1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
27 #include "unaligned.h"
31 #define EDNS0_OPT_DO (1<<15)
33 int dns_packet_new(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
) {
39 if (mtu
<= UDP_PACKET_HEADER_SIZE
)
40 a
= DNS_PACKET_SIZE_START
;
42 a
= mtu
- UDP_PACKET_HEADER_SIZE
;
44 if (a
< DNS_PACKET_HEADER_SIZE
)
45 a
= DNS_PACKET_HEADER_SIZE
;
47 /* round up to next page size */
48 a
= PAGE_ALIGN(ALIGN(sizeof(DnsPacket
)) + a
) - ALIGN(sizeof(DnsPacket
));
50 /* make sure we never allocate more than useful */
51 if (a
> DNS_PACKET_SIZE_MAX
)
52 a
= DNS_PACKET_SIZE_MAX
;
54 p
= malloc0(ALIGN(sizeof(DnsPacket
)) + a
);
58 p
->size
= p
->rindex
= DNS_PACKET_HEADER_SIZE
;
60 p
->protocol
= protocol
;
68 void dns_packet_set_flags(DnsPacket
*p
, bool dnssec_checking_disabled
, bool truncated
) {
74 h
= DNS_PACKET_HEADER(p
);
77 case DNS_PROTOCOL_LLMNR
:
80 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
91 case DNS_PROTOCOL_MDNS
:
92 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
96 0 /* rd (ask for recursion) */,
106 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
110 1 /* rd (ask for recursion) */,
113 dnssec_checking_disabled
/* cd */,
118 int dns_packet_new_query(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
, bool dnssec_checking_disabled
) {
124 r
= dns_packet_new(&p
, protocol
, mtu
);
128 /* Always set the TC bit to 0 initially.
129 * If there are multiple packets later, we'll update the bit shortly before sending.
131 dns_packet_set_flags(p
, dnssec_checking_disabled
, false);
137 DnsPacket
*dns_packet_ref(DnsPacket
*p
) {
142 assert(!p
->on_stack
);
144 assert(p
->n_ref
> 0);
149 static void dns_packet_free(DnsPacket
*p
) {
154 dns_question_unref(p
->question
);
155 dns_answer_unref(p
->answer
);
157 while ((s
= hashmap_steal_first_key(p
->names
)))
159 hashmap_free(p
->names
);
167 DnsPacket
*dns_packet_unref(DnsPacket
*p
) {
171 assert(p
->n_ref
> 0);
174 dns_packet_unref(p
->more
);
184 int dns_packet_validate(DnsPacket
*p
) {
187 if (p
->size
< DNS_PACKET_HEADER_SIZE
)
190 if (p
->size
> DNS_PACKET_SIZE_MAX
)
196 int dns_packet_validate_reply(DnsPacket
*p
) {
201 r
= dns_packet_validate(p
);
205 if (DNS_PACKET_QR(p
) != 1)
208 if (DNS_PACKET_OPCODE(p
) != 0)
211 switch (p
->protocol
) {
212 case DNS_PROTOCOL_LLMNR
:
213 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
214 if (DNS_PACKET_QDCOUNT(p
) != 1)
219 case DNS_PROTOCOL_MDNS
:
220 /* RFC 6762, Section 18 */
221 if (DNS_PACKET_RCODE(p
) != 0)
233 int dns_packet_validate_query(DnsPacket
*p
) {
238 r
= dns_packet_validate(p
);
242 if (DNS_PACKET_QR(p
) != 0)
245 if (DNS_PACKET_OPCODE(p
) != 0)
248 if (DNS_PACKET_TC(p
))
251 switch (p
->protocol
) {
252 case DNS_PROTOCOL_LLMNR
:
253 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
254 if (DNS_PACKET_QDCOUNT(p
) != 1)
257 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
258 if (DNS_PACKET_ANCOUNT(p
) > 0)
261 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
262 if (DNS_PACKET_NSCOUNT(p
) > 0)
267 case DNS_PROTOCOL_MDNS
:
268 /* RFC 6762, Section 18 */
269 if (DNS_PACKET_AA(p
) != 0 ||
270 DNS_PACKET_RD(p
) != 0 ||
271 DNS_PACKET_RA(p
) != 0 ||
272 DNS_PACKET_AD(p
) != 0 ||
273 DNS_PACKET_CD(p
) != 0 ||
274 DNS_PACKET_RCODE(p
) != 0)
286 static int dns_packet_extend(DnsPacket
*p
, size_t add
, void **ret
, size_t *start
) {
289 if (p
->size
+ add
> p
->allocated
) {
292 a
= PAGE_ALIGN((p
->size
+ add
) * 2);
293 if (a
> DNS_PACKET_SIZE_MAX
)
294 a
= DNS_PACKET_SIZE_MAX
;
296 if (p
->size
+ add
> a
)
302 d
= realloc(p
