]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
license: LGPL-2.1+ -> LGPL-2.1-or-later
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_GCRYPT
4 #include <gcrypt.h>
5 #endif
6
7 #include "alloc-util.h"
8 #include "dns-domain.h"
9 #include "memory-util.h"
10 #include "resolved-dns-packet.h"
11 #include "set.h"
12 #include "string-table.h"
13 #include "strv.h"
14 #include "unaligned.h"
15 #include "utf8.h"
16 #include "util.h"
17
18 #define EDNS0_OPT_DO (1<<15)
19
20 assert_cc(DNS_PACKET_SIZE_START > DNS_PACKET_HEADER_SIZE);
21
22 typedef struct DnsPacketRewinder {
23 DnsPacket *packet;
24 size_t saved_rindex;
25 } DnsPacketRewinder;
26
27 static void rewind_dns_packet(DnsPacketRewinder *rewinder) {
28 if (rewinder->packet)
29 dns_packet_rewind(rewinder->packet, rewinder->saved_rindex);
30 }
31
32 #define INIT_REWINDER(rewinder, p) do { rewinder.packet = p; rewinder.saved_rindex = p->rindex; } while (0)
33 #define CANCEL_REWINDER(rewinder) do { rewinder.packet = NULL; } while (0)
34
35 int dns_packet_new(
36 DnsPacket **ret,
37 DnsProtocol protocol,
38 size_t min_alloc_dsize,
39 size_t max_size) {
40
41 DnsPacket *p;
42 size_t a;
43
44 assert(ret);
45 assert(max_size >= DNS_PACKET_HEADER_SIZE);
46
47 if (max_size > DNS_PACKET_SIZE_MAX)
48 max_size = DNS_PACKET_SIZE_MAX;
49
50 /* The caller may not check what is going to be truly allocated, so do not allow to
51 * allocate a DNS packet bigger than DNS_PACKET_SIZE_MAX.
52 */
53 if (min_alloc_dsize > DNS_PACKET_SIZE_MAX)
54 return log_error_errno(SYNTHETIC_ERRNO(EFBIG),
55 "Requested packet data size too big: %zu",
56 min_alloc_dsize);
57
58 /* When dns_packet_new() is called with min_alloc_dsize == 0, allocate more than the
59 * absolute minimum (which is the dns packet header size), to avoid
60 * resizing immediately again after appending the first data to the packet.
61 */
62 if (min_alloc_dsize < DNS_PACKET_HEADER_SIZE)
63 a = DNS_PACKET_SIZE_START;
64 else
65 a = min_alloc_dsize;
66
67 /* round up to next page size */
68 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
69
70 /* make sure we never allocate more than useful */
71 if (a > max_size)
72 a = max_size;
73
74 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
75 if (!p)
76 return -ENOMEM;
77
78 *p = (DnsPacket) {
79 .n_ref = 1,
80 .protocol = protocol,
81 .size = DNS_PACKET_HEADER_SIZE,
82 .rindex = DNS_PACKET_HEADER_SIZE,
83 .allocated = a,
84 .max_size = max_size,
85 .opt_start = (size_t) -1,
86 .opt_size = (size_t) -1,
87 };
88
89 *ret = p;
90
91 return 0;
92 }
93
94 void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
95
96 DnsPacketHeader *h;
97
98 assert(p);
99
100 h = DNS_PACKET_HEADER(p);
101
102 switch(p->protocol) {
103 case DNS_PROTOCOL_LLMNR:
104 assert(!truncated);
105
106 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
107 0 /* opcode */,
108 0 /* c */,
109 0 /* tc */,
110 0 /* t */,
111 0 /* ra */,
112 0 /* ad */,
113 0 /* cd */,
114 0 /* rcode */));
115 break;
116
117 case DNS_PROTOCOL_MDNS:
118 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
119 0 /* opcode */,
120 0 /* aa */,
121 truncated /* tc */,
122 0 /* rd (ask for recursion) */,
123 0 /* ra */,
124 0 /* ad */,
125 0 /* cd */,
126 0 /* rcode */));
127 break;
128
129 default:
130 assert(!truncated);
131
132 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
133 0 /* opcode */,
134 0 /* aa */,
135 0 /* tc */,
136 1 /* rd (ask for recursion) */,
137 0 /* ra */,
138 0 /* ad */,
139 dnssec_checking_disabled /* cd */,
140 0 /* rcode */));
141 }
142 }
143
144 int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t min_alloc_dsize, bool dnssec_checking_disabled) {
145 DnsPacket *p;
146 int r;
147
148 assert(ret);
149
150 r = dns_packet_new(&p, protocol, min_alloc_dsize, DNS_PACKET_SIZE_MAX);
151 if (r < 0)
152 return r;
153
154 /* Always set the TC bit to 0 initially.
155 * If there are multiple packets later, we'll update the bit shortly before sending.
156 */
157 dns_packet_set_flags(p, dnssec_checking_disabled, false);
158
159 *ret = p;
160 return 0;
161 }
162
163 DnsPacket *dns_packet_ref(DnsPacket *p) {
164
165 if (!p)
166 return NULL;
167
168 assert(!p->on_stack);
169
170 assert(p->n_ref > 0);
171 p->n_ref++;
172 return p;
173 }
174
175 static void dns_packet_free(DnsPacket *p) {
176 char *s;
177
178 assert(p);
179
180 dns_question_unref(p->question);
181 dns_answer_unref(p->answer);
182 dns_resource_record_unref(p->opt);
183
184 while ((s = hashmap_steal_first_key(p->names)))
185 free(s);
186 hashmap_free(p->names);
187
188 free(p->_data);
189
190 if (!p->on_stack)
191 free(p);
192 }
193
194 DnsPacket *dns_packet_unref(DnsPacket *p) {
195 if (!p)
196 return NULL;
197
198 assert(p->n_ref > 0);
199
200 dns_packet_unref(p->more);
201
202 if (p->n_ref == 1)
203 dns_packet_free(p);
204 else
205 p->n_ref--;
206
207 return NULL;
208 }
209
210 int dns_packet_validate(DnsPacket *p) {
211 assert(p);
212
213 if (p->size < DNS_PACKET_HEADER_SIZE)
214 return -EBADMSG;
215
216 if (p->size > DNS_PACKET_SIZE_MAX)
217 return -EBADMSG;
218
219 return 1;
220 }
221
222 int dns_packet_validate_reply(DnsPacket *p) {
223 int r;
224
225 assert(p);
226
227 r = dns_packet_validate(p);
228 if (r < 0)
229 return r;
230
231 if (DNS_PACKET_QR(p) != 1)
232 return 0;
233
234 if (DNS_PACKET_OPCODE(p) != 0)
235 return -EBADMSG;
236
237 switch (p->protocol) {
238
239 case DNS_PROTOCOL_LLMNR:
240 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
241 if (DNS_PACKET_QDCOUNT(p) != 1)
242 return -EBADMSG;
243
244 break;
245
246 case DNS_PROTOCOL_MDNS:
247 /* RFC 6762, Section 18 */
248 if (DNS_PACKET_RCODE(p) != 0)
249 return -EBADMSG;
250
251 break;
252
253 default:
254 break;
255 }
256
257 return 1;
258 }
259
260 int dns_packet_validate_query(DnsPacket *p) {
261 int r;
262
263 assert(p);
264
265 r = dns_packet_validate(p);
266 if (r < 0)
267 return r;
268
269 if (DNS_PACKET_QR(p) != 0)
270 return 0;
271
272 if (DNS_PACKET_OPCODE(p) != 0)
273 return -EBADMSG;
274
275 if (DNS_PACKET_TC(p))
276 return -EBADMSG;
277
278 switch (p->protocol) {
279
280 case DNS_PROTOCOL_LLMNR:
281 case DNS_PROTOCOL_DNS:
282 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
283 if (DNS_PACKET_QDCOUNT(p) != 1)
284 return -EBADMSG;
285
286 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
287 if (DNS_PACKET_ANCOUNT(p) > 0)
288 return -EBADMSG;
289
290 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
291 if (DNS_PACKET_NSCOUNT(p) > 0)
292 return -EBADMSG;
293
294 break;
295
296 case DNS_PROTOCOL_MDNS:
297 /* RFC 6762, Section 18 */
298 if (DNS_PACKET_AA(p) != 0 ||
299 DNS_PACKET_RD(p) != 0 ||
300 DNS_PACKET_RA(p) != 0 ||
301 DNS_PACKET_AD(p) != 0 ||
302 DNS_PACKET_CD(p) != 0 ||
303 DNS_PACKET_RCODE(p) != 0)
304 return -EBADMSG;
305
306 break;
307
308 default:
309 break;
310 }
311
312 return 1;
313 }
314
315 static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
316 assert(p);
317
318 if (p->size + add > p->allocated) {
319 size_t a, ms;
320
321 a = PAGE_ALIGN((p->size + add) * 2);
322
323 ms = dns_packet_size_max(p);
324 if (a > ms)
325 a = ms;
326
327 if (p->size + add > a)
328 return -EMSGSIZE;
329
330 if (p->_data) {
331 void *d;
332
333 d = realloc(p->_data, a);
334 if (!d)
335 return -ENOMEM;
336
337 p->_data = d;
