1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
27 #include "unaligned.h"
31 #define EDNS0_OPT_DO (1<<15)
33 int dns_packet_new(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
) {
39 if (mtu
<= UDP_PACKET_HEADER_SIZE
)
40 a
= DNS_PACKET_SIZE_START
;
42 a
= mtu
- UDP_PACKET_HEADER_SIZE
;
44 if (a
< DNS_PACKET_HEADER_SIZE
)
45 a
= DNS_PACKET_HEADER_SIZE
;
47 /* round up to next page size */
48 a
= PAGE_ALIGN(ALIGN(sizeof(DnsPacket
)) + a
) - ALIGN(sizeof(DnsPacket
));
50 /* make sure we never allocate more than useful */
51 if (a
> DNS_PACKET_SIZE_MAX
)
52 a
= DNS_PACKET_SIZE_MAX
;
54 p
= malloc0(ALIGN(sizeof(DnsPacket
)) + a
);
58 p
->size
= p
->rindex
= DNS_PACKET_HEADER_SIZE
;
60 p
->protocol
= protocol
;
61 p
->opt_start
= p
->opt_size
= (size_t) -1;
69 void dns_packet_set_flags(DnsPacket
*p
, bool dnssec_checking_disabled
, bool truncated
) {
75 h
= DNS_PACKET_HEADER(p
);
78 case DNS_PROTOCOL_LLMNR
:
81 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
92 case DNS_PROTOCOL_MDNS
:
93 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
97 0 /* rd (ask for recursion) */,
107 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
111 1 /* rd (ask for recursion) */,
114 dnssec_checking_disabled
/* cd */,
119 int dns_packet_new_query(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
, bool dnssec_checking_disabled
) {
125 r
= dns_packet_new(&p
, protocol
, mtu
);
129 /* Always set the TC bit to 0 initially.
130 * If there are multiple packets later, we'll update the bit shortly before sending.
132 dns_packet_set_flags(p
, dnssec_checking_disabled
, false);
138 DnsPacket
*dns_packet_ref(DnsPacket
*p
) {
143 assert(!p
->on_stack
);
145 assert(p
->n_ref
> 0);
150 static void dns_packet_free(DnsPacket
*p
) {
155 dns_question_unref(p
->question
);
156 dns_answer_unref(p
->answer
);
157 dns_resource_record_unref(p
->opt
);
159 while ((s
= hashmap_steal_first_key(p
->names
)))
161 hashmap_free(p
->names
);
169 DnsPacket
*dns_packet_unref(DnsPacket
*p
) {
173 assert(p
->n_ref
> 0);
175 dns_packet_unref(p
->more
);
185 int dns_packet_validate(DnsPacket
*p
) {
188 if (p
->size
< DNS_PACKET_HEADER_SIZE
)
191 if (p
->size
> DNS_PACKET_SIZE_MAX
)
197 int dns_packet_validate_reply(DnsPacket
*p
) {
202 r
= dns_packet_validate(p
);
206 if (DNS_PACKET_QR(p
) != 1)
209 if (DNS_PACKET_OPCODE(p
) != 0)
212 switch (p
->protocol
) {
214 case DNS_PROTOCOL_LLMNR
:
215 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
216 if (DNS_PACKET_QDCOUNT(p
) != 1)
221 case DNS_PROTOCOL_MDNS
:
222 /* RFC 6762, Section 18 */
223 if (DNS_PACKET_RCODE(p
) != 0)
235 int dns_packet_validate_query(DnsPacket
*p
) {
240 r
= dns_packet_validate(p
);
244 if (DNS_PACKET_QR(p
) != 0)
247 if (DNS_PACKET_OPCODE(p
) != 0)
250 if (DNS_PACKET_TC(p
))
253 switch (p
->protocol
) {
255 case DNS_PROTOCOL_LLMNR
:
256 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
257 if (DNS_PACKET_QDCOUNT(p
) != 1)
260 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
261 if (DNS_PACKET_ANCOUNT(p
) > 0)
264 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
265 if (DNS_PACKET_NSCOUNT(p
) > 0)
270 case DNS_PROTOCOL_MDNS
:
271 /* RFC 6762, Section 18 */
272 if (DNS_PACKET_AA(p
) != 0 ||
273 DNS_PACKET_RD(p
) != 0 ||
274 DNS_PACKET_RA(p
) != 0 ||
275 DNS_PACKET_AD(p
) != 0 ||
276 DNS_PACKET_CD(p
) != 0 ||
277 DNS_PACKET_RCODE(p
) != 0)
289 static int dns_packet_extend(DnsPacket
*p
, size_t add
, void **ret
, size_t *start
) {
292 if (p
->size
+ add
> p
->allocated
) {
295 a
= PAGE_ALIGN((p
->size
+ add
) * 2);
296 if (a
> DNS_PACKET_SIZE_MAX
)
297 a
= DNS_PACKET_SIZE_MAX
;
299 if (p
->size
+ add
> a
)
305 d
= realloc(p
->_data
, a
);
311 p
->_data
= malloc(a
);
315 memcpy(p
->_data
, (uint8_t*) p
+ ALIGN(sizeof(DnsPacket
)), p
->size
);
316 memzero((uint8_t*) p
->_data
+ p
->size
, a
- p
->size
);
