1b7579f77SDag-Erling Smørgrav /* 2b7579f77SDag-Erling Smørgrav * util/net_help.h - network help functions 3b7579f77SDag-Erling Smørgrav * 4b7579f77SDag-Erling Smørgrav * Copyright (c) 2007, NLnet Labs. All rights reserved. 5b7579f77SDag-Erling Smørgrav * 6b7579f77SDag-Erling Smørgrav * This software is open source. 7b7579f77SDag-Erling Smørgrav * 8b7579f77SDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 9b7579f77SDag-Erling Smørgrav * modification, are permitted provided that the following conditions 10b7579f77SDag-Erling Smørgrav * are met: 11b7579f77SDag-Erling Smørgrav * 12b7579f77SDag-Erling Smørgrav * Redistributions of source code must retain the above copyright notice, 13b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer. 14b7579f77SDag-Erling Smørgrav * 15b7579f77SDag-Erling Smørgrav * Redistributions in binary form must reproduce the above copyright notice, 16b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer in the documentation 17b7579f77SDag-Erling Smørgrav * and/or other materials provided with the distribution. 18b7579f77SDag-Erling Smørgrav * 19b7579f77SDag-Erling Smørgrav * Neither the name of the NLNET LABS nor the names of its contributors may 20b7579f77SDag-Erling Smørgrav * be used to endorse or promote products derived from this software without 21b7579f77SDag-Erling Smørgrav * specific prior written permission. 22b7579f77SDag-Erling Smørgrav * 23b7579f77SDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 2417d15b25SDag-Erling Smørgrav * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 2517d15b25SDag-Erling Smørgrav * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 2617d15b25SDag-Erling Smørgrav * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 2717d15b25SDag-Erling Smørgrav * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 2817d15b25SDag-Erling Smørgrav * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 2917d15b25SDag-Erling Smørgrav * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 3017d15b25SDag-Erling Smørgrav * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 3117d15b25SDag-Erling Smørgrav * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 3217d15b25SDag-Erling Smørgrav * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 3317d15b25SDag-Erling Smørgrav * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34b7579f77SDag-Erling Smørgrav */ 35b7579f77SDag-Erling Smørgrav 36b7579f77SDag-Erling Smørgrav /** 37b7579f77SDag-Erling Smørgrav * \file 38b7579f77SDag-Erling Smørgrav * 39b7579f77SDag-Erling Smørgrav * This file contains functions to perform network related tasks. 40b7579f77SDag-Erling Smørgrav */ 41b7579f77SDag-Erling Smørgrav 42b7579f77SDag-Erling Smørgrav #ifndef NET_HELP_H 43b7579f77SDag-Erling Smørgrav #define NET_HELP_H 44b7579f77SDag-Erling Smørgrav #include "util/log.h" 455469a995SCy Schubert #include "util/random.h" 46b7579f77SDag-Erling Smørgrav struct sock_list; 47b7579f77SDag-Erling Smørgrav struct regional; 48e86b9096SDag-Erling Smørgrav struct config_strlist; 49b7579f77SDag-Erling Smørgrav 50b7579f77SDag-Erling Smørgrav /** DNS constants for uint16_t style flag manipulation. host byteorder. 51b7579f77SDag-Erling Smørgrav * 1 1 1 1 1 1 52b7579f77SDag-Erling Smørgrav * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 53b7579f77SDag-Erling Smørgrav * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 54b7579f77SDag-Erling Smørgrav * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | 55b7579f77SDag-Erling Smørgrav * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 56b7579f77SDag-Erling Smørgrav */ 57b7579f77SDag-Erling Smørgrav /** CD flag */ 58b7579f77SDag-Erling Smørgrav #define BIT_CD 0x0010 59b7579f77SDag-Erling Smørgrav /** AD flag */ 60b7579f77SDag-Erling Smørgrav #define BIT_AD 0x0020 61b7579f77SDag-Erling Smørgrav /** Z flag */ 62b7579f77SDag-Erling Smørgrav #define BIT_Z 0x0040 63b7579f77SDag-Erling Smørgrav /** RA flag */ 64b7579f77SDag-Erling Smørgrav #define BIT_RA 0x0080 65b7579f77SDag-Erling Smørgrav /** RD flag */ 66b7579f77SDag-Erling Smørgrav #define BIT_RD 0x0100 67b7579f77SDag-Erling Smørgrav /** TC flag */ 68b7579f77SDag-Erling Smørgrav #define BIT_TC 0x0200 69b7579f77SDag-Erling Smørgrav /** AA flag */ 70b7579f77SDag-Erling Smørgrav #define BIT_AA 0x0400 71b7579f77SDag-Erling Smørgrav /** QR flag */ 72b7579f77SDag-Erling Smørgrav #define BIT_QR 0x8000 73b7579f77SDag-Erling Smørgrav /** get RCODE bits from uint16 flags */ 74b7579f77SDag-Erling Smørgrav #define FLAGS_GET_RCODE(f) ((f) & 0xf) 75b7579f77SDag-Erling Smørgrav /** set RCODE bits in uint16 flags */ 76b7579f77SDag-Erling Smørgrav #define FLAGS_SET_RCODE(f, r) (f = (((f) & 0xfff0) | (r))) 