338 } else {
339 p->_data = malloc(a);
340 if (!p->_data)
341 return -ENOMEM;
342
343 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
344 memzero((uint8_t*) p->_data + p->size, a - p->size);
345 }
346
347 p->allocated = a;
348 }
349
350 if (start)
351 *start = p->size;
352
353 if (ret)
354 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
355
356 p->size += add;
357 return 0;
358 }
359
360 void dns_packet_truncate(DnsPacket *p, size_t sz) {
361 char *s;
362 void *n;
363
364 assert(p);
365
366 if (p->size <= sz)
367 return;
368
369 HASHMAP_FOREACH_KEY(n, s, p->names) {
370
371 if (PTR_TO_SIZE(n) < sz)
372 continue;
373
374 hashmap_remove(p->names, s);
375 free(s);
376 }
377
378 p->size = sz;
379 }
380
381 int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
382 void *q;
383 int r;
384
385 assert(p);
386
387 r = dns_packet_extend(p, l, &q, start);
388 if (r < 0)
389 return r;
390
391 memcpy_safe(q, d, l);
392 return 0;
393 }
394
395 int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
396 void *d;
397 int r;
398
399 assert(p);
400
401 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
402 if (r < 0)
403 return r;
404
405 ((uint8_t*) d)[0] = v;
406
407 return 0;
408 }
409
410 int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
411 void *d;
412 int r;
413
414 assert(p);
415
416 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
417 if (r < 0)
418 return r;
419
420 unaligned_write_be16(d, v);
421
422 return 0;
423 }
424
425 int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
426 void *d;
427 int r;
428
429 assert(p);
430
431 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
432 if (r < 0)
433 return r;
434
435 unaligned_write_be32(d, v);
436
437 return 0;
438 }
439
440 int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
441 assert(p);
442 assert(s);
443
444 return dns_packet_append_raw_string(p, s, strlen(s), start);
445 }
446
447 int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
448 void *d;
449 int r;
450
451 assert(p);
452 assert(s || size == 0);
453
454 if (size > 255)
455 return -E2BIG;
456
457 r = dns_packet_extend(p, 1 + size, &d, start);
458 if (r < 0)
459 return r;
460
461 ((uint8_t*) d)[0] = (uint8_t) size;
462
463 memcpy_safe(((uint8_t*) d) + 1, s, size);
464
465 return 0;
466 }
467
468 int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
469 uint8_t *w;
470 int r;
471
472 /* Append a label to a packet. Optionally, does this in DNSSEC
473 * canonical form, if this label is marked as a candidate for
474 * it, and the canonical form logic is enabled for the
475 * packet */
476
477 assert(p);
478 assert(d);
479
480 if (l > DNS_LABEL_MAX)
481 return -E2BIG;
482
483 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
484 if (r < 0)
485 return r;
486
487 *(w++) = (uint8_t) l;
488
489 if (p->canonical_form && canonical_candidate) {
490 size_t i;
491
492 /* Generate in canonical form, as defined by DNSSEC
493 * RFC 4034, Section 6.2, i.e. all lower-case. */
494
495 for (i = 0; i < l; i++)
496 w[i] = (uint8_t) ascii_tolower(d[i]);
497 } else
498 /* Otherwise, just copy the string unaltered. This is
499 * essential for DNS-SD, where the casing of labels
500 * matters and needs to be retained. */
501 memcpy(w, d, l);
502
503 return 0;
504 }
505
506 int dns_packet_append_name(
507 DnsPacket *p,
508 const char *name,
509 bool allow_compression,
510 bool canonical_candidate,
511 size_t *start) {
512
513 size_t saved_size;
514 int r;
515
516 assert(p);
517 assert(name);
518
519 if (p->refuse_compression)
520 allow_compression = false;
521
522 saved_size = p->size;
523
524 while (!dns_name_is_root(name)) {
525 const char *z = name;
526 char label[DNS_LABEL_MAX];
527 size_t n = 0;
528
529 if (allow_compression)
530 n = PTR_TO_SIZE(hashmap_get(p->names, name));
531 if (n > 0) {
532 assert(n < p->size);
533
534 if (n < 0x4000) {
535 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
536 if (r < 0)
537 goto fail;
538
539 goto done;
540 }
541 }
542
543 r = dns_label_unescape(&name, label, sizeof label, 0);
544 if (r < 0)
545 goto fail;
546
547 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
548 if (r < 0)
549 goto fail;
550
551 if (allow_compression) {
552 _cleanup_free_ char *s = NULL;
553
554 s = strdup(z);
555 if (!s) {
556 r = -ENOMEM;
557 goto fail;
558 }
559
560 r = hashmap_ensure_allocated(&p->names, &dns_name_hash_ops);
561 if (r < 0)
562 goto fail;
563
564 r = hashmap_put(p->names, s, SIZE_TO_PTR(n));
565 if (r < 0)
566 goto fail;
567
568 s = NULL;
569 }
570 }
571
572 r = dns_packet_append_uint8(p, 0, NULL);
573 if (r < 0)
574 return r;
575
576 done:
577 if (start)
578 *start = saved_size;
579
580 return 0;
581
582 fail:
583 dns_packet_truncate(p, saved_size);
584 return r;
585 }
586
587 int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, const DnsAnswerFlags flags, size_t *start) {
588 size_t saved_size;
589 uint16_t class;
590 int r;
591
592 assert(p);
593 assert(k);
594
595 saved_size = p->size;
596
597 r = dns_packet_append_name(p, dns_resource_key_name(k), true, true, NULL);
598 if (r < 0)
599 goto fail;
600
601 r = dns_packet_append_uint16(p, k->type, NULL);
602 if (r < 0)
603 goto fail;
604
605 class = flags & DNS_ANSWER_CACHE_FLUSH ? k->class | MDNS_RR_CACHE_FLUSH : k->class;
606 r = dns_packet_append_uint16(p, class, NULL);
607 if (r < 0)
608 goto fail;
609
610 if (start)
611 *start = saved_size;
612
613 return 0;
614
615 fail:
616 dns_packet_truncate(p, saved_size);
617 return r;
618 }
619
620 static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
621 size_t saved_size;
622 int r;
623
624 assert(p);
625 assert(types);
626 assert(length > 0);
627
628 saved_size = p->size;
629
630 r = dns_packet_append_uint8(p, window, NULL);
631 if (r < 0)
632 goto fail;
633
634 r = dns_packet_append_uint8(p, length, NULL);
635 if (r < 0)
636 goto fail;
637
638 r = dns_packet_append_blob(p, types, length, NULL);
639 if (r < 0)
640 goto fail;
641
642 if (start)
643 *start = saved_size;
644
645 return 0;
646 fail:
647 dns_packet_truncate(p, saved_size);
648 return r;
649 }
650
651 static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
652 uint8_t window = 0;
653 uint8_t entry = 0;
654 uint8_t bitmaps[32] = {};
655 unsigned n;
656 size_t saved_size;
657 int r;
658
659 assert(p);
660
661 saved_size = p->size;
662
663 BITMAP_FOREACH(n, types) {
664 assert(n <= 0xffff);
665
666 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
667 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
668 if (r < 0)
669 goto fail;
670
671 zero(bitmaps);
672 }
673
674 window = n >> 8;
675 entry = n & 255;
676
677 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
678 }
679
680 if (bitmaps[entry / 8] != 0) {
681 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
682 if (r < 0)
683 goto fail;
684 }
685
686 if (start)
687 *start = saved_size;
688
689 return 0;
690 fail:
691 dns_packet_truncate(p, saved_size);
692 return r;
693 }
694
695 /* Append the OPT pseudo-RR described in RFC6891 */
696 int dns_packet_append_opt(
697 DnsPacket *p,
698 uint16_t max_udp_size,
699 bool edns0_do,
700 bool include_rfc6975,
701 int rcode,
702 size_t *start) {
703
704 size_t saved_size;
705 int r;
706
707 assert(p);
708 /* we must never advertise supported packet size smaller than the legacy max */