->_data
, a
);
308 p
->_data
= malloc(a
);
312 memcpy(p
->_data
, (uint8_t*) p
+ ALIGN(sizeof(DnsPacket
)), p
->size
);
313 memzero((uint8_t*) p
->_data
+ p
->size
, a
- p
->size
);
323 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->size
;
329 void dns_packet_truncate(DnsPacket
*p
, size_t sz
) {
339 HASHMAP_FOREACH_KEY(n
, s
, p
->names
, i
) {
341 if (PTR_TO_SIZE(n
) < sz
)
344 hashmap_remove(p
->names
, s
);
351 int dns_packet_append_blob(DnsPacket
*p
, const void *d
, size_t l
, size_t *start
) {
357 r
= dns_packet_extend(p
, l
, &q
, start
);
365 int dns_packet_append_uint8(DnsPacket
*p
, uint8_t v
, size_t *start
) {
371 r
= dns_packet_extend(p
, sizeof(uint8_t), &d
, start
);
375 ((uint8_t*) d
)[0] = v
;
380 int dns_packet_append_uint16(DnsPacket
*p
, uint16_t v
, size_t *start
) {
386 r
= dns_packet_extend(p
, sizeof(uint16_t), &d
, start
);
390 unaligned_write_be16(d
, v
);
395 int dns_packet_append_uint32(DnsPacket
*p
, uint32_t v
, size_t *start
) {
401 r
= dns_packet_extend(p
, sizeof(uint32_t), &d
, start
);
405 unaligned_write_be32(d
, v
);
410 int dns_packet_append_string(DnsPacket
*p
, const char *s
, size_t *start
) {
414 return dns_packet_append_raw_string(p
, s
, strlen(s
), start
);
417 int dns_packet_append_raw_string(DnsPacket
*p
, const void *s
, size_t size
, size_t *start
) {
422 assert(s
|| size
== 0);
427 r
= dns_packet_extend(p
, 1 + size
, &d
, start
);
431 ((uint8_t*) d
)[0] = (uint8_t) size
;
434 memcpy(((uint8_t*) d
) + 1, s
, size
);
439 int dns_packet_append_label(DnsPacket
*p
, const char *d
, size_t l
, size_t *start
) {
446 if (l
> DNS_LABEL_MAX
)
449 r
= dns_packet_extend(p
, 1 + l
, (void**) &w
, start
);
453 *(w
++) = (uint8_t) l
;
455 if (p
->canonical_form
) {
458 /* Generate in canonical form, as defined by DNSSEC
459 * RFC 4034, Section 6.2, i.e. all lower-case. */
461 for (i
= 0; i
< l
; i
++) {
462 if (d
[i
] >= 'A' && d
[i
] <= 'Z')
463 w
[i
] = (uint8_t) (d
[i
] - 'A' + 'a');
465 w
[i
] = (uint8_t) d
[i
];
468 /* Otherwise, just copy the string unaltered. This is
469 * essential for DNS-SD, where the casing of labels
470 * matters and needs to be retained. */
476 int dns_packet_append_name(
479 bool allow_compression
,
488 if (p
->refuse_compression
)
489 allow_compression
= false;
491 saved_size
= p
->size
;
494 _cleanup_free_
char *s
= NULL
;
495 char label
[DNS_LABEL_MAX
];
499 if (allow_compression
)
500 n
= PTR_TO_SIZE(hashmap_get(p
->names
, name
));
505 r
= dns_packet_append_uint16(p
, 0xC000 | n
, NULL
);
519 r
= dns_label_unescape(&name
, label
, sizeof(label
));
523 if (p
->protocol
== DNS_PROTOCOL_DNS
)
524 k
= dns_label_apply_idna(label
, r
, label
, sizeof(label
));
526 k
= dns_label_undo_idna(label
, r
, label
, sizeof(label
));
534 r
= dns_packet_append_label(p
, label
, r
, &n
);
538 if (allow_compression
) {
539 r
= hashmap_ensure_allocated(&p
->names
, &dns_name_hash_ops
);
543 r
= hashmap_put(p
->names
, s
, SIZE_TO_PTR(n
));
551 r
= dns_packet_append_uint8(p
, 0, NULL
);
562 dns_packet_truncate(p
, saved_size
);
566 int dns_packet_append_key(DnsPacket
*p
, const DnsResourceKey
*k
, size_t *start
) {
573 saved_size
= p
->size
;
575 r
= dns_packet_append_name(p
, DNS_RESOURCE_KEY_NAME(k
), true, NULL
);
579 r
= dns_packet_append_uint16(p
, k
->type
, NULL
);
583 r
= dns_packet_append_uint16(p
, k
->class, NULL
);
593 dns_packet_truncate(p
, saved_size
);
597 static int dns_packet_append_type_window(DnsPacket
*p
, uint8_t window
, uint8_t length
, uint8_t *types
, size_t *start
) {
605 saved_size
= p
->size
;
607 r