77b7579f77SDag-Erling Smørgrav 783bd4df0aSDag-Erling Smørgrav /** timeout in milliseconds for UDP queries to auth servers. */ 793bd4df0aSDag-Erling Smørgrav #define UDP_AUTH_QUERY_TIMEOUT 3000 80b7579f77SDag-Erling Smørgrav /** Advertised version of EDNS capabilities */ 81b7579f77SDag-Erling Smørgrav #define EDNS_ADVERTISED_VERSION 0 82b7579f77SDag-Erling Smørgrav /** Advertised size of EDNS capabilities */ 83b7579f77SDag-Erling Smørgrav extern uint16_t EDNS_ADVERTISED_SIZE; 84b7579f77SDag-Erling Smørgrav /** bits for EDNS bitfield */ 85b7579f77SDag-Erling Smørgrav #define EDNS_DO 0x8000 /* Dnssec Ok */ 86b7579f77SDag-Erling Smørgrav /** byte size of ip4 address */ 87b7579f77SDag-Erling Smørgrav #define INET_SIZE 4 88b7579f77SDag-Erling Smørgrav /** byte size of ip6 address */ 89b7579f77SDag-Erling Smørgrav #define INET6_SIZE 16 90b7579f77SDag-Erling Smørgrav 91b7579f77SDag-Erling Smørgrav /** DNSKEY zone sign key flag */ 92b7579f77SDag-Erling Smørgrav #define DNSKEY_BIT_ZSK 0x0100 93b7579f77SDag-Erling Smørgrav /** DNSKEY secure entry point, KSK flag */ 94b7579f77SDag-Erling Smørgrav #define DNSKEY_BIT_SEP 0x0001 95b7579f77SDag-Erling Smørgrav 965469a995SCy Schubert /** return a random 16-bit number given a random source */ 975469a995SCy Schubert #define GET_RANDOM_ID(rnd) (((unsigned)ub_random(rnd)>>8) & 0xffff) 985469a995SCy Schubert 99865f46b2SCy Schubert /** define MSG_DONTWAIT for unsupported platforms */ 100865f46b2SCy Schubert #ifndef MSG_DONTWAIT 101865f46b2SCy Schubert #define MSG_DONTWAIT 0 102865f46b2SCy Schubert #endif 103865f46b2SCy Schubert 104b7579f77SDag-Erling Smørgrav /** minimal responses when positive answer */ 105b7579f77SDag-Erling Smørgrav extern int MINIMAL_RESPONSES; 106b7579f77SDag-Erling Smørgrav 107b7579f77SDag-Erling Smørgrav /** rrset order roundrobin */ 108b7579f77SDag-Erling Smørgrav extern int RRSET_ROUNDROBIN; 109b7579f77SDag-Erling Smørgrav 110e86b9096SDag-Erling Smørgrav /** log tag queries with name instead of 'info' for filtering */ 111e86b9096SDag-Erling Smørgrav extern int LOG_TAG_QUERYREPLY; 112e86b9096SDag-Erling Smørgrav 113b7579f77SDag-Erling Smørgrav /** 114b7579f77SDag-Erling Smørgrav * See if string is ip4 or ip6. 115b7579f77SDag-Erling Smørgrav * @param str: IP specification. 116b7579f77SDag-Erling Smørgrav * @return: true if string addr is an ip6 specced address. 117b7579f77SDag-Erling Smørgrav */ 118b7579f77SDag-Erling Smørgrav int str_is_ip6(const char* str); 119b7579f77SDag-Erling Smørgrav 120b7579f77SDag-Erling Smørgrav /** 121b7579f77SDag-Erling Smørgrav * Set fd nonblocking. 122b7579f77SDag-Erling Smørgrav * @param s: file descriptor. 123b7579f77SDag-Erling Smørgrav * @return: 0 on error (error is printed to log). 124b7579f77SDag-Erling Smørgrav */ 125b7579f77SDag-Erling Smørgrav int fd_set_nonblock(int s); 126b7579f77SDag-Erling Smørgrav 127b7579f77SDag-Erling Smørgrav /** 128b7579f77SDag-Erling Smørgrav * Set fd (back to) blocking. 129b7579f77SDag-Erling Smørgrav * @param s: file descriptor. 130b7579f77SDag-Erling Smørgrav * @return: 0 on error (error is printed to log). 131b7579f77SDag-Erling Smørgrav */ 132b7579f77SDag-Erling Smørgrav int fd_set_block(int s); 133b7579f77SDag-Erling Smørgrav 134b7579f77SDag-Erling Smørgrav /** 135b7579f77SDag-Erling Smørgrav * See if number is a power of 2. 136b7579f77SDag-Erling Smørgrav * @param num: the value. 137b7579f77SDag-Erling Smørgrav * @return: true if the number is a power of 2. 138b7579f77SDag-Erling Smørgrav */ 139b7579f77SDag-Erling Smørgrav int is_pow2(size_t num); 140b7579f77SDag-Erling Smørgrav 141b7579f77SDag-Erling Smørgrav /** 142b7579f77SDag-Erling Smørgrav * Allocate memory and copy over contents. 143b7579f77SDag-Erling Smørgrav * @param data: what to copy over. 144b7579f77SDag-Erling Smørgrav * @param len: length of data. 145b7579f77SDag-Erling Smørgrav * @return: NULL on malloc failure, or newly malloced data. 146b7579f77SDag-Erling Smørgrav */ 147b7579f77SDag-Erling Smørgrav void* memdup(void* data, size_t len); 148b7579f77SDag-Erling Smørgrav 149b7579f77SDag-Erling Smørgrav /** 150b7579f77SDag-Erling Smørgrav * Prints the sockaddr in readable format with log_info. Debug helper. 151b7579f77SDag-Erling Smørgrav * @param v: at what verbosity level to print this. 152b7579f77SDag-Erling Smørgrav * @param str: descriptive string printed with it. 153b7579f77SDag-Erling Smørgrav * @param addr: the sockaddr to print. Can be ip4 or ip6. 154b7579f77SDag-Erling Smørgrav * @param addrlen: length of addr. 155b7579f77SDag-Erling Smørgrav */ 156b7579f77SDag-Erling Smørgrav void log_addr(enum verbosity_value v, const char* str, 157b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr, socklen_t addrlen); 158b7579f77SDag-Erling Smørgrav 159b7579f77SDag-Erling Smørgrav /** 160b7579f77SDag-Erling Smørgrav * Prints zone name and sockaddr in readable format with log_info. Debug. 