326 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->size
;
332 void dns_packet_truncate(DnsPacket
*p
, size_t sz
) {
342 HASHMAP_FOREACH_KEY(n
, s
, p
->names
, i
) {
344 if (PTR_TO_SIZE(n
) < sz
)
347 hashmap_remove(p
->names
, s
);
354 int dns_packet_append_blob(DnsPacket
*p
, const void *d
, size_t l
, size_t *start
) {
360 r
= dns_packet_extend(p
, l
, &q
, start
);
368 int dns_packet_append_uint8(DnsPacket
*p
, uint8_t v
, size_t *start
) {
374 r
= dns_packet_extend(p
, sizeof(uint8_t), &d
, start
);
378 ((uint8_t*) d
)[0] = v
;
383 int dns_packet_append_uint16(DnsPacket
*p
, uint16_t v
, size_t *start
) {
389 r
= dns_packet_extend(p
, sizeof(uint16_t), &d
, start
);
393 unaligned_write_be16(d
, v
);
398 int dns_packet_append_uint32(DnsPacket
*p
, uint32_t v
, size_t *start
) {
404 r
= dns_packet_extend(p
, sizeof(uint32_t), &d
, start
);
408 unaligned_write_be32(d
, v
);
413 int dns_packet_append_string(DnsPacket
*p
, const char *s
, size_t *start
) {
417 return dns_packet_append_raw_string(p
, s
, strlen(s
), start
);
420 int dns_packet_append_raw_string(DnsPacket
*p
, const void *s
, size_t size
, size_t *start
) {
425 assert(s
|| size
== 0);
430 r
= dns_packet_extend(p
, 1 + size
, &d
, start
);
434 ((uint8_t*) d
)[0] = (uint8_t) size
;
437 memcpy(((uint8_t*) d
) + 1, s
, size
);
442 int dns_packet_append_label(DnsPacket
*p
, const char *d
, size_t l
, bool canonical_candidate
, size_t *start
) {
446 /* Append a label to a packet. Optionally, does this in DNSSEC
447 * canonical form, if this label is marked as a candidate for
448 * it, and the canonical form logic is enabled for the
454 if (l
> DNS_LABEL_MAX
)
457 r
= dns_packet_extend(p
, 1 + l
, (void**) &w
, start
);
461 *(w
++) = (uint8_t) l
;
463 if (p
->canonical_form
&& canonical_candidate
) {
466 /* Generate in canonical form, as defined by DNSSEC
467 * RFC 4034, Section 6.2, i.e. all lower-case. */
469 for (i
= 0; i
< l
; i
++) {
470 if (d
[i
] >= 'A' && d
[i
] <= 'Z')
471 w
[i
] = (uint8_t) (d
[i
] - 'A' + 'a');
473 w
[i
] = (uint8_t) d
[i
];
476 /* Otherwise, just copy the string unaltered. This is
477 * essential for DNS-SD, where the casing of labels
478 * matters and needs to be retained. */
484 int dns_packet_append_name(
487 bool allow_compression
,
488 bool canonical_candidate
,
497 if (p
->refuse_compression
)
498 allow_compression
= false;
500 saved_size
= p
->size
;
503 const char *z
= name
;
504 char label
[DNS_LABEL_MAX
];
508 if (allow_compression
)
509 n
= PTR_TO_SIZE(hashmap_get(p
->names
, name
));
514 r
= dns_packet_append_uint16(p
, 0xC000 | n
, NULL
);
522 r
= dns_label_unescape(&name
, label
, sizeof(label
));
526 if (p
->protocol
== DNS_PROTOCOL_DNS
)
527 k
= dns_label_apply_idna(label
, r
, label
, sizeof(label
));
529 k
= dns_label_undo_idna(label
, r
, label
, sizeof(label
));
537 r
= dns_packet_append_label(p
, label
, r
, canonical_candidate
, &n
);
541 if (allow_compression
) {
542 _cleanup_free_
char *s
= NULL
;
550 r
= hashmap_ensure_allocated(&p
->names
, &dns_name_hash_ops
);
554 r
= hashmap_put(p
->names
, s
, SIZE_TO_PTR(n
));
562 r
= dns_packet_append_uint8(p
, 0, NULL
);
573 dns_packet_truncate(p
, saved_size
);
577 int dns_packet_append_key(DnsPacket
*p
, const DnsResourceKey
*k
, size_t *start
) {
584 saved_size
= p
->size
;
586 r
= dns_packet_append_name(p
, DNS_RESOURCE_KEY_NAME(k
), true, true, NULL
);
590 r
= dns_packet_append_uint16(p
, k
->type
, NULL
);
594 r
= dns_packet_append_uint16(p
, k
->class, NULL
);
604 dns_packet_truncate(p
, saved_size
);
608 static int dns_packet_append_type_window(DnsPacket
*p
, uint8_t window
, uint8_t length
, const uint8_t *types
, size_t *start
) {
616 saved_size
= p
->size
;
618 r
= dns_packet_append_uint8(p
, window
, NULL
);
622 r
= dns_packet_append_uint8(p
, length
, NULL
);
626 r
= dns_packet_append_blob(p
, types
, length
, NULL
);
635 dns_packet_truncate(p
