1b7579f77SDag-Erling Smørgrav /* 2b7579f77SDag-Erling Smørgrav * util/net_help.h - network help functions 3b7579f77SDag-Erling Smørgrav * 4b7579f77SDag-Erling Smørgrav * Copyright (c) 2007, NLnet Labs. All rights reserved. 5b7579f77SDag-Erling Smørgrav * 6b7579f77SDag-Erling Smørgrav * This software is open source. 7b7579f77SDag-Erling Smørgrav * 8b7579f77SDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 9b7579f77SDag-Erling Smørgrav * modification, are permitted provided that the following conditions 10b7579f77SDag-Erling Smørgrav * are met: 11b7579f77SDag-Erling Smørgrav * 12b7579f77SDag-Erling Smørgrav * Redistributions of source code must retain the above copyright notice, 13b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer. 14b7579f77SDag-Erling Smørgrav * 15b7579f77SDag-Erling Smørgrav * Redistributions in binary form must reproduce the above copyright notice, 16b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer in the documentation 17b7579f77SDag-Erling Smørgrav * and/or other materials provided with the distribution. 18b7579f77SDag-Erling Smørgrav * 19b7579f77SDag-Erling Smørgrav * Neither the name of the NLNET LABS nor the names of its contributors may 20b7579f77SDag-Erling Smørgrav * be used to endorse or promote products derived from this software without 21b7579f77SDag-Erling Smørgrav * specific prior written permission. 22b7579f77SDag-Erling Smørgrav * 23b7579f77SDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 2417d15b25SDag-Erling Smørgrav * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 2517d15b25SDag-Erling Smørgrav * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 2617d15b25SDag-Erling Smørgrav * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 2717d15b25SDag-Erling Smørgrav * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 2817d15b25SDag-Erling Smørgrav * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 2917d15b25SDag-Erling Smørgrav * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 3017d15b25SDag-Erling Smørgrav * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 3117d15b25SDag-Erling Smørgrav * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 3217d15b25SDag-Erling Smørgrav * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 3317d15b25SDag-Erling Smørgrav * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34b7579f77SDag-Erling Smørgrav */ 35b7579f77SDag-Erling Smørgrav 36b7579f77SDag-Erling Smørgrav /** 37b7579f77SDag-Erling Smørgrav * \file 38b7579f77SDag-Erling Smørgrav * 39b7579f77SDag-Erling Smørgrav * This file contains functions to perform network related tasks. 40b7579f77SDag-Erling Smørgrav */ 41b7579f77SDag-Erling Smørgrav 42b7579f77SDag-Erling Smørgrav #ifndef NET_HELP_H 43b7579f77SDag-Erling Smørgrav #define NET_HELP_H 44b7579f77SDag-Erling Smørgrav #include "util/log.h" 455469a995SCy Schubert #include "util/random.h" 46b7579f77SDag-Erling Smørgrav struct sock_list; 47b7579f77SDag-Erling Smørgrav struct regional; 48e86b9096SDag-Erling Smørgrav struct config_strlist; 49b7579f77SDag-Erling Smørgrav 50b7579f77SDag-Erling Smørgrav /** DNS constants for uint16_t style flag manipulation. host byteorder. 51b7579f77SDag-Erling Smørgrav * 1 1 1 1 1 1 52b7579f77SDag-Erling Smørgrav * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 53b7579f77SDag-Erling Smørgrav * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 54b7579f77SDag-Erling Smørgrav * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | 55b7579f77SDag-Erling Smørgrav * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 56b7579f77SDag-Erling Smørgrav */ 57b7579f77SDag-Erling Smørgrav /** CD flag */ 58b7579f77SDag-Erling Smørgrav #define BIT_CD 0x0010 59b7579f77SDag-Erling Smørgrav /** AD flag */ 60b7579f77SDag-Erling Smørgrav #define BIT_AD 0x0020 61b7579f77SDag-Erling Smørgrav /** Z flag */ 62b7579f77SDag-Erling Smørgrav #define BIT_Z 0x0040 63b7579f77SDag-Erling Smørgrav /** RA flag */ 64b7579f77SDag-Erling Smørgrav #define BIT_RA 0x0080 65b7579f77SDag-Erling Smørgrav /** RD flag */ 66b7579f77SDag-Erling Smørgrav #define BIT_RD 0x0100 67b7579f77SDag-Erling Smørgrav /** TC flag */ 68b7579f77SDag-Erling Smørgrav #define BIT_TC 0x0200 69b7579f77SDag-Erling Smørgrav /** AA flag */ 70b7579f77SDag-Erling Smørgrav #define BIT_AA 0x0400 71b7579f77SDag-Erling Smørgrav /** QR flag */ 72b7579f77SDag-Erling Smørgrav #define BIT_QR 0x8000 73b7579f77SDag-Erling