161b7579f77SDag-Erling Smørgrav * @param v: at what verbosity level to print this. 162b7579f77SDag-Erling Smørgrav * @param str: descriptive string printed with it. 163b7579f77SDag-Erling Smørgrav * @param zone: DNS domain name, uncompressed wireformat. 164b7579f77SDag-Erling Smørgrav * @param addr: the sockaddr to print. Can be ip4 or ip6. 165b7579f77SDag-Erling Smørgrav * @param addrlen: length of addr. 166b7579f77SDag-Erling Smørgrav */ 167b7579f77SDag-Erling Smørgrav void log_name_addr(enum verbosity_value v, const char* str, uint8_t* zone, 168b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr, socklen_t addrlen); 169b7579f77SDag-Erling Smørgrav 170b7579f77SDag-Erling Smørgrav /** 171ff825849SDag-Erling Smørgrav * Log errno and addr. 172ff825849SDag-Erling Smørgrav * @param str: descriptive string printed with it. 173ff825849SDag-Erling Smørgrav * @param err: errno string to print, i.e. strerror(errno). 174ff825849SDag-Erling Smørgrav * @param addr: the sockaddr to print. Can be ip4 or ip6. 175ff825849SDag-Erling Smørgrav * @param addrlen: length of addr. 176ff825849SDag-Erling Smørgrav */ 177ff825849SDag-Erling Smørgrav void log_err_addr(const char* str, const char* err, 178ff825849SDag-Erling Smørgrav struct sockaddr_storage* addr, socklen_t addrlen); 179ff825849SDag-Erling Smørgrav 180ff825849SDag-Erling Smørgrav /** 181b7579f77SDag-Erling Smørgrav * Convert address string, with "@port" appendix, to sockaddr. 182b7579f77SDag-Erling Smørgrav * Uses DNS port by default. 183b7579f77SDag-Erling Smørgrav * @param str: the string 184b7579f77SDag-Erling Smørgrav * @param addr: where to store sockaddr. 185b7579f77SDag-Erling Smørgrav * @param addrlen: length of stored sockaddr is returned. 186865f46b2SCy Schubert * @param port: default port. 187b7579f77SDag-Erling Smørgrav * @return 0 on error. 188b7579f77SDag-Erling Smørgrav */ 189b7579f77SDag-Erling Smørgrav int extstrtoaddr(const char* str, struct sockaddr_storage* addr, 190865f46b2SCy Schubert socklen_t* addrlen, int port); 191b7579f77SDag-Erling Smørgrav 192b7579f77SDag-Erling Smørgrav /** 193b7579f77SDag-Erling Smørgrav * Convert ip address string and port to sockaddr. 194b7579f77SDag-Erling Smørgrav * @param ip: ip4 or ip6 address string. 195b7579f77SDag-Erling Smørgrav * @param port: port number, host format. 196b7579f77SDag-Erling Smørgrav * @param addr: where to store sockaddr. 197b7579f77SDag-Erling Smørgrav * @param addrlen: length of stored sockaddr is returned. 198b7579f77SDag-Erling Smørgrav * @return 0 on error. 199b7579f77SDag-Erling Smørgrav */ 200b7579f77SDag-Erling Smørgrav int ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 201b7579f77SDag-Erling Smørgrav socklen_t* addrlen); 202b7579f77SDag-Erling Smørgrav 203b7579f77SDag-Erling Smørgrav /** 204b7579f77SDag-Erling Smørgrav * Convert ip netblock (ip/netsize) string and port to sockaddr. 2050fb34990SDag-Erling Smørgrav * performs a copy internally to avoid writing over 'ip' string. 206b7579f77SDag-Erling Smørgrav * @param ip: ip4 or ip6 address string. 207b7579f77SDag-Erling Smørgrav * @param port: port number, host format. 208b7579f77SDag-Erling Smørgrav * @param addr: where to store sockaddr. 209b7579f77SDag-Erling Smørgrav * @param addrlen: length of stored sockaddr is returned. 210b7579f77SDag-Erling Smørgrav * @param net: netblock size is returned. 211b7579f77SDag-Erling Smørgrav * @return 0 on error. 212b7579f77SDag-Erling Smørgrav */ 213b7579f77SDag-Erling Smørgrav int netblockstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 214b7579f77SDag-Erling Smørgrav socklen_t* addrlen, int* net); 215b7579f77SDag-Erling Smørgrav 216b7579f77SDag-Erling Smørgrav /** 2170fb34990SDag-Erling Smørgrav * Convert address string, with "@port" appendix, to sockaddr. 2180fb34990SDag-Erling Smørgrav * It can also have an "#tls-auth-name" appendix (after the port). 2199cf5bc93SCy Schubert * The returned auth_name string is a pointer into the input string. 2209cf5bc93SCy Schubert * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured. 2210fb34990SDag-Erling Smørgrav * @param str: the string 2220fb34990SDag-Erling Smørgrav * @param addr: where to store sockaddr. 2230fb34990SDag-Erling Smørgrav * @param addrlen: length of stored sockaddr is returned. 2240fb34990SDag-Erling Smørgrav * @param auth_name: returned pointer to tls_auth_name, or NULL if none. 2250fb34990SDag-Erling Smørgrav * @return 0 on error. 