= dns_packet_append_uint8(p
, window
, NULL
);
611 r
= dns_packet_append_uint8(p
, length
, NULL
);
615 r
= dns_packet_append_blob(p
, types
, length
, NULL
);
624 dns_packet_truncate(p
, saved_size
);
628 static int dns_packet_append_types(DnsPacket
*p
, Bitmap
*types
, size_t *start
) {
632 uint8_t bitmaps
[32] = {};
640 saved_size
= p
->size
;
642 BITMAP_FOREACH(n
, types
, i
) {
645 if ((n
>> 8) != window
&& bitmaps
[entry
/ 8] != 0) {
646 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
657 bitmaps
[entry
/ 8] |= 1 << (7 - (entry
% 8));
660 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
669 dns_packet_truncate(p
, saved_size
);
673 /* Append the OPT pseudo-RR described in RFC6891 */
674 int dns_packet_append_opt_rr(DnsPacket
*p
, uint16_t max_udp_size
, bool edns0_do
, size_t *start
) {
679 /* we must never advertise supported packet size smaller than the legacy max */
680 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
682 saved_size
= p
->size
;
685 r
= dns_packet_append_uint8(p
, 0, NULL
);
690 r
= dns_packet_append_uint16(p
, DNS_TYPE_OPT
, NULL
);
694 /* maximum udp packet that can be received */
695 r
= dns_packet_append_uint16(p
, max_udp_size
, NULL
);
699 /* extended RCODE and VERSION */
700 r
= dns_packet_append_uint16(p
, 0, NULL
);
704 /* flags: DNSSEC OK (DO), see RFC3225 */
705 r
= dns_packet_append_uint16(p
, edns0_do
? EDNS0_OPT_DO
: 0, NULL
);
710 r
= dns_packet_append_uint16(p
, 0, NULL
);
720 dns_packet_truncate(p
, saved_size
);
724 int dns_packet_append_rr(DnsPacket
*p
, const DnsResourceRecord
*rr
, size_t *start
, size_t *rdata_start
) {
725 size_t saved_size
, rdlength_offset
, end
, rdlength
, rds
;
731 saved_size
= p
->size
;
733 r
= dns_packet_append_key(p
, rr
->key
, NULL
);
737 r
= dns_packet_append_uint32(p
, rr
->ttl
, NULL
);
741 /* Initially we write 0 here */
742 r
= dns_packet_append_uint16(p
, 0, &rdlength_offset
);
746 rds
= p
->size
- saved_size
;
748 switch (rr
->unparseable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
751 r
= dns_packet_append_uint16(p
, rr
->srv
.priority
, NULL
);
755 r
= dns_packet_append_uint16(p
, rr
->srv
.weight
, NULL
);
759 r
= dns_packet_append_uint16(p
, rr
->srv
.port
, NULL
);
763 r
= dns_packet_append_name(p
, rr
->srv
.name
, true, NULL
);
770 r
= dns_packet_append_name(p
, rr
->ptr
.name
, true, NULL
);
774 r
= dns_packet_append_string(p
, rr
->hinfo
.cpu
, NULL
);
778 r
= dns_packet_append_string(p
, rr
->hinfo
.os
, NULL
);
781 case DNS_TYPE_SPF
: /* exactly the same as TXT */
784 if (!rr
->txt
.items
) {
785 /* RFC 6763, section 6.1 suggests to generate
786 * single empty string for an empty array. */
788 r
= dns_packet_append_raw_string(p
, NULL
, 0, NULL
);
794 LIST_FOREACH(items
, i
, rr
->txt
.items
) {
795 r
= dns_packet_append_raw_string(p
, i
->data
, i
->length
, NULL
);
805 r
= dns_packet_append_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
809 r
= dns_packet_append_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
813 r
= dns_packet_append_name(p
, rr
->soa
.mname
, true, NULL
);
817 r
= dns_packet_append_name(p
, rr
->soa
.rname
, true, NULL
);
821 r
= dns_packet_append_uint32(p
, rr
->soa
.serial
, NULL
);
825 r
= dns_packet_append_uint32(p
, rr
->soa
.refresh
, NULL
);
829 r
= dns_packet_append_uint32(p
, rr
->soa
.retry
, NULL
);
833 r
= dns_packet_append_uint32(p
, rr
->soa
.expire
, NULL
);
837 r
= dns_packet_append_uint32(p
, rr
->soa
.minimum
, NULL
);
841 r
= dns_packet_append_uint16(p
, rr
->mx
.priority
, NULL
);
845 r
= dns_packet_append_name(p
, rr
->mx
.exchange
