]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5930 from larskarlitski/journal-skip
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2014 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include "alloc-util.h"
21 #include "dns-domain.h"
22 #include "resolved-dns-packet.h"
23 #include "string-table.h"
24 #include "strv.h"
25 #include "unaligned.h"
26 #include "utf8.h"
27 #include "util.h"
28
29 #define EDNS0_OPT_DO (1<<15)
30
31 typedef struct DnsPacketRewinder {
32 DnsPacket *packet;
33 size_t saved_rindex;
34 } DnsPacketRewinder;
35
36 static void rewind_dns_packet(DnsPacketRewinder *rewinder) {
37 if (rewinder->packet)
38 dns_packet_rewind(rewinder->packet, rewinder->saved_rindex);
39 }
40
41 #define INIT_REWINDER(rewinder, p) do { rewinder.packet = p; rewinder.saved_rindex = p->rindex; } while (0)
42 #define CANCEL_REWINDER(rewinder) do { rewinder.packet = NULL; } while (0)
43
44 int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
45 DnsPacket *p;
46 size_t a;
47
48 assert(ret);
49
50 if (mtu <= UDP_PACKET_HEADER_SIZE)
51 a = DNS_PACKET_SIZE_START;
52 else
53 a = mtu - UDP_PACKET_HEADER_SIZE;
54
55 if (a < DNS_PACKET_HEADER_SIZE)
56 a = DNS_PACKET_HEADER_SIZE;
57
58 /* round up to next page size */
59 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
60
61 /* make sure we never allocate more than useful */
62 if (a > DNS_PACKET_SIZE_MAX)
63 a = DNS_PACKET_SIZE_MAX;
64
65 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
66 if (!p)
67 return -ENOMEM;
68
69 p->size = p->rindex = DNS_PACKET_HEADER_SIZE;
70 p->allocated = a;
71 p->protocol = protocol;
72 p->opt_start = p->opt_size = (size_t) -1;
73 p->n_ref = 1;
74
75 *ret = p;
76
77 return 0;
78 }
79
80 void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
81
82 DnsPacketHeader *h;
83
84 assert(p);
85
86 h = DNS_PACKET_HEADER(p);
87
88 switch(p->protocol) {
89 case DNS_PROTOCOL_LLMNR:
90 assert(!truncated);
91
92 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
93 0 /* opcode */,
94 0 /* c */,
95 0 /* tc */,
96 0 /* t */,
97 0 /* ra */,
98 0 /* ad */,
99 0 /* cd */,
100 0 /* rcode */));
101 break;
102
103 case DNS_PROTOCOL_MDNS:
104 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
105 0 /* opcode */,
106 0 /* aa */,
107 truncated /* tc */,
108 0 /* rd (ask for recursion) */,
109 0 /* ra */,
110 0 /* ad */,
111 0 /* cd */,
112 0 /* rcode */));
113 break;
114
115 default:
116 assert(!truncated);
117
118 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
119 0 /* opcode */,
120 0 /* aa */,
121 0 /* tc */,
122 1 /* rd (ask for recursion) */,
123 0 /* ra */,
124 0 /* ad */,
125 dnssec_checking_disabled /* cd */,
126 0 /* rcode */));
127 }
128 }
129
130 int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu, bool dnssec_checking_disabled) {
131 DnsPacket *p;
132 int r;
133
134 assert(ret);
135
136 r = dns_packet_new(&p, protocol, mtu);
137 if (r < 0)
138 return r;
139
140 /* Always set the TC bit to 0 initially.
141 * If there are multiple packets later, we'll update the bit shortly before sending.
142 */
143 dns_packet_set_flags(p, dnssec_checking_disabled, false);
144
145 *ret = p;
146 return 0;
147 }
148
149 DnsPacket *dns_packet_ref(DnsPacket *p) {
150
151 if (!p)
152 return NULL;
153
154 assert(!p->on_stack);
155
156 assert(p->n_ref > 0);
157 p->n_ref++;
158 return p;
159 }
160
161 static void dns_packet_free(DnsPacket *p) {
162 char *s;
163
164 assert(p);
165
166 dns_question_unref(p->question);
167 dns_answer_unref(p->answer);
168 dns_resource_record_unref(p->opt);
169
170 while ((s = hashmap_steal_first_key(p->names)))
171 free(s);
172 hashmap_free(p->names);
173
174 free(p->_data);
175
176 if (!p->on_stack)
177 free(p);
178 }
179
180 DnsPacket *dns_packet_unref(DnsPacket *p) {
181 if (!p)
182 return NULL;
183
184 assert(p->n_ref > 0);
185
186 dns_packet_unref(p->more);
187
188 if (p->n_ref == 1)
189 dns_packet_free(p);
190 else
191 p->n_ref--;
192
193 return NULL;
194 }
195
196 int dns_packet_validate(DnsPacket *p) {
197 assert(p);
198
199 if (p->size < DNS_PACKET_HEADER_SIZE)
200 return -EBADMSG;
201
202 if (p->size > DNS_PACKET_SIZE_MAX)
203 return -EBADMSG;
204
205 return 1;
206 }
207
208 int dns_packet_validate_reply(DnsPacket *p) {
209 int r;
210
211 assert(p);
212
213 r = dns_packet_validate(p);
214 if (r < 0)
215 return r;
216
217 if (DNS_PACKET_QR(p) != 1)
218 return 0;
219
220 if (DNS_PACKET_OPCODE(p) != 0)
221 return -EBADMSG;
222
223 switch (p->protocol) {
224
225 case DNS_PROTOCOL_LLMNR:
226 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
227 if (DNS_PACKET_QDCOUNT(p) != 1)
228 return -EBADMSG;
229
230 break;
231
232 case DNS_PROTOCOL_MDNS:
233 /* RFC 6762, Section 18 */
234 if (DNS_PACKET_RCODE(p) != 0)
235 return -EBADMSG;
236
237 break;
238
239 default:
240 break;
241 }
242
243 return 1;
244 }
245
246 int dns_packet_validate_query(DnsPacket *p) {
247 int r;
248
249 assert(p);
250
251 r = dns_packet_validate(p);
252 if (r < 0)
253 return r;
254
255 if (DNS_PACKET_QR(p) != 0)
256 return 0;
257
258 if (DNS_PACKET_OPCODE(p) != 0)
259 return -EBADMSG;
260
261 if (DNS_PACKET_TC(p))
262 return -EBADMSG;
263
264 switch (p->protocol) {
265
266 case DNS_PROTOCOL_LLMNR:
267 case DNS_PROTOCOL_DNS:
268 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
269 if (DNS_PACKET_QDCOUNT(p) != 1)
270 return -EBADMSG;
271
272 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
273 if (DNS_PACKET_ANCOUNT(p) > 0)
274 return -EBADMSG;
275
276 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
277 if (DNS_PACKET_NSCOUNT(p) > 0)
278 return -EBADMSG;
279
280 break;
281
282 case DNS_PROTOCOL_MDNS:
283 /* RFC 6762, Section 18 */
284 if (DNS_PACKET_AA(p) != 0 ||
285 DNS_PACKET_RD(p) != 0 ||
286 DNS_PACKET_RA(p) != 0 ||
287 DNS_PACKET_AD(p) != 0 ||
288 DNS_PACKET_CD(p) != 0 ||
289 DNS_PACKET_RCODE(p) != 0)
290 return -EBADMSG;
291
292 break;
293
294 default:
295 break;
296 }
297
298 return 1;
299 }
300
301 static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
302 assert(p);
303
304 if (p->size + add > p->allocated) {
305 size_t a;
306
307 a = PAGE_ALIGN((p->size + add) * 2);
308 if (a > DNS_PACKET_SIZE_MAX)
309 a = DNS_PACKET_SIZE_MAX;
310
311 if (p->size + add > a)
312 return -EMSGSIZE;
313
314 if (p->_data) {
315 void *d;
316
317 d = realloc(p->_data, a);
318 if (!d)
319 return -ENOMEM;
320
321 p->_data = d;
322 } else {
323 p->_data = malloc(a);
324 if (!p->_data)
325 return -ENOMEM;
326
327 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
328 memzero((uint8_t*) p->_data + p->size, a - p->size);
329 }
330
331 p->allocated = a;
332 }
333
334 if (start)
