1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2014 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 #include "alloc-util.h"
26 #include "dns-domain.h"
27 #include "resolved-dns-packet.h"
28 #include "string-table.h"
30 #include "unaligned.h"
34 #define EDNS0_OPT_DO (1<<15)
36 assert_cc(DNS_PACKET_SIZE_START
> DNS_PACKET_HEADER_SIZE
)
38 typedef struct DnsPacketRewinder
{
43 static void rewind_dns_packet(DnsPacketRewinder
*rewinder
) {
45 dns_packet_rewind(rewinder
->packet
, rewinder
->saved_rindex
);
48 #define INIT_REWINDER(rewinder, p) do { rewinder.packet = p; rewinder.saved_rindex = p->rindex; } while (0)
49 #define CANCEL_REWINDER(rewinder) do { rewinder.packet = NULL; } while (0)
54 size_t min_alloc_dsize
,
61 assert(max_size
>= DNS_PACKET_HEADER_SIZE
);
63 if (max_size
> DNS_PACKET_SIZE_MAX
)
64 max_size
= DNS_PACKET_SIZE_MAX
;
66 /* The caller may not check what is going to be truly allocated, so do not allow to
67 * allocate a DNS packet bigger than DNS_PACKET_SIZE_MAX.
69 if (min_alloc_dsize
> DNS_PACKET_SIZE_MAX
) {
70 log_error("Requested packet data size too big: %zu", min_alloc_dsize
);
74 /* When dns_packet_new() is called with min_alloc_dsize == 0, allocate more than the
75 * absolute minimum (which is the dns packet header size), to avoid
76 * resizing immediately again after appending the first data to the packet.
78 if (min_alloc_dsize
< DNS_PACKET_HEADER_SIZE
)
79 a
= DNS_PACKET_SIZE_START
;
83 /* round up to next page size */
84 a
= PAGE_ALIGN(ALIGN(sizeof(DnsPacket
)) + a
) - ALIGN(sizeof(DnsPacket
));
86 /* make sure we never allocate more than useful */
90 p
= malloc0(ALIGN(sizeof(DnsPacket
)) + a
);
94 p
->size
= p
->rindex
= DNS_PACKET_HEADER_SIZE
;
96 p
->max_size
= max_size
;
97 p
->protocol
= protocol
;
98 p
->opt_start
= p
->opt_size
= (size_t) -1;
106 void dns_packet_set_flags(DnsPacket
*p
, bool dnssec_checking_disabled
, bool truncated
) {
112 h
= DNS_PACKET_HEADER(p
);
114 switch(p
->protocol
) {
115 case DNS_PROTOCOL_LLMNR
:
118 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
129 case DNS_PROTOCOL_MDNS
:
130 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
134 0 /* rd (ask for recursion) */,
144 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
148 1 /* rd (ask for recursion) */,
151 dnssec_checking_disabled
/* cd */,
156 int dns_packet_new_query(DnsPacket
**ret
, DnsProtocol protocol
, size_t min_alloc_dsize
, bool dnssec_checking_disabled
) {
162 r
= dns_packet_new(&p
, protocol
, min_alloc_dsize
, DNS_PACKET_SIZE_MAX
);
166 /* Always set the TC bit to 0 initially.
167 * If there are multiple packets later, we'll update the bit shortly before sending.
169 dns_packet_set_flags(p
, dnssec_checking_disabled
, false);
175 DnsPacket
*dns_packet_ref(DnsPacket
*p
) {
180 assert(!p
->on_stack
);
182 assert(p
->n_ref
> 0);
187 static void dns_packet_free(DnsPacket
*p
) {
192 dns_question_unref(p
->question
);
193 dns_answer_unref(p
->answer
);
194 dns_resource_record_unref(p
->opt
);
196 while ((s
= hashmap_steal_first_key(p
->names
)))
198 hashmap_free(p
->names
);
206 DnsPacket
*dns_packet_unref(DnsPacket
*p
) {
210 assert(p
->n_ref
> 0);
212 dns_packet_unref(p
->more
);
222 int dns_packet_validate(DnsPacket
*p
) {
225 if (p
->size
< DNS_PACKET_HEADER_SIZE
)
228 if (p
->size
> DNS_PACKET_SIZE_MAX
)
234 int dns_packet_validate_reply(DnsPacket
*p
) {
239 r
= dns_packet_validate(p
);
243 if (DNS_PACKET_QR(p
) != 1)
246 if (DNS_PACKET_OPCODE(p
) != 0)
249 switch (p
->protocol
) {
251 case DNS_PROTOCOL_LLMNR
:
252 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
253 if (DNS_PACKET_QDCOUNT(p
) != 1)
258 case DNS_PROTOCOL_MDNS
:
259 /* RFC 6762, Section 18 */
260 if (DNS_PACKET_RCODE(p
) != 0)
272 int dns_packet_validate_query(DnsPacket
*p
) {
277 r
= dns_packet_validate(p
);
281 if (DNS_PACKET_QR(p
) != 0)
284 if (DNS_PACKET_OPCODE(p
) != 0)
287 if (DNS_PACKET_TC(p
))
290 switch (p
->protocol
) {
292 case DNS_PROTOCOL_LLMNR
:
293 case DNS_PROTOCOL_DNS
:
294 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
295 if (DNS_PACKET_QDCOUNT(p
) != 1)
298 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
299 if (DNS_PACKET_ANCOUNT(p
) > 0)
302 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
303 if (DNS_PACKET_NSCOUNT(p
) > 0)
308 case DNS_PROTOCOL_MDNS
:
309 /* RFC 6762, Section 18 */
310 if (DNS_PACKET_AA(p
) != 0 ||
311 DNS_PACKET_RD(p
) != 0 ||
312 DNS_PACKET_RA(p
) != 0 ||
313 DNS_PACKET_AD(p
) != 0 ||
314 DNS_PACKET_CD(p
) != 0 ||
315 DNS_PACKET_RCODE(p
) != 0)
327 static int dns_packet_extend(DnsPacket
*p
, size_t add
, void **ret
, size_t *start
) {
330 if (p
->size
+ add
> p
->allocated
) {
333 a
= PAGE_ALIGN((p
->size
+ add
) * 2);
335 ms
= dns_packet_size_max(p
);
339 if (p
->size
+ add
> a
)
345 d
= realloc(p
->_data
, a
);
351 p
->_data
= malloc(a
);
355 memcpy(p
->_data
, (uint8_t*) p
+ ALIGN(sizeof(DnsPacket
)), p
->size
);
356 memzero((uint8_t*) p
->_data
+ p
->size
, a
- p
->size
);
366 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->size
;
372 void dns_packet_truncate(DnsPacket
