search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add some logging
[ghsmtp.git] / DNS-message.cpp
blobabc4d6165b23731d3a2ea93e47d290c267f60032
1 #include "DNS-message.hpp"
2
3 #include "DNS-iostream.hpp"
4 #include "Domain.hpp"
5
6 #include <arpa/nameser.h>
7
8 namespace {
9 using octet = DNS::message::octet;
10
11 octet constexpr lo(uint16_t n) { return octet(n & 0xFF); }
12 octet constexpr hi(uint16_t n) { return octet((n >> 8) & 0xFF); }
13
14 constexpr uint16_t as_u16(octet hi, octet lo)
15 {
16 return (uint16_t(hi) << 8) + lo;
17 }
18
19 /*
20 1 1 1 1 1 1
21 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
22 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
23 | ID |
24 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
25 |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE |
26 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
27 | QDCOUNT |
28 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
29 | ANCOUNT |
30 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
31 | NSCOUNT |
32 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
33 | ARCOUNT |
34 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
35
36 */
37
38 class header {
39 octet id_hi_;
40 octet id_lo_;
41
42 octet flags_0_{1}; // recursion desired
43 octet flags_1_{0};
44
45 octet qdcount_hi_{0};
46 octet qdcount_lo_{1}; // 1 question
47
48 octet ancount_hi_{0};
49 octet ancount_lo_{0};
50
51 octet nscount_hi_{0};
52 octet nscount_lo_{0};
53
54 octet arcount_hi_{0};
55 octet arcount_lo_{1}; // 1 additional for the OPT
56
57 public:
58 explicit header(uint16_t id)
59 : id_hi_(hi(id))
60 , id_lo_(lo(id))
61 {
62 static_assert(sizeof(header) == 12);
63 }
64
65 uint16_t id() const { return as_u16(id_hi_, id_lo_); }
66
67 uint16_t qdcount() const { return as_u16(qdcount_hi_, qdcount_lo_); }
68 uint16_t ancount() const { return as_u16(ancount_hi_, ancount_lo_); }
69 uint16_t nscount() const { return as_u16(nscount_hi_, nscount_lo_); }
70 uint16_t arcount() const { return as_u16(arcount_hi_, arcount_lo_); }
71
72 // clang-format off
73 bool truncation() const { return (flags_0_ & 0x02) != 0; }
74
75 bool checking_disabled() const { return (flags_1_ & 0x10) != 0; }
76 bool authentic_data() const { return (flags_1_ & 0x20) != 0; }
77 bool recursion_available() const { return (flags_1_ & 0x80) != 0; }
78 // clang-format on
79
80 uint16_t rcode() const { return flags_1_ & 0xf; }
81 };
82
83 class question {
84 octet qtype_hi_;
85 octet qtype_lo_;
86
87 octet qclass_hi_;
88 octet qclass_lo_;
89
90 public:
91 explicit question(DNS::RR_type qtype, uint16_t qclass)
92 : qtype_hi_(hi(static_cast<uint16_t>(qtype)))
93 , qtype_lo_(lo(static_cast<uint16_t>(qtype)))
94 , qclass_hi_(hi(qclass))
95 , qclass_lo_(lo(qclass))
96 {
97 static_assert(sizeof(question) == 4);
98 }
99
100 DNS::RR_type qtype() const
101 {
102 return static_cast<DNS::RR_type>(as_u16(qtype_hi_, qtype_lo_));
103 }
104 uint16_t qclass() const { return as_u16(qclass_hi_, qclass_lo_); }
105 };
106
107 /*
108
109 <https://tools.ietf.org/html/rfc6891#section-6.1.2>
110
111 +------------+--------------+------------------------------+
112 | Field Name | Field Type | Description |
113 +------------+--------------+------------------------------+
114 | NAME | domain name | MUST be 0 (root domain) |
115 | TYPE | u_int16_t | OPT (41) |
116 | CLASS | u_int16_t | requestor's UDP payload size |
117 | TTL | u_int32_t | extended RCODE and flags |