709 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
710 assert(rcode >= 0);
711 assert(rcode <= _DNS_RCODE_MAX);
712
713 if (p->opt_start != (size_t) -1)
714 return -EBUSY;
715
716 assert(p->opt_size == (size_t) -1);
717
718 saved_size = p->size;
719
720 /* empty name */
721 r = dns_packet_append_uint8(p, 0, NULL);
722 if (r < 0)
723 return r;
724
725 /* type */
726 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
727 if (r < 0)
728 goto fail;
729
730 /* class: maximum udp packet that can be received */
731 r = dns_packet_append_uint16(p, max_udp_size, NULL);
732 if (r < 0)
733 goto fail;
734
735 /* extended RCODE and VERSION */
736 r = dns_packet_append_uint16(p, ((uint16_t) rcode & 0x0FF0) << 4, NULL);
737 if (r < 0)
738 goto fail;
739
740 /* flags: DNSSEC OK (DO), see RFC3225 */
741 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
742 if (r < 0)
743 goto fail;
744
745 /* RDLENGTH */
746 if (edns0_do && include_rfc6975) {
747 /* If DO is on and this is requested, also append RFC6975 Algorithm data. This is supposed to
748 * be done on queries, not on replies, hencer callers should turn this off when finishing off
749 * replies. */
750
751 static const uint8_t rfc6975[] = {
752
753 0, 5, /* OPTION_CODE: DAU */
754 #if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
755 0, 7, /* LIST_LENGTH */
756 #else
757 0, 6, /* LIST_LENGTH */
758 #endif
759 DNSSEC_ALGORITHM_RSASHA1,
760 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
761 DNSSEC_ALGORITHM_RSASHA256,
762 DNSSEC_ALGORITHM_RSASHA512,
763 DNSSEC_ALGORITHM_ECDSAP256SHA256,
764 DNSSEC_ALGORITHM_ECDSAP384SHA384,
765 #if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
766 DNSSEC_ALGORITHM_ED25519,
767 #endif
768
769 0, 6, /* OPTION_CODE: DHU */
770 0, 3, /* LIST_LENGTH */
771 DNSSEC_DIGEST_SHA1,
772 DNSSEC_DIGEST_SHA256,
773 DNSSEC_DIGEST_SHA384,
774
775 0, 7, /* OPTION_CODE: N3U */
776 0, 1, /* LIST_LENGTH */
777 NSEC3_ALGORITHM_SHA1,
778 };
779
780 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL);
781 if (r < 0)
782 goto fail;
783
784 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL);
785 } else
786 r = dns_packet_append_uint16(p, 0, NULL);
787 if (r < 0)
788 goto fail;
789
790 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
791
792 p->opt_start = saved_size;
793 p->opt_size = p->size - saved_size;
794
795 if (start)
796 *start = saved_size;
797
798 return 0;
799
800 fail:
801 dns_packet_truncate(p, saved_size);
802 return r;
803 }
804
805 int dns_packet_truncate_opt(DnsPacket *p) {
806 assert(p);
807
808 if (p->opt_start == (size_t) -1) {
809 assert(p->opt_size == (size_t) -1);
810 return 0;
811 }
812
813 assert(p->opt_size != (size_t) -1);
814 assert(DNS_PACKET_ARCOUNT(p) > 0);
815
816 if (p->opt_start + p->opt_size != p->size)
817 return -EBUSY;
818
819 dns_packet_truncate(p, p->opt_start);
820 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
821 p->opt_start = p->opt_size = (size_t) -1;
822
823 return 1;
824 }
825
826 int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, const DnsAnswerFlags flags, size_t *start, size_t *rdata_start) {
827
828 size_t saved_size, rdlength_offset, end, rdlength, rds;
829 uint32_t ttl;
830 int r;
831
832 assert(p);
833 assert(rr);
834
835 saved_size = p->size;
836
837 r = dns_packet_append_key(p, rr->key, flags, NULL);
838 if (r < 0)
839 goto fail;
840
841 ttl = flags & DNS_ANSWER_GOODBYE ? 0 : rr->ttl;
842 r = dns_packet_append_uint32(p, ttl, NULL);
843 if (r < 0)
844 goto fail;
845
846 /* Initially we write 0 here */
847 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
848 if (r < 0)
849 goto fail;
850
851 rds = p->size - saved_size;
852
853 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
854
855 case DNS_TYPE_SRV:
856 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
857 if (r < 0)
858 goto fail;
859
860 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
861 if (r < 0)
862 goto fail;
863
864 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
865 if (r < 0)
866 goto fail;
867
868 /* RFC 2782 states "Unless and until permitted by future standards
869 * action, name compression is not to be used for this field." */
870 r = dns_packet_append_name(p, rr->srv.name, false, true, NULL);
871 break;
872
873 case DNS_TYPE_PTR:
874 case DNS_TYPE_NS:
875 case DNS_TYPE_CNAME:
876 case DNS_TYPE_DNAME:
877 r = dns_packet_append_name(p, rr->ptr.name, true, true, NULL);
878 break;
879
880 case DNS_TYPE_HINFO:
881 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
882 if (r < 0)
883 goto fail;
884
885 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
886 break;
887
888 case DNS_TYPE_SPF: /* exactly the same as TXT */
889 case DNS_TYPE_TXT:
890
891 if (!rr->txt.items) {
892 /* RFC 6763, section 6.1 suggests to generate
893 * single empty string for an empty array. */
894
895 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
896 if (r < 0)
897 goto fail;
898 } else {
899 DnsTxtItem *i;
900
901 LIST_FOREACH(items, i, rr->txt.items) {
902 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
903 if (r < 0)
904 goto fail;
905 }
906 }
907
908 r = 0;
909 break;
910
911 case DNS_TYPE_A:
912 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
913 break;
914
915 case DNS_TYPE_AAAA:
916 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
917 break;
918
919 case DNS_TYPE_SOA:
920 r = dns_packet_append_name(p, rr->soa.mname, true, true, NULL);
921 if (r < 0)
922 goto fail;
923
924 r = dns_packet_append_name(p, rr->soa.rname, true, true, NULL);
925 if (r < 0)
926 goto fail;
927
928 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
929 if (r < 0)
930 goto fail;
931
932 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
933 if (r < 0)
934 goto fail;
935
936 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
937 if (r < 0)
938 goto fail;
939
940 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
941 if (r < 0)
942 goto fail;
943
944 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
945 break;
946
947 case DNS_TYPE_MX:
948 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
949 if (r < 0)
950 goto fail;
951
952 r = dns_packet_append_name(p, rr->mx.exchange, true, true, NULL);
953 break;
954
955 case DNS_TYPE_LOC:
956 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
957 if (r < 0)
958 goto fail;
959
960 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
961 if (r < 0)
962 goto fail;
963
964 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
965 if (r < 0)
966 goto fail;
967
968 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
969 if (r < 0)
970 goto fail;
971
972 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
973 if (r < 0)
974 goto fail;
975
976 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
977 if (r < 0)
978 goto fail;
979
980 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
981 break;
982
983 case DNS_TYPE_DS:
984 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
985 if (r < 0)
986 goto fail;
987
988 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
989 if (r < 0)
990 goto fail;
991
992 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
993 if (r < 0)
994 goto fail;
995
996 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
997 break;
998
999 case DNS_TYPE_SSHFP:
