1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
27 #include "unaligned.h"
31 #define EDNS0_OPT_DO (1<<15)
33 int dns_packet_new(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
) {
39 if (mtu
<= UDP_PACKET_HEADER_SIZE
)
40 a
= DNS_PACKET_SIZE_START
;
42 a
= mtu
- UDP_PACKET_HEADER_SIZE
;
44 if (a
< DNS_PACKET_HEADER_SIZE
)
45 a
= DNS_PACKET_HEADER_SIZE
;
47 /* round up to next page size */
48 a
= PAGE_ALIGN(ALIGN(sizeof(DnsPacket
)) + a
) - ALIGN(sizeof(DnsPacket
));
50 /* make sure we never allocate more than useful */
51 if (a
> DNS_PACKET_SIZE_MAX
)
52 a
= DNS_PACKET_SIZE_MAX
;
54 p
= malloc0(ALIGN(sizeof(DnsPacket
)) + a
);
58 p
->size
= p
->rindex
= DNS_PACKET_HEADER_SIZE
;
60 p
->protocol
= protocol
;
68 void dns_packet_set_flags(DnsPacket
*p
, bool dnssec_checking_disabled
, bool truncated
) {
74 h
= DNS_PACKET_HEADER(p
);
77 case DNS_PROTOCOL_LLMNR
:
80 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
91 case DNS_PROTOCOL_MDNS
:
92 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
96 0 /* rd (ask for recursion) */,
106 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
110 1 /* rd (ask for recursion) */,
113 dnssec_checking_disabled
/* cd */,
118 int dns_packet_new_query(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
, bool dnssec_checking_disabled
) {
124 r
= dns_packet_new(&p
, protocol
, mtu
);
128 /* Always set the TC bit to 0 initially.
129 * If there are multiple packets later, we'll update the bit shortly before sending.
131 dns_packet_set_flags(p
, dnssec_checking_disabled
, false);
137 DnsPacket
*dns_packet_ref(DnsPacket
*p
) {
142 assert(!p
->on_stack
);
144 assert(p
->n_ref
> 0);
149 static void dns_packet_free(DnsPacket
*p
) {
154 dns_question_unref(p
->question
);
155 dns_answer_unref(p
->answer
);
156 dns_resource_record_unref(p
->opt
);
158 while ((s
= hashmap_steal_first_key(p
->names
)))
160 hashmap_free(p
->names
);
168 DnsPacket
*dns_packet_unref(DnsPacket
*p
) {
172 assert(p
->n_ref
> 0);
174 dns_packet_unref(p
->more
);
184 int dns_packet_validate(DnsPacket
*p
) {
187 if (p
->size
< DNS_PACKET_HEADER_SIZE
)
190 if (p
->size
> DNS_PACKET_SIZE_MAX
)
196 int dns_packet_validate_reply(DnsPacket
*p
) {
201 r
= dns_packet_validate(p
);
205 if (DNS_PACKET_QR(p
) != 1)
208 if (DNS_PACKET_OPCODE(p
) != 0)
211 switch (p
->protocol
) {
213 case DNS_PROTOCOL_LLMNR
:
214 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
215 if (DNS_PACKET_QDCOUNT(p
) != 1)
220 case DNS_PROTOCOL_MDNS
:
221 /* RFC 6762, Section 18 */
222 if (DNS_PACKET_RCODE(p
) != 0)
234 int dns_packet_validate_query(DnsPacket
*p
) {
239 r
= dns_packet_validate(p
);
243 if (DNS_PACKET_QR(p
) != 0)
246 if (DNS_PACKET_OPCODE(p
) != 0)
249 if (DNS_PACKET_TC(p
))
252 switch (p
->protocol
) {
254 case DNS_PROTOCOL_LLMNR
:
255 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
256 if (DNS_PACKET_QDCOUNT(p
) != 1)
259 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
260 if (DNS_PACKET_ANCOUNT(p
) > 0)
263 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
264 if (DNS_PACKET_NSCOUNT(p
) > 0)
269 case DNS_PROTOCOL_MDNS
:
270 /* RFC 6762, Section 18 */
271 if (DNS_PACKET_AA(p
) != 0 ||
272 DNS_PACKET_RD(p
) != 0 ||
273 DNS_PACKET_RA(p
) != 0 ||
274 DNS_PACKET_AD(p
) != 0 ||
275 DNS_PACKET_CD(p
) != 0 ||
276 DNS_PACKET_RCODE(p
) != 0)
288 static int dns_packet_extend(DnsPacket
*p
, size_t add
, void **ret
, size_t *start
) {
291 if (p
->size
+ add
> p
->allocated
) {
294 a
= PAGE_ALIGN((p
->size
+ add
) * 2);
295 if (a
> DNS_PACKET_SIZE_MAX
)
296 a
= DNS_PACKET_SIZE_MAX
;
298 if (p
->size
+ add
> a
)
304 d
= realloc(p
->_data
, a
);
310 p
->_data
= malloc(a
);
314 memcpy(p
->_data
, (uint8_t*) p
+ ALIGN(sizeof(DnsPacket
)), p
->size
);
315 memzero((uint8_t*) p
->_data
+ p
->size
, a
