This file contains functions for base EDNS options. More...

#include "config.h"
#include "util/edns.h"
#include "util/config_file.h"
#include "util/netevent.h"
#include "util/net_help.h"
#include "util/regional.h"
#include "util/rfc_1982.h"
#include "util/siphash.h"
#include "util/data/msgparse.h"
#include "util/data/msgreply.h"
#include "sldns/sbuffer.h"

Functions
struct edns_strings *	edns_strings_create (void)
	Create structure to hold EDNS strings. More...

void	edns_strings_delete (struct edns_strings *edns_strings)
	Delete EDNS strings structure. More...

static int	edns_strings_client_insert (struct edns_strings edns_strings, struct sockaddr_storage addr, socklen_t addrlen, int net, const char *string)

int	edns_strings_apply_cfg (struct edns_strings edns_strings, struct config_file config)
	Add configured EDNS strings. More...

struct edns_string_addr *	edns_string_addr_lookup (rbtree_type tree, struct sockaddr_storage addr, socklen_t addrlen)
	Find string for address. More...

uint8_t *	edns_cookie_server_hash (const uint8_t in, const uint8_t secret, int v4, uint8_t *hash)
	Compute the interoperable DNS cookie (RFC9018) hash. More...

void	edns_cookie_server_write (uint8_t buf, const uint8_t secret, int v4, uint32_t timestamp)
	Write an interoperable DNS server cookie (RFC9018). More...

enum edns_cookie_val_status	edns_cookie_server_validate (const uint8_t cookie, size_t cookie_len, const uint8_t secret, size_t secret_len, int v4, const uint8_t *hash_input, uint32_t now)
	Validate an interoperable DNS cookie (RFC9018). More...

struct cookie_secrets *	cookie_secrets_create (void)
	Create the cookie secrets structure. More...

void	cookie_secrets_delete (struct cookie_secrets *cookie_secrets)
	Delete the cookie secrets. More...

static int	cookie_secret_file_read (struct cookie_secrets cookie_secrets, char cookie_secret_file)
	Read the cookie secret file.

int	cookie_secrets_apply_cfg (struct cookie_secrets cookie_secrets, char cookie_secret_file)
	Apply configuration to cookie secrets, read them from file. More...

enum edns_cookie_val_status	cookie_secrets_server_validate (const uint8_t cookie, size_t cookie_len, struct cookie_secrets cookie_secrets, int v4, const uint8_t *hash_input, uint32_t now)
	Validate the cookie secrets, try all of them. More...

void	add_cookie_secret (struct cookie_secrets cookie_secrets, uint8_t secret, size_t secret_len)
	Add a cookie secret. More...

void	activate_cookie_secret (struct cookie_secrets *cookie_secrets)
	Makes the staging cookie secret active and the active secret staging. More...

void	drop_cookie_secret (struct cookie_secrets *cookie_secrets)
	Drop a cookie secret. More...

Detailed Description

This file contains functions for base EDNS options.

Function Documentation

◆ edns_strings_create()

struct edns_strings* edns_strings_create ( void )

Create structure to hold EDNS strings.

Returns: : newly created edns_strings, NULL on alloc failure.

References edns_strings_delete(), edns_strings::region, and regional_create().

Referenced by ub_ctx_create_nopipe().

◆ edns_strings_delete()

void edns_strings_delete ( struct edns_strings * edns_strings )

Delete EDNS strings structure.

Parameters

edns_strings struct to delete

References edns_strings::region, and regional_destroy().

Referenced by daemon_delete(), edns_strings_create(), and ub_ctx_create().

◆ edns_strings_apply_cfg()

int edns_strings_apply_cfg	(	struct edns_strings *	edns_strings,
		struct config_file *	config
	)

Add configured EDNS strings.

Parameters

edns_strings	edns strings to apply config to
config	struct containing EDNS strings configuration

Returns: 0 on error

References addr_tree_init(), edns_strings::client_strings, config_file::edns_client_strings, log_assert, log_err(), netblockstrtoaddr(), config_str2list::next, edns_strings::region, regional_free_all(), config_str2list::str, and config_str2list::str2.

Referenced by context_finalize().

◆ edns_string_addr_lookup()

struct edns_string_addr* edns_string_addr_lookup	(	rbtree_type *	tree,
		struct sockaddr_storage *	addr,
		socklen_t	addrlen
	)

Find string for address.

Parameters

tree	tree containing EDNS strings per address prefix.
addr	address to use for tree lookup
addrlen	length of address

Returns: : matching tree node, NULL otherwise

References addr_tree_lookup().

Referenced by outnet_serviced_query().

◆ edns_cookie_server_hash()

uint8_t* edns_cookie_server_hash	(	const uint8_t *	in,
		const uint8_t *	secret,
		int	v4,
		uint8_t *	hash
	)

Compute the interoperable DNS cookie (RFC9018) hash.

Parameters

in	buffer input for the hash generation. It needs to be: Client Cookie \| Version \| Reserved \| Timestamp \| Client-IP
secret	the server secret; implicit length of 16 octets.
v4	if the client IP is v4 or v6.
hash	buffer to write the hash to. return a pointer to the hash.

