[thirdparty/systemd.git] / src / resolve / resolved-dns-rr.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/

#include <netinet/in.h>

#include "bitmap.h"
#include "dns-type.h"
#include "hashmap.h"
#include "in-addr-util.h"
#include "list.h"
#include "string-util.h"

typedef struct DnsResourceKey DnsResourceKey;
typedef struct DnsResourceRecord DnsResourceRecord;
typedef struct DnsTxtItem DnsTxtItem;

/* DNSKEY RR flags */
#define DNSKEY_FLAG_SEP      (UINT16_C(1) << 0)
#define DNSKEY_FLAG_REVOKE   (UINT16_C(1) << 7)
#define DNSKEY_FLAG_ZONE_KEY (UINT16_C(1) << 8)

/* mDNS RR flags */
#define MDNS_RR_CACHE_FLUSH  (UINT16_C(1) << 15)

/* DNSSEC algorithm identifiers, see
 * http://tools.ietf.org/html/rfc4034#appendix-A.1 and
 * https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
enum {
        DNSSEC_ALGORITHM_RSAMD5 = 1,
        DNSSEC_ALGORITHM_DH,
        DNSSEC_ALGORITHM_DSA,
        DNSSEC_ALGORITHM_ECC,
        DNSSEC_ALGORITHM_RSASHA1,
        DNSSEC_ALGORITHM_DSA_NSEC3_SHA1,
        DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
        DNSSEC_ALGORITHM_RSASHA256 = 8,        /* RFC 5702 */
        DNSSEC_ALGORITHM_RSASHA512 = 10,       /* RFC 5702 */
        DNSSEC_ALGORITHM_ECC_GOST = 12,        /* RFC 5933 */
        DNSSEC_ALGORITHM_ECDSAP256SHA256 = 13, /* RFC 6605 */
        DNSSEC_ALGORITHM_ECDSAP384SHA384 = 14, /* RFC 6605 */
        DNSSEC_ALGORITHM_ED25519 = 15,         /* RFC 8080 */
        DNSSEC_ALGORITHM_ED448 = 16,           /* RFC 8080 */
        DNSSEC_ALGORITHM_INDIRECT = 252,
        DNSSEC_ALGORITHM_PRIVATEDNS,
        DNSSEC_ALGORITHM_PRIVATEOID,
        _DNSSEC_ALGORITHM_MAX_DEFINED
};

/* DNSSEC digest identifiers, see
 * https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
enum {
        DNSSEC_DIGEST_SHA1 = 1,
        DNSSEC_DIGEST_SHA256 = 2,              /* RFC 4509 */
        DNSSEC_DIGEST_GOST_R_34_11_94 = 3,     /* RFC 5933 */
        DNSSEC_DIGEST_SHA384 = 4,              /* RFC 6605 */
        _DNSSEC_DIGEST_MAX_DEFINED
};

/* DNSSEC NSEC3 hash algorithms, see
 * https://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml */
enum {
        NSEC3_ALGORITHM_SHA1 = 1,
        _NSEC3_ALGORITHM_MAX_DEFINED
};

struct DnsResourceKey {
        unsigned n_ref; /* (unsigned -1) for const keys, see below */
        uint16_t class, type;
        char *_name; /* don't access directly, use dns_resource_key_name()! */
};

/* Creates a temporary resource key. This is only useful to quickly
 * look up something, without allocating a full DnsResourceKey object
 * for it. Note that it is not OK to take references to this kind of
 * resource key object. */
#define DNS_RESOURCE_KEY_CONST(c, t, n)                 \
        ((DnsResourceKey) {                             \
                .n_ref = (unsigned) -1,                 \
                .class = c,                             \
                .type = t,                              \
                ._name = (char*) n,                     \
        })


struct DnsTxtItem {
        size_t length;
        LIST_FIELDS(DnsTxtItem, items);
        uint8_t data[];
};

struct DnsResourceRecord {
        unsigned n_ref;
        DnsResourceKey *key;

        char *to_string;

