1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
27 #include "unaligned.h"
31 #define EDNS0_OPT_DO (1<<15)
33 int dns_packet_new(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
) {
39 if (mtu
<= UDP_PACKET_HEADER_SIZE
)
40 a
= DNS_PACKET_SIZE_START
;
42 a
= mtu
- UDP_PACKET_HEADER_SIZE
;
44 if (a
< DNS_PACKET_HEADER_SIZE
)
45 a
= DNS_PACKET_HEADER_SIZE
;
47 /* round up to next page size */
48 a
= PAGE_ALIGN(ALIGN(sizeof(DnsPacket
)) + a
) - ALIGN(sizeof(DnsPacket
));
50 /* make sure we never allocate more than useful */
51 if (a
> DNS_PACKET_SIZE_MAX
)
52 a
= DNS_PACKET_SIZE_MAX
;
54 p
= malloc0(ALIGN(sizeof(DnsPacket
)) + a
);
58 p
->size
= p
->rindex
= DNS_PACKET_HEADER_SIZE
;
60 p
->protocol
= protocol
;
61 p
->opt_start
= p
->opt_size
= (size_t) -1;
69 void dns_packet_set_flags(DnsPacket
*p
, bool dnssec_checking_disabled
, bool truncated
) {
75 h
= DNS_PACKET_HEADER(p
);
78 case DNS_PROTOCOL_LLMNR
:
81 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
92 case DNS_PROTOCOL_MDNS
:
93 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
97 0 /* rd (ask for recursion) */,
107 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
111 1 /* rd (ask for recursion) */,
114 dnssec_checking_disabled
/* cd */,
119 int dns_packet_new_query(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
, bool dnssec_checking_disabled
) {
125 r
= dns_packet_new(&p
, protocol
, mtu
);
129 /* Always set the TC bit to 0 initially.
130 * If there are multiple packets later, we'll update the bit shortly before sending.
132 dns_packet_set_flags(p
, dnssec_checking_disabled
, false);
138 DnsPacket
*dns_packet_ref(DnsPacket
*p
) {
143 assert(!p
->on_stack
);
145 assert(p
->n_ref
> 0);
150 static void dns_packet_free(DnsPacket
*p
) {
155 dns_question_unref(p
->question
);
156 dns_answer_unref(p
->answer
);
157 dns_resource_record_unref(p
->opt
);
159 while ((s
= hashmap_steal_first_key(p
->names
)))
161 hashmap_free(p
->names
);
169 DnsPacket
*dns_packet_unref(DnsPacket
*p
) {
173 assert(p
->n_ref
> 0);
175 dns_packet_unref(p
->more
);
185 int dns_packet_validate(DnsPacket
*p
) {
188 if (p
->size
< DNS_PACKET_HEADER_SIZE
)
191 if (p
->size
> DNS_PACKET_SIZE_MAX
)
197 int dns_packet_validate_reply(DnsPacket
*p
) {
202 r
= dns_packet_validate(p
);
206 if (DNS_PACKET_QR(p
) != 1)
209 if (DNS_PACKET_OPCODE(p
) != 0)
212 switch (p
->protocol
) {
214 case DNS_PROTOCOL_LLMNR
:
215 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
216 if (DNS_PACKET_QDCOUNT(p
) != 1)
221 case DNS_PROTOCOL_MDNS
:
222 /* RFC 6762, Section 18 */
223 if (DNS_PACKET_RCODE(p
) != 0)
235 int dns_packet_validate_query(DnsPacket
*p
) {
240 r
= dns_packet_validate(p
);
244 if (DNS_PACKET_QR(p
) != 0)
247 if (DNS_PACKET_OPCODE(p
) != 0)
250 if (DNS_PACKET_TC(p
))
253 switch (p
->protocol
) {
255 case DNS_PROTOCOL_LLMNR
:
256 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
257 if (DNS_PACKET_QDCOUNT(p
) != 1)
260 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
261 if (DNS_PACKET_ANCOUNT(p
) > 0)
264 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
265 if (DNS_PACKET_NSCOUNT(p
) > 0)
270 case DNS_PROTOCOL_MDNS
:
271 /* RFC 6762, Section 18 */
272 if (DNS_PACKET_AA(p
) != 0 ||
273 DNS_PACKET_RD(p
) != 0 ||
274 DNS_PACKET_RA(p
) != 0 ||
275 DNS_PACKET_AD(p
) != 0 ||
276 DNS_PACKET_CD(p
) != 0 ||
277 DNS_PACKET_RCODE(p
) != 0)
289 static int dns_packet_extend(DnsPacket
*p
, size_t add
, void **ret
, size_t *start
) {
292 if (p
->size
+ add
> p
->allocated
) {
295 a
= PAGE_ALIGN((p
->size
+ add
) * 2);
296 if (a
> DNS_PACKET_SIZE_MAX
)
297 a
= DNS_PACKET_SIZE_MAX
;
299 if (p
->size
+ add
> a
)
305 d
= realloc(p
->_data
, a
);
311 p
->_data
= malloc(a
);
315 memcpy(p
->_data
, (uint8_t*) p
+ ALIGN(sizeof(DnsPacket
)), p
->size
);
316 memzero((uint8_t*) p
->_data
+ p
->size
, a
- p
->size
);
326 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->size
;
332 void dns_packet_truncate(DnsPacket
*p
, size_t sz
) {
342 HASHMAP_FOREACH_KEY(n