, true, NULL
);
849 r
= dns_packet_append_uint8(p
, rr
->loc
.version
, NULL
);
853 r
= dns_packet_append_uint8(p
, rr
->loc
.size
, NULL
);
857 r
= dns_packet_append_uint8(p
, rr
->loc
.horiz_pre
, NULL
);
861 r
= dns_packet_append_uint8(p
, rr
->loc
.vert_pre
, NULL
);
865 r
= dns_packet_append_uint32(p
, rr
->loc
.latitude
, NULL
);
869 r
= dns_packet_append_uint32(p
, rr
->loc
.longitude
, NULL
);
873 r
= dns_packet_append_uint32(p
, rr
->loc
.altitude
, NULL
);
877 r
= dns_packet_append_uint16(p
, rr
->ds
.key_tag
, NULL
);
881 r
= dns_packet_append_uint8(p
, rr
->ds
.algorithm
, NULL
);
885 r
= dns_packet_append_uint8(p
, rr
->ds
.digest_type
, NULL
);
889 r
= dns_packet_append_blob(p
, rr
->ds
.digest
, rr
->ds
.digest_size
, NULL
);
893 r
= dns_packet_append_uint8(p
, rr
->sshfp
.algorithm
, NULL
);
897 r
= dns_packet_append_uint8(p
, rr
->sshfp
.fptype
, NULL
);
901 r
= dns_packet_append_blob(p
, rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, NULL
);
904 case DNS_TYPE_DNSKEY
:
905 r
= dns_packet_append_uint16(p
, rr
->dnskey
.flags
, NULL
);
909 r
= dns_packet_append_uint8(p
, rr
->dnskey
.protocol
, NULL
);
913 r
= dns_packet_append_uint8(p
, rr
->dnskey
.algorithm
, NULL
);
917 r
= dns_packet_append_blob(p
, rr
->dnskey
.key
, rr
->dnskey
.key_size
, NULL
);
921 r
= dns_packet_append_uint16(p
, rr
->rrsig
.type_covered
, NULL
);
925 r
= dns_packet_append_uint8(p
, rr
->rrsig
.algorithm
, NULL
);
929 r
= dns_packet_append_uint8(p
, rr
->rrsig
.labels
, NULL
);
933 r
= dns_packet_append_uint32(p
, rr
->rrsig
.original_ttl
, NULL
);
937 r
= dns_packet_append_uint32(p
, rr
->rrsig
.expiration
, NULL
);
941 r
= dns_packet_append_uint32(p
, rr
->rrsig
.inception
, NULL
);
945 r
= dns_packet_append_uint16(p
, rr
->rrsig
.key_tag
, NULL
);
949 r
= dns_packet_append_name(p
, rr
->rrsig
.signer
, false, NULL
);
953 r
= dns_packet_append_blob(p
, rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, NULL
);
957 r
= dns_packet_append_name(p
, rr
->nsec
.next_domain_name
, false, NULL
);
961 r
= dns_packet_append_types(p
, rr
->nsec
.types
, NULL
);
967 r
= dns_packet_append_uint8(p
, rr
->nsec3
.algorithm
, NULL
);
971 r
= dns_packet_append_uint8(p
, rr
->nsec3
.flags
, NULL
);
975 r
= dns_packet_append_uint16(p
, rr
->nsec3
.iterations
, NULL
);
979 r
= dns_packet_append_uint8(p
, rr
->nsec3
.salt_size
, NULL
);
983 r
= dns_packet_append_blob(p
, rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, NULL
);
987 r
= dns_packet_append_uint8(p
, rr
->nsec3
.next_hashed_name_size
, NULL
);
991 r
= dns_packet_append_blob(p
, rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, NULL
);
995 r
= dns_packet_append_types(p
, rr
->nsec3
.types
, NULL
);
1000 case _DNS_TYPE_INVALID
: /* unparseable */
1003 r
= dns_packet_append_blob(p
, rr
->generic
.data
, rr
->generic
.size
, NULL
);
1009 /* Let's calculate the actual data size and update the field */
1010 rdlength
= p
->size
- rdlength_offset
- sizeof(uint16_t);
1011 if (rdlength
> 0xFFFF) {
1017 p
->size
= rdlength_offset
;
1018 r
= dns_packet_append_uint16(p
, rdlength
, NULL
);
1024 *start
= saved_size
;
1032 dns_packet_truncate(p
, saved_size
);
1037 int dns_packet_read(DnsPacket
*p
, size_t sz
, const void **ret
, size_t *start
) {
1040 if (p
->rindex
+ sz
> p
->size
)
1044 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->rindex
;
1053 void dns_packet_rewind(DnsPacket
*p
, size_t idx
) {
1055 assert(idx
<= p
->size
);
1056 assert(idx
>= DNS_PACKET_HEADER_SIZE
);
1061 int dns_packet_read_blob(DnsPacket
*p
, void *d
, size_t sz