- p
->size
);
325 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->size
;
331 void dns_packet_truncate(DnsPacket
*p
, size_t sz
) {
341 HASHMAP_FOREACH_KEY(n
, s
, p
->names
, i
) {
343 if (PTR_TO_SIZE(n
) < sz
)
346 hashmap_remove(p
->names
, s
);
353 int dns_packet_append_blob(DnsPacket
*p
, const void *d
, size_t l
, size_t *start
) {
359 r
= dns_packet_extend(p
, l
, &q
, start
);
367 int dns_packet_append_uint8(DnsPacket
*p
, uint8_t v
, size_t *start
) {
373 r
= dns_packet_extend(p
, sizeof(uint8_t), &d
, start
);
377 ((uint8_t*) d
)[0] = v
;
382 int dns_packet_append_uint16(DnsPacket
*p
, uint16_t v
, size_t *start
) {
388 r
= dns_packet_extend(p
, sizeof(uint16_t), &d
, start
);
392 unaligned_write_be16(d
, v
);
397 int dns_packet_append_uint32(DnsPacket
*p
, uint32_t v
, size_t *start
) {
403 r
= dns_packet_extend(p
, sizeof(uint32_t), &d
, start
);
407 unaligned_write_be32(d
, v
);
412 int dns_packet_append_string(DnsPacket
*p
, const char *s
, size_t *start
) {
416 return dns_packet_append_raw_string(p
, s
, strlen(s
), start
);
419 int dns_packet_append_raw_string(DnsPacket
*p
, const void *s
, size_t size
, size_t *start
) {
424 assert(s
|| size
== 0);
429 r
= dns_packet_extend(p
, 1 + size
, &d
, start
);
433 ((uint8_t*) d
)[0] = (uint8_t) size
;
436 memcpy(((uint8_t*) d
) + 1, s
, size
);
441 int dns_packet_append_label(DnsPacket
*p
, const char *d
, size_t l
, bool canonical_candidate
, size_t *start
) {
445 /* Append a label to a packet. Optionally, does this in DNSSEC
446 * canonical form, if this label is marked as a candidate for
447 * it, and the canonical form logic is enabled for the
453 if (l
> DNS_LABEL_MAX
)
456 r
= dns_packet_extend(p
, 1 + l
, (void**) &w
, start
);
460 *(w
++) = (uint8_t) l
;
462 if (p
->canonical_form
&& canonical_candidate
) {
465 /* Generate in canonical form, as defined by DNSSEC
466 * RFC 4034, Section 6.2, i.e. all lower-case. */
468 for (i
= 0; i
< l
; i
++) {
469 if (d
[i
] >= 'A' && d
[i
] <= 'Z')
470 w
[i
] = (uint8_t) (d
[i
] - 'A' + 'a');
472 w
[i
] = (uint8_t) d
[i
];
475 /* Otherwise, just copy the string unaltered. This is
476 * essential for DNS-SD, where the casing of labels
477 * matters and needs to be retained. */
483 int dns_packet_append_name(
486 bool allow_compression
,
487 bool canonical_candidate
,
496 if (p
->refuse_compression
)
497 allow_compression
= false;
499 saved_size
= p
->size
;
502 _cleanup_free_
char *s
= NULL
;
503 char label
[DNS_LABEL_MAX
];
507 if (allow_compression
)
508 n
= PTR_TO_SIZE(hashmap_get(p
->names
, name
));
513 r
= dns_packet_append_uint16(p
, 0xC000 | n
, NULL
);
527 r
= dns_label_unescape(&name
, label
, sizeof(label
));
531 if (p
->protocol
== DNS_PROTOCOL_DNS
)
532 k
= dns_label_apply_idna(label
, r
, label
, sizeof(label
));
534 k
= dns_label_undo_idna(label
, r
, label
, sizeof(label
));
542 r
= dns_packet_append_label(p
, label
, r
, canonical_candidate
, &n
);
546 if (allow_compression
) {
547 r
= hashmap_ensure_allocated(&p
->names
, &dns_name_hash_ops
);
551 r
= hashmap_put(p
->names
, s
, SIZE_TO_PTR(n
));
559 r
= dns_packet_append_uint8(p
, 0, NULL
);
570 dns_packet_truncate(p
, saved_size
);
574 int dns_packet_append_key(DnsPacket
*p
, const DnsResourceKey
*k
, size_t *start
) {
581 saved_size
= p
->size
;
583 r
= dns_packet_append_name(p
, DNS_RESOURCE_KEY_NAME(k
), true, true, NULL
);
587 r
= dns_packet_append_uint16(p
, k
->type
, NULL
);
591 r
= dns_packet_append_uint16(p
, k
->class, NULL
);
601 dns_packet_truncate(p
, saved_size
);
605 static int dns_packet_append_type_window(DnsPacket
*p
, uint8_t window
, uint8_t length
, const uint8_t *types
, size_t *start
) {
613 saved_size
= p
->size
;
615 r
= dns_packet_append_uint8(p
, window
, NULL
);
619 r
= dns_packet_append_uint8(p