, saved_size
);
639 static int dns_packet_append_types(DnsPacket
*p
, Bitmap
*types
, size_t *start
) {
643 uint8_t bitmaps
[32] = {};
650 saved_size
= p
->size
;
652 BITMAP_FOREACH(n
, types
, i
) {
655 if ((n
>> 8) != window
&& bitmaps
[entry
/ 8] != 0) {
656 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
666 bitmaps
[entry
/ 8] |= 1 << (7 - (entry
% 8));
669 if (bitmaps
[entry
/ 8] != 0) {
670 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
680 dns_packet_truncate(p
, saved_size
);
684 /* Append the OPT pseudo-RR described in RFC6891 */
685 int dns_packet_append_opt(DnsPacket
*p
, uint16_t max_udp_size
, bool edns0_do
, size_t *start
) {
690 /* we must never advertise supported packet size smaller than the legacy max */
691 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
693 if (p
->opt_start
!= (size_t) -1)
696 assert(p
->opt_size
== (size_t) -1);
698 saved_size
= p
->size
;
701 r
= dns_packet_append_uint8(p
, 0, NULL
);
706 r
= dns_packet_append_uint16(p
, DNS_TYPE_OPT
, NULL
);
710 /* maximum udp packet that can be received */
711 r
= dns_packet_append_uint16(p
, max_udp_size
, NULL
);
715 /* extended RCODE and VERSION */
716 r
= dns_packet_append_uint16(p
, 0, NULL
);
720 /* flags: DNSSEC OK (DO), see RFC3225 */
721 r
= dns_packet_append_uint16(p
, edns0_do
? EDNS0_OPT_DO
: 0, NULL
);
726 r
= dns_packet_append_uint16(p
, 0, NULL
);
730 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) + 1);
732 p
->opt_start
= saved_size
;
733 p
->opt_size
= p
->size
- saved_size
;
741 dns_packet_truncate(p
, saved_size
);
745 int dns_packet_truncate_opt(DnsPacket
*p
) {
748 if (p
->opt_start
== (size_t) -1) {
749 assert(p
->opt_size
== (size_t) -1);
753 assert(p
->opt_size
!= (size_t) -1);
754 assert(DNS_PACKET_ARCOUNT(p
) > 0);
756 if (p
->opt_start
+ p
->opt_size
!= p
->size
)
759 dns_packet_truncate(p
, p
->opt_start
);
760 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) - 1);
761 p
->opt_start
= p
->opt_size
= (size_t) -1;
766 int dns_packet_append_rr(DnsPacket
*p
, const DnsResourceRecord
*rr
, size_t *start
, size_t *rdata_start
) {
767 size_t saved_size
, rdlength_offset
, end
, rdlength
, rds
;
773 saved_size
= p
->size
;
775 r
= dns_packet_append_key(p
, rr
->key
, NULL
);
779 r
= dns_packet_append_uint32(p
, rr
->ttl
, NULL
);
783 /* Initially we write 0 here */
784 r
= dns_packet_append_uint16(p
, 0, &rdlength_offset
);
788 rds
= p
->size
- saved_size
;
790 switch (rr
->unparseable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
793 r
= dns_packet_append_uint16(p
, rr
->srv
.priority
, NULL
);
797 r
= dns_packet_append_uint16(p
, rr
->srv
.weight
, NULL
);
801 r
= dns_packet_append_uint16(p
, rr
->srv
.port
, NULL
);
805 r
= dns_packet_append_name(p
, rr
->srv
.name
, true, false, NULL
);
812 r
= dns_packet_append_name(p
, rr
->ptr
.name
, true, false, NULL
);
816 r
= dns_packet_append_string(p
, rr
->hinfo
.cpu
, NULL
);
820 r
= dns_packet_append_string(p
, rr
->hinfo
.os
, NULL
);
823 case DNS_TYPE_SPF
: /* exactly the same as TXT */
826 if (!rr
->txt
.items
) {
827 /* RFC 6763, section 6.1 suggests to generate
828 * single empty string for an empty array. */
830 r
= dns_packet_append_raw_string(p
, NULL
, 0, NULL
);
836 LIST_FOREACH(items
, i
, rr
->txt
.items
) {
837 r
= dns_packet_append_raw_string(p
, i
->data
, i
->length
, NULL
);
847 r
= dns_packet_append_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
851 r
= dns_packet_append_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
855 r
= dns_packet_append_name(p
, rr
->soa
.mname
, true, false, NULL
);
859 r
= dns_packet_append_name(p
, rr
->soa
.rname
, true, false, NULL
);
863 r
= dns_packet_append_uint32(p
, rr
->soa
.serial
, NULL
);
867 r
= dns_packet_append_uint32(p
, rr
->soa
.refresh
, NULL
);
871 r
= dns_packet_append_uint32(p
, rr
->soa
.retry
, NULL
);
875 r
= dns_packet_append_uint32(p