1000 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
1001 if (r < 0)
1002 goto fail;
1003
1004 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
1005 if (r < 0)
1006 goto fail;
1007
1008 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
1009 break;
1010
1011 case DNS_TYPE_DNSKEY:
1012 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
1013 if (r < 0)
1014 goto fail;
1015
1016 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
1017 if (r < 0)
1018 goto fail;
1019
1020 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
1021 if (r < 0)
1022 goto fail;
1023
1024 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
1025 break;
1026
1027 case DNS_TYPE_RRSIG:
1028 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
1029 if (r < 0)
1030 goto fail;
1031
1032 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
1033 if (r < 0)
1034 goto fail;
1035
1036 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
1037 if (r < 0)
1038 goto fail;
1039
1040 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
1041 if (r < 0)
1042 goto fail;
1043
1044 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
1045 if (r < 0)
1046 goto fail;
1047
1048 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1049 if (r < 0)
1050 goto fail;
1051
1052 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
1053 if (r < 0)
1054 goto fail;
1055
1056 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
1057 if (r < 0)
1058 goto fail;
1059
1060 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1061 break;
1062
1063 case DNS_TYPE_NSEC:
1064 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
1065 if (r < 0)
1066 goto fail;
1067
1068 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1069 if (r < 0)
1070 goto fail;
1071
1072 break;
1073
1074 case DNS_TYPE_NSEC3:
1075 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1076 if (r < 0)
1077 goto fail;
1078
1079 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1080 if (r < 0)
1081 goto fail;
1082
1083 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1084 if (r < 0)
1085 goto fail;
1086
1087 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1088 if (r < 0)
1089 goto fail;
1090
1091 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1092 if (r < 0)
1093 goto fail;
1094
1095 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1096 if (r < 0)
1097 goto fail;
1098
1099 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1100 if (r < 0)
1101 goto fail;
1102
1103 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1104 if (r < 0)
1105 goto fail;
1106
1107 break;
1108
1109 case DNS_TYPE_TLSA:
1110 r = dns_packet_append_uint8(p, rr->tlsa.cert_usage, NULL);
1111 if (r < 0)
1112 goto fail;
1113
1114 r = dns_packet_append_uint8(p, rr->tlsa.selector, NULL);
1115 if (r < 0)
1116 goto fail;
1117
1118 r = dns_packet_append_uint8(p, rr->tlsa.matching_type, NULL);
1119 if (r < 0)
1120 goto fail;
1121
1122 r = dns_packet_append_blob(p, rr->tlsa.data, rr->tlsa.data_size, NULL);
1123 break;
1124
1125 case DNS_TYPE_CAA:
1126 r = dns_packet_append_uint8(p, rr->caa.flags, NULL);
1127 if (r < 0)
1128 goto fail;
1129
1130 r = dns_packet_append_string(p, rr->caa.tag, NULL);
1131 if (r < 0)
1132 goto fail;
1133
1134 r = dns_packet_append_blob(p, rr->caa.value, rr->caa.value_size, NULL);
1135 break;
1136
1137 case DNS_TYPE_OPT:
1138 case DNS_TYPE_OPENPGPKEY:
1139 case _DNS_TYPE_INVALID: /* unparsable */
1140 default:
1141
1142 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.data_size, NULL);
1143 break;
1144 }
1145 if (r < 0)
1146 goto fail;
1147
1148 /* Let's calculate the actual data size and update the field */
1149 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1150 if (rdlength > 0xFFFF) {
1151 r = -ENOSPC;
1152 goto fail;
1153 }
1154
1155 end = p->size;
1156 p->size = rdlength_offset;
1157 r = dns_packet_append_uint16(p, rdlength, NULL);
1158 if (r < 0)
1159 goto fail;
1160 p->size = end;
1161
1162 if (start)
1163 *start = saved_size;
1164
1165 if (rdata_start)
1166 *rdata_start = rds;
1167
1168 return 0;
1169
1170 fail:
1171 dns_packet_truncate(p, saved_size);
1172 return r;
1173 }
1174
1175 int dns_packet_append_question(DnsPacket *p, DnsQuestion *q) {
1176 DnsResourceKey *key;
1177 int r;
1178
1179 assert(p);
1180
1181 DNS_QUESTION_FOREACH(key, q) {
1182 r = dns_packet_append_key(p, key, 0, NULL);
1183 if (r < 0)
1184 return r;
1185 }
1186
1187 return 0;
1188 }
1189
1190 int dns_packet_append_answer(DnsPacket *p, DnsAnswer *a) {
1191 DnsResourceRecord *rr;
1192 DnsAnswerFlags flags;
1193 int r;
1194
1195 assert(p);
1196
1197 DNS_ANSWER_FOREACH_FLAGS(rr, flags, a) {
1198 r = dns_packet_append_rr(p, rr, flags, NULL, NULL);
1199 if (r < 0)
1200 return r;
1201 }
1202
1203 return 0;
1204 }
1205
1206 int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1207 assert(p);
1208
1209 if (p->rindex + sz > p->size)
1210 return -EMSGSIZE;
1211
1212 if (ret)
1213 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1214
1215 if (start)
1216 *start = p->rindex;
1217
1218 p->rindex += sz;
1219 return 0;
1220 }
1221
1222 void dns_packet_rewind(DnsPacket *p, size_t idx) {
1223 assert(p);
1224 assert(idx <= p->size);
1225 assert(idx >= DNS_PACKET_HEADER_SIZE);
1226
1227 p->rindex = idx;
1228 }
1229
1230 int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1231 const void *q;
1232 int r;
1233
1234 assert(p);
1235 assert(d);
1236
1237 r = dns_packet_read(p, sz, &q, start);
1238 if (r < 0)
1239 return r;
1240
1241 memcpy(d, q, sz);
1242 return 0;
1243 }
1244
1245 static int dns_packet_read_memdup(
1246 DnsPacket *p, size_t size,
1247 void **ret, size_t *ret_size,
1248 size_t *ret_start) {
1249
1250 const void *src;
1251 size_t start;
1252 int r;
1253
1254 assert(p);
1255 assert(ret);
1256
1257 r = dns_packet_read(p, size, &src, &start);
1258 if (r < 0)
1259 return r;
1260
1261 if (size <= 0)
1262 *ret = NULL;
1263 else {
1264 void *copy;
1265
1266 copy = memdup(src, size);
1267 if (!copy)
1268 return -ENOMEM;
1269
1270 *ret = copy;
1271 }
1272
1273 if (ret_size)
1274 *ret_size = size;
1275 if (ret_start)
1276 *ret_start = start;
1277
1278 return 0;
1279 }
1280
1281 int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1282 const void *d;
1283 int r;
1284
1285 assert(p);
1286
1287 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1288 if (r < 0)
1289 return r;
1290
1291 *ret = ((uint8_t*) d)[0];
1292 return 0;
1293 }
1294
1295 int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1296 const void *d;
1297 int r;
1298
1299 assert(p);
1300
1301 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1302 if (r < 0)
1303 return r;
1304
1305 *ret = unaligned_read_be16(d);
1306
1307 return 0;
1308 }
1309
1310 int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1311 const void *d;
1312 int r;
1313
1314 assert(p);
1315
1316 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1317 if (r < 0)
1318 return r;
1319
1320 *ret = unaligned_read_be32(d);
1321
1322 return 0;
1323 }
1324
1325 int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
1326 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1327 const void *d;
1328 char *t;
1329 uint8_t c;
1330 int r;
1331
1332 assert(p);
1333 INIT_REWINDER(rewinder, p);
1334
1335 r = dns_packet_read_uint8(p, &c, NULL);