2260fb34990SDag-Erling Smørgrav */ 2270fb34990SDag-Erling Smørgrav int authextstrtoaddr(char* str, struct sockaddr_storage* addr, 2280fb34990SDag-Erling Smørgrav socklen_t* addrlen, char** auth_name); 2290fb34990SDag-Erling Smørgrav 2300fb34990SDag-Erling Smørgrav /** 2319cf5bc93SCy Schubert * Convert domain string, with "@port" appendix, to dname. 2329cf5bc93SCy Schubert * It can also have an "#tls-auth-name" appendix (after the port). 2339cf5bc93SCy Schubert * The return port is the parsed port. 2349cf5bc93SCy Schubert * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured. 2359cf5bc93SCy Schubert * The returned auth_name string is a pointer into the input string. 2369cf5bc93SCy Schubert * @param str: the string 2379cf5bc93SCy Schubert * @param port: pointer to be assigned the parsed port value. 2389cf5bc93SCy Schubert * @param auth_name: returned pointer to tls_auth_name, or NULL if none. 2399cf5bc93SCy Schubert * @return pointer to the dname. 2409cf5bc93SCy Schubert */ 2419cf5bc93SCy Schubert uint8_t* authextstrtodname(char* str, int* port, char** auth_name); 2429cf5bc93SCy Schubert 2439cf5bc93SCy Schubert /** 24457bddd21SDag-Erling Smørgrav * Store port number into sockaddr structure 24557bddd21SDag-Erling Smørgrav * @param addr: sockaddr structure, ip4 or ip6. 24657bddd21SDag-Erling Smørgrav * @param addrlen: length of addr. 24757bddd21SDag-Erling Smørgrav * @param port: port number to put into the addr. 24857bddd21SDag-Erling Smørgrav */ 24957bddd21SDag-Erling Smørgrav void sockaddr_store_port(struct sockaddr_storage* addr, socklen_t addrlen, 25057bddd21SDag-Erling Smørgrav int port); 25157bddd21SDag-Erling Smørgrav 25257bddd21SDag-Erling Smørgrav /** 253b7579f77SDag-Erling Smørgrav * Print string with neat domain name, type and class. 254b7579f77SDag-Erling Smørgrav * @param v: at what verbosity level to print this. 255b7579f77SDag-Erling Smørgrav * @param str: string of message. 256b7579f77SDag-Erling Smørgrav * @param name: domain name uncompressed wireformat. 257b7579f77SDag-Erling Smørgrav * @param type: host format RR type. 258b7579f77SDag-Erling Smørgrav * @param dclass: host format RR class. 259b7579f77SDag-Erling Smørgrav */ 260b7579f77SDag-Erling Smørgrav void log_nametypeclass(enum verbosity_value v, const char* str, 261b7579f77SDag-Erling Smørgrav uint8_t* name, uint16_t type, uint16_t dclass); 262b7579f77SDag-Erling Smørgrav 263b7579f77SDag-Erling Smørgrav /** 264e86b9096SDag-Erling Smørgrav * Like log_nametypeclass, but logs with log_query for query logging 265e86b9096SDag-Erling Smørgrav */ 266e86b9096SDag-Erling Smørgrav void log_query_in(const char* str, uint8_t* name, uint16_t type, 267e86b9096SDag-Erling Smørgrav uint16_t dclass); 268e86b9096SDag-Erling Smørgrav 269e86b9096SDag-Erling Smørgrav /** 270b7579f77SDag-Erling Smørgrav * Compare two sockaddrs. Imposes an ordering on the addresses. 271b7579f77SDag-Erling Smørgrav * Compares address and port. 272b7579f77SDag-Erling Smørgrav * @param addr1: address 1. 273b7579f77SDag-Erling Smørgrav * @param len1: lengths of addr1. 274b7579f77SDag-Erling Smørgrav * @param addr2: address 2. 275b7579f77SDag-Erling Smørgrav * @param len2: lengths of addr2. 276b7579f77SDag-Erling Smørgrav * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 277b7579f77SDag-Erling Smørgrav */ 278b7579f77SDag-Erling Smørgrav int sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1, 279b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr2, socklen_t len2); 280b7579f77SDag-Erling Smørgrav 281b7579f77SDag-Erling Smørgrav /** 282b7579f77SDag-Erling Smørgrav * Compare two sockaddrs. Compares address, not the port. 283b7579f77SDag-Erling Smørgrav * @param addr1: address 1. 284b7579f77SDag-Erling Smørgrav * @param len1: lengths of addr1. 285b7579f77SDag-Erling Smørgrav * @param addr2: address 2. 286b7579f77SDag-Erling Smørgrav * @param len2: lengths of addr2. 287b7579f77SDag-Erling Smørgrav * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 288b7579f77SDag-Erling Smørgrav */ 289b7579f77SDag-Erling Smørgrav int sockaddr_cmp_addr(struct sockaddr_storage* addr1, socklen_t len1, 290b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr2, socklen_t len2); 291b7579f77SDag-Erling Smørgrav 292b7579f77SDag-Erling Smørgrav /** 293*be771a7bSCy Schubert * Compare two sockaddrs. Imposes an ordering on the addresses. 294*be771a7bSCy Schubert * Compares address and port. It also compares scope_id for ip6. 295*be771a7bSCy Schubert * @param addr1: address 1. 296*be771a7bSCy Schubert * @param len1: lengths of addr1. 297*be771a7bSCy Schubert * @param addr2: address 2. 298*be771a7bSCy Schubert * @param len2: lengths of addr2. 