*p
, size_t sz
) {
382 HASHMAP_FOREACH_KEY(n
, s
, p
->names
, i
) {
384 if (PTR_TO_SIZE(n
) < sz
)
387 hashmap_remove(p
->names
, s
);
394 int dns_packet_append_blob(DnsPacket
*p
, const void *d
, size_t l
, size_t *start
) {
400 r
= dns_packet_extend(p
, l
, &q
, start
);
408 int dns_packet_append_uint8(DnsPacket
*p
, uint8_t v
, size_t *start
) {
414 r
= dns_packet_extend(p
, sizeof(uint8_t), &d
, start
);
418 ((uint8_t*) d
)[0] = v
;
423 int dns_packet_append_uint16(DnsPacket
*p
, uint16_t v
, size_t *start
) {
429 r
= dns_packet_extend(p
, sizeof(uint16_t), &d
, start
);
433 unaligned_write_be16(d
, v
);
438 int dns_packet_append_uint32(DnsPacket
*p
, uint32_t v
, size_t *start
) {
444 r
= dns_packet_extend(p
, sizeof(uint32_t), &d
, start
);
448 unaligned_write_be32(d
, v
);
453 int dns_packet_append_string(DnsPacket
*p
, const char *s
, size_t *start
) {
457 return dns_packet_append_raw_string(p
, s
, strlen(s
), start
);
460 int dns_packet_append_raw_string(DnsPacket
*p
, const void *s
, size_t size
, size_t *start
) {
465 assert(s
|| size
== 0);
470 r
= dns_packet_extend(p
, 1 + size
, &d
, start
);
474 ((uint8_t*) d
)[0] = (uint8_t) size
;
476 memcpy_safe(((uint8_t*) d
) + 1, s
, size
);
481 int dns_packet_append_label(DnsPacket
*p
, const char *d
, size_t l
, bool canonical_candidate
, size_t *start
) {
485 /* Append a label to a packet. Optionally, does this in DNSSEC
486 * canonical form, if this label is marked as a candidate for
487 * it, and the canonical form logic is enabled for the
493 if (l
> DNS_LABEL_MAX
)
496 r
= dns_packet_extend(p
, 1 + l
, (void**) &w
, start
);
500 *(w
++) = (uint8_t) l
;
502 if (p
->canonical_form
&& canonical_candidate
) {
505 /* Generate in canonical form, as defined by DNSSEC
506 * RFC 4034, Section 6.2, i.e. all lower-case. */
508 for (i
= 0; i
< l
; i
++)
509 w
[i
] = (uint8_t) ascii_tolower(d
[i
]);
511 /* Otherwise, just copy the string unaltered. This is
512 * essential for DNS-SD, where the casing of labels
513 * matters and needs to be retained. */
519 int dns_packet_append_name(
522 bool allow_compression
,
523 bool canonical_candidate
,
532 if (p
->refuse_compression
)
533 allow_compression
= false;
535 saved_size
= p
->size
;
537 while (!dns_name_is_root(name
)) {
538 const char *z
= name
;
539 char label
[DNS_LABEL_MAX
];
542 if (allow_compression
)
543 n
= PTR_TO_SIZE(hashmap_get(p
->names
, name
));
548 r
= dns_packet_append_uint16(p
, 0xC000 | n
, NULL
);
556 r
= dns_label_unescape(&name
, label
, sizeof(label
));
560 r
= dns_packet_append_label(p
, label
, r
, canonical_candidate
, &n
);
564 if (allow_compression
) {
565 _cleanup_free_
char *s
= NULL
;
573 r
= hashmap_ensure_allocated(&p
->names
, &dns_name_hash_ops
);
577 r
= hashmap_put(p
->names
, s
, SIZE_TO_PTR(n
));
585 r
= dns_packet_append_uint8(p
, 0, NULL
);
596 dns_packet_truncate(p
, saved_size
);
600 int dns_packet_append_key(DnsPacket
*p
, const DnsResourceKey
*k
, const DnsAnswerFlags flags
, size_t *start
) {
608 saved_size
= p
->size
;
610 r
= dns_packet_append_name(p
, dns_resource_key_name(k
), true, true, NULL
);
614 r
= dns_packet_append_uint16(p
, k
->type
, NULL
);
618 class = flags
& DNS_ANSWER_CACHE_FLUSH
? k
->class | MDNS_RR_CACHE_FLUSH
: k
->class;
619 r
= dns_packet_append_uint16(p
, class, NULL
);
629 dns_packet_truncate(p
, saved_size
);
633 static int dns_packet_append_type_window(DnsPacket
*p
, uint8_t window
, uint8_t length
, const uint8_t *types
, size_t *start
) {
641 saved_size
= p
->size
;
643 r
= dns_packet_append_uint8(p
, window
, NULL
);
647 r
= dns_packet_append_uint8(p
, length
, NULL
);
651 r
= dns_packet_append_blob(p
, types
, length
, NULL
);
660 dns_packet_truncate(p
, saved_size
);
664 static int dns_packet_append_types(DnsPacket
*p
, Bitmap
*types
, size_t *start
) {
668 uint8_t bitmaps
[32] = {};
675 saved_size
= p
->size
;
677 BITMAP_FOREACH(n
, types
, i
) {
680 if ((n
>> 8) != window
&& bitmaps
[entry
/ 8] != 0) {
681 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
691 bitmaps
[entry
/ 8] |= 1 << (7 - (entry
% 8));
694 if (bitmaps
[entry
/ 8] != 0) {
695 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
705 dns_packet_truncate(p
, saved_size
);
709 /* Append the OPT pseudo-RR described in RFC6891 */
710 int dns_packet_append_opt(DnsPacket
*p
, uint16_t max_udp_size
, bool edns0_do
, int rcode
, size_t *start
) {
715 /* we must never advertise supported packet size smaller than the legacy max */
716 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
718 assert(rcode
<= _DNS_RCODE_MAX
);
720 if (p
->opt_start
!= (size_t) -1)
723 assert(p
->opt_size
== (size_t) -1);
725 saved_size
= p
->size
;
728 r
= dns_packet_append_uint8(p
, 0, NULL
);
733 r
= dns_packet_append_uint16(p
, DNS_TYPE_OPT
, NULL
);
737 /* class: maximum udp packet that can be received */
738 r
= dns_packet_append_uint16(p
, max_udp_size
, NULL
);
742 /* extended RCODE and VERSION */
743 r
= dns_packet_append_uint16(p
, ((uint16_t) rcode
& 0x0FF0) << 4, NULL
);
747 /* flags: DNSSEC OK (DO), see RFC3225 */
748 r