, s
, p
->names
, i
) {
344 if (PTR_TO_SIZE(n
) < sz
)
347 hashmap_remove(p
->names
, s
);
354 int dns_packet_append_blob(DnsPacket
*p
, const void *d
, size_t l
, size_t *start
) {
360 r
= dns_packet_extend(p
, l
, &q
, start
);
368 int dns_packet_append_uint8(DnsPacket
*p
, uint8_t v
, size_t *start
) {
374 r
= dns_packet_extend(p
, sizeof(uint8_t), &d
, start
);
378 ((uint8_t*) d
)[0] = v
;
383 int dns_packet_append_uint16(DnsPacket
*p
, uint16_t v
, size_t *start
) {
389 r
= dns_packet_extend(p
, sizeof(uint16_t), &d
, start
);
393 unaligned_write_be16(d
, v
);
398 int dns_packet_append_uint32(DnsPacket
*p
, uint32_t v
, size_t *start
) {
404 r
= dns_packet_extend(p
, sizeof(uint32_t), &d
, start
);
408 unaligned_write_be32(d
, v
);
413 int dns_packet_append_string(DnsPacket
*p
, const char *s
, size_t *start
) {
417 return dns_packet_append_raw_string(p
, s
, strlen(s
), start
);
420 int dns_packet_append_raw_string(DnsPacket
*p
, const void *s
, size_t size
, size_t *start
) {
425 assert(s
|| size
== 0);
430 r
= dns_packet_extend(p
, 1 + size
, &d
, start
);
434 ((uint8_t*) d
)[0] = (uint8_t) size
;
437 memcpy(((uint8_t*) d
) + 1, s
, size
);
442 int dns_packet_append_label(DnsPacket
*p
, const char *d
, size_t l
, bool canonical_candidate
, size_t *start
) {
446 /* Append a label to a packet. Optionally, does this in DNSSEC
447 * canonical form, if this label is marked as a candidate for
448 * it, and the canonical form logic is enabled for the
454 if (l
> DNS_LABEL_MAX
)
457 r
= dns_packet_extend(p
, 1 + l
, (void**) &w
, start
);
461 *(w
++) = (uint8_t) l
;
463 if (p
->canonical_form
&& canonical_candidate
) {
466 /* Generate in canonical form, as defined by DNSSEC
467 * RFC 4034, Section 6.2, i.e. all lower-case. */
469 for (i
= 0; i
< l
; i
++) {
470 if (d
[i
] >= 'A' && d
[i
] <= 'Z')
471 w
[i
] = (uint8_t) (d
[i
] - 'A' + 'a');
473 w
[i
] = (uint8_t) d
[i
];
476 /* Otherwise, just copy the string unaltered. This is
477 * essential for DNS-SD, where the casing of labels
478 * matters and needs to be retained. */
484 int dns_packet_append_name(
487 bool allow_compression
,
488 bool canonical_candidate
,
497 if (p
->refuse_compression
)
498 allow_compression
= false;
500 saved_size
= p
->size
;
502 while (!dns_name_is_root(name
)) {
503 const char *z
= name
;
504 char label
[DNS_LABEL_MAX
];
508 if (allow_compression
)
509 n
= PTR_TO_SIZE(hashmap_get(p
->names
, name
));
514 r
= dns_packet_append_uint16(p
, 0xC000 | n
, NULL
);
522 r
= dns_label_unescape(&name
, label
, sizeof(label
));
526 if (p
->protocol
== DNS_PROTOCOL_DNS
)
527 k
= dns_label_apply_idna(label
, r
, label
, sizeof(label
));
529 k
= dns_label_undo_idna(label
, r
, label
, sizeof(label
));
537 r
= dns_packet_append_label(p
, label
, r
, canonical_candidate
, &n
);
541 if (allow_compression
) {
542 _cleanup_free_
char *s
= NULL
;
550 r
= hashmap_ensure_allocated(&p
->names
, &dns_name_hash_ops
);
554 r
= hashmap_put(p
->names
, s
, SIZE_TO_PTR(n
));
562 r
= dns_packet_append_uint8(p
, 0, NULL
);
573 dns_packet_truncate(p
, saved_size
);
577 int dns_packet_append_key(DnsPacket
*p
, const DnsResourceKey
*k
, size_t *start
) {
584 saved_size
= p
->size
;
586 r
= dns_packet_append_name(p
, DNS_RESOURCE_KEY_NAME(k
), true, true, NULL
);
590 r
= dns_packet_append_uint16(p
, k
->type
, NULL
);
594 r
= dns_packet_append_uint16(p
, k
->class, NULL
);
604 dns_packet_truncate(p
, saved_size
);
608 static int dns_packet_append_type_window(DnsPacket
*p
, uint8_t window
, uint8_t length
, const uint8_t *types
, size_t *start
) {
616 saved_size
= p
->size
;
618 r
= dns_packet_append_uint8(p
, window
, NULL
);
622 r
= dns_packet_append_uint8(p
, length
, NULL
);
626 r
= dns_packet_append_blob(p
, types
, length
, NULL
);
635 dns_packet_truncate(p
, saved_size
);
639 static int dns_packet_append_types(DnsPacket
*p
, Bitmap
*types
, size_t *start
) {
643 uint8_t bitmaps
[32] = {};
650 saved_size
= p
->size
;
652 BITMAP_FOREACH(n
, types
, i