299*be771a7bSCy Schubert * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 300*be771a7bSCy Schubert */ 301*be771a7bSCy Schubert int sockaddr_cmp_scopeid(struct sockaddr_storage* addr1, socklen_t len1, 302*be771a7bSCy Schubert struct sockaddr_storage* addr2, socklen_t len2); 303*be771a7bSCy Schubert 304*be771a7bSCy Schubert /** 305b7579f77SDag-Erling Smørgrav * Checkout address family. 306b7579f77SDag-Erling Smørgrav * @param addr: the sockaddr to examine. 307b7579f77SDag-Erling Smørgrav * @param len: the length of addr. 308b7579f77SDag-Erling Smørgrav * @return: true if sockaddr is ip6. 309b7579f77SDag-Erling Smørgrav */ 310b7579f77SDag-Erling Smørgrav int addr_is_ip6(struct sockaddr_storage* addr, socklen_t len); 311b7579f77SDag-Erling Smørgrav 312b7579f77SDag-Erling Smørgrav /** 313b7579f77SDag-Erling Smørgrav * Make sure the sockaddr ends in zeroes. For tree insertion and subsequent 314b7579f77SDag-Erling Smørgrav * comparison. 315b7579f77SDag-Erling Smørgrav * @param addr: the ip4 or ip6 addr. 316b7579f77SDag-Erling Smørgrav * @param len: length of addr. 317b7579f77SDag-Erling Smørgrav * @param net: number of bits to leave untouched, the rest of the netblock 318b7579f77SDag-Erling Smørgrav * address is zeroed. 319b7579f77SDag-Erling Smørgrav */ 320b7579f77SDag-Erling Smørgrav void addr_mask(struct sockaddr_storage* addr, socklen_t len, int net); 321b7579f77SDag-Erling Smørgrav 322b7579f77SDag-Erling Smørgrav /** 323b7579f77SDag-Erling Smørgrav * See how many bits are shared, equal, between two addrs. 324b7579f77SDag-Erling Smørgrav * @param addr1: first addr. 325b7579f77SDag-Erling Smørgrav * @param net1: netblock size of first addr. 326b7579f77SDag-Erling Smørgrav * @param addr2: second addr. 327b7579f77SDag-Erling Smørgrav * @param net2: netblock size of second addr. 328b7579f77SDag-Erling Smørgrav * @param addrlen: length of first addr and of second addr. 329b7579f77SDag-Erling Smørgrav * They must be of the same length (i.e. same type IP4, IP6). 330b7579f77SDag-Erling Smørgrav * @return: number of bits the same. 331b7579f77SDag-Erling Smørgrav */ 332b7579f77SDag-Erling Smørgrav int addr_in_common(struct sockaddr_storage* addr1, int net1, 333b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr2, int net2, socklen_t addrlen); 334b7579f77SDag-Erling Smørgrav 335b7579f77SDag-Erling Smørgrav /** 336b7579f77SDag-Erling Smørgrav * Put address into string, works for IPv4 and IPv6. 337b7579f77SDag-Erling Smørgrav * @param addr: address 338b7579f77SDag-Erling Smørgrav * @param addrlen: length of address 339b7579f77SDag-Erling Smørgrav * @param buf: result string stored here 340b7579f77SDag-Erling Smørgrav * @param len: length of buf. 341b7579f77SDag-Erling Smørgrav * On failure a string with "error" is stored inside. 342b7579f77SDag-Erling Smørgrav */ 343b7579f77SDag-Erling Smørgrav void addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, 344b7579f77SDag-Erling Smørgrav char* buf, size_t len); 345b7579f77SDag-Erling Smørgrav 346b7579f77SDag-Erling Smørgrav /** 3478f76bb7dSCy Schubert * Check if the prefix network length is one of the allowed 32, 40, 48, 56, 64, 3488f76bb7dSCy Schubert * or 96. 3498f76bb7dSCy Schubert * @param prefixnet: prefix network length to check. 3508f76bb7dSCy Schubert * @return 1 on success, 0 on failure. 3518f76bb7dSCy Schubert */ 3528f76bb7dSCy Schubert int prefixnet_is_nat64(int prefixnet); 3538f76bb7dSCy Schubert 3548f76bb7dSCy Schubert /** 3558f76bb7dSCy Schubert * Create a NAT64 address from a given address (needs to be IPv4) and a given 3568f76bb7dSCy Schubert * NAT64 prefix. The NAT64 prefix net needs to be one of 32, 40, 48, 56, 64, 96. 3578f76bb7dSCy Schubert * @param addr: IPv4 address. 3588f76bb7dSCy Schubert * @param nat64_prefix: NAT64 prefix. 3598f76bb7dSCy Schubert * @param nat64_prefixlen: NAT64 prefix len. 3608f76bb7dSCy Schubert * @param nat64_prefixnet: NAT64 prefix mask. 3618f76bb7dSCy Schubert * @param nat64_addr: the resulting NAT64 address. 3628f76bb7dSCy Schubert * @param nat64_addrlen: the resulting NAT64 address length. 3638f76bb7dSCy Schubert */ 3648f76bb7dSCy Schubert void addr_to_nat64(const struct sockaddr_storage* addr, 3658f76bb7dSCy Schubert const struct sockaddr_storage* nat64_prefix, 3668f76bb7dSCy Schubert socklen_t nat64_prefixlen, int nat64_prefixnet, 3678f76bb7dSCy Schubert struct sockaddr_storage* nat64_addr, socklen_t* nat64_addrlen); 3688f76bb7dSCy Schubert 3698f76bb7dSCy Schubert /** 370b7579f77SDag-Erling Smørgrav * See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0" 371b7579f77SDag-Erling Smørgrav * @param addr: address 372b7579f77SDag-Erling Smørgrav * @param addrlen: length of address 373b7579f77SDag-Erling Smørgrav * @return true if so 374b7579f77SDag-Erling Smørgrav */ 375b7579f77SDag-Erling Smørgrav int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen); 376b7579f77SDag-Erling Smørgrav 377b7579f77SDag-Erling Smørgrav /** 37856850988SCy Schubert * See if sockaddr is an ipv6 fe80::/10 link local address. 