= dns_packet_append_uint16(p
, edns0_do
? EDNS0_OPT_DO
: 0, NULL
);
753 if (edns0_do
&& !DNS_PACKET_QR(p
)) {
754 /* If DO is on and this is not a reply, also append RFC6975 Algorithm data */
756 static const uint8_t rfc6975
[] = {
758 0, 5, /* OPTION_CODE: DAU */
759 #if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
760 0, 7, /* LIST_LENGTH */
762 0, 6, /* LIST_LENGTH */
764 DNSSEC_ALGORITHM_RSASHA1
,
765 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1
,
766 DNSSEC_ALGORITHM_RSASHA256
,
767 DNSSEC_ALGORITHM_RSASHA512
,
768 DNSSEC_ALGORITHM_ECDSAP256SHA256
,
769 DNSSEC_ALGORITHM_ECDSAP384SHA384
,
770 #if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
771 DNSSEC_ALGORITHM_ED25519
,
774 0, 6, /* OPTION_CODE: DHU */
775 0, 3, /* LIST_LENGTH */
777 DNSSEC_DIGEST_SHA256
,
778 DNSSEC_DIGEST_SHA384
,
780 0, 7, /* OPTION_CODE: N3U */
781 0, 1, /* LIST_LENGTH */
782 NSEC3_ALGORITHM_SHA1
,
785 r
= dns_packet_append_uint16(p
, sizeof(rfc6975
), NULL
);
789 r
= dns_packet_append_blob(p
, rfc6975
, sizeof(rfc6975
), NULL
);
791 r
= dns_packet_append_uint16(p
, 0, NULL
);
795 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) + 1);
797 p
->opt_start
= saved_size
;
798 p
->opt_size
= p
->size
- saved_size
;
806 dns_packet_truncate(p
, saved_size
);
810 int dns_packet_truncate_opt(DnsPacket
*p
) {
813 if (p
->opt_start
== (size_t) -1) {
814 assert(p
->opt_size
== (size_t) -1);
818 assert(p
->opt_size
!= (size_t) -1);
819 assert(DNS_PACKET_ARCOUNT(p
) > 0);
821 if (p
->opt_start
+ p
->opt_size
!= p
->size
)
824 dns_packet_truncate(p
, p
->opt_start
);
825 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) - 1);
826 p
->opt_start
= p
->opt_size
= (size_t) -1;
831 int dns_packet_append_rr(DnsPacket
*p
, const DnsResourceRecord
*rr
, const DnsAnswerFlags flags
, size_t *start
, size_t *rdata_start
) {
833 size_t saved_size
, rdlength_offset
, end
, rdlength
, rds
;
840 saved_size
= p
->size
;
842 r
= dns_packet_append_key(p
, rr
->key
, flags
, NULL
);
846 ttl
= flags
& DNS_ANSWER_GOODBYE
? 0 : rr
->ttl
;
847 r
= dns_packet_append_uint32(p
, ttl
, NULL
);
851 /* Initially we write 0 here */
852 r
= dns_packet_append_uint16(p
, 0, &rdlength_offset
);
856 rds
= p
->size
- saved_size
;
858 switch (rr
->unparseable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
861 r
= dns_packet_append_uint16(p
, rr
->srv
.priority
, NULL
);
865 r
= dns_packet_append_uint16(p
, rr
->srv
.weight
, NULL
);
869 r
= dns_packet_append_uint16(p
, rr
->srv
.port
, NULL
);
873 r
= dns_packet_append_name(p
, rr
->srv
.name
, true, false, NULL
);
880 r
= dns_packet_append_name(p
, rr
->ptr
.name
, true, false, NULL
);
884 r
= dns_packet_append_string(p
, rr
->hinfo
.cpu
, NULL
);
888 r
= dns_packet_append_string(p
, rr
->hinfo
.os
, NULL
);
891 case DNS_TYPE_SPF
: /* exactly the same as TXT */
894 if (!rr
->txt
.items
) {
895 /* RFC 6763, section 6.1 suggests to generate
896 * single empty string for an empty array. */
898 r
= dns_packet_append_raw_string(p
, NULL
, 0, NULL
);
904 LIST_FOREACH(items
, i
, rr
->txt
.items
) {
905 r
= dns_packet_append_raw_string(p
, i
->data
, i
->length
, NULL
);
915 r
= dns_packet_append_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
919 r
= dns_packet_append_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
923 r
= dns_packet_append_name(p
, rr
->soa
.mname
, true, false, NULL
);
927 r
= dns_packet_append_name(p
, rr
->soa
.rname
, true, false, NULL
);
931 r
= dns_packet_append_uint32(p
, rr
->soa
.serial
, NULL
);
935 r
= dns_packet_append_uint32(p
, rr
->soa
.refresh
, NULL
);
939 r
= dns_packet_append_uint32(p
, rr
->soa
.retry
, NULL
);
943 r
= dns_packet_append_uint32(p
, rr
->soa
.expire
, NULL
);
947 r
= dns_packet_append_uint32(p
, rr
->soa
.minimum
, NULL
);
951 r
= dns_packet_append_uint16(p
, rr
->mx
.priority
, NULL
);
955 r
= dns_packet_append_name(p
, rr
->mx
.exchange
, true, false, NULL
);
959 r
= dns_packet_append_uint8(p
, rr
->loc
.version
, NULL
);
963 r
= dns_packet_append_uint8(p
, rr
->loc
.size
, NULL
);
967 r
= dns_packet_append_uint8(p
, rr
->loc
.horiz_pre
, NULL
);
971 r
= dns_packet_append_uint8(p
, rr
->loc
.vert_pre
, NULL
);
975 r
= dns_packet_append_uint32(p
, rr
->loc
.latitude
, NULL
);
979 r
= dns_packet_append_uint32(p
, rr
->loc
.longitude
, NULL
);
983 r
= dns_packet_append_uint32(p
, rr
->loc
.altitude
, NULL
);
987 r
= dns_packet_append_uint16(p
, rr
->ds
.key_tag
, NULL
);
991 r
= dns_packet_append_uint8(p
, rr
->ds
.algorithm
, NULL
);
995 r
= dns_packet_append_uint8(p
, rr
->ds
.digest_type
, NULL
);
999 r
= dns_packet_append_blob(p
, rr
->ds
.digest
, rr
->ds
.digest_size
, NULL
);
1002 case DNS_TYPE_SSHFP
:
1003 r
= dns_packet_append_uint8(p
, rr
->sshfp
.algorithm
, NULL
);
1007 r
= dns_packet_append_uint8(p
, rr
->sshfp
.fptype
, NULL
);
1011 r
= dns_packet_append_blob(p
, rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, NULL
);
1014 case DNS_TYPE_DNSKEY
:
1015 r
= dns_packet_append_uint16(p
, rr
->dnskey
.flags
, NULL
);
1019 r
= dns_packet_append_uint8(p
, rr
->dnskey
.protocol
, NULL
);