1336 if (r < 0)
1337 return r;
1338
1339 r = dns_packet_read(p, c, &d, NULL);
1340 if (r < 0)
1341 return r;
1342
1343 if (memchr(d, 0, c))
1344 return -EBADMSG;
1345
1346 t = strndup(d, c);
1347 if (!t)
1348 return -ENOMEM;
1349
1350 if (!utf8_is_valid(t)) {
1351 free(t);
1352 return -EBADMSG;
1353 }
1354
1355 *ret = t;
1356
1357 if (start)
1358 *start = rewinder.saved_rindex;
1359 CANCEL_REWINDER(rewinder);
1360
1361 return 0;
1362 }
1363
1364 int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
1365 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1366 uint8_t c;
1367 int r;
1368
1369 assert(p);
1370 INIT_REWINDER(rewinder, p);
1371
1372 r = dns_packet_read_uint8(p, &c, NULL);
1373 if (r < 0)
1374 return r;
1375
1376 r = dns_packet_read(p, c, ret, NULL);
1377 if (r < 0)
1378 return r;
1379
1380 if (size)
1381 *size = c;
1382 if (start)
1383 *start = rewinder.saved_rindex;
1384 CANCEL_REWINDER(rewinder);
1385
1386 return 0;
1387 }
1388
1389 int dns_packet_read_name(
1390 DnsPacket *p,
1391 char **_ret,
1392 bool allow_compression,
1393 size_t *start) {
1394
1395 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1396 size_t after_rindex = 0, jump_barrier;
1397 _cleanup_free_ char *ret = NULL;
1398 size_t n = 0, allocated = 0;
1399 bool first = true;
1400 int r;
1401
1402 assert(p);
1403 assert(_ret);
1404 INIT_REWINDER(rewinder, p);
1405 jump_barrier = p->rindex;
1406
1407 if (p->refuse_compression)
1408 allow_compression = false;
1409
1410 for (;;) {
1411 uint8_t c, d;
1412
1413 r = dns_packet_read_uint8(p, &c, NULL);
1414 if (r < 0)
1415 return r;
1416
1417 if (c == 0)
1418 /* End of name */
1419 break;
1420 else if (c <= 63) {
1421 const char *label;
1422
1423 /* Literal label */
1424 r = dns_packet_read(p, c, (const void**) &label, NULL);
1425 if (r < 0)
1426 return r;
1427
1428 if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
1429 return -ENOMEM;
1430
1431 if (first)
1432 first = false;
1433 else
1434 ret[n++] = '.';
1435
1436 r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
1437 if (r < 0)
1438 return r;
1439
1440 n += r;
1441 continue;
1442 } else if (allow_compression && FLAGS_SET(c, 0xc0)) {
1443 uint16_t ptr;
1444
1445 /* Pointer */
1446 r = dns_packet_read_uint8(p, &d, NULL);
1447 if (r < 0)
1448 return r;
1449
1450 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
1451 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier)
1452 return -EBADMSG;
1453
1454 if (after_rindex == 0)
1455 after_rindex = p->rindex;
1456
1457 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1458 jump_barrier = ptr;
1459 p->rindex = ptr;
1460 } else
1461 return -EBADMSG;
1462 }
1463
1464 if (!GREEDY_REALLOC(ret, allocated, n + 1))
1465 return -ENOMEM;
1466
1467 ret[n] = 0;
1468
1469 if (after_rindex != 0)
1470 p->rindex= after_rindex;
1471
1472 *_ret = TAKE_PTR(ret);
1473
1474 if (start)
1475 *start = rewinder.saved_rindex;
1476 CANCEL_REWINDER(rewinder);
1477
1478 return 0;
1479 }
1480
1481 static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
1482 uint8_t window;
1483 uint8_t length;
1484 const uint8_t *bitmap;
1485 uint8_t bit = 0;
1486 unsigned i;
1487 bool found = false;
1488 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1489 int r;
1490
1491 assert(p);
1492 assert(types);
1493 INIT_REWINDER(rewinder, p);
1494
1495 r = bitmap_ensure_allocated(types);
1496 if (r < 0)
1497 return r;
1498
1499 r = dns_packet_read_uint8(p, &window, NULL);
1500 if (r < 0)
1501 return r;
1502
1503 r = dns_packet_read_uint8(p, &length, NULL);
1504 if (r < 0)
1505 return r;
1506
1507 if (length == 0 || length > 32)
1508 return -EBADMSG;
1509
1510 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1511 if (r < 0)
1512 return r;
1513
1514 for (i = 0; i < length; i++) {
1515 uint8_t bitmask = 1 << 7;
1516
1517 if (!bitmap[i]) {
1518 found = false;
1519 bit += 8;
1520 continue;
1521 }
1522
1523 found = true;
1524
1525 for (; bitmask; bit++, bitmask >>= 1)
1526 if (bitmap[i] & bitmask) {
1527 uint16_t n;
1528
1529 n = (uint16_t) window << 8 | (uint16_t) bit;
1530
1531 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1532 if (dns_type_is_pseudo(n))
1533 continue;
1534
1535 r = bitmap_set(*types, n);
1536 if (r < 0)
1537 return r;
1538 }
1539 }
1540
1541 if (!found)
1542 return -EBADMSG;
1543
1544 if (start)
1545 *start = rewinder.saved_rindex;
1546 CANCEL_REWINDER(rewinder);
1547
1548 return 0;
1549 }
1550
1551 static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
1552 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1553 int r;
1554
1555 INIT_REWINDER(rewinder, p);
1556
1557 while (p->rindex < rewinder.saved_rindex + size) {
1558 r = dns_packet_read_type_window(p, types, NULL);
1559 if (r < 0)
1560 return r;
1561
1562 /* don't read past end of current RR */
1563 if (p->rindex > rewinder.saved_rindex + size)
1564 return -EBADMSG;
1565 }
1566
1567 if (p->rindex != rewinder.saved_rindex + size)
1568 return -EBADMSG;
1569
1570 if (start)
1571 *start = rewinder.saved_rindex;
1572 CANCEL_REWINDER(rewinder);
1573
1574 return 0;
1575 }
1576
1577 int dns_packet_read_key(DnsPacket *p, DnsResourceKey **ret, bool *ret_cache_flush, size_t *start) {
1578 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1579 _cleanup_free_ char *name = NULL;
1580 bool cache_flush = false;
1581 uint16_t class, type;
1582 DnsResourceKey *key;
1583 int r;
1584
1585 assert(p);
1586 assert(ret);
1587 INIT_REWINDER(rewinder, p);
1588
1589 r = dns_packet_read_name(p, &name, true, NULL);
1590 if (r < 0)
1591 return r;
1592
1593 r = dns_packet_read_uint16(p, &type, NULL);
1594 if (r < 0)
1595 return r;
1596
1597 r = dns_packet_read_uint16(p, &class, NULL);
1598 if (r < 0)
1599 return r;
1600
1601 if (p->protocol == DNS_PROTOCOL_MDNS) {
1602 /* See RFC6762, Section 10.2 */
1603
1604 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH)) {
1605 class &= ~MDNS_RR_CACHE_FLUSH;
1606 cache_flush = true;
1607 }
1608 }
1609
1610 key = dns_resource_key_new_consume(class, type, name);
1611 if (!key)
1612 return -ENOMEM;
1613
1614 name = NULL;
1615 *ret = key;
1616
1617 if (ret_cache_flush)
1618 *ret_cache_flush = cache_flush;
1619 if (start)
1620 *start = rewinder.saved_rindex;
1621 CANCEL_REWINDER(rewinder);
1622
1623 return 0;
1624 }
1625
1626 static bool loc_size_ok(uint8_t size) {
1627 uint8_t m = size >> 4, e = size & 0xF;
1628
1629 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1630 }
1631
1632 int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, bool *ret_cache_flush, size_t *start) {
1633 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1634 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
1635 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1636 size_t offset;
1637 uint16_t rdlength;
1638 bool cache_flush;
1639 int r;
1640
1641 assert(p);
1642 assert(ret);
1643
1644 INIT_REWINDER(rewinder, p);
1645
1646 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
1647 if (r < 0)
1648 return r;
1649
1650 if (!dns_class_is_valid_rr(key->class) || !dns_type_is_valid_rr(key->type))
1651 return -EBADMSG;
1652
1653 rr = dns_resource_record_new(key);
1654 if (!rr)
1655 return -ENOMEM;
1656
1657 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1658 if (r < 0)
1659 return r;
1660
