1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
27 #include "unaligned.h"
31 #define EDNS0_OPT_DO (1<<15)
33 int dns_packet_new(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
) {
39 if (mtu
<= UDP_PACKET_HEADER_SIZE
)
40 a
= DNS_PACKET_SIZE_START
;
42 a
= mtu
- UDP_PACKET_HEADER_SIZE
;
44 if (a
< DNS_PACKET_HEADER_SIZE
)
45 a
= DNS_PACKET_HEADER_SIZE
;
47 /* round up to next page size */
48 a
= PAGE_ALIGN(ALIGN(sizeof(DnsPacket
)) + a
) - ALIGN(sizeof(DnsPacket
));
50 /* make sure we never allocate more than useful */
51 if (a
> DNS_PACKET_SIZE_MAX
)
52 a
= DNS_PACKET_SIZE_MAX
;
54 p
= malloc0(ALIGN(sizeof(DnsPacket
)) + a
);
58 p
->size
= p
->rindex
= DNS_PACKET_HEADER_SIZE
;
60 p
->protocol
= protocol
;
68 void dns_packet_set_flags(DnsPacket
*p
, bool dnssec_checking_disabled
, bool truncated
) {
74 h
= DNS_PACKET_HEADER(p
);
77 case DNS_PROTOCOL_LLMNR
:
80 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
91 case DNS_PROTOCOL_MDNS
:
92 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
96 0 /* rd (ask for recursion) */,
106 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
110 1 /* rd (ask for recursion) */,
113 dnssec_checking_disabled
/* cd */,
118 int dns_packet_new_query(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
, bool dnssec_checking_disabled
) {
124 r
= dns_packet_new(&p
, protocol
, mtu
);
128 /* Always set the TC bit to 0 initially.
129 * If there are multiple packets later, we'll update the bit shortly before sending.
131 dns_packet_set_flags(p
, dnssec_checking_disabled
, false);
137 DnsPacket
*dns_packet_ref(DnsPacket
*p
) {
142 assert(!p
->on_stack
);
144 assert(p
->n_ref
> 0);
149 static void dns_packet_free(DnsPacket
*p
) {
154 dns_question_unref(p
->question
);
155 dns_answer_unref(p
->answer
);
156 dns_resource_record_unref(p
->opt
);
158 while ((s
= hashmap_steal_first_key(p
->names
)))
160 hashmap_free(p
->names
);
168 DnsPacket
*dns_packet_unref(DnsPacket
*p
) {
172 assert(p
->n_ref
> 0);
174 dns_packet_unref(p
->more
);
184 int dns_packet_validate(DnsPacket
*p
) {
187 if (p
->size
< DNS_PACKET_HEADER_SIZE
)
190 if (p
->size
> DNS_PACKET_SIZE_MAX
)
196 int dns_packet_validate_reply(DnsPacket
*p
) {
201 r
= dns_packet_validate(p
);
205 if (DNS_PACKET_QR(p
) != 1)
208 if (DNS_PACKET_OPCODE(p
) != 0)
211 switch (p
->protocol
) {
213 case DNS_PROTOCOL_LLMNR
:
214 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
215 if (DNS_PACKET_QDCOUNT(p
) != 1)
220 case DNS_PROTOCOL_MDNS
:
221 /* RFC 6762, Section 18 */
222 if (DNS_PACKET_RCODE(p
) != 0)
234 int dns_packet_validate_query(DnsPacket
*p
) {
239 r
= dns_packet_validate(p
);
243 if (DNS_PACKET_QR(p
) != 0)
246 if (DNS_PACKET_OPCODE(p
) != 0)
249 if (DNS_PACKET_TC(p
))
252 switch (p
->protocol
) {
254 case DNS_PROTOCOL_LLMNR
:
255 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
256 if (DNS_PACKET_QDCOUNT(p
) != 1)
259 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
260 if (DNS_PACKET_ANCOUNT(p
) > 0)
263 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
264 if (DNS_PACKET_NSCOUNT(p
) > 0)
269 case DNS_PROTOCOL_MDNS
:
270 /* RFC 6762, Section 18 */
271 if (DNS_PACKET_AA(p
) != 0 ||
272 DNS_PACKET_RD(p
) != 0 ||
273 DNS_PACKET_RA(p
) != 0 ||
274 DNS_PACKET_AD(p
) != 0 ||
275 DNS_PACKET_CD(p
) != 0 ||
276 DNS_PACKET_RCODE(p
) != 0)
288 static int dns_packet_extend(DnsPacket
*p
, size_t add
, void **ret
, size_t *start
) {
291 if (p
->size
+ add
> p
->allocated
) {
294 a
= PAGE_ALIGN((p
->size
+ add
) * 2);
295 if (a
> DNS_PACKET_SIZE_MAX
)
296 a
= DNS_PACKET_SIZE_MAX
;
298 if (p
->size
+ add
> a
)
304 d
= realloc(p
->_data
, a
);
310 p
->_data
= malloc(a
);
314 memcpy(p
->_data
, (uint8_t*) p