1023 r
= dns_packet_append_uint8(p
, rr
->dnskey
.algorithm
, NULL
);
1027 r
= dns_packet_append_blob(p
, rr
->dnskey
.key
, rr
->dnskey
.key_size
, NULL
);
1030 case DNS_TYPE_RRSIG
:
1031 r
= dns_packet_append_uint16(p
, rr
->rrsig
.type_covered
, NULL
);
1035 r
= dns_packet_append_uint8(p
, rr
->rrsig
.algorithm
, NULL
);
1039 r
= dns_packet_append_uint8(p
, rr
->rrsig
.labels
, NULL
);
1043 r
= dns_packet_append_uint32(p
, rr
->rrsig
.original_ttl
, NULL
);
1047 r
= dns_packet_append_uint32(p
, rr
->rrsig
.expiration
, NULL
);
1051 r
= dns_packet_append_uint32(p
, rr
->rrsig
.inception
, NULL
);
1055 r
= dns_packet_append_uint16(p
, rr
->rrsig
.key_tag
, NULL
);
1059 r
= dns_packet_append_name(p
, rr
->rrsig
.signer
, false, true, NULL
);
1063 r
= dns_packet_append_blob(p
, rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, NULL
);
1067 r
= dns_packet_append_name(p
, rr
->nsec
.next_domain_name
, false, false, NULL
);
1071 r
= dns_packet_append_types(p
, rr
->nsec
.types
, NULL
);
1077 case DNS_TYPE_NSEC3
:
1078 r
= dns_packet_append_uint8(p
, rr
->nsec3
.algorithm
, NULL
);
1082 r
= dns_packet_append_uint8(p
, rr
->nsec3
.flags
, NULL
);
1086 r
= dns_packet_append_uint16(p
, rr
->nsec3
.iterations
, NULL
);
1090 r
= dns_packet_append_uint8(p
, rr
->nsec3
.salt_size
, NULL
);
1094 r
= dns_packet_append_blob(p
, rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, NULL
);
1098 r
= dns_packet_append_uint8(p
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1102 r
= dns_packet_append_blob(p
, rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1106 r
= dns_packet_append_types(p
, rr
->nsec3
.types
, NULL
);
1113 r
= dns_packet_append_uint8(p
, rr
->tlsa
.cert_usage
, NULL
);
1117 r
= dns_packet_append_uint8(p
, rr
->tlsa
.selector
, NULL
);
1121 r
= dns_packet_append_uint8(p
, rr
->tlsa
.matching_type
, NULL
);
1125 r
= dns_packet_append_blob(p
, rr
->tlsa
.data
, rr
->tlsa
.data_size
, NULL
);
1129 r
= dns_packet_append_uint8(p
, rr
->caa
.flags
, NULL
);
1133 r
= dns_packet_append_string(p
, rr
->caa
.tag
, NULL
);
1137 r
= dns_packet_append_blob(p
, rr
->caa
.value
, rr
->caa
.value_size
, NULL
);
1141 case DNS_TYPE_OPENPGPKEY
:
1142 case _DNS_TYPE_INVALID
: /* unparseable */
1145 r
= dns_packet_append_blob(p
, rr
->generic
.data
, rr
->generic
.data_size
, NULL
);
1151 /* Let's calculate the actual data size and update the field */
1152 rdlength
= p
->size
- rdlength_offset
- sizeof(uint16_t);
1153 if (rdlength
> 0xFFFF) {
1159 p
->size
= rdlength_offset
;
1160 r
= dns_packet_append_uint16(p
, rdlength
, NULL
);
1166 *start
= saved_size
;
1174 dns_packet_truncate(p
, saved_size
);
1178 int dns_packet_append_question(DnsPacket
*p
, DnsQuestion
*q
) {
1179 DnsResourceKey
*key
;
1184 DNS_QUESTION_FOREACH(key
, q
) {
1185 r
= dns_packet_append_key(p
, key
, 0, NULL
);
1193 int dns_packet_append_answer(DnsPacket
*p
, DnsAnswer
*a
) {
1194 DnsResourceRecord
*rr
;
1195 DnsAnswerFlags flags
;
1200 DNS_ANSWER_FOREACH_FLAGS(rr
, flags
, a
) {
1201 r
= dns_packet_append_rr(p
, rr
, flags
, NULL
, NULL
);
1209 int dns_packet_read(DnsPacket
*p
, size_t sz
, const void **ret
, size_t *start
) {
1212 if (p
->rindex
+ sz
> p
->size
)
1216 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->rindex
;
1225 void dns_packet_rewind(DnsPacket
*p
, size_t idx
) {
1227 assert(idx
<= p
->size
);
1228 assert(idx
>= DNS_PACKET_HEADER_SIZE
);
1233 int dns_packet_read_blob(DnsPacket
*p
, void *d
, size_t sz
, size_t *start
) {
1240 r
= dns_packet_read(p
, sz
, &q
, start
);
1248 static int dns_packet_read_memdup(
1249 DnsPacket
*p
, size_t size
,
1250 void **ret
, size_t *ret_size
,
1251 size_t *ret_start
) {
1260 r
= dns_packet_read(p
, size
, &src
, &start
);
1269 copy
= memdup(src
, size
);
1284 int dns_packet_read_uint8(DnsPacket
*p
, uint8_t *ret
, size_t *start
) {
1290 r
= dns_packet_read(p
, sizeof(uint8_t), &d
, start
);
1294 *ret
= ((uint8_t*) d
)[0];
1298 int dns_packet_read_uint16(DnsPacket
*p
, uint16_t *ret
, size_t *start
) {
1304 r
= dns_packet_read(p
, sizeof(uint16_t), &d
, start
);
1308 *ret
= unaligned_read_be16(d
);
1313 int dns_packet_read_uint32(DnsPacket
*p
, uint32_t *ret
, size_t *start
) {
1319 r
= dns_packet_read(p
, sizeof(uint32_t), &d
, start
);
1323 *ret
= unaligned_read_be32(d
);
1328 int dns_packet_read_string(DnsPacket
*p
, char **ret
, size_t *start
) {
1329 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
;
1336 INIT_REWINDER(rewinder
, p
);
1338 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1342 r
= dns_packet_read(p
, c
, &d
, NULL
);
1346 if (memchr(d
, 0, c
))
1353 if (!utf8_is_valid(t
)) {
1361 *start
= rewinder
.saved_rindex
;
1362 CANCEL_REWINDER(rewinder
);
1367 int dns_packet_read_raw_string(DnsPacket
*p
, const void **ret
, size_t *size
, size_t *start
) {
1368 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
;
1373 INIT_REWINDER(rewinder
, p
);
1375 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1379 r
= dns_packet_read(p
, c
, ret
, NULL
);
1386 *start
= rewinder
.saved_rindex
;
1387 CANCEL_REWINDER(rewinder