Smørgrav /** get RCODE bits from uint16 flags */ 74b7579f77SDag-Erling Smørgrav #define FLAGS_GET_RCODE(f) ((f) & 0xf) 75b7579f77SDag-Erling Smørgrav /** set RCODE bits in uint16 flags */ 76b7579f77SDag-Erling Smørgrav #define FLAGS_SET_RCODE(f, r) (f = (((f) & 0xfff0) | (r))) 77b7579f77SDag-Erling Smørgrav 783bd4df0aSDag-Erling Smørgrav /** timeout in milliseconds for UDP queries to auth servers. */ 793bd4df0aSDag-Erling Smørgrav #define UDP_AUTH_QUERY_TIMEOUT 3000 80b7579f77SDag-Erling Smørgrav /** Advertised version of EDNS capabilities */ 81b7579f77SDag-Erling Smørgrav #define EDNS_ADVERTISED_VERSION 0 82b7579f77SDag-Erling Smørgrav /** Advertised size of EDNS capabilities */ 83b7579f77SDag-Erling Smørgrav extern uint16_t EDNS_ADVERTISED_SIZE; 84b7579f77SDag-Erling Smørgrav /** bits for EDNS bitfield */ 85b7579f77SDag-Erling Smørgrav #define EDNS_DO 0x8000 /* Dnssec Ok */ 86b7579f77SDag-Erling Smørgrav /** byte size of ip4 address */ 87b7579f77SDag-Erling Smørgrav #define INET_SIZE 4 88b7579f77SDag-Erling Smørgrav /** byte size of ip6 address */ 89b7579f77SDag-Erling Smørgrav #define INET6_SIZE 16 90b7579f77SDag-Erling Smørgrav 91b7579f77SDag-Erling Smørgrav /** DNSKEY zone sign key flag */ 92b7579f77SDag-Erling Smørgrav #define DNSKEY_BIT_ZSK 0x0100 93b7579f77SDag-Erling Smørgrav /** DNSKEY secure entry point, KSK flag */ 94b7579f77SDag-Erling Smørgrav #define DNSKEY_BIT_SEP 0x0001 95b7579f77SDag-Erling Smørgrav 965469a995SCy Schubert /** return a random 16-bit number given a random source */ 975469a995SCy Schubert #define GET_RANDOM_ID(rnd) (((unsigned)ub_random(rnd)>>8) & 0xffff) 985469a995SCy Schubert 99865f46b2SCy Schubert /** define MSG_DONTWAIT for unsupported platforms */ 100865f46b2SCy Schubert #ifndef MSG_DONTWAIT 101865f46b2SCy Schubert #define MSG_DONTWAIT 0 102865f46b2SCy Schubert #endif 103865f46b2SCy Schubert 104b7579f77SDag-Erling Smørgrav /** minimal responses when positive answer */ 105b7579f77SDag-Erling Smørgrav extern int MINIMAL_RESPONSES; 106b7579f77SDag-Erling Smørgrav 107b7579f77SDag-Erling Smørgrav /** rrset order roundrobin */ 108b7579f77SDag-Erling Smørgrav extern int RRSET_ROUNDROBIN; 109b7579f77SDag-Erling Smørgrav 110e86b9096SDag-Erling Smørgrav /** log tag queries with name instead of 'info' for filtering */ 111e86b9096SDag-Erling Smørgrav extern int LOG_TAG_QUERYREPLY; 112e86b9096SDag-Erling Smørgrav 113b7579f77SDag-Erling Smørgrav /** 114b7579f77SDag-Erling Smørgrav * See if string is ip4 or ip6. 115b7579f77SDag-Erling Smørgrav * @param str: IP specification. 116b7579f77SDag-Erling Smørgrav * @return: true if string addr is an ip6 specced address. 117b7579f77SDag-Erling Smørgrav */ 118b7579f77SDag-Erling Smørgrav int str_is_ip6(const char* str); 119b7579f77SDag-Erling Smørgrav 120b7579f77SDag-Erling Smørgrav /** 121b7579f77SDag-Erling Smørgrav * Set fd nonblocking. 122b7579f77SDag-Erling Smørgrav * @param s: file descriptor. 123b7579f77SDag-Erling Smørgrav * @return: 0 on error (error is printed to log). 124b7579f77SDag-Erling Smørgrav */ 125b7579f77SDag-Erling Smørgrav int fd_set_nonblock(int s); 126b7579f77SDag-Erling Smørgrav 127b7579f77SDag-Erling Smørgrav /** 128b7579f77SDag-Erling Smørgrav * Set fd (back to) blocking. 129b7579f77SDag-Erling Smørgrav * @param s: file descriptor. 130b7579f77SDag-Erling Smørgrav * @return: 0 on error (error is printed to log). 131b7579f77SDag-Erling Smørgrav */ 132b7579f77SDag-Erling Smørgrav int fd_set_block(int s); 133b7579f77SDag-Erling Smørgrav 134b7579f77SDag-Erling Smørgrav /** 135b7579f77SDag-Erling Smørgrav * See if number is a power of 2. 136b7579f77SDag-Erling Smørgrav * @param num: the value. 137b7579f77SDag-Erling Smørgrav * @return: true if the number is a power of 2. 138b7579f77SDag-Erling Smørgrav */ 139b7579f77SDag-Erling Smørgrav int is_pow2(size_t num); 140b7579f77SDag-Erling Smørgrav 141b7579f77SDag-Erling Smørgrav /** 142b7579f77SDag-Erling Smørgrav * Allocate memory and copy over contents. 143b7579f77SDag-Erling Smørgrav * @param data: what to copy over. 144b7579f77SDag-Erling Smørgrav * @param len: length of data. 145b7579f77SDag-Erling Smørgrav * @return: NULL on malloc failure, or newly malloced data. 146b7579f77SDag-Erling Smørgrav */ 147b7579f77SDag-Erling Smørgrav void* memdup(void* data, size_t len); 148b7579f77SDag-Erling Smørgrav 149b7579f77SDag-Erling Smørgrav /** 150b7579f77SDag-Erling Smørgrav * Prints the sockaddr in readable format with log_info. Debug helper. 