+ ALIGN(sizeof(DnsPacket
)), p
->size
);
315 memzero((uint8_t*) p
->_data
+ p
->size
, a
- p
->size
);
325 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->size
;
331 void dns_packet_truncate(DnsPacket
*p
, size_t sz
) {
341 HASHMAP_FOREACH_KEY(n
, s
, p
->names
, i
) {
343 if (PTR_TO_SIZE(n
) < sz
)
346 hashmap_remove(p
->names
, s
);
353 int dns_packet_append_blob(DnsPacket
*p
, const void *d
, size_t l
, size_t *start
) {
359 r
= dns_packet_extend(p
, l
, &q
, start
);
367 int dns_packet_append_uint8(DnsPacket
*p
, uint8_t v
, size_t *start
) {
373 r
= dns_packet_extend(p
, sizeof(uint8_t), &d
, start
);
377 ((uint8_t*) d
)[0] = v
;
382 int dns_packet_append_uint16(DnsPacket
*p
, uint16_t v
, size_t *start
) {
388 r
= dns_packet_extend(p
, sizeof(uint16_t), &d
, start
);
392 unaligned_write_be16(d
, v
);
397 int dns_packet_append_uint32(DnsPacket
*p
, uint32_t v
, size_t *start
) {
403 r
= dns_packet_extend(p
, sizeof(uint32_t), &d
, start
);
407 unaligned_write_be32(d
, v
);
412 int dns_packet_append_string(DnsPacket
*p
, const char *s
, size_t *start
) {
416 return dns_packet_append_raw_string(p
, s
, strlen(s
), start
);
419 int dns_packet_append_raw_string(DnsPacket
*p
, const void *s
, size_t size
, size_t *start
) {
424 assert(s
|| size
== 0);
429 r
= dns_packet_extend(p
, 1 + size
, &d
, start
);
433 ((uint8_t*) d
)[0] = (uint8_t) size
;
436 memcpy(((uint8_t*) d
) + 1, s
, size
);
441 int dns_packet_append_label(DnsPacket
*p
, const char *d
, size_t l
, bool canonical_candidate
, size_t *start
) {
445 /* Append a label to a packet. Optionally, does this in DNSSEC
446 * canonical form, if this label is marked as a candidate for
447 * it, and the canonical form logic is enabled for the
453 if (l
> DNS_LABEL_MAX
)
456 r
= dns_packet_extend(p
, 1 + l
, (void**) &w
, start
);
460 *(w
++) = (uint8_t) l
;
462 if (p
->canonical_form
&& canonical_candidate
) {
465 /* Generate in canonical form, as defined by DNSSEC
466 * RFC 4034, Section 6.2, i.e. all lower-case. */
468 for (i
= 0; i
< l
; i
++) {
469 if (d
[i
] >= 'A' && d
[i
] <= 'Z')
470 w
[i
] = (uint8_t) (d
[i
] - 'A' + 'a');
472 w
[i
] = (uint8_t) d
[i
];
475 /* Otherwise, just copy the string unaltered. This is
476 * essential for DNS-SD, where the casing of labels
477 * matters and needs to be retained. */
483 int dns_packet_append_name(
486 bool allow_compression
,
487 bool canonical_candidate
,
496 if (p
->refuse_compression
)
497 allow_compression
= false;
499 saved_size
= p
->size
;
502 _cleanup_free_
char *s
= NULL
;
503 char label
[DNS_LABEL_MAX
];
507 if (allow_compression
)
508 n
= PTR_TO_SIZE(hashmap_get(p
->names
, name
));
513 r
= dns_packet_append_uint16(p
, 0xC000 | n
, NULL
);
527 r
= dns_label_unescape(&name
, label
, sizeof(label
));
531 if (p
->protocol
== DNS_PROTOCOL_DNS
)
532 k
= dns_label_apply_idna(label
, r
, label
, sizeof(label
));
534 k
= dns_label_undo_idna(label
, r
, label
, sizeof(label
));
542 r
= dns_packet_append_label(p
, label
, r
, canonical_candidate
, &n
);
546 if (allow_compression
) {
547 r
= hashmap_ensure_allocated(&p
->names
, &dns_name_hash_ops
);
551 r
= hashmap_put(p
->names
, s
, SIZE_TO_PTR(n
));
559 r
= dns_packet_append_uint8(p
, 0, NULL
);
570 dns_packet_truncate(p
, saved_size
);
574 int dns_packet_append_key(DnsPacket
*p
, const DnsResourceKey
*k
, size_t *start
) {
581 saved_size
= p
->size
;
583 r
= dns_packet_append_name(p
, DNS_RESOURCE_KEY_NAME(k
), true, true, NULL
);
587 r
= dns_packet_append_uint16(p
, k
->type
, NULL
);
591 r
= dns_packet_append_uint16(p
, k
->class, NULL
);
601 dns_packet_truncate(p
, saved_size
);
605 static int dns_packet_append_type_window(DnsPacket
*p
, uint8_t window
, uint8_t length