);
1392 int dns_packet_read_name(
1395 bool allow_compression
,
1398 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
;
1399 size_t after_rindex
= 0, jump_barrier
;
1400 _cleanup_free_
char *ret
= NULL
;
1401 size_t n
= 0, allocated
= 0;
1407 INIT_REWINDER(rewinder
, p
);
1408 jump_barrier
= p
->rindex
;
1410 if (p
->refuse_compression
)
1411 allow_compression
= false;
1416 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1427 r
= dns_packet_read(p
, c
, (const void**) &label
, NULL
);
1431 if (!GREEDY_REALLOC(ret
, allocated
, n
+ !first
+ DNS_LABEL_ESCAPED_MAX
))
1439 r
= dns_label_escape(label
, c
, ret
+ n
, DNS_LABEL_ESCAPED_MAX
);
1445 } else if (allow_compression
&& (c
& 0xc0) == 0xc0) {
1449 r
= dns_packet_read_uint8(p
, &d
, NULL
);
1453 ptr
= (uint16_t) (c
& ~0xc0) << 8 | (uint16_t) d
;
1454 if (ptr
< DNS_PACKET_HEADER_SIZE
|| ptr
>= jump_barrier
)
1457 if (after_rindex
== 0)
1458 after_rindex
= p
->rindex
;
1460 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1467 if (!GREEDY_REALLOC(ret
, allocated
, n
+ 1))
1472 if (after_rindex
!= 0)
1473 p
->rindex
= after_rindex
;
1479 *start
= rewinder
.saved_rindex
;
1480 CANCEL_REWINDER(rewinder
);
1485 static int dns_packet_read_type_window(DnsPacket
*p
, Bitmap
**types
, size_t *start
) {
1488 const uint8_t *bitmap
;
1492 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
;
1497 INIT_REWINDER(rewinder
, p
);
1499 r
= bitmap_ensure_allocated(types
);
1503 r
= dns_packet_read_uint8(p
, &window
, NULL
);
1507 r
= dns_packet_read_uint8(p
, &length
, NULL
);
1511 if (length
== 0 || length
> 32)
1514 r
= dns_packet_read(p
, length
, (const void **)&bitmap
, NULL
);
1518 for (i
= 0; i
< length
; i
++) {
1519 uint8_t bitmask
= 1 << 7;
1529 for (; bitmask
; bit
++, bitmask
>>= 1)
1530 if (bitmap
[i
] & bitmask
) {
1533 n
= (uint16_t) window
<< 8 | (uint16_t) bit
;
1535 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1536 if (dns_type_is_pseudo(n
))
1539 r
= bitmap_set(*types
, n
);
1549 *start
= rewinder
.saved_rindex
;
1550 CANCEL_REWINDER(rewinder
);
1555 static int dns_packet_read_type_windows(DnsPacket
*p
, Bitmap
**types
, size_t size
, size_t *start
) {
1556 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
;
1559 INIT_REWINDER(rewinder
, p
);
1561 while (p
->rindex
< rewinder
.saved_rindex
+ size
) {
1562 r
= dns_packet_read_type_window(p
, types
, NULL
);
1566 /* don't read past end of current RR */
1567 if (p
->rindex
> rewinder
.saved_rindex
+ size
)
1571 if (p
->rindex
!= rewinder
.saved_rindex
+ size
)
1575 *start
= rewinder
.saved_rindex
;
1576 CANCEL_REWINDER(rewinder
);
1581 int dns_packet_read_key(DnsPacket
*p
, DnsResourceKey
**ret
, bool *ret_cache_flush
, size_t *start
) {
1582 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
;
1583 _cleanup_free_
char *name
= NULL
;
1584 bool cache_flush
= false;
1585 uint16_t class, type
;
1586 DnsResourceKey
*key
;
1591 INIT_REWINDER(rewinder
, p
);
1593 r
= dns_packet_read_name(p
, &name
, true, NULL
);
1597 r
= dns_packet_read_uint16(p
, &type
, NULL
);
1601 r
= dns_packet_read_uint16(p
, &class, NULL
);
1605 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
1606 /* See RFC6762, Section 10.2 */
1608 if (type
!= DNS_TYPE_OPT
&& (class & MDNS_RR_CACHE_FLUSH
)) {
1609 class &= ~MDNS_RR_CACHE_FLUSH
;
1614 key
= dns_resource_key_new_consume(class, type
, name
);
1621 if (ret_cache_flush
)
1622 *ret_cache_flush
= cache_flush
;
1624 *start
= rewinder
.saved_rindex
;
1625 CANCEL_REWINDER(rewinder
);
1630 static bool loc_size_ok(uint8_t size
) {
1631 uint8_t m
= size
>> 4, e
= size
& 0xF;
1633 return m
<= 9 && e
<= 9 && (m
> 0 || e
== 0);
1636 int dns_packet_read_rr(DnsPacket
*p
, DnsResourceRecord
**ret
, bool *ret_cache_flush
, size_t *start
) {
1637 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1638 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1639 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
;
1648 INIT_REWINDER(rewinder
, p
);
1650 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
1654 if (!dns_class_is_valid_rr(key
->class) || !dns_type_is_valid_rr(key
->type
))
1657 rr
= dns_resource_record_new(key
);
1661 r
= dns_packet_read_uint32(p
, &rr
->ttl
, NULL
);
1665 /* RFC 2181, Section 8, suggests to
1666 * treat a TTL with the MSB set as a zero TTL. */
1667 if (rr
->ttl
& UINT32_C(0x80000000))
1670 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
1674 if (p
->rindex
+ rdlength
> p
->size
)
1679 switch (rr
->key
->type
) {
1682 r
= dns_packet_read_uint16(p
, &rr
->srv
.priority
, NULL
);
1685 r
= dns_packet_read_uint16(p
, &rr
->srv
.weight
, NULL
);
1688 r
= dns_packet_read_uint16(p
, &rr
->srv
.port
, NULL
);
1691 r
= dns_packet_read_name(p
, &rr
->srv
.name
, true, NULL
);
1696 case DNS_TYPE_CNAME
:
1697 case DNS_TYPE_DNAME
:
1698 r
= dns_packet_read_name(p
, &rr
->ptr
.name
, true, NULL
);
1701 case DNS_TYPE_HINFO
:
1702 r
= dns_packet_read_string(p
, &rr
->hinfo
.cpu
, NULL
);
1706 r
= dns_packet_read_string(p
, &rr
->hinfo
.os
, NULL
);
1709 case DNS_TYPE_SPF
: /* exactly the same as TXT */