335 *start = p->size;
336
337 if (ret)
338 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
339
340 p->size += add;
341 return 0;
342 }
343
344 void dns_packet_truncate(DnsPacket *p, size_t sz) {
345 Iterator i;
346 char *s;
347 void *n;
348
349 assert(p);
350
351 if (p->size <= sz)
352 return;
353
354 HASHMAP_FOREACH_KEY(n, s, p->names, i) {
355
356 if (PTR_TO_SIZE(n) < sz)
357 continue;
358
359 hashmap_remove(p->names, s);
360 free(s);
361 }
362
363 p->size = sz;
364 }
365
366 int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
367 void *q;
368 int r;
369
370 assert(p);
371
372 r = dns_packet_extend(p, l, &q, start);
373 if (r < 0)
374 return r;
375
376 memcpy(q, d, l);
377 return 0;
378 }
379
380 int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
381 void *d;
382 int r;
383
384 assert(p);
385
386 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
387 if (r < 0)
388 return r;
389
390 ((uint8_t*) d)[0] = v;
391
392 return 0;
393 }
394
395 int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
396 void *d;
397 int r;
398
399 assert(p);
400
401 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
402 if (r < 0)
403 return r;
404
405 unaligned_write_be16(d, v);
406
407 return 0;
408 }
409
410 int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
411 void *d;
412 int r;
413
414 assert(p);
415
416 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
417 if (r < 0)
418 return r;
419
420 unaligned_write_be32(d, v);
421
422 return 0;
423 }
424
425 int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
426 assert(p);
427 assert(s);
428
429 return dns_packet_append_raw_string(p, s, strlen(s), start);
430 }
431
432 int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
433 void *d;
434 int r;
435
436 assert(p);
437 assert(s || size == 0);
438
439 if (size > 255)
440 return -E2BIG;
441
442 r = dns_packet_extend(p, 1 + size, &d, start);
443 if (r < 0)
444 return r;
445
446 ((uint8_t*) d)[0] = (uint8_t) size;
447
448 memcpy_safe(((uint8_t*) d) + 1, s, size);
449
450 return 0;
451 }
452
453 int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
454 uint8_t *w;
455 int r;
456
457 /* Append a label to a packet. Optionally, does this in DNSSEC
458 * canonical form, if this label is marked as a candidate for
459 * it, and the canonical form logic is enabled for the
460 * packet */
461
462 assert(p);
463 assert(d);
464
465 if (l > DNS_LABEL_MAX)
466 return -E2BIG;
467
468 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
469 if (r < 0)
470 return r;
471
472 *(w++) = (uint8_t) l;
473
474 if (p->canonical_form && canonical_candidate) {
475 size_t i;
476
477 /* Generate in canonical form, as defined by DNSSEC
478 * RFC 4034, Section 6.2, i.e. all lower-case. */
479
480 for (i = 0; i < l; i++)
481 w[i] = (uint8_t) ascii_tolower(d[i]);
482 } else
483 /* Otherwise, just copy the string unaltered. This is
484 * essential for DNS-SD, where the casing of labels
485 * matters and needs to be retained. */
486 memcpy(w, d, l);
487
488 return 0;
489 }
490
491 int dns_packet_append_name(
492 DnsPacket *p,
493 const char *name,
494 bool allow_compression,
495 bool canonical_candidate,
496 size_t *start) {
497
498 size_t saved_size;
499 int r;
500
501 assert(p);
502 assert(name);
503
504 if (p->refuse_compression)
505 allow_compression = false;
506
507 saved_size = p->size;
508
509 while (!dns_name_is_root(name)) {
510 const char *z = name;
511 char label[DNS_LABEL_MAX];
512 size_t n = 0;
513
514 if (allow_compression)
515 n = PTR_TO_SIZE(hashmap_get(p->names, name));
516 if (n > 0) {
517 assert(n < p->size);
518
519 if (n < 0x4000) {
520 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
521 if (r < 0)
522 goto fail;
523
524 goto done;
525 }
526 }
527
528 r = dns_label_unescape(&name, label, sizeof(label));
529 if (r < 0)
530 goto fail;
531
532 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
533 if (r < 0)
534 goto fail;
535
536 if (allow_compression) {
537 _cleanup_free_ char *s = NULL;
538
539 s = strdup(z);
540 if (!s) {
541 r = -ENOMEM;
542 goto fail;
543 }
544
545 r = hashmap_ensure_allocated(&p->names, &dns_name_hash_ops);
546 if (r < 0)
547 goto fail;
548
549 r = hashmap_put(p->names, s, SIZE_TO_PTR(n));
550 if (r < 0)
551 goto fail;
552
553 s = NULL;
554 }
555 }
556
557 r = dns_packet_append_uint8(p, 0, NULL);
558 if (r < 0)
559 return r;
560
561 done:
562 if (start)
563 *start = saved_size;
564
565 return 0;
566
567 fail:
568 dns_packet_truncate(p, saved_size);
569 return r;
570 }
571
572 int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, const DnsAnswerFlags flags, size_t *start) {
573 size_t saved_size;
574 uint16_t class;
575 int r;
576
577 assert(p);
578 assert(k);
579
580 saved_size = p->size;
581
582 r = dns_packet_append_name(p, dns_resource_key_name(k), true, true, NULL);
583 if (r < 0)
584 goto fail;
585
586 r = dns_packet_append_uint16(p, k->type, NULL);
587 if (r < 0)
588 goto fail;
589
590 class = flags & DNS_ANSWER_CACHE_FLUSH ? k->class | MDNS_RR_CACHE_FLUSH : k->class;
591 r = dns_packet_append_uint16(p, class, NULL);
592 if (r < 0)
593 goto fail;
594
595 if (start)
596 *start = saved_size;
597
598 return 0;
599
600 fail:
601 dns_packet_truncate(p, saved_size);
602 return r;
603 }
604
605 static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
606 size_t saved_size;
607 int r;
608
609 assert(p);
610 assert(types);
611 assert(length > 0);
612
613 saved_size = p->size;
614
615 r = dns_packet_append_uint8(p, window, NULL);
616 if (r < 0)
617 goto fail;
618
619 r = dns_packet_append_uint8(p, length, NULL);
620 if (r < 0)
621 goto fail;
622
623 r = dns_packet_append_blob(p, types, length, NULL);
624 if (r < 0)
625 goto fail;
626
627 if (start)
628 *start = saved_size;
629
630 return 0;
631 fail:
632 dns_packet_truncate(p, saved_size);
633 return r;
634 }
635
636 static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
637 Iterator i;
638 uint8_t window = 0;
639 uint8_t entry = 0;
640 uint8_t bitmaps[32] = {};
641 unsigned n;
642 size_t saved_size;
643 int r;
644
645 assert(p);
646
647 saved_size = p->size;
648
649 BITMAP_FOREACH(n, types, i) {
650 assert(n <= 0xffff);
651
652 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
653 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
654 if (r < 0)
655 goto fail;
656
657 zero(bitmaps);
658 }
659
660 window = n >> 8;
661 entry = n & 255;
662
663 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
664 }
665
666 if (bitmaps[entry / 8] != 0) {
667 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
668 if (r < 0)
669 goto fail;
670 }
671
672 if (start)