References siphash().

◆ edns_cookie_server_write()

void edns_cookie_server_write	(	uint8_t *	buf,
		const uint8_t *	secret,
		int	v4,
		uint32_t	timestamp
	)

Write an interoperable DNS server cookie (RFC9018).

Parameters

buf	buffer to write to. It should have a size of at least 32 octets as it doubles as the output buffer and the hash input buffer. The first 8 octets are expected to be the Client Cookie and will be left untouched. The next 8 octets will be written with Version \| Reserved \| Timestamp. The next 4 or 16 octets are expected to be the IPv4 or the IPv6 address based on the v4 flag. Thus the first 20 or 32 octets, based on the v4 flag, will be used as the hash input. The server hash (8 octets) will be written after the first 16 octets; overwriting the address information. The caller expects a complete, 24 octet long cookie in the buffer.
secret	the server secret; implicit length of 16 octets.
v4	if the client IP is v4 or v6.
timestamp	the timestamp to use.

◆ edns_cookie_server_validate()

enum edns_cookie_val_status edns_cookie_server_validate	(	const uint8_t *	cookie,
		size_t	cookie_len,
		const uint8_t *	secret,
		size_t	secret_len,
		int	v4,
		const uint8_t *	hash_input,
		uint32_t	now
	)

Validate an interoperable DNS cookie (RFC9018).

Parameters

cookie	pointer to the cookie data.
cookie_len	the length of the cookie data.
secret	pointer to the server secret.
secret_len	the length of the secret.
v4	if the client IP is v4 or v6.
hash_input	pointer to the hash input for validation. It needs to be: Client Cookie \| Version \| Reserved \| Timestamp \| Client-IP
now	the current time. return edns_cookie_val_status with the cookie validation status i.e., <=0 for invalid, else valid.

◆ cookie_secrets_create()

struct cookie_secrets* cookie_secrets_create ( void )

Create the cookie secrets structure.

Returns: the structure or NULL on failure.

References cookie_secrets::cookie_count, and cookie_secrets::lock.

◆ cookie_secrets_delete()

void cookie_secrets_delete ( struct cookie_secrets * cookie_secrets )

Delete the cookie secrets.

Parameters

cookie_secrets the cookie secrets.

References cookie_secrets::lock.

Referenced by daemon_delete().

◆ cookie_secrets_apply_cfg()

int cookie_secrets_apply_cfg	(	struct cookie_secrets *	cookie_secrets,
		char *	cookie_secret_file
	)

Apply configuration to cookie secrets, read them from file.

Parameters

cookie_secrets	the cookie secrets structure.
cookie_secret_file	the file name, it is read.

Returns: false on failure.

References cookie_secret_file_read(), and log_err().

◆ cookie_secrets_server_validate()

enum edns_cookie_val_status cookie_secrets_server_validate	(	const uint8_t *	cookie,
		size_t	cookie_len,
		struct cookie_secrets *	cookie_secrets,
		int	v4,
		const uint8_t *	hash_input,
		uint32_t	now
	)

Validate the cookie secrets, try all of them.

Parameters

cookie	pointer to the cookie data.
cookie_len	the length of the cookie data.
cookie_secrets	struct of cookie secrets.
v4	if the client IP is v4 or v6.
hash_input	pointer to the hash input for validation. It needs to be: Client Cookie \| Version \| Reserved \| Timestamp \| Client-IP
now	the current time. return edns_cookie_val_status with the cookie validation status i.e., <=0 for invalid, else valid.

◆ add_cookie_secret()

void add_cookie_secret	(	struct cookie_secrets *	cookie_secrets,
		uint8_t *	secret,
		size_t	secret_len
	)

Add a cookie secret.

If there are no secrets yet, the secret will become the active secret. Otherwise it will become the staging secret. Active secrets are used to both verify and create new DNS Cookies. Staging secrets are only used to verify DNS Cookies. Caller has to lock.

References log_assert.

◆ activate_cookie_secret()

void activate_cookie_secret ( struct cookie_secrets * cookie_secrets )

Makes the staging cookie secret active and the active secret staging.

Caller has to lock.

Referenced by do_activate_cookie_secret().

◆ drop_cookie_secret()

void drop_cookie_secret ( struct cookie_secrets * cookie_secrets )

Drop a cookie secret.

Drops the staging secret. An active secret will not be dropped. Caller has to lock.

References cookie_secrets::cookie_count, and cookie_secret::cookie_secret.

Referenced by do_drop_cookie_secret().

Functions

Detailed Description

Function Documentation

◆ edns_strings_create()

◆ edns_strings_delete()

◆ edns_strings_apply_cfg()

◆ edns_string_addr_lookup()

◆ edns_cookie_server_hash()

◆ edns_cookie_server_write()

◆ edns_cookie_server_validate()

◆ cookie_secrets_create()

◆ cookie_secrets_delete()

◆ cookie_secrets_apply_cfg()

◆ cookie_secrets_server_validate()

◆ add_cookie_secret()

◆ activate_cookie_secret()

◆ drop_cookie_secret()