edns.h File Reference

This file contains functions for base EDNS options. More...

#include "util/storage/dnstree.h"
#include "util/locks.h"

Data Structures

struct  edns_strings
 Structure containing all EDNS strings. More...
 
struct  edns_string_addr
 EDNS string. More...
 
struct  cookie_secret
 
struct  cookie_secrets
 The cookie secrets from the cookie-secret-file. More...
 

Macros

#define UNBOUND_COOKIE_HISTORY_SIZE   2
 
#define UNBOUND_COOKIE_SECRET_SIZE   16
 

Typedefs

typedef struct cookie_secret cookie_secret_type
 

Enumerations

enum  edns_cookie_val_status {
  COOKIE_STATUS_CLIENT_ONLY = -3 , COOKIE_STATUS_FUTURE = -2 , COOKIE_STATUS_EXPIRED = -1 , COOKIE_STATUS_INVALID = 0 ,
  COOKIE_STATUS_VALID = 1 , COOKIE_STATUS_VALID_RENEW = 2
}
 

Functions

struct edns_stringsedns_strings_create (void)
 Create structure to hold EDNS strings. More...
 
void edns_strings_delete (struct edns_strings *edns_strings)
 Delete EDNS strings structure. More...
 
int edns_strings_apply_cfg (struct edns_strings *edns_strings, struct config_file *config)
 Add configured EDNS strings. More...
 
struct edns_string_addredns_string_addr_lookup (rbtree_type *tree, struct sockaddr_storage *addr, socklen_t addrlen)
 Find string for address. More...
 
uint8_t * edns_cookie_server_hash (const uint8_t *in, const uint8_t *secret, int v4, uint8_t *hash)
 Compute the interoperable DNS cookie (RFC9018) hash. More...
 
void edns_cookie_server_write (uint8_t *buf, const uint8_t *secret, int v4, uint32_t timestamp)
 Write an interoperable DNS server cookie (RFC9018). More...
 
enum edns_cookie_val_status edns_cookie_server_validate (const uint8_t *cookie, size_t cookie_len, const uint8_t *secret, size_t secret_len, int v4, const uint8_t *hash_input, uint32_t now)
 Validate an interoperable DNS cookie (RFC9018). More...
 
struct cookie_secretscookie_secrets_create (void)
 Create the cookie secrets structure. More...
 
void cookie_secrets_delete (struct cookie_secrets *cookie_secrets)
 Delete the cookie secrets. More...
 
int cookie_secrets_apply_cfg (struct cookie_secrets *cookie_secrets, char *cookie_secret_file)
 Apply configuration to cookie secrets, read them from file. More...
 
enum edns_cookie_val_status cookie_secrets_server_validate (const uint8_t *cookie, size_t cookie_len, struct cookie_secrets *cookie_secrets, int v4, const uint8_t *hash_input, uint32_t now)
 Validate the cookie secrets, try all of them. More...
 
void add_cookie_secret (struct cookie_secrets *cookie_secrets, uint8_t *secret, size_t secret_len)
 Add a cookie secret. More...
 
void activate_cookie_secret (struct cookie_secrets *cookie_secrets)
 Makes the staging cookie secret active and the active secret staging. More...
 
void drop_cookie_secret (struct cookie_secrets *cookie_secrets)
 Drop a cookie secret. More...
 

Detailed Description

This file contains functions for base EDNS options.

Function Documentation

◆ edns_strings_create()

struct edns_strings* edns_strings_create ( void  )

Create structure to hold EDNS strings.

Returns
: newly created edns_strings, NULL on alloc failure.

References edns_strings_delete(), edns_strings::region, and regional_create().

Referenced by ub_ctx_create_nopipe().

◆ edns_strings_delete()

void edns_strings_delete ( struct edns_strings edns_strings)

Delete EDNS strings structure.

Parameters
edns_stringsstruct to delete

References edns_strings::region, and regional_destroy().

Referenced by daemon_delete(), edns_strings_create(), and ub_ctx_create().

◆ edns_strings_apply_cfg()

int edns_strings_apply_cfg ( struct edns_strings edns_strings,
struct config_file config 
)

Add configured EDNS strings.

Parameters
edns_stringsedns strings to apply config to
configstruct containing EDNS strings configuration
Returns
0 on error

References addr_tree_init(), edns_strings::client_strings, config_file::edns_client_strings, log_assert, log_err(), netblockstrtoaddr(), config_str2list::next, edns_strings::region, regional_free_all(), config_str2list::str, and config_str2list::str2.

Referenced by context_finalize().

◆ edns_string_addr_lookup()

struct edns_string_addr* edns_string_addr_lookup ( rbtree_type tree,
struct sockaddr_storage *  addr,
socklen_t  addrlen 
)

Find string for address.

Parameters
treetree containing EDNS strings per address prefix.
addraddress to use for tree lookup
addrlenlength of address
Returns
: matching tree node, NULL otherwise

References addr_tree_lookup().