673 *start = saved_size;
674
675 return 0;
676 fail:
677 dns_packet_truncate(p, saved_size);
678 return r;
679 }
680
681 /* Append the OPT pseudo-RR described in RFC6891 */
682 int dns_packet_append_opt(DnsPacket *p, uint16_t max_udp_size, bool edns0_do, int rcode, size_t *start) {
683 size_t saved_size;
684 int r;
685
686 assert(p);
687 /* we must never advertise supported packet size smaller than the legacy max */
688 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
689 assert(rcode >= 0);
690 assert(rcode <= _DNS_RCODE_MAX);
691
692 if (p->opt_start != (size_t) -1)
693 return -EBUSY;
694
695 assert(p->opt_size == (size_t) -1);
696
697 saved_size = p->size;
698
699 /* empty name */
700 r = dns_packet_append_uint8(p, 0, NULL);
701 if (r < 0)
702 return r;
703
704 /* type */
705 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
706 if (r < 0)
707 goto fail;
708
709 /* class: maximum udp packet that can be received */
710 r = dns_packet_append_uint16(p, max_udp_size, NULL);
711 if (r < 0)
712 goto fail;
713
714 /* extended RCODE and VERSION */
715 r = dns_packet_append_uint16(p, ((uint16_t) rcode & 0x0FF0) << 4, NULL);
716 if (r < 0)
717 goto fail;
718
719 /* flags: DNSSEC OK (DO), see RFC3225 */
720 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
721 if (r < 0)
722 goto fail;
723
724 /* RDLENGTH */
725 if (edns0_do && !DNS_PACKET_QR(p)) {
726 /* If DO is on and this is not a reply, also append RFC6975 Algorithm data */
727
728 static const uint8_t rfc6975[] = {
729
730 0, 5, /* OPTION_CODE: DAU */
731 0, 6, /* LIST_LENGTH */
732 DNSSEC_ALGORITHM_RSASHA1,
733 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
734 DNSSEC_ALGORITHM_RSASHA256,
735 DNSSEC_ALGORITHM_RSASHA512,
736 DNSSEC_ALGORITHM_ECDSAP256SHA256,
737 DNSSEC_ALGORITHM_ECDSAP384SHA384,
738
739 0, 6, /* OPTION_CODE: DHU */
740 0, 3, /* LIST_LENGTH */
741 DNSSEC_DIGEST_SHA1,
742 DNSSEC_DIGEST_SHA256,
743 DNSSEC_DIGEST_SHA384,
744
745 0, 7, /* OPTION_CODE: N3U */
746 0, 1, /* LIST_LENGTH */
747 NSEC3_ALGORITHM_SHA1,
748 };
749
750 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL);
751 if (r < 0)
752 goto fail;
753
754 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL);
755 } else
756 r = dns_packet_append_uint16(p, 0, NULL);
757 if (r < 0)
758 goto fail;
759
760 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
761
762 p->opt_start = saved_size;
763 p->opt_size = p->size - saved_size;
764
765 if (start)
766 *start = saved_size;
767
768 return 0;
769
770 fail:
771 dns_packet_truncate(p, saved_size);
772 return r;
773 }
774
775 int dns_packet_truncate_opt(DnsPacket *p) {
776 assert(p);
777
778 if (p->opt_start == (size_t) -1) {
779 assert(p->opt_size == (size_t) -1);
780 return 0;
781 }
782
783 assert(p->opt_size != (size_t) -1);
784 assert(DNS_PACKET_ARCOUNT(p) > 0);
785
786 if (p->opt_start + p->opt_size != p->size)
787 return -EBUSY;
788
789 dns_packet_truncate(p, p->opt_start);
790 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
791 p->opt_start = p->opt_size = (size_t) -1;
792
793 return 1;
794 }
795
796 int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, const DnsAnswerFlags flags, size_t *start, size_t *rdata_start) {
797
798 size_t saved_size, rdlength_offset, end, rdlength, rds;
799 uint32_t ttl;
800 int r;
801
802 assert(p);
803 assert(rr);
804
805 saved_size = p->size;
806
807 r = dns_packet_append_key(p, rr->key, flags, NULL);
808 if (r < 0)
809 goto fail;
810
811 ttl = flags & DNS_ANSWER_GOODBYE ? 0 : rr->ttl;
812 r = dns_packet_append_uint32(p, ttl, NULL);
813 if (r < 0)
814 goto fail;
815
816 /* Initially we write 0 here */
817 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
818 if (r < 0)
819 goto fail;
820
821 rds = p->size - saved_size;
822
823 switch (rr->unparseable ? _DNS_TYPE_INVALID : rr->key->type) {
824
825 case DNS_TYPE_SRV:
826 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
827 if (r < 0)
828 goto fail;
829
830 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
831 if (r < 0)
832 goto fail;
833
834 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
835 if (r < 0)
836 goto fail;
837
838 r = dns_packet_append_name(p, rr->srv.name, true, false, NULL);
839 break;
840
841 case DNS_TYPE_PTR:
842 case DNS_TYPE_NS:
843 case DNS_TYPE_CNAME:
844 case DNS_TYPE_DNAME:
845 r = dns_packet_append_name(p, rr->ptr.name, true, false, NULL);
846 break;
847
848 case DNS_TYPE_HINFO:
849 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
850 if (r < 0)
851 goto fail;
852
853 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
854 break;
855
856 case DNS_TYPE_SPF: /* exactly the same as TXT */
857 case DNS_TYPE_TXT:
858
859 if (!rr->txt.items) {
860 /* RFC 6763, section 6.1 suggests to generate
861 * single empty string for an empty array. */
862
863 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
864 if (r < 0)
865 goto fail;
866 } else {
867 DnsTxtItem *i;
868
869 LIST_FOREACH(items, i, rr->txt.items) {
870 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
871 if (r < 0)
872 goto fail;
873 }
874 }
875
876 r = 0;
877 break;
878
879 case DNS_TYPE_A:
880 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
881 break;
882
883 case DNS_TYPE_AAAA:
884 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
885 break;
886
887 case DNS_TYPE_SOA:
888 r = dns_packet_append_name(p, rr->soa.mname, true, false, NULL);
889 if (r < 0)
890 goto fail;
891
892 r = dns_packet_append_name(p, rr->soa.rname, true, false, NULL);
893 if (r < 0)
894 goto fail;
895
896 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
897 if (r < 0)
898 goto fail;
899
900 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
901 if (r < 0)
902 goto fail;
903
904 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
905 if (r < 0)
906 goto fail;
907
908 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
909 if (r < 0)
910 goto fail;
911
912 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
913 break;
914
915 case DNS_TYPE_MX:
916 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
917 if (r < 0)
918 goto fail;
919
920 r = dns_packet_append_name(p, rr->mx.exchange, true, false, NULL);
921 break;
922
923 case DNS_TYPE_LOC:
924 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
925 if (r < 0)
926 goto fail;
927
928 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
929 if (r < 0)
930 goto fail;
931
932 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
933 if (r < 0)
934 goto fail;
935
936 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
937 if (r < 0)
938 goto fail;
939
940 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
941 if (r < 0)