, size_t *start
) {
1068 r
= dns_packet_read(p
, sz
, &q
, start
);
1076 static int dns_packet_read_memdup(
1077 DnsPacket
*p
, size_t size
,
1078 void **ret
, size_t *ret_size
,
1079 size_t *ret_start
) {
1088 r
= dns_packet_read(p
, size
, &src
, &start
);
1097 copy
= memdup(src
, size
);
1112 int dns_packet_read_uint8(DnsPacket
*p
, uint8_t *ret
, size_t *start
) {
1118 r
= dns_packet_read(p
, sizeof(uint8_t), &d
, start
);
1122 *ret
= ((uint8_t*) d
)[0];
1126 int dns_packet_read_uint16(DnsPacket
*p
, uint16_t *ret
, size_t *start
) {
1132 r
= dns_packet_read(p
, sizeof(uint16_t), &d
, start
);
1136 *ret
= unaligned_read_be16(d
);
1141 int dns_packet_read_uint32(DnsPacket
*p
, uint32_t *ret
, size_t *start
) {
1147 r
= dns_packet_read(p
, sizeof(uint32_t), &d
, start
);
1151 *ret
= unaligned_read_be32(d
);
1156 int dns_packet_read_string(DnsPacket
*p
, char **ret
, size_t *start
) {
1157 size_t saved_rindex
;
1165 saved_rindex
= p
->rindex
;
1167 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1171 r
= dns_packet_read(p
, c
, &d
, NULL
);
1175 if (memchr(d
, 0, c
)) {
1186 if (!utf8_is_valid(t
)) {
1195 *start
= saved_rindex
;
1200 dns_packet_rewind(p
, saved_rindex
);
1204 int dns_packet_read_raw_string(DnsPacket
*p
, const void **ret
, size_t *size
, size_t *start
) {
1205 size_t saved_rindex
;
1211 saved_rindex
= p
->rindex
;
1213 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1217 r
= dns_packet_read(p
, c
, ret
, NULL
);
1224 *start
= saved_rindex
;
1229 dns_packet_rewind(p
, saved_rindex
);
1233 int dns_packet_read_name(
1236 bool allow_compression
,
1239 size_t saved_rindex
, after_rindex
= 0, jump_barrier
;
1240 _cleanup_free_
char *ret
= NULL
;
1241 size_t n
= 0, allocated
= 0;
1248 if (p
->refuse_compression
)
1249 allow_compression
= false;
1251 saved_rindex
= p
->rindex
;
1252 jump_barrier
= p
->rindex
;
1257 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1268 r
= dns_packet_read(p
, c
, (const void**) &label
, NULL
);
1272 if (!GREEDY_REALLOC(ret
, allocated
, n
+ !first
+ DNS_LABEL_ESCAPED_MAX
)) {
1282 r
= dns_label_escape(label
, c
, ret
+ n
, DNS_LABEL_ESCAPED_MAX
);
1288 } else if (allow_compression
&& (c
& 0xc0) == 0xc0) {
1292 r
= dns_packet_read_uint8(p
, &d
, NULL
);
1296 ptr
= (uint16_t) (c
& ~0xc0) << 8 | (uint16_t) d
;
1297 if (ptr
< DNS_PACKET_HEADER_SIZE
|| ptr
>= jump_barrier
) {
1302 if (after_rindex
== 0)
1303 after_rindex
= p
->rindex
;
1305 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1314 if (!GREEDY_REALLOC(ret
, allocated
, n
+ 1)) {
1321 if (after_rindex
!= 0)
1322 p
->rindex
= after_rindex
;
1328 *start
= saved_rindex
;
1333 dns_packet_rewind(p
, saved_rindex
);
1337 static int dns_packet_read_type_window(DnsPacket
*p
, Bitmap
**types
, size_t *start
) {
1340 const uint8_t *bitmap
;
1344 size_t saved_rindex
;
1350 saved_rindex
= p
->rindex
;
1352 r
= bitmap_ensure_allocated(types
);
1356 r
= dns_packet_read_uint8(p
, &window
, NULL
);
1360 r
= dns_packet_read_uint8(p
, &length
, NULL
);
1364 if (length
== 0 || length
> 32)
1367 r
= dns_packet_read(p
, length
, (const void **)&bitmap
, NULL
);
1371 for (i
= 0; i
< length
; i
++) {
1372 uint8_t bitmask
= 1 << 7;
1383 if (bitmap
[i
] & bitmask
) {
1386 n
= (uint16_t) window
<< 8 | (uint16_t) bit
;
1388 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1389 if (dns_type_is_pseudo(n
))
1392 r
= bitmap_set(*types
, n
);
1406 *start
= saved_rindex
;
1410 dns_packet_rewind(p
, saved_rindex
);
1414 static int dns_packet_read_type_windows(DnsPacket
*p
, Bitmap
**types
, size_t size
