, key);
2426 if (r < 0)
2427 return r;
2428 if (r == 0)
2429 /* Already in the Question, let's skip */
2430 continue;
2431
82d39576 2432 r = dns_question_add_raw(question, key, qu ? DNS_QUESTION_WANTS_UNICAST_REPLY : 0);
faa133f3 2433 if (r < 0)
e18a3c73 2434 return r;
faa133f3
LP		 2435 }
2436 }
322345fd 2437
1cc6c93a
YW		 2438 *ret_question = TAKE_PTR(question);
2439
4a49e560
ZJS		 2440 return 0;
2441}
2442
2443static int dns_packet_extract_answer(DnsPacket *p, DnsAnswer **ret_answer) {
2444 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
64ea42e9 2445 unsigned n;
4a49e560
ZJS		 2446 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL;
2447 bool bad_opt = false;
2448 int r;
2449
faa133f3 2450 n = DNS_PACKET_RRCOUNT(p);
4a49e560
ZJS		 2451 if (n == 0)
2452 return 0;
c3f7000e 2453
4a49e560
ZJS		 2454 answer = dns_answer_new(n);
2455 if (!answer)
2456 return -ENOMEM;
322345fd 2457
64ea42e9 2458 for (unsigned i = 0; i < n; i++) {
4a49e560
ZJS		 2459 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2460 bool cache_flush = false;
93748b26 2461 size_t start;
322345fd 2462
729c5deb 2463 if (p->rindex == p->size && p->opt) {
18674159
LP		 2464 /* If we reached the end of the packet already, but there are still more RRs
2465 * declared, then that's a corrupt packet. Let's accept the packet anyway, since it's
2466 * apparently a common bug in routers. Let's however suppress OPT support in this
2467 * case, so that we force the rest of the logic into lowest DNS baseline support. Or
2468 * to say this differently: if the DNS server doesn't even get the RR counts right,
2469 * it's highly unlikely it gets EDNS right. */
2470 log_debug("More resource records declared in packet than included, suppressing OPT.");
2471 bad_opt = true;
2472 break;
2473 }
2474
93748b26 2475 r = dns_packet_read_rr(p, &rr, &cache_flush, &start);
4a49e560
ZJS		 2476 if (r < 0)
2477 return r;
322345fd 2478
4a49e560
ZJS		 2479 /* Try to reduce memory usage a bit */
2480 if (previous)
2481 dns_resource_key_reduce(&rr->key, &previous->key);
f57e3cd5 2482
4a49e560
ZJS		 2483 if (rr->key->type == DNS_TYPE_OPT) {
2484 bool has_rfc6975;
c3f7000e 2485
4a49e560
ZJS		 2486 if (p->opt || bad_opt) {
2487 /* Multiple OPT RRs? if so, let's ignore all, because there's
2488 * something wrong with the server, and if one is valid we wouldn't
2489 * know which one. */
2490 log_debug("Multiple OPT RRs detected, ignoring all.");
2491 bad_opt = true;
2492 continue;
2493 }
e6b57b37 2494
4a49e560
ZJS		 2495 if (!dns_name_is_root(dns_resource_key_name(rr->key))) {
2496 /* If the OPT RR is not owned by the root domain, then it is bad,
2497 * let's ignore it. */
2498 log_debug("OPT RR is not owned by root domain, ignoring.");
2499 bad_opt = true;
2500 continue;
2501 }
c3f7000e 2502
4a49e560
ZJS		 2503 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2504 /* OPT RR is in the wrong section? Some Belkin routers do this. This
2505 * is a hint the EDNS implementation is borked, like the Belkin one
2506 * is, hence ignore it. */
2507 log_debug("OPT RR in wrong section, ignoring.");
2508 bad_opt = true;
2509 continue;
2510 }
2511
2512 if (!opt_is_good(rr, &has_rfc6975)) {
2513 log_debug("Malformed OPT RR, ignoring.");
2514 bad_opt = true;
2515 continue;
2516 }
2517
2518 if (DNS_PACKET_QR(p)) {
2519 /* Additional checks for responses */
2520
d7a0f1f4 2521 if (!DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(rr))
4a49e560
ZJS		 2522 /* If this is a reply and we don't know the EDNS version
2523 * then something is weird... */
d7a0f1f4
FS		 2524 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2525 "EDNS version newer that our request, bad server.");
ff7febd5 2526
4a49e560
ZJS		 2527 if (has_rfc6975) {
2528 /* If the OPT RR contains RFC6975 algorithm data, then this
2529 * is indication that the server just copied the OPT it got
2530 * from us (which contained that data) back into the reply.
