]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/dns-type.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2014 Zbigniew Jędrzejewski-Szmek
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 #include <sys/socket.h>
24 #include "parse-util.h"
25 #include "string-util.h"
27 typedef const struct {
32 static const struct dns_type_name
*
33 lookup_dns_type (register const char *str
, register GPERF_LEN_TYPE len
);
35 #include "dns_type-from-name.h"
36 #include "dns_type-to-name.h"
38 int dns_type_from_string(const char *s
) {
39 const struct dns_type_name
*sc
;
43 sc
= lookup_dns_type(s
, strlen(s
));
47 s
= startswith_no_case(s
, "TYPE");
51 if (safe_atou(s
, &x
) >= 0 &&
56 return _DNS_TYPE_INVALID
;
59 bool dns_type_is_pseudo(uint16_t type
) {
61 /* Checks whether the specified type is a "pseudo-type". What
62 * a "pseudo-type" precisely is, is defined only very weakly,
63 * but apparently entails all RR types that are not actually
64 * stored as RRs on the server and should hence also not be
65 * cached. We use this list primarily to validate NSEC type
66 * bitfields, and to verify what to cache. */
69 0, /* A Pseudo RR type, according to RFC 2931 */
79 bool dns_class_is_pseudo(uint16_t class) {
80 return class == DNS_TYPE_ANY
;
83 bool dns_type_is_valid_query(uint16_t type
) {
85 /* The types valid as questions in packets */
93 /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
94 * they aren't really payload, but signatures for payload, and cannot be validated on their
95 * own. After all they are the signatures, and have no signatures of their own validating
100 bool dns_type_is_zone_transer(uint16_t type
) {
102 /* Zone transfers, either normal or incremental */
109 bool dns_type_is_valid_rr(uint16_t type
) {
111 /* The types valid as RR in packets (but not necessarily
112 * stored on servers). */
120 bool dns_class_is_valid_rr(uint16_t class) {
121 return class != DNS_CLASS_ANY
;
124 bool dns_type_may_redirect(uint16_t type
) {
125 /* The following record types should never be redirected using
126 * CNAME/DNAME RRs. See
127 * <https://tools.ietf.org/html/rfc4035#section-2.5>. */
129 if (dns_type_is_pseudo(type
))
143 bool dns_type_may_wildcard(uint16_t type
) {
145 /* The following records may not be expanded from wildcard RRsets */
147 if (dns_type_is_pseudo(type
))
154 /* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */
158 bool dns_type_apex_only(uint16_t type
) {
160 /* Returns true for all RR types that may only appear signed in a zone apex */
164 DNS_TYPE_NS
, /* this one can appear elsewhere, too, but not signed */
166 DNS_TYPE_NSEC3PARAM
);
169 bool dns_type_is_dnssec(uint16_t type
) {
176 DNS_TYPE_NSEC3PARAM
);
179 bool dns_type_is_obsolete(uint16_t type
) {
181 /* Obsoleted by RFC 973 */
186 /* Kinda obsoleted by RFC 2505 */
193 /* RFC1127 kinda obsoleted this by recommending against its use */
196 /* Declared historical by RFC 6563 */
199 /* Obsoleted by DNSSEC-bis */
202 /* RFC 1035 removed support for concepts that needed this from RFC 883 */
206 bool dns_type_needs_authentication(uint16_t type
) {
208 /* Returns true for all (non-obsolete) RR types where records are not useful if they aren't
209 * authenticated. I.e. everything that contains crypto keys. */
223 int dns_type_to_af(uint16_t t
) {
240 const char *dns_class_to_string(uint16_t class) {
254 int dns_class_from_string(const char *s
) {
257 return _DNS_CLASS_INVALID
;
259 if (strcaseeq(s
, "IN"))
261 else if (strcaseeq(s
, "ANY"))
262 return DNS_CLASS_ANY
;
264 return _DNS_CLASS_INVALID
;
267 const char* tlsa_cert_usage_to_string(uint8_t cert_usage
) {
269 switch (cert_usage
) {
272 return "CA constraint";
275 return "Service certificate constraint";
278 return "Trust anchor assertion";
281 return "Domain-issued certificate";
287 return "Private use";
290 return NULL
; /* clang cannot count that we covered everything */
293 const char* tlsa_selector_to_string(uint8_t selector
) {
297 return "Full Certificate";
300 return "SubjectPublicKeyInfo";
306 return "Private use";
312 const char* tlsa_matching_type_to_string(uint8_t selector
) {
317 return "No hash used";
329 return "Private use";