, size_t *start
) {
1415 size_t saved_rindex
;
1418 saved_rindex
= p
->rindex
;
1420 while (p
->rindex
< saved_rindex
+ size
) {
1421 r
= dns_packet_read_type_window(p
, types
, NULL
);
1425 /* don't read past end of current RR */
1426 if (p
->rindex
> saved_rindex
+ size
) {
1432 if (p
->rindex
!= saved_rindex
+ size
) {
1438 *start
= saved_rindex
;
1442 dns_packet_rewind(p
, saved_rindex
);
1446 int dns_packet_read_key(DnsPacket
*p
, DnsResourceKey
**ret
, size_t *start
) {
1447 _cleanup_free_
char *name
= NULL
;
1448 bool cache_flush
= false;
1449 uint16_t class, type
;
1450 DnsResourceKey
*key
;
1451 size_t saved_rindex
;
1457 saved_rindex
= p
->rindex
;
1459 r
= dns_packet_read_name(p
, &name
, true, NULL
);
1463 r
= dns_packet_read_uint16(p
, &type
, NULL
);
1467 r
= dns_packet_read_uint16(p
, &class, NULL
);
1471 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
1472 /* See RFC6762, Section 10.2 */
1474 if (class & MDNS_RR_CACHE_FLUSH
) {
1475 class &= ~MDNS_RR_CACHE_FLUSH
;
1480 key
= dns_resource_key_new_consume(class, type
, name
);
1486 key
->cache_flush
= cache_flush
;
1492 *start
= saved_rindex
;
1496 dns_packet_rewind(p
, saved_rindex
);
1500 static bool loc_size_ok(uint8_t size
) {
1501 uint8_t m
= size
>> 4, e
= size
& 0xF;
1503 return m
<= 9 && e
<= 9 && (m
> 0 || e
== 0);
1506 int dns_packet_read_rr(DnsPacket
*p
, DnsResourceRecord
**ret
, size_t *start
) {
1507 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1508 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1509 size_t saved_rindex
, offset
;
1516 saved_rindex
= p
->rindex
;
1518 r
= dns_packet_read_key(p
, &key
, NULL
);
1522 if (key
->class == DNS_CLASS_ANY
||
1523 key
->type
== DNS_TYPE_ANY
) {
1528 rr
= dns_resource_record_new(key
);
1534 r
= dns_packet_read_uint32(p
, &rr
->ttl
, NULL
);
1538 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
1542 if (p
->rindex
+ rdlength
> p
->size
) {
1549 switch (rr
->key
->type
) {
1552 r
= dns_packet_read_uint16(p
, &rr
->srv
.priority
, NULL
);
1555 r
= dns_packet_read_uint16(p
, &rr
->srv
.weight
, NULL
);
1558 r
= dns_packet_read_uint16(p
, &rr
->srv
.port
, NULL
);
1561 r
= dns_packet_read_name(p
, &rr
->srv
.name
, true, NULL
);
1566 case DNS_TYPE_CNAME
:
1567 case DNS_TYPE_DNAME
:
1568 r
= dns_packet_read_name(p
, &rr
->ptr
.name
, true, NULL
);
1571 case DNS_TYPE_OPT
: /* we only care about the header */
1575 case DNS_TYPE_HINFO
:
1576 r
= dns_packet_read_string(p
, &rr
->hinfo
.cpu
, NULL
);
1580 r
= dns_packet_read_string(p
, &rr
->hinfo
.os
, NULL
);
1583 case DNS_TYPE_SPF
: /* exactly the same as TXT */
1585 if (rdlength
<= 0) {
1587 /* RFC 6763, section 6.1 suggests to treat
1588 * empty TXT RRs as equivalent to a TXT record
1589 * with a single empty string. */
1591 i
= malloc0(offsetof(DnsTxtItem
, data
) + 1); /* for safety reasons we add an extra NUL byte */
1597 DnsTxtItem
*last
= NULL
;
1599 while (p
->rindex
< offset
+ rdlength
) {
1604 r
= dns_packet_read_raw_string(p
, &data
, &sz
, NULL
);
1608 i
= malloc0(offsetof(DnsTxtItem
, data
) + sz
+ 1); /* extra NUL byte at the end */
1612 memcpy(i
->data
, data
, sz
);
1615 LIST_INSERT_AFTER(items
, rr
->txt
.items
, last
, i
);
1624 r
= dns_packet_read_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
1628 r
= dns_packet_read_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
1632 r
= dns_packet_read_name(p
, &rr
->soa
.mname
, true, NULL
);
1636 r
= dns_packet_read_name(p
, &rr
->soa
.rname
, true, NULL
);
1640 r
= dns_packet_read_uint32(p
, &rr
->soa
.serial
, NULL
);
1644 r
