]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
af49ca27 LP |
2 | #pragma once |
3 | ||
a2106925 | 4 | #include "conf-parser.h" |
af49ca27 LP |
5 | #include "macro.h" |
6 | ||
7 | typedef enum ResolveSupport ResolveSupport; | |
ad6c0475 | 8 | typedef enum DnssecMode DnssecMode; |
c9299be2 | 9 | typedef enum DnsOverTlsMode DnsOverTlsMode; |
af49ca27 LP |
10 | |
11 | enum ResolveSupport { | |
12 | RESOLVE_SUPPORT_NO, | |
13 | RESOLVE_SUPPORT_YES, | |
14 | RESOLVE_SUPPORT_RESOLVE, | |
15 | _RESOLVE_SUPPORT_MAX, | |
16 | _RESOLVE_SUPPORT_INVALID = -1 | |
17 | }; | |
18 | ||
ad6c0475 LP |
19 | enum DnssecMode { |
20 | /* No DNSSEC validation is done */ | |
21 | DNSSEC_NO, | |
22 | ||
23 | /* Validate locally, if the server knows DO, but if not, | |
24 | * don't. Don't trust the AD bit. If the server doesn't do | |
25 | * DNSSEC properly, downgrade to non-DNSSEC operation. Of | |
26 | * course, we then are vulnerable to a downgrade attack, but | |
27 | * that's life and what is configured. */ | |
28 | DNSSEC_ALLOW_DOWNGRADE, | |
29 | ||
30 | /* Insist on DNSSEC server support, and rather fail than downgrading. */ | |
31 | DNSSEC_YES, | |
32 | ||
33 | _DNSSEC_MODE_MAX, | |
34 | _DNSSEC_MODE_INVALID = -1 | |
35 | }; | |
36 | ||
c9299be2 | 37 | enum DnsOverTlsMode { |
5d67a7ae | 38 | /* No connection is made for DNS-over-TLS */ |
c9299be2 | 39 | DNS_OVER_TLS_NO, |
5d67a7ae IT |
40 | |
41 | /* Try to connect using DNS-over-TLS, but if connection fails, | |
42 | * fallback to using an unencrypted connection */ | |
c9299be2 | 43 | DNS_OVER_TLS_OPPORTUNISTIC, |
5d67a7ae | 44 | |
c9299be2 IT |
45 | _DNS_OVER_TLS_MODE_MAX, |
46 | _DNS_OVER_TLS_MODE_INVALID = -1 | |
5d67a7ae IT |
47 | }; |
48 | ||
a2106925 LP |
49 | CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support); |
50 | CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode); | |
c9299be2 | 51 | CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode); |
af49ca27 LP |
52 | |
53 | const char* resolve_support_to_string(ResolveSupport p) _const_; | |
54 | ResolveSupport resolve_support_from_string(const char *s) _pure_; | |
ad6c0475 LP |
55 | |
56 | const char* dnssec_mode_to_string(DnssecMode p) _const_; | |
57 | DnssecMode dnssec_mode_from_string(const char *s) _pure_; | |
5d67a7ae | 58 | |
c9299be2 IT |
59 | const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_; |
60 | DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_; |