, rr
->soa
.expire
, NULL
);
879 r
= dns_packet_append_uint32(p
, rr
->soa
.minimum
, NULL
);
883 r
= dns_packet_append_uint16(p
, rr
->mx
.priority
, NULL
);
887 r
= dns_packet_append_name(p
, rr
->mx
.exchange
, true, false, NULL
);
891 r
= dns_packet_append_uint8(p
, rr
->loc
.version
, NULL
);
895 r
= dns_packet_append_uint8(p
, rr
->loc
.size
, NULL
);
899 r
= dns_packet_append_uint8(p
, rr
->loc
.horiz_pre
, NULL
);
903 r
= dns_packet_append_uint8(p
, rr
->loc
.vert_pre
, NULL
);
907 r
= dns_packet_append_uint32(p
, rr
->loc
.latitude
, NULL
);
911 r
= dns_packet_append_uint32(p
, rr
->loc
.longitude
, NULL
);
915 r
= dns_packet_append_uint32(p
, rr
->loc
.altitude
, NULL
);
919 r
= dns_packet_append_uint16(p
, rr
->ds
.key_tag
, NULL
);
923 r
= dns_packet_append_uint8(p
, rr
->ds
.algorithm
, NULL
);
927 r
= dns_packet_append_uint8(p
, rr
->ds
.digest_type
, NULL
);
931 r
= dns_packet_append_blob(p
, rr
->ds
.digest
, rr
->ds
.digest_size
, NULL
);
935 r
= dns_packet_append_uint8(p
, rr
->sshfp
.algorithm
, NULL
);
939 r
= dns_packet_append_uint8(p
, rr
->sshfp
.fptype
, NULL
);
943 r
= dns_packet_append_blob(p
, rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, NULL
);
946 case DNS_TYPE_DNSKEY
:
947 r
= dns_packet_append_uint16(p
, rr
->dnskey
.flags
, NULL
);
951 r
= dns_packet_append_uint8(p
, rr
->dnskey
.protocol
, NULL
);
955 r
= dns_packet_append_uint8(p
, rr
->dnskey
.algorithm
, NULL
);
959 r
= dns_packet_append_blob(p
, rr
->dnskey
.key
, rr
->dnskey
.key_size
, NULL
);
963 r
= dns_packet_append_uint16(p
, rr
->rrsig
.type_covered
, NULL
);
967 r
= dns_packet_append_uint8(p
, rr
->rrsig
.algorithm
, NULL
);
971 r
= dns_packet_append_uint8(p
, rr
->rrsig
.labels
, NULL
);
975 r
= dns_packet_append_uint32(p
, rr
->rrsig
.original_ttl
, NULL
);
979 r
= dns_packet_append_uint32(p
, rr
->rrsig
.expiration
, NULL
);
983 r
= dns_packet_append_uint32(p
, rr
->rrsig
.inception
, NULL
);
987 r
= dns_packet_append_uint16(p
, rr
->rrsig
.key_tag
, NULL
);
991 r
= dns_packet_append_name(p
, rr
->rrsig
.signer
, false, true, NULL
);
995 r
= dns_packet_append_blob(p
, rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, NULL
);
999 r
= dns_packet_append_name(p
, rr
->nsec
.next_domain_name
, false, false, NULL
);
1003 r
= dns_packet_append_types(p
, rr
->nsec
.types
, NULL
);
1009 case DNS_TYPE_NSEC3
:
1010 r
= dns_packet_append_uint8(p
, rr
->nsec3
.algorithm
, NULL
);
1014 r
= dns_packet_append_uint8(p
, rr
->nsec3
.flags
, NULL
);
1018 r
= dns_packet_append_uint16(p
, rr
->nsec3
.iterations
, NULL
);
1022 r
= dns_packet_append_uint8(p
, rr
->nsec3
.salt_size
, NULL
);
1026 r
= dns_packet_append_blob(p
, rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, NULL
);
1030 r
= dns_packet_append_uint8(p
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1034 r
= dns_packet_append_blob(p
, rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1038 r
= dns_packet_append_types(p
, rr
->nsec3
.types
, NULL
);
1045 case _DNS_TYPE_INVALID
: /* unparseable */
1048 r
= dns_packet_append_blob(p
, rr
->generic
.data
, rr
->generic
.size
, NULL
);
1054 /* Let's calculate the actual data size and update the field */
1055 rdlength
= p
->size
- rdlength_offset
- sizeof(uint16_t);
1056 if (rdlength
> 0xFFFF) {
1062 p
->size
= rdlength_offset
;
1063 r
= dns_packet_append_uint16(p
, rdlength
, NULL
);
1069 *start
= saved_size
;
1077 dns_packet_truncate(p
, saved_size
);
1081 int dns_packet_read(DnsPacket
*p
, size_t sz
, const void **ret
, size_t *start
) {
1084 if (p
->rindex
+ sz
> p
->size
)
1088 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->rindex
;
1097 void dns_packet_rewind(DnsPacket
*p
, size_t idx
) {
1099 assert(idx
<= p
->size
);
1100 assert(idx
>= DNS_PACKET_HEADER_SIZE
);
1105 int dns_packet_read_blob(DnsPacket
*p
, void *d
, size_t sz
, size_t *start
) {
1112 r
