1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
27 #include "unaligned.h"
31 #define EDNS0_OPT_DO (1<<15)
33 int dns_packet_new(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
) {
39 if (mtu
<= UDP_PACKET_HEADER_SIZE
)
40 a
= DNS_PACKET_SIZE_START
;
42 a
= mtu
- UDP_PACKET_HEADER_SIZE
;
44 if (a
< DNS_PACKET_HEADER_SIZE
)
45 a
= DNS_PACKET_HEADER_SIZE
;
47 /* round up to next page size */
48 a
= PAGE_ALIGN(ALIGN(sizeof(DnsPacket
)) + a
) - ALIGN(sizeof(DnsPacket
));
50 /* make sure we never allocate more than useful */
51 if (a
> DNS_PACKET_SIZE_MAX
)
52 a
= DNS_PACKET_SIZE_MAX
;
54 p
= malloc0(ALIGN(sizeof(DnsPacket
)) + a
);
58 p
->size
= p
->rindex
= DNS_PACKET_HEADER_SIZE
;
60 p
->protocol
= protocol
;
61 p
->opt_start
= p
->opt_size
= (size_t) -1;
69 void dns_packet_set_flags(DnsPacket
*p
, bool dnssec_checking_disabled
, bool truncated
) {
75 h
= DNS_PACKET_HEADER(p
);
78 case DNS_PROTOCOL_LLMNR
:
81 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
92 case DNS_PROTOCOL_MDNS
:
93 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
97 0 /* rd (ask for recursion) */,
107 h
->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
111 1 /* rd (ask for recursion) */,
114 dnssec_checking_disabled
/* cd */,
119 int dns_packet_new_query(DnsPacket
**ret
, DnsProtocol protocol
, size_t mtu
, bool dnssec_checking_disabled
) {
125 r
= dns_packet_new(&p
, protocol
, mtu
);
129 /* Always set the TC bit to 0 initially.
130 * If there are multiple packets later, we'll update the bit shortly before sending.
132 dns_packet_set_flags(p
, dnssec_checking_disabled
, false);
138 DnsPacket
*dns_packet_ref(DnsPacket
*p
) {
143 assert(!p
->on_stack
);
145 assert(p
->n_ref
> 0);
150 static void dns_packet_free(DnsPacket
*p
) {
155 dns_question_unref(p
->question
);
156 dns_answer_unref(p
->answer
);
157 dns_resource_record_unref(p
->opt
);
159 while ((s
= hashmap_steal_first_key(p
->names
)))
161 hashmap_free(p
->names
);
169 DnsPacket
*dns_packet_unref(DnsPacket
*p
) {
173 assert(p
->n_ref
> 0);
175 dns_packet_unref(p
->more
);
185 int dns_packet_validate(DnsPacket
*p
) {
188 if (p
->size
< DNS_PACKET_HEADER_SIZE
)
191 if (p
->size
> DNS_PACKET_SIZE_MAX
)
197 int dns_packet_validate_reply(DnsPacket
*p
) {
202 r
= dns_packet_validate(p
);
206 if (DNS_PACKET_QR(p
) != 1)
209 if (DNS_PACKET_OPCODE(p
) != 0)
212 switch (p
->protocol
) {
214 case DNS_PROTOCOL_LLMNR
:
215 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
216 if (DNS_PACKET_QDCOUNT(p
) != 1)
221 case DNS_PROTOCOL_MDNS
:
222 /* RFC 6762, Section 18 */
223 if (DNS_PACKET_RCODE(p
) != 0)
235 int dns_packet_validate_query(DnsPacket
*p
) {
240 r
= dns_packet_validate(p
);
244 if (DNS_PACKET_QR(p
) != 0)
247 if (DNS_PACKET_OPCODE(p
) != 0)
250 if (DNS_PACKET_TC(p
))
253 switch (p
->protocol
) {
255 case DNS_PROTOCOL_LLMNR
:
256 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
257 if (DNS_PACKET_QDCOUNT(p
) != 1)
260 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
261 if (DNS_PACKET_ANCOUNT(p
) > 0)
264 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
265 if (DNS_PACKET_NSCOUNT(p
) > 0)
270 case DNS_PROTOCOL_MDNS
:
271 /* RFC 6762, Section 18 */
272 if (DNS_PACKET_AA(p
) != 0 ||
273 DNS_PACKET_RD(p
) != 0 ||
274 DNS_PACKET_RA(p
) != 0 ||
275 DNS_PACKET_AD(p
) != 0 ||
276 DNS_PACKET_CD(p
) != 0 ||
277 DNS_PACKET_RCODE(p
) != 0)
289 static int dns_packet_extend(DnsPacket
*p
, size_t add
, void **ret
, size_t *start
) {
292 if (p
->size
+ add
> p
->allocated
) {
295 a
= PAGE_ALIGN((p
->size
+ add
) * 2);
296 if (a
> DNS_PACKET_SIZE_MAX
)
297 a
= DNS_PACKET_SIZE_MAX
;
299 if (p
->size
+ add
> a
)
305 d
= realloc(p
->_data
, a
);
311 p
->_data
= malloc(a
);
315 memcpy(p
->_data
, (uint8_t*) p
+ ALIGN(sizeof(DnsPacket
)), p
->size
);
316 memzero((uint8_t*) p
->_data
+ p
->size
, a
- p
->size
);
326 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->size
;
332 void dns_packet_truncate(DnsPacket
*p
, size_t sz
) {
342 HASHMAP_FOREACH_KEY(n