37956850988SCy Schubert * @param addr: address 38056850988SCy Schubert * @param addrlen: length of address 38156850988SCy Schubert * @return true if so 38256850988SCy Schubert */ 38356850988SCy Schubert int addr_is_ip6linklocal(struct sockaddr_storage* addr, socklen_t addrlen); 38456850988SCy Schubert 38556850988SCy Schubert /** 386b7579f77SDag-Erling Smørgrav * See if sockaddr is 255.255.255.255. 387b7579f77SDag-Erling Smørgrav * @param addr: address 388b7579f77SDag-Erling Smørgrav * @param addrlen: length of address 389b7579f77SDag-Erling Smørgrav * @return true if so 390b7579f77SDag-Erling Smørgrav */ 391b7579f77SDag-Erling Smørgrav int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen); 392b7579f77SDag-Erling Smørgrav 393b7579f77SDag-Erling Smørgrav /** 394b7579f77SDag-Erling Smørgrav * See if sockaddr is 0.0.0.0 or ::0. 395b7579f77SDag-Erling Smørgrav * @param addr: address 396b7579f77SDag-Erling Smørgrav * @param addrlen: length of address 397b7579f77SDag-Erling Smørgrav * @return true if so 398b7579f77SDag-Erling Smørgrav */ 399b7579f77SDag-Erling Smørgrav int addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen); 400b7579f77SDag-Erling Smørgrav 401b7579f77SDag-Erling Smørgrav /** 402b7579f77SDag-Erling Smørgrav * Insert new socket list item. If fails logs error. 403b7579f77SDag-Erling Smørgrav * @param list: pointer to pointer to first item. 404b7579f77SDag-Erling Smørgrav * @param addr: address or NULL if 'cache'. 405b7579f77SDag-Erling Smørgrav * @param len: length of addr, or 0 if 'cache'. 406b7579f77SDag-Erling Smørgrav * @param region: where to allocate 407b7579f77SDag-Erling Smørgrav */ 408b7579f77SDag-Erling Smørgrav void sock_list_insert(struct sock_list** list, struct sockaddr_storage* addr, 409b7579f77SDag-Erling Smørgrav socklen_t len, struct regional* region); 410b7579f77SDag-Erling Smørgrav 411b7579f77SDag-Erling Smørgrav /** 412b7579f77SDag-Erling Smørgrav * Append one list to another. Must both be from same qstate(regional). 413b7579f77SDag-Erling Smørgrav * @param list: pointer to result list that is modified. 414b7579f77SDag-Erling Smørgrav * @param add: item(s) to add. They are prepended to list. 415b7579f77SDag-Erling Smørgrav */ 416b7579f77SDag-Erling Smørgrav void sock_list_prepend(struct sock_list** list, struct sock_list* add); 417b7579f77SDag-Erling Smørgrav 418b7579f77SDag-Erling Smørgrav /** 419b7579f77SDag-Erling Smørgrav * Find addr in list. 420b7579f77SDag-Erling Smørgrav * @param list: to search in 421b7579f77SDag-Erling Smørgrav * @param addr: address to look for. 422b7579f77SDag-Erling Smørgrav * @param len: length. Can be 0, look for 'cache entry'. 423b7579f77SDag-Erling Smørgrav * @return true if found. 424b7579f77SDag-Erling Smørgrav */ 425b7579f77SDag-Erling Smørgrav int sock_list_find(struct sock_list* list, struct sockaddr_storage* addr, 426b7579f77SDag-Erling Smørgrav socklen_t len); 427b7579f77SDag-Erling Smørgrav 428b7579f77SDag-Erling Smørgrav /** 429b7579f77SDag-Erling Smørgrav * Merge socklist into another socket list. Allocates the new entries 430b7579f77SDag-Erling Smørgrav * freshly and copies them over, so also performs a region switchover. 431b7579f77SDag-Erling Smørgrav * Allocation failures are logged. 432b7579f77SDag-Erling Smørgrav * @param list: the destination list (checked for duplicates) 433b7579f77SDag-Erling Smørgrav * @param region: where to allocate 434b7579f77SDag-Erling Smørgrav * @param add: the list of entries to add. 435b7579f77SDag-Erling Smørgrav */ 436b7579f77SDag-Erling Smørgrav void sock_list_merge(struct sock_list** list, struct regional* region, 437b7579f77SDag-Erling Smørgrav struct sock_list* add); 438b7579f77SDag-Erling Smørgrav 439b7579f77SDag-Erling Smørgrav /** 440b7579f77SDag-Erling Smørgrav * Log libcrypto error with descriptive string. Calls log_err(). 441b7579f77SDag-Erling Smørgrav * @param str: what failed. 442b7579f77SDag-Erling Smørgrav */ 443b7579f77SDag-Erling Smørgrav void log_crypto_err(const char* str); 444b7579f77SDag-Erling Smørgrav 445b7579f77SDag-Erling Smørgrav /** 4460eefd307SCy Schubert * Log libcrypto error from errcode with descriptive string, calls log_err. 4470eefd307SCy Schubert * @param str: what failed. 4480eefd307SCy Schubert * @param err: error code from ERR_get_error. 