942 goto fail;
943
944 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
945 if (r < 0)
946 goto fail;
947
948 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
949 break;
950
951 case DNS_TYPE_DS:
952 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
953 if (r < 0)
954 goto fail;
955
956 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
957 if (r < 0)
958 goto fail;
959
960 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
961 if (r < 0)
962 goto fail;
963
964 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
965 break;
966
967 case DNS_TYPE_SSHFP:
968 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
969 if (r < 0)
970 goto fail;
971
972 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
973 if (r < 0)
974 goto fail;
975
976 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
977 break;
978
979 case DNS_TYPE_DNSKEY:
980 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
981 if (r < 0)
982 goto fail;
983
984 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
985 if (r < 0)
986 goto fail;
987
988 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
989 if (r < 0)
990 goto fail;
991
992 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
993 break;
994
995 case DNS_TYPE_RRSIG:
996 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
997 if (r < 0)
998 goto fail;
999
1000 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
1001 if (r < 0)
1002 goto fail;
1003
1004 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
1005 if (r < 0)
1006 goto fail;
1007
1008 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
1009 if (r < 0)
1010 goto fail;
1011
1012 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
1013 if (r < 0)
1014 goto fail;
1015
1016 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1017 if (r < 0)
1018 goto fail;
1019
1020 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
1021 if (r < 0)
1022 goto fail;
1023
1024 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
1025 if (r < 0)
1026 goto fail;
1027
1028 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1029 break;
1030
1031 case DNS_TYPE_NSEC:
1032 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
1033 if (r < 0)
1034 goto fail;
1035
1036 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1037 if (r < 0)
1038 goto fail;
1039
1040 break;
1041
1042 case DNS_TYPE_NSEC3:
1043 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1044 if (r < 0)
1045 goto fail;
1046
1047 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1048 if (r < 0)
1049 goto fail;
1050
1051 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1052 if (r < 0)
1053 goto fail;
1054
1055 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1056 if (r < 0)
1057 goto fail;
1058
1059 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1060 if (r < 0)
1061 goto fail;
1062
1063 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1064 if (r < 0)
1065 goto fail;
1066
1067 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1068 if (r < 0)
1069 goto fail;
1070
1071 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1072 if (r < 0)
1073 goto fail;
1074
1075 break;
1076
1077 case DNS_TYPE_TLSA:
1078 r = dns_packet_append_uint8(p, rr->tlsa.cert_usage, NULL);
1079 if (r < 0)
1080 goto fail;
1081
1082 r = dns_packet_append_uint8(p, rr->tlsa.selector, NULL);
1083 if (r < 0)
1084 goto fail;
1085
1086 r = dns_packet_append_uint8(p, rr->tlsa.matching_type, NULL);
1087 if (r < 0)
1088 goto fail;
1089
1090 r = dns_packet_append_blob(p, rr->tlsa.data, rr->tlsa.data_size, NULL);
1091 break;
1092
1093 case DNS_TYPE_CAA:
1094 r = dns_packet_append_uint8(p, rr->caa.flags, NULL);
1095 if (r < 0)
1096 goto fail;
1097
1098 r = dns_packet_append_string(p, rr->caa.tag, NULL);
1099 if (r < 0)
1100 goto fail;
1101
1102 r = dns_packet_append_blob(p, rr->caa.value, rr->caa.value_size, NULL);
1103 break;
1104
1105 case DNS_TYPE_OPT:
1106 case DNS_TYPE_OPENPGPKEY:
1107 case _DNS_TYPE_INVALID: /* unparseable */
1108 default:
1109
1110 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.data_size, NULL);
1111 break;
1112 }
1113 if (r < 0)
1114 goto fail;
1115
1116 /* Let's calculate the actual data size and update the field */
1117 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1118 if (rdlength > 0xFFFF) {
1119 r = -ENOSPC;
1120 goto fail;
1121 }
1122
1123 end = p->size;
1124 p->size = rdlength_offset;
1125 r = dns_packet_append_uint16(p, rdlength, NULL);
1126 if (r < 0)
1127 goto fail;
1128 p->size = end;
1129
1130 if (start)
1131 *start = saved_size;
1132
1133 if (rdata_start)
1134 *rdata_start = rds;
1135
1136 return 0;
1137
1138 fail:
1139 dns_packet_truncate(p, saved_size);
1140 return r;
1141 }
1142
1143 int dns_packet_append_question(DnsPacket *p, DnsQuestion *q) {
1144 DnsResourceKey *key;
1145 int r;
1146
1147 assert(p);
1148
1149 DNS_QUESTION_FOREACH(key, q) {
1150 r = dns_packet_append_key(p, key, 0, NULL);
1151 if (r < 0)
1152 return r;
1153 }
1154
1155 return 0;
1156 }
1157
1158 int dns_packet_append_answer(DnsPacket *p, DnsAnswer *a) {
1159 DnsResourceRecord *rr;
1160 DnsAnswerFlags flags;
1161 int r;
1162
1163 assert(p);
1164
1165 DNS_ANSWER_FOREACH_FLAGS(rr, flags, a) {
1166 r = dns_packet_append_rr(p, rr, flags, NULL, NULL);
1167 if (r < 0)
1168 return r;
1169 }
1170
1171 return 0;
1172 }
1173
1174 int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1175 assert(p);
1176
1177 if (p->rindex + sz > p->size)
1178 return -EMSGSIZE;
1179
1180 if (ret)
1181 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1182
1183 if (start)
1184 *start = p->rindex;
1185
1186 p->rindex += sz;
1187 return 0;
1188 }
1189
1190 void dns_packet_rewind(DnsPacket *p, size_t idx) {
1191 assert(p);
1192 assert(idx <= p->size);
1193 assert(idx >= DNS_PACKET_HEADER_SIZE);
1194
1195 p->rindex = idx;
1196 }
1197
1198 int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1199 const void *q;
1200 int r;
1201
1202 assert(p);
1203 assert(d);
1204
1205 r = dns_packet_read(p, sz, &q, start);
1206 if (r < 0)
1207 return r;
1208
1209 memcpy(d, q, sz);
1210 return 0;
1211 }
1212
1213 static int dns_packet_read_memdup(
1214 DnsPacket *p, size_t size,
1215 void **ret, size_t *ret_size,
1216 size_t *ret_start) {
1217
1218 const void *src;
1219 size_t start;
1220 int r;
1221
1222 assert(p);
1223 assert(ret);
1224
1225 r = dns_packet_read(p, size, &src, &start);
1226 if (r < 0)
1227 return r;
1228
1229 if (size <= 0)
1230 *ret = NULL;
1231 else {
1232 void *copy;
1233
1234 copy = memdup(src, size);
1235 if (!copy)
1236 return -ENOMEM;
1237
1238 *ret = copy;
1239 }
1240
1241 if (ret_size)
1242 *ret_size = size;
1243 if (ret_start)