151b7579f77SDag-Erling Smørgrav * @param v: at what verbosity level to print this. 152b7579f77SDag-Erling Smørgrav * @param str: descriptive string printed with it. 153b7579f77SDag-Erling Smørgrav * @param addr: the sockaddr to print. Can be ip4 or ip6. 154b7579f77SDag-Erling Smørgrav * @param addrlen: length of addr. 155b7579f77SDag-Erling Smørgrav */ 156b7579f77SDag-Erling Smørgrav void log_addr(enum verbosity_value v, const char* str, 157b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr, socklen_t addrlen); 158b7579f77SDag-Erling Smørgrav 159b7579f77SDag-Erling Smørgrav /** 160b7579f77SDag-Erling Smørgrav * Prints zone name and sockaddr in readable format with log_info. Debug. 161b7579f77SDag-Erling Smørgrav * @param v: at what verbosity level to print this. 162b7579f77SDag-Erling Smørgrav * @param str: descriptive string printed with it. 163b7579f77SDag-Erling Smørgrav * @param zone: DNS domain name, uncompressed wireformat. 164b7579f77SDag-Erling Smørgrav * @param addr: the sockaddr to print. Can be ip4 or ip6. 165b7579f77SDag-Erling Smørgrav * @param addrlen: length of addr. 166b7579f77SDag-Erling Smørgrav */ 167b7579f77SDag-Erling Smørgrav void log_name_addr(enum verbosity_value v, const char* str, uint8_t* zone, 168b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr, socklen_t addrlen); 169b7579f77SDag-Erling Smørgrav 170b7579f77SDag-Erling Smørgrav /** 171ff825849SDag-Erling Smørgrav * Log errno and addr. 172ff825849SDag-Erling Smørgrav * @param str: descriptive string printed with it. 173ff825849SDag-Erling Smørgrav * @param err: errno string to print, i.e. strerror(errno). 174ff825849SDag-Erling Smørgrav * @param addr: the sockaddr to print. Can be ip4 or ip6. 175ff825849SDag-Erling Smørgrav * @param addrlen: length of addr. 176ff825849SDag-Erling Smørgrav */ 177ff825849SDag-Erling Smørgrav void log_err_addr(const char* str, const char* err, 178ff825849SDag-Erling Smørgrav struct sockaddr_storage* addr, socklen_t addrlen); 179ff825849SDag-Erling Smørgrav 180ff825849SDag-Erling Smørgrav /** 181b7579f77SDag-Erling Smørgrav * Convert address string, with "@port" appendix, to sockaddr. 182b7579f77SDag-Erling Smørgrav * Uses DNS port by default. 183b7579f77SDag-Erling Smørgrav * @param str: the string 184b7579f77SDag-Erling Smørgrav * @param addr: where to store sockaddr. 185b7579f77SDag-Erling Smørgrav * @param addrlen: length of stored sockaddr is returned. 186865f46b2SCy Schubert * @param port: default port. 187b7579f77SDag-Erling Smørgrav * @return 0 on error. 188b7579f77SDag-Erling Smørgrav */ 189b7579f77SDag-Erling Smørgrav int extstrtoaddr(const char* str, struct sockaddr_storage* addr, 190865f46b2SCy Schubert socklen_t* addrlen, int port); 191b7579f77SDag-Erling Smørgrav 192b7579f77SDag-Erling Smørgrav /** 193b7579f77SDag-Erling Smørgrav * Convert ip address string and port to sockaddr. 194b7579f77SDag-Erling Smørgrav * @param ip: ip4 or ip6 address string. 195b7579f77SDag-Erling Smørgrav * @param port: port number, host format. 196b7579f77SDag-Erling Smørgrav * @param addr: where to store sockaddr. 197b7579f77SDag-Erling Smørgrav * @param addrlen: length of stored sockaddr is returned. 198b7579f77SDag-Erling Smørgrav * @return 0 on error. 199b7579f77SDag-Erling Smørgrav */ 200b7579f77SDag-Erling Smørgrav int ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 201b7579f77SDag-Erling Smørgrav socklen_t* addrlen); 202b7579f77SDag-Erling Smørgrav 203b7579f77SDag-Erling Smørgrav /** 204b7579f77SDag-Erling Smørgrav * Convert ip netblock (ip/netsize) string and port to sockaddr. 2050fb34990SDag-Erling Smørgrav * performs a copy internally to avoid writing over 'ip' string. 206b7579f77SDag-Erling Smørgrav * @param ip: ip4 or ip6 address string. 207b7579f77SDag-Erling Smørgrav * @param port: port number, host format. 208b7579f77SDag-Erling Smørgrav * @param addr: where to store sockaddr. 209b7579f77SDag-Erling Smørgrav * @param addrlen: length of stored sockaddr is returned. 210b7579f77SDag-Erling Smørgrav * @param net: netblock size is returned. 211b7579f77SDag-Erling Smørgrav * @return 0 on error. 212b7579f77SDag-Erling Smørgrav */ 213b7579f77SDag-Erling Smørgrav int netblockstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 214b7579f77SDag-Erling Smørgrav socklen_t* addrlen, int* net); 215b7579f77SDag-Erling Smørgrav 216b7579f77SDag-Erling Smørgrav /** 2170fb34990SDag-Erling Smørgrav * Convert address string, with "@port" appendix, to sockaddr. 