This file contains functions for base EDNS options. More...
#include "config.h"
#include "util/edns.h"
#include "util/config_file.h"
#include "util/netevent.h"
#include "util/net_help.h"
#include "util/regional.h"
#include "util/rfc_1982.h"
#include "util/siphash.h"
#include "util/data/msgparse.h"
#include "util/data/msgreply.h"
#include "sldns/sbuffer.h"
Functions | |
struct edns_strings * | edns_strings_create (void) |
Create structure to hold EDNS strings. More... | |
void | edns_strings_delete (struct edns_strings *edns_strings) |
Delete EDNS strings structure. More... | |
static int | edns_strings_client_insert (struct edns_strings *edns_strings, struct sockaddr_storage *addr, socklen_t addrlen, int net, const char *string) |
int | edns_strings_apply_cfg (struct edns_strings *edns_strings, struct config_file *config) |
Add configured EDNS strings. More... | |
struct edns_string_addr * | edns_string_addr_lookup (rbtree_type *tree, struct sockaddr_storage *addr, socklen_t addrlen) |
Find string for address. More... | |
uint8_t * | edns_cookie_server_hash (const uint8_t *in, const uint8_t *secret, int v4, uint8_t *hash) |
Compute the interoperable DNS cookie (RFC9018) hash. More... | |
void | edns_cookie_server_write (uint8_t *buf, const uint8_t *secret, int v4, uint32_t timestamp) |
Write an interoperable DNS server cookie (RFC9018). More... | |
enum edns_cookie_val_status | edns_cookie_server_validate (const uint8_t *cookie, size_t cookie_len, const uint8_t *secret, size_t secret_len, int v4, const uint8_t *hash_input, uint32_t now) |
Validate an interoperable DNS cookie (RFC9018). More... | |
This file contains functions for base EDNS options.
struct edns_strings* edns_strings_create | ( | void | ) |
Create structure to hold EDNS strings.
References edns_strings_delete(), edns_strings::region, and regional_create().
Referenced by ub_ctx_create_nopipe().
void edns_strings_delete | ( | struct edns_strings * | edns_strings | ) |
Delete EDNS strings structure.
edns_strings | struct to delete |
References edns_strings::region, and regional_destroy().
Referenced by daemon_delete(), edns_strings_create(), and ub_ctx_create().
int edns_strings_apply_cfg | ( | struct edns_strings * | edns_strings, |
struct config_file * | config | ||
) |
Add configured EDNS strings.
edns_strings | edns strings to apply config to |
config | struct containing EDNS strings configuration |
References addr_tree_init(), edns_strings::client_strings, config_file::edns_client_strings, log_assert, log_err(), netblockstrtoaddr(), config_str2list::next, edns_strings::region, regional_free_all(), config_str2list::str, and config_str2list::str2.
Referenced by context_finalize().
struct edns_string_addr* edns_string_addr_lookup | ( | rbtree_type * | tree, |
struct sockaddr_storage * | addr, | ||
socklen_t | addrlen | ||
) |
Find string for address.
tree | tree containing EDNS strings per address prefix. |
addr | address to use for tree lookup |
addrlen | length of address |
References addr_tree_lookup().
Referenced by outnet_serviced_query().
uint8_t* edns_cookie_server_hash | ( | const uint8_t * | in, |
const uint8_t * | secret, | ||
int | v4, | ||
uint8_t * | hash | ||
) |
Compute the interoperable DNS cookie (RFC9018) hash.
in | buffer input for the hash generation. It needs to be: Client Cookie | Version | Reserved | Timestamp | Client-IP |
secret | the server secret; implicit length of 16 octets. |
v4 | if the client IP is v4 or v6. |
hash | buffer to write the hash to. return a pointer to the hash. |
References siphash().
void edns_cookie_server_write | ( | uint8_t * | buf, |
const uint8_t * | secret, | ||
int | v4, | ||
uint32_t | timestamp | ||
) |
Write an interoperable DNS server cookie (RFC9018).
buf | buffer to write to. It should have a size of at least 32 octets as it doubles as the output buffer and the hash input buffer. The first 8 octets are expected to be the Client Cookie and will be left untouched. The next 8 octets will be written with Version | Reserved | Timestamp. The next 4 or 16 octets are expected to be the IPv4 or the IPv6 address based on the v4 flag. Thus the first 20 or 32 octets, based on the v4 flag, will be used as the hash input. The server hash (8 octets) will be written after the first 16 octets; overwriting the address information. The caller expects a complete, 24 octet long cookie in the buffer. |
secret | the server secret; implicit length of 16 octets. |
v4 | if the client IP is v4 or v6. |
timestamp | the timestamp to use. |
enum edns_cookie_val_status edns_cookie_server_validate | ( | const uint8_t * | cookie, |
size_t | cookie_len, | ||
const uint8_t * | secret, | ||
size_t | secret_len, | ||
int | v4, | ||
const uint8_t * | hash_input, | ||
uint32_t | now | ||
) |
Validate an interoperable DNS cookie (RFC9018).
cookie | pointer to the cookie data. |
cookie_len | the length of the cookie data. |
secret | pointer to the server secret. |
secret_len | the length of the secret. |
v4 | if the client IP is v4 or v6. |
hash_input | pointer to the hash input for validation. It needs to be: Client Cookie | Version | Reserved | Timestamp | Client-IP |
now | the current time. return edns_cookie_val_status with the cookie validation status i.e., <=0 for invalid, else valid. |