        uint32_t ttl;
        usec_t expiry; /* RRSIG signature expiry */

        /* How many labels to strip to determine "signer" of the RRSIG (aka, the zone). -1 if not signed. */
        unsigned n_skip_labels_signer;
        /* How many labels to strip to determine "synthesizing source" of this RR, i.e. the wildcard's immediate parent. -1 if not signed. */
        unsigned n_skip_labels_source;

        bool unparseable:1;

        bool wire_format_canonical:1;
        void *wire_format;
        size_t wire_format_size;
        size_t wire_format_rdata_offset;

        union {
                struct {
                        void *data;
                        size_t data_size;
                } generic, opt;

                struct {
                        uint16_t priority;
                        uint16_t weight;
                        uint16_t port;
                        char *name;
                } srv;

                struct {
                        char *name;
                } ptr, ns, cname, dname;

                struct {
                        char *cpu;
                        char *os;
                } hinfo;

                struct {
                        DnsTxtItem *items;
                } txt, spf;

                struct {
                        struct in_addr in_addr;
                } a;

                struct {
                        struct in6_addr in6_addr;
                } aaaa;

                struct {
                        char *mname;
                        char *rname;
                        uint32_t serial;
                        uint32_t refresh;
                        uint32_t retry;
                        uint32_t expire;
                        uint32_t minimum;
                } soa;

                struct {
                        uint16_t priority;
                        char *exchange;
                } mx;

                /* https://tools.ietf.org/html/rfc1876 */
                struct {
                        uint8_t version;
                        uint8_t size;
                        uint8_t horiz_pre;
                        uint8_t vert_pre;
                        uint32_t latitude;
                        uint32_t longitude;
                        uint32_t altitude;
                } loc;

                /* https://tools.ietf.org/html/rfc4255#section-3.1 */
                struct {
                        uint8_t algorithm;
                        uint8_t fptype;
                        void *fingerprint;
                        size_t fingerprint_size;
                } sshfp;

                /* http://tools.ietf.org/html/rfc4034#section-2.1 */
                struct {
                        uint16_t flags;
                        uint8_t protocol;
                        uint8_t algorithm;
                        void* key;
                        size_t key_size;
                } dnskey;

                /* http://tools.ietf.org/html/rfc4034#section-3.1 */
                struct {
                        uint16_t type_covered;
                        uint8_t algorithm;
                        uint8_t labels;
                        uint32_t original_ttl;
                        uint32_t expiration;
                        uint32_t inception;
                        uint16_t key_tag;
                        char *signer;
                        void *signature;
                        size_t signature_size;
                } rrsig;

                /* https://tools.ietf.org/html/rfc4034#section-4.1 */
                struct {
                        char *next_domain_name;
                        Bitmap *types;
                } nsec;

                /* https://tools.ietf.org/html/rfc4034#section-5.1 */
                struct {
                        uint16_t key_tag;
                        uint8_t algorithm;
                        uint8_t digest_type;
                        void *digest;
                        size_t digest_size;
                } ds;

                struct {
                        uint8_t algorithm;
                        uint8_t flags;
                        uint16_t iterations;
                        void *salt;
                        size_t salt_size;
                        void *next_hashed_name;
                        size_t next_hashed_name_size;
                        Bitmap *types;
                } nsec3;

                /* https://tools.ietf.org/html/draft-ietf-dane-protocol-23 */
                struct {
                        uint8_t cert_usage;
                        uint8_t selector;
                        uint8_t matching_type;
                        void *data;
                        size_t data_size;
                } tlsa;

                /* https://tools.ietf.org/html/rfc6844 */
                struct {
                        uint8_t flags;
                        char *tag;
                        void *value;
                        size_t value_size;
                } caa;
        };
};

static inline const void* DNS_RESOURCE_RECORD_RDATA(DnsResourceRecord *rr) {
        if (!rr)
                return NULL;

        if (!rr->wire_format)
                return NULL;

        assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
        return (uint8_t*) rr->wire_format + rr->wire_format_rdata_offset;
}

static inline size_t DNS_RESOURCE_RECORD_RDATA_SIZE(DnsResourceRecord *rr) {
        if (!rr)
                return 0;
        if (!rr->wire_format)
                return 0;

        assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
        return rr->wire_format_size - rr->wire_format_rdata_offset;
}