, const uint8_t *types
, size_t *start
) {
613 saved_size
= p
->size
;
615 r
= dns_packet_append_uint8(p
, window
, NULL
);
619 r
= dns_packet_append_uint8(p
, length
, NULL
);
623 r
= dns_packet_append_blob(p
, types
, length
, NULL
);
632 dns_packet_truncate(p
, saved_size
);
636 static int dns_packet_append_types(DnsPacket
*p
, Bitmap
*types
, size_t *start
) {
640 uint8_t bitmaps
[32] = {};
648 saved_size
= p
->size
;
650 BITMAP_FOREACH(n
, types
, i
) {
653 if ((n
>> 8) != window
&& bitmaps
[entry
/ 8] != 0) {
654 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
664 bitmaps
[entry
/ 8] |= 1 << (7 - (entry
% 8));
667 if (bitmaps
[entry
/ 8] != 0) {
668 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
678 dns_packet_truncate(p
, saved_size
);
682 /* Append the OPT pseudo-RR described in RFC6891 */
683 int dns_packet_append_opt_rr(DnsPacket
*p
, uint16_t max_udp_size
, bool edns0_do
, size_t *start
) {
688 /* we must never advertise supported packet size smaller than the legacy max */
689 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
691 saved_size
= p
->size
;
694 r
= dns_packet_append_uint8(p
, 0, NULL
);
699 r
= dns_packet_append_uint16(p
, DNS_TYPE_OPT
, NULL
);
703 /* maximum udp packet that can be received */
704 r
= dns_packet_append_uint16(p
, max_udp_size
, NULL
);
708 /* extended RCODE and VERSION */
709 r
= dns_packet_append_uint16(p
, 0, NULL
);
713 /* flags: DNSSEC OK (DO), see RFC3225 */
714 r
= dns_packet_append_uint16(p
, edns0_do
? EDNS0_OPT_DO
: 0, NULL
);
719 r
= dns_packet_append_uint16(p
, 0, NULL
);
729 dns_packet_truncate(p
, saved_size
);
733 int dns_packet_append_rr(DnsPacket
*p
, const DnsResourceRecord
*rr
, size_t *start
, size_t *rdata_start
) {
734 size_t saved_size
, rdlength_offset
, end
, rdlength
, rds
;
740 saved_size
= p
->size
;
742 r
= dns_packet_append_key(p
, rr
->key
, NULL
);
746 r
= dns_packet_append_uint32(p
, rr
->ttl
, NULL
);
750 /* Initially we write 0 here */
751 r
= dns_packet_append_uint16(p
, 0, &rdlength_offset
);
755 rds
= p
->size
- saved_size
;
757 switch (rr
->unparseable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
760 r
= dns_packet_append_uint16(p
, rr
->srv
.priority
, NULL
);
764 r
= dns_packet_append_uint16(p
, rr
->srv
.weight
, NULL
);
768 r
= dns_packet_append_uint16(p
, rr
->srv
.port
, NULL
);
772 r
= dns_packet_append_name(p
, rr
->srv
.name
, true, false, NULL
);
779 r
= dns_packet_append_name(p
, rr
->ptr
.name
, true, false, NULL
);
783 r
= dns_packet_append_string(p
, rr
->hinfo
.cpu
, NULL
);
787 r
= dns_packet_append_string(p
, rr
->hinfo
.os
, NULL
);
790 case DNS_TYPE_SPF
: /* exactly the same as TXT */
793 if (!rr
->txt
.items
) {
794 /* RFC 6763, section 6.1 suggests to generate
795 * single empty string for an empty array. */
797 r
= dns_packet_append_raw_string(p
, NULL
, 0, NULL
);
803 LIST_FOREACH(items
, i
, rr
->txt
.items
) {
804 r
= dns_packet_append_raw_string(p
, i
->data
, i
->length
, NULL
);
814 r
= dns_packet_append_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
818 r
= dns_packet_append_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
822 r
= dns_packet_append_name(p
, rr
->soa
.mname
, true, false, NULL
);
826 r
= dns_packet_append_name(p
, rr
->soa
.rname
, true, false, NULL
);
830 r
= dns_packet_append_uint32(p
, rr
->soa
.serial
, NULL
);
834 r
= dns_packet_append_uint32(p
, rr
->soa
.refresh
, NULL
);
838 r
= dns_packet_append_uint32(p
, rr
->soa
.retry
, NULL
);
842 r
= dns_packet_append_uint32(p
, rr
->soa
.expire
, NULL
);
846 r
= dns_packet_append_uint32(p
, rr
->soa
.minimum
, NULL
);
850 r
= dns_packet_append_uint16(p
, rr
->mx
.priority
, NULL
);
854 r
= dns_packet_append_name(p