1661 /* RFC 2181, Section 8, suggests to
1662 * treat a TTL with the MSB set as a zero TTL. */
1663 if (rr->ttl & UINT32_C(0x80000000))
1664 rr->ttl = 0;
1665
1666 r = dns_packet_read_uint16(p, &rdlength, NULL);
1667 if (r < 0)
1668 return r;
1669
1670 if (p->rindex + rdlength > p->size)
1671 return -EBADMSG;
1672
1673 offset = p->rindex;
1674
1675 switch (rr->key->type) {
1676
1677 case DNS_TYPE_SRV:
1678 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1679 if (r < 0)
1680 return r;
1681 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1682 if (r < 0)
1683 return r;
1684 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1685 if (r < 0)
1686 return r;
1687 r = dns_packet_read_name(p, &rr->srv.name, true, NULL);
1688 break;
1689
1690 case DNS_TYPE_PTR:
1691 case DNS_TYPE_NS:
1692 case DNS_TYPE_CNAME:
1693 case DNS_TYPE_DNAME:
1694 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
1695 break;
1696
1697 case DNS_TYPE_HINFO:
1698 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1699 if (r < 0)
1700 return r;
1701
1702 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1703 break;
1704
1705 case DNS_TYPE_SPF: /* exactly the same as TXT */
1706 case DNS_TYPE_TXT:
1707 if (rdlength <= 0) {
1708 r = dns_txt_item_new_empty(&rr->txt.items);
1709 if (r < 0)
1710 return r;
1711 } else {
1712 DnsTxtItem *last = NULL;
1713
1714 while (p->rindex < offset + rdlength) {
1715 DnsTxtItem *i;
1716 const void *data;
1717 size_t sz;
1718
1719 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1720 if (r < 0)
1721 return r;
1722
1723 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1724 if (!i)
1725 return -ENOMEM;
1726
1727 memcpy(i->data, data, sz);
1728 i->length = sz;
1729
1730 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1731 last = i;
1732 }
1733 }
1734
1735 r = 0;
1736 break;
1737
1738 case DNS_TYPE_A:
1739 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
1740 break;
1741
1742 case DNS_TYPE_AAAA:
1743 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
1744 break;
1745
1746 case DNS_TYPE_SOA:
1747 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
1748 if (r < 0)
1749 return r;
1750
1751 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
1752 if (r < 0)
1753 return r;
1754
1755 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1756 if (r < 0)
1757 return r;
1758
1759 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1760 if (r < 0)
1761 return r;
1762
1763 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1764 if (r < 0)
1765 return r;
1766
1767 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1768 if (r < 0)
1769 return r;
1770
1771 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1772 break;
1773
1774 case DNS_TYPE_MX:
1775 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1776 if (r < 0)
1777 return r;
1778
1779 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
1780 break;
1781
1782 case DNS_TYPE_LOC: {
1783 uint8_t t;
1784 size_t pos;
1785
1786 r = dns_packet_read_uint8(p, &t, &pos);
1787 if (r < 0)
1788 return r;
1789
1790 if (t == 0) {
1791 rr->loc.version = t;
1792
1793 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1794 if (r < 0)
1795 return r;
1796
1797 if (!loc_size_ok(rr->loc.size))
1798 return -EBADMSG;
1799
1800 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1801 if (r < 0)
1802 return r;
1803
1804 if (!loc_size_ok(rr->loc.horiz_pre))
1805 return -EBADMSG;
1806
1807 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1808 if (r < 0)
1809 return r;
1810
1811 if (!loc_size_ok(rr->loc.vert_pre))
1812 return -EBADMSG;
1813
1814 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1815 if (r < 0)
1816 return r;
1817
1818 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1819 if (r < 0)
1820 return r;
1821
1822 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
1823 if (r < 0)
1824 return r;
1825
1826 break;
1827 } else {
1828 dns_packet_rewind(p, pos);
1829 rr->unparsable = true;
1830 goto unparsable;
1831 }
1832 }
1833
1834 case DNS_TYPE_DS:
1835 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
1836 if (r < 0)
1837 return r;
1838
1839 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
1840 if (r < 0)
1841 return r;
1842
1843 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
1844 if (r < 0)
1845 return r;
1846
1847 if (rdlength < 4)
1848 return -EBADMSG;
1849
1850 r = dns_packet_read_memdup(p, rdlength - 4,
1851 &rr->ds.digest, &rr->ds.digest_size,
1852 NULL);
1853 if (r < 0)
1854 return r;
1855
1856 if (rr->ds.digest_size <= 0)
1857 /* the accepted size depends on the algorithm, but for now
1858 just ensure that the value is greater than zero */
1859 return -EBADMSG;
1860
1861 break;
1862
1863 case DNS_TYPE_SSHFP:
1864 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
1865 if (r < 0)
1866 return r;
1867
1868 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
1869 if (r < 0)
1870 return r;
1871
1872 if (rdlength < 2)
1873 return -EBADMSG;
1874
1875 r = dns_packet_read_memdup(p, rdlength - 2,
1876 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
1877 NULL);
1878
1879 if (rr->sshfp.fingerprint_size <= 0)
1880 /* the accepted size depends on the algorithm, but for now
1881 just ensure that the value is greater than zero */
1882 return -EBADMSG;
1883
1884 break;
1885
1886 case DNS_TYPE_DNSKEY:
1887 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
1888 if (r < 0)
1889 return r;
1890
1891 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
1892 if (r < 0)
1893 return r;
1894
1895 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
1896 if (r < 0)
1897 return r;
1898
1899 if (rdlength < 4)
1900 return -EBADMSG;
1901
1902 r = dns_packet_read_memdup(p, rdlength - 4,
1903 &rr->dnskey.key, &rr->dnskey.key_size,
1904 NULL);
1905
1906 if (rr->dnskey.key_size <= 0)
1907 /* the accepted size depends on the algorithm, but for now
1908 just ensure that the value is greater than zero */
1909 return -EBADMSG;
1910
1911 break;
1912
1913 case DNS_TYPE_RRSIG:
1914 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
1915 if (r < 0)
1916 return r;
1917
1918 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
1919 if (r < 0)
1920 return r;
1921
1922 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
1923 if (r < 0)
1924 return r;
1925
1926 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
1927 if (r < 0)
1928 return r;
1929
1930 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
1931 if (r < 0)
1932 return r;
1933
1934 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
1935 if (r < 0)
1936 return r;
1937
1938 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
1939 if (r < 0)
1940 return r;
1941
1942 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
1943 if (r < 0)
1944 return r;
1945
1946 if (rdlength + offset < p->rindex)
1947 return -EBADMSG;
1948
1949 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
1950 &rr->rrsig.signature, &rr->rrsig.signature_size,
1951 NULL);
1952
1953 if (rr->rrsig.signature_size <= 0)
1954 /* the accepted size depends on the algorithm, but for now
1955 just ensure that the value is greater than zero */
1956 return -EBADMSG;
1957
1958 break;
1959
1960 case DNS_TYPE_NSEC: {
1961
1962 /*
1963 * RFC6762, section 18.14 explicitly states mDNS should use name compression.