= dns_packet_read(p
, sz
, &q
, start
);
1120 static int dns_packet_read_memdup(
1121 DnsPacket
*p
, size_t size
,
1122 void **ret
, size_t *ret_size
,
1123 size_t *ret_start
) {
1132 r
= dns_packet_read(p
, size
, &src
, &start
);
1141 copy
= memdup(src
, size
);
1156 int dns_packet_read_uint8(DnsPacket
*p
, uint8_t *ret
, size_t *start
) {
1162 r
= dns_packet_read(p
, sizeof(uint8_t), &d
, start
);
1166 *ret
= ((uint8_t*) d
)[0];
1170 int dns_packet_read_uint16(DnsPacket
*p
, uint16_t *ret
, size_t *start
) {
1176 r
= dns_packet_read(p
, sizeof(uint16_t), &d
, start
);
1180 *ret
= unaligned_read_be16(d
);
1185 int dns_packet_read_uint32(DnsPacket
*p
, uint32_t *ret
, size_t *start
) {
1191 r
= dns_packet_read(p
, sizeof(uint32_t), &d
, start
);
1195 *ret
= unaligned_read_be32(d
);
1200 int dns_packet_read_string(DnsPacket
*p
, char **ret
, size_t *start
) {
1201 size_t saved_rindex
;
1209 saved_rindex
= p
->rindex
;
1211 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1215 r
= dns_packet_read(p
, c
, &d
, NULL
);
1219 if (memchr(d
, 0, c
)) {
1230 if (!utf8_is_valid(t
)) {
1239 *start
= saved_rindex
;
1244 dns_packet_rewind(p
, saved_rindex
);
1248 int dns_packet_read_raw_string(DnsPacket
*p
, const void **ret
, size_t *size
, size_t *start
) {
1249 size_t saved_rindex
;
1255 saved_rindex
= p
->rindex
;
1257 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1261 r
= dns_packet_read(p
, c
, ret
, NULL
);
1268 *start
= saved_rindex
;
1273 dns_packet_rewind(p
, saved_rindex
);
1277 int dns_packet_read_name(
1280 bool allow_compression
,
1283 size_t saved_rindex
, after_rindex
= 0, jump_barrier
;
1284 _cleanup_free_
char *ret
= NULL
;
1285 size_t n
= 0, allocated
= 0;
1292 if (p
->refuse_compression
)
1293 allow_compression
= false;
1295 saved_rindex
= p
->rindex
;
1296 jump_barrier
= p
->rindex
;
1301 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1312 r
= dns_packet_read(p
, c
, (const void**) &label
, NULL
);
1316 if (!GREEDY_REALLOC(ret
, allocated
, n
+ !first
+ DNS_LABEL_ESCAPED_MAX
)) {
1326 r
= dns_label_escape(label
, c
, ret
+ n
, DNS_LABEL_ESCAPED_MAX
);
1332 } else if (allow_compression
&& (c
& 0xc0) == 0xc0) {
1336 r
= dns_packet_read_uint8(p
, &d
, NULL
);
1340 ptr
= (uint16_t) (c
& ~0xc0) << 8 | (uint16_t) d
;
1341 if (ptr
< DNS_PACKET_HEADER_SIZE
|| ptr
>= jump_barrier
) {
1346 if (after_rindex
== 0)
1347 after_rindex
= p
->rindex
;
1349 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1358 if (!GREEDY_REALLOC(ret
, allocated
, n
+ 1)) {
1365 if (after_rindex
!= 0)
1366 p
->rindex
= after_rindex
;
1372 *start
= saved_rindex
;
1377 dns_packet_rewind(p
, saved_rindex
);
1381 static int dns_packet_read_type_window(DnsPacket
*p
, Bitmap
**types
, size_t *start
) {
1384 const uint8_t *bitmap
;
1388 size_t saved_rindex
;
1394 saved_rindex
= p
->rindex
;
1396 r
= bitmap_ensure_allocated(types
);
1400 r
= dns_packet_read_uint8(p
, &window
, NULL
);
1404 r
= dns_packet_read_uint8(p
, &length
, NULL
);
1408 if (length
== 0 || length
> 32)
1411 r
= dns_packet_read(p
, length
, (const void **)&bitmap
, NULL
);
1415 for (i
= 0; i
< length
; i
++) {
1416 uint8_t bitmask
= 1 << 7;
1427 if (bitmap
[i
] & bitmask
) {
1430 n
= (uint16_t) window
<< 8 | (uint16_t) bit
;
1432 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1433 if (dns_type_is_pseudo(n
))
1436 r
= bitmap_set(*types
, n
);
1450 *start
= saved_rindex
;
1454 dns_packet_rewind(p
, saved_rindex
);
1458 static int dns_packet_read_type_windows(DnsPacket
*p
, Bitmap
**types
, size_t size
, size_t *start
) {
1459 size_t saved_rindex
;
1462 saved_rindex
= p
->rindex
;
1464 while (p
->rindex
< saved_rindex
+ size
) {
1465 r
= dns_packet_read_type_window(p
, types
, NULL
);
1469 /* don't read past end of current RR */
1470 if (p
->rindex
> saved_rindex
+ size
) {
1476 if (p
->rindex
!= saved_rindex
+ size
) {
1482 *start
