1 /* 2 * util/net_help.h - network help functions 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains functions to perform network related tasks. 40 */ 41 42 #ifndef NET_HELP_H 43 #define NET_HELP_H 44 #include "util/log.h" 45 #include "util/random.h" 46 struct sock_list; 47 struct regional; 48 struct config_strlist; 49 50 /** DNS constants for uint16_t style flag manipulation. host byteorder. 51 * 1 1 1 1 1 1 52 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 53 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 54 * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | 55 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 56 */ 57 /** CD flag */ 58 #define BIT_CD 0x0010 59 /** AD flag */ 60 #define BIT_AD 0x0020 61 /** Z flag */ 62 #define BIT_Z 0x0040 63 /** RA flag */ 64 #define BIT_RA 0x0080 65 /** RD flag */ 66 #define BIT_RD 0x0100 67 /** TC flag */ 68 #define BIT_TC 0x0200 69 /** AA flag */ 70 #define BIT_AA 0x0400 71 /** QR flag */ 72 #define BIT_QR 0x8000 73 /** get RCODE bits from uint16 flags */ 74 #define FLAGS_GET_RCODE(f) ((f) & 0xf) 75 /** set RCODE bits in uint16 flags */ 76 #define FLAGS_SET_RCODE(f, r) (f = (((f) & 0xfff0) | (r))) 77 78 /** timeout in milliseconds for UDP queries to auth servers. */ 79 #define UDP_AUTH_QUERY_TIMEOUT 3000 80 /** Advertised version of EDNS capabilities */ 81 #define EDNS_ADVERTISED_VERSION 0 82 /** Advertised size of EDNS capabilities */ 83 extern uint16_t EDNS_ADVERTISED_SIZE; 84 /** bits for EDNS bitfield */ 85 #define EDNS_DO 0x8000 /* Dnssec Ok */ 86 /** byte size of ip4 address */ 87 #define INET_SIZE 4 88 /** byte size of ip6 address */ 89 #define INET6_SIZE 16 90 91 /** DNSKEY zone sign key flag */ 92 #define DNSKEY_BIT_ZSK 0x0100 93 /** DNSKEY secure entry point, KSK flag */ 94 #define DNSKEY_BIT_SEP 0x0001 95 96 /** return a random 16-bit number given a random source */ 97 #define GET_RANDOM_ID(rnd) (((unsigned)ub_random(rnd)>>8) & 0xffff) 98 99 /** minimal responses when positive answer */ 100 extern int MINIMAL_RESPONSES; 101 102 /** rrset order roundrobin */ 103 extern int RRSET_ROUNDROBIN; 104 105 /** log tag queries with name instead of 'info' for filtering */ 106 extern int LOG_TAG_QUERYREPLY; 107 108 /** 109 * See if string is ip4 or ip6. 110 * @param str: IP specification. 111 * @return: true if string addr is an ip6 specced address. 112 */ 113 int str_is_ip6(const char* str); 114 115 /** 116 * Set fd nonblocking. 117 * @param s: file descriptor. 118 * @return: 0 on error (error is printed to log). 119 */ 120 int fd_set_nonblock(int s); 121 122 /** 123 * Set fd (back to) blocking. 124 * @param s: file descriptor. 125 * @return: 0 on error (error is printed to log). 126 */ 127 int fd_set_block(int s); 128 129 /** 130 * See if number is a power of 2. 131 * @param num: the value. 132 * @return: true if the number is a power of 2. 133 */ 134 int is_pow2(size_t num); 135 136 /** 137 * Allocate memory and copy over contents. 138 * @param data: what to copy over. 139 * @param len: length of data. 140 * @return: NULL on malloc failure, or newly malloced data. 141 */ 142 void* memdup(void* data, size_t len); 143 144 /** 145 * Prints the sockaddr in readable format with log_info. Debug helper. 146 * @param v: at what verbosity level to print this. 147 * @param str: descriptive string printed with it. 148 * @param addr: the sockaddr to print. Can be ip4 or ip6. 149 * @param addrlen: length of addr. 150 */ 151 void log_addr(enum verbosity_value v, const char* str, 152 struct sockaddr_storage* addr, socklen_t addrlen); 153 154 /** 155 * Prints zone name and sockaddr in readable format with log_info. Debug. 