2531 * If so, then it doesn't properly support EDNS, as RFC6975
2532 * makes it very clear that the algorithm data should only
2533 * be contained in questions, never in replies. Crappy
2534 * Belkin routers copy the OPT data for example, hence let's
2535 * detect this so that we downgrade early. */
dffb8277 2536 log_debug("OPT RR contains RFC6975 data, ignoring.");
c3f7000e
LP		 2537 bad_opt = true;
2538 continue;
2539 }
4a49e560 2540 }
e6b57b37 2541
4a49e560 2542 p->opt = dns_resource_record_ref(rr);
93748b26
LP		 2543 p->opt_start = start;
2544 assert(p->rindex >= start);
2545 p->opt_size = p->rindex - start;
4a49e560 2546 } else {
fa4e74b8
LP		 2547 DnsAnswerFlags flags = 0;
2548
8ec951e8
BP		 2549 if (p->protocol == DNS_PROTOCOL_MDNS) {
2550 flags |= DNS_ANSWER_REFUSE_TTL_NO_MATCH;
2551 if (!cache_flush)
2552 flags |= DNS_ANSWER_SHARED_OWNER;
2553 }
fa4e74b8
LP		 2554
2555 /* According to RFC 4795, section 2.9. only the RRs from the Answer section shall be
2556 * cached. Hence mark only those RRs as cacheable by default, but not the ones from
82af03c2
VCS		 2557 * the Additional or Authority sections.
2558 * This restriction does not apply to mDNS records (RFC 6762). */
fa4e74b8
LP		 2559 if (i < DNS_PACKET_ANCOUNT(p))
2560 flags |= DNS_ANSWER_CACHEABLE|DNS_ANSWER_SECTION_ANSWER;
2561 else if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p))
2562 flags |= DNS_ANSWER_SECTION_AUTHORITY;
82af03c2 2563 else {
fa4e74b8 2564 flags |= DNS_ANSWER_SECTION_ADDITIONAL;
82af03c2
VCS		 2565 if (p->protocol == DNS_PROTOCOL_MDNS)
2566 flags |= DNS_ANSWER_CACHEABLE;
2567 }
4a49e560 2568
04617bf8 2569 r = dns_answer_add(answer, rr, p->ifindex, flags, NULL);
4a49e560
ZJS		 2570 if (r < 0)
2571 return r;
2572 }
d75acfb0 2573
b87fbe5f 2574 /* Remember this RR, so that we can potentially merge its ->key object with the
4a49e560
ZJS		 2575 * next RR. Note that we only do this if we actually decided to keep the RR around.
2576 */
7daeec3e 2577 DNS_RR_REPLACE(previous, dns_resource_record_ref(rr));
4a49e560 2578 }
105e1512 2579
18674159 2580 if (bad_opt) {
4a49e560 2581 p->opt = dns_resource_record_unref(p->opt);
18674159
LP		 2582 p->opt_start = p->opt_size = SIZE_MAX;
2583 }
105e1512 2584
1cc6c93a
YW		 2585 *ret_answer = TAKE_PTR(answer);
2586
4a49e560
ZJS		 2587 return 0;
2588}
ebc8a106 2589
4a49e560 2590int dns_packet_extract(DnsPacket *p) {
0c4f37f0 2591 assert(p);
c3f7000e 2592
4a49e560
ZJS		 2593 if (p->extracted)
2594 return 0;
2595
0c4f37f0
ZJS		 2596 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2597 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
fc44acc0 2598 _unused_ _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
0c4f37f0
ZJS		 2599 int r;
2600
4a49e560
ZJS		 2601 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2602
2603 r = dns_packet_extract_question(p, &question);
2604 if (r < 0)
2605 return r;
2606
2607 r = dns_packet_extract_answer(p, &answer);
2608 if (r < 0)
2609 return r;
322345fd 2610
894c7b77
LP		 2611 if (p->rindex < p->size) {
2612 log_debug("Trailing garbage in packet, suppressing OPT.");
2613 p->opt = dns_resource_record_unref(p->opt);
2614 p->opt_start = p->opt_size = SIZE_MAX;
2615 }
2616
1cc6c93a
YW		 2617 p->question = TAKE_PTR(question);
2618 p->answer = TAKE_PTR(answer);
a4076574