2180fb34990SDag-Erling Smørgrav * It can also have an "#tls-auth-name" appendix (after the port). 2199cf5bc93SCy Schubert * The returned auth_name string is a pointer into the input string. 2209cf5bc93SCy Schubert * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured. 2210fb34990SDag-Erling Smørgrav * @param str: the string 2220fb34990SDag-Erling Smørgrav * @param addr: where to store sockaddr. 2230fb34990SDag-Erling Smørgrav * @param addrlen: length of stored sockaddr is returned. 2240fb34990SDag-Erling Smørgrav * @param auth_name: returned pointer to tls_auth_name, or NULL if none. 2250fb34990SDag-Erling Smørgrav * @return 0 on error. 2260fb34990SDag-Erling Smørgrav */ 2270fb34990SDag-Erling Smørgrav int authextstrtoaddr(char* str, struct sockaddr_storage* addr, 2280fb34990SDag-Erling Smørgrav socklen_t* addrlen, char** auth_name); 2290fb34990SDag-Erling Smørgrav 2300fb34990SDag-Erling Smørgrav /** 2319cf5bc93SCy Schubert * Convert domain string, with "@port" appendix, to dname. 2329cf5bc93SCy Schubert * It can also have an "#tls-auth-name" appendix (after the port). 2339cf5bc93SCy Schubert * The return port is the parsed port. 2349cf5bc93SCy Schubert * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured. 2359cf5bc93SCy Schubert * The returned auth_name string is a pointer into the input string. 2369cf5bc93SCy Schubert * @param str: the string 2379cf5bc93SCy Schubert * @param port: pointer to be assigned the parsed port value. 2389cf5bc93SCy Schubert * @param auth_name: returned pointer to tls_auth_name, or NULL if none. 2399cf5bc93SCy Schubert * @return pointer to the dname. 2409cf5bc93SCy Schubert */ 2419cf5bc93SCy Schubert uint8_t* authextstrtodname(char* str, int* port, char** auth_name); 2429cf5bc93SCy Schubert 2439cf5bc93SCy Schubert /** 24457bddd21SDag-Erling Smørgrav * Store port number into sockaddr structure 24557bddd21SDag-Erling Smørgrav * @param addr: sockaddr structure, ip4 or ip6. 24657bddd21SDag-Erling Smørgrav * @param addrlen: length of addr. 24757bddd21SDag-Erling Smørgrav * @param port: port number to put into the addr. 24857bddd21SDag-Erling Smørgrav */ 24957bddd21SDag-Erling Smørgrav void sockaddr_store_port(struct sockaddr_storage* addr, socklen_t addrlen, 25057bddd21SDag-Erling Smørgrav int port); 25157bddd21SDag-Erling Smørgrav 25257bddd21SDag-Erling Smørgrav /** 253b7579f77SDag-Erling Smørgrav * Print string with neat domain name, type and class. 254b7579f77SDag-Erling Smørgrav * @param v: at what verbosity level to print this. 255b7579f77SDag-Erling Smørgrav * @param str: string of message. 256b7579f77SDag-Erling Smørgrav * @param name: domain name uncompressed wireformat. 257b7579f77SDag-Erling Smørgrav * @param type: host format RR type. 258b7579f77SDag-Erling Smørgrav * @param dclass: host format RR class. 259b7579f77SDag-Erling Smørgrav */ 260b7579f77SDag-Erling Smørgrav void log_nametypeclass(enum verbosity_value v, const char* str, 261b7579f77SDag-Erling Smørgrav uint8_t* name, uint16_t type, uint16_t dclass); 262b7579f77SDag-Erling Smørgrav 263b7579f77SDag-Erling Smørgrav /** 264e86b9096SDag-Erling Smørgrav * Like log_nametypeclass, but logs with log_query for query logging 265e86b9096SDag-Erling Smørgrav */ 266e86b9096SDag-Erling Smørgrav void log_query_in(const char* str, uint8_t* name, uint16_t type, 267e86b9096SDag-Erling Smørgrav uint16_t dclass); 268e86b9096SDag-Erling Smørgrav 269e86b9096SDag-Erling Smørgrav /** 270b7579f77SDag-Erling Smørgrav * Compare two sockaddrs. Imposes an ordering on the addresses. 271b7579f77SDag-Erling Smørgrav * Compares address and port. 272b7579f77SDag-Erling Smørgrav * @param addr1: address 1. 273b7579f77SDag-Erling Smørgrav * @param len1: lengths of addr1. 274b7579f77SDag-Erling Smørgrav * @param addr2: address 2. 275b7579f77SDag-Erling Smørgrav * @param len2: lengths of addr2. 276b7579f77SDag-Erling Smørgrav * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 277b7579f77SDag-Erling Smørgrav */ 278b7579f77SDag-Erling Smørgrav int sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1, 279b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr2, socklen_t len2); 280b7579f77SDag-Erling Smørgrav 281b7579f77SDag-Erling Smørgrav /** 282b7579f77SDag-Erling Smørgrav * Compare two sockaddrs. Compares address, not the port. 283b7579f77SDag-Erling Smørgrav * @param addr1: address 1. 