]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-rr.h
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #11827 from keszybz/pkgconfig-variables
[thirdparty/systemd.git] / src / resolve / resolved-dns-rr.h
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 #pragma once
3
4 #include <netinet/in.h>
5
6 #include "bitmap.h"
7 #include "dns-type.h"
8 #include "hashmap.h"
9 #include "in-addr-util.h"
10 #include "list.h"
11 #include "string-util.h"
12
13 typedef struct DnsResourceKey DnsResourceKey;
14 typedef struct DnsResourceRecord DnsResourceRecord;
15 typedef struct DnsTxtItem DnsTxtItem;
16
17 /* DNSKEY RR flags */
18 #define DNSKEY_FLAG_SEP (UINT16_C(1) << 0)
19 #define DNSKEY_FLAG_REVOKE (UINT16_C(1) << 7)
20 #define DNSKEY_FLAG_ZONE_KEY (UINT16_C(1) << 8)
21
22 /* mDNS RR flags */
23 #define MDNS_RR_CACHE_FLUSH (UINT16_C(1) << 15)
24
25 /* DNSSEC algorithm identifiers, see
26 * http://tools.ietf.org/html/rfc4034#appendix-A.1 and
27 * https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
28 enum {
29 DNSSEC_ALGORITHM_RSAMD5 = 1,
30 DNSSEC_ALGORITHM_DH,
31 DNSSEC_ALGORITHM_DSA,
32 DNSSEC_ALGORITHM_ECC,
33 DNSSEC_ALGORITHM_RSASHA1,
34 DNSSEC_ALGORITHM_DSA_NSEC3_SHA1,
35 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
36 DNSSEC_ALGORITHM_RSASHA256 = 8, /* RFC 5702 */
37 DNSSEC_ALGORITHM_RSASHA512 = 10, /* RFC 5702 */
38 DNSSEC_ALGORITHM_ECC_GOST = 12, /* RFC 5933 */
39 DNSSEC_ALGORITHM_ECDSAP256SHA256 = 13, /* RFC 6605 */
40 DNSSEC_ALGORITHM_ECDSAP384SHA384 = 14, /* RFC 6605 */
41 DNSSEC_ALGORITHM_ED25519 = 15, /* RFC 8080 */
42 DNSSEC_ALGORITHM_ED448 = 16, /* RFC 8080 */
43 DNSSEC_ALGORITHM_INDIRECT = 252,
44 DNSSEC_ALGORITHM_PRIVATEDNS,
45 DNSSEC_ALGORITHM_PRIVATEOID,
46 _DNSSEC_ALGORITHM_MAX_DEFINED
47 };
48
49 /* DNSSEC digest identifiers, see
50 * https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
51 enum {
52 DNSSEC_DIGEST_SHA1 = 1,
53 DNSSEC_DIGEST_SHA256 = 2, /* RFC 4509 */
54 DNSSEC_DIGEST_GOST_R_34_11_94 = 3, /* RFC 5933 */
55 DNSSEC_DIGEST_SHA384 = 4, /* RFC 6605 */
56 _DNSSEC_DIGEST_MAX_DEFINED
57 };
58
59 /* DNSSEC NSEC3 hash algorithms, see
60 * https://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml */
61 enum {
62 NSEC3_ALGORITHM_SHA1 = 1,
63 _NSEC3_ALGORITHM_MAX_DEFINED
64 };
65
66 struct DnsResourceKey {
67 unsigned n_ref; /* (unsigned -1) for const keys, see below */
68 uint16_t class, type;
69 char *_name; /* don't access directly, use dns_resource_key_name()! */
70 };
71
72 /* Creates a temporary resource key. This is only useful to quickly
73 * look up something, without allocating a full DnsResourceKey object
74 * for it. Note that it is not OK to take references to this kind of
75 * resource key object. */
76 #define DNS_RESOURCE_KEY_CONST(c, t, n) \
77 ((DnsResourceKey) { \
78 .n_ref = (unsigned) -1, \
79 .class = c, \
80 .type = t, \
81 ._name = (char*) n, \
82 })
83
84 struct DnsTxtItem {
85 size_t length;
86 LIST_FIELDS(DnsTxtItem, items);
87 uint8_t data[];
88 };
89
90 struct DnsResourceRecord {
91 unsigned n_ref;
92 DnsResourceKey *key;
93
94 char *to_string;
95
96 uint32_t ttl;
97 usec_t expiry; /* RRSIG signature expiry */
98
99 /* How many labels to strip to determine "signer" of the RRSIG (aka, the zone). -1 if not signed. */
100 unsigned n_skip_labels_signer;
101 /* How many labels to strip to determine "synthesizing source" of this RR, i.e. the wildcard's immediate parent. -1 if not signed. */
102 unsigned n_skip_labels_source;
103
104 bool unparseable:1;
105
106 bool wire_format_canonical:1;
107 void *wire_format;
108 size_t wire_format_size;