) {
655 if ((n
>> 8) != window
&& bitmaps
[entry
/ 8] != 0) {
656 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
666 bitmaps
[entry
/ 8] |= 1 << (7 - (entry
% 8));
669 if (bitmaps
[entry
/ 8] != 0) {
670 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
680 dns_packet_truncate(p
, saved_size
);
684 /* Append the OPT pseudo-RR described in RFC6891 */
685 int dns_packet_append_opt(DnsPacket
*p
, uint16_t max_udp_size
, bool edns0_do
, size_t *start
) {
690 /* we must never advertise supported packet size smaller than the legacy max */
691 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
693 if (p
->opt_start
!= (size_t) -1)
696 assert(p
->opt_size
== (size_t) -1);
698 saved_size
= p
->size
;
701 r
= dns_packet_append_uint8(p
, 0, NULL
);
706 r
= dns_packet_append_uint16(p
, DNS_TYPE_OPT
, NULL
);
710 /* maximum udp packet that can be received */
711 r
= dns_packet_append_uint16(p
, max_udp_size
, NULL
);
715 /* extended RCODE and VERSION */
716 r
= dns_packet_append_uint16(p
, 0, NULL
);
720 /* flags: DNSSEC OK (DO), see RFC3225 */
721 r
= dns_packet_append_uint16(p
, edns0_do
? EDNS0_OPT_DO
: 0, NULL
);
728 /* If DO is on, also append RFC6975 Algorithm data */
730 static const uint8_t rfc6975
[] = {
732 0, 5, /* OPTION_CODE: DAU */
733 0, 6, /* LIST_LENGTH */
734 DNSSEC_ALGORITHM_RSASHA1
,
735 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1
,
736 DNSSEC_ALGORITHM_RSASHA256
,
737 DNSSEC_ALGORITHM_RSASHA512
,
738 DNSSEC_ALGORITHM_ECDSAP256SHA256
,
739 DNSSEC_ALGORITHM_ECDSAP384SHA384
,
741 0, 6, /* OPTION_CODE: DHU */
742 0, 3, /* LIST_LENGTH */
744 DNSSEC_DIGEST_SHA256
,
745 DNSSEC_DIGEST_SHA384
,
747 0, 7, /* OPTION_CODE: N3U */
748 0, 1, /* LIST_LENGTH */
749 NSEC3_ALGORITHM_SHA1
,
752 r
= dns_packet_append_uint16(p
, sizeof(rfc6975
), NULL
);
756 r
= dns_packet_append_blob(p
, rfc6975
, sizeof(rfc6975
), NULL
);
758 r
= dns_packet_append_uint16(p
, 0, NULL
);
763 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) + 1);
765 p
->opt_start
= saved_size
;
766 p
->opt_size
= p
->size
- saved_size
;
774 dns_packet_truncate(p
, saved_size
);
778 int dns_packet_truncate_opt(DnsPacket
*p
) {
781 if (p
->opt_start
== (size_t) -1) {
782 assert(p
->opt_size
== (size_t) -1);
786 assert(p
->opt_size
!= (size_t) -1);
787 assert(DNS_PACKET_ARCOUNT(p
) > 0);
789 if (p
->opt_start
+ p
->opt_size
!= p
->size
)
792 dns_packet_truncate(p
, p
->opt_start
);
793 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) - 1);
794 p
->opt_start
= p
->opt_size
= (size_t) -1;
799 int dns_packet_append_rr(DnsPacket
*p
, const DnsResourceRecord
*rr
, size_t *start
, size_t *rdata_start
) {
800 size_t saved_size
, rdlength_offset
, end
, rdlength
, rds
;
806 saved_size
= p
->size
;
808 r
= dns_packet_append_key(p
, rr
->key
, NULL
);
812 r
= dns_packet_append_uint32(p
, rr
->ttl
, NULL
);
816 /* Initially we write 0 here */
817 r
= dns_packet_append_uint16(p
, 0, &rdlength_offset
);
821 rds
= p
->size
- saved_size
;
823 switch (rr
->unparseable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
826 r
= dns_packet_append_uint16(p
, rr
->srv
.priority
, NULL
);
830 r
= dns_packet_append_uint16(p
, rr
->srv
.weight
, NULL
);
834 r
= dns_packet_append_uint16(p
, rr
->srv
.port
, NULL
);
838 r
= dns_packet_append_name(p
, rr
->srv
.name
, true, false, NULL
);
845 r
= dns_packet_append_name(p
, rr
->ptr
.name
, true, false, NULL
);
849 r
= dns_packet_append_string(p
, rr
->hinfo
.cpu
, NULL
);
853 r
= dns_packet_append_string(p
, rr
->hinfo
.os
, NULL
);
856 case DNS_TYPE_SPF
: /* exactly the same as TXT */
859 if (!rr
->txt
.items
) {
860 /* RFC 6763, section 6.1 suggests to generate
861 * single empty string for an empty array. */
863 r
= dns_packet_append_raw_string(p
, NULL
, 0, NULL
);
869 LIST_FOREACH(items
, i
, rr
->txt
.items
) {
870 r
= dns_packet_append_raw_string(p
, i
->data
, i
->length
, NULL
);
880 r
= dns_packet_append_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
884 r