284b7579f77SDag-Erling Smørgrav * @param len1: lengths of addr1. 285b7579f77SDag-Erling Smørgrav * @param addr2: address 2. 286b7579f77SDag-Erling Smørgrav * @param len2: lengths of addr2. 287b7579f77SDag-Erling Smørgrav * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 288b7579f77SDag-Erling Smørgrav */ 289b7579f77SDag-Erling Smørgrav int sockaddr_cmp_addr(struct sockaddr_storage* addr1, socklen_t len1, 290b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr2, socklen_t len2); 291b7579f77SDag-Erling Smørgrav 292b7579f77SDag-Erling Smørgrav /** 293b7579f77SDag-Erling Smørgrav * Checkout address family. 294b7579f77SDag-Erling Smørgrav * @param addr: the sockaddr to examine. 295b7579f77SDag-Erling Smørgrav * @param len: the length of addr. 296b7579f77SDag-Erling Smørgrav * @return: true if sockaddr is ip6. 297b7579f77SDag-Erling Smørgrav */ 298b7579f77SDag-Erling Smørgrav int addr_is_ip6(struct sockaddr_storage* addr, socklen_t len); 299b7579f77SDag-Erling Smørgrav 300b7579f77SDag-Erling Smørgrav /** 301b7579f77SDag-Erling Smørgrav * Make sure the sockaddr ends in zeroes. For tree insertion and subsequent 302b7579f77SDag-Erling Smørgrav * comparison. 303b7579f77SDag-Erling Smørgrav * @param addr: the ip4 or ip6 addr. 304b7579f77SDag-Erling Smørgrav * @param len: length of addr. 305b7579f77SDag-Erling Smørgrav * @param net: number of bits to leave untouched, the rest of the netblock 306b7579f77SDag-Erling Smørgrav * address is zeroed. 307b7579f77SDag-Erling Smørgrav */ 308b7579f77SDag-Erling Smørgrav void addr_mask(struct sockaddr_storage* addr, socklen_t len, int net); 309b7579f77SDag-Erling Smørgrav 310b7579f77SDag-Erling Smørgrav /** 311b7579f77SDag-Erling Smørgrav * See how many bits are shared, equal, between two addrs. 312b7579f77SDag-Erling Smørgrav * @param addr1: first addr. 313b7579f77SDag-Erling Smørgrav * @param net1: netblock size of first addr. 314b7579f77SDag-Erling Smørgrav * @param addr2: second addr. 315b7579f77SDag-Erling Smørgrav * @param net2: netblock size of second addr. 316b7579f77SDag-Erling Smørgrav * @param addrlen: length of first addr and of second addr. 317b7579f77SDag-Erling Smørgrav * They must be of the same length (i.e. same type IP4, IP6). 318b7579f77SDag-Erling Smørgrav * @return: number of bits the same. 319b7579f77SDag-Erling Smørgrav */ 320b7579f77SDag-Erling Smørgrav int addr_in_common(struct sockaddr_storage* addr1, int net1, 321b7579f77SDag-Erling Smørgrav struct sockaddr_storage* addr2, int net2, socklen_t addrlen); 322b7579f77SDag-Erling Smørgrav 323b7579f77SDag-Erling Smørgrav /** 324b7579f77SDag-Erling Smørgrav * Put address into string, works for IPv4 and IPv6. 325b7579f77SDag-Erling Smørgrav * @param addr: address 326b7579f77SDag-Erling Smørgrav * @param addrlen: length of address 327b7579f77SDag-Erling Smørgrav * @param buf: result string stored here 328b7579f77SDag-Erling Smørgrav * @param len: length of buf. 329b7579f77SDag-Erling Smørgrav * On failure a string with "error" is stored inside. 330b7579f77SDag-Erling Smørgrav */ 331b7579f77SDag-Erling Smørgrav void addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, 332b7579f77SDag-Erling Smørgrav char* buf, size_t len); 333b7579f77SDag-Erling Smørgrav 334b7579f77SDag-Erling Smørgrav /** 3358f76bb7dSCy Schubert * Check if the prefix network length is one of the allowed 32, 40, 48, 56, 64, 3368f76bb7dSCy Schubert * or 96. 3378f76bb7dSCy Schubert * @param prefixnet: prefix network length to check. 3388f76bb7dSCy Schubert * @return 1 on success, 0 on failure. 3398f76bb7dSCy Schubert */ 3408f76bb7dSCy Schubert int prefixnet_is_nat64(int prefixnet); 3418f76bb7dSCy Schubert 3428f76bb7dSCy Schubert /** 3438f76bb7dSCy Schubert * Create a NAT64 address from a given address (needs to be IPv4) and a given 3448f76bb7dSCy Schubert * NAT64 prefix. The NAT64 prefix net needs to be one of 32, 40, 48, 56, 64, 96. 3458f76bb7dSCy Schubert * @param addr: IPv4 address. 3468f76bb7dSCy Schubert * @param nat64_prefix: NAT64 prefix. 3478f76bb7dSCy Schubert * @param nat64_prefixlen: NAT64 prefix len. 3488f76bb7dSCy Schubert * @param nat64_prefixnet: NAT64 prefix mask. 3498f76bb7dSCy Schubert * @param nat64_addr: the resulting NAT64 address. 3508f76bb7dSCy Schubert * @param nat64_addrlen: the resulting NAT64 address length. 