, s
, p
->names
, i
) {
344 if (PTR_TO_SIZE(n
) < sz
)
347 hashmap_remove(p
->names
, s
);
354 int dns_packet_append_blob(DnsPacket
*p
, const void *d
, size_t l
, size_t *start
) {
360 r
= dns_packet_extend(p
, l
, &q
, start
);
368 int dns_packet_append_uint8(DnsPacket
*p
, uint8_t v
, size_t *start
) {
374 r
= dns_packet_extend(p
, sizeof(uint8_t), &d
, start
);
378 ((uint8_t*) d
)[0] = v
;
383 int dns_packet_append_uint16(DnsPacket
*p
, uint16_t v
, size_t *start
) {
389 r
= dns_packet_extend(p
, sizeof(uint16_t), &d
, start
);
393 unaligned_write_be16(d
, v
);
398 int dns_packet_append_uint32(DnsPacket
*p
, uint32_t v
, size_t *start
) {
404 r
= dns_packet_extend(p
, sizeof(uint32_t), &d
, start
);
408 unaligned_write_be32(d
, v
);
413 int dns_packet_append_string(DnsPacket
*p
, const char *s
, size_t *start
) {
417 return dns_packet_append_raw_string(p
, s
, strlen(s
), start
);
420 int dns_packet_append_raw_string(DnsPacket
*p
, const void *s
, size_t size
, size_t *start
) {
425 assert(s
|| size
== 0);
430 r
= dns_packet_extend(p
, 1 + size
, &d
, start
);
434 ((uint8_t*) d
)[0] = (uint8_t) size
;
437 memcpy(((uint8_t*) d
) + 1, s
, size
);
442 int dns_packet_append_label(DnsPacket
*p
, const char *d
, size_t l
, bool canonical_candidate
, size_t *start
) {
446 /* Append a label to a packet. Optionally, does this in DNSSEC
447 * canonical form, if this label is marked as a candidate for
448 * it, and the canonical form logic is enabled for the
454 if (l
> DNS_LABEL_MAX
)
457 r
= dns_packet_extend(p
, 1 + l
, (void**) &w
, start
);
461 *(w
++) = (uint8_t) l
;
463 if (p
->canonical_form
&& canonical_candidate
) {
466 /* Generate in canonical form, as defined by DNSSEC
467 * RFC 4034, Section 6.2, i.e. all lower-case. */
469 for (i
= 0; i
< l
; i
++)
470 w
[i
] = (uint8_t) ascii_tolower(d
[i
]);
472 /* Otherwise, just copy the string unaltered. This is
473 * essential for DNS-SD, where the casing of labels
474 * matters and needs to be retained. */
480 int dns_packet_append_name(
483 bool allow_compression
,
484 bool canonical_candidate
,
493 if (p
->refuse_compression
)
494 allow_compression
= false;
496 saved_size
= p
->size
;
498 while (!dns_name_is_root(name
)) {
499 const char *z
= name
;
500 char label
[DNS_LABEL_MAX
];
504 if (allow_compression
)
505 n
= PTR_TO_SIZE(hashmap_get(p
->names
, name
));
510 r
= dns_packet_append_uint16(p
, 0xC000 | n
, NULL
);
518 r
= dns_label_unescape(&name
, label
, sizeof(label
));
522 if (p
->protocol
== DNS_PROTOCOL_DNS
)
523 k
= dns_label_apply_idna(label
, r
, label
, sizeof(label
));
525 k
= dns_label_undo_idna(label
, r
, label
, sizeof(label
));
533 r
= dns_packet_append_label(p
, label
, r
, canonical_candidate
, &n
);
537 if (allow_compression
) {
538 _cleanup_free_
char *s
= NULL
;
546 r
= hashmap_ensure_allocated(&p
->names
, &dns_name_hash_ops
);
550 r
= hashmap_put(p
->names
, s
, SIZE_TO_PTR(n
));
558 r
= dns_packet_append_uint8(p
, 0, NULL
);
569 dns_packet_truncate(p
, saved_size
);
573 int dns_packet_append_key(DnsPacket
*p
, const DnsResourceKey
*k
, size_t *start
) {
580 saved_size
= p
->size
;
582 r
= dns_packet_append_name(p
, DNS_RESOURCE_KEY_NAME(k
), true, true, NULL
);
586 r
= dns_packet_append_uint16(p
, k
->type
, NULL
);
590 r
= dns_packet_append_uint16(p
, k
->class, NULL
);
600 dns_packet_truncate(p
, saved_size
);
604 static int dns_packet_append_type_window(DnsPacket
*p
, uint8_t window
, uint8_t length
, const uint8_t *types
, size_t *start
) {
612 saved_size
= p
->size
;
614 r
= dns_packet_append_uint8(p
, window
, NULL
);
618 r
= dns_packet_append_uint8(p
, length
, NULL
);
622 r
= dns_packet_append_blob(p
, types
, length
, NULL
);
631 dns_packet_truncate(p
, saved_size
);
635 static int dns_packet_append_types(DnsPacket
*p
, Bitmap
*types
, size_t *start
) {
639 uint8_t bitmaps
[32] = {};
646 saved_size
= p
->size
;
648 BITMAP_FOREACH(n
, types
, i
) {
651 if ((n
>> 8) != window
&& bitmaps
[entry
/ 8] != 0) {