= dns_packet_append_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
888 r
= dns_packet_append_name(p
, rr
->soa
.mname
, true, false, NULL
);
892 r
= dns_packet_append_name(p
, rr
->soa
.rname
, true, false, NULL
);
896 r
= dns_packet_append_uint32(p
, rr
->soa
.serial
, NULL
);
900 r
= dns_packet_append_uint32(p
, rr
->soa
.refresh
, NULL
);
904 r
= dns_packet_append_uint32(p
, rr
->soa
.retry
, NULL
);
908 r
= dns_packet_append_uint32(p
, rr
->soa
.expire
, NULL
);
912 r
= dns_packet_append_uint32(p
, rr
->soa
.minimum
, NULL
);
916 r
= dns_packet_append_uint16(p
, rr
->mx
.priority
, NULL
);
920 r
= dns_packet_append_name(p
, rr
->mx
.exchange
, true, false, NULL
);
924 r
= dns_packet_append_uint8(p
, rr
->loc
.version
, NULL
);
928 r
= dns_packet_append_uint8(p
, rr
->loc
.size
, NULL
);
932 r
= dns_packet_append_uint8(p
, rr
->loc
.horiz_pre
, NULL
);
936 r
= dns_packet_append_uint8(p
, rr
->loc
.vert_pre
, NULL
);
940 r
= dns_packet_append_uint32(p
, rr
->loc
.latitude
, NULL
);
944 r
= dns_packet_append_uint32(p
, rr
->loc
.longitude
, NULL
);
948 r
= dns_packet_append_uint32(p
, rr
->loc
.altitude
, NULL
);
952 r
= dns_packet_append_uint16(p
, rr
->ds
.key_tag
, NULL
);
956 r
= dns_packet_append_uint8(p
, rr
->ds
.algorithm
, NULL
);
960 r
= dns_packet_append_uint8(p
, rr
->ds
.digest_type
, NULL
);
964 r
= dns_packet_append_blob(p
, rr
->ds
.digest
, rr
->ds
.digest_size
, NULL
);
968 r
= dns_packet_append_uint8(p
, rr
->sshfp
.algorithm
, NULL
);
972 r
= dns_packet_append_uint8(p
, rr
->sshfp
.fptype
, NULL
);
976 r
= dns_packet_append_blob(p
, rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, NULL
);
979 case DNS_TYPE_DNSKEY
:
980 r
= dns_packet_append_uint16(p
, rr
->dnskey
.flags
, NULL
);
984 r
= dns_packet_append_uint8(p
, rr
->dnskey
.protocol
, NULL
);
988 r
= dns_packet_append_uint8(p
, rr
->dnskey
.algorithm
, NULL
);
992 r
= dns_packet_append_blob(p
, rr
->dnskey
.key
, rr
->dnskey
.key_size
, NULL
);
996 r
= dns_packet_append_uint16(p
, rr
->rrsig
.type_covered
, NULL
);
1000 r
= dns_packet_append_uint8(p
, rr
->rrsig
.algorithm
, NULL
);
1004 r
= dns_packet_append_uint8(p
, rr
->rrsig
.labels
, NULL
);
1008 r
= dns_packet_append_uint32(p
, rr
->rrsig
.original_ttl
, NULL
);
1012 r
= dns_packet_append_uint32(p
, rr
->rrsig
.expiration
, NULL
);
1016 r
= dns_packet_append_uint32(p
, rr
->rrsig
.inception
, NULL
);
1020 r
= dns_packet_append_uint16(p
, rr
->rrsig
.key_tag
, NULL
);
1024 r
= dns_packet_append_name(p
, rr
->rrsig
.signer
, false, true, NULL
);
1028 r
= dns_packet_append_blob(p
, rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, NULL
);
1032 r
= dns_packet_append_name(p
, rr
->nsec
.next_domain_name
, false, false, NULL
);
1036 r
= dns_packet_append_types(p
, rr
->nsec
.types
, NULL
);
1042 case DNS_TYPE_NSEC3
:
1043 r
= dns_packet_append_uint8(p
, rr
->nsec3
.algorithm
, NULL
);
1047 r
= dns_packet_append_uint8(p
, rr
->nsec3
.flags
, NULL
);
1051 r
= dns_packet_append_uint16(p
, rr
->nsec3
.iterations
, NULL
);
1055 r
= dns_packet_append_uint8(p
, rr
->nsec3
.salt_size
, NULL
);
1059 r
= dns_packet_append_blob(p
, rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, NULL
);
1063 r
= dns_packet_append_uint8(p
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1067 r
= dns_packet_append_blob(p
, rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1071 r
= dns_packet_append_types(p
, rr
->nsec3
.types
, NULL
);
1078 case _DNS_TYPE_INVALID
: /* unparseable */
1081 r
= dns_packet_append_blob(p
, rr
->generic
.data
, rr
->generic
.size
, NULL
);
1087 /* Let's calculate the actual data size and update the field */
1088 rdlength
= p
->size
- rdlength_offset
- sizeof(uint16_t);
1089 if (rdlength
> 0xFFFF) {
1095 p
->size
= rdlength_offset
;
1096 r
= dns_packet_append_uint16(p
, rdlength
, NULL
);
1102 *start
= saved_size
;
1110 dns_packet_truncate(p
, saved_size
);
1114 int dns_packet_read(DnsPacket
*p
, size_t sz
, const void **ret
, size_t *start
) {
1117 if (p