LP		 2619 p->extracted = true;
2620
e18a3c73
ZJS		 2621 /* no CANCEL, always rewind */
2622 return 0;
322345fd
LP		 2623}
2624
8af5b883
LP		 2625int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2626 int r;
2627
2628 assert(p);
2629 assert(key);
2630
2631 /* Checks if the specified packet is a reply for the specified
2632 * key and the specified key is the only one in the question
2633 * section. */
2634
2635 if (DNS_PACKET_QR(p) != 1)
2636 return 0;
2637
2638 /* Let's unpack the packet, if that hasn't happened yet. */
2639 r = dns_packet_extract(p);
2640 if (r < 0)
2641 return r;
2642
a924f43f
EV		 2643 if (!p->question)
2644 return 0;
2645
8af5b883
LP		 2646 if (p->question->n_keys != 1)
2647 return 0;
2648
ab715ddb 2649 return dns_resource_key_equal(dns_question_first_key(p->question), key);
8af5b883
LP		 2650}
2651
93748b26
LP		 2652int dns_packet_patch_max_udp_size(DnsPacket *p, uint16_t max_udp_size) {
2653 assert(p);
2654 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
2655
f5fbe71d 2656 if (p->opt_start == SIZE_MAX) /* No OPT section, nothing to patch */
93748b26
LP		 2657 return 0;
2658
f5fbe71d 2659 assert(p->opt_size != SIZE_MAX);
93748b26
LP		 2660 assert(p->opt_size >= 5);
2661
2662 unaligned_write_be16(DNS_PACKET_DATA(p) + p->opt_start + 3, max_udp_size);
2663 return 1;
2664}
2665
81b4d94d 2666static int patch_rr(DnsPacket *p, usec_t age) {
0c4f37f0 2667 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
81b4d94d
LP		 2668 size_t ttl_index;
2669 uint32_t ttl;
2670 uint16_t type, rdlength;
2671 int r;
2672
0f1f933b 2673 /* Patches the RR at the current rindex, subtracts the specified time from the TTL */
81b4d94d
LP		 2674
2675 r = dns_packet_read_name(p, NULL, true, NULL);
2676 if (r < 0)
2677 return r;
2678
2679 r = dns_packet_read_uint16(p, &type, NULL);
2680 if (r < 0)
2681 return r;
2682
2683 r = dns_packet_read_uint16(p, NULL, NULL);
2684 if (r < 0)
2685 return r;
2686
2687 r = dns_packet_read_uint32(p, &ttl, &ttl_index);
2688 if (r < 0)
2689 return r;
2690
2691 if (type != DNS_TYPE_OPT) { /* The TTL of the OPT field is not actually a TTL, skip it */
2692 ttl = LESS_BY(ttl * USEC_PER_SEC, age) / USEC_PER_SEC;
2693 unaligned_write_be32(DNS_PACKET_DATA(p) + ttl_index, ttl);
2694 }
2695
2696 r = dns_packet_read_uint16(p, &rdlength, NULL);
2697 if (r < 0)
2698 return r;
2699
2700 r = dns_packet_read(p, rdlength, NULL, NULL);
2701 if (r < 0)
2702 return r;
2703
2704 CANCEL_REWINDER(rewinder);
2705 return 0;
2706}
2707
2708int dns_packet_patch_ttls(DnsPacket *p, usec_t timestamp) {
81b4d94d
LP		 2709 assert(p);
2710 assert(timestamp_is_set(timestamp));
2711
2712 /* Adjusts all TTLs in the packet by subtracting the time difference between now and the specified timestamp */
2713
fc44acc0 2714 _unused_ _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p);
64ea42e9 2715 unsigned n;
0c4f37f0
ZJS		 2716 usec_t k;
2717 int r;
2718
ba4e0427 2719 k = now(CLOCK_BOOTTIME);
81b4d94d
LP		 2720 assert(k >= timestamp);
2721 k -= timestamp;
2722
81b4d94d
LP		 2723 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2724
2725 n = DNS_PACKET_QDCOUNT(p);
64ea42e9 2726 for (unsigned i = 0; i < n; i++) {
81b4d94d
LP		 2727 r = dns_packet_read_key(p, NULL, NULL, NULL);
2728 if (r < 0)
2729 return r;
2730 }
2731