1964 * This contradicts RFC3845, section 2.1.1
1965 */
1966
1967 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
1968
1969 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
1970 if (r < 0)
1971 return r;
1972
1973 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
1974
1975 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1976 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1977 * without the NSEC bit set. */
1978
1979 break;
1980 }
1981 case DNS_TYPE_NSEC3: {
1982 uint8_t size;
1983
1984 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
1985 if (r < 0)
1986 return r;
1987
1988 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
1989 if (r < 0)
1990 return r;
1991
1992 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
1993 if (r < 0)
1994 return r;
1995
1996 /* this may be zero */
1997 r = dns_packet_read_uint8(p, &size, NULL);
1998 if (r < 0)
1999 return r;
2000
2001 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
2002 if (r < 0)
2003 return r;
2004
2005 r = dns_packet_read_uint8(p, &size, NULL);
2006 if (r < 0)
2007 return r;
2008
2009 if (size <= 0)
2010 return -EBADMSG;
2011
2012 r = dns_packet_read_memdup(p, size,
2013 &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size,
2014 NULL);
2015 if (r < 0)
2016 return r;
2017
2018 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
2019
2020 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
2021
2022 break;
2023 }
2024
2025 case DNS_TYPE_TLSA:
2026 r = dns_packet_read_uint8(p, &rr->tlsa.cert_usage, NULL);
2027 if (r < 0)
2028 return r;
2029
2030 r = dns_packet_read_uint8(p, &rr->tlsa.selector, NULL);
2031 if (r < 0)
2032 return r;
2033
2034 r = dns_packet_read_uint8(p, &rr->tlsa.matching_type, NULL);
2035 if (r < 0)
2036 return r;
2037
2038 if (rdlength < 3)
2039 return -EBADMSG;
2040
2041 r = dns_packet_read_memdup(p, rdlength - 3,
2042 &rr->tlsa.data, &rr->tlsa.data_size,
2043 NULL);
2044
2045 if (rr->tlsa.data_size <= 0)
2046 /* the accepted size depends on the algorithm, but for now
2047 just ensure that the value is greater than zero */
2048 return -EBADMSG;
2049
2050 break;
2051
2052 case DNS_TYPE_CAA:
2053 r = dns_packet_read_uint8(p, &rr->caa.flags, NULL);
2054 if (r < 0)
2055 return r;
2056
2057 r = dns_packet_read_string(p, &rr->caa.tag, NULL);
2058 if (r < 0)
2059 return r;
2060
2061 if (rdlength + offset < p->rindex)
2062 return -EBADMSG;
2063
2064 r = dns_packet_read_memdup(p,
2065 rdlength + offset - p->rindex,
2066 &rr->caa.value, &rr->caa.value_size, NULL);
2067
2068 break;
2069
2070 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
2071 case DNS_TYPE_OPENPGPKEY:
2072 default:
2073 unparsable:
2074 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.data_size, NULL);
2075
2076 break;
2077 }
2078 if (r < 0)
2079 return r;
2080 if (p->rindex != offset + rdlength)
2081 return -EBADMSG;
2082
2083 *ret = TAKE_PTR(rr);
2084
2085 if (ret_cache_flush)
2086 *ret_cache_flush = cache_flush;
2087 if (start)
2088 *start = rewinder.saved_rindex;
2089 CANCEL_REWINDER(rewinder);
2090
2091 return 0;
2092 }
2093
2094 static bool opt_is_good(DnsResourceRecord *rr, bool *rfc6975) {
2095 const uint8_t* p;
2096 bool found_dau_dhu_n3u = false;
2097 size_t l;
2098
2099 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2100 * a reply). */
2101
2102 assert(rr);
2103 assert(rr->key->type == DNS_TYPE_OPT);
2104
2105 /* Check that the version is 0 */
2106 if (((rr->ttl >> 16) & UINT32_C(0xFF)) != 0) {
2107 *rfc6975 = false;
2108 return true; /* if it's not version 0, it's OK, but we will ignore the OPT field contents */
2109 }
2110
2111 p = rr->opt.data;
2112 l = rr->opt.data_size;
2113 while (l > 0) {
2114 uint16_t option_code, option_length;
2115
2116 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2117 if (l < 4U)
2118 return false;
2119
2120 option_code = unaligned_read_be16(p);
2121 option_length = unaligned_read_be16(p + 2);
2122
2123 if (l < option_length + 4U)
2124 return false;
2125
2126 /* RFC 6975 DAU, DHU or N3U fields found. */
2127 if (IN_SET(option_code, 5, 6, 7))
2128 found_dau_dhu_n3u = true;
2129
2130 p += option_length + 4U;
2131 l -= option_length + 4U;
2132 }
2133
2134 *rfc6975 = found_dau_dhu_n3u;
2135 return true;
2136 }
2137
2138 static int dns_packet_extract_question(DnsPacket *p, DnsQuestion **ret_question) {
2139 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2140 unsigned n, i;
2141 int r;
2142
2143 n = DNS_PACKET_QDCOUNT(p);
2144 if (n > 0) {
2145 question = dns_question_new(n);
2146 if (!question)
2147 return -ENOMEM;
2148
2149 _cleanup_set_free_ Set *keys = NULL; /* references to keys are kept by Question */
2150
2151 keys = set_new(&dns_resource_key_hash_ops);
2152 if (!keys)
2153 return log_oom();
2154
2155 r = set_reserve(keys, n * 2); /* Higher multipliers give slightly higher efficiency through
2156 * hash collisions, but the gains quickly drop of after 2. */
2157 if (r < 0)
2158 return r;
2159
2160 for (i = 0; i < n; i++) {
2161 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
2162 bool cache_flush;
2163
2164 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
2165 if (r < 0)
2166 return r;
2167
2168 if (cache_flush)
2169 return -EBADMSG;
2170
2171 if (!dns_type_is_valid_query(key->type))
2172 return -EBADMSG;
2173
2174 r = set_put(keys, key);
2175 if (r < 0)
2176 return r;
2177 if (r == 0)
2178 /* Already in the Question, let's skip */
2179 continue;
2180
2181 r = dns_question_add_raw(question, key);
2182 if (r < 0)
2183 return r;
2184 }
2185 }
2186
2187 *ret_question = TAKE_PTR(question);
2188
2189 return 0;
2190 }
2191
2192 static int dns_packet_extract_answer(DnsPacket *p, DnsAnswer **ret_answer) {
2193 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2194 unsigned n, i;
2195 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL;
2196 bool bad_opt = false;
2197 int r;
2198
2199 n = DNS_PACKET_RRCOUNT(p);
2200 if (n == 0)
2201 return 0;
2202
2203 answer = dns_answer_new(n);
2204 if (!answer)
2205 return -ENOMEM;
2206
2207 for (i = 0; i < n; i++) {
2208 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2209 bool cache_flush = false;
2210
2211 r = dns_packet_read_rr(p, &rr, &cache_flush, NULL);
2212 if (r < 0)
2213 return r;
2214
2215 /* Try to reduce memory usage a bit */
2216 if (previous)
2217 dns_resource_key_reduce(&rr->key, &previous->key);