118 | RDLEN | u_int16_t | length of all RDATA |
119 | RDATA | octet stream | {attribute,value} pairs |
120 +------------+--------------+------------------------------+
121
122 <https://tools.ietf.org/html/rfc3225>
123
124 3. Protocol Changes, in place of TTL
125
126 +0 (MSB) +1 (LSB)
127 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
128 0: | EXTENDED-RCODE | VERSION |
129 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
130 2: |DO| Z |
131 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
132
133 */
134
135 class edns0_opt_meta_rr {
136 octet root_domain_name_{0}; // must be zero
137
138 octet type_hi_{0};
139 octet type_lo_{ns_t_opt};
140
141 octet class_hi_; // UDP payload size
142 octet class_lo_;
143
144 octet extended_rcode_{0};
145 octet version_{0};
146
147 octet z_hi_{0x80}; // "DNSSEC OK" (DO) bit
148 octet z_lo_{0};
149
150 octet rdlen_hi_{0};
151 octet rdlen_lo_{0};
152
153 public:
154 explicit edns0_opt_meta_rr(uint16_t max_udp_sz)
155 : class_hi_(hi(max_udp_sz))
156 , class_lo_(lo(max_udp_sz))
157 {
158 static_assert(sizeof(edns0_opt_meta_rr) == 11);
159 }
160
161 uint16_t extended_rcode() const { return extended_rcode_; }
162 };
163
164 /*
165
166 <https://tools.ietf.org/html/rfc1035>
167
168 4.1.3. Resource record format
169 1 1 1 1 1 1
170 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
171 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
172 | |
173 / /
174 / NAME /
175 | |
176 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
177 | TYPE |
178 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
179 | CLASS |
180 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
181 | TTL |
182 | |
183 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
184 | RDLENGTH |
185 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
186 / RDATA /
187 / /
188 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
189
190 */
191
192 class rr {
193 octet type_hi_;
194 octet type_lo_;
195
196 octet class_hi_;
197 octet class_lo_;
198
199 octet ttl_0_;
200 octet ttl_1_;
201 octet ttl_2_;
202 octet ttl_3_;
203
204 octet rdlength_hi_;
205 octet rdlength_lo_;
206
207 public:
208 rr() { static_assert(sizeof(rr) == 10); }
209
210 uint16_t rr_type() const { return as_u16(type_hi_, type_lo_); }
211 uint16_t rr_class() const { return as_u16(class_hi_, class_lo_); }
212 uint32_t rr_ttl() const
213 {
214 return (uint32_t(ttl_0_) << 24) + (uint32_t(ttl_1_) << 16) +
215 (uint32_t(ttl_2_) << 8) + (uint32_t(ttl_3_));
216 }
217
218 uint16_t rdlength() const { return as_u16(rdlength_hi_, rdlength_lo_); }
219
220 auto cdata() const
221 {
222 return reinterpret_cast<char const*>(this) + sizeof(rr);
223 }
224 auto rddata() const { return reinterpret_cast<octet const*>(cdata()); }
225 auto next_rr_name() const { return rddata() + rdlength(); }
226 };
227
228 // name processing code mostly adapted from c-ares
229
230 auto uztosl(size_t uznum)
231 {
232 CHECK_LE(uznum, size_t(std::numeric_limits<long>::max()));
233 return static_cast<long>(uznum);
234 }
235
236 // return the length of the expansion of an encoded domain name, or -1
237 // if the encoding is invalid
238
239 int name_length(octet const* encoded, DNS::message const& pkt)
240 {
241 auto const sp = static_cast<std::span<DNS::message::octet const>>(pkt);
242 auto const sp_end = sp.data() + sp.size();
243
244 // Allow the caller to pass us buf + len and have us check for it.