109 size_t wire_format_rdata_offset;
110
111 union {
112 struct {
113 void *data;
114 size_t data_size;
115 } generic, opt;
116
117 struct {
118 uint16_t priority;
119 uint16_t weight;
120 uint16_t port;
121 char *name;
122 } srv;
123
124 struct {
125 char *name;
126 } ptr, ns, cname, dname;
127
128 struct {
129 char *cpu;
130 char *os;
131 } hinfo;
132
133 struct {
134 DnsTxtItem *items;
135 } txt, spf;
136
137 struct {
138 struct in_addr in_addr;
139 } a;
140
141 struct {
142 struct in6_addr in6_addr;
143 } aaaa;
144
145 struct {
146 char *mname;
147 char *rname;
148 uint32_t serial;
149 uint32_t refresh;
150 uint32_t retry;
151 uint32_t expire;
152 uint32_t minimum;
153 } soa;
154
155 struct {
156 uint16_t priority;
157 char *exchange;
158 } mx;
159
160 /* https://tools.ietf.org/html/rfc1876 */
161 struct {
162 uint8_t version;
163 uint8_t size;
164 uint8_t horiz_pre;
165 uint8_t vert_pre;
166 uint32_t latitude;
167 uint32_t longitude;
168 uint32_t altitude;
169 } loc;
170
171 /* https://tools.ietf.org/html/rfc4255#section-3.1 */
172 struct {
173 uint8_t algorithm;
174 uint8_t fptype;
175 void *fingerprint;
176 size_t fingerprint_size;
177 } sshfp;
178
179 /* http://tools.ietf.org/html/rfc4034#section-2.1 */
180 struct {
181 uint16_t flags;
182 uint8_t protocol;
183 uint8_t algorithm;
184 void* key;
185 size_t key_size;
186 } dnskey;
187
188 /* http://tools.ietf.org/html/rfc4034#section-3.1 */
189 struct {
190 uint16_t type_covered;
191 uint8_t algorithm;
192 uint8_t labels;
193 uint32_t original_ttl;
194 uint32_t expiration;
195 uint32_t inception;
196 uint16_t key_tag;
197 char *signer;
198 void *signature;
199 size_t signature_size;
200 } rrsig;
201
202 /* https://tools.ietf.org/html/rfc4034#section-4.1 */
203 struct {
204 char *next_domain_name;
205 Bitmap *types;
206 } nsec;
207
208 /* https://tools.ietf.org/html/rfc4034#section-5.1 */
209 struct {
210 uint16_t key_tag;
211 uint8_t algorithm;
212 uint8_t digest_type;
213 void *digest;
214 size_t digest_size;
215 } ds;
216
217 struct {
218 uint8_t algorithm;
219 uint8_t flags;
220 uint16_t iterations;
221 void *salt;
222 size_t salt_size;
223 void *next_hashed_name;
224 size_t next_hashed_name_size;
225 Bitmap *types;
226 } nsec3;
227
228 /* https://tools.ietf.org/html/draft-ietf-dane-protocol-23 */
229 struct {
230 uint8_t cert_usage;
231 uint8_t selector;
232 uint8_t matching_type;
233 void *data;
234 size_t data_size;
235 } tlsa;
236
237 /* https://tools.ietf.org/html/rfc6844 */
238 struct {
239 uint8_t flags;
240 char *tag;
241 void *value;
242 size_t value_size;
243 } caa;
244 };
245 };
246
247 static inline const void* DNS_RESOURCE_RECORD_RDATA(const DnsResourceRecord *rr) {
248 if (!rr)
249 return NULL;
250
251 if (!rr->wire_format)
252 return NULL;
253
254 assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
255 return (uint8_t*) rr->wire_format + rr->wire_format_rdata_offset;
256 }
257
258 static inline size_t DNS_RESOURCE_RECORD_RDATA_SIZE(const DnsResourceRecord *rr) {
259 if (!rr)
260 return 0;
261 if (!rr->wire_format)
262 return 0;
263
264 assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
265 return rr->wire_format_size - rr->wire_format_rdata_offset;
266 }
267
268 static inline uint8_t DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(const DnsResourceRecord *rr) {
269 assert(rr);
270 assert(rr->key->type == DNS_TYPE_OPT);
271
272 return ((rr->ttl >> 16) & 0xFF) == 0;
273 }
274
275 DnsResourceKey* dns_resource_key_new(uint16_t class, uint16_t type, const char *name);
276 DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const DnsResourceRecord *cname);