static inline uint8_t DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(DnsResourceRecord *rr) {
        assert(rr);
        assert(rr->key->type == DNS_TYPE_OPT);

        return ((rr->ttl >> 16) & 0xFF) == 0;
}

DnsResourceKey* dns_resource_key_new(uint16_t class, uint16_t type, const char *name);
DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const DnsResourceRecord *cname);
int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key, char *name);
DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name);
DnsResourceKey* dns_resource_key_ref(DnsResourceKey *key);
DnsResourceKey* dns_resource_key_unref(DnsResourceKey *key);
const char* dns_resource_key_name(const DnsResourceKey *key);
bool dns_resource_key_is_address(const DnsResourceKey *key);
bool dns_resource_key_is_dnssd_ptr(const DnsResourceKey *key);
int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b);
int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain);
int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsResourceKey *cname, const char *search_domain);
int dns_resource_key_match_soa(const DnsResourceKey *key, const DnsResourceKey *soa);

/* _DNS_{CLASS,TYPE}_STRING_MAX include one byte for NUL, which we use for space instead below.
 * DNS_HOSTNAME_MAX does not include the NUL byte, so we need to add 1. */
#define DNS_RESOURCE_KEY_STRING_MAX (_DNS_CLASS_STRING_MAX + _DNS_TYPE_STRING_MAX + DNS_HOSTNAME_MAX + 1)

char* dns_resource_key_to_string(const DnsResourceKey *key, char *buf, size_t buf_size);
ssize_t dns_resource_record_payload(DnsResourceRecord *rr, void **out);

DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceKey*, dns_resource_key_unref);

static inline bool dns_key_is_shared(const DnsResourceKey *key) {
        return IN_SET(key->type, DNS_TYPE_PTR);
}

bool dns_resource_key_reduce(DnsResourceKey **a, DnsResourceKey **b);

DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key);
DnsResourceRecord* dns_resource_record_new_full(uint16_t class, uint16_t type, const char *name);
DnsResourceRecord* dns_resource_record_ref(DnsResourceRecord *rr);
DnsResourceRecord* dns_resource_record_unref(DnsResourceRecord *rr);
int dns_resource_record_new_reverse(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name);
int dns_resource_record_new_address(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name);
int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecord *b);
const char* dns_resource_record_to_string(DnsResourceRecord *rr);
DnsResourceRecord *dns_resource_record_copy(DnsResourceRecord *rr);
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceRecord*, dns_resource_record_unref);

int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical);

int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret);
int dns_resource_record_source(DnsResourceRecord *rr, const char **ret);
int dns_resource_record_is_signer(DnsResourceRecord *rr, const char *zone);
int dns_resource_record_is_synthetic(DnsResourceRecord *rr);

int dns_resource_record_clamp_ttl(DnsResourceRecord **rr, uint32_t max_ttl);

DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i);
bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b);
DnsTxtItem *dns_txt_item_copy(DnsTxtItem *i);
int dns_txt_item_new_empty(DnsTxtItem **ret);

void dns_resource_record_hash_func(const void *i, struct siphash *state);

extern const struct hash_ops dns_resource_key_hash_ops;
extern const struct hash_ops dns_resource_record_hash_ops;

int dnssec_algorithm_to_string_alloc(int i, char **ret);
int dnssec_algorithm_from_string(const char *s) _pure_;