, rr
->mx
.exchange
, true, false, NULL
);
858 r
= dns_packet_append_uint8(p
, rr
->loc
.version
, NULL
);
862 r
= dns_packet_append_uint8(p
, rr
->loc
.size
, NULL
);
866 r
= dns_packet_append_uint8(p
, rr
->loc
.horiz_pre
, NULL
);
870 r
= dns_packet_append_uint8(p
, rr
->loc
.vert_pre
, NULL
);
874 r
= dns_packet_append_uint32(p
, rr
->loc
.latitude
, NULL
);
878 r
= dns_packet_append_uint32(p
, rr
->loc
.longitude
, NULL
);
882 r
= dns_packet_append_uint32(p
, rr
->loc
.altitude
, NULL
);
886 r
= dns_packet_append_uint16(p
, rr
->ds
.key_tag
, NULL
);
890 r
= dns_packet_append_uint8(p
, rr
->ds
.algorithm
, NULL
);
894 r
= dns_packet_append_uint8(p
, rr
->ds
.digest_type
, NULL
);
898 r
= dns_packet_append_blob(p
, rr
->ds
.digest
, rr
->ds
.digest_size
, NULL
);
902 r
= dns_packet_append_uint8(p
, rr
->sshfp
.algorithm
, NULL
);
906 r
= dns_packet_append_uint8(p
, rr
->sshfp
.fptype
, NULL
);
910 r
= dns_packet_append_blob(p
, rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, NULL
);
913 case DNS_TYPE_DNSKEY
:
914 r
= dns_packet_append_uint16(p
, rr
->dnskey
.flags
, NULL
);
918 r
= dns_packet_append_uint8(p
, rr
->dnskey
.protocol
, NULL
);
922 r
= dns_packet_append_uint8(p
, rr
->dnskey
.algorithm
, NULL
);
926 r
= dns_packet_append_blob(p
, rr
->dnskey
.key
, rr
->dnskey
.key_size
, NULL
);
930 r
= dns_packet_append_uint16(p
, rr
->rrsig
.type_covered
, NULL
);
934 r
= dns_packet_append_uint8(p
, rr
->rrsig
.algorithm
, NULL
);
938 r
= dns_packet_append_uint8(p
, rr
->rrsig
.labels
, NULL
);
942 r
= dns_packet_append_uint32(p
, rr
->rrsig
.original_ttl
, NULL
);
946 r
= dns_packet_append_uint32(p
, rr
->rrsig
.expiration
, NULL
);
950 r
= dns_packet_append_uint32(p
, rr
->rrsig
.inception
, NULL
);
954 r
= dns_packet_append_uint16(p
, rr
->rrsig
.key_tag
, NULL
);
958 r
= dns_packet_append_name(p
, rr
->rrsig
.signer
, false, true, NULL
);
962 r
= dns_packet_append_blob(p
, rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, NULL
);
966 r
= dns_packet_append_name(p
, rr
->nsec
.next_domain_name
, false, false, NULL
);
970 r
= dns_packet_append_types(p
, rr
->nsec
.types
, NULL
);
977 r
= dns_packet_append_uint8(p
, rr
->nsec3
.algorithm
, NULL
);
981 r
= dns_packet_append_uint8(p
, rr
->nsec3
.flags
, NULL
);
985 r
= dns_packet_append_uint16(p
, rr
->nsec3
.iterations
, NULL
);
989 r
= dns_packet_append_uint8(p
, rr
->nsec3
.salt_size
, NULL
);
993 r
= dns_packet_append_blob(p
, rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, NULL
);
997 r
= dns_packet_append_uint8(p
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1001 r
= dns_packet_append_blob(p
, rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1005 r
= dns_packet_append_types(p
, rr
->nsec3
.types
, NULL
);
1012 case _DNS_TYPE_INVALID
: /* unparseable */
1015 r
= dns_packet_append_blob(p
, rr
->generic
.data
, rr
->generic
.size
, NULL
);
1021 /* Let's calculate the actual data size and update the field */
1022 rdlength
= p
->size
- rdlength_offset
- sizeof(uint16_t);
1023 if (rdlength
> 0xFFFF) {
1029 p
->size
= rdlength_offset
;
1030 r
= dns_packet_append_uint16(p
, rdlength
, NULL
);
1036 *start
= saved_size
;
1044 dns_packet_truncate(p
, saved_size
);
1049 int dns_packet_read(DnsPacket
*p
, size_t sz
, const void **ret
, size_t *start
) {
1052 if (p
->rindex
+ sz
> p
->size
)
1056 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->rindex
;
1065 void dns_packet_rewind(DnsPacket
*p
, size_t idx
) {
1067 assert(idx
<= p
->size
);
1068 assert(idx
>= DNS_PACKET_HEADER_SIZE
);
1073 int dns_packet_read_blob(DnsPacket
*p
, void *d
, size_t sz
, size_t *start
) {
1080 r
= dns_packet_read(p
, sz
, &q
, start
);