= saved_rindex
;
1486 dns_packet_rewind(p
, saved_rindex
);
1490 int dns_packet_read_key(DnsPacket
*p
, DnsResourceKey
**ret
, bool *ret_cache_flush
, size_t *start
) {
1491 _cleanup_free_
char *name
= NULL
;
1492 bool cache_flush
= false;
1493 uint16_t class, type
;
1494 DnsResourceKey
*key
;
1495 size_t saved_rindex
;
1501 saved_rindex
= p
->rindex
;
1503 r
= dns_packet_read_name(p
, &name
, true, NULL
);
1507 r
= dns_packet_read_uint16(p
, &type
, NULL
);
1511 r
= dns_packet_read_uint16(p
, &class, NULL
);
1515 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
1516 /* See RFC6762, Section 10.2 */
1518 if (type
!= DNS_TYPE_OPT
&& (class & MDNS_RR_CACHE_FLUSH
)) {
1519 class &= ~MDNS_RR_CACHE_FLUSH
;
1524 key
= dns_resource_key_new_consume(class, type
, name
);
1533 if (ret_cache_flush
)
1534 *ret_cache_flush
= cache_flush
;
1536 *start
= saved_rindex
;
1540 dns_packet_rewind(p
, saved_rindex
);
1544 static bool loc_size_ok(uint8_t size
) {
1545 uint8_t m
= size
>> 4, e
= size
& 0xF;
1547 return m
<= 9 && e
<= 9 && (m
> 0 || e
== 0);
1550 int dns_packet_read_rr(DnsPacket
*p
, DnsResourceRecord
**ret
, bool *ret_cache_flush
, size_t *start
) {
1551 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1552 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1553 size_t saved_rindex
, offset
;
1561 saved_rindex
= p
->rindex
;
1563 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
1567 if (!dns_class_is_valid_rr(key
->class)||
1568 !dns_type_is_valid_rr(key
->type
)) {
1573 rr
= dns_resource_record_new(key
);
1579 r
= dns_packet_read_uint32(p
, &rr
->ttl
, NULL
);
1583 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
1587 if (p
->rindex
+ rdlength
> p
->size
) {
1594 switch (rr
->key
->type
) {
1597 r
= dns_packet_read_uint16(p
, &rr
->srv
.priority
, NULL
);
1600 r
= dns_packet_read_uint16(p
, &rr
->srv
.weight
, NULL
);
1603 r
= dns_packet_read_uint16(p
, &rr
->srv
.port
, NULL
);
1606 r
= dns_packet_read_name(p
, &rr
->srv
.name
, true, NULL
);
1611 case DNS_TYPE_CNAME
:
1612 case DNS_TYPE_DNAME
:
1613 r
= dns_packet_read_name(p
, &rr
->ptr
.name
, true, NULL
);
1616 case DNS_TYPE_HINFO
:
1617 r
= dns_packet_read_string(p
, &rr
->hinfo
.cpu
, NULL
);
1621 r
= dns_packet_read_string(p
, &rr
->hinfo
.os
, NULL
);
1624 case DNS_TYPE_SPF
: /* exactly the same as TXT */
1626 if (rdlength
<= 0) {
1628 /* RFC 6763, section 6.1 suggests to treat
1629 * empty TXT RRs as equivalent to a TXT record
1630 * with a single empty string. */
1632 i
= malloc0(offsetof(DnsTxtItem
, data
) + 1); /* for safety reasons we add an extra NUL byte */
1638 DnsTxtItem
*last
= NULL
;
1640 while (p
->rindex
< offset
+ rdlength
) {
1645 r
= dns_packet_read_raw_string(p
, &data
, &sz
, NULL
);
1649 i
= malloc0(offsetof(DnsTxtItem
, data
) + sz
+ 1); /* extra NUL byte at the end */
1653 memcpy(i
->data
, data
, sz
);
1656 LIST_INSERT_AFTER(items
, rr
->txt
.items
, last
, i
);
1665 r
= dns_packet_read_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
1669 r
= dns_packet_read_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
1673 r
= dns_packet_read_name(p
, &rr
->soa
.mname
, true, NULL
);
1677 r
= dns_packet_read_name(p
, &rr
->soa
.rname
, true, NULL
);
1681 r
= dns_packet_read_uint32(p
, &rr
->soa
.serial
, NULL
);
1685 r
= dns_packet_read_uint32(p
, &rr
->soa
.refresh
, NULL
);
1689 r
= dns_packet_read_uint32(p
, &rr
->soa
.retry
, NULL
);
1693 r
= dns_packet_read_uint32(p
, &rr
->soa
.expire
, NULL
);
1697 r
= dns_packet_read_uint32(p
, &rr
->soa
.minimum
, NULL
);
1701 r
= dns_packet_read_uint16(p
, &rr
->mx
.priority
, NULL
);
1705 r
= dns_packet_read_name(p
, &rr
->mx
.exchange
, true, NULL
);
1708 case DNS_TYPE_LOC
: {
1712 r
= dns_packet_read_uint8(p
, &t
, &pos
);
1717 rr
->loc
.version
= t
;
1719 r
= dns_packet_read_uint8(p
, &rr
->loc
.size
, NULL
);
1723 if (!loc_size_ok(rr
->loc
.size