245 if (encoded >= sp_end)
246 return -1;
247
248 int length = 0;
249 int nindir = 0; // count indirections
250
251 while (*encoded) {
252
253 auto const top = (*encoded & NS_CMPRSFLGS);
254
255 if (top == NS_CMPRSFLGS) {
256 // Check the offset and go there.
257 if (encoded + 1 >= sp_end)
258 return -1;
259
260 unsigned const offset = (*encoded & ~NS_CMPRSFLGS) << 8 | *(encoded + 1);
261 if (offset >= sp.size())
262 return -1;
263
264 encoded = sp.data() + offset;
265
266 ++nindir;
267
268 auto constexpr max_indirs = 50; // maximum indirections allowed for a name
269
270 // If we've seen more indirects than the message length, or over
271 // some limit, then there's a loop.
272 if (nindir > std::streamsize(sp.size()) || nindir > max_indirs)
273 return -1;
274 }
275 else if (top == 0) {
276 auto offset = *encoded;
277 if (encoded + offset + 1 >= sp_end)
278 return -1;
279
280 ++encoded;
281
282 while (offset--) {
283 length += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
284 encoded++;
285 }
286
287 ++length;
288 }
289 else {
290 // RFC 1035 4.1.4 says other options (01, 10) for top 2
291 // bits are reserved.
292 return -1;
293 }
294 }
295
296 // If there were any labels at all, then the number of dots is one
297 // less than the number of labels, so subtract one.
298
299 return length ? length - 1 : length;
300 }
301
302 bool expand_name(octet const* encoded,
303 DNS::message const& pkt,
304 std::string& name,
305 int& enc_len)
306 {
307 auto const sp = static_cast<std::span<DNS::message::octet const>>(pkt);
308
309 name.clear();
310
311 auto indir = false;
312
313 auto const nlen = name_length(encoded, pkt);
314 if (nlen < 0) {
315 LOG(WARNING) << "bad name";
316 return false;
317 }
318
319 name.reserve(nlen);
320
321 if (nlen == 0) {
322 // RFC 2181 says this should be ".": the root of the DNS tree.
323 // Since this function strips trailing dots though, it becomes ""s
324
325 // indirect root label (like 0xc0 0x0c) is 2 bytes long
326 if ((*encoded & NS_CMPRSFLGS) == NS_CMPRSFLGS)
327 enc_len = 2;
328 else
329 enc_len = 1; // the caller should move one byte to get past this
330
331 return true;
332 }
333
334 // error-checking done by name_length()
335 auto p = encoded;
336 while (*p) {
337 if ((*p & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
338 if (!indir) {
339 enc_len = uztosl(p + 2 - encoded);
340 indir = true;
341 }
342 p = sp.data() + ((*p & ~NS_CMPRSFLGS) << 8 | *(p + 1));
343 }
344 else {
345 int len = *p;
346 p++;
347 while (len--) {
348 if (*p == '.' || *p == '\\')
349 name += '\\';
350 name += static_cast<char>(*p);
351 p++;
352 }
353 name += '.';
354 }
355 }
356
357 if (!indir)
358 enc_len = uztosl(p + 1 - encoded);
359
360 if (name.length() && (name.back() == '.')) {
361 name.pop_back();
362 }
363
364 return true;
365 }
366
367 // return the length of the encoded name
368
369 int name_put(octet* buf, char const* name)
370 {
371 auto q = buf;
372
373 if ((name[0] == '.') && (name[1] == '\0'))
374 name++;
375
376 while (*name) {
377 if (*name == '.') {
378 LOG(WARNING) << "zero length label";
379 return -1;
380 }
381
382 uint8_t len = 0;
383 char const* p;
384
385 for (p = name; *p && *p != '.'; p++) {
386 if (*p == '\\' && *(p + 1) != 0)
387 p++;
388 len++;
389 }
390 if (len > 63) {
391 // RFC-1035 Section 2.3.4. Size limits
392 LOG(WARNING) << "label exceeds 63 octets";
393 return -1;
394 }
395
396 *q++ = len;
397 for (p = name; *p && *p != '.'; p++) {
398 if (*p == '\\' && *(p + 1) != 0)
399 p++;
400 *q++ = *p;
401 }
402
403 if (!*p)
404 break;
405
406 name = p + 1;
407 }
408
409 // Add the zero-length label at the end.