1244 *ret_start = start;
1245
1246 return 0;
1247 }
1248
1249 int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1250 const void *d;
1251 int r;
1252
1253 assert(p);
1254
1255 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1256 if (r < 0)
1257 return r;
1258
1259 *ret = ((uint8_t*) d)[0];
1260 return 0;
1261 }
1262
1263 int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1264 const void *d;
1265 int r;
1266
1267 assert(p);
1268
1269 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1270 if (r < 0)
1271 return r;
1272
1273 *ret = unaligned_read_be16(d);
1274
1275 return 0;
1276 }
1277
1278 int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1279 const void *d;
1280 int r;
1281
1282 assert(p);
1283
1284 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1285 if (r < 0)
1286 return r;
1287
1288 *ret = unaligned_read_be32(d);
1289
1290 return 0;
1291 }
1292
1293 int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
1294 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1295 const void *d;
1296 char *t;
1297 uint8_t c;
1298 int r;
1299
1300 assert(p);
1301 INIT_REWINDER(rewinder, p);
1302
1303 r = dns_packet_read_uint8(p, &c, NULL);
1304 if (r < 0)
1305 return r;
1306
1307 r = dns_packet_read(p, c, &d, NULL);
1308 if (r < 0)
1309 return r;
1310
1311 if (memchr(d, 0, c))
1312 return -EBADMSG;
1313
1314 t = strndup(d, c);
1315 if (!t)
1316 return -ENOMEM;
1317
1318 if (!utf8_is_valid(t)) {
1319 free(t);
1320 return -EBADMSG;
1321 }
1322
1323 *ret = t;
1324
1325 if (start)
1326 *start = rewinder.saved_rindex;
1327 CANCEL_REWINDER(rewinder);
1328
1329 return 0;
1330 }
1331
1332 int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
1333 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1334 uint8_t c;
1335 int r;
1336
1337 assert(p);
1338 INIT_REWINDER(rewinder, p);
1339
1340 r = dns_packet_read_uint8(p, &c, NULL);
1341 if (r < 0)
1342 return r;
1343
1344 r = dns_packet_read(p, c, ret, NULL);
1345 if (r < 0)
1346 return r;
1347
1348 if (size)
1349 *size = c;
1350 if (start)
1351 *start = rewinder.saved_rindex;
1352 CANCEL_REWINDER(rewinder);
1353
1354 return 0;
1355 }
1356
1357 int dns_packet_read_name(
1358 DnsPacket *p,
1359 char **_ret,
1360 bool allow_compression,
1361 size_t *start) {
1362
1363 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1364 size_t after_rindex = 0, jump_barrier;
1365 _cleanup_free_ char *ret = NULL;
1366 size_t n = 0, allocated = 0;
1367 bool first = true;
1368 int r;
1369
1370 assert(p);
1371 assert(_ret);
1372 INIT_REWINDER(rewinder, p);
1373 jump_barrier = p->rindex;
1374
1375 if (p->refuse_compression)
1376 allow_compression = false;
1377
1378 for (;;) {
1379 uint8_t c, d;
1380
1381 r = dns_packet_read_uint8(p, &c, NULL);
1382 if (r < 0)
1383 return r;
1384
1385 if (c == 0)
1386 /* End of name */
1387 break;
1388 else if (c <= 63) {
1389 const char *label;
1390
1391 /* Literal label */
1392 r = dns_packet_read(p, c, (const void**) &label, NULL);
1393 if (r < 0)
1394 return r;
1395
1396 if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
1397 return -ENOMEM;
1398
1399 if (first)
1400 first = false;
1401 else
1402 ret[n++] = '.';
1403
1404 r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
1405 if (r < 0)
1406 return r;
1407
1408 n += r;
1409 continue;
1410 } else if (allow_compression && (c & 0xc0) == 0xc0) {
1411 uint16_t ptr;
1412
1413 /* Pointer */
1414 r = dns_packet_read_uint8(p, &d, NULL);
1415 if (r < 0)
1416 return r;
1417
1418 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
1419 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier)
1420 return -EBADMSG;
1421
1422 if (after_rindex == 0)
1423 after_rindex = p->rindex;
1424
1425 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1426 jump_barrier = ptr;
1427 p->rindex = ptr;
1428 } else
1429 return -EBADMSG;
1430 }
1431
1432 if (!GREEDY_REALLOC(ret, allocated, n + 1))
1433 return -ENOMEM;
1434
1435 ret[n] = 0;
1436
1437 if (after_rindex != 0)
1438 p->rindex= after_rindex;
1439
1440 *_ret = ret;
1441 ret = NULL;
1442
1443 if (start)
1444 *start = rewinder.saved_rindex;
1445 CANCEL_REWINDER(rewinder);
1446
1447 return 0;
1448 }
1449
1450 static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
1451 uint8_t window;
1452 uint8_t length;
1453 const uint8_t *bitmap;
1454 uint8_t bit = 0;
1455 unsigned i;
1456 bool found = false;
1457 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1458 int r;
1459
1460 assert(p);
1461 assert(types);
1462 INIT_REWINDER(rewinder, p);
1463
1464 r = bitmap_ensure_allocated(types);
1465 if (r < 0)
1466 return r;
1467
1468 r = dns_packet_read_uint8(p, &window, NULL);
1469 if (r < 0)
1470 return r;
1471
1472 r = dns_packet_read_uint8(p, &length, NULL);
1473 if (r < 0)
1474 return r;
1475
1476 if (length == 0 || length > 32)
1477 return -EBADMSG;
1478
1479 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1480 if (r < 0)
1481 return r;
1482
1483 for (i = 0; i < length; i++) {
1484 uint8_t bitmask = 1 << 7;
1485
1486 if (!bitmap[i]) {
1487 found = false;
1488 bit += 8;
1489 continue;
1490 }
1491
1492 found = true;
1493
1494 while (bitmask) {
1495 if (bitmap[i] & bitmask) {
1496 uint16_t n;
1497
1498 n = (uint16_t) window << 8 | (uint16_t) bit;
1499
1500 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1501 if (dns_type_is_pseudo(n))
1502 continue;
1503
1504 r = bitmap_set(*types, n);
1505 if (r < 0)
1506 return r;
1507 }
1508
1509 bit++;
1510 bitmask >>= 1;
1511 }
1512 }
1513
1514 if (!found)
1515 return -EBADMSG;
1516
1517 if (start)
1518 *start = rewinder.saved_rindex;
1519 CANCEL_REWINDER(rewinder);
1520
1521 return 0;
1522 }
1523
1524 static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
1525 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1526 int r;
1527
1528 INIT_REWINDER(rewinder, p);
1529
1530 while (p->rindex < rewinder.saved_rindex + size) {
1531 r = dns_packet_read_type_window(p, types, NULL);
1532 if (r < 0)
1533 return r;
1534
1535 /* don't read past end of current RR */
1536 if (p->rindex > rewinder.saved_rindex + size)
1537 return -EBADMSG;
1538 }
1539
1540 if (p->rindex != rewinder.saved_rindex + size)
1541 return -EBADMSG;
1542
1543 if (start)
1544 *start = rewinder.saved_rindex;
1545 CANCEL_REWINDER(rewinder);
1546
1547 return 0;
1548 }
1549
1550 int dns_packet_read_key(DnsPacket *p, DnsResourceKey **ret, bool *ret_cache_flush, size_t *start) {
1551 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1552 _cleanup_free_ char *name = NULL;
1553 bool cache_flush = false;
1554 uint16_t class, type;
1555 DnsResourceKey *key;
1556 int r;
1557
1558 assert(p);