652 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
662 bitmaps
[entry
/ 8] |= 1 << (7 - (entry
% 8));
665 if (bitmaps
[entry
/ 8] != 0) {
666 r
= dns_packet_append_type_window(p
, window
, entry
/ 8 + 1, bitmaps
, NULL
);
676 dns_packet_truncate(p
, saved_size
);
680 /* Append the OPT pseudo-RR described in RFC6891 */
681 int dns_packet_append_opt(DnsPacket
*p
, uint16_t max_udp_size
, bool edns0_do
, size_t *start
) {
686 /* we must never advertise supported packet size smaller than the legacy max */
687 assert(max_udp_size
>= DNS_PACKET_UNICAST_SIZE_MAX
);
689 if (p
->opt_start
!= (size_t) -1)
692 assert(p
->opt_size
== (size_t) -1);
694 saved_size
= p
->size
;
697 r
= dns_packet_append_uint8(p
, 0, NULL
);
702 r
= dns_packet_append_uint16(p
, DNS_TYPE_OPT
, NULL
);
706 /* maximum udp packet that can be received */
707 r
= dns_packet_append_uint16(p
, max_udp_size
, NULL
);
711 /* extended RCODE and VERSION */
712 r
= dns_packet_append_uint16(p
, 0, NULL
);
716 /* flags: DNSSEC OK (DO), see RFC3225 */
717 r
= dns_packet_append_uint16(p
, edns0_do
? EDNS0_OPT_DO
: 0, NULL
);
724 /* If DO is on, also append RFC6975 Algorithm data */
726 static const uint8_t rfc6975
[] = {
728 0, 5, /* OPTION_CODE: DAU */
729 0, 6, /* LIST_LENGTH */
730 DNSSEC_ALGORITHM_RSASHA1
,
731 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1
,
732 DNSSEC_ALGORITHM_RSASHA256
,
733 DNSSEC_ALGORITHM_RSASHA512
,
734 DNSSEC_ALGORITHM_ECDSAP256SHA256
,
735 DNSSEC_ALGORITHM_ECDSAP384SHA384
,
737 0, 6, /* OPTION_CODE: DHU */
738 0, 3, /* LIST_LENGTH */
740 DNSSEC_DIGEST_SHA256
,
741 DNSSEC_DIGEST_SHA384
,
743 0, 7, /* OPTION_CODE: N3U */
744 0, 1, /* LIST_LENGTH */
745 NSEC3_ALGORITHM_SHA1
,
748 r
= dns_packet_append_uint16(p
, sizeof(rfc6975
), NULL
);
752 r
= dns_packet_append_blob(p
, rfc6975
, sizeof(rfc6975
), NULL
);
754 r
= dns_packet_append_uint16(p
, 0, NULL
);
759 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) + 1);
761 p
->opt_start
= saved_size
;
762 p
->opt_size
= p
->size
- saved_size
;
770 dns_packet_truncate(p
, saved_size
);
774 int dns_packet_truncate_opt(DnsPacket
*p
) {
777 if (p
->opt_start
== (size_t) -1) {
778 assert(p
->opt_size
== (size_t) -1);
782 assert(p
->opt_size
!= (size_t) -1);
783 assert(DNS_PACKET_ARCOUNT(p
) > 0);
785 if (p
->opt_start
+ p
->opt_size
!= p
->size
)
788 dns_packet_truncate(p
, p
->opt_start
);
789 DNS_PACKET_HEADER(p
)->arcount
= htobe16(DNS_PACKET_ARCOUNT(p
) - 1);
790 p
->opt_start
= p
->opt_size
= (size_t) -1;
795 int dns_packet_append_rr(DnsPacket
*p
, const DnsResourceRecord
*rr
, size_t *start
, size_t *rdata_start
) {
796 size_t saved_size
, rdlength_offset
, end
, rdlength
, rds
;
802 saved_size
= p
->size
;
804 r
= dns_packet_append_key(p
, rr
->key
, NULL
);
808 r
= dns_packet_append_uint32(p
, rr
->ttl
, NULL
);
812 /* Initially we write 0 here */
813 r
= dns_packet_append_uint16(p
, 0, &rdlength_offset
);
817 rds
= p
->size
- saved_size
;
819 switch (rr
->unparseable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
822 r
= dns_packet_append_uint16(p
, rr
->srv
.priority
, NULL
);
826 r
= dns_packet_append_uint16(p
, rr
->srv
.weight
, NULL
);
830 r
= dns_packet_append_uint16(p
, rr
->srv
.port
, NULL
);
834 r
= dns_packet_append_name(p
, rr
->srv
.name
, true, false, NULL
);
841 r
= dns_packet_append_name(p
, rr
->ptr
.name
, true, false, NULL
);
845 r
= dns_packet_append_string(p
, rr
->hinfo
.cpu
, NULL
);
849 r
= dns_packet_append_string(p
, rr
->hinfo
.os
, NULL
);
852 case DNS_TYPE_SPF
: /* exactly the same as TXT */
855 if (!rr
->txt
.items
) {
856 /* RFC 6763, section 6.1 suggests to generate
857 * single empty string for an empty array. */
859 r
= dns_packet_append_raw_string(p
, NULL
, 0, NULL
);
865 LIST_FOREACH(items
, i
, rr
->txt
.items
) {
866 r
= dns_packet_append_raw_string(p
, i
->data
, i
->length
, NULL
);
876 r
= dns_packet_append_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
880 r
= dns_packet_append_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