->rindex
+ sz
> p
->size
)
1121 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->rindex
;
1130 void dns_packet_rewind(DnsPacket
*p
, size_t idx
) {
1132 assert(idx
<= p
->size
);
1133 assert(idx
>= DNS_PACKET_HEADER_SIZE
);
1138 int dns_packet_read_blob(DnsPacket
*p
, void *d
, size_t sz
, size_t *start
) {
1145 r
= dns_packet_read(p
, sz
, &q
, start
);
1153 static int dns_packet_read_memdup(
1154 DnsPacket
*p
, size_t size
,
1155 void **ret
, size_t *ret_size
,
1156 size_t *ret_start
) {
1165 r
= dns_packet_read(p
, size
, &src
, &start
);
1174 copy
= memdup(src
, size
);
1189 int dns_packet_read_uint8(DnsPacket
*p
, uint8_t *ret
, size_t *start
) {
1195 r
= dns_packet_read(p
, sizeof(uint8_t), &d
, start
);
1199 *ret
= ((uint8_t*) d
)[0];
1203 int dns_packet_read_uint16(DnsPacket
*p
, uint16_t *ret
, size_t *start
) {
1209 r
= dns_packet_read(p
, sizeof(uint16_t), &d
, start
);
1213 *ret
= unaligned_read_be16(d
);
1218 int dns_packet_read_uint32(DnsPacket
*p
, uint32_t *ret
, size_t *start
) {
1224 r
= dns_packet_read(p
, sizeof(uint32_t), &d
, start
);
1228 *ret
= unaligned_read_be32(d
);
1233 int dns_packet_read_string(DnsPacket
*p
, char **ret
, size_t *start
) {
1234 size_t saved_rindex
;
1242 saved_rindex
= p
->rindex
;
1244 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1248 r
= dns_packet_read(p
, c
, &d
, NULL
);
1252 if (memchr(d
, 0, c
)) {
1263 if (!utf8_is_valid(t
)) {
1272 *start
= saved_rindex
;
1277 dns_packet_rewind(p
, saved_rindex
);
1281 int dns_packet_read_raw_string(DnsPacket
*p
, const void **ret
, size_t *size
, size_t *start
) {
1282 size_t saved_rindex
;
1288 saved_rindex
= p
->rindex
;
1290 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1294 r
= dns_packet_read(p
, c
, ret
, NULL
);
1301 *start
= saved_rindex
;
1306 dns_packet_rewind(p
, saved_rindex
);
1310 int dns_packet_read_name(
1313 bool allow_compression
,
1316 size_t saved_rindex
, after_rindex
= 0, jump_barrier
;
1317 _cleanup_free_
char *ret
= NULL
;
1318 size_t n
= 0, allocated
= 0;
1325 if (p
->refuse_compression
)
1326 allow_compression
= false;
1328 saved_rindex
= p
->rindex
;
1329 jump_barrier
= p
->rindex
;
1334 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1345 r
= dns_packet_read(p
, c
, (const void**) &label
, NULL
);
1349 if (!GREEDY_REALLOC(ret
, allocated
, n
+ !first
+ DNS_LABEL_ESCAPED_MAX
)) {
1359 r
= dns_label_escape(label
, c
, ret
+ n
, DNS_LABEL_ESCAPED_MAX
);
1365 } else if (allow_compression
&& (c
& 0xc0) == 0xc0) {
1369 r
= dns_packet_read_uint8(p
, &d
, NULL
);
1373 ptr
= (uint16_t) (c
& ~0xc0) << 8 | (uint16_t) d
;
1374 if (ptr
< DNS_PACKET_HEADER_SIZE
|| ptr
>= jump_barrier
) {
1379 if (after_rindex
== 0)
1380 after_rindex
= p
->rindex
;
1382 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1391 if (!GREEDY_REALLOC(ret
, allocated
, n
+ 1)) {
1398 if (after_rindex
!= 0)
1399 p
->rindex
= after_rindex
;
1405 *start
= saved_rindex
;
1410 dns_packet_rewind(p
, saved_rindex
);
1414 static int dns_packet_read_type_window(DnsPacket
*p
, Bitmap
**types
, size_t *start
) {
1417 const uint8_t *bitmap
;
1421 size_t saved_rindex
;
1427 saved_rindex
= p
->rindex
;
1429 r
= bitmap_ensure_allocated(types
);
1433 r
= dns_packet_read_uint8(p
, &window
, NULL
);
1437 r
= dns_packet_read_uint8(p
, &length
, NULL
);
1441 if (length
== 0 || length
> 32)
1444 r
= dns_packet_read(p
, length
, (const void **)&bitmap
, NULL
);
1448 for (i
= 0; i
< length
; i
++) {
1449 uint8_t bitmask
= 1 << 7;
1460 if (bitmap
[i
] & bitmask
) {
1463 n
= (uint16_t) window
<< 8 | (uint16_t) bit
;
1465 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1466 if (dns_type_is_pseudo(n
))
1469 r
= bitmap_set(*types
, n
);
1483 *start
= saved_rindex
;
1487 dns_packet_rewind(p
, saved_rindex
);
1491 static int dns_packet_read_type_windows(DnsPacket
*p
, Bitmap
**types
, size_t size
, size_t *start
) {
1492 size_t saved_rindex
;
1495 saved_rindex
= p
->rindex
;
1497 while (p
->rindex
< saved_rindex
+ size
) {