2218
2219 if (rr->key->type == DNS_TYPE_OPT) {
2220 bool has_rfc6975;
2221
2222 if (p->opt || bad_opt) {
2223 /* Multiple OPT RRs? if so, let's ignore all, because there's
2224 * something wrong with the server, and if one is valid we wouldn't
2225 * know which one. */
2226 log_debug("Multiple OPT RRs detected, ignoring all.");
2227 bad_opt = true;
2228 continue;
2229 }
2230
2231 if (!dns_name_is_root(dns_resource_key_name(rr->key))) {
2232 /* If the OPT RR is not owned by the root domain, then it is bad,
2233 * let's ignore it. */
2234 log_debug("OPT RR is not owned by root domain, ignoring.");
2235 bad_opt = true;
2236 continue;
2237 }
2238
2239 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2240 /* OPT RR is in the wrong section? Some Belkin routers do this. This
2241 * is a hint the EDNS implementation is borked, like the Belkin one
2242 * is, hence ignore it. */
2243 log_debug("OPT RR in wrong section, ignoring.");
2244 bad_opt = true;
2245 continue;
2246 }
2247
2248 if (!opt_is_good(rr, &has_rfc6975)) {
2249 log_debug("Malformed OPT RR, ignoring.");
2250 bad_opt = true;
2251 continue;
2252 }
2253
2254 if (DNS_PACKET_QR(p)) {
2255 /* Additional checks for responses */
2256
2257 if (!DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(rr))
2258 /* If this is a reply and we don't know the EDNS version
2259 * then something is weird... */
2260 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
2261 "EDNS version newer that our request, bad server.");
2262
2263 if (has_rfc6975) {
2264 /* If the OPT RR contains RFC6975 algorithm data, then this
2265 * is indication that the server just copied the OPT it got
2266 * from us (which contained that data) back into the reply.
2267 * If so, then it doesn't properly support EDNS, as RFC6975
2268 * makes it very clear that the algorithm data should only
2269 * be contained in questions, never in replies. Crappy
2270 * Belkin routers copy the OPT data for example, hence let's
2271 * detect this so that we downgrade early. */
2272 log_debug("OPT RR contains RFC6975 data, ignoring.");
2273 bad_opt = true;
2274 continue;
2275 }
2276 }
2277
2278 p->opt = dns_resource_record_ref(rr);
2279 } else {
2280 /* According to RFC 4795, section 2.9. only the RRs from the Answer section
2281 * shall be cached. Hence mark only those RRs as cacheable by default, but
2282 * not the ones from the Additional or Authority sections. */
2283 DnsAnswerFlags flags =
2284 (i < DNS_PACKET_ANCOUNT(p) ? DNS_ANSWER_CACHEABLE : 0) |
2285 (p->protocol == DNS_PROTOCOL_MDNS && !cache_flush ? DNS_ANSWER_SHARED_OWNER : 0);
2286
2287 r = dns_answer_add(answer, rr, p->ifindex, flags);
2288 if (r < 0)
2289 return r;
2290 }
2291
2292 /* Remember this RR, so that we potentically can merge it's ->key object with the
2293 * next RR. Note that we only do this if we actually decided to keep the RR around.
2294 */
2295 dns_resource_record_unref(previous);
2296 previous = dns_resource_record_ref(rr);
2297 }
2298
2299 if (bad_opt)
2300 p->opt = dns_resource_record_unref(p->opt);
2301
2302 *ret_answer = TAKE_PTR(answer);
2303
2304 return 0;
2305 }
2306
2307 int dns_packet_extract(DnsPacket *p) {
2308 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2309 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2310 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = {};
2311 int r;
2312
2313 if (p->extracted)
2314 return 0;
2315
2316 INIT_REWINDER(rewinder, p);
2317 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2318
2319 r = dns_packet_extract_question(p, &question);
2320 if (r < 0)
2321 return r;
2322
2323 r = dns_packet_extract_answer(p, &answer);
2324 if (r < 0)
2325 return r;
2326
2327 p->question = TAKE_PTR(question);
2328 p->answer = TAKE_PTR(answer);
2329
2330 p->extracted = true;
2331
2332 /* no CANCEL, always rewind */
2333 return 0;
2334 }
2335
2336 int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2337 int r;
2338
2339 assert(p);
2340 assert(key);
2341
2342 /* Checks if the specified packet is a reply for the specified
2343 * key and the specified key is the only one in the question
2344 * section. */
2345
2346 if (DNS_PACKET_QR(p) != 1)
2347 return 0;
2348
2349 /* Let's unpack the packet, if that hasn't happened yet. */
2350 r = dns_packet_extract(p);
2351 if (r < 0)
2352 return r;
2353
2354 if (!p->question)
2355 return 0;
2356
2357 if (p->question->n_keys != 1)
2358 return 0;
2359
2360 return dns_resource_key_equal(p->question->keys[0], key);
2361 }
2362
2363 static void dns_packet_hash_func(const DnsPacket *s, struct siphash *state) {
2364 assert(s);
2365
2366 siphash24_compress(&s->size, sizeof(s->size), state);
2367 siphash24_compress(DNS_PACKET_DATA((DnsPacket*) s), s->size, state);
2368 }
2369
2370 static int dns_packet_compare_func(const DnsPacket *x, const DnsPacket *y) {
2371 int r;
2372
2373 r = CMP(x->size, y->size);
2374 if (r != 0)
2375 return r;
2376
2377 return memcmp(DNS_PACKET_DATA((DnsPacket*) x), DNS_PACKET_DATA((DnsPacket*) y), x->size);
2378 }
2379
2380 DEFINE_HASH_OPS(dns_packet_hash_ops, DnsPacket, dns_packet_hash_func, dns_packet_compare_func);
2381
2382 static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
2383 [DNS_RCODE_SUCCESS] = "SUCCESS",
2384 [DNS_RCODE_FORMERR] = "FORMERR",
2385 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2386 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2387 [DNS_RCODE_NOTIMP] = "NOTIMP",
2388 [DNS_RCODE_REFUSED] = "REFUSED",
2389 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2390 [DNS_RCODE_YXRRSET] = "YRRSET",
2391 [DNS_RCODE_NXRRSET] = "NXRRSET",
2392 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2393 [DNS_RCODE_NOTZONE] = "NOTZONE",
2394 [DNS_RCODE_BADVERS] = "BADVERS",
2395 [DNS_RCODE_BADKEY] = "BADKEY",
2396 [DNS_RCODE_BADTIME] = "BADTIME",
2397 [DNS_RCODE_BADMODE] = "BADMODE",
2398 [DNS_RCODE_BADNAME] = "BADNAME",
2399 [DNS_RCODE_BADALG] = "BADALG",
2400 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
2401 [DNS_RCODE_BADCOOKIE] = "BADCOOKIE",
2402 };
2403 DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
2404
2405 static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
2406 [DNS_PROTOCOL_DNS] = "dns",
2407 [DNS_PROTOCOL_MDNS] = "mdns",
2408 [DNS_PROTOCOL_LLMNR] = "llmnr",
2409 };
2410 DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.