int dnssec_digest_to_string_alloc(int i, char **ret);
int dnssec_digest_from_string(const char *s) _pure_;
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
74b2466e LP	2	#pragma once
	3
	4	/***
	5	This file is part of systemd.
	6
	7	Copyright 2014 Lennart Poettering
	8
	9	systemd is free software; you can redistribute it and/or modify it
	10	under the terms of the GNU Lesser General Public License as published by
	11	the Free Software Foundation; either version 2.1 of the License, or
	12	(at your option) any later version.
	13
	14	systemd is distributed in the hope that it will be useful, but
	15	WITHOUT ANY WARRANTY; without even the implied warranty of
	16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	Lesser General Public License for more details.
	18
	19	You should have received a copy of the GNU Lesser General Public License
	20	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	21	***/
	22
74b2466e LP	23	#include <netinet/in.h>
74b2466e LP	24
50f1e641	25	#include "bitmap.h"
71d35b6b	26	#include "dns-type.h"
322345fd	27	#include "hashmap.h"
623a4c97	28	#include "in-addr-util.h"
2001c805	29	#include "list.h"
1c02e7ba	30	#include "string-util.h"
74b2466e LP	31
	32	typedef struct DnsResourceKey DnsResourceKey;
	33	typedef struct DnsResourceRecord DnsResourceRecord;
2001c805	34	typedef struct DnsTxtItem DnsTxtItem;
74b2466e	35
8730bccf	36	/* DNSKEY RR flags */
8730bccf	37	#define DNSKEY_FLAG_SEP (UINT16_C(1) << 0)
28b8191e LP	38	#define DNSKEY_FLAG_REVOKE (UINT16_C(1) << 7)
28b8191e LP	39	#define DNSKEY_FLAG_ZONE_KEY (UINT16_C(1) << 8)
8730bccf	40
23502de3 DM	41	/* mDNS RR flags */
	42	#define MDNS_RR_CACHE_FLUSH (UINT16_C(1) << 15)
	43
8730bccf LP	44	/* DNSSEC algorithm identifiers, see
	45	* http://tools.ietf.org/html/rfc4034#appendix-A.1 and
	46	* https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
	47	enum {
	48	DNSSEC_ALGORITHM_RSAMD5 = 1,
	49	DNSSEC_ALGORITHM_DH,
	50	DNSSEC_ALGORITHM_DSA,
	51	DNSSEC_ALGORITHM_ECC,
	52	DNSSEC_ALGORITHM_RSASHA1,
	53	DNSSEC_ALGORITHM_DSA_NSEC3_SHA1,
	54	DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
6f717d08 LP	55	DNSSEC_ALGORITHM_RSASHA256 = 8, /* RFC 5702 */
	56	DNSSEC_ALGORITHM_RSASHA512 = 10, /* RFC 5702 */
	57	DNSSEC_ALGORITHM_ECC_GOST = 12, /* RFC 5933 */
e0240c64 LP	58	DNSSEC_ALGORITHM_ECDSAP256SHA256 = 13, /* RFC 6605 */
e0240c64 LP	59	DNSSEC_ALGORITHM_ECDSAP384SHA384 = 14, /* RFC 6605 */
cb9eeb06 MCO	60	DNSSEC_ALGORITHM_ED25519 = 15, /* RFC 8080 */
cb9eeb06 MCO	61	DNSSEC_ALGORITHM_ED448 = 16, /* RFC 8080 */
8730bccf LP	62	DNSSEC_ALGORITHM_INDIRECT = 252,
	63	DNSSEC_ALGORITHM_PRIVATEDNS,
	64	DNSSEC_ALGORITHM_PRIVATEOID,
	65	_DNSSEC_ALGORITHM_MAX_DEFINED
	66	};
	67
	68	/* DNSSEC digest identifiers, see
	69	* https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
	70	enum {
	71	DNSSEC_DIGEST_SHA1 = 1,
6f717d08 LP	72	DNSSEC_DIGEST_SHA256 = 2, /* RFC 4509 */
	73	DNSSEC_DIGEST_GOST_R_34_11_94 = 3, /* RFC 5933 */
	74	DNSSEC_DIGEST_SHA384 = 4, /* RFC 6605 */
8730bccf LP	75	_DNSSEC_DIGEST_MAX_DEFINED
	76	};
	77
d15ad742 LP	78	/* DNSSEC NSEC3 hash algorithms, see
	79	* https://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml */
	80	enum {
	81	NSEC3_ALGORITHM_SHA1 = 1,
	82	_NSEC3_ALGORITHM_MAX_DEFINED
	83	};
	84
74b2466e	85	struct DnsResourceKey {