1498 r
= dns_packet_read_type_window(p
, types
, NULL
);
1502 /* don't read past end of current RR */
1503 if (p
->rindex
> saved_rindex
+ size
) {
1509 if (p
->rindex
!= saved_rindex
+ size
) {
1515 *start
= saved_rindex
;
1519 dns_packet_rewind(p
, saved_rindex
);
1523 int dns_packet_read_key(DnsPacket
*p
, DnsResourceKey
**ret
, bool *ret_cache_flush
, size_t *start
) {
1524 _cleanup_free_
char *name
= NULL
;
1525 bool cache_flush
= false;
1526 uint16_t class, type
;
1527 DnsResourceKey
*key
;
1528 size_t saved_rindex
;
1534 saved_rindex
= p
->rindex
;
1536 r
= dns_packet_read_name(p
, &name
, true, NULL
);
1540 r
= dns_packet_read_uint16(p
, &type
, NULL
);
1544 r
= dns_packet_read_uint16(p
, &class, NULL
);
1548 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
1549 /* See RFC6762, Section 10.2 */
1551 if (type
!= DNS_TYPE_OPT
&& (class & MDNS_RR_CACHE_FLUSH
)) {
1552 class &= ~MDNS_RR_CACHE_FLUSH
;
1557 key
= dns_resource_key_new_consume(class, type
, name
);
1566 if (ret_cache_flush
)
1567 *ret_cache_flush
= cache_flush
;
1569 *start
= saved_rindex
;
1573 dns_packet_rewind(p
, saved_rindex
);
1577 static bool loc_size_ok(uint8_t size
) {
1578 uint8_t m
= size
>> 4, e
= size
& 0xF;
1580 return m
<= 9 && e
<= 9 && (m
> 0 || e
== 0);
1583 int dns_packet_read_rr(DnsPacket
*p
, DnsResourceRecord
**ret
, bool *ret_cache_flush
, size_t *start
) {
1584 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1585 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1586 size_t saved_rindex
, offset
;
1594 saved_rindex
= p
->rindex
;
1596 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
1600 if (!dns_class_is_valid_rr(key
->class)||
1601 !dns_type_is_valid_rr(key
->type
)) {
1606 rr
= dns_resource_record_new(key
);
1612 r
= dns_packet_read_uint32(p
, &rr
->ttl
, NULL
);
1616 /* RFC 2181, Section 8, suggests to
1617 * treat a TTL with the MSB set as a zero TTL. */
1618 if (rr
->ttl
& UINT32_C(0x80000000))
1621 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
1625 if (p
->rindex
+ rdlength
> p
->size
) {
1632 switch (rr
->key
->type
) {
1635 r
= dns_packet_read_uint16(p
, &rr
->srv
.priority
, NULL
);
1638 r
= dns_packet_read_uint16(p
, &rr
->srv
.weight
, NULL
);
1641 r
= dns_packet_read_uint16(p
, &rr
->srv
.port
, NULL
);
1644 r
= dns_packet_read_name(p
, &rr
->srv
.name
, true, NULL
);
1649 case DNS_TYPE_CNAME
:
1650 case DNS_TYPE_DNAME
:
1651 r
= dns_packet_read_name(p
, &rr
->ptr
.name
, true, NULL
);
1654 case DNS_TYPE_HINFO
:
1655 r
= dns_packet_read_string(p
, &rr
->hinfo
.cpu
, NULL
);
1659 r
= dns_packet_read_string(p
, &rr
->hinfo
.os
, NULL
);
1662 case DNS_TYPE_SPF
: /* exactly the same as TXT */
1664 if (rdlength
<= 0) {
1666 /* RFC 6763, section 6.1 suggests to treat
1667 * empty TXT RRs as equivalent to a TXT record
1668 * with a single empty string. */
1670 i
= malloc0(offsetof(DnsTxtItem
, data
) + 1); /* for safety reasons we add an extra NUL byte */
1676 DnsTxtItem
*last
= NULL
;
1678 while (p
->rindex
< offset
+ rdlength
) {
1683 r
= dns_packet_read_raw_string(p
, &data
, &sz
, NULL
);
1687 i
= malloc0(offsetof(DnsTxtItem
, data
) + sz
+ 1); /* extra NUL byte at the end */
1691 memcpy(i
->data
, data
, sz
);
1694 LIST_INSERT_AFTER(items
, rr
->txt
.items
, last
, i
);
1703 r
= dns_packet_read_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
1707 r
= dns_packet_read_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
1711 r
= dns_packet_read_name(p
, &rr
->soa
.mname
, true, NULL
);
1715 r
= dns_packet_read_name(p
, &rr
->soa
.rname
, true, NULL
);
1719 r
= dns_packet_read_uint32(p
, &rr
->soa
.serial
, NULL
);
1723 r
= dns_packet_read_uint32(p
, &rr
->soa
.refresh
, NULL
);
1727 r
= dns_packet_read_uint32(p
, &rr
->soa
.retry
, NULL
);
1731 r
= dns_packet_read_uint32(p
, &rr
->soa
.expire
, NULL
);
1735 r
= dns_packet_read_uint32(p
, &rr
->soa
.minimum
, NULL
);
1739 r
= dns_packet_read_uint16(p
, &rr
->mx
.priority
, NULL
);
1743 r
= dns_packet_read_name(p
, &rr
->mx