, length
, NULL
);
623 r
= dns_packet_append_blob(p
, types
, length
, NULL
);
632 dns_packet_truncate(p
, saved_size
);
636 static int dns_packet_append_types(DnsPacket
*p
, Bitmap
*types
, size_t *start
) {
640 uint8_t bitmaps
[32] = {};
648 saved_size
= p
->size
;
650 BITMAP_FOREACH(n
, types
, i
) {
653 if ((n
>> 8) != window
&& bitmaps
[entry
/ 8] != 0) {
654 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
664 bitmaps
[entry
/ 8] |= 1 << (7 - (entry
% 8));
667 if (bitmaps
[entry
/ 8] != 0) {
668 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
678 dns_packet_truncate(p
, saved_size
);
682 /* Append the OPT pseudo-RR described in RFC6891 */
683 int dns_packet_append_opt_rr(DnsPacket
*p
, uint16_t max_udp_size
, bool edns0_do
, size_t *start
) {
688 /* we must never advertise supported packet size smaller than the legacy max */
689 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
691 saved_size
= p
->size
;
694 r
= dns_packet_append_uint8(p
, 0, NULL
);
699 r
= dns_packet_append_uint16(p
, DNS_TYPE_OPT
, NULL
);
703 /* maximum udp packet that can be received */
704 r
= dns_packet_append_uint16(p
, max_udp_size
, NULL
);
708 /* extended RCODE and VERSION */
709 r
= dns_packet_append_uint16(p
, 0, NULL
);
713 /* flags: DNSSEC OK (DO), see RFC3225 */
714 r
= dns_packet_append_uint16(p
, edns0_do
? EDNS0_OPT_DO
: 0, NULL
);
719 r
= dns_packet_append_uint16(p
, 0, NULL
);
729 dns_packet_truncate(p
, saved_size
);
733 int dns_packet_append_rr(DnsPacket
*p
, const DnsResourceRecord
*rr
, size_t *start
, size_t *rdata_start
) {
734 size_t saved_size
, rdlength_offset
, end
, rdlength
, rds
;
740 saved_size
= p
->size
;
742 r
= dns_packet_append_key(p
, rr
->key
, NULL
);
746 r
= dns_packet_append_uint32(p
, rr
->ttl
, NULL
);
750 /* Initially we write 0 here */
751 r
= dns_packet_append_uint16(p
, 0, &rdlength_offset
);
755 rds
= p
->size
- saved_size
;
757 switch (rr
->unparseable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
760 r
= dns_packet_append_uint16(p
, rr
->srv
.priority
, NULL
);
764 r
= dns_packet_append_uint16(p
, rr
->srv
.weight
, NULL
);
768 r
= dns_packet_append_uint16(p
, rr
->srv
.port
, NULL
);
772 r
= dns_packet_append_name(p
, rr
->srv
.name
, true, false, NULL
);
779 r
= dns_packet_append_name(p
, rr
->ptr
.name
, true, false, NULL
);
783 r
= dns_packet_append_string(p
, rr
->hinfo
.cpu
, NULL
);
787 r
= dns_packet_append_string(p
, rr
->hinfo
.os
, NULL
);
790 case DNS_TYPE_SPF
: /* exactly the same as TXT */
793 if (!rr
->txt
.items
) {
794 /* RFC 6763, section 6.1 suggests to generate
795 * single empty string for an empty array. */
797 r
= dns_packet_append_raw_string(p
, NULL
, 0, NULL
);
803 LIST_FOREACH(items
, i
, rr
->txt
.items
) {
804 r
= dns_packet_append_raw_string(p
, i
->data
, i
->length
, NULL
);
814 r
= dns_packet_append_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
818 r
= dns_packet_append_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
822 r
= dns_packet_append_name(p
, rr
->soa
.mname
, true, false, NULL
);
826 r
= dns_packet_append_name(p
, rr
->soa
.rname
, true, false, NULL
);
830 r
= dns_packet_append_uint32(p
, rr
->soa
.serial
, NULL
);
834 r
= dns_packet_append_uint32(p
, rr
->soa
.refresh
, NULL
);
838 r
= dns_packet_append_uint32(p
, rr
->soa
.retry
, NULL
);
842 r
= dns_packet_append_uint32(p
, rr
->soa
.expire
, NULL
);
846 r
= dns_packet_append_uint32(p
, rr
->soa
.minimum
, NULL
);
850 r
= dns_packet_append_uint16(p
, rr
->mx
.priority
, NULL
);
854 r
= dns_packet_append_name(p
, rr
->mx
.exchange
, true, false, NULL
);
858 r
= dns_packet_append_uint8(p
, rr
->loc
.version
, NULL
);
862 r
= dns_packet_append_uint8(p
, rr
->loc
.size
, NULL
);
866 r
= dns_packet_append_uint8(p
, rr
->loc
.horiz_pre
, NULL