884 r
= dns_packet_append_name(p
, rr
->soa
.mname
, true, false, NULL
);
888 r
= dns_packet_append_name(p
, rr
->soa
.rname
, true, false, NULL
);
892 r
= dns_packet_append_uint32(p
, rr
->soa
.serial
, NULL
);
896 r
= dns_packet_append_uint32(p
, rr
->soa
.refresh
, NULL
);
900 r
= dns_packet_append_uint32(p
, rr
->soa
.retry
, NULL
);
904 r
= dns_packet_append_uint32(p
, rr
->soa
.expire
, NULL
);
908 r
= dns_packet_append_uint32(p
, rr
->soa
.minimum
, NULL
);
912 r
= dns_packet_append_uint16(p
, rr
->mx
.priority
, NULL
);
916 r
= dns_packet_append_name(p
, rr
->mx
.exchange
, true, false, NULL
);
920 r
= dns_packet_append_uint8(p
, rr
->loc
.version
, NULL
);
924 r
= dns_packet_append_uint8(p
, rr
->loc
.size
, NULL
);
928 r
= dns_packet_append_uint8(p
, rr
->loc
.horiz_pre
, NULL
);
932 r
= dns_packet_append_uint8(p
, rr
->loc
.vert_pre
, NULL
);
936 r
= dns_packet_append_uint32(p
, rr
->loc
.latitude
, NULL
);
940 r
= dns_packet_append_uint32(p
, rr
->loc
.longitude
, NULL
);
944 r
= dns_packet_append_uint32(p
, rr
->loc
.altitude
, NULL
);
948 r
= dns_packet_append_uint16(p
, rr
->ds
.key_tag
, NULL
);
952 r
= dns_packet_append_uint8(p
, rr
->ds
.algorithm
, NULL
);
956 r
= dns_packet_append_uint8(p
, rr
->ds
.digest_type
, NULL
);
960 r
= dns_packet_append_blob(p
, rr
->ds
.digest
, rr
->ds
.digest_size
, NULL
);
964 r
= dns_packet_append_uint8(p
, rr
->sshfp
.algorithm
, NULL
);
968 r
= dns_packet_append_uint8(p
, rr
->sshfp
.fptype
, NULL
);
972 r
= dns_packet_append_blob(p
, rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, NULL
);
975 case DNS_TYPE_DNSKEY
:
976 r
= dns_packet_append_uint16(p
, rr
->dnskey
.flags
, NULL
);
980 r
= dns_packet_append_uint8(p
, rr
->dnskey
.protocol
, NULL
);
984 r
= dns_packet_append_uint8(p
, rr
->dnskey
.algorithm
, NULL
);
988 r
= dns_packet_append_blob(p
, rr
->dnskey
.key
, rr
->dnskey
.key_size
, NULL
);
992 r
= dns_packet_append_uint16(p
, rr
->rrsig
.type_covered
, NULL
);
996 r
= dns_packet_append_uint8(p
, rr
->rrsig
.algorithm
, NULL
);
1000 r
= dns_packet_append_uint8(p
, rr
->rrsig
.labels
, NULL
);
1004 r
= dns_packet_append_uint32(p
, rr
->rrsig
.original_ttl
, NULL
);
1008 r
= dns_packet_append_uint32(p
, rr
->rrsig
.expiration
, NULL
);
1012 r
= dns_packet_append_uint32(p
, rr
->rrsig
.inception
, NULL
);
1016 r
= dns_packet_append_uint16(p
, rr
->rrsig
.key_tag
, NULL
);
1020 r
= dns_packet_append_name(p
, rr
->rrsig
.signer
, false, true, NULL
);
1024 r
= dns_packet_append_blob(p
, rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, NULL
);
1028 r
= dns_packet_append_name(p
, rr
->nsec
.next_domain_name
, false, false, NULL
);
1032 r
= dns_packet_append_types(p
, rr
->nsec
.types
, NULL
);
1038 case DNS_TYPE_NSEC3
:
1039 r
= dns_packet_append_uint8(p
, rr
->nsec3
.algorithm
, NULL
);
1043 r
= dns_packet_append_uint8(p
, rr
->nsec3
.flags
, NULL
);
1047 r
= dns_packet_append_uint16(p
, rr
->nsec3
.iterations
, NULL
);
1051 r
= dns_packet_append_uint8(p
, rr
->nsec3
.salt_size
, NULL
);
1055 r
= dns_packet_append_blob(p
, rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, NULL
);
1059 r
= dns_packet_append_uint8(p
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1063 r
= dns_packet_append_blob(p
, rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, NULL
);
1067 r
= dns_packet_append_types(p
, rr
->nsec3
.types
, NULL
);
1074 case _DNS_TYPE_INVALID
: /* unparseable */
1077 r
= dns_packet_append_blob(p
, rr
->generic
.data
, rr
->generic
.size
, NULL
);
1083 /* Let's calculate the actual data size and update the field */
1084 rdlength
= p
->size
- rdlength_offset
- sizeof(uint16_t);
1085 if (rdlength
> 0xFFFF) {
1091 p
->size
= rdlength_offset
;
1092 r
= dns_packet_append_uint16(p
, rdlength
, NULL
);
1098 *start
= saved_size
;
1106 dns_packet_truncate(p
, saved_size
);
1110 int dns_packet_read(DnsPacket
*p
, size_t sz
, const void **ret
, size_t *start
) {
1113 if (p
->rindex
+ sz
> p
->size
)