= dns_packet_read_uint32(p
, &rr
->soa
.refresh
, NULL
);
1648 r
= dns_packet_read_uint32(p
, &rr
->soa
.retry
, NULL
);
1652 r
= dns_packet_read_uint32(p
, &rr
->soa
.expire
, NULL
);
1656 r
= dns_packet_read_uint32(p
, &rr
->soa
.minimum
, NULL
);
1660 r
= dns_packet_read_uint16(p
, &rr
->mx
.priority
, NULL
);
1664 r
= dns_packet_read_name(p
, &rr
->mx
.exchange
, true, NULL
);
1667 case DNS_TYPE_LOC
: {
1671 r
= dns_packet_read_uint8(p
, &t
, &pos
);
1676 rr
->loc
.version
= t
;
1678 r
= dns_packet_read_uint8(p
, &rr
->loc
.size
, NULL
);
1682 if (!loc_size_ok(rr
->loc
.size
)) {
1687 r
= dns_packet_read_uint8(p
, &rr
->loc
.horiz_pre
, NULL
);
1691 if (!loc_size_ok(rr
->loc
.horiz_pre
)) {
1696 r
= dns_packet_read_uint8(p
, &rr
->loc
.vert_pre
, NULL
);
1700 if (!loc_size_ok(rr
->loc
.vert_pre
)) {
1705 r
= dns_packet_read_uint32(p
, &rr
->loc
.latitude
, NULL
);
1709 r
= dns_packet_read_uint32(p
, &rr
->loc
.longitude
, NULL
);
1713 r
= dns_packet_read_uint32(p
, &rr
->loc
.altitude
, NULL
);
1719 dns_packet_rewind(p
, pos
);
1720 rr
->unparseable
= true;
1726 r
= dns_packet_read_uint16(p
, &rr
->ds
.key_tag
, NULL
);
1730 r
= dns_packet_read_uint8(p
, &rr
->ds
.algorithm
, NULL
);
1734 r
= dns_packet_read_uint8(p
, &rr
->ds
.digest_type
, NULL
);
1738 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1739 &rr
->ds
.digest
, &rr
->ds
.digest_size
,
1744 if (rr
->ds
.digest_size
<= 0) {
1745 /* the accepted size depends on the algorithm, but for now
1746 just ensure that the value is greater than zero */
1752 case DNS_TYPE_SSHFP
:
1753 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.algorithm
, NULL
);
1757 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.fptype
, NULL
);
1761 r
= dns_packet_read_memdup(p
, rdlength
- 2,
1762 &rr
->sshfp
.fingerprint
, &rr
->sshfp
.fingerprint_size
,
1765 if (rr
->sshfp
.fingerprint_size
<= 0) {
1766 /* the accepted size depends on the algorithm, but for now
1767 just ensure that the value is greater than zero */
1774 case DNS_TYPE_DNSKEY
:
1775 r
= dns_packet_read_uint16(p
, &rr
->dnskey
.flags
, NULL
);
1779 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.protocol
, NULL
);
1783 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.algorithm
, NULL
);
1787 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1788 &rr
->dnskey
.key
, &rr
->dnskey
.key_size
,
1791 if (rr
->dnskey
.key_size
<= 0) {
1792 /* the accepted size depends on the algorithm, but for now
1793 just ensure that the value is greater than zero */
1800 case DNS_TYPE_RRSIG
:
1801 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.type_covered
, NULL
);
1805 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.algorithm
, NULL
);
1809 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.labels
, NULL
);
1813 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.original_ttl
, NULL
);
1817 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.expiration
, NULL
);
1821 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.inception
, NULL
);
1825 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.key_tag
, NULL
);
1829 r
= dns_packet_read_name(p
, &rr
->rrsig
.signer
, false, NULL
);
1833 r
= dns_packet_read_memdup(p
, offset
+ rdlength
- p
->rindex
,
1834 &rr
->rrsig
.signature
, &rr
->rrsig
.signature_size
,
1837 if (rr
->rrsig
.signature_size
<= 0) {
1838 /* the accepted size depends on the algorithm, but for now
1839 just ensure that the value is greater than zero */
1846 case DNS_TYPE_NSEC
: {
1849 * RFC6762, section 18.14 explicly states mDNS should use name compression.