);
870 r
= dns_packet_append_uint8(p
, rr
->loc
.vert_pre
, NULL
);
874 r
= dns_packet_append_uint32(p
, rr
->loc
.latitude
, NULL
);
878 r
= dns_packet_append_uint32(p
, rr
->loc
.longitude
, NULL
);
882 r
= dns_packet_append_uint32(p
, rr
->loc
.altitude
, NULL
);
886 r
= dns_packet_append_uint16(p
, rr
->ds
.key_tag
, NULL
);
890 r
= dns_packet_append_uint8(p
, rr
->ds
.algorithm
, NULL
);
894 r
= dns_packet_append_uint8(p
, rr
->ds
.digest_type
, NULL
);
898 r
= dns_packet_append_blob(p
, rr
->ds
.digest
, rr
->ds
.digest_size
, NULL
);
902 r
= dns_packet_append_uint8(p
, rr
->sshfp
.algorithm
, NULL
);
906 r
= dns_packet_append_uint8(p
, rr
->sshfp
.fptype
, NULL
);
910 r
= dns_packet_append_blob(p
, rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, NULL
);
913 case DNS_TYPE_DNSKEY
:
914 r
= dns_packet_append_uint16(p
, rr
->dnskey
.flags
, NULL
);
918 r
= dns_packet_append_uint8(p
, rr
->dnskey
.protocol
, NULL
);
922 r
= dns_packet_append_uint8(p
, rr
->dnskey
.algorithm
, NULL
);
926 r
= dns_packet_append_blob(p
, rr
->dnskey
.key
, rr
->dnskey
.key_size
, NULL
);
930 r
= dns_packet_append_uint16(p
, rr
->rrsig
.type_covered
, NULL
);
934 r
= dns_packet_append_uint8(p
, rr
->rrsig
.algorithm
, NULL
);
938 r
= dns_packet_append_uint8(p
, rr
->rrsig
.labels
, NULL
);
942 r
= dns_packet_append_uint32(p
, rr
->rrsig
.original_ttl
, NULL
);
946 r
= dns_packet_append_uint32(p
, rr
->rrsig
.expiration
, NULL
);
950 r
= dns_packet_append_uint32(p
, rr
->rrsig
.inception
, NULL
);
954 r
= dns_packet_append_uint16(p
, rr
->rrsig
.key_tag
, NULL
);
958 r
= dns_packet_append_name(p
, rr
->rrsig
.signer
, false, true, NULL
);
962 r
= dns_packet_append_blob(p
, rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, NULL
);
966 r
= dns_packet_append_name(p
, rr
->nsec
.next_domain_name
, false, false, NULL
);
970 r
= dns_packet_append_types(p
, rr
->nsec
.types
, NULL
);
977 r
= dns_packet_append_uint8(p
, rr
->nsec3
.algorithm
, NULL
);
981 r
= dns_packet_append_uint8(p
, rr
->nsec3
.flags
, NULL
);
985 r
= dns_packet_append_uint16(p
, rr
->nsec3
.iterations
, NULL
);
989 r
= dns_packet_append_uint8(p
, rr
->nsec3
.salt_size
, NULL
);
993 r
= dns_packet_append_blob(p
, rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, NULL
);
997 r
= dns_packet_append_uint8(p
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1001 r
= dns_packet_append_blob(p
, rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1005 r
= dns_packet_append_types(p
, rr
->nsec3
.types
, NULL
);
1012 case _DNS_TYPE_INVALID
: /* unparseable */
1015 r
= dns_packet_append_blob(p
, rr
->generic
.data
, rr
->generic
.size
, NULL
);
1021 /* Let's calculate the actual data size and update the field */
1022 rdlength
= p
->size
- rdlength_offset
- sizeof(uint16_t);
1023 if (rdlength
> 0xFFFF) {
1029 p
->size
= rdlength_offset
;
1030 r
= dns_packet_append_uint16(p
, rdlength
, NULL
);
1036 *start
= saved_size
;
1044 dns_packet_truncate(p
, saved_size
);
1049 int dns_packet_read(DnsPacket
*p
, size_t sz
, const void **ret
, size_t *start
) {
1052 if (p
->rindex
+ sz
> p
->size
)
1056 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->rindex
;
1065 void dns_packet_rewind(DnsPacket
*p
, size_t idx
) {
1067 assert(idx
<= p
->size
);
1068 assert(idx
>= DNS_PACKET_HEADER_SIZE
);
1073 int dns_packet_read_blob(DnsPacket
*p
, void *d
, size_t sz
, size_t *start
) {
1080 r
= dns_packet_read(p
, sz
, &q
, start
);
1088 static int dns_packet_read_memdup(
1089 DnsPacket
*p
, size_t size
,
1090 void **ret
, size_t *ret_size
,
1091 size_t *ret_start
) {
1100 r
= dns_packet_read(p
, size
, &src
, &start
);
1109 copy
= memdup(src
, size
);
1124 int dns_packet_read_uint8(DnsPacket
*p
, uint8_t *ret
, size_t *start
) {
1130 r
= dns_packet_read(p