f57e3cd5	86	unsigned n_ref; /* (unsigned -1) for const keys, see below */
faa133f3	87	uint16_t class, type;
96d49011	88	char _name; / don't access directly, use dns_resource_key_name()! */
74b2466e LP	89	};
74b2466e LP	90
1b4f6e79 LP	91	/* Creates a temporary resource key. This is only useful to quickly
	92	* look up something, without allocating a full DnsResourceKey object
	93	* for it. Note that it is not OK to take references to this kind of
	94	* resource key object. */
	95	#define DNS_RESOURCE_KEY_CONST(c, t, n) \
	96	((DnsResourceKey) { \
	97	.n_ref = (unsigned) -1, \
	98	.class = c, \
	99	.type = t, \
	100	._name = (char*) n, \
	101	})
	102
	103
2001c805 LP	104	struct DnsTxtItem {
	105	size_t length;
	106	LIST_FIELDS(DnsTxtItem, items);
	107	uint8_t data[];
	108	};
	109
74b2466e LP	110	struct DnsResourceRecord {
74b2466e LP	111	unsigned n_ref;
faa133f3	112	DnsResourceKey *key;
97c67192	113
7b50eb2e	114	char *to_string;
97c67192	115
74b2466e	116	uint32_t ttl;
ee3d6aff	117	usec_t expiry; /* RRSIG signature expiry */
97c67192 LP	118
	119	/* How many labels to strip to determine "signer" of the RRSIG (aka, the zone). -1 if not signed. */
	120	unsigned n_skip_labels_signer;
	121	/* How many labels to strip to determine "synthesizing source" of this RR, i.e. the wildcard's immediate parent. -1 if not signed. */
	122	unsigned n_skip_labels_source;
	123
a8812dd7	124	bool unparseable:1;
97c67192	125
a8812dd7 LP	126	bool wire_format_canonical:1;
	127	void *wire_format;
	128	size_t wire_format_size;
	129	size_t wire_format_rdata_offset;
97c67192	130
74b2466e LP	131	union {
	132	struct {
	133	void *data;
a43a068a	134	size_t data_size;
d75acfb0	135	} generic, opt;
74b2466e	136
9c92ce6d LP	137	struct {
	138	uint16_t priority;
	139	uint16_t weight;
	140	uint16_t port;
	141	char *name;
	142	} srv;
74b2466e LP	143
	144	struct {
	145	char *name;
8ac4e9e1	146	} ptr, ns, cname, dname;
74b2466e LP	147
	148	struct {
	149	char *cpu;
	150	char *os;
	151	} hinfo;
	152
2e276efc	153	struct {
2001c805	154	DnsTxtItem *items;
c0eb11cf	155	} txt, spf;
74b2466e LP	156
	157	struct {
	158	struct in_addr in_addr;
	159	} a;
	160
	161	struct {
	162	struct in6_addr in6_addr;
	163	} aaaa;
7e8e0422 LP	164
	165	struct {
	166	char *mname;
	167	char *rname;
	168	uint32_t serial;
	169	uint32_t refresh;
	170	uint32_t retry;
	171	uint32_t expire;
	172	uint32_t minimum;
	173	} soa;
946c7094 ZJS	174
	175	struct {
	176	uint16_t priority;
	177	char *exchange;
	178	} mx;
0dae31d4	179
6af47493	180	/* https://tools.ietf.org/html/rfc1876 */
0dae31d4 ZJS	181	struct {
	182	uint8_t version;
	183	uint8_t size;
	184	uint8_t horiz_pre;
	185	uint8_t vert_pre;
	186	uint32_t latitude;
	187	uint32_t longitude;
	188	uint32_t altitude;
	189	} loc;
42cc2eeb	190
549c1a25	191	/* https://tools.ietf.org/html/rfc4255#section-3.1 */
42cc2eeb LP	192	struct {
	193	uint8_t algorithm;
	194	uint8_t fptype;
549c1a25 TG	195	void *fingerprint;
549c1a25 TG	196	size_t fingerprint_size;
42cc2eeb	197	} sshfp;
8db0d2f5 ZJS	198
	199	/* http://tools.ietf.org/html/rfc4034#section-2.1 */
	200	struct {
f91dc240 LP	201	uint16_t flags;
f91dc240 LP	202	uint8_t protocol;
8db0d2f5 ZJS	203	uint8_t algorithm;
	204	void* key;
	205	size_t key_size;
	206	} dnskey;
151226ab ZJS	207
	208	/* http://tools.ietf.org/html/rfc4034#section-3.1 */