156 * @param v: at what verbosity level to print this. 157 * @param str: descriptive string printed with it. 158 * @param zone: DNS domain name, uncompressed wireformat. 159 * @param addr: the sockaddr to print. Can be ip4 or ip6. 160 * @param addrlen: length of addr. 161 */ 162 void log_name_addr(enum verbosity_value v, const char* str, uint8_t* zone, 163 struct sockaddr_storage* addr, socklen_t addrlen); 164 165 /** 166 * Log errno and addr. 167 * @param str: descriptive string printed with it. 168 * @param err: errno string to print, i.e. strerror(errno). 169 * @param addr: the sockaddr to print. Can be ip4 or ip6. 170 * @param addrlen: length of addr. 171 */ 172 void log_err_addr(const char* str, const char* err, 173 struct sockaddr_storage* addr, socklen_t addrlen); 174 175 /** 176 * Convert address string, with "@port" appendix, to sockaddr. 177 * Uses DNS port by default. 178 * @param str: the string 179 * @param addr: where to store sockaddr. 180 * @param addrlen: length of stored sockaddr is returned. 181 * @return 0 on error. 182 */ 183 int extstrtoaddr(const char* str, struct sockaddr_storage* addr, 184 socklen_t* addrlen); 185 186 /** 187 * Convert ip address string and port to sockaddr. 188 * @param ip: ip4 or ip6 address string. 189 * @param port: port number, host format. 190 * @param addr: where to store sockaddr. 191 * @param addrlen: length of stored sockaddr is returned. 192 * @return 0 on error. 193 */ 194 int ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 195 socklen_t* addrlen); 196 197 /** 198 * Convert ip netblock (ip/netsize) string and port to sockaddr. 199 * performs a copy internally to avoid writing over 'ip' string. 200 * @param ip: ip4 or ip6 address string. 201 * @param port: port number, host format. 202 * @param addr: where to store sockaddr. 203 * @param addrlen: length of stored sockaddr is returned. 204 * @param net: netblock size is returned. 205 * @return 0 on error. 206 */ 207 int netblockstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 208 socklen_t* addrlen, int* net); 209 210 /** 211 * Convert address string, with "@port" appendix, to sockaddr. 212 * It can also have an "#tls-auth-name" appendix (after the port). 213 * The returned tls-auth-name string is a pointer into the input string. 214 * Uses DNS port by default. 215 * @param str: the string 216 * @param addr: where to store sockaddr. 217 * @param addrlen: length of stored sockaddr is returned. 218 * @param auth_name: returned pointer to tls_auth_name, or NULL if none. 219 * @return 0 on error. 220 */ 221 int authextstrtoaddr(char* str, struct sockaddr_storage* addr, 222 socklen_t* addrlen, char** auth_name); 223 224 /** 225 * Store port number into sockaddr structure 226 * @param addr: sockaddr structure, ip4 or ip6. 227 * @param addrlen: length of addr. 228 * @param port: port number to put into the addr. 229 */ 230 void sockaddr_store_port(struct sockaddr_storage* addr, socklen_t addrlen, 231 int port); 232 233 /** 234 * Print string with neat domain name, type and class. 235 * @param v: at what verbosity level to print this. 236 * @param str: string of message. 237 * @param name: domain name uncompressed wireformat. 238 * @param type: host format RR type. 239 * @param dclass: host format RR class. 240 */ 241 void log_nametypeclass(enum verbosity_value v, const char* str, 242 uint8_t* name, uint16_t type, uint16_t dclass); 243 244 /** 245 * Like log_nametypeclass, but logs with log_query for query logging 246 */ 247 void log_query_in(const char* str, uint8_t* name, uint16_t type, 248 uint16_t dclass); 249 250 /** 251 * Compare two sockaddrs. Imposes an ordering on the addresses. 252 * Compares address and port. 253 * @param addr1: address 1. 