1088 static int dns_packet_read_memdup(
1089 DnsPacket
*p
, size_t size
,
1090 void **ret
, size_t *ret_size
,
1091 size_t *ret_start
) {
1100 r
= dns_packet_read(p
, size
, &src
, &start
);
1109 copy
= memdup(src
, size
);
1124 int dns_packet_read_uint8(DnsPacket
*p
, uint8_t *ret
, size_t *start
) {
1130 r
= dns_packet_read(p
, sizeof(uint8_t), &d
, start
);
1134 *ret
= ((uint8_t*) d
)[0];
1138 int dns_packet_read_uint16(DnsPacket
*p
, uint16_t *ret
, size_t *start
) {
1144 r
= dns_packet_read(p
, sizeof(uint16_t), &d
, start
);
1148 *ret
= unaligned_read_be16(d
);
1153 int dns_packet_read_uint32(DnsPacket
*p
, uint32_t *ret
, size_t *start
) {
1159 r
= dns_packet_read(p
, sizeof(uint32_t), &d
, start
);
1163 *ret
= unaligned_read_be32(d
);
1168 int dns_packet_read_string(DnsPacket
*p
, char **ret
, size_t *start
) {
1169 size_t saved_rindex
;
1177 saved_rindex
= p
->rindex
;
1179 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1183 r
= dns_packet_read(p
, c
, &d
, NULL
);
1187 if (memchr(d
, 0, c
)) {
1198 if (!utf8_is_valid(t
)) {
1207 *start
= saved_rindex
;
1212 dns_packet_rewind(p
, saved_rindex
);
1216 int dns_packet_read_raw_string(DnsPacket
*p
, const void **ret
, size_t *size
, size_t *start
) {
1217 size_t saved_rindex
;
1223 saved_rindex
= p
->rindex
;
1225 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1229 r
= dns_packet_read(p
, c
, ret
, NULL
);
1236 *start
= saved_rindex
;
1241 dns_packet_rewind(p
, saved_rindex
);
1245 int dns_packet_read_name(
1248 bool allow_compression
,
1251 size_t saved_rindex
, after_rindex
= 0, jump_barrier
;
1252 _cleanup_free_
char *ret
= NULL
;
1253 size_t n
= 0, allocated
= 0;
1260 if (p
->refuse_compression
)
1261 allow_compression
= false;
1263 saved_rindex
= p
->rindex
;
1264 jump_barrier
= p
->rindex
;
1269 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1280 r
= dns_packet_read(p
, c
, (const void**) &label
, NULL
);
1284 if (!GREEDY_REALLOC(ret
, allocated
, n
+ !first
+ DNS_LABEL_ESCAPED_MAX
)) {
1294 r
= dns_label_escape(label
, c
, ret
+ n
, DNS_LABEL_ESCAPED_MAX
);
1300 } else if (allow_compression
&& (c
& 0xc0) == 0xc0) {
1304 r
= dns_packet_read_uint8(p
, &d
, NULL
);
1308 ptr
= (uint16_t) (c
& ~0xc0) << 8 | (uint16_t) d
;
1309 if (ptr
< DNS_PACKET_HEADER_SIZE
|| ptr
>= jump_barrier
) {
1314 if (after_rindex
== 0)
1315 after_rindex
= p
->rindex
;
1317 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1326 if (!GREEDY_REALLOC(ret
, allocated
, n
+ 1)) {
1333 if (after_rindex
!= 0)
1334 p
->rindex
= after_rindex
;
1340 *start
= saved_rindex
;
1345 dns_packet_rewind(p
, saved_rindex
);
1349 static int dns_packet_read_type_window(DnsPacket
*p
, Bitmap
**types
, size_t *start
) {
1352 const uint8_t *bitmap
;
1356 size_t saved_rindex
;
1362 saved_rindex
= p
->rindex
;
1364 r
= bitmap_ensure_allocated(types
);
1368 r
= dns_packet_read_uint8(p
, &window
, NULL
);
1372 r
= dns_packet_read_uint8(p
, &length
, NULL
);
1376 if (length
== 0 || length
> 32)
1379 r
= dns_packet_read(p
, length
, (const void **)&bitmap
, NULL
);
1383 for (i
= 0; i
< length
; i
++) {
1384 uint8_t bitmask
= 1 << 7;
1395 if (bitmap
[i
] & bitmask
) {
1398 n
= (uint16_t) window
<< 8 | (uint16_t) bit
;
1400 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1401 if (dns_type_is_pseudo(n
))
1404 r
= bitmap_set(*types
, n
);
1418 *start
= saved_rindex
;
1422 dns_packet_rewind(p
, saved_rindex
);
1426 static int dns_packet_read_type_windows(DnsPacket
*p
, Bitmap
**types
, size_t size
, size_t *start
) {
1427 size_t saved_rindex
;
1430 saved_rindex
= p
->rindex
;
1432 while (p
->rindex
< saved_rindex
+ size
) {
1433 r
= dns_packet_read_type_window(p
, types
, NULL
);
1437 /* don't read past end of current RR */