1711 if (rdlength
<= 0) {
1712 r
= dns_txt_item_new_empty(&rr
->txt
.items
);
1716 DnsTxtItem
*last
= NULL
;
1718 while (p
->rindex
< offset
+ rdlength
) {
1723 r
= dns_packet_read_raw_string(p
, &data
, &sz
, NULL
);
1727 i
= malloc0(offsetof(DnsTxtItem
, data
) + sz
+ 1); /* extra NUL byte at the end */
1731 memcpy(i
->data
, data
, sz
);
1734 LIST_INSERT_AFTER(items
, rr
->txt
.items
, last
, i
);
1743 r
= dns_packet_read_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
1747 r
= dns_packet_read_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
1751 r
= dns_packet_read_name(p
, &rr
->soa
.mname
, true, NULL
);
1755 r
= dns_packet_read_name(p
, &rr
->soa
.rname
, true, NULL
);
1759 r
= dns_packet_read_uint32(p
, &rr
->soa
.serial
, NULL
);
1763 r
= dns_packet_read_uint32(p
, &rr
->soa
.refresh
, NULL
);
1767 r
= dns_packet_read_uint32(p
, &rr
->soa
.retry
, NULL
);
1771 r
= dns_packet_read_uint32(p
, &rr
->soa
.expire
, NULL
);
1775 r
= dns_packet_read_uint32(p
, &rr
->soa
.minimum
, NULL
);
1779 r
= dns_packet_read_uint16(p
, &rr
->mx
.priority
, NULL
);
1783 r
= dns_packet_read_name(p
, &rr
->mx
.exchange
, true, NULL
);
1786 case DNS_TYPE_LOC
: {
1790 r
= dns_packet_read_uint8(p
, &t
, &pos
);
1795 rr
->loc
.version
= t
;
1797 r
= dns_packet_read_uint8(p
, &rr
->loc
.size
, NULL
);
1801 if (!loc_size_ok(rr
->loc
.size
))
1804 r
= dns_packet_read_uint8(p
, &rr
->loc
.horiz_pre
, NULL
);
1808 if (!loc_size_ok(rr
->loc
.horiz_pre
))
1811 r
= dns_packet_read_uint8(p
, &rr
->loc
.vert_pre
, NULL
);
1815 if (!loc_size_ok(rr
->loc
.vert_pre
))
1818 r
= dns_packet_read_uint32(p
, &rr
->loc
.latitude
, NULL
);
1822 r
= dns_packet_read_uint32(p
, &rr
->loc
.longitude
, NULL
);
1826 r
= dns_packet_read_uint32(p
, &rr
->loc
.altitude
, NULL
);
1832 dns_packet_rewind(p
, pos
);
1833 rr
->unparseable
= true;
1839 r
= dns_packet_read_uint16(p
, &rr
->ds
.key_tag
, NULL
);
1843 r
= dns_packet_read_uint8(p
, &rr
->ds
.algorithm
, NULL
);
1847 r
= dns_packet_read_uint8(p
, &rr
->ds
.digest_type
, NULL
);
1854 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1855 &rr
->ds
.digest
, &rr
->ds
.digest_size
,
1860 if (rr
->ds
.digest_size
<= 0)
1861 /* the accepted size depends on the algorithm, but for now
1862 just ensure that the value is greater than zero */
1867 case DNS_TYPE_SSHFP
:
1868 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.algorithm
, NULL
);
1872 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.fptype
, NULL
);
1879 r
= dns_packet_read_memdup(p
, rdlength
- 2,
1880 &rr
->sshfp
.fingerprint
, &rr
->sshfp
.fingerprint_size
,
1883 if (rr
->sshfp
.fingerprint_size
<= 0)
1884 /* the accepted size depends on the algorithm, but for now
1885 just ensure that the value is greater than zero */
1890 case DNS_TYPE_DNSKEY
:
1891 r
= dns_packet_read_uint16(p
, &rr
->dnskey
.flags
, NULL
);
1895 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.protocol
, NULL
);
1899 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.algorithm
, NULL
);
1906 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1907 &rr
->dnskey
.key
, &rr
->dnskey
.key_size
,
1910 if (rr
->dnskey
.key_size
<= 0)
1911 /* the accepted size depends on the algorithm, but for now
1912 just ensure that the value is greater than zero */
1917 case DNS_TYPE_RRSIG
:
1918 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.type_covered
, NULL
);
1922 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.algorithm
, NULL
);
1926 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.labels
, NULL
);
1930 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.original_ttl
, NULL
);
1934 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.expiration
, NULL
);
1938 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.inception
, NULL
);
1942 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.key_tag
, NULL
);
1946 r
= dns_packet_read_name(p
, &rr
->rrsig
.signer
, false, NULL
);
1950 if (rdlength
+ offset
< p
->rindex
)
1953 r
= dns_packet_read_memdup(p
, offset
+ rdlength
- p
->rindex
,
1954 &rr
->rrsig
.signature
, &rr
->rrsig
.signature_size
,
1957 if (rr
->rrsig
.signature_size
<= 0)
1958 /* the accepted size depends on the algorithm, but for now
1959 just ensure that the value is greater than zero */
1964 case DNS_TYPE_NSEC
: {
1967 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1968 * This contradicts RFC3845, section 2.1.1
1971 bool allow_compressed
= p
->protocol
== DNS_PROTOCOL_MDNS
;
1973 r
= dns_packet_read_name(p
, &rr
->nsec
.next_domain_name
, allow_compressed
, NULL
);
1977 r
= dns_packet_read_type_windows(p
, &rr
->nsec
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1979 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1980 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1981 * without the NSEC bit set. */
1985 case DNS_TYPE_NSEC3
: {
1988 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.algorithm
, NULL
);
1992 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.flags
, NULL
);
1996 r
= dns_packet_read_uint16(p
, &rr
->nsec3
.iterations
, NULL
);