)) {
1728 r
= dns_packet_read_uint8(p
, &rr
->loc
.horiz_pre
, NULL
);
1732 if (!loc_size_ok(rr
->loc
.horiz_pre
)) {
1737 r
= dns_packet_read_uint8(p
, &rr
->loc
.vert_pre
, NULL
);
1741 if (!loc_size_ok(rr
->loc
.vert_pre
)) {
1746 r
= dns_packet_read_uint32(p
, &rr
->loc
.latitude
, NULL
);
1750 r
= dns_packet_read_uint32(p
, &rr
->loc
.longitude
, NULL
);
1754 r
= dns_packet_read_uint32(p
, &rr
->loc
.altitude
, NULL
);
1760 dns_packet_rewind(p
, pos
);
1761 rr
->unparseable
= true;
1767 r
= dns_packet_read_uint16(p
, &rr
->ds
.key_tag
, NULL
);
1771 r
= dns_packet_read_uint8(p
, &rr
->ds
.algorithm
, NULL
);
1775 r
= dns_packet_read_uint8(p
, &rr
->ds
.digest_type
, NULL
);
1779 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1780 &rr
->ds
.digest
, &rr
->ds
.digest_size
,
1785 if (rr
->ds
.digest_size
<= 0) {
1786 /* the accepted size depends on the algorithm, but for now
1787 just ensure that the value is greater than zero */
1794 case DNS_TYPE_SSHFP
:
1795 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.algorithm
, NULL
);
1799 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.fptype
, NULL
);
1803 r
= dns_packet_read_memdup(p
, rdlength
- 2,
1804 &rr
->sshfp
.fingerprint
, &rr
->sshfp
.fingerprint_size
,
1807 if (rr
->sshfp
.fingerprint_size
<= 0) {
1808 /* the accepted size depends on the algorithm, but for now
1809 just ensure that the value is greater than zero */
1816 case DNS_TYPE_DNSKEY
:
1817 r
= dns_packet_read_uint16(p
, &rr
->dnskey
.flags
, NULL
);
1821 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.protocol
, NULL
);
1825 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.algorithm
, NULL
);
1829 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1830 &rr
->dnskey
.key
, &rr
->dnskey
.key_size
,
1833 if (rr
->dnskey
.key_size
<= 0) {
1834 /* the accepted size depends on the algorithm, but for now
1835 just ensure that the value is greater than zero */
1842 case DNS_TYPE_RRSIG
:
1843 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.type_covered
, NULL
);
1847 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.algorithm
, NULL
);
1851 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.labels
, NULL
);
1855 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.original_ttl
, NULL
);
1859 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.expiration
, NULL
);
1863 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.inception
, NULL
);
1867 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.key_tag
, NULL
);
1871 r
= dns_packet_read_name(p
, &rr
->rrsig
.signer
, false, NULL
);
1875 r
= dns_packet_read_memdup(p
, offset
+ rdlength
- p
->rindex
,
1876 &rr
->rrsig
.signature
, &rr
->rrsig
.signature_size
,
1879 if (rr
->rrsig
.signature_size
<= 0) {
1880 /* the accepted size depends on the algorithm, but for now
1881 just ensure that the value is greater than zero */
1888 case DNS_TYPE_NSEC
: {
1891 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1892 * This contradicts RFC3845, section 2.1.1
1895 bool allow_compressed
= p
->protocol
== DNS_PROTOCOL_MDNS
;
1897 r
= dns_packet_read_name(p
, &rr
->nsec
.next_domain_name
, allow_compressed
, NULL
);
1901 r
= dns_packet_read_type_windows(p
, &rr
->nsec
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1905 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1906 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1907 * without the NSEC bit set. */
1911 case DNS_TYPE_NSEC3
: {
1914 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.algorithm
, NULL
);
1918 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.flags
, NULL
);
1922 r
= dns_packet_read_uint16(p
, &rr
->nsec3
.iterations
, NULL
);
1926 /* this may be zero */
1927 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1931 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.salt
, &rr
->nsec3
.salt_size
, NULL