	209	struct {
	210	uint16_t type_covered;
	211	uint8_t algorithm;
	212	uint8_t labels;
	213	uint32_t original_ttl;
	214	uint32_t expiration;
	215	uint32_t inception;
	216	uint16_t key_tag;
	217	char *signer;
	218	void *signature;
	219	size_t signature_size;
	220	} rrsig;
50f1e641	221
9ead3519	222	/* https://tools.ietf.org/html/rfc4034#section-4.1 */
50f1e641 TG	223	struct {
	224	char *next_domain_name;
	225	Bitmap *types;
	226	} nsec;
5d45a880	227
6af47493 LP	228	/* https://tools.ietf.org/html/rfc4034#section-5.1 */
	229	struct {
	230	uint16_t key_tag;
	231	uint8_t algorithm;
	232	uint8_t digest_type;
	233	void *digest;
	234	size_t digest_size;
	235	} ds;
	236
5d45a880 TG	237	struct {
	238	uint8_t algorithm;
	239	uint8_t flags;
	240	uint16_t iterations;
	241	void *salt;
	242	size_t salt_size;
	243	void *next_hashed_name;
	244	size_t next_hashed_name_size;
	245	Bitmap *types;
	246	} nsec3;
48d45d2b ZJS	247
	248	/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23 */
	249	struct {
	250	uint8_t cert_usage;
	251	uint8_t selector;
	252	uint8_t matching_type;
	253	void *data;
	254	size_t data_size;
	255	} tlsa;
95052df3 ZJS	256
	257	/* https://tools.ietf.org/html/rfc6844 */
	258	struct {
	259	uint8_t flags;
	260	char *tag;
	261	void *value;
	262	size_t value_size;
	263	} caa;
74b2466e LP	264	};
	265	};
	266
85aeaccc LP	267	static inline const void* DNS_RESOURCE_RECORD_RDATA(DnsResourceRecord *rr) {
	268	if (!rr)
	269	return NULL;
	270
	271	if (!rr->wire_format)
	272	return NULL;
	273
	274	assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
	275	return (uint8_t*) rr->wire_format + rr->wire_format_rdata_offset;
	276	}
	277
	278	static inline size_t DNS_RESOURCE_RECORD_RDATA_SIZE(DnsResourceRecord *rr) {
	279	if (!rr)
	280	return 0;
	281	if (!rr->wire_format)
	282	return 0;
	283
	284	assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
	285	return rr->wire_format_size - rr->wire_format_rdata_offset;
	286	}
	287
b30bf55d LP	288	static inline uint8_t DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(DnsResourceRecord *rr) {
	289	assert(rr);
	290	assert(rr->key->type == DNS_TYPE_OPT);
	291
	292	return ((rr->ttl >> 16) & 0xFF) == 0;
	293	}
	294
faa133f3	295	DnsResourceKey* dns_resource_key_new(uint16_t class, uint16_t type, const char *name);
36d9205d	296	DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey key, const DnsResourceRecord cname);
801ad6a6	297	int dns_resource_key_new_append_suffix(DnsResourceKey *ret, DnsResourceKey key, char *name);
faa133f3 LP	298	DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name);
	299	DnsResourceKey* dns_resource_key_ref(DnsResourceKey *key);
	300	DnsResourceKey* dns_resource_key_unref(DnsResourceKey *key);
1c02e7ba	301	const char* dns_resource_key_name(const DnsResourceKey *key);
28b9b764	302	bool dns_resource_key_is_address(const DnsResourceKey *key);
a2bf8a19	303	bool dns_resource_key_is_dnssd_ptr(const DnsResourceKey *key);
faa133f3	304	int dns_resource_key_equal(const DnsResourceKey a, const DnsResourceKey b);
105e1512	305	int dns_resource_key_match_rr(const DnsResourceKey key, DnsResourceRecord rr, const char *search_domain);
5d27351f	306	int dns_resource_key_match_cname_or_dname(const DnsResourceKey key, const DnsResourceKey cname, const char *search_domain);