2732 n = DNS_PACKET_RRCOUNT(p);
64ea42e9 2733 for (unsigned i = 0; i < n; i++) {
81b4d94d
LP		 2734
2735 /* DNS servers suck, hence the RR count is in many servers off. If we reached the end
2736 * prematurely, accept that, exit early */
2737 if (p->rindex == p->size)
2738 break;
2739
2740 r = patch_rr(p, k);
2741 if (r < 0)
2742 return r;
2743 }
2744
2745 return 0;
2746}
2747
7a08d314 2748static void dns_packet_hash_func(const DnsPacket *s, struct siphash *state) {
98767d75
IT		 2749 assert(s);
2750
c01a5c05 2751 siphash24_compress_typesafe(s->size, state);
98767d75
IT		 2752 siphash24_compress(DNS_PACKET_DATA((DnsPacket*) s), s->size, state);
2753}
2754
7a08d314 2755static int dns_packet_compare_func(const DnsPacket *x, const DnsPacket *y) {
a0edd02e 2756 int r;
98767d75 2757
a0edd02e
FB		 2758 r = CMP(x->size, y->size);
2759 if (r != 0)
2760 return r;
98767d75
IT		 2761
2762 return memcmp(DNS_PACKET_DATA((DnsPacket*) x), DNS_PACKET_DATA((DnsPacket*) y), x->size);
2763}
2764
7a08d314 2765DEFINE_HASH_OPS(dns_packet_hash_ops, DnsPacket, dns_packet_hash_func, dns_packet_compare_func);
98767d75 2766
a9fd8837
LP		 2767bool dns_packet_equal(const DnsPacket *a, const DnsPacket *b) {
2768 return dns_packet_compare_func(a, b) == 0;
2769}
2770
71682ac6 2771int dns_packet_ede_rcode(DnsPacket *p, int *ret_ede_rcode, char **ret_ede_msg) {
ac684446
RP		 2772 const uint8_t *d;
2773 size_t l;
71682ac6
YW		 2774 int r;
2775
2776 assert(p);
ac684446
RP		 2777
2778 if (!p->opt)
71682ac6 2779 return -ENOENT;
ac684446
RP		 2780
2781 d = p->opt->opt.data;
2782 l = p->opt->opt.data_size;
2783
2784 while (l > 0) {
2785 uint16_t code, length;
2786
2787 if (l < 4U)
2788 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2789 "EDNS0 variable part has invalid size.");
2790
2791 code = unaligned_read_be16(d);
2792 length = unaligned_read_be16(d + 2);
2793
2794 if (l < 4U + length)
2795 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2796 "Truncated option in EDNS0 variable part.");
2797
2798 if (code == DNS_EDNS_OPT_EXT_ERROR) {
71682ac6
YW		 2799 _cleanup_free_ char *msg = NULL;
2800
ac684446
RP		 2801 if (length < 2U)
2802 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
71682ac6
YW		 2803 "EDNS0 truncated EDE info code.");
2804
2805 r = make_cstring((char *) d + 6, length - 2U, MAKE_CSTRING_ALLOW_TRAILING_NUL, &msg);
ac684446 2806 if (r < 0)
71682ac6
YW		 2807 return log_debug_errno(r, "Invalid EDE text in opt.");
2808
2809 if (ret_ede_msg) {
2810 if (!utf8_is_valid(msg)) {
2811 _cleanup_free_ char *msg_escaped = NULL;
2812
2813 msg_escaped = cescape(msg);
2814 if (!msg_escaped)
2815 return log_oom_debug();
2816
2817 *ret_ede_msg = TAKE_PTR(msg_escaped);
2818 } else
2819 *ret_ede_msg = TAKE_PTR(msg);
ac684446 2820 }
71682ac6
YW		 2821
2822 if (ret_ede_rcode)
2823 *ret_ede_rcode = unaligned_read_be16(d + 4);
2824
2825 return 0;
ac684446
RP		 2826 }
2827
2828 d += 4U + length;
2829 l -= 4U + length;
2830 }
2831
71682ac6 2832 return -ENOENT;
ac684446
RP		 2833}
2834
2835bool dns_ede_rcode_is_dnssec(int ede_rcode) {
2836 return IN_SET(ede_rcode,
2837 DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG,
2838 DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST,
2839 DNS_EDE_RCODE_DNSSEC_INDETERMINATE,
2840 DNS_EDE_RCODE_DNSSEC_BOGUS,