1117 *ret
= (uint8_t*) DNS_PACKET_DATA(p
) + p
->rindex
;
1126 void dns_packet_rewind(DnsPacket
*p
, size_t idx
) {
1128 assert(idx
<= p
->size
);
1129 assert(idx
>= DNS_PACKET_HEADER_SIZE
);
1134 int dns_packet_read_blob(DnsPacket
*p
, void *d
, size_t sz
, size_t *start
) {
1141 r
= dns_packet_read(p
, sz
, &q
, start
);
1149 static int dns_packet_read_memdup(
1150 DnsPacket
*p
, size_t size
,
1151 void **ret
, size_t *ret_size
,
1152 size_t *ret_start
) {
1161 r
= dns_packet_read(p
, size
, &src
, &start
);
1170 copy
= memdup(src
, size
);
1185 int dns_packet_read_uint8(DnsPacket
*p
, uint8_t *ret
, size_t *start
) {
1191 r
= dns_packet_read(p
, sizeof(uint8_t), &d
, start
);
1195 *ret
= ((uint8_t*) d
)[0];
1199 int dns_packet_read_uint16(DnsPacket
*p
, uint16_t *ret
, size_t *start
) {
1205 r
= dns_packet_read(p
, sizeof(uint16_t), &d
, start
);
1209 *ret
= unaligned_read_be16(d
);
1214 int dns_packet_read_uint32(DnsPacket
*p
, uint32_t *ret
, size_t *start
) {
1220 r
= dns_packet_read(p
, sizeof(uint32_t), &d
, start
);
1224 *ret
= unaligned_read_be32(d
);
1229 int dns_packet_read_string(DnsPacket
*p
, char **ret
, size_t *start
) {
1230 size_t saved_rindex
;
1238 saved_rindex
= p
->rindex
;
1240 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1244 r
= dns_packet_read(p
, c
, &d
, NULL
);
1248 if (memchr(d
, 0, c
)) {
1259 if (!utf8_is_valid(t
)) {
1268 *start
= saved_rindex
;
1273 dns_packet_rewind(p
, saved_rindex
);
1277 int dns_packet_read_raw_string(DnsPacket
*p
, const void **ret
, size_t *size
, size_t *start
) {
1278 size_t saved_rindex
;
1284 saved_rindex
= p
->rindex
;
1286 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1290 r
= dns_packet_read(p
, c
, ret
, NULL
);
1297 *start
= saved_rindex
;
1302 dns_packet_rewind(p
, saved_rindex
);
1306 int dns_packet_read_name(
1309 bool allow_compression
,
1312 size_t saved_rindex
, after_rindex
= 0, jump_barrier
;
1313 _cleanup_free_
char *ret
= NULL
;
1314 size_t n
= 0, allocated
= 0;
1321 if (p
->refuse_compression
)
1322 allow_compression
= false;
1324 saved_rindex
= p
->rindex
;
1325 jump_barrier
= p
->rindex
;
1330 r
= dns_packet_read_uint8(p
, &c
, NULL
);
1341 r
= dns_packet_read(p
, c
, (const void**) &label
, NULL
);
1345 if (!GREEDY_REALLOC(ret
, allocated
, n
+ !first
+ DNS_LABEL_ESCAPED_MAX
)) {
1355 r
= dns_label_escape(label
, c
, ret
+ n
, DNS_LABEL_ESCAPED_MAX
);
1361 } else if (allow_compression
&& (c
& 0xc0) == 0xc0) {
1365 r
= dns_packet_read_uint8(p
, &d
, NULL
);
1369 ptr
= (uint16_t) (c
& ~0xc0) << 8 | (uint16_t) d
;
1370 if (ptr
< DNS_PACKET_HEADER_SIZE
|| ptr
>= jump_barrier
) {
1375 if (after_rindex
== 0)
1376 after_rindex
= p
->rindex
;
1378 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1387 if (!GREEDY_REALLOC(ret
, allocated
, n
+ 1)) {
1394 if (after_rindex
!= 0)
1395 p
->rindex
= after_rindex
;
1401 *start
= saved_rindex
;
1406 dns_packet_rewind(p
, saved_rindex
);
1410 static int dns_packet_read_type_window(DnsPacket
*p
, Bitmap
**types
, size_t *start
) {
1413 const uint8_t *bitmap
;
1417 size_t saved_rindex
;
1423 saved_rindex
= p
->rindex
;
1425 r
= bitmap_ensure_allocated(types
);
1429 r
= dns_packet_read_uint8(p
, &window
, NULL
);
1433 r
= dns_packet_read_uint8(p
, &length
, NULL
);
1437 if (length
== 0 || length
> 32)
1440 r
= dns_packet_read(p
, length
, (const void **)&bitmap
, NULL
);
1444 for (i
= 0; i
< length
; i
++) {
1445 uint8_t bitmask
= 1 << 7;
1456 if (bitmap
[i
] & bitmask
) {
1459 n
= (uint16_t) window
<< 8 | (uint16_t) bit
;
1461 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1462 if (dns_type_is_pseudo(n
))
1465 r
= bitmap_set(*types
, n
);
1479 *start
= saved_rindex
;
1483 dns_packet_rewind(p
, saved_rindex
);
1487 static int dns_packet_read_type_windows(DnsPacket
*p
, Bitmap
**types
, size_t size
, size_t *start
) {
1488 size_t saved_rindex
;
1491 saved_rindex
= p
->rindex
;
1493 while (p
->rindex
< saved_rindex
+ size
) {
1494 r
= dns_packet_read_type_window(p
, types