1438 if (p
->rindex
> saved_rindex
+ size
) {
1444 if (p
->rindex
!= saved_rindex
+ size
) {
1450 *start
= saved_rindex
;
1454 dns_packet_rewind(p
, saved_rindex
);
1458 int dns_packet_read_key(DnsPacket
*p
, DnsResourceKey
**ret
, size_t *start
) {
1459 _cleanup_free_
char *name
= NULL
;
1460 bool cache_flush
= true;
1461 uint16_t class, type
;
1462 DnsResourceKey
*key
;
1463 size_t saved_rindex
;
1469 saved_rindex
= p
->rindex
;
1471 r
= dns_packet_read_name(p
, &name
, true, NULL
);
1475 r
= dns_packet_read_uint16(p
, &type
, NULL
);
1479 r
= dns_packet_read_uint16(p
, &class, NULL
);
1483 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
1484 /* See RFC6762, Section 10.2 */
1486 if (class & MDNS_RR_CACHE_FLUSH
)
1487 class &= ~MDNS_RR_CACHE_FLUSH
;
1489 cache_flush
= false;
1492 key
= dns_resource_key_new_consume(class, type
, name
);
1498 key
->cache_flush
= cache_flush
;
1504 *start
= saved_rindex
;
1508 dns_packet_rewind(p
, saved_rindex
);
1512 static bool loc_size_ok(uint8_t size
) {
1513 uint8_t m
= size
>> 4, e
= size
& 0xF;
1515 return m
<= 9 && e
<= 9 && (m
> 0 || e
== 0);
1518 int dns_packet_read_rr(DnsPacket
*p
, DnsResourceRecord
**ret
, size_t *start
) {
1519 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1520 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1521 size_t saved_rindex
, offset
;
1528 saved_rindex
= p
->rindex
;
1530 r
= dns_packet_read_key(p
, &key
, NULL
);
1534 if (key
->class == DNS_CLASS_ANY
||
1535 !dns_type_is_valid_rr(key
->type
)) {
1540 rr
= dns_resource_record_new(key
);
1546 r
= dns_packet_read_uint32(p
, &rr
->ttl
, NULL
);
1550 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
1554 if (p
->rindex
+ rdlength
> p
->size
) {
1561 switch (rr
->key
->type
) {
1564 r
= dns_packet_read_uint16(p
, &rr
->srv
.priority
, NULL
);
1567 r
= dns_packet_read_uint16(p
, &rr
->srv
.weight
, NULL
);
1570 r
= dns_packet_read_uint16(p
, &rr
->srv
.port
, NULL
);
1573 r
= dns_packet_read_name(p
, &rr
->srv
.name
, true, NULL
);
1578 case DNS_TYPE_CNAME
:
1579 case DNS_TYPE_DNAME
:
1580 r
= dns_packet_read_name(p
, &rr
->ptr
.name
, true, NULL
);
1583 case DNS_TYPE_HINFO
:
1584 r
= dns_packet_read_string(p
, &rr
->hinfo
.cpu
, NULL
);
1588 r
= dns_packet_read_string(p
, &rr
->hinfo
.os
, NULL
);
1591 case DNS_TYPE_SPF
: /* exactly the same as TXT */
1593 if (rdlength
<= 0) {
1595 /* RFC 6763, section 6.1 suggests to treat
1596 * empty TXT RRs as equivalent to a TXT record
1597 * with a single empty string. */
1599 i
= malloc0(offsetof(DnsTxtItem
, data
) + 1); /* for safety reasons we add an extra NUL byte */
1605 DnsTxtItem
*last
= NULL
;
1607 while (p
->rindex
< offset
+ rdlength
) {
1612 r
= dns_packet_read_raw_string(p
, &data
, &sz
, NULL
);
1616 i
= malloc0(offsetof(DnsTxtItem
, data
) + sz
+ 1); /* extra NUL byte at the end */
1620 memcpy(i
->data
, data
, sz
);
1623 LIST_INSERT_AFTER(items
, rr
->txt
.items
, last
, i
);
1632 r
= dns_packet_read_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
1636 r
= dns_packet_read_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
1640 r
= dns_packet_read_name(p
, &rr
->soa
.mname
, true, NULL
);
1644 r
= dns_packet_read_name(p
, &rr
->soa
.rname
, true, NULL
);
1648 r
= dns_packet_read_uint32(p
, &rr
->soa
.serial
, NULL
);
1652 r
= dns_packet_read_uint32(p
, &rr
->soa
.refresh
, NULL
);
1656 r
= dns_packet_read_uint32(p
, &rr
->soa
.retry
, NULL
);
1660 r
= dns_packet_read_uint32(p
, &rr
->soa
.expire
, NULL
);
1664 r
= dns_packet_read_uint32(p
, &rr
->soa
.minimum
, NULL
);
1668 r
= dns_packet_read_uint16(p
, &rr
->mx
.priority
, NULL
);
1672 r
= dns_packet_read_name(p
, &rr
->mx
.exchange
, true, NULL
);