Referenced by outnet_serviced_query().

◆ edns_cookie_server_hash()

uint8_t* edns_cookie_server_hash ( const uint8_t *  in,
const uint8_t *  secret,
int  v4,
uint8_t *  hash 
)

Compute the interoperable DNS cookie (RFC9018) hash.

Parameters
inbuffer input for the hash generation. It needs to be: Client Cookie | Version | Reserved | Timestamp | Client-IP
secretthe server secret; implicit length of 16 octets.
v4if the client IP is v4 or v6.
hashbuffer to write the hash to. return a pointer to the hash.

References siphash().

◆ edns_cookie_server_write()

void edns_cookie_server_write ( uint8_t *  buf,
const uint8_t *  secret,
int  v4,
uint32_t  timestamp 
)

Write an interoperable DNS server cookie (RFC9018).

Parameters
bufbuffer to write to. It should have a size of at least 32 octets as it doubles as the output buffer and the hash input buffer. The first 8 octets are expected to be the Client Cookie and will be left untouched. The next 8 octets will be written with Version | Reserved | Timestamp. The next 4 or 16 octets are expected to be the IPv4 or the IPv6 address based on the v4 flag. Thus the first 20 or 32 octets, based on the v4 flag, will be used as the hash input. The server hash (8 octets) will be written after the first 16 octets; overwriting the address information. The caller expects a complete, 24 octet long cookie in the buffer.
secretthe server secret; implicit length of 16 octets.
v4if the client IP is v4 or v6.
timestampthe timestamp to use.

◆ edns_cookie_server_validate()

enum edns_cookie_val_status edns_cookie_server_validate ( const uint8_t *  cookie,
size_t  cookie_len,
const uint8_t *  secret,
size_t  secret_len,
int  v4,
const uint8_t *  hash_input,
uint32_t  now 
)

Validate an interoperable DNS cookie (RFC9018).

Parameters
cookiepointer to the cookie data.
cookie_lenthe length of the cookie data.
secretpointer to the server secret.
secret_lenthe length of the secret.
v4if the client IP is v4 or v6.
hash_inputpointer to the hash input for validation. It needs to be: Client Cookie | Version | Reserved | Timestamp | Client-IP
nowthe current time. return edns_cookie_val_status with the cookie validation status i.e., <=0 for invalid, else valid.

◆ cookie_secrets_create()

struct cookie_secrets* cookie_secrets_create ( void  )

Create the cookie secrets structure.

Returns
the structure or NULL on failure.

References cookie_secrets::cookie_count, and cookie_secrets::lock.

◆ cookie_secrets_delete()

void cookie_secrets_delete ( struct cookie_secrets cookie_secrets)

Delete the cookie secrets.

Parameters
cookie_secretsthe cookie secrets.

References cookie_secrets::lock.

Referenced by daemon_delete().

◆ cookie_secrets_apply_cfg()

int cookie_secrets_apply_cfg ( struct cookie_secrets cookie_secrets,
char *  cookie_secret_file 
)

Apply configuration to cookie secrets, read them from file.

Parameters
cookie_secretsthe cookie secrets structure.
cookie_secret_filethe file name, it is read.
Returns
false on failure.

References cookie_secret_file_read(), and log_err().

◆ cookie_secrets_server_validate()

enum edns_cookie_val_status cookie_secrets_server_validate ( const uint8_t *  cookie,
size_t  cookie_len,
struct cookie_secrets cookie_secrets,
int  v4,
const uint8_t *  hash_input,
uint32_t  now 
)

Validate the cookie secrets, try all of them.

Parameters
cookiepointer to the cookie data.
cookie_lenthe length of the cookie data.
cookie_secretsstruct of cookie secrets.
v4if the client IP is v4 or v6.
hash_inputpointer to the hash input for validation. It needs to be: Client Cookie | Version | Reserved | Timestamp | Client-IP
nowthe current time. return edns_cookie_val_status with the cookie validation status i.e., <=0 for invalid, else valid.

◆ add_cookie_secret()

void add_cookie_secret ( struct cookie_secrets cookie_secrets,
uint8_t *  secret,
size_t  secret_len 
)

Add a cookie secret.

If there are no secrets yet, the secret will become the active secret. Otherwise it will become the staging secret. Active secrets are used to both verify and create new DNS Cookies. Staging secrets are only used to verify DNS Cookies. Caller has to lock.

References log_assert.

◆ activate_cookie_secret()

void activate_cookie_secret ( struct cookie_secrets cookie_secrets)

Makes the staging cookie secret active and the active secret staging.

Caller has to lock.

Referenced by do_activate_cookie_secret().

◆ drop_cookie_secret()

void drop_cookie_secret ( struct cookie_secrets cookie_secrets)

Drop a cookie secret.

Drops the staging secret. An active secret will not be dropped. Caller has to lock.

References cookie_secrets::cookie_count, and cookie_secret::cookie_secret.

Referenced by do_drop_cookie_secret().