, NULL
);
1498 /* don't read past end of current RR */
1499 if (p
->rindex
> saved_rindex
+ size
) {
1505 if (p
->rindex
!= saved_rindex
+ size
) {
1511 *start
= saved_rindex
;
1515 dns_packet_rewind(p
, saved_rindex
);
1519 int dns_packet_read_key(DnsPacket
*p
, DnsResourceKey
**ret
, bool *ret_cache_flush
, size_t *start
) {
1520 _cleanup_free_
char *name
= NULL
;
1521 bool cache_flush
= false;
1522 uint16_t class, type
;
1523 DnsResourceKey
*key
;
1524 size_t saved_rindex
;
1530 saved_rindex
= p
->rindex
;
1532 r
= dns_packet_read_name(p
, &name
, true, NULL
);
1536 r
= dns_packet_read_uint16(p
, &type
, NULL
);
1540 r
= dns_packet_read_uint16(p
, &class, NULL
);
1544 if (p
->protocol
== DNS_PROTOCOL_MDNS
) {
1545 /* See RFC6762, Section 10.2 */
1547 if (type
!= DNS_TYPE_OPT
&& (class & MDNS_RR_CACHE_FLUSH
)) {
1548 class &= ~MDNS_RR_CACHE_FLUSH
;
1553 key
= dns_resource_key_new_consume(class, type
, name
);
1562 if (ret_cache_flush
)
1563 *ret_cache_flush
= cache_flush
;
1565 *start
= saved_rindex
;
1569 dns_packet_rewind(p
, saved_rindex
);
1573 static bool loc_size_ok(uint8_t size
) {
1574 uint8_t m
= size
>> 4, e
= size
& 0xF;
1576 return m
<= 9 && e
<= 9 && (m
> 0 || e
== 0);
1579 int dns_packet_read_rr(DnsPacket
*p
, DnsResourceRecord
**ret
, bool *ret_cache_flush
, size_t *start
) {
1580 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
1581 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
1582 size_t saved_rindex
, offset
;
1590 saved_rindex
= p
->rindex
;
1592 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
1596 if (!dns_class_is_valid_rr(key
->class)||
1597 !dns_type_is_valid_rr(key
->type
)) {
1602 rr
= dns_resource_record_new(key
);
1608 r
= dns_packet_read_uint32(p
, &rr
->ttl
, NULL
);
1612 /* RFC 2181, Section 8, suggests to
1613 * treat a TTL with the MSB set as a zero TTL. */
1614 if (rr
->ttl
& UINT32_C(0x80000000))
1617 r
= dns_packet_read_uint16(p
, &rdlength
, NULL
);
1621 if (p
->rindex
+ rdlength
> p
->size
) {
1628 switch (rr
->key
->type
) {
1631 r
= dns_packet_read_uint16(p
, &rr
->srv
.priority
, NULL
);
1634 r
= dns_packet_read_uint16(p
, &rr
->srv
.weight
, NULL
);
1637 r
= dns_packet_read_uint16(p
, &rr
->srv
.port
, NULL
);
1640 r
= dns_packet_read_name(p
, &rr
->srv
.name
, true, NULL
);
1645 case DNS_TYPE_CNAME
:
1646 case DNS_TYPE_DNAME
:
1647 r
= dns_packet_read_name(p
, &rr
->ptr
.name
, true, NULL
);
1650 case DNS_TYPE_HINFO
:
1651 r
= dns_packet_read_string(p
, &rr
->hinfo
.cpu
, NULL
);
1655 r
= dns_packet_read_string(p
, &rr
->hinfo
.os
, NULL
);
1658 case DNS_TYPE_SPF
: /* exactly the same as TXT */
1660 if (rdlength
<= 0) {
1662 /* RFC 6763, section 6.1 suggests to treat
1663 * empty TXT RRs as equivalent to a TXT record
1664 * with a single empty string. */
1666 i
= malloc0(offsetof(DnsTxtItem
, data
) + 1); /* for safety reasons we add an extra NUL byte */
1672 DnsTxtItem
*last
= NULL
;
1674 while (p
->rindex
< offset
+ rdlength
) {
1679 r
= dns_packet_read_raw_string(p
, &data
, &sz
, NULL
);
1683 i
= malloc0(offsetof(DnsTxtItem
, data
) + sz
+ 1); /* extra NUL byte at the end */
1687 memcpy(i
->data
, data
, sz
);
1690 LIST_INSERT_AFTER(items
, rr
->txt
.items
, last
, i
);
1699 r
= dns_packet_read_blob(p
, &rr
->a
.in_addr
, sizeof(struct in_addr
), NULL
);
1703 r
= dns_packet_read_blob(p
, &rr
->aaaa
.in6_addr
, sizeof(struct in6_addr
), NULL
);
1707 r
= dns_packet_read_name(p
, &rr
->soa
.mname
, true, NULL
);
1711 r
= dns_packet_read_name(p
, &rr
->soa
.rname
, true, NULL
);
1715 r
= dns_packet_read_uint32(p
, &rr
->soa
.serial
, NULL
);
1719 r
= dns_packet_read_uint32(p
, &rr
->soa
.refresh
, NULL
);
1723 r
= dns_packet_read_uint32(p
, &rr
->soa
.retry
, NULL
);
1727 r
= dns_packet_read_uint32(p
, &rr
->soa
.expire
, NULL
);
1731 r
= dns_packet_read_uint32(p
, &rr
->soa
.minimum
, NULL
);
1735 r
= dns_packet_read_uint16(p
, &rr
->mx
.priority
, NULL
);
1739 r
= dns_packet_read_name(p
, &rr
->mx
.exchange
, true, NULL
);