3518f76bb7dSCy Schubert */ 3528f76bb7dSCy Schubert void addr_to_nat64(const struct sockaddr_storage* addr, 3538f76bb7dSCy Schubert const struct sockaddr_storage* nat64_prefix, 3548f76bb7dSCy Schubert socklen_t nat64_prefixlen, int nat64_prefixnet, 3558f76bb7dSCy Schubert struct sockaddr_storage* nat64_addr, socklen_t* nat64_addrlen); 3568f76bb7dSCy Schubert 3578f76bb7dSCy Schubert /** 358b7579f77SDag-Erling Smørgrav * See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0" 359b7579f77SDag-Erling Smørgrav * @param addr: address 360b7579f77SDag-Erling Smørgrav * @param addrlen: length of address 361b7579f77SDag-Erling Smørgrav * @return true if so 362b7579f77SDag-Erling Smørgrav */ 363b7579f77SDag-Erling Smørgrav int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen); 364b7579f77SDag-Erling Smørgrav 365b7579f77SDag-Erling Smørgrav /** 366b7579f77SDag-Erling Smørgrav * See if sockaddr is 255.255.255.255. 367b7579f77SDag-Erling Smørgrav * @param addr: address 368b7579f77SDag-Erling Smørgrav * @param addrlen: length of address 369b7579f77SDag-Erling Smørgrav * @return true if so 370b7579f77SDag-Erling Smørgrav */ 371b7579f77SDag-Erling Smørgrav int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen); 372b7579f77SDag-Erling Smørgrav 373b7579f77SDag-Erling Smørgrav /** 374b7579f77SDag-Erling Smørgrav * See if sockaddr is 0.0.0.0 or ::0. 375b7579f77SDag-Erling Smørgrav * @param addr: address 376b7579f77SDag-Erling Smørgrav * @param addrlen: length of address 377b7579f77SDag-Erling Smørgrav * @return true if so 378b7579f77SDag-Erling Smørgrav */ 379b7579f77SDag-Erling Smørgrav int addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen); 380b7579f77SDag-Erling Smørgrav 381b7579f77SDag-Erling Smørgrav /** 382b7579f77SDag-Erling Smørgrav * Insert new socket list item. If fails logs error. 383b7579f77SDag-Erling Smørgrav * @param list: pointer to pointer to first item. 384b7579f77SDag-Erling Smørgrav * @param addr: address or NULL if 'cache'. 385b7579f77SDag-Erling Smørgrav * @param len: length of addr, or 0 if 'cache'. 386b7579f77SDag-Erling Smørgrav * @param region: where to allocate 387b7579f77SDag-Erling Smørgrav */ 388b7579f77SDag-Erling Smørgrav void sock_list_insert(struct sock_list** list, struct sockaddr_storage* addr, 389b7579f77SDag-Erling Smørgrav socklen_t len, struct regional* region); 390b7579f77SDag-Erling Smørgrav 391b7579f77SDag-Erling Smørgrav /** 392b7579f77SDag-Erling Smørgrav * Append one list to another. Must both be from same qstate(regional). 393b7579f77SDag-Erling Smørgrav * @param list: pointer to result list that is modified. 394b7579f77SDag-Erling Smørgrav * @param add: item(s) to add. They are prepended to list. 395b7579f77SDag-Erling Smørgrav */ 396b7579f77SDag-Erling Smørgrav void sock_list_prepend(struct sock_list** list, struct sock_list* add); 397b7579f77SDag-Erling Smørgrav 398b7579f77SDag-Erling Smørgrav /** 399b7579f77SDag-Erling Smørgrav * Find addr in list. 400b7579f77SDag-Erling Smørgrav * @param list: to search in 401b7579f77SDag-Erling Smørgrav * @param addr: address to look for. 402b7579f77SDag-Erling Smørgrav * @param len: length. Can be 0, look for 'cache entry'. 403b7579f77SDag-Erling Smørgrav * @return true if found. 404b7579f77SDag-Erling Smørgrav */ 405b7579f77SDag-Erling Smørgrav int sock_list_find(struct sock_list* list, struct sockaddr_storage* addr, 406b7579f77SDag-Erling Smørgrav socklen_t len); 407b7579f77SDag-Erling Smørgrav 408b7579f77SDag-Erling Smørgrav /** 409b7579f77SDag-Erling Smørgrav * Merge socklist into another socket list. Allocates the new entries 410b7579f77SDag-Erling Smørgrav * freshly and copies them over, so also performs a region switchover. 411b7579f77SDag-Erling Smørgrav * Allocation failures are logged. 412b7579f77SDag-Erling Smørgrav * @param list: the destination list (checked for duplicates) 413b7579f77SDag-Erling Smørgrav * @param region: where to allocate 414b7579f77SDag-Erling Smørgrav * @param add: the list of entries to add. 415b7579f77SDag-Erling Smørgrav */ 416b7579f77SDag-Erling Smørgrav void sock_list_merge(struct sock_list** list, struct regional* region, 417b7579f77SDag-Erling Smørgrav struct sock_list* add); 418b7579f77SDag-Erling Smørgrav 419b7579f77SDag-Erling Smørgrav /** 420b7579f77SDag-Erling Smørgrav * Log libcrypto error with descriptive string. Calls log_err(). 421b7579f77SDag-Erling Smørgrav * @param str: what failed. 