[thirdparty/systemd.git] / src / shared / resolve-util.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

/***
  This file is part of systemd.

  Copyright 2016 Lennart Poettering
***/

#include "conf-parser.h"
#include "macro.h"

typedef enum ResolveSupport ResolveSupport;
typedef enum DnssecMode DnssecMode;
typedef enum DnsOverTlsMode DnsOverTlsMode;

enum ResolveSupport {
        RESOLVE_SUPPORT_NO,
        RESOLVE_SUPPORT_YES,
        RESOLVE_SUPPORT_RESOLVE,
        _RESOLVE_SUPPORT_MAX,
        _RESOLVE_SUPPORT_INVALID = -1
};

enum DnssecMode {
        /* No DNSSEC validation is done */
        DNSSEC_NO,

        /* Validate locally, if the server knows DO, but if not,
         * don't. Don't trust the AD bit. If the server doesn't do
         * DNSSEC properly, downgrade to non-DNSSEC operation. Of
         * course, we then are vulnerable to a downgrade attack, but
         * that's life and what is configured. */
        DNSSEC_ALLOW_DOWNGRADE,

        /* Insist on DNSSEC server support, and rather fail than downgrading. */
        DNSSEC_YES,

        _DNSSEC_MODE_MAX,
        _DNSSEC_MODE_INVALID = -1
};

enum DnsOverTlsMode {
        /* No connection is made for DNS-over-TLS */
        DNS_OVER_TLS_NO,

        /* Try to connect using DNS-over-TLS, but if connection fails,
         * fallback to using an unencrypted connection */
        DNS_OVER_TLS_OPPORTUNISTIC,

        _DNS_OVER_TLS_MODE_MAX,
        _DNS_OVER_TLS_MODE_INVALID = -1
};

CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);

const char* resolve_support_to_string(ResolveSupport p) _const_;
ResolveSupport resolve_support_from_string(const char *s) _pure_;

const char* dnssec_mode_to_string(DnssecMode p) _const_;
DnssecMode dnssec_mode_from_string(const char *s) _pure_;

const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;
DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
af49ca27 LP	2	#pragma once
	3
	4	/***
	5	This file is part of systemd.
	6
	7	Copyright 2016 Lennart Poettering
af49ca27 LP	8	***/
af49ca27 LP	9
a2106925	10	#include "conf-parser.h"
af49ca27 LP	11	#include "macro.h"
	12
	13	typedef enum ResolveSupport ResolveSupport;
ad6c0475	14	typedef enum DnssecMode DnssecMode;
c9299be2	15	typedef enum DnsOverTlsMode DnsOverTlsMode;
af49ca27 LP	16
	17	enum ResolveSupport {
	18	RESOLVE_SUPPORT_NO,
	19	RESOLVE_SUPPORT_YES,
	20	RESOLVE_SUPPORT_RESOLVE,
	21	_RESOLVE_SUPPORT_MAX,
	22	_RESOLVE_SUPPORT_INVALID = -1
	23	};
	24
ad6c0475 LP	25	enum DnssecMode {
	26	/* No DNSSEC validation is done */
	27	DNSSEC_NO,
	28
	29	/* Validate locally, if the server knows DO, but if not,
	30	* don't. Don't trust the AD bit. If the server doesn't do
	31	* DNSSEC properly, downgrade to non-DNSSEC operation. Of
	32	* course, we then are vulnerable to a downgrade attack, but
	33	* that's life and what is configured. */
	34	DNSSEC_ALLOW_DOWNGRADE,
	35
	36	/* Insist on DNSSEC server support, and rather fail than downgrading. */
	37	DNSSEC_YES,
	38
	39	_DNSSEC_MODE_MAX,
	40	_DNSSEC_MODE_INVALID = -1
	41	};
	42
c9299be2	43	enum DnsOverTlsMode {
5d67a7ae	44	/* No connection is made for DNS-over-TLS */
c9299be2	45	DNS_OVER_TLS_NO,
5d67a7ae IT	46
	47	/* Try to connect using DNS-over-TLS, but if connection fails,
	48	* fallback to using an unencrypted connection */
c9299be2	49	DNS_OVER_TLS_OPPORTUNISTIC,
5d67a7ae	50
c9299be2 IT	51	_DNS_OVER_TLS_MODE_MAX,
c9299be2 IT	52	_DNS_OVER_TLS_MODE_INVALID = -1
5d67a7ae IT	53	};
5d67a7ae IT	54
a2106925 LP	55	CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
a2106925 LP	56	CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
c9299be2	57	CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);
af49ca27 LP	58
	59	const char* resolve_support_to_string(ResolveSupport p) _const_;
	60	ResolveSupport resolve_support_from_string(const char *s) _pure_;
ad6c0475 LP	61
	62	const char* dnssec_mode_to_string(DnssecMode p) _const_;
	63	DnssecMode dnssec_mode_from_string(const char *s) _pure_;
5d67a7ae	64
c9299be2 IT	65	const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;
c9299be2 IT	66	DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;