.exchange
, true, NULL
);
1746 case DNS_TYPE_LOC
: {
1750 r
= dns_packet_read_uint8(p
, &t
, &pos
);
1755 rr
->loc
.version
= t
;
1757 r
= dns_packet_read_uint8(p
, &rr
->loc
.size
, NULL
);
1761 if (!loc_size_ok(rr
->loc
.size
)) {
1766 r
= dns_packet_read_uint8(p
, &rr
->loc
.horiz_pre
, NULL
);
1770 if (!loc_size_ok(rr
->loc
.horiz_pre
)) {
1775 r
= dns_packet_read_uint8(p
, &rr
->loc
.vert_pre
, NULL
);
1779 if (!loc_size_ok(rr
->loc
.vert_pre
)) {
1784 r
= dns_packet_read_uint32(p
, &rr
->loc
.latitude
, NULL
);
1788 r
= dns_packet_read_uint32(p
, &rr
->loc
.longitude
, NULL
);
1792 r
= dns_packet_read_uint32(p
, &rr
->loc
.altitude
, NULL
);
1798 dns_packet_rewind(p
, pos
);
1799 rr
->unparseable
= true;
1805 r
= dns_packet_read_uint16(p
, &rr
->ds
.key_tag
, NULL
);
1809 r
= dns_packet_read_uint8(p
, &rr
->ds
.algorithm
, NULL
);
1813 r
= dns_packet_read_uint8(p
, &rr
->ds
.digest_type
, NULL
);
1817 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1818 &rr
->ds
.digest
, &rr
->ds
.digest_size
,
1823 if (rr
->ds
.digest_size
<= 0) {
1824 /* the accepted size depends on the algorithm, but for now
1825 just ensure that the value is greater than zero */
1832 case DNS_TYPE_SSHFP
:
1833 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.algorithm
, NULL
);
1837 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.fptype
, NULL
);
1841 r
= dns_packet_read_memdup(p
, rdlength
- 2,
1842 &rr
->sshfp
.fingerprint
, &rr
->sshfp
.fingerprint_size
,
1845 if (rr
->sshfp
.fingerprint_size
<= 0) {
1846 /* the accepted size depends on the algorithm, but for now
1847 just ensure that the value is greater than zero */
1854 case DNS_TYPE_DNSKEY
:
1855 r
= dns_packet_read_uint16(p
, &rr
->dnskey
.flags
, NULL
);
1859 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.protocol
, NULL
);
1863 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.algorithm
, NULL
);
1867 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1868 &rr
->dnskey
.key
, &rr
->dnskey
.key_size
,
1871 if (rr
->dnskey
.key_size
<= 0) {
1872 /* the accepted size depends on the algorithm, but for now
1873 just ensure that the value is greater than zero */
1880 case DNS_TYPE_RRSIG
:
1881 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.type_covered
, NULL
);
1885 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.algorithm
, NULL
);
1889 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.labels
, NULL
);
1893 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.original_ttl
, NULL
);
1897 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.expiration
, NULL
);
1901 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.inception
, NULL
);
1905 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.key_tag
, NULL
);
1909 r
= dns_packet_read_name(p
, &rr
->rrsig
.signer
, false, NULL
);
1913 r
= dns_packet_read_memdup(p
, offset
+ rdlength
- p
->rindex
,
1914 &rr
->rrsig
.signature
, &rr
->rrsig
.signature_size
,
1917 if (rr
->rrsig
.signature_size
<= 0) {
1918 /* the accepted size depends on the algorithm, but for now
1919 just ensure that the value is greater than zero */
1926 case DNS_TYPE_NSEC
: {
1929 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1930 * This contradicts RFC3845, section 2.1.1
1933 bool allow_compressed
= p
->protocol
== DNS_PROTOCOL_MDNS
;
1935 r
= dns_packet_read_name(p
, &rr
->nsec
.next_domain_name
, allow_compressed
, NULL
);
1939 r
= dns_packet_read_type_windows(p
, &rr
->nsec
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1943 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1944 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1945 * without the NSEC bit set. */
1949 case DNS_TYPE_NSEC3
: {
1952 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.algorithm
, NULL
);
1956 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.flags
, NULL
);
1960 r
= dns_packet_read_uint16(p
, &rr
->nsec3
.iterations
, NULL
);
1964 /* this may be zero */