422b7579f77SDag-Erling Smørgrav */ 423b7579f77SDag-Erling Smørgrav void log_crypto_err(const char* str); 424b7579f77SDag-Erling Smørgrav 425b7579f77SDag-Erling Smørgrav /** 4260eefd307SCy Schubert * Log libcrypto error from errcode with descriptive string, calls log_err. 4270eefd307SCy Schubert * @param str: what failed. 4280eefd307SCy Schubert * @param err: error code from ERR_get_error. 4290eefd307SCy Schubert */ 4300eefd307SCy Schubert void log_crypto_err_code(const char* str, unsigned long err); 4310eefd307SCy Schubert 4320eefd307SCy Schubert /** 433103ba509SCy Schubert * Log an error from libcrypto that came from SSL_write and so on, with 434103ba509SCy Schubert * a value from SSL_get_error, calls log_err. If that fails it logs with 435103ba509SCy Schubert * log_crypto_err. 436103ba509SCy Schubert * @param str: what failed 437103ba509SCy Schubert * @param r: output of SSL_get_error on the I/O operation result. 438103ba509SCy Schubert */ 439103ba509SCy Schubert void log_crypto_err_io(const char* str, int r); 440103ba509SCy Schubert 441103ba509SCy Schubert /** 442103ba509SCy Schubert * Log an error from libcrypt that came from an I/O routine with the 443103ba509SCy Schubert * errcode from ERR_get_error. Calls log_err() and log_crypto_err_code. 444103ba509SCy Schubert * @param str: what failed 445103ba509SCy Schubert * @param r: output of SSL_get_error on the I/O operation result. 446103ba509SCy Schubert * @param err: error code from ERR_get_error 447103ba509SCy Schubert */ 448103ba509SCy Schubert void log_crypto_err_io_code(const char* str, int r, unsigned long err); 449103ba509SCy Schubert 450103ba509SCy Schubert /** 45125039b37SCy Schubert * Log certificate details verbosity, string, of X509 cert 45225039b37SCy Schubert * @param level: verbosity level 45325039b37SCy Schubert * @param str: string to prefix on output 45425039b37SCy Schubert * @param cert: X509* structure. 45525039b37SCy Schubert */ 45625039b37SCy Schubert void log_cert(unsigned level, const char* str, void* cert); 45725039b37SCy Schubert 45825039b37SCy Schubert /** 459971980c3SDag-Erling Smørgrav * Set SSL_OP_NOxxx options on SSL context to disable bad crypto 460971980c3SDag-Erling Smørgrav * @param ctxt: SSL_CTX* 461971980c3SDag-Erling Smørgrav * @return false on failure. 462971980c3SDag-Erling Smørgrav */ 463971980c3SDag-Erling Smørgrav int listen_sslctx_setup(void* ctxt); 464971980c3SDag-Erling Smørgrav 465971980c3SDag-Erling Smørgrav /** 466971980c3SDag-Erling Smørgrav * Further setup of listening SSL context, after keys loaded. 467971980c3SDag-Erling Smørgrav * @param ctxt: SSL_CTX* 468971980c3SDag-Erling Smørgrav */ 469971980c3SDag-Erling Smørgrav void listen_sslctx_setup_2(void* ctxt); 470971980c3SDag-Erling Smørgrav 471971980c3SDag-Erling Smørgrav /** 472b7579f77SDag-Erling Smørgrav * create SSL listen context 473b7579f77SDag-Erling Smørgrav * @param key: private key file. 474b7579f77SDag-Erling Smørgrav * @param pem: public key cert. 475b7579f77SDag-Erling Smørgrav * @param verifypem: if nonNULL, verifylocation file. 476b7579f77SDag-Erling Smørgrav * return SSL_CTX* or NULL on failure (logged). 477b7579f77SDag-Erling Smørgrav */ 478b7579f77SDag-Erling Smørgrav void* listen_sslctx_create(char* key, char* pem, char* verifypem); 479b7579f77SDag-Erling Smørgrav 480b7579f77SDag-Erling Smørgrav /** 481b7579f77SDag-Erling Smørgrav * create SSL connect context 482b7579f77SDag-Erling Smørgrav * @param key: if nonNULL (also pem nonNULL), the client private key. 483b7579f77SDag-Erling Smørgrav * @param pem: client public key (or NULL if key is NULL). 484b7579f77SDag-Erling Smørgrav * @param verifypem: if nonNULL used for verifylocation file. 4853bd4df0aSDag-Erling Smørgrav * @param wincert: add system certificate store to ctx (add to verifypem ca 4863bd4df0aSDag-Erling Smørgrav * certs). 487b7579f77SDag-Erling Smørgrav * @return SSL_CTX* or NULL on failure (logged). 488b7579f77SDag-Erling Smørgrav */ 4893bd4df0aSDag-Erling Smørgrav void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert); 490b7579f77SDag-Erling Smørgrav 491b7579f77SDag-Erling Smørgrav /** 492b7579f77SDag-Erling Smørgrav * accept a new fd and wrap it in a BIO in SSL 493b7579f77SDag-Erling Smørgrav * @param sslctx: the SSL_CTX to use (from listen_sslctx_create()). 494b7579f77SDag-Erling Smørgrav * @param fd: from accept, nonblocking. 