1559 assert(ret);
1560 INIT_REWINDER(rewinder, p);
1561
1562 r = dns_packet_read_name(p, &name, true, NULL);
1563 if (r < 0)
1564 return r;
1565
1566 r = dns_packet_read_uint16(p, &type, NULL);
1567 if (r < 0)
1568 return r;
1569
1570 r = dns_packet_read_uint16(p, &class, NULL);
1571 if (r < 0)
1572 return r;
1573
1574 if (p->protocol == DNS_PROTOCOL_MDNS) {
1575 /* See RFC6762, Section 10.2 */
1576
1577 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH)) {
1578 class &= ~MDNS_RR_CACHE_FLUSH;
1579 cache_flush = true;
1580 }
1581 }
1582
1583 key = dns_resource_key_new_consume(class, type, name);
1584 if (!key)
1585 return -ENOMEM;
1586
1587 name = NULL;
1588 *ret = key;
1589
1590 if (ret_cache_flush)
1591 *ret_cache_flush = cache_flush;
1592 if (start)
1593 *start = rewinder.saved_rindex;
1594 CANCEL_REWINDER(rewinder);
1595
1596 return 0;
1597 }
1598
1599 static bool loc_size_ok(uint8_t size) {
1600 uint8_t m = size >> 4, e = size & 0xF;
1601
1602 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1603 }
1604
1605 int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, bool *ret_cache_flush, size_t *start) {
1606 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1607 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
1608 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder;
1609 size_t offset;
1610 uint16_t rdlength;
1611 bool cache_flush;
1612 int r;
1613
1614 assert(p);
1615 assert(ret);
1616
1617 INIT_REWINDER(rewinder, p);
1618
1619 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
1620 if (r < 0)
1621 return r;
1622
1623 if (!dns_class_is_valid_rr(key->class) || !dns_type_is_valid_rr(key->type))
1624 return -EBADMSG;
1625
1626 rr = dns_resource_record_new(key);
1627 if (!rr)
1628 return -ENOMEM;
1629
1630 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1631 if (r < 0)
1632 return r;
1633
1634 /* RFC 2181, Section 8, suggests to
1635 * treat a TTL with the MSB set as a zero TTL. */
1636 if (rr->ttl & UINT32_C(0x80000000))
1637 rr->ttl = 0;
1638
1639 r = dns_packet_read_uint16(p, &rdlength, NULL);
1640 if (r < 0)
1641 return r;
1642
1643 if (p->rindex + rdlength > p->size)
1644 return -EBADMSG;
1645
1646 offset = p->rindex;
1647
1648 switch (rr->key->type) {
1649
1650 case DNS_TYPE_SRV:
1651 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1652 if (r < 0)
1653 return r;
1654 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1655 if (r < 0)
1656 return r;
1657 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1658 if (r < 0)
1659 return r;
1660 r = dns_packet_read_name(p, &rr->srv.name, true, NULL);
1661 break;
1662
1663 case DNS_TYPE_PTR:
1664 case DNS_TYPE_NS:
1665 case DNS_TYPE_CNAME:
1666 case DNS_TYPE_DNAME:
1667 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
1668 break;
1669
1670 case DNS_TYPE_HINFO:
1671 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1672 if (r < 0)
1673 return r;
1674
1675 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1676 break;
1677
1678 case DNS_TYPE_SPF: /* exactly the same as TXT */
1679 case DNS_TYPE_TXT:
1680 if (rdlength <= 0) {
1681 DnsTxtItem *i;
1682 /* RFC 6763, section 6.1 suggests to treat
1683 * empty TXT RRs as equivalent to a TXT record
1684 * with a single empty string. */
1685
1686 i = malloc0(offsetof(DnsTxtItem, data) + 1); /* for safety reasons we add an extra NUL byte */
1687 if (!i)
1688 return -ENOMEM;
1689
1690 rr->txt.items = i;
1691 } else {
1692 DnsTxtItem *last = NULL;
1693
1694 while (p->rindex < offset + rdlength) {
1695 DnsTxtItem *i;
1696 const void *data;
1697 size_t sz;
1698
1699 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1700 if (r < 0)
1701 return r;
1702
1703 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1704 if (!i)
1705 return -ENOMEM;
1706
1707 memcpy(i->data, data, sz);
1708 i->length = sz;
1709
1710 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1711 last = i;
1712 }
1713 }
1714
1715 r = 0;
1716 break;
1717
1718 case DNS_TYPE_A:
1719 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
1720 break;
1721
1722 case DNS_TYPE_AAAA:
1723 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
1724 break;
1725
1726 case DNS_TYPE_SOA:
1727 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
1728 if (r < 0)
1729 return r;
1730
1731 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
1732 if (r < 0)
1733 return r;
1734
1735 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1736 if (r < 0)
1737 return r;
1738
1739 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1740 if (r < 0)
1741 return r;
1742
1743 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1744 if (r < 0)
1745 return r;
1746
1747 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1748 if (r < 0)
1749 return r;
1750
1751 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1752 break;
1753
1754 case DNS_TYPE_MX:
1755 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1756 if (r < 0)
1757 return r;
1758
1759 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
1760 break;
1761
1762 case DNS_TYPE_LOC: {
1763 uint8_t t;
1764 size_t pos;
1765
1766 r = dns_packet_read_uint8(p, &t, &pos);
1767 if (r < 0)
1768 return r;
1769
1770 if (t == 0) {
1771 rr->loc.version = t;
1772
1773 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1774 if (r < 0)
1775 return r;
1776
1777 if (!loc_size_ok(rr->loc.size))
1778 return -EBADMSG;
1779
1780 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1781 if (r < 0)
1782 return r;
1783
1784 if (!loc_size_ok(rr->loc.horiz_pre))
1785 return -EBADMSG;
1786
1787 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1788 if (r < 0)
1789 return r;
1790
1791 if (!loc_size_ok(rr->loc.vert_pre))
1792 return -EBADMSG;
1793
1794 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1795 if (r < 0)
1796 return r;
1797
1798 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1799 if (r < 0)
1800 return r;
1801
1802 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
1803 if (r < 0)
1804 return r;
1805
1806 break;
1807 } else {
1808 dns_packet_rewind(p, pos);
1809 rr->unparseable = true;
1810 goto unparseable;
1811 }
1812 }
1813
1814 case DNS_TYPE_DS:
1815 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
1816 if (r < 0)
1817 return r;
1818
1819 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
1820 if (r < 0)
1821 return r;
1822
1823 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
1824 if (r < 0)
1825 return r;
1826
1827 r = dns_packet_read_memdup(p, rdlength - 4,
1828 &rr->ds.digest, &rr->ds.digest_size,
1829 NULL);
1830 if (r < 0)
1831 return r;
1832
1833 if (rr->ds.digest_size <= 0)
