|
static void | remove_rrset (const char *str, sldns_buffer *pkt, struct msg_parse *msg, struct rrset_parse *prev, struct rrset_parse **rrset) |
| remove rrset, update loop variables
|
|
static int | has_additional (uint16_t t) |
| return true if rr type has additional names in it
|
|
static int | get_additional_name (struct rrset_parse *rrset, struct rr_parse *rr, uint8_t **nm, size_t *nmlen, sldns_buffer *pkt) |
| get additional name from rrset RR, return false if no name present
|
|
static void | mark_additional_rrset (sldns_buffer *pkt, struct msg_parse *msg, struct rrset_parse *rrset) |
| Place mark on rrsets in additional section they are OK.
|
|
static int | parse_get_cname_target (struct rrset_parse *rrset, uint8_t **sname, size_t *snamelen, sldns_buffer *pkt) |
| Get target name of a CNAME.
|
|
static int | synth_cname (uint8_t *qname, size_t qnamelen, struct rrset_parse *dname_rrset, uint8_t *alias, size_t *aliaslen, sldns_buffer *pkt) |
| Synthesize CNAME from DNAME, false if too long.
|
|
static struct rrset_parse * | synth_cname_rrset (uint8_t **sname, size_t *snamelen, uint8_t *alias, size_t aliaslen, struct regional *region, struct msg_parse *msg, struct rrset_parse *rrset, struct rrset_parse *prev, struct rrset_parse *nx, sldns_buffer *pkt) |
| synthesize a CNAME rrset
|
|
static int | pkt_strict_sub (sldns_buffer *pkt, uint8_t *sname, uint8_t *dr) |
| check if DNAME applies to a name
|
|
static int | pkt_sub (sldns_buffer *pkt, uint8_t *comprname, uint8_t *zone) |
| check subdomain with decompression
|
|
static int | sub_of_pkt (sldns_buffer *pkt, uint8_t *zone, uint8_t *comprname) |
| check subdomain with decompression, compressed is parent
|
|
static int | soa_in_auth (struct msg_parse *msg) |
| Check if there are SOA records in the authority section (negative)
|
|
static int | scrub_normalize (sldns_buffer *pkt, struct msg_parse *msg, struct query_info *qinfo, struct regional *region) |
| This routine normalizes a response. More...
|
|
static void | store_rrset (sldns_buffer *pkt, struct msg_parse *msg, struct module_env *env, struct rrset_parse *rrset) |
| Store potential poison in the cache (only if hardening disabled). More...
|
|
static int | sanitize_nsec_is_overreach (sldns_buffer *pkt, struct rrset_parse *rrset, uint8_t *zonename) |
| Check if right hand name in NSEC is within zone. More...
|
|
static int | scrub_sanitize (sldns_buffer *pkt, struct msg_parse *msg, struct query_info *qinfo, uint8_t *zonename, struct module_env *env, struct iter_env *ie) |
| Given a response event, remove suspect RRsets from the response. More...
|
|
int | scrub_message (sldns_buffer *pkt, struct msg_parse *msg, struct query_info *qinfo, uint8_t *zonename, struct regional *region, struct module_env *env, struct iter_env *ie) |
| Cleanup the passed dns message. More...
|
|
This file has routine(s) for cleaning up incoming DNS messages from possible useless or malicious junk in it.
Given a response event, remove suspect RRsets from the response.
"Suspect" rrsets are potentially poison. Note that this routine expects the response to be in a "normalized" state – that is, all "irrelevant" RRsets have already been removed, CNAMEs are in order, etc.
- Parameters
-
pkt | packet. |
msg | msg to normalize. |
qinfo | the question originally asked. |
zonename | name of server zone. |
env | module environment with config and cache. |
ie | iterator environment with private address data. |
- Returns
- 0 on error.
References LDNS_RR_TYPE_DNAME, msg_parse::rrset_first, rrset_parse::section, and rrset_parse::type.