1675 case DNS_TYPE_LOC
: {
1679 r
= dns_packet_read_uint8(p
, &t
, &pos
);
1684 rr
->loc
.version
= t
;
1686 r
= dns_packet_read_uint8(p
, &rr
->loc
.size
, NULL
);
1690 if (!loc_size_ok(rr
->loc
.size
)) {
1695 r
= dns_packet_read_uint8(p
, &rr
->loc
.horiz_pre
, NULL
);
1699 if (!loc_size_ok(rr
->loc
.horiz_pre
)) {
1704 r
= dns_packet_read_uint8(p
, &rr
->loc
.vert_pre
, NULL
);
1708 if (!loc_size_ok(rr
->loc
.vert_pre
)) {
1713 r
= dns_packet_read_uint32(p
, &rr
->loc
.latitude
, NULL
);
1717 r
= dns_packet_read_uint32(p
, &rr
->loc
.longitude
, NULL
);
1721 r
= dns_packet_read_uint32(p
, &rr
->loc
.altitude
, NULL
);
1727 dns_packet_rewind(p
, pos
);
1728 rr
->unparseable
= true;
1734 r
= dns_packet_read_uint16(p
, &rr
->ds
.key_tag
, NULL
);
1738 r
= dns_packet_read_uint8(p
, &rr
->ds
.algorithm
, NULL
);
1742 r
= dns_packet_read_uint8(p
, &rr
->ds
.digest_type
, NULL
);
1746 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1747 &rr
->ds
.digest
, &rr
->ds
.digest_size
,
1752 if (rr
->ds
.digest_size
<= 0) {
1753 /* the accepted size depends on the algorithm, but for now
1754 just ensure that the value is greater than zero */
1761 case DNS_TYPE_SSHFP
:
1762 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.algorithm
, NULL
);
1766 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.fptype
, NULL
);
1770 r
= dns_packet_read_memdup(p
, rdlength
- 2,
1771 &rr
->sshfp
.fingerprint
, &rr
->sshfp
.fingerprint_size
,
1774 if (rr
->sshfp
.fingerprint_size
<= 0) {
1775 /* the accepted size depends on the algorithm, but for now
1776 just ensure that the value is greater than zero */
1783 case DNS_TYPE_DNSKEY
:
1784 r
= dns_packet_read_uint16(p
, &rr
->dnskey
.flags
, NULL
);
1788 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.protocol
, NULL
);
1792 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.algorithm
, NULL
);
1796 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1797 &rr
->dnskey
.key
, &rr
->dnskey
.key_size
,
1800 if (rr
->dnskey
.key_size
<= 0) {
1801 /* the accepted size depends on the algorithm, but for now
1802 just ensure that the value is greater than zero */
1809 case DNS_TYPE_RRSIG
:
1810 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.type_covered
, NULL
);
1814 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.algorithm
, NULL
);
1818 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.labels
, NULL
);
1822 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.original_ttl
, NULL
);
1826 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.expiration
, NULL
);
1830 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.inception
, NULL
);
1834 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.key_tag
, NULL
);
1838 r
= dns_packet_read_name(p
, &rr
->rrsig
.signer
, false, NULL
);
1842 r
= dns_packet_read_memdup(p
, offset
+ rdlength
- p
->rindex
,
1843 &rr
->rrsig
.signature
, &rr
->rrsig
.signature_size
,
1846 if (rr
->rrsig
.signature_size
<= 0) {
1847 /* the accepted size depends on the algorithm, but for now
1848 just ensure that the value is greater than zero */
1855 case DNS_TYPE_NSEC
: {
1858 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1859 * This contradicts RFC3845, section 2.1.1
1862 bool allow_compressed
= p
->protocol
== DNS_PROTOCOL_MDNS
;
1864 r
= dns_packet_read_name(p
, &rr
->nsec
.next_domain_name
, allow_compressed
, NULL
);
1868 r
= dns_packet_read_type_windows(p
, &rr
->nsec
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1872 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1873 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1874 * without the NSEC bit set. */
1878 case DNS_TYPE_NSEC3
: {