1834 /* the accepted size depends on the algorithm, but for now
1835 just ensure that the value is greater than zero */
1836 return -EBADMSG;
1837
1838 break;
1839
1840 case DNS_TYPE_SSHFP:
1841 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
1842 if (r < 0)
1843 return r;
1844
1845 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
1846 if (r < 0)
1847 return r;
1848
1849 r = dns_packet_read_memdup(p, rdlength - 2,
1850 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
1851 NULL);
1852
1853 if (rr->sshfp.fingerprint_size <= 0)
1854 /* the accepted size depends on the algorithm, but for now
1855 just ensure that the value is greater than zero */
1856 return -EBADMSG;
1857
1858 break;
1859
1860 case DNS_TYPE_DNSKEY:
1861 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
1862 if (r < 0)
1863 return r;
1864
1865 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
1866 if (r < 0)
1867 return r;
1868
1869 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
1870 if (r < 0)
1871 return r;
1872
1873 r = dns_packet_read_memdup(p, rdlength - 4,
1874 &rr->dnskey.key, &rr->dnskey.key_size,
1875 NULL);
1876
1877 if (rr->dnskey.key_size <= 0)
1878 /* the accepted size depends on the algorithm, but for now
1879 just ensure that the value is greater than zero */
1880 return -EBADMSG;
1881
1882 break;
1883
1884 case DNS_TYPE_RRSIG:
1885 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
1886 if (r < 0)
1887 return r;
1888
1889 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
1890 if (r < 0)
1891 return r;
1892
1893 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
1894 if (r < 0)
1895 return r;
1896
1897 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
1898 if (r < 0)
1899 return r;
1900
1901 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
1902 if (r < 0)
1903 return r;
1904
1905 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
1906 if (r < 0)
1907 return r;
1908
1909 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
1910 if (r < 0)
1911 return r;
1912
1913 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
1914 if (r < 0)
1915 return r;
1916
1917 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
1918 &rr->rrsig.signature, &rr->rrsig.signature_size,
1919 NULL);
1920
1921 if (rr->rrsig.signature_size <= 0)
1922 /* the accepted size depends on the algorithm, but for now
1923 just ensure that the value is greater than zero */
1924 return -EBADMSG;
1925
1926 break;
1927
1928 case DNS_TYPE_NSEC: {
1929
1930 /*
1931 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1932 * This contradicts RFC3845, section 2.1.1
1933 */
1934
1935 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
1936
1937 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
1938 if (r < 0)
1939 return r;
1940
1941 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
1942
1943 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1944 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1945 * without the NSEC bit set. */
1946
1947 break;
1948 }
1949 case DNS_TYPE_NSEC3: {
1950 uint8_t size;
1951
1952 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
1953 if (r < 0)
1954 return r;
1955
1956 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
1957 if (r < 0)
1958 return r;
1959
1960 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
1961 if (r < 0)
1962 return r;
1963
1964 /* this may be zero */
1965 r = dns_packet_read_uint8(p, &size, NULL);
1966 if (r < 0)
1967 return r;
1968
1969 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
1970 if (r < 0)
1971 return r;
1972
1973 r = dns_packet_read_uint8(p, &size, NULL);
1974 if (r < 0)
1975 return r;
1976
1977 if (size <= 0)
1978 return -EBADMSG;
1979
1980 r = dns_packet_read_memdup(p, size,
1981 &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size,
1982 NULL);
1983 if (r < 0)
1984 return r;
1985
1986 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
1987
1988 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1989
1990 break;
1991 }
1992
1993 case DNS_TYPE_TLSA:
1994 r = dns_packet_read_uint8(p, &rr->tlsa.cert_usage, NULL);
1995 if (r < 0)
1996 return r;
1997
1998 r = dns_packet_read_uint8(p, &rr->tlsa.selector, NULL);
1999 if (r < 0)
2000 return r;
2001
2002 r = dns_packet_read_uint8(p, &rr->tlsa.matching_type, NULL);
2003 if (r < 0)
2004 return r;
2005
2006 r = dns_packet_read_memdup(p, rdlength - 3,
2007 &rr->tlsa.data, &rr->tlsa.data_size,
2008 NULL);
2009
2010 if (rr->tlsa.data_size <= 0)
2011 /* the accepted size depends on the algorithm, but for now
2012 just ensure that the value is greater than zero */
2013 return -EBADMSG;
2014
2015 break;
2016
2017 case DNS_TYPE_CAA:
2018 r = dns_packet_read_uint8(p, &rr->caa.flags, NULL);
2019 if (r < 0)
2020 return r;
2021
2022 r = dns_packet_read_string(p, &rr->caa.tag, NULL);
2023 if (r < 0)
2024 return r;
2025
2026 r = dns_packet_read_memdup(p,
2027 rdlength + offset - p->rindex,
2028 &rr->caa.value, &rr->caa.value_size, NULL);
2029
2030 break;
2031
2032 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
2033 case DNS_TYPE_OPENPGPKEY:
2034 default:
2035 unparseable:
2036 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.data_size, NULL);
2037
2038 break;
2039 }
2040 if (r < 0)
2041 return r;
2042 if (p->rindex != offset + rdlength)
2043 return -EBADMSG;
2044
2045 *ret = rr;
2046 rr = NULL;
2047
2048 if (ret_cache_flush)
2049 *ret_cache_flush = cache_flush;
2050 if (start)
2051 *start = rewinder.saved_rindex;
2052 CANCEL_REWINDER(rewinder);
2053
2054 return 0;
2055 }
2056
2057 static bool opt_is_good(DnsResourceRecord *rr, bool *rfc6975) {
2058 const uint8_t* p;
2059 bool found_dau_dhu_n3u = false;
2060 size_t l;
2061
2062 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2063 * a reply). */
2064
2065 assert(rr);
2066 assert(rr->key->type == DNS_TYPE_OPT);
2067
2068 /* Check that the version is 0 */
2069 if (((rr->ttl >> 16) & UINT32_C(0xFF)) != 0) {
2070 *rfc6975 = false;
2071 return true; /* if it's not version 0, it's OK, but we will ignore the OPT field contents */
2072 }
2073
2074 p = rr->opt.data;
2075 l = rr->opt.data_size;
2076 while (l > 0) {
2077 uint16_t option_code, option_length;
2078
2079 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2080 if (l < 4U)
2081 return false;
2082
2083 option_code = unaligned_read_be16(p);
2084 option_length = unaligned_read_be16(p + 2);
2085
2086 if (l < option_length + 4U)
2087 return false;
2088
2089 /* RFC 6975 DAU, DHU or N3U fields found. */
2090 if (IN_SET(option_code, 5, 6, 7))
2091 found_dau_dhu_n3u = true;
2092
2093 p += option_length + 4U;
2094 l -= option_length + 4U;
2095 }
2096