277 int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key, char *name);
278 DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name);
279 DnsResourceKey* dns_resource_key_ref(DnsResourceKey *key);
280 DnsResourceKey* dns_resource_key_unref(DnsResourceKey *key);
281 const char* dns_resource_key_name(const DnsResourceKey *key);
282 bool dns_resource_key_is_address(const DnsResourceKey *key);
283 bool dns_resource_key_is_dnssd_ptr(const DnsResourceKey *key);
284 int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b);
285 int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain);
286 int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsResourceKey *cname, const char *search_domain);
287 int dns_resource_key_match_soa(const DnsResourceKey *key, const DnsResourceKey *soa);
288
289 /* _DNS_{CLASS,TYPE}_STRING_MAX include one byte for NUL, which we use for space instead below.
290 * DNS_HOSTNAME_MAX does not include the NUL byte, so we need to add 1. */
291 #define DNS_RESOURCE_KEY_STRING_MAX (_DNS_CLASS_STRING_MAX + _DNS_TYPE_STRING_MAX + DNS_HOSTNAME_MAX + 1)
292
293 char* dns_resource_key_to_string(const DnsResourceKey *key, char *buf, size_t buf_size);
294 ssize_t dns_resource_record_payload(DnsResourceRecord *rr, void **out);
295
296 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceKey*, dns_resource_key_unref);
297
298 static inline bool dns_key_is_shared(const DnsResourceKey *key) {
299 return IN_SET(key->type, DNS_TYPE_PTR);
300 }
301
302 bool dns_resource_key_reduce(DnsResourceKey **a, DnsResourceKey **b);
303
304 DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key);
305 DnsResourceRecord* dns_resource_record_new_full(uint16_t class, uint16_t type, const char *name);
306 DnsResourceRecord* dns_resource_record_ref(DnsResourceRecord *rr);
307 DnsResourceRecord* dns_resource_record_unref(DnsResourceRecord *rr);
308 int dns_resource_record_new_reverse(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name);
309 int dns_resource_record_new_address(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name);
310 int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecord *b);
311 const char* dns_resource_record_to_string(DnsResourceRecord *rr);
312 DnsResourceRecord *dns_resource_record_copy(DnsResourceRecord *rr);
313 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceRecord*, dns_resource_record_unref);
314
315 int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical);
316
317 int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret);
318 int dns_resource_record_source(DnsResourceRecord *rr, const char **ret);
319 int dns_resource_record_is_signer(DnsResourceRecord *rr, const char *zone);
320 int dns_resource_record_is_synthetic(DnsResourceRecord *rr);
321
322 int dns_resource_record_clamp_ttl(DnsResourceRecord **rr, uint32_t max_ttl);
323
324 DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i);
325 bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b);
326 DnsTxtItem *dns_txt_item_copy(DnsTxtItem *i);
327 int dns_txt_item_new_empty(DnsTxtItem **ret);
328
329 void dns_resource_record_hash_func(const DnsResourceRecord *i, struct siphash *state);
330
331 extern const struct hash_ops dns_resource_key_hash_ops;
332 extern const struct hash_ops dns_resource_record_hash_ops;
333
334 int dnssec_algorithm_to_string_alloc(int i, char **ret);
335 int dnssec_algorithm_from_string(const char *s) _pure_;
336
337 int dnssec_digest_to_string_alloc(int i, char **ret);
338 int dnssec_digest_from_string(const char *s) _pure_;
Unnamed repository; edit this file 'description' to name the repository.