, sizeof(uint8_t), &d
, start
);
1134 *ret
= ((uint8_t*) d
)[0];
1138 int dns_packet_read_uint16(DnsPacket
*p
, uint16_t *ret
, size_t *start
) {
1144 r
= dns_packet_read(p
, sizeof(uint16_t), &d
, start
);
1148 *ret
= unaligned_read_be16(d
);
1153 int dns_packet_read_uint32(DnsPacket
*p
, uint32_t *ret
, size_t *start
) {
1159 r
= dns_packet_read(p
, sizeof(uint32_t), &d
, start
);
1163 *ret
= unaligned_read_be32(d
);
1168 int dns_packet_read_string(DnsPacket
*p
, char **ret
, size_t *start
) {
1169 size_t saved_rindex
;
1177 saved_rindex
= p
->rindex
;
1179 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1183 r
= dns_packet_read(p
, c
, &d
, NULL
);
1187 if (memchr(d
, 0, c
)) {
1198 if (!utf8_is_valid(t
)) {
1207 *start
= saved_rindex
;
1212 dns_packet_rewind(p
, saved_rindex
);
1216 int dns_packet_read_raw_string(DnsPacket
*p
, const void **ret
, size_t *size
, size_t *start
) {
1217 size_t saved_rindex
;
1223 saved_rindex
= p
->rindex
;
1225 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1229 r
= dns_packet_read(p
, c
, ret
, NULL
);
1236 *start
= saved_rindex
;
1241 dns_packet_rewind(p
, saved_rindex
);
1245 int dns_packet_read_name(
1248 bool allow_compression
,
1251 size_t saved_rindex
, after_rindex
= 0, jump_barrier
;
1252 _cleanup_free_
char *ret
= NULL
;
1253 size_t n
= 0, allocated
= 0;
1260 if (p
->refuse_compression
)
1261 allow_compression
= false;
1263 saved_rindex
= p
->rindex
;
1264 jump_barrier
= p
->rindex
;
1269 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1280 r
= dns_packet_read(p
, c
, (const void**) &label
, NULL
);
1284 if (!GREEDY_REALLOC(ret
, allocated
, n
+ !first
+ DNS_LABEL_ESCAPED_MAX
)) {
1294 r
= dns_label_escape(label
, c
, ret
+ n
, DNS_LABEL_ESCAPED_MAX
);
1300 } else if (allow_compression
&& (c
& 0xc0) == 0xc0) {
1304 r
= dns_packet_read_uint8(p
, &d
, NULL
);
1308 ptr
= (uint16_t) (c
& ~0xc0) << 8 | (uint16_t) d
;
1309 if (ptr
< DNS_PACKET_HEADER_SIZE
|| ptr
>= jump_barrier
) {
1314 if (after_rindex
== 0)
1315 after_rindex
= p
->rindex
;
1317 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1326 if (!GREEDY_REALLOC(ret
, allocated
, n
+ 1)) {
1333 if (after_rindex
!= 0)
1334 p
->rindex
= after_rindex
;
1340 *start
= saved_rindex
;
1345 dns_packet_rewind(p
, saved_rindex
);
1349 static int dns_packet_read_type_window(DnsPacket
*p
, Bitmap
**types
, size_t *start
) {
1352 const uint8_t *bitmap
;
1356 size_t saved_rindex
;
1362 saved_rindex
= p
->rindex
;
1364 r
= bitmap_ensure_allocated(types
);
1368 r
= dns_packet_read_uint8(p
, &window
, NULL
);
1372 r
= dns_packet_read_uint8(p
, &length
, NULL
);
1376 if (length
== 0 || length
> 32)
1379 r
= dns_packet_read(p
, length
, (const void **)&bitmap
, NULL
);
1383 for (i
= 0; i
< length
; i
++) {
1384 uint8_t bitmask
= 1 << 7;
1395 if (bitmap
[i
] & bitmask
) {
1398 n
= (uint16_t) window
<< 8 | (uint16_t) bit
;
1400 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1401 if (dns_type_is_pseudo(n
))
1404 r
= bitmap_set(*types
, n
);
1418 *start
= saved_rindex
;
1422 dns_packet_rewind(p
, saved_rindex
);
1426 static int dns_packet_read_type_windows(DnsPacket
*p
, Bitmap
**types
, size_t size
, size_t *start
) {
1427 size_t saved_rindex
;
1430 saved_rindex
= p
->rindex
;
1432 while (p
->rindex
< saved_rindex
+ size
) {
1433 r
= dns_packet_read_type_window(p
, types
, NULL
);
1437 /* don't read past end of current RR */
1438 if (p
->rindex
> saved_rindex
+ size
) {
1444 if (p
->rindex
!= saved_rindex
+ size
) {
1450 *start
= saved_rindex
;
1454 dns_packet_rewind(p
, saved_rindex
);
1458 int dns_packet_read_key(DnsPacket
*p
, DnsResourceKey
**ret
, bool *ret_cache_flush
, size_t *start
) {
1459 _cleanup_free_
char *name
= NULL
;
1460 bool cache_flush
= false;
1461 uint16_t class, type
;
1462 DnsResourceKey