1965 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1969 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.salt
, &rr
->nsec3
.salt_size
, NULL
);
1973 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1982 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.next_hashed_name
, &rr
->nsec3
.next_hashed_name_size
, NULL
);
1986 r
= dns_packet_read_type_windows(p
, &rr
->nsec3
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1990 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1995 case DNS_TYPE_OPT
: /* we only care about the header of OPT for now. */
1998 r
= dns_packet_read_memdup(p
, rdlength
, &rr
->generic
.data
, &rr
->generic
.size
, NULL
);
2005 if (p
->rindex
!= offset
+ rdlength
) {
2013 if (ret_cache_flush
)
2014 *ret_cache_flush
= cache_flush
;
2016 *start
= saved_rindex
;
2020 dns_packet_rewind(p
, saved_rindex
);
2024 int dns_packet_extract(DnsPacket
*p
) {
2025 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
2026 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
2027 size_t saved_rindex
;
2034 saved_rindex
= p
->rindex
;
2035 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
2037 n
= DNS_PACKET_QDCOUNT(p
);
2039 question
= dns_question_new(n
);
2045 for (i
= 0; i
< n
; i
++) {
2046 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
2049 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
2058 if (!dns_type_is_valid_query(key
->type
)) {
2063 r
= dns_question_add(question
, key
);
2069 n
= DNS_PACKET_RRCOUNT(p
);
2071 answer
= dns_answer_new(n
);
2077 for (i
= 0; i
< n
; i
++) {
2078 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
2081 r
= dns_packet_read_rr(p
, &rr
, &cache_flush
, NULL
);
2085 if (rr
->key
->type
== DNS_TYPE_OPT
) {
2087 if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr
->key
))) {
2092 /* The OPT RR is only valid in the Additional section */
2093 if (i
< DNS_PACKET_ANCOUNT(p
) + DNS_PACKET_NSCOUNT(p
)) {
2104 p
->opt
= dns_resource_record_ref(rr
);
2107 /* According to RFC 4795, section
2108 * 2.9. only the RRs from the Answer
2109 * section shall be cached. Hence mark
2110 * only those RRs as cacheable by
2111 * default, but not the ones from the
2112 * Additional or Authority
2115 r
= dns_answer_add(answer
, rr
, p
->ifindex
,
2116 (i
< DNS_PACKET_ANCOUNT(p
) ? DNS_ANSWER_CACHEABLE
: 0) |
2117 (p
->protocol
== DNS_PROTOCOL_MDNS
&& !cache_flush
? DNS_ANSWER_SHARED_OWNER
: 0));
2124 p
->question
= question
;
2130 p
->extracted
= true;
2135 p
->rindex
= saved_rindex
;
2139 int dns_packet_is_reply_for(DnsPacket
*p
, const DnsResourceKey
*key
) {
2145 /* Checks if the specified packet is a reply for the specified
2146 * key and the specified key is the only one in the question
2149 if (DNS_PACKET_QR(p
) != 1)
2152 /* Let's unpack the packet, if that hasn't happened yet. */
2153 r
= dns_packet_extract(p
);
2157 if (p
->question
->n_keys
!= 1)
2160 return dns_resource_key_equal(p
->question
->keys
[0], key
);
2163 static const char* const dns_rcode_table
[_DNS_RCODE_MAX_DEFINED
] = {
2164 [DNS_RCODE_SUCCESS
] = "SUCCESS",
2165 [DNS_RCODE_FORMERR
] = "FORMERR",
2166 [DNS_RCODE_SERVFAIL
] = "SERVFAIL",
2167 [DNS_RCODE_NXDOMAIN
] = "NXDOMAIN",
2168 [DNS_RCODE_NOTIMP
] = "NOTIMP",
2169 [DNS_RCODE_REFUSED
] = "REFUSED",
2170 [DNS_RCODE_YXDOMAIN
] = "YXDOMAIN",
2171 [DNS_RCODE_YXRRSET
] = "YRRSET",
2172 [DNS_RCODE_NXRRSET
] = "NXRRSET",
2173 [DNS_RCODE_NOTAUTH
] = "NOTAUTH",
2174 [DNS_RCODE_NOTZONE
] = "NOTZONE",
2175 [DNS_RCODE_BADVERS
] = "BADVERS",
2176 [DNS_RCODE_BADKEY
] = "BADKEY",
2177 [DNS_RCODE_BADTIME
] = "BADTIME",
2178 [DNS_RCODE_BADMODE
] = "BADMODE",
2179 [DNS_RCODE_BADNAME
] = "BADNAME",
2180 [DNS_RCODE_BADALG
] = "BADALG",
2181 [DNS_RCODE_BADTRUNC
] = "BADTRUNC",
2183 DEFINE_STRING_TABLE_LOOKUP(dns_rcode
, int);
2185 static const char* const dns_protocol_table
[_DNS_PROTOCOL_MAX
] = {
2186 [DNS_PROTOCOL_DNS
] = "dns",
2187 [DNS_PROTOCOL_MDNS
] = "mdns",
2188 [DNS_PROTOCOL_LLMNR
] = "llmnr",
2190 DEFINE_STRING_TABLE_LOOKUP(dns_protocol
, DnsProtocol
);