1850 * This contradicts RFC3845, section 2.1.1
1853 bool allow_compressed
= p
->protocol
== DNS_PROTOCOL_MDNS
;
1855 r
= dns_packet_read_name(p
, &rr
->nsec
.next_domain_name
, allow_compressed
, NULL
);
1859 r
= dns_packet_read_type_windows(p
, &rr
->nsec
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1863 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1864 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1865 * without the NSEC bit set. */
1869 case DNS_TYPE_NSEC3
: {
1872 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.algorithm
, NULL
);
1876 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.flags
, NULL
);
1880 r
= dns_packet_read_uint16(p
, &rr
->nsec3
.iterations
, NULL
);
1884 /* this may be zero */
1885 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1889 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.salt
, &rr
->nsec3
.salt_size
, NULL
);
1893 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1902 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.next_hashed_name
, &rr
->nsec3
.next_hashed_name_size
, NULL
);
1906 r
= dns_packet_read_type_windows(p
, &rr
->nsec3
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1910 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1916 r
= dns_packet_read_memdup(p
, rdlength
, &rr
->generic
.data
, &rr
->generic
.size
, NULL
);
1923 if (p
->rindex
!= offset
+ rdlength
) {
1932 *start
= saved_rindex
;
1936 dns_packet_rewind(p
, saved_rindex
);
1940 int dns_packet_extract(DnsPacket
*p
) {
1941 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
1942 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
1943 size_t saved_rindex
;
1950 saved_rindex
= p
->rindex
;
1951 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
1953 n
= DNS_PACKET_QDCOUNT(p
);
1955 question
= dns_question_new(n
);
1961 for (i
= 0; i
< n
; i
++) {
1962 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1964 r
= dns_packet_read_key(p
, &key
, NULL
);
1968 r
= dns_question_add(question
, key
);
1974 n
= DNS_PACKET_RRCOUNT(p
);
1976 answer
= dns_answer_new(n
);
1982 for (i
= 0; i
< n
; i
++) {
1983 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1985 r
= dns_packet_read_rr(p
, &rr
, NULL
);
1989 r
= dns_answer_add(answer
, rr
, p
->ifindex
);
1995 p
->question
= question
;
2001 p
->extracted
= true;
2006 p
->rindex
= saved_rindex
;
2010 static const char* const dns_rcode_table
[_DNS_RCODE_MAX_DEFINED
] = {
2011 [DNS_RCODE_SUCCESS
] = "SUCCESS",
2012 [DNS_RCODE_FORMERR
] = "FORMERR",
2013 [DNS_RCODE_SERVFAIL
] = "SERVFAIL",
2014 [DNS_RCODE_NXDOMAIN
] = "NXDOMAIN",
2015 [DNS_RCODE_NOTIMP
] = "NOTIMP",
2016 [DNS_RCODE_REFUSED
] = "REFUSED",
2017 [DNS_RCODE_YXDOMAIN
] = "YXDOMAIN",
2018 [DNS_RCODE_YXRRSET
] = "YRRSET",
2019 [DNS_RCODE_NXRRSET
] = "NXRRSET",
2020 [DNS_RCODE_NOTAUTH
] = "NOTAUTH",
2021 [DNS_RCODE_NOTZONE
] = "NOTZONE",
2022 [DNS_RCODE_BADVERS
] = "BADVERS",
2023 [DNS_RCODE_BADKEY
] = "BADKEY",
2024 [DNS_RCODE_BADTIME
] = "BADTIME",
2025 [DNS_RCODE_BADMODE
] = "BADMODE",
2026 [DNS_RCODE_BADNAME
] = "BADNAME",
2027 [DNS_RCODE_BADALG
] = "BADALG",
2028 [DNS_RCODE_BADTRUNC
] = "BADTRUNC",
2030 DEFINE_STRING_TABLE_LOOKUP(dns_rcode
, int);
2032 static const char* const dns_protocol_table
[_DNS_PROTOCOL_MAX
] = {
2033 [DNS_PROTOCOL_DNS
] = "dns",
2034 [DNS_PROTOCOL_MDNS
] = "mdns",
2035 [DNS_PROTOCOL_LLMNR
] = "llmnr",
2037 DEFINE_STRING_TABLE_LOOKUP(dns_protocol
, DnsProtocol
);