resolved: add packet header details for mDNS

Validate mDNS queries and responses by looking at some header fields,
add mDNS flags.

diff --git a/src/resolve/resolved-def.h b/src/resolve/resolved-def.h
index db5ee57b5115156d2e99ff2761fd8539538a0692..6014d345f3dff1c06df5493ad9415246185c26af 100644 (file)
--- a/src/resolve/resolved-def.h
+++ b/src/resolve/resolved-def.h
@@ -24,6 +24,8 @@
 #define SD_RESOLVED_DNS           (UINT64_C(1) << 0)
 #define SD_RESOLVED_LLMNR_IPV4    (UINT64_C(1) << 1)
 #define SD_RESOLVED_LLMNR_IPV6    (UINT64_C(1) << 2)
+#define SD_RESOLVED_MDNS_IPV4     (UINT64_C(1) << 3)
+#define SD_RESOLVED_MDNS_IPV6     (UINT64_C(1) << 4)
 #define SD_RESOLVED_NO_CNAME      (UINT64_C(1) << 5)
 #define SD_RESOLVED_NO_TXT        (UINT64_C(1) << 6)
 #define SD_RESOLVED_NO_ADDRESS    (UINT64_C(1) << 7)
@@ -31,4 +33,6 @@
 #define SD_RESOLVED_AUTHENTICATED (UINT64_C(1) << 9)
 
 #define SD_RESOLVED_LLMNR         (SD_RESOLVED_LLMNR_IPV4|SD_RESOLVED_LLMNR_IPV6)
-#define SD_RESOLVED_PROTOCOLS_ALL (SD_RESOLVED_LLMNR|SD_RESOLVED_DNS)
+#define SD_RESOLVED_MDNS          (SD_RESOLVED_MDNS_IPV4|SD_RESOLVED_MDNS_IPV6)
+
+#define SD_RESOLVED_PROTOCOLS_ALL (SD_RESOLVED_MDNS|SD_RESOLVED_LLMNR|SD_RESOLVED_DNS)

diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index ea776f7916dc71c568febd1ffe8e5c66a40270dd..3a4482a1b7bc8110f05b63594a9f4cb6d7ac6a70 100644 (file)
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -88,6 +88,16 @@ int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu, bool
                                                          0 /* ad */,
                                                          0 /* cd */,
                                                          0 /* rcode */));
+        else if (protocol == DNS_PROTOCOL_MDNS)
+                h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
+                                                         0 /* opcode */,
+                                                         0 /* aa */,
+                                                         0 /* tc */,
+                                                         0 /* rd (ask for recursion) */,
+                                                         0 /* ra */,
+                                                         0 /* ad */,
+                                                         0 /* cd */,
+                                                         0 /* rcode */));
         else
                 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
                                                          0 /* opcode */,
@@ -182,6 +192,13 @@ int dns_packet_validate_reply(DnsPacket *p) {
 
                 break;
 
+        case DNS_PROTOCOL_MDNS:
+                /* RFC 6762, Section 18 */
+                if (DNS_PACKET_RCODE(p) != 0)
+                        return -EBADMSG;
+
+                break;
+
         default:
                 break;
         }
@@ -223,6 +240,18 @@ int dns_packet_validate_query(DnsPacket *p) {
 
                 break;
 
+        case DNS_PROTOCOL_MDNS:
+                /* RFC 6762, Section 18 */
+                if (DNS_PACKET_AA(p)    != 0 ||
+                    DNS_PACKET_RD(p)    != 0 ||
+                    DNS_PACKET_RA(p)    != 0 ||
+                    DNS_PACKET_AD(p)    != 0 ||
+                    DNS_PACKET_CD(p)    != 0 ||
+                    DNS_PACKET_RCODE(p) != 0)
+                        return -EBADMSG;
+
+                break;
+
         default:
                 break;
         }

diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
index aa2823cfb9daecec941dfa4397dc6d2b490d2642..1d275f8110605a3a1b8bdc9a47cac2f16735d77e 100644 (file)
--- a/src/resolve/resolved-dns-packet.h
+++ b/src/resolve/resolved-dns-packet.h
@@ -239,6 +239,9 @@ static inline uint64_t SD_RESOLVED_FLAGS_MAKE(DnsProtocol protocol, int family,
         case DNS_PROTOCOL_LLMNR:
                 return f|(family == AF_INET6 ? SD_RESOLVED_LLMNR_IPV6 : SD_RESOLVED_LLMNR_IPV4);
 
+        case DNS_PROTOCOL_MDNS:
+                return family == AF_INET6 ? SD_RESOLVED_MDNS_IPV6 : SD_RESOLVED_MDNS_IPV4;
+
         default:
                 break;
         }

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 1103a34c6f66f3e07a151754e998ddb991241b69..f77931ed53a33286641c130aa235b79e70b9cc93 100644 (file)
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -384,6 +384,18 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
 
                 break;
 
+        case DNS_PROTOCOL_MDNS:
+                assert(t->scope->link);
+
+                /* For mDNS we will not accept any packets from other interfaces */
+                if (p->ifindex != t->scope->link->ifindex)
+                        return;
+
+                if (p->family != t->scope->family)
+                        return;
+
+                break;
+
         case DNS_PROTOCOL_DNS:
                 break;