2841 DNS_EDE_RCODE_SIG_EXPIRED,
2842 DNS_EDE_RCODE_SIG_NOT_YET_VALID,
2843 DNS_EDE_RCODE_DNSKEY_MISSING,
2844 DNS_EDE_RCODE_RRSIG_MISSING,
2845 DNS_EDE_RCODE_NO_ZONE_KEY_BIT,
2846 DNS_EDE_RCODE_NSEC_MISSING
2847 );
2848}
2849
4a6eb824
LP		 2850int dns_packet_has_nsid_request(DnsPacket *p) {
2851 bool has_nsid = false;
2852 const uint8_t *d;
2853 size_t l;
2854
2855 assert(p);
2856
2857 if (!p->opt)
2858 return false;
2859
2860 d = p->opt->opt.data;
2861 l = p->opt->opt.data_size;
2862
2863 while (l > 0) {
2864 uint16_t code, length;
2865
2866 if (l < 4U)
2867 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2868 "EDNS0 variable part has invalid size.");
2869
2870 code = unaligned_read_be16(d);
2871 length = unaligned_read_be16(d + 2);
2872
2873 if (l < 4U + length)
2874 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2875 "Truncated option in EDNS0 variable part.");
2876
980cb160 2877 if (code == DNS_EDNS_OPT_NSID) {
4a6eb824
LP		 2878 if (has_nsid)
2879 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2880 "Duplicate NSID option in EDNS0 variable part.");
2881
2882 if (length != 0)
2883 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2884 "Non-empty NSID option in DNS request.");
2885
2886 has_nsid = true;
2887 }
2888
2889 d += 4U + length;
2890 l -= 4U + length;
2891 }
2892
2893 return has_nsid;
2894}
2895
acbf761b
LP		 2896size_t dns_packet_size_unfragmented(DnsPacket *p) {
2897 assert(p);
2898
2899 if (p->fragsize == 0) /* Wasn't fragmented */
2900 return p->size;
2901
2902 /* The fragment size (p->fragsize) covers the whole (fragmented) IP packet, while the regular packet
2903 * size (p->size) only covers the DNS part. Thus, subtract the UDP header from the largest fragment
2904 * size, in order to determine which size of DNS packet would have gone through without
2905 * fragmenting. */
2906
2907 return LESS_BY(p->fragsize, udp_header_size(p->family));
2908}
2909
ee2108dc
RP		 2910static const char* const dns_svc_param_key_table[_DNS_SVC_PARAM_KEY_MAX_DEFINED] = {
2911 [DNS_SVC_PARAM_KEY_MANDATORY] = "mandatory",
2912 [DNS_SVC_PARAM_KEY_ALPN] = "alpn",
2913 [DNS_SVC_PARAM_KEY_NO_DEFAULT_ALPN] = "no-default-alpn",
2914 [DNS_SVC_PARAM_KEY_PORT] = "port",
2915 [DNS_SVC_PARAM_KEY_IPV4HINT] = "ipv4hint",
2916 [DNS_SVC_PARAM_KEY_ECH] = "ech",
2917 [DNS_SVC_PARAM_KEY_IPV6HINT] = "ipv6hint",
2918 [DNS_SVC_PARAM_KEY_DOHPATH] = "dohpath",
2919 [DNS_SVC_PARAM_KEY_OHTTP] = "ohttp",
2920};
2921DEFINE_STRING_TABLE_LOOKUP_TO_STRING(dns_svc_param_key, int);
2922
2923const char* format_dns_svc_param_key(uint16_t i, char buf[static DECIMAL_STR_MAX(uint16_t)+3]) {
2924 const char *p = dns_svc_param_key_to_string(i);
2925 if (p)
2926 return p;
2927
2928 return snprintf_ok(buf, DECIMAL_STR_MAX(uint16_t)+3, "key%i", i);
2929}
2930
74b2466e 2931static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
e3e64a1a
ZJS		 2932 [DNS_RCODE_SUCCESS] = "SUCCESS",
2933 [DNS_RCODE_FORMERR] = "FORMERR",
2934 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2935 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2936 [DNS_RCODE_NOTIMP] = "NOTIMP",
2937 [DNS_RCODE_REFUSED] = "REFUSED",
2938 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2939 [DNS_RCODE_YXRRSET] = "YRRSET",
2940 [DNS_RCODE_NXRRSET] = "NXRRSET",