1742 case DNS_TYPE_LOC
: {
1746 r
= dns_packet_read_uint8(p
, &t
, &pos
);
1751 rr
->loc
.version
= t
;
1753 r
= dns_packet_read_uint8(p
, &rr
->loc
.size
, NULL
);
1757 if (!loc_size_ok(rr
->loc
.size
)) {
1762 r
= dns_packet_read_uint8(p
, &rr
->loc
.horiz_pre
, NULL
);
1766 if (!loc_size_ok(rr
->loc
.horiz_pre
)) {
1771 r
= dns_packet_read_uint8(p
, &rr
->loc
.vert_pre
, NULL
);
1775 if (!loc_size_ok(rr
->loc
.vert_pre
)) {
1780 r
= dns_packet_read_uint32(p
, &rr
->loc
.latitude
, NULL
);
1784 r
= dns_packet_read_uint32(p
, &rr
->loc
.longitude
, NULL
);
1788 r
= dns_packet_read_uint32(p
, &rr
->loc
.altitude
, NULL
);
1794 dns_packet_rewind(p
, pos
);
1795 rr
->unparseable
= true;
1801 r
= dns_packet_read_uint16(p
, &rr
->ds
.key_tag
, NULL
);
1805 r
= dns_packet_read_uint8(p
, &rr
->ds
.algorithm
, NULL
);
1809 r
= dns_packet_read_uint8(p
, &rr
->ds
.digest_type
, NULL
);
1813 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1814 &rr
->ds
.digest
, &rr
->ds
.digest_size
,
1819 if (rr
->ds
.digest_size
<= 0) {
1820 /* the accepted size depends on the algorithm, but for now
1821 just ensure that the value is greater than zero */
1828 case DNS_TYPE_SSHFP
:
1829 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.algorithm
, NULL
);
1833 r
= dns_packet_read_uint8(p
, &rr
->sshfp
.fptype
, NULL
);
1837 r
= dns_packet_read_memdup(p
, rdlength
- 2,
1838 &rr
->sshfp
.fingerprint
, &rr
->sshfp
.fingerprint_size
,
1841 if (rr
->sshfp
.fingerprint_size
<= 0) {
1842 /* the accepted size depends on the algorithm, but for now
1843 just ensure that the value is greater than zero */
1850 case DNS_TYPE_DNSKEY
:
1851 r
= dns_packet_read_uint16(p
, &rr
->dnskey
.flags
, NULL
);
1855 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.protocol
, NULL
);
1859 r
= dns_packet_read_uint8(p
, &rr
->dnskey
.algorithm
, NULL
);
1863 r
= dns_packet_read_memdup(p
, rdlength
- 4,
1864 &rr
->dnskey
.key
, &rr
->dnskey
.key_size
,
1867 if (rr
->dnskey
.key_size
<= 0) {
1868 /* the accepted size depends on the algorithm, but for now
1869 just ensure that the value is greater than zero */
1876 case DNS_TYPE_RRSIG
:
1877 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.type_covered
, NULL
);
1881 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.algorithm
, NULL
);
1885 r
= dns_packet_read_uint8(p
, &rr
->rrsig
.labels
, NULL
);
1889 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.original_ttl
, NULL
);
1893 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.expiration
, NULL
);
1897 r
= dns_packet_read_uint32(p
, &rr
->rrsig
.inception
, NULL
);
1901 r
= dns_packet_read_uint16(p
, &rr
->rrsig
.key_tag
, NULL
);
1905 r
= dns_packet_read_name(p
, &rr
->rrsig
.signer
, false, NULL
);
1909 r
= dns_packet_read_memdup(p
, offset
+ rdlength
- p
->rindex
,
1910 &rr
->rrsig
.signature
, &rr
->rrsig
.signature_size
,
1913 if (rr
->rrsig
.signature_size
<= 0) {
1914 /* the accepted size depends on the algorithm, but for now
1915 just ensure that the value is greater than zero */
1922 case DNS_TYPE_NSEC
: {
1925 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1926 * This contradicts RFC3845, section 2.1.1
1929 bool allow_compressed
= p
->protocol
== DNS_PROTOCOL_MDNS
;
1931 r
= dns_packet_read_name(p
, &rr
->nsec
.next_domain_name
, allow_compressed
, NULL
);
1935 r
= dns_packet_read_type_windows(p
, &rr
->nsec
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1939 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1940 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1941 * without the NSEC bit set. */
1945 case DNS_TYPE_NSEC3
: {
1948 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.algorithm
, NULL
);
1952 r
= dns_packet_read_uint8(p
, &rr
->nsec3
.flags
, NULL
);
1956 r
= dns_packet_read_uint16(p
, &rr
->nsec3
.iterations
, NULL
);
1960 /* this may be zero */
1961 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1965 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.salt
, &rr
->nsec3
.salt_size