495b7579f77SDag-Erling Smørgrav * @return SSL or NULL on alloc failure. 496b7579f77SDag-Erling Smørgrav */ 497b7579f77SDag-Erling Smørgrav void* incoming_ssl_fd(void* sslctx, int fd); 498b7579f77SDag-Erling Smørgrav 499b7579f77SDag-Erling Smørgrav /** 500b7579f77SDag-Erling Smørgrav * connect a new fd and wrap it in a BIO in SSL 501b7579f77SDag-Erling Smørgrav * @param sslctx: the SSL_CTX to use (from connect_sslctx_create()) 502b7579f77SDag-Erling Smørgrav * @param fd: from connect. 503b7579f77SDag-Erling Smørgrav * @return SSL or NULL on alloc failure 504b7579f77SDag-Erling Smørgrav */ 505b7579f77SDag-Erling Smørgrav void* outgoing_ssl_fd(void* sslctx, int fd); 506b7579f77SDag-Erling Smørgrav 5078ed2b524SDag-Erling Smørgrav /** 50825039b37SCy Schubert * check if authname SSL functionality is available, false if not 50925039b37SCy Schubert * @param auth_name: the name for the remote server, used for error print. 51025039b37SCy Schubert * @return false if SSL functionality to check the SSL name is not available. 51125039b37SCy Schubert */ 51225039b37SCy Schubert int check_auth_name_for_ssl(char* auth_name); 51325039b37SCy Schubert 51425039b37SCy Schubert /** 51525039b37SCy Schubert * set auth name on SSL for verification 51625039b37SCy Schubert * @param ssl: SSL* to set 51725039b37SCy Schubert * @param auth_name: if NULL nothing happens, otherwise the name to check. 51825039b37SCy Schubert * @param use_sni: if SNI will be used. 51925039b37SCy Schubert * @return 1 on success or NULL auth_name, 0 on failure. 52025039b37SCy Schubert */ 52125039b37SCy Schubert int set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni); 52225039b37SCy Schubert 52325039b37SCy Schubert /** 5248ed2b524SDag-Erling Smørgrav * Initialize openssl locking for thread safety 5258ed2b524SDag-Erling Smørgrav * @return false on failure (alloc failure). 5268ed2b524SDag-Erling Smørgrav */ 5278ed2b524SDag-Erling Smørgrav int ub_openssl_lock_init(void); 5288ed2b524SDag-Erling Smørgrav 5298ed2b524SDag-Erling Smørgrav /** 5308ed2b524SDag-Erling Smørgrav * De-init the allocated openssl locks 5318ed2b524SDag-Erling Smørgrav */ 5328ed2b524SDag-Erling Smørgrav void ub_openssl_lock_delete(void); 5338ed2b524SDag-Erling Smørgrav 534e86b9096SDag-Erling Smørgrav /** 535e86b9096SDag-Erling Smørgrav * setup TLS session ticket 536e86b9096SDag-Erling Smørgrav * @param sslctx: the SSL_CTX to use (from connect_sslctx_create()) 537e86b9096SDag-Erling Smørgrav * @param tls_session_ticket_keys: TLS ticket secret filenames 538e86b9096SDag-Erling Smørgrav * @return false on failure (alloc failure). 539e86b9096SDag-Erling Smørgrav */ 540e86b9096SDag-Erling Smørgrav int listen_sslctx_setup_ticket_keys(void* sslctx, 541e86b9096SDag-Erling Smørgrav struct config_strlist* tls_session_ticket_keys); 542e86b9096SDag-Erling Smørgrav 543e86b9096SDag-Erling Smørgrav /** Free memory used for TLS session ticket keys */ 544e86b9096SDag-Erling Smørgrav void listen_sslctx_delete_ticket_keys(void); 545e86b9096SDag-Erling Smørgrav 546091e9e46SCy Schubert /** 547091e9e46SCy Schubert * RPZ format netblock to network byte order address and netblock 548091e9e46SCy Schubert * example RPZ netblock format dnames: 549091e9e46SCy Schubert * - 24.10.100.51.198.rpz-ip -> 198.51.100.10/24 550091e9e46SCy Schubert * - 32.10.zz.db8.2001.rpz-ip -> 2001:db8:0:0:0:0:0:10/32 551091e9e46SCy Schubert * @param dname: the dname containing RPZ format netblock 552091e9e46SCy Schubert * @param dnamelen: length of dname 553091e9e46SCy Schubert * @param addr: where to store sockaddr. 554091e9e46SCy Schubert * @param addrlen: length of stored sockaddr is returned. 555091e9e46SCy Schubert * @param net: where to store netmask 556091e9e46SCy Schubert * @param af: where to store address family. 557091e9e46SCy Schubert * @return 0 on error. 558091e9e46SCy Schubert */ 559091e9e46SCy Schubert int netblockdnametoaddr(uint8_t* dname, size_t dnamelen, 560091e9e46SCy Schubert struct sockaddr_storage* addr, socklen_t* addrlen, int* net, int* af); 561c0caa2e2SCy Schubert 562c0caa2e2SCy Schubert /** Return strerror or wsastrerror for socket error printout */ 563c0caa2e2SCy Schubert char* sock_strerror(int errn); 564c0caa2e2SCy Schubert /** close the socket with close, or wsa closesocket */ 565c0caa2e2SCy Schubert void sock_close(int socket); 566c0caa2e2SCy Schubert 567b7579f77SDag-Erling Smørgrav #endif /* NET_HELP_H */ 568