4490eefd307SCy Schubert */ 4500eefd307SCy Schubert void log_crypto_err_code(const char* str, unsigned long err); 4510eefd307SCy Schubert 4520eefd307SCy Schubert /** 453103ba509SCy Schubert * Log an error from libcrypto that came from SSL_write and so on, with 454103ba509SCy Schubert * a value from SSL_get_error, calls log_err. If that fails it logs with 455103ba509SCy Schubert * log_crypto_err. 456103ba509SCy Schubert * @param str: what failed 457103ba509SCy Schubert * @param r: output of SSL_get_error on the I/O operation result. 458103ba509SCy Schubert */ 459103ba509SCy Schubert void log_crypto_err_io(const char* str, int r); 460103ba509SCy Schubert 461103ba509SCy Schubert /** 462103ba509SCy Schubert * Log an error from libcrypt that came from an I/O routine with the 463103ba509SCy Schubert * errcode from ERR_get_error. Calls log_err() and log_crypto_err_code. 464103ba509SCy Schubert * @param str: what failed 465103ba509SCy Schubert * @param r: output of SSL_get_error on the I/O operation result. 466103ba509SCy Schubert * @param err: error code from ERR_get_error 467103ba509SCy Schubert */ 468103ba509SCy Schubert void log_crypto_err_io_code(const char* str, int r, unsigned long err); 469103ba509SCy Schubert 470103ba509SCy Schubert /** 47125039b37SCy Schubert * Log certificate details verbosity, string, of X509 cert 47225039b37SCy Schubert * @param level: verbosity level 47325039b37SCy Schubert * @param str: string to prefix on output 47425039b37SCy Schubert * @param cert: X509* structure. 47525039b37SCy Schubert */ 47625039b37SCy Schubert void log_cert(unsigned level, const char* str, void* cert); 47725039b37SCy Schubert 47825039b37SCy Schubert /** 479971980c3SDag-Erling Smørgrav * Set SSL_OP_NOxxx options on SSL context to disable bad crypto 480971980c3SDag-Erling Smørgrav * @param ctxt: SSL_CTX* 481971980c3SDag-Erling Smørgrav * @return false on failure. 482971980c3SDag-Erling Smørgrav */ 483971980c3SDag-Erling Smørgrav int listen_sslctx_setup(void* ctxt); 484971980c3SDag-Erling Smørgrav 485971980c3SDag-Erling Smørgrav /** 486971980c3SDag-Erling Smørgrav * Further setup of listening SSL context, after keys loaded. 487971980c3SDag-Erling Smørgrav * @param ctxt: SSL_CTX* 488971980c3SDag-Erling Smørgrav */ 489971980c3SDag-Erling Smørgrav void listen_sslctx_setup_2(void* ctxt); 490971980c3SDag-Erling Smørgrav 491971980c3SDag-Erling Smørgrav /** 492b7579f77SDag-Erling Smørgrav * create SSL listen context 493b7579f77SDag-Erling Smørgrav * @param key: private key file. 494b7579f77SDag-Erling Smørgrav * @param pem: public key cert. 495b7579f77SDag-Erling Smørgrav * @param verifypem: if nonNULL, verifylocation file. 496*be771a7bSCy Schubert * @param tls_ciphers: if non empty string, tls ciphers to use. 497*be771a7bSCy Schubert * @param tls_ciphersuites: if non empty string, tls ciphersuites to use. 498*be771a7bSCy Schubert * @param set_ticket_keys_cb: if the callback for configured ticket keys needs 499*be771a7bSCy Schubert * to be set. 500*be771a7bSCy Schubert * @param is_dot: if the TLS connection is for DoT to set the appropriate ALPN. 501*be771a7bSCy Schubert * @param is_doh: if the TLS connection is for DoH to set the appropriate ALPN. 502b7579f77SDag-Erling Smørgrav * return SSL_CTX* or NULL on failure (logged). 503b7579f77SDag-Erling Smørgrav */ 504*be771a7bSCy Schubert void* listen_sslctx_create(const char* key, const char* pem, 505*be771a7bSCy Schubert const char* verifypem, const char* tls_ciphers, 506*be771a7bSCy Schubert const char* tls_ciphersuites, int set_ticket_keys_cb, 507*be771a7bSCy Schubert int is_dot, int is_doh); 508b7579f77SDag-Erling Smørgrav 509b7579f77SDag-Erling Smørgrav /** 510b7579f77SDag-Erling Smørgrav * create SSL connect context 511b7579f77SDag-Erling Smørgrav * @param key: if nonNULL (also pem nonNULL), the client private key. 512b7579f77SDag-Erling Smørgrav * @param pem: client public key (or NULL if key is NULL). 513b7579f77SDag-Erling Smørgrav * @param verifypem: if nonNULL used for verifylocation file. 5143bd4df0aSDag-Erling Smørgrav * @param wincert: add system certificate store to ctx (add to verifypem ca 5153bd4df0aSDag-Erling Smørgrav * certs). 516b7579f77SDag-Erling Smørgrav * @return SSL_CTX* or NULL on failure (logged). 517b7579f77SDag-Erling Smørgrav */ 5183bd4df0aSDag-Erling Smørgrav void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert); 519b7579f77SDag-Erling Smørgrav 520b7579f77SDag-Erling Smørgrav /** 521b7579f77SDag-Erling Smørgrav * accept a new fd and wrap it in a BIO in SSL 522b7579f77SDag-Erling Smørgrav * @param sslctx: the SSL_CTX to use (from listen_sslctx_create()). 523b7579f77SDag-Erling Smørgrav * @param fd: from accept, nonblocking. 524b7579f77SDag-Erling Smørgrav * @return SSL or NULL on alloc failure. 