2097 *rfc6975 = found_dau_dhu_n3u;
2098 return true;
2099 }
2100
2101 int dns_packet_extract(DnsPacket *p) {
2102 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2103 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2104 _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = {};
2105 unsigned n, i;
2106 int r;
2107
2108 if (p->extracted)
2109 return 0;
2110
2111 INIT_REWINDER(rewinder, p);
2112 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2113
2114 n = DNS_PACKET_QDCOUNT(p);
2115 if (n > 0) {
2116 question = dns_question_new(n);
2117 if (!question)
2118 return -ENOMEM;
2119
2120 for (i = 0; i < n; i++) {
2121 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
2122 bool cache_flush;
2123
2124 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
2125 if (r < 0)
2126 return r;
2127
2128 if (cache_flush)
2129 return -EBADMSG;
2130
2131 if (!dns_type_is_valid_query(key->type))
2132 return -EBADMSG;
2133
2134 r = dns_question_add(question, key);
2135 if (r < 0)
2136 return r;
2137 }
2138 }
2139
2140 n = DNS_PACKET_RRCOUNT(p);
2141 if (n > 0) {
2142 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL;
2143 bool bad_opt = false;
2144
2145 answer = dns_answer_new(n);
2146 if (!answer)
2147 return -ENOMEM;
2148
2149 for (i = 0; i < n; i++) {
2150 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2151 bool cache_flush = false;
2152
2153 r = dns_packet_read_rr(p, &rr, &cache_flush, NULL);
2154 if (r < 0)
2155 return r;
2156
2157 /* Try to reduce memory usage a bit */
2158 if (previous)
2159 dns_resource_key_reduce(&rr->key, &previous->key);
2160
2161 if (rr->key->type == DNS_TYPE_OPT) {
2162 bool has_rfc6975;
2163
2164 if (p->opt || bad_opt) {
2165 /* Multiple OPT RRs? if so, let's ignore all, because there's something wrong
2166 * with the server, and if one is valid we wouldn't know which one. */
2167 log_debug("Multiple OPT RRs detected, ignoring all.");
2168 bad_opt = true;
2169 continue;
2170 }
2171
2172 if (!dns_name_is_root(dns_resource_key_name(rr->key))) {
2173 /* If the OPT RR is not owned by the root domain, then it is bad, let's ignore
2174 * it. */
2175 log_debug("OPT RR is not owned by root domain, ignoring.");
2176 bad_opt = true;
2177 continue;
2178 }
2179
2180 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2181 /* OPT RR is in the wrong section? Some Belkin routers do this. This is a hint
2182 * the EDNS implementation is borked, like the Belkin one is, hence ignore
2183 * it. */
2184 log_debug("OPT RR in wrong section, ignoring.");
2185 bad_opt = true;
2186 continue;
2187 }
2188
2189 if (!opt_is_good(rr, &has_rfc6975)) {
2190 log_debug("Malformed OPT RR, ignoring.");
2191 bad_opt = true;
2192 continue;
2193 }
2194
2195 if (DNS_PACKET_QR(p)) {
2196 /* Additional checks for responses */
2197
2198 if (!DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(rr)) {
2199 /* If this is a reply and we don't know the EDNS version then something
2200 * is weird... */
2201 log_debug("EDNS version newer that our request, bad server.");
2202 return -EBADMSG;
2203 }
2204
2205 if (has_rfc6975) {
2206 /* If the OPT RR contains RFC6975 algorithm data, then this is indication that
2207 * the server just copied the OPT it got from us (which contained that data)
2208 * back into the reply. If so, then it doesn't properly support EDNS, as
2209 * RFC6975 makes it very clear that the algorithm data should only be contained
2210 * in questions, never in replies. Crappy Belkin routers copy the OPT data for
2211 * example, hence let's detect this so that we downgrade early. */
2212 log_debug("OPT RR contained RFC6975 data, ignoring.");
2213 bad_opt = true;
2214 continue;
2215 }
2216 }
2217
2218 p->opt = dns_resource_record_ref(rr);
2219 } else {
2220
2221 /* According to RFC 4795, section 2.9. only the RRs from the Answer section shall be
2222 * cached. Hence mark only those RRs as cacheable by default, but not the ones from the
2223 * Additional or Authority sections. */
2224
2225 r = dns_answer_add(answer, rr, p->ifindex,
2226 (i < DNS_PACKET_ANCOUNT(p) ? DNS_ANSWER_CACHEABLE : 0) |
2227 (p->protocol == DNS_PROTOCOL_MDNS && !cache_flush ? DNS_ANSWER_SHARED_OWNER : 0));
2228 if (r < 0)
2229 return r;
2230 }
2231
2232 /* Remember this RR, so that we potentically can merge it's ->key object with the next RR. Note
2233 * that we only do this if we actually decided to keep the RR around. */
2234 dns_resource_record_unref(previous);
2235 previous = dns_resource_record_ref(rr);
2236 }
2237
2238 if (bad_opt)
2239 p->opt = dns_resource_record_unref(p->opt);
2240 }
2241
2242 p->question = question;
2243 question = NULL;
2244
2245 p->answer = answer;
2246 answer = NULL;
2247
2248 p->extracted = true;
2249
2250 /* no CANCEL, always rewind */
2251 return 0;
2252 }
2253
2254 int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2255 int r;
2256
2257 assert(p);
2258 assert(key);
2259
2260 /* Checks if the specified packet is a reply for the specified
2261 * key and the specified key is the only one in the question
2262 * section. */
2263
2264 if (DNS_PACKET_QR(p) != 1)
2265 return 0;
2266
2267 /* Let's unpack the packet, if that hasn't happened yet. */
2268 r = dns_packet_extract(p);
2269 if (r < 0)
2270 return r;
2271
2272 if (!p->question)
2273 return 0;
2274
2275 if (p->question->n_keys != 1)
2276 return 0;
2277
2278 return dns_resource_key_equal(p->question->keys[0], key);
2279 }
2280
2281 static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
2282 [DNS_RCODE_SUCCESS] = "SUCCESS",
2283 [DNS_RCODE_FORMERR] = "FORMERR",
2284 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2285 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2286 [DNS_RCODE_NOTIMP] = "NOTIMP",
2287 [DNS_RCODE_REFUSED] = "REFUSED",
2288 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2289 [DNS_RCODE_YXRRSET] = "YRRSET",
2290 [DNS_RCODE_NXRRSET] = "NXRRSET",
2291 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2292 [DNS_RCODE_NOTZONE] = "NOTZONE",
2293 [DNS_RCODE_BADVERS] = "BADVERS",
2294 [DNS_RCODE_BADKEY] = "BADKEY",
2295 [DNS_RCODE_BADTIME] = "BADTIME",
2296 [DNS_RCODE_BADMODE] = "BADMODE",
2297 [DNS_RCODE_BADNAME] = "BADNAME",
2298 [DNS_RCODE_BADALG] = "BADALG",
2299 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
2300 [DNS_RCODE_BADCOOKIE] = "BADCOOKIE",
2301 };
2302 DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
2303
2304 static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
2305 [DNS_PROTOCOL_DNS] = "dns",
2306 [DNS_PROTOCOL_MDNS] = "mdns",
2307 [DNS_PROTOCOL_LLMNR] = "llmnr",
2308 };
2309 DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.