410 *q++ = 0;
411
412 auto const sz = q - buf;
413 if (sz > 255) {
414 // RFC-1035 Section 2.3.4. Size limits
415 LOG(WARNING) << "domain name exceeds 255 octets";
416 return -1;
417 }
418
419 return sz;
420 }
421 } // namespace
422
423 namespace DNS {
424
425 uint16_t message::id() const
426 {
427 auto const hdr_p = reinterpret_cast<header const*>(buf_.data());
428 return hdr_p->id();
429 }
430
431 size_t message::min_sz() { return sizeof(header); }
432
433 DNS::message
434 create_question(char const* name, DNS::RR_type type, uint16_t cls, uint16_t id)
435 {
436 // size to allocate may be larger than needed if backslash escapes
437 // are used in domain name
438
439 auto const sz_alloc = strlen(name) + 2 + // clang-format off
440 sizeof(header) +
441 sizeof(question) +
442 sizeof(edns0_opt_meta_rr); // clang-format on
443
444 DNS::message::container_t buf(sz_alloc);
445
446 auto q = buf.data();
447
448 new (q) header(id);
449 q += sizeof(header);
450
451 auto const len = name_put(q, name);
452 CHECK_GE(len, 1) << "malformed domain name " << name;
453 q += len;
454
455 new (q) question(type, cls);
456 q += sizeof(question);
457
458 new (q) edns0_opt_meta_rr(Config::max_udp_sz);
459 q += sizeof(edns0_opt_meta_rr);
460
461 // verify constructed size is less than or equal to allocated size
462 auto const sz = q - buf.data();
463 CHECK_LE(sz, sz_alloc);
464
465 buf.resize(sz);
466 buf.shrink_to_fit();
467
468 return DNS::message{std::move(buf)};
469 }
470
471 void check_answer(bool& nx_domain,
472 bool& bogus_or_indeterminate,
473
474 uint16_t& rcode,
475 uint16_t& extended_rcode,
476
477 bool& truncation,
478 bool& authentic_data,
479 bool& has_record,
480
481 DNS::message const& q,
482 DNS::message const& a,
483
484 DNS::RR_type type,
485 char const* name)
486 {
487 // We grab some stuff from the question we generated. This is not
488 // an un-trusted datum from afar.
489
490 auto const cls{[type = type, &q]() {
491 auto const q_sp = static_cast<std::span<DNS::message::octet const>>(q);
492 auto q_p = q_sp.data();
493 auto const q_hdr_p = reinterpret_cast<header const*>(q_p);
494 CHECK_EQ(q_hdr_p->qdcount(), uint16_t(1));
495 q_p += sizeof(header);
496 std::string qname;
497 int name_len;
498 CHECK(expand_name(q_p, q, qname, name_len));
499 q_p += name_len;
500 auto const question_p = reinterpret_cast<question const*>(q_p);
501 CHECK(question_p->qtype() == type)
502 << question_p->qtype() << " != " << type << '\n';
503 return question_p->qclass();
504 }()};
505
506 auto const a_sp = static_cast<std::span<DNS::message::octet const>>(a);
507 auto const a_sp_end = a_sp.data() + a_sp.size();
508
509 auto const hdr_p = reinterpret_cast<header const*>(a_sp.data());
510
511 rcode = hdr_p->rcode();
512 switch (rcode) {
513 case ns_r_noerror: break;
514 case ns_r_nxdomain: nx_domain = true; break;
515 case ns_r_servfail: bogus_or_indeterminate = true; break;
516 default:
517 bogus_or_indeterminate = true;
518 LOG(WARNING) << "name lookup error: " << DNS::rcode_c_str(rcode) << " for "
519 << name << '/' << type;
520 break;
521 }
522
523 truncation = hdr_p->truncation();