);
1935 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1944 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.next_hashed_name
, &rr
->nsec3
.next_hashed_name_size
, NULL
);
1948 r
= dns_packet_read_type_windows(p
, &rr
->nsec3
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1952 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1957 case DNS_TYPE_OPT
: /* we only care about the header of OPT for now. */
1960 r
= dns_packet_read_memdup(p
, rdlength
, &rr
->generic
.data
, &rr
->generic
.size
, NULL
);
1967 if (p
->rindex
!= offset
+ rdlength
) {
1975 if (ret_cache_flush
)
1976 *ret_cache_flush
= cache_flush
;
1978 *start
= saved_rindex
;
1982 dns_packet_rewind(p
, saved_rindex
);
1986 int dns_packet_extract(DnsPacket
*p
) {
1987 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
1988 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
1989 size_t saved_rindex
;
1996 saved_rindex
= p
->rindex
;
1997 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
1999 n
= DNS_PACKET_QDCOUNT(p
);
2001 question
= dns_question_new(n
);
2007 for (i
= 0; i
< n
; i
++) {
2008 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
2011 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
2020 if (!dns_type_is_valid_query(key
->type
)) {
2025 r
= dns_question_add(question
, key
);
2031 n
= DNS_PACKET_RRCOUNT(p
);
2033 answer
= dns_answer_new(n
);
2039 for (i
= 0; i
< n
; i
++) {
2040 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
2043 r
= dns_packet_read_rr(p
, &rr
, &cache_flush
, NULL
);
2047 if (rr
->key
->type
== DNS_TYPE_OPT
) {
2049 if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr
->key
))) {
2054 /* The OPT RR is only valid in the Additional section */
2055 if (i
< DNS_PACKET_ANCOUNT(p
) + DNS_PACKET_NSCOUNT(p
)) {
2066 p
->opt
= dns_resource_record_ref(rr
);
2069 /* According to RFC 4795, section
2070 * 2.9. only the RRs from the Answer
2071 * section shall be cached. Hence mark
2072 * only those RRs as cacheable by
2073 * default, but not the ones from the
2074 * Additional or Authority
2077 r
= dns_answer_add(answer
, rr
, p
->ifindex
,
2078 (i
< DNS_PACKET_ANCOUNT(p
) ? DNS_ANSWER_CACHEABLE
: 0) |
2079 (p
->protocol
== DNS_PROTOCOL_MDNS
&& !cache_flush
? DNS_ANSWER_SHARED_OWNER
: 0));
2086 p
->question
= question
;
2092 p
->extracted
= true;
2097 p
->rindex
= saved_rindex
;
2101 int dns_packet_is_reply_for(DnsPacket
*p
, const DnsResourceKey
*key
) {
2107 /* Checks if the specified packet is a reply for the specified
2108 * key and the specified key is the only one in the question
2111 if (DNS_PACKET_QR(p
) != 1)
2114 /* Let's unpack the packet, if that hasn't happened yet. */
2115 r
= dns_packet_extract(p
);
2119 if (p
->question
->n_keys
!= 1)
2122 return dns_resource_key_equal(p
->question
->keys
[0], key
);
2125 static const char* const dns_rcode_table
[_DNS_RCODE_MAX_DEFINED
] = {
2126 [DNS_RCODE_SUCCESS
] = "SUCCESS",
2127 [DNS_RCODE_FORMERR
] = "FORMERR",
2128 [DNS_RCODE_SERVFAIL
] = "SERVFAIL",
2129 [DNS_RCODE_NXDOMAIN
] = "NXDOMAIN",
2130 [DNS_RCODE_NOTIMP
] = "NOTIMP",
2131 [DNS_RCODE_REFUSED
] = "REFUSED",
2132 [DNS_RCODE_YXDOMAIN
] = "YXDOMAIN",
2133 [DNS_RCODE_YXRRSET
] = "YRRSET",
2134 [DNS_RCODE_NXRRSET
] = "NXRRSET",
2135 [DNS_RCODE_NOTAUTH
] = "NOTAUTH",
2136 [DNS_RCODE_NOTZONE
] = "NOTZONE",
2137 [DNS_RCODE_BADVERS
] = "BADVERS",
2138 [DNS_RCODE_BADKEY
] = "BADKEY",
2139 [DNS_RCODE_BADTIME
] = "BADTIME",
2140 [DNS_RCODE_BADMODE
] = "BADMODE",
2141 [DNS_RCODE_BADNAME
] = "BADNAME",
2142 [DNS_RCODE_BADALG
] = "BADALG",
2143 [DNS_RCODE_BADTRUNC
] = "BADTRUNC",
2145 DEFINE_STRING_TABLE_LOOKUP(dns_rcode
, int);
2147 static const char* const dns_protocol_table
[_DNS_PROTOCOL_MAX
] = {
2148 [DNS_PROTOCOL_DNS
] = "dns",
2149 [DNS_PROTOCOL_MDNS
] = "mdns",
2150 [DNS_PROTOCOL_LLMNR
] = "llmnr",
2152 DEFINE_STRING_TABLE_LOOKUP(dns_protocol
, DnsProtocol
);