*key
;
1463 size_t saved_rindex
;
1469 saved_rindex
= p
->rindex
;
1471 r
= dns_packet_read_name(p
, &name
, true, NULL
);
1475 r
= dns_packet_read_uint16(p
, &type
, NULL
);
1479 r
= dns_packet_read_uint16(p
, &class, NULL
);
1483 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
1484 /* See RFC6762, Section 10.2 */
1486 if (type
!= DNS_TYPE_OPT
&& (class & MDNS_RR_CACHE_FLUSH
)) {
1487 class &= ~MDNS_RR_CACHE_FLUSH
;
1492 key
= dns_resource_key_new_consume(class, type
, name
);
1501 if (ret_cache_flush
)
1502 *ret_cache_flush
= cache_flush
;
1504 *start
= saved_rindex
;
1508 dns_packet_rewind(p
, saved_rindex
);
1512 static bool loc_size_ok(uint8_t size
) {
1513 uint8_t m
= size
>> 4, e
= size
& 0xF;
1515 return m
<= 9 && e
<= 9 && (m
> 0 || e
== 0);
1518 int dns_packet_read_rr(DnsPacket
*p
, DnsResourceRecord
**ret
, bool *ret_cache_flush
, size_t *start
) {
1519 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1520 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1521 size_t saved_rindex
, offset
;
1529 saved_rindex
= p
->rindex
;
1531 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
1535 if (!dns_class_is_valid_rr(key
->class)||
1536 !dns_type_is_valid_rr(key
->type
)) {
1541 rr
= dns_resource_record_new(key
);
1547 r
= dns_packet_read_uint32(p
, &rr
->ttl
, NULL
);
1551 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
1555 if (p
->rindex
+ rdlength
> p
->size
) {
1562 switch (rr
->key
->type
) {
1565 r
= dns_packet_read_uint16(p
, &rr
->srv
.priority
, NULL
);
1568 r
= dns_packet_read_uint16(p
, &rr
->srv
.weight
, NULL
);
1571 r
= dns_packet_read_uint16(p
, &rr
->srv
.port
, NULL
);
1574 r
= dns_packet_read_name(p
, &rr
->srv
.name
, true, NULL
);
1579 case DNS_TYPE_CNAME
:
1580 case DNS_TYPE_DNAME
:
1581 r
= dns_packet_read_name(p
, &rr
->ptr
.name
, true, NULL
);
1584 case DNS_TYPE_HINFO
:
1585 r
= dns_packet_read_string(p
, &rr
->hinfo
.cpu
, NULL
);
1589 r
= dns_packet_read_string(p
, &rr
->hinfo
.os
, NULL
);
1592 case DNS_TYPE_SPF
: /* exactly the same as TXT */
1594 if (rdlength
<= 0) {
1596 /* RFC 6763, section 6.1 suggests to treat
1597 * empty TXT RRs as equivalent to a TXT record
1598 * with a single empty string. */
1600 i
= malloc0(offsetof(DnsTxtItem
, data
) + 1); /* for safety reasons we add an extra NUL byte */
1606 DnsTxtItem
*last
= NULL
;
1608 while (p
->rindex
< offset
+ rdlength
) {
1613 r
= dns_packet_read_raw_string(p
, &data
, &sz
, NULL
);
1617 i
= malloc0(offsetof(DnsTxtItem
, data
) + sz
+ 1); /* extra NUL byte at the end */
1621 memcpy(i
->data
, data
, sz
);
1624 LIST_INSERT_AFTER(items
, rr
->txt
.items
, last
, i
);
1633 r
= dns_packet_read_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
1637 r
= dns_packet_read_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
1641 r
= dns_packet_read_name(p
, &rr
->soa
.mname
, true, NULL
);
1645 r
= dns_packet_read_name(p
, &rr
->soa
.rname
, true, NULL
);
1649 r
= dns_packet_read_uint32(p
, &rr
->soa
.serial
, NULL
);
1653 r
= dns_packet_read_uint32(p
, &rr
->soa
.refresh
, NULL
);
1657 r
= dns_packet_read_uint32(p
, &rr
->soa
.retry
, NULL
);
1661 r
= dns_packet_read_uint32(p
, &rr
->soa
.expire
, NULL
);
1665 r
= dns_packet_read_uint32(p
, &rr
->soa
.minimum
, NULL
);
1669 r
= dns_packet_read_uint16(p
, &rr
->mx
.priority
, NULL
);
1673 r
= dns_packet_read_name(p
, &rr
->mx
.exchange
, true, NULL
);
1676 case DNS_TYPE_LOC
: {
1680 r
= dns_packet_read_uint8(p
, &t
, &pos
);
1685 rr
->loc
.version
= t
;
1687 r
= dns_packet_read_uint8(p
, &rr
->loc
.size
, NULL
);
1691 if (!loc_size_ok(rr
->loc
.size
)) {
1696 r
= dns_packet_read_uint8(p
, &rr
->loc
.horiz_pre
, NULL
);
1700 if (!loc_size_ok(rr
->loc
.horiz_pre
)) {
1705 r
= dns_packet_read_uint8(p
, &rr
->loc
.vert_pre
, NULL
);