524 authentic_data = hdr_p->authentic_data();
525 has_record = hdr_p->ancount() != 0;
526
527 if (truncation) {
528 bogus_or_indeterminate = true;
529 LOG(WARNING) << "DNS answer truncated for " << name << '/' << type;
530 return;
531 }
532
533 // check the question part of the reply
534
535 if (hdr_p->qdcount() != 1) {
536 bogus_or_indeterminate = true;
537 LOG(WARNING) << "question not copied into answer for " << name << '/'
538 << type;
539 return;
540 }
541
542 // p is a pointer that pushes forward in the message as we process
543 // each section
544 auto p = a_sp.data() + sizeof(header);
545
546 { // make sure the question name matches
547 std::string qname;
548 auto enc_len = 0;
549 if (!expand_name(p, a, qname, enc_len)) {
550 bogus_or_indeterminate = true;
551 LOG(WARNING) << "bad message";
552 return;
553 }
554 p += enc_len;
555 if (p >= a_sp_end) {
556 bogus_or_indeterminate = true;
557 LOG(WARNING) << "bad message";
558 return;
559 }
560 if (!iequal(qname, name)) {
561 bogus_or_indeterminate = true;
562 LOG(WARNING) << "names don't match, " << qname << " != " << name;
563 return;
564 }
565 }
566
567 if ((p + sizeof(question)) >= a_sp_end) {
568 bogus_or_indeterminate = true;
569 LOG(WARNING) << "bad message";
570 return;
571 }
572
573 auto question_p = reinterpret_cast<question const*>(p);
574 p += sizeof(question);
575
576 if (question_p->qtype() != type) {
577 bogus_or_indeterminate = true;
578 LOG(WARNING) << "qtypes don't match, " << question_p->qtype()
579 << " != " << type;
580 return;
581 }
582 if (question_p->qclass() != cls) {
583 bogus_or_indeterminate = true;
584 LOG(WARNING) << "qclasses don't match, " << question_p->qclass()
585 << " != " << cls;
586 return;
587 }
588
589 // answers and nameservers
590 for (auto i = 0; i < (hdr_p->ancount() + hdr_p->nscount()); ++i) {
591 std::string x;
592 auto enc_len = 0;
593 if (!expand_name(p, a, x, enc_len) ||
594 ((p + enc_len + sizeof(rr)) > a_sp_end)) {
595 bogus_or_indeterminate = true;
596 LOG(WARNING) << "bad message in answer or nameserver section for " << name
597 << '/' << type;
598 return;
599 }
600 p += enc_len;
601 auto const rr_p = reinterpret_cast<rr const*>(p);
602 p = rr_p->next_rr_name();
603 }
604
605 // check additional section for OPT record
606 for (auto i = 0; i < hdr_p->arcount(); ++i) {
607 std::string x;
608 auto enc_len = 0;
609 if (!expand_name(p, a, x, enc_len) ||
610 ((p + enc_len + sizeof(rr)) > a_sp_end)) {
611 bogus_or_indeterminate = true;
612 LOG(WARNING) << "bad message in additional section for " << name << '/'
613 << type;
614 return;
615 }
616 p += enc_len;
617 auto const rr_p = reinterpret_cast<rr const*>(p);
618
619 switch (rr_p->rr_type()) {
620 case ns_t_opt: {
621 auto opt_p = reinterpret_cast<edns0_opt_meta_rr const*>(p);
622 extended_rcode = (opt_p->extended_rcode() << 4) + hdr_p->rcode();
623 break;
624 }
625
626 case ns_t_a:
627 case ns_t_aaaa:
628 case ns_t_ns:
629 case ns_t_rrsig:
630 // nameserver records often included with associated address info
631 break;
632
633 case ns_t_tlsa:
634 // tlsa records can now be in the additional section, as
635 // they are returned from dns.mullvad.net.