, NULL
);
1969 r
= dns_packet_read_uint8(p
, &size
, NULL
);
1978 r
= dns_packet_read_memdup(p
, size
, &rr
->nsec3
.next_hashed_name
, &rr
->nsec3
.next_hashed_name_size
, NULL
);
1982 r
= dns_packet_read_type_windows(p
, &rr
->nsec3
.types
, offset
+ rdlength
- p
->rindex
, NULL
);
1986 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1991 case DNS_TYPE_OPT
: /* we only care about the header of OPT for now. */
1994 r
= dns_packet_read_memdup(p
, rdlength
, &rr
->generic
.data
, &rr
->generic
.size
, NULL
);
2001 if (p
->rindex
!= offset
+ rdlength
) {
2009 if (ret_cache_flush
)
2010 *ret_cache_flush
= cache_flush
;
2012 *start
= saved_rindex
;
2016 dns_packet_rewind(p
, saved_rindex
);
2020 int dns_packet_extract(DnsPacket
*p
) {
2021 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
2022 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
2023 size_t saved_rindex
;
2030 saved_rindex
= p
->rindex
;
2031 dns_packet_rewind(p
, DNS_PACKET_HEADER_SIZE
);
2033 n
= DNS_PACKET_QDCOUNT(p
);
2035 question
= dns_question_new(n
);
2041 for (i
= 0; i
< n
; i
++) {
2042 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
2045 r
= dns_packet_read_key(p
, &key
, &cache_flush
, NULL
);
2054 if (!dns_type_is_valid_query(key
->type
)) {
2059 r
= dns_question_add(question
, key
);
2065 n
= DNS_PACKET_RRCOUNT(p
);
2067 answer
= dns_answer_new(n
);
2073 for (i
= 0; i
< n
; i
++) {
2074 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
2077 r
= dns_packet_read_rr(p
, &rr
, &cache_flush
, NULL
);
2081 if (rr
->key
->type
== DNS_TYPE_OPT
) {
2083 if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr
->key
))) {
2088 /* Note that we accept the OPT RR in
2089 * any section, not just in the
2090 * additional section, as some routers
2091 * (Belkin!) blindly copy the OPT RR
2092 * from the query to the reply packet,
2093 * and don't get the section right. */
2101 p
->opt
= dns_resource_record_ref(rr
);
2104 /* According to RFC 4795, section
2105 * 2.9. only the RRs from the Answer
2106 * section shall be cached. Hence mark
2107 * only those RRs as cacheable by
2108 * default, but not the ones from the
2109 * Additional or Authority
2112 r
= dns_answer_add(answer
, rr
, p
->ifindex
,
2113 (i
< DNS_PACKET_ANCOUNT(p
) ? DNS_ANSWER_CACHEABLE
: 0) |
2114 (p
->protocol
== DNS_PROTOCOL_MDNS
&& !cache_flush
? DNS_ANSWER_SHARED_OWNER
: 0));
2121 p
->question
= question
;
2127 p
->extracted
= true;
2132 p
->rindex
= saved_rindex
;
2136 int dns_packet_is_reply_for(DnsPacket
*p
, const DnsResourceKey
*key
) {
2142 /* Checks if the specified packet is a reply for the specified
2143 * key and the specified key is the only one in the question
2146 if (DNS_PACKET_QR(p
) != 1)
2149 /* Let's unpack the packet, if that hasn't happened yet. */
2150 r
= dns_packet_extract(p
);
2154 if (p
->question
->n_keys
!= 1)
2157 return dns_resource_key_equal(p
->question
->keys
[0], key
);
2160 static const char* const dns_rcode_table
[_DNS_RCODE_MAX_DEFINED
] = {
2161 [DNS_RCODE_SUCCESS
] = "SUCCESS",
2162 [DNS_RCODE_FORMERR
] = "FORMERR",
2163 [DNS_RCODE_SERVFAIL
] = "SERVFAIL",
2164 [DNS_RCODE_NXDOMAIN
] = "NXDOMAIN",
2165 [DNS_RCODE_NOTIMP
] = "NOTIMP",
2166 [DNS_RCODE_REFUSED
] = "REFUSED",
2167 [DNS_RCODE_YXDOMAIN
] = "YXDOMAIN",
2168 [DNS_RCODE_YXRRSET
] = "YRRSET",
2169 [DNS_RCODE_NXRRSET
] = "NXRRSET",
2170 [DNS_RCODE_NOTAUTH
] = "NOTAUTH",
2171 [DNS_RCODE_NOTZONE
] = "NOTZONE",
2172 [DNS_RCODE_BADVERS
] = "BADVERS",
2173 [DNS_RCODE_BADKEY
] = "BADKEY",
2174 [DNS_RCODE_BADTIME
] = "BADTIME",
2175 [DNS_RCODE_BADMODE
] = "BADMODE",
2176 [DNS_RCODE_BADNAME
] = "BADNAME",
2177 [DNS_RCODE_BADALG
] = "BADALG",
2178 [DNS_RCODE_BADTRUNC
] = "BADTRUNC",
2180 DEFINE_STRING_TABLE_LOOKUP(dns_rcode
, int);
2182 static const char* const dns_protocol_table
[_DNS_PROTOCOL_MAX
] = {
2183 [DNS_PROTOCOL_DNS
] = "dns",
2184 [DNS_PROTOCOL_MDNS
] = "mdns",
2185 [DNS_PROTOCOL_LLMNR
] = "llmnr",
2187 DEFINE_STRING_TABLE_LOOKUP(dns_protocol
, DnsProtocol
);