525b7579f77SDag-Erling Smørgrav */ 526b7579f77SDag-Erling Smørgrav void* incoming_ssl_fd(void* sslctx, int fd); 527b7579f77SDag-Erling Smørgrav 528b7579f77SDag-Erling Smørgrav /** 529b7579f77SDag-Erling Smørgrav * connect a new fd and wrap it in a BIO in SSL 530b7579f77SDag-Erling Smørgrav * @param sslctx: the SSL_CTX to use (from connect_sslctx_create()) 531b7579f77SDag-Erling Smørgrav * @param fd: from connect. 532b7579f77SDag-Erling Smørgrav * @return SSL or NULL on alloc failure 533b7579f77SDag-Erling Smørgrav */ 534b7579f77SDag-Erling Smørgrav void* outgoing_ssl_fd(void* sslctx, int fd); 535b7579f77SDag-Erling Smørgrav 5368ed2b524SDag-Erling Smørgrav /** 53725039b37SCy Schubert * check if authname SSL functionality is available, false if not 53825039b37SCy Schubert * @param auth_name: the name for the remote server, used for error print. 53925039b37SCy Schubert * @return false if SSL functionality to check the SSL name is not available. 54025039b37SCy Schubert */ 54125039b37SCy Schubert int check_auth_name_for_ssl(char* auth_name); 54225039b37SCy Schubert 54325039b37SCy Schubert /** 54425039b37SCy Schubert * set auth name on SSL for verification 54525039b37SCy Schubert * @param ssl: SSL* to set 54625039b37SCy Schubert * @param auth_name: if NULL nothing happens, otherwise the name to check. 54725039b37SCy Schubert * @param use_sni: if SNI will be used. 54825039b37SCy Schubert * @return 1 on success or NULL auth_name, 0 on failure. 54925039b37SCy Schubert */ 55025039b37SCy Schubert int set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni); 55125039b37SCy Schubert 55225039b37SCy Schubert /** 5538ed2b524SDag-Erling Smørgrav * Initialize openssl locking for thread safety 5548ed2b524SDag-Erling Smørgrav * @return false on failure (alloc failure). 5558ed2b524SDag-Erling Smørgrav */ 5568ed2b524SDag-Erling Smørgrav int ub_openssl_lock_init(void); 5578ed2b524SDag-Erling Smørgrav 5588ed2b524SDag-Erling Smørgrav /** 5598ed2b524SDag-Erling Smørgrav * De-init the allocated openssl locks 5608ed2b524SDag-Erling Smørgrav */ 5618ed2b524SDag-Erling Smørgrav void ub_openssl_lock_delete(void); 5628ed2b524SDag-Erling Smørgrav 563e86b9096SDag-Erling Smørgrav /** 564e86b9096SDag-Erling Smørgrav * setup TLS session ticket 565e86b9096SDag-Erling Smørgrav * @param tls_session_ticket_keys: TLS ticket secret filenames 566e86b9096SDag-Erling Smørgrav * @return false on failure (alloc failure). 567e86b9096SDag-Erling Smørgrav */ 568*be771a7bSCy Schubert int listen_sslctx_setup_ticket_keys(struct config_strlist* tls_session_ticket_keys); 569e86b9096SDag-Erling Smørgrav 570e86b9096SDag-Erling Smørgrav /** Free memory used for TLS session ticket keys */ 571e86b9096SDag-Erling Smørgrav void listen_sslctx_delete_ticket_keys(void); 572e86b9096SDag-Erling Smørgrav 573091e9e46SCy Schubert /** 574091e9e46SCy Schubert * RPZ format netblock to network byte order address and netblock 575091e9e46SCy Schubert * example RPZ netblock format dnames: 576091e9e46SCy Schubert * - 24.10.100.51.198.rpz-ip -> 198.51.100.10/24 577091e9e46SCy Schubert * - 32.10.zz.db8.2001.rpz-ip -> 2001:db8:0:0:0:0:0:10/32 578091e9e46SCy Schubert * @param dname: the dname containing RPZ format netblock 579091e9e46SCy Schubert * @param dnamelen: length of dname 580091e9e46SCy Schubert * @param addr: where to store sockaddr. 581091e9e46SCy Schubert * @param addrlen: length of stored sockaddr is returned. 582091e9e46SCy Schubert * @param net: where to store netmask 583091e9e46SCy Schubert * @param af: where to store address family. 584091e9e46SCy Schubert * @return 0 on error. 585091e9e46SCy Schubert */ 586091e9e46SCy Schubert int netblockdnametoaddr(uint8_t* dname, size_t dnamelen, 587091e9e46SCy Schubert struct sockaddr_storage* addr, socklen_t* addrlen, int* net, int* af); 588c0caa2e2SCy Schubert 589c0caa2e2SCy Schubert /** Return strerror or wsastrerror for socket error printout */ 590c0caa2e2SCy Schubert char* sock_strerror(int errn); 591c0caa2e2SCy Schubert /** close the socket with close, or wsa closesocket */ 592c0caa2e2SCy Schubert void sock_close(int socket); 593c0caa2e2SCy Schubert 59456850988SCy Schubert /** 59556850988SCy Schubert * Convert binary data to a string of hexadecimal characters. 59656850988SCy Schubert */ 59756850988SCy Schubert ssize_t hex_ntop(uint8_t const *src, size_t srclength, char *target, 59856850988SCy Schubert size_t targsize); 59956850988SCy Schubert 60056850988SCy Schubert /** Convert hexadecimal data to binary. */ 60156850988SCy Schubert ssize_t hex_pton(const char* src, uint8_t* target, size_t targsize); 60256850988SCy Schubert 603b7579f77SDag-Erling Smørgrav #endif /* NET_HELP_H */ 604