2000 /* this may be zero */
2001 r
= dns_packet_read_uint8(p
, &size
, NULL
);
2005 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.salt
, &rr
->nsec3
.salt_size
, NULL
);
2009 r
= dns_packet_read_uint8(p
, &size
, NULL
);
2016 r
= dns_packet_read_memdup(p
, size
,
2017 &rr
->nsec3
.next_hashed_name
, &rr
->nsec3
.next_hashed_name_size
,
2022 r
= dns_packet_read_type_windows(p
, &rr
->nsec3
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
2024 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
2030 r
= dns_packet_read_uint8(p
, &rr
->tlsa
.cert_usage
, NULL
);
2034 r
= dns_packet_read_uint8(p
, &rr
->tlsa
.selector
, NULL
);
2038 r
= dns_packet_read_uint8(p
, &rr
->tlsa
.matching_type
, NULL
);
2045 r
= dns_packet_read_memdup(p
, rdlength
- 3,
2046 &rr
->tlsa
.data
, &rr
->tlsa
.data_size
,
2049 if (rr
->tlsa
.data_size
<= 0)
2050 /* the accepted size depends on the algorithm, but for now
2051 just ensure that the value is greater than zero */
2057 r
= dns_packet_read_uint8(p
, &rr
->caa
.flags
, NULL
);
2061 r
= dns_packet_read_string(p
, &rr
->caa
.tag
, NULL
);
2065 if (rdlength
+ offset
< p
->rindex
)
2068 r
= dns_packet_read_memdup(p
,
2069 rdlength
+ offset
- p
->rindex
,
2070 &rr
->caa
.value
, &rr
->caa
.value_size
, NULL
);
2074 case DNS_TYPE_OPT
: /* we only care about the header of OPT for now. */
2075 case DNS_TYPE_OPENPGPKEY
:
2078 r
= dns_packet_read_memdup(p
, rdlength
, &rr
->generic
.data
, &rr
->generic
.data_size
, NULL
);
2084 if (p
->rindex
!= offset
+ rdlength
)
2090 if (ret_cache_flush
)
2091 *ret_cache_flush
= cache_flush
;
2093 *start
= rewinder
.saved_rindex
;
2094 CANCEL_REWINDER(rewinder
);
2099 static bool opt_is_good(DnsResourceRecord
*rr
, bool *rfc6975
) {
2101 bool found_dau_dhu_n3u
= false;
2104 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2108 assert(rr
->key
->type
== DNS_TYPE_OPT
);
2110 /* Check that the version is 0 */
2111 if (((rr
->ttl
>> 16) & UINT32_C(0xFF)) != 0) {
2113 return true; /* if it's not version 0, it's OK, but we will ignore the OPT field contents */
2117 l
= rr
->opt
.data_size
;
2119 uint16_t option_code
, option_length
;
2121 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2125 option_code
= unaligned_read_be16(p
);
2126 option_length
= unaligned_read_be16(p
+ 2);
2128 if (l
< option_length
+ 4U)
2131 /* RFC 6975 DAU, DHU or N3U fields found. */
2132 if (IN_SET(option_code
, 5, 6, 7))
2133 found_dau_dhu_n3u
= true;
2135 p
+= option_length
+ 4U;
2136 l
-= option_length
+ 4U;
2139 *rfc6975
= found_dau_dhu_n3u
;
2143 static int dns_packet_extract_question(DnsPacket
*p
, DnsQuestion
**ret_question
) {
2144 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
2148 n
= DNS_PACKET_QDCOUNT(p
);
2150 question
= dns_question_new(n
);
2154 for (i
= 0; i
< n
; i
++) {
2155 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
2158 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
2165 if (!dns_type_is_valid_query(key
->type
))
2168 r
= dns_question_add(question
, key
);
2174 *ret_question
= question
;
2179 static int dns_packet_extract_answer(DnsPacket
*p
, DnsAnswer
**ret_answer
) {
2180 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
2182 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*previous
= NULL
;
2183 bool bad_opt
= false;
2186 n
= DNS_PACKET_RRCOUNT(p
);
2190 answer
= dns_answer_new(n
);
2194 for (i
= 0; i
< n
; i
++) {
2195 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
2196 bool cache_flush
= false;
2198 r
= dns_packet_read_rr(p
, &rr
, &cache_flush
, NULL
);
2202 /* Try to reduce memory usage a bit */
2204 dns_resource_key_reduce(&rr
->key
, &previous
->key
);
2206 if (rr
->key
->type
== DNS_TYPE_OPT
) {
2209 if (p
->opt
|| bad_opt
) {
2210 /* Multiple OPT RRs? if so, let's ignore all, because there's
2211 * something wrong with the server, and if one is valid we wouldn't
2212 * know which one. */
2213 log_debug("Multiple OPT RRs detected, ignoring all.");
2218 if (!dns_name_is_root(dns_resource_key_name(rr
->key
))) {
2219 /* If the OPT RR is not owned by the root domain, then it is bad,
2220 * let's ignore it. */
2221 log_debug("OPT RR is not owned by root domain, ignoring.");
2226 if (i
< DNS_PACKET_ANCOUNT(p
) + DNS_PACKET_NSCOUNT(p
)) {
2227 /* OPT RR is in the wrong section? Some Belkin routers do this. This
2228 * is a hint the EDNS implementation is borked, like the Belkin one
2229 * is, hence ignore it. */
2230 log_debug("OPT RR in wrong section, ignoring.");
2235 if (!opt_is_good(rr
, &has_rfc6975
)) {
2236 log_debug("Malformed OPT RR, ignoring.");
2241 if (DNS_PACKET_QR(p
)) {
2242 /* Additional checks for responses */
2244 if (!DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(rr
)) {
2245 /* If this is a reply and we don't know the EDNS version
2246 * then something is weird... */
2247 log_debug("EDNS version newer that our request, bad server.");
2252 /* If the OPT RR contains RFC6975 algorithm data, then this
2253 * is indication that the server just copied the OPT it got
2254 * from us (which contained that data) back into the reply.