1709 if (!loc_size_ok(rr
->loc
.vert_pre
)) {
1714 r
= dns_packet_read_uint32(p
, &rr
->loc
.latitude
, NULL
);
1718 r
= dns_packet_read_uint32(p
, &rr
->loc
.longitude
, NULL
);
1722 r
= dns_packet_read_uint32(p
, &rr
->loc
.altitude
, NULL
);
1728 dns_packet_rewind(p
, pos
);
1729 rr
->unparseable
= true;
1735 r
= dns_packet_read_uint16(p
, &rr
->ds
.key_tag
, NULL
);
1739 r
= dns_packet_read_uint8(p
, &rr
->ds
.algorithm
, NULL
);
1743 r
= dns_packet_read_uint8(p
, &rr
->ds
.digest_type
, NULL
);
1747 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1748 &rr
->ds
.digest
, &rr
->ds
.digest_size
,
1753 if (rr
->ds
.digest_size
<= 0) {
1754 /* the accepted size depends on the algorithm, but for now
1755 just ensure that the value is greater than zero */
1762 case DNS_TYPE_SSHFP
:
1763 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.algorithm
, NULL
);
1767 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.fptype
, NULL
);
1771 r
= dns_packet_read_memdup(p
, rdlength
- 2,
1772 &rr
->sshfp
.fingerprint
, &rr
->sshfp
.fingerprint_size
,
1775 if (rr
->sshfp
.fingerprint_size
<= 0) {
1776 /* the accepted size depends on the algorithm, but for now
1777 just ensure that the value is greater than zero */
1784 case DNS_TYPE_DNSKEY
:
1785 r
= dns_packet_read_uint16(p
, &rr
->dnskey
.flags
, NULL
);
1789 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.protocol
, NULL
);
1793 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.algorithm
, NULL
);
1797 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1798 &rr
->dnskey
.key
, &rr
->dnskey
.key_size
,
1801 if (rr
->dnskey
.key_size
<= 0) {
1802 /* the accepted size depends on the algorithm, but for now
1803 just ensure that the value is greater than zero */
1810 case DNS_TYPE_RRSIG
:
1811 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.type_covered
, NULL
);
1815 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.algorithm
, NULL
);
1819 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.labels
, NULL
);
1823 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.original_ttl
, NULL
);
1827 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.expiration
, NULL
);
1831 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.inception
, NULL
);
1835 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.key_tag
, NULL
);
1839 r
= dns_packet_read_name(p
, &rr
->rrsig
.signer
, false, NULL
);
1843 r
= dns_packet_read_memdup(p
, offset
+ rdlength
- p
->rindex
,
1844 &rr
->rrsig
.signature
, &rr
->rrsig
.signature_size
,
1847 if (rr
->rrsig
.signature_size
<= 0) {
1848 /* the accepted size depends on the algorithm, but for now
1849 just ensure that the value is greater than zero */
1856 case DNS_TYPE_NSEC
: {
1859 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1860 * This contradicts RFC3845, section 2.1.1
1863 bool allow_compressed
= p
->protocol
== DNS_PROTOCOL_MDNS
;
1865 r
= dns_packet_read_name(p
, &rr
->nsec
.next_domain_name
, allow_compressed
, NULL
);
1869 r
= dns_packet_read_type_windows(p
, &rr
->nsec
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1873 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1874 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1875 * without the NSEC bit set. */
1879 case DNS_TYPE_NSEC3
: {
1882 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.algorithm
, NULL
);
1886 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.flags
, NULL
);
1890 r
= dns_packet_read_uint16(p
, &rr
->nsec3
.iterations
, NULL
);
1894 /* this may be zero */
1895 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1899 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.salt
, &rr
->nsec3
.salt_size
, NULL
);
1903 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1912 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.next_hashed_name