2941 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2942 [DNS_RCODE_NOTZONE] = "NOTZONE",
a92ea352 2943 [DNS_RCODE_DSOTYPENI] = "DSOTYPENI",
e3e64a1a
ZJS		 2944 [DNS_RCODE_BADVERS] = "BADVERS",
2945 [DNS_RCODE_BADKEY] = "BADKEY",
2946 [DNS_RCODE_BADTIME] = "BADTIME",
2947 [DNS_RCODE_BADMODE] = "BADMODE",
2948 [DNS_RCODE_BADNAME] = "BADNAME",
2949 [DNS_RCODE_BADALG] = "BADALG",
2950 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
6f21e066 2951 [DNS_RCODE_BADCOOKIE] = "BADCOOKIE",
74b2466e
LP		 2952};
2953DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
1716f6dc 2954
bfd5a068 2955const char* format_dns_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]) {
0d609349
YW		 2956 const char *p = dns_rcode_to_string(i);
2957 if (p)
2958 return p;
2959
2960 return snprintf_ok(buf, DECIMAL_STR_MAX(int), "%i", i);
2961}
2962
056db786
RP		 2963static const char* const dns_ede_rcode_table[_DNS_EDE_RCODE_MAX_DEFINED] = {
2964 [DNS_EDE_RCODE_OTHER] = "Other",
2965 [DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG] = "Unsupported DNSKEY Algorithm",
2966 [DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST] = "Unsupported DS Digest Type",
2967 [DNS_EDE_RCODE_STALE_ANSWER] = "Stale Answer",
2968 [DNS_EDE_RCODE_FORGED_ANSWER] = "Forged Answer",
2969 [DNS_EDE_RCODE_DNSSEC_INDETERMINATE] = "DNSSEC Indeterminate",
2970 [DNS_EDE_RCODE_DNSSEC_BOGUS] = "DNSSEC Bogus",
2971 [DNS_EDE_RCODE_SIG_EXPIRED] = "Signature Expired",
2972 [DNS_EDE_RCODE_SIG_NOT_YET_VALID] = "Signature Not Yet Valid",
2973 [DNS_EDE_RCODE_DNSKEY_MISSING] = "DNSKEY Missing",
2974 [DNS_EDE_RCODE_RRSIG_MISSING] = "RRSIG Missing",
2975 [DNS_EDE_RCODE_NO_ZONE_KEY_BIT] = "No Zone Key Bit Set",
2976 [DNS_EDE_RCODE_NSEC_MISSING] = "NSEC Missing",
2977 [DNS_EDE_RCODE_CACHED_ERROR] = "Cached Error",
2978 [DNS_EDE_RCODE_NOT_READY] = "Not Ready",
2979 [DNS_EDE_RCODE_BLOCKED] = "Blocked",
2980 [DNS_EDE_RCODE_CENSORED] = "Censored",
2981 [DNS_EDE_RCODE_FILTERED] = "Filtered",
2982 [DNS_EDE_RCODE_PROHIBITIED] = "Prohibited",
2983 [DNS_EDE_RCODE_STALE_NXDOMAIN_ANSWER] = "Stale NXDOMAIN Answer",
2984 [DNS_EDE_RCODE_NOT_AUTHORITATIVE] = "Not Authoritative",
2985 [DNS_EDE_RCODE_NOT_SUPPORTED] = "Not Supported",
2986 [DNS_EDE_RCODE_UNREACH_AUTHORITY] = "No Reachable Authority",
2987 [DNS_EDE_RCODE_NET_ERROR] = "Network Error",
2988 [DNS_EDE_RCODE_INVALID_DATA] = "Invalid Data",
2989 [DNS_EDE_RCODE_SIG_NEVER] = "Signature Never Valid",
2990 [DNS_EDE_RCODE_TOO_EARLY] = "Too Early",
2991 [DNS_EDE_RCODE_UNSUPPORTED_NSEC3_ITER] = "Unsupported NSEC3 Iterations",
2992 [DNS_EDE_RCODE_TRANSPORT_POLICY] = "Impossible Transport Policy",
2993 [DNS_EDE_RCODE_SYNTHESIZED] = "Synthesized",
2994};
ac684446 2995DEFINE_STRING_TABLE_LOOKUP_TO_STRING(dns_ede_rcode, int);
056db786 2996
bfd5a068 2997const char* format_dns_ede_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]) {
056db786
RP		 2998 const char *p = dns_ede_rcode_to_string(i);
2999 if (p)
3000 return p;
3001
3002 return snprintf_ok(buf, DECIMAL_STR_MAX(int), "%i", i);
3003}
3004
1716f6dc 3005static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
e3e64a1a
ZJS		 3006 [DNS_PROTOCOL_DNS] = "dns",
3007 [DNS_PROTOCOL_MDNS] = "mdns",
1716f6dc
LP		 3008 [DNS_PROTOCOL_LLMNR] = "llmnr",
3009};
3010DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.