2255 * If so, then it doesn't properly support EDNS, as RFC6975
2256 * makes it very clear that the algorithm data should only
2257 * be contained in questions, never in replies. Crappy
2258 * Belkin routers copy the OPT data for example, hence let's
2259 * detect this so that we downgrade early. */
2260 log_debug("OPT RR contained RFC6975 data, ignoring.");
2266 p
->opt
= dns_resource_record_ref(rr
);
2268 /* According to RFC 4795, section 2.9. only the RRs from the Answer section
2269 * shall be cached. Hence mark only those RRs as cacheable by default, but
2270 * not the ones from the Additional or Authority sections. */
2271 DnsAnswerFlags flags
=
2272 (i
< DNS_PACKET_ANCOUNT(p
) ? DNS_ANSWER_CACHEABLE
: 0) |
2273 (p
->protocol
== DNS_PROTOCOL_MDNS
&& !cache_flush
? DNS_ANSWER_SHARED_OWNER
: 0);
2275 r
= dns_answer_add(answer
, rr
, p
->ifindex
, flags
);
2280 /* Remember this RR, so that we potentically can merge it's ->key object with the
2281 * next RR. Note that we only do this if we actually decided to keep the RR around.
2283 dns_resource_record_unref(previous
);
2284 previous
= dns_resource_record_ref(rr
);
2288 p
->opt
= dns_resource_record_unref(p
->opt
);
2290 *ret_answer
= answer
;
2295 int dns_packet_extract(DnsPacket
*p
) {
2296 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
2297 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
2298 _cleanup_(rewind_dns_packet
) DnsPacketRewinder rewinder
= {};
2304 INIT_REWINDER(rewinder
, p
);
2305 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
2307 r
= dns_packet_extract_question(p
, &question
);
2311 r
= dns_packet_extract_answer(p
, &answer
);
2315 p
->question
= question
;
2321 p
->extracted
= true;
2323 /* no CANCEL, always rewind */
2327 int dns_packet_is_reply_for(DnsPacket
*p
, const DnsResourceKey
*key
) {
2333 /* Checks if the specified packet is a reply for the specified
2334 * key and the specified key is the only one in the question
2337 if (DNS_PACKET_QR(p
) != 1)
2340 /* Let's unpack the packet, if that hasn't happened yet. */
2341 r
= dns_packet_extract(p
);
2348 if (p
->question
->n_keys
!= 1)
2351 return dns_resource_key_equal(p
->question
->keys
[0], key
);
2354 static const char* const dns_rcode_table
[_DNS_RCODE_MAX_DEFINED
] = {
2355 [DNS_RCODE_SUCCESS
] = "SUCCESS",
2356 [DNS_RCODE_FORMERR
] = "FORMERR",
2357 [DNS_RCODE_SERVFAIL
] = "SERVFAIL",
2358 [DNS_RCODE_NXDOMAIN
] = "NXDOMAIN",
2359 [DNS_RCODE_NOTIMP
] = "NOTIMP",
2360 [DNS_RCODE_REFUSED
] = "REFUSED",
2361 [DNS_RCODE_YXDOMAIN
] = "YXDOMAIN",
2362 [DNS_RCODE_YXRRSET
] = "YRRSET",
2363 [DNS_RCODE_NXRRSET
] = "NXRRSET",
2364 [DNS_RCODE_NOTAUTH
] = "NOTAUTH",
2365 [DNS_RCODE_NOTZONE
] = "NOTZONE",
2366 [DNS_RCODE_BADVERS
] = "BADVERS",
2367 [DNS_RCODE_BADKEY
] = "BADKEY",
2368 [DNS_RCODE_BADTIME
] = "BADTIME",
2369 [DNS_RCODE_BADMODE
] = "BADMODE",
2370 [DNS_RCODE_BADNAME
] = "BADNAME",
2371 [DNS_RCODE_BADALG
] = "BADALG",
2372 [DNS_RCODE_BADTRUNC
] = "BADTRUNC",
2373 [DNS_RCODE_BADCOOKIE
] = "BADCOOKIE",
2375 DEFINE_STRING_TABLE_LOOKUP(dns_rcode
, int);
2377 static const char* const dns_protocol_table
[_DNS_PROTOCOL_MAX
] = {
2378 [DNS_PROTOCOL_DNS
] = "dns",
2379 [DNS_PROTOCOL_MDNS
] = "mdns",
2380 [DNS_PROTOCOL_LLMNR
] = "llmnr",
2382 DEFINE_STRING_TABLE_LOOKUP(dns_protocol
, DnsProtocol
);