636 break;
637
638 default:
639 LOG(INFO) << "unknown additional record, name == " << name;
640 LOG(INFO) << "rr_p->type() == " << rr_p->rr_type() << " ("
641 << RR_type_c_str(rr_p->rr_type()) << ")";
642 LOG(INFO) << "rr_p->class() == " << rr_p->rr_class();
643 LOG(INFO) << "rr_p->ttl() == " << rr_p->rr_ttl();
644 break;
645 }
646
647 p = rr_p->next_rr_name();
648 }
649
650 unsigned long size_check = p - a_sp.data();
651 if (size_check != a_sp.size()) {
652 bogus_or_indeterminate = true;
653 LOG(WARNING) << "bad message size for " << name << '/' << type;
654 return;
655 }
656 }
657
658 std::optional<RR> get_A(rr const* rr_p, DNS::message const& pkt, bool& err)
659 {
660 if (rr_p->rdlength() != 4) {
661 LOG(WARNING) << "bogus A record";
662 err = true;
663 return {};
664 }
665 return RR_A{rr_p->rddata(), rr_p->rdlength()};
666 }
667
668 std::optional<RR> get_CNAME(rr const* rr_p, DNS::message const& pkt, bool& err)
669 {
670 std::string name;
671 int enc_len;
672 if (!expand_name(rr_p->rddata(), pkt, name, enc_len)) {
673 LOG(WARNING) << "bogus CNAME record";
674 err = true;
675 return {};
676 }
677 return RR_CNAME{name};
678 }
679
680 std::optional<RR> get_PTR(rr const* rr_p, DNS::message const& pkt, bool& err)
681 {
682 std::string name;
683 int enc_len;
684 if (!expand_name(rr_p->rddata(), pkt, name, enc_len)) {
685 LOG(WARNING) << "bogus PTR record";
686 err = true;
687 return {};
688 }
689 return RR_PTR{name};
690 }
691
692 std::optional<RR> get_MX(rr const* rr_p, DNS::message const& pkt, bool& err)
693 {
694 std::string name;
695 int enc_len;
696 if (rr_p->rdlength() < 3) {
697 LOG(WARNING) << "bogus MX record";
698 err = true;
699 return {};
700 }
701 auto p = rr_p->rddata();
702 auto const preference = as_u16(p[0], p[1]);
703 p += 2;
704 if (!expand_name(p, pkt, name, enc_len)) {
705 LOG(WARNING) << "bogus MX record";
706 err = true;
707 return {};
708 }
709 return RR_MX{name, preference};
710 }
711
712 std::optional<RR> get_TXT(rr const* rr_p, DNS::message const& pkt, bool& err)
713 {
714 if (rr_p->rdlength() < 1) {
715 LOG(WARNING) << "bogus TXT record";
716 err = true;
717 return {};
718 }
719 std::string str;
720 auto p = rr_p->rddata();
721 do {
722 if ((p + 1 + *p) > rr_p->next_rr_name()) {
723 LOG(WARNING) << "bogus string in TXT record";
724 err = true;
725 return {};
726 }
727 str.append(reinterpret_cast<char const*>(p) + 1, *p);
728 p += *p + 1;
729 } while (p < rr_p->next_rr_name());
730 return RR_TXT{str};
731 }
732
733 std::optional<RR> get_AAAA(rr const* rr_p, DNS::message const& pkt, bool& err)
734 {
735 if (rr_p->rdlength() != 16) {
736 LOG(WARNING) << "bogus AAAA record";
737 err = true;
738 return {};
739 }
740 return RR_AAAA{rr_p->rddata(), rr_p->rdlength()};
741 }
742
743 std::optional<RR> get_RRSIG(rr const* rr_p, DNS::message const& pkt, bool& err)
744 {
745 // LOG(WARNING) << "#### FIXME! RRSIG";