, &rr
->nsec3
.next_hashed_name_size
, NULL
);
1916 r
= dns_packet_read_type_windows(p
, &rr
->nsec3
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1920 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1925 case DNS_TYPE_OPT
: /* we only care about the header of OPT for now. */
1928 r
= dns_packet_read_memdup(p
, rdlength
, &rr
->generic
.data
, &rr
->generic
.size
, NULL
);
1935 if (p
->rindex
!= offset
+ rdlength
) {
1943 if (ret_cache_flush
)
1944 *ret_cache_flush
= cache_flush
;
1946 *start
= saved_rindex
;
1950 dns_packet_rewind(p
, saved_rindex
);
1954 int dns_packet_extract(DnsPacket
*p
) {
1955 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
1956 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
1957 size_t saved_rindex
;
1964 saved_rindex
= p
->rindex
;
1965 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
1967 n
= DNS_PACKET_QDCOUNT(p
);
1969 question
= dns_question_new(n
);
1975 for (i
= 0; i
< n
; i
++) {
1976 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1979 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
1988 if (!dns_type_is_valid_query(key
->type
)) {
1993 r
= dns_question_add(question
, key
);
1999 n
= DNS_PACKET_RRCOUNT(p
);
2001 answer
= dns_answer_new(n
);
2007 for (i
= 0; i
< n
; i
++) {
2008 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
2011 r
= dns_packet_read_rr(p
, &rr
, &cache_flush
, NULL
);
2015 if (rr
->key
->type
== DNS_TYPE_OPT
) {
2017 if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr
->key
))) {
2022 /* The OPT RR is only valid in the Additional section */
2023 if (i
< DNS_PACKET_ANCOUNT(p
) + DNS_PACKET_NSCOUNT(p
)) {
2034 p
->opt
= dns_resource_record_ref(rr
);
2037 /* According to RFC 4795, section
2038 * 2.9. only the RRs from the Answer
2039 * section shall be cached. Hence mark
2040 * only those RRs as cacheable by
2041 * default, but not the ones from the
2042 * Additional or Authority
2045 r
= dns_answer_add(answer
, rr
, p
->ifindex
,
2046 (i
< DNS_PACKET_ANCOUNT(p
) ? DNS_ANSWER_CACHEABLE
: 0) |
2047 (p
->protocol
== DNS_PROTOCOL_MDNS
&& !cache_flush
? DNS_ANSWER_SHARED_OWNER
: 0));
2054 p
->question
= question
;
2060 p
->extracted
= true;
2065 p
->rindex
= saved_rindex
;
2069 int dns_packet_is_reply_for(DnsPacket
*p
, const DnsResourceKey
*key
) {
2075 /* Checks if the specified packet is a reply for the specified
2076 * key and the specified key is the only one in the question
2079 if (DNS_PACKET_QR(p
) != 1)
2082 /* Let's unpack the packet, if that hasn't happened yet. */
2083 r
= dns_packet_extract(p
);
2087 if (p
->question
->n_keys
!= 1)
2090 return dns_resource_key_equal(p
->question
->keys
[0], key
);
2093 static const char* const dns_rcode_table
[_DNS_RCODE_MAX_DEFINED
] = {
2094 [DNS_RCODE_SUCCESS
] = "SUCCESS",
2095 [DNS_RCODE_FORMERR
] = "FORMERR",
2096 [DNS_RCODE_SERVFAIL
] = "SERVFAIL",
2097 [DNS_RCODE_NXDOMAIN
] = "NXDOMAIN",
2098 [DNS_RCODE_NOTIMP
] = "NOTIMP",
2099 [DNS_RCODE_REFUSED
] = "REFUSED",
2100 [DNS_RCODE_YXDOMAIN
] = "YXDOMAIN",
2101 [DNS_RCODE_YXRRSET
] = "YRRSET",
2102 [DNS_RCODE_NXRRSET
] = "NXRRSET",
2103 [DNS_RCODE_NOTAUTH
] = "NOTAUTH",
2104 [DNS_RCODE_NOTZONE
] = "NOTZONE",
2105 [DNS_RCODE_BADVERS
] = "BADVERS",
2106 [DNS_RCODE_BADKEY
] = "BADKEY",
2107 [DNS_RCODE_BADTIME
] = "BADTIME",
2108 [DNS_RCODE_BADMODE
] = "BADMODE",
2109 [DNS_RCODE_BADNAME
] = "BADNAME",
2110 [DNS_RCODE_BADALG
] = "BADALG",
2111 [DNS_RCODE_BADTRUNC
] = "BADTRUNC",
2113 DEFINE_STRING_TABLE_LOOKUP(dns_rcode
, int);
2115 static const char* const dns_protocol_table
[_DNS_PROTOCOL_MAX
] = {
2116 [DNS_PROTOCOL_DNS
] = "dns",
2117 [DNS_PROTOCOL_MDNS
] = "mdns",
2118 [DNS_PROTOCOL_LLMNR
] = "llmnr",
2120 DEFINE_STRING_TABLE_LOOKUP(dns_protocol
, DnsProtocol
);