547973de	307	int dns_resource_key_match_soa(const DnsResourceKey key, const DnsResourceKey soa);
202b76ae ZJS	308
	309	/* _DNS_{CLASS,TYPE}_STRING_MAX include one byte for NUL, which we use for space instead below.
	310	* DNS_HOSTNAME_MAX does not include the NUL byte, so we need to add 1. */
	311	#define DNS_RESOURCE_KEY_STRING_MAX (_DNS_CLASS_STRING_MAX + _DNS_TYPE_STRING_MAX + DNS_HOSTNAME_MAX + 1)
	312
	313	char* dns_resource_key_to_string(const DnsResourceKey key, char buf, size_t buf_size);
2e74028a ZJS	314	ssize_t dns_resource_record_payload(DnsResourceRecord rr, void *out);
2e74028a ZJS	315
faa133f3	316	DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceKey*, dns_resource_key_unref);
322345fd	317
7778dfff DM	318	static inline bool dns_key_is_shared(const DnsResourceKey *key) {
	319	return IN_SET(key->type, DNS_TYPE_PTR);
	320	}
	321
f57e3cd5 LP	322	bool dns_resource_key_reduce(DnsResourceKey a, DnsResourceKey b);
f57e3cd5 LP	323
faa133f3	324	DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key);
8bf52d3d	325	DnsResourceRecord* dns_resource_record_new_full(uint16_t class, uint16_t type, const char *name);
74b2466e LP	326	DnsResourceRecord* dns_resource_record_ref(DnsResourceRecord *rr);
74b2466e LP	327	DnsResourceRecord* dns_resource_record_unref(DnsResourceRecord *rr);
623a4c97	328	int dns_resource_record_new_reverse(DnsResourceRecord *ret, int family, const union in_addr_union address, const char *name);
78c6a153	329	int dns_resource_record_new_address(DnsResourceRecord *ret, int family, const union in_addr_union address, const char *name);
322345fd	330	int dns_resource_record_equal(const DnsResourceRecord a, const DnsResourceRecord b);
7b50eb2e	331	const char* dns_resource_record_to_string(DnsResourceRecord *rr);
17c8de63	332	DnsResourceRecord dns_resource_record_copy(DnsResourceRecord rr);
faa133f3	333	DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceRecord*, dns_resource_record_unref);
322345fd	334
a8812dd7 LP	335	int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical);
a8812dd7 LP	336
97c67192 LP	337	int dns_resource_record_signer(DnsResourceRecord rr, const char *ret);
	338	int dns_resource_record_source(DnsResourceRecord rr, const char *ret);
	339	int dns_resource_record_is_signer(DnsResourceRecord rr, const char zone);
ab481675	340	int dns_resource_record_is_synthetic(DnsResourceRecord *rr);
97c67192	341
17c8de63 LP	342	int dns_resource_record_clamp_ttl(DnsResourceRecord **rr, uint32_t max_ttl);
17c8de63 LP	343
2001c805 LP	344	DnsTxtItem dns_txt_item_free_all(DnsTxtItem i);
2001c805 LP	345	bool dns_txt_item_equal(DnsTxtItem a, DnsTxtItem b);
17c8de63	346	DnsTxtItem dns_txt_item_copy(DnsTxtItem i);
ebb779dc	347	int dns_txt_item_new_empty(DnsTxtItem **ret);
2001c805	348
6d99904f ZJS	349	void dns_resource_record_hash_func(const void i, struct siphash state);
6d99904f ZJS	350
d5099efc	351	extern const struct hash_ops dns_resource_key_hash_ops;
c9c72065	352	extern const struct hash_ops dns_resource_record_hash_ops;
8730bccf	353
8e54f5d9	354	int dnssec_algorithm_to_string_alloc(int i, char **ret);
8730bccf LP	355	int dnssec_algorithm_from_string(const char *s) _pure_;
8730bccf LP	356
8e54f5d9	357	int dnssec_digest_to_string_alloc(int i, char **ret);
8730bccf	358	int dnssec_digest_from_string(const char *s) _pure_;