1881 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.algorithm
, NULL
);
1885 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.flags
, NULL
);
1889 r
= dns_packet_read_uint16(p
, &rr
->nsec3
.iterations
, NULL
);
1893 /* this may be zero */
1894 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1898 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.salt
, &rr
->nsec3
.salt_size
, NULL
);
1902 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1911 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.next_hashed_name
, &rr
->nsec3
.next_hashed_name_size
, NULL
);
1915 r
= dns_packet_read_type_windows(p
, &rr
->nsec3
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1919 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1924 case DNS_TYPE_OPT
: /* we only care about the header of OPT for now. */
1927 r
= dns_packet_read_memdup(p
, rdlength
, &rr
->generic
.data
, &rr
->generic
.size
, NULL
);
1934 if (p
->rindex
!= offset
+ rdlength
) {
1943 *start
= saved_rindex
;
1947 dns_packet_rewind(p
, saved_rindex
);
1951 int dns_packet_extract(DnsPacket
*p
) {
1952 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
1953 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
1954 size_t saved_rindex
;
1961 saved_rindex
= p
->rindex
;
1962 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
1964 n
= DNS_PACKET_QDCOUNT(p
);
1966 question
= dns_question_new(n
);
1972 for (i
= 0; i
< n
; i
++) {
1973 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1975 r
= dns_packet_read_key(p
, &key
, NULL
);
1979 if (!dns_type_is_valid_query(key
->type
)) {
1984 r
= dns_question_add(question
, key
);
1990 n
= DNS_PACKET_RRCOUNT(p
);
1992 answer
= dns_answer_new(n
);
1998 for (i
= 0; i
< n
; i
++) {
1999 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
2001 r
= dns_packet_read_rr(p
, &rr
, NULL
);
2005 if (rr
->key
->type
== DNS_TYPE_OPT
) {
2007 /* The OPT RR is only valid in the Additional section */
2008 if (i
< DNS_PACKET_ANCOUNT(p
) + DNS_PACKET_NSCOUNT(p
)) {
2019 p
->opt
= dns_resource_record_ref(rr
);
2021 r
= dns_answer_add(answer
, rr
, p
->ifindex
);
2028 p
->question
= question
;
2034 p
->extracted
= true;
2039 p
->rindex
= saved_rindex
;
2043 int dns_packet_is_reply_for(DnsPacket
*p
, const DnsResourceKey
*key
) {
2049 /* Checks if the specified packet is a reply for the specified
2050 * key and the specified key is the only one in the question
2053 if (DNS_PACKET_QR(p
) != 1)
2056 /* Let's unpack the packet, if that hasn't happened yet. */
2057 r
= dns_packet_extract(p
);
2061 if (p
->question
->n_keys
!= 1)
2064 return dns_resource_key_equal(p
->question
->keys
[0], key
);
2067 static const char* const dns_rcode_table
[_DNS_RCODE_MAX_DEFINED
] = {
2068 [DNS_RCODE_SUCCESS
] = "SUCCESS",
2069 [DNS_RCODE_FORMERR
] = "FORMERR",
2070 [DNS_RCODE_SERVFAIL
] = "SERVFAIL",
2071 [DNS_RCODE_NXDOMAIN
] = "NXDOMAIN",
2072 [DNS_RCODE_NOTIMP
] = "NOTIMP",
2073 [DNS_RCODE_REFUSED
] = "REFUSED",
2074 [DNS_RCODE_YXDOMAIN
] = "YXDOMAIN",
2075 [DNS_RCODE_YXRRSET
] = "YRRSET",
2076 [DNS_RCODE_NXRRSET
] = "NXRRSET",
2077 [DNS_RCODE_NOTAUTH
] = "NOTAUTH",
2078 [DNS_RCODE_NOTZONE
] = "NOTZONE",
2079 [DNS_RCODE_BADVERS
] = "BADVERS",
2080 [DNS_RCODE_BADKEY
] = "BADKEY",
2081 [DNS_RCODE_BADTIME
] = "BADTIME",
2082 [DNS_RCODE_BADMODE
] = "BADMODE",
2083 [DNS_RCODE_BADNAME
] = "BADNAME",
2084 [DNS_RCODE_BADALG
] = "BADALG",
2085 [DNS_RCODE_BADTRUNC
] = "BADTRUNC",
2087 DEFINE_STRING_TABLE_LOOKUP(dns_rcode
, int);
2089 static const char* const dns_protocol_table
[_DNS_PROTOCOL_MAX
] = {
2090 [DNS_PROTOCOL_DNS
] = "dns",
2091 [DNS_PROTOCOL_MDNS
] = "mdns",
2092 [DNS_PROTOCOL_LLMNR
] = "llmnr",
2094 DEFINE_STRING_TABLE_LOOKUP(dns_protocol
, DnsProtocol
);