746 // return RR_RRSIG{rr_p->rddata(), rr_p->rdlength()});
747 return {};
748 }
749
750 std::optional<RR> get_TLSA(rr const* rr_p, DNS::message const& pkt, bool& err)
751 {
752 if (rr_p->rdlength() < 4) {
753 LOG(WARNING) << "bogus TLSA record";
754 err = true;
755 return {};
756 }
757
758 auto p = rr_p->rddata();
759
760 uint8_t cert_usage = *p++;
761 uint8_t selector = *p++;
762 uint8_t matching_type = *p++;
763
764 std::span<DNS::message::octet const> assoc_data{
765 p, static_cast<size_t>(rr_p->rdlength()) - 3};
766
767 return RR_TLSA{cert_usage, selector, matching_type, assoc_data};
768 }
769
770 std::optional<RR> get_rr(rr const* rr_p, DNS::message const& pkt, bool& err)
771 {
772 auto const typ = static_cast<DNS::RR_type>(rr_p->rr_type());
773
774 switch (typ) { // clang-format off
775 case DNS::RR_type::A: return get_A (rr_p, pkt, err);
776 case DNS::RR_type::CNAME: return get_CNAME(rr_p, pkt, err);
777 case DNS::RR_type::PTR: return get_PTR (rr_p, pkt, err);
778 case DNS::RR_type::MX: return get_MX (rr_p, pkt, err);
779 case DNS::RR_type::TXT: return get_TXT (rr_p, pkt, err);
780 case DNS::RR_type::AAAA: return get_AAAA (rr_p, pkt, err);
781 case DNS::RR_type::RRSIG: return get_RRSIG(rr_p, pkt, err);
782 case DNS::RR_type::TLSA: return get_TLSA (rr_p, pkt, err);
783 default: break;
784 } // clang-format on
785
786 LOG(WARNING) << "unsupported RR type " << typ;
787 return {};
788 }
789
790 RR_collection get_records(message const& pkt, bool& bogus_or_indeterminate)
791 {
792 auto const sp = static_cast<std::span<DNS::message::octet const>>(pkt);
793 auto const sp_end = sp.data() + sp.size();
794
795 RR_collection ret;
796
797 auto const hdr_p = reinterpret_cast<header const*>(sp.data());
798
799 auto p = sp.data() + sizeof(header);
800
801 // skip queries
802 for (auto i = 0; i < hdr_p->qdcount(); ++i) {
803 std::string qname;
804 auto enc_len = 0;
805
806 CHECK(expand_name(p, pkt, qname, enc_len));
807 p += enc_len;
808 // auto question_p = reinterpret_cast<question const*>(p);
809 p += sizeof(question);
810 }
811
812 // get answers
813 for (auto i = 0; i < hdr_p->ancount(); ++i) {
814 std::string name;
815 auto enc_len = 0;
816 CHECK(expand_name(p, pkt, name, enc_len));
817 p += enc_len;
818 if ((p + sizeof(rr)) > sp_end) {
819 bogus_or_indeterminate = true;
820 LOG(WARNING) << "bad message";
821 return RR_collection{};
822 }
823 auto rr_p = reinterpret_cast<rr const*>(p);
824 if ((p + rr_p->rdlength()) > sp_end) {
825 bogus_or_indeterminate = true;
826 LOG(WARNING) << "bad message";
827 return RR_collection{};
828 }
829
830 auto rr_ret = get_rr(rr_p, pkt, bogus_or_indeterminate);
831
832 if (bogus_or_indeterminate)
833 return RR_collection{};
834
835 if (rr_ret)
836 ret.emplace_back(*rr_ret);
837
838 p = rr_p->next_rr_name();
839 }
840
841 return ret;
842 }
843
844 } // namespace DNS
Gene's SMTP server