]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
af49ca27 LP |
2 | #pragma once |
3 | ||
4 | /*** | |
5 | This file is part of systemd. | |
6 | ||
7 | Copyright 2016 Lennart Poettering | |
af49ca27 LP |
8 | ***/ |
9 | ||
a2106925 | 10 | #include "conf-parser.h" |
af49ca27 LP |
11 | #include "macro.h" |
12 | ||
13 | typedef enum ResolveSupport ResolveSupport; | |
ad6c0475 | 14 | typedef enum DnssecMode DnssecMode; |
c9299be2 | 15 | typedef enum DnsOverTlsMode DnsOverTlsMode; |
af49ca27 LP |
16 | |
17 | enum ResolveSupport { | |
18 | RESOLVE_SUPPORT_NO, | |
19 | RESOLVE_SUPPORT_YES, | |
20 | RESOLVE_SUPPORT_RESOLVE, | |
21 | _RESOLVE_SUPPORT_MAX, | |
22 | _RESOLVE_SUPPORT_INVALID = -1 | |
23 | }; | |
24 | ||
ad6c0475 LP |
25 | enum DnssecMode { |
26 | /* No DNSSEC validation is done */ | |
27 | DNSSEC_NO, | |
28 | ||
29 | /* Validate locally, if the server knows DO, but if not, | |
30 | * don't. Don't trust the AD bit. If the server doesn't do | |
31 | * DNSSEC properly, downgrade to non-DNSSEC operation. Of | |
32 | * course, we then are vulnerable to a downgrade attack, but | |
33 | * that's life and what is configured. */ | |
34 | DNSSEC_ALLOW_DOWNGRADE, | |
35 | ||
36 | /* Insist on DNSSEC server support, and rather fail than downgrading. */ | |
37 | DNSSEC_YES, | |
38 | ||
39 | _DNSSEC_MODE_MAX, | |
40 | _DNSSEC_MODE_INVALID = -1 | |
41 | }; | |
42 | ||
c9299be2 | 43 | enum DnsOverTlsMode { |
5d67a7ae | 44 | /* No connection is made for DNS-over-TLS */ |
c9299be2 | 45 | DNS_OVER_TLS_NO, |
5d67a7ae IT |
46 | |
47 | /* Try to connect using DNS-over-TLS, but if connection fails, | |
48 | * fallback to using an unencrypted connection */ | |
c9299be2 | 49 | DNS_OVER_TLS_OPPORTUNISTIC, |
5d67a7ae | 50 | |
c9299be2 IT |
51 | _DNS_OVER_TLS_MODE_MAX, |
52 | _DNS_OVER_TLS_MODE_INVALID = -1 | |
5d67a7ae IT |
53 | }; |
54 | ||
a2106925 LP |
55 | CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support); |
56 | CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode); | |
c9299be2 | 57 | CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode); |
af49ca27 LP |
58 | |
59 | const char* resolve_support_to_string(ResolveSupport p) _const_; | |
60 | ResolveSupport resolve_support_from_string(const char *s) _pure_; | |
ad6c0475 LP |
61 | |
62 | const char* dnssec_mode_to_string(DnssecMode p) _const_; | |
63 | DnssecMode dnssec_mode_from_string(const char *s) _pure_; | |
5d67a7ae | 64 | |
c9299be2 IT |
65 | const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_; |
66 | DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_; |