254 * @param len1: lengths of addr1. 255 * @param addr2: address 2. 256 * @param len2: lengths of addr2. 257 * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 258 */ 259 int sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1, 260 struct sockaddr_storage* addr2, socklen_t len2); 261 262 /** 263 * Compare two sockaddrs. Compares address, not the port. 264 * @param addr1: address 1. 265 * @param len1: lengths of addr1. 266 * @param addr2: address 2. 267 * @param len2: lengths of addr2. 268 * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 269 */ 270 int sockaddr_cmp_addr(struct sockaddr_storage* addr1, socklen_t len1, 271 struct sockaddr_storage* addr2, socklen_t len2); 272 273 /** 274 * Checkout address family. 275 * @param addr: the sockaddr to examine. 276 * @param len: the length of addr. 277 * @return: true if sockaddr is ip6. 278 */ 279 int addr_is_ip6(struct sockaddr_storage* addr, socklen_t len); 280 281 /** 282 * Make sure the sockaddr ends in zeroes. For tree insertion and subsequent 283 * comparison. 284 * @param addr: the ip4 or ip6 addr. 285 * @param len: length of addr. 286 * @param net: number of bits to leave untouched, the rest of the netblock 287 * address is zeroed. 288 */ 289 void addr_mask(struct sockaddr_storage* addr, socklen_t len, int net); 290 291 /** 292 * See how many bits are shared, equal, between two addrs. 293 * @param addr1: first addr. 294 * @param net1: netblock size of first addr. 295 * @param addr2: second addr. 296 * @param net2: netblock size of second addr. 297 * @param addrlen: length of first addr and of second addr. 298 * They must be of the same length (i.e. same type IP4, IP6). 299 * @return: number of bits the same. 300 */ 301 int addr_in_common(struct sockaddr_storage* addr1, int net1, 302 struct sockaddr_storage* addr2, int net2, socklen_t addrlen); 303 304 /** 305 * Put address into string, works for IPv4 and IPv6. 306 * @param addr: address 307 * @param addrlen: length of address 308 * @param buf: result string stored here 309 * @param len: length of buf. 310 * On failure a string with "error" is stored inside. 311 */ 312 void addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, 313 char* buf, size_t len); 314 315 /** 316 * See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0" 317 * @param addr: address 318 * @param addrlen: length of address 319 * @return true if so 320 */ 321 int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen); 322 323 /** 324 * See if sockaddr is 255.255.255.255. 325 * @param addr: address 326 * @param addrlen: length of address 327 * @return true if so 328 */ 329 int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen); 330 331 /** 332 * See if sockaddr is 0.0.0.0 or ::0. 333 * @param addr: address 334 * @param addrlen: length of address 335 * @return true if so 336 */ 337 int addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen); 338 339 /** 340 * Insert new socket list item. If fails logs error. 341 * @param list: pointer to pointer to first item. 342 * @param addr: address or NULL if 'cache'. 343 * @param len: length of addr, or 0 if 'cache'. 344 * @param region: where to allocate 345 */ 346 void sock_list_insert(struct sock_list** list, struct sockaddr_storage* addr, 347 socklen_t len, struct regional* region); 348 349 /** 350 * Append one list to another. Must both be from same qstate(regional). 351 * @param list: pointer to result list that is modified. 352 * @param add: item(s) to add. They are prepended to list. 353 */ 354 void sock_list_prepend(struct sock_list** list, struct sock_list* add); 355 356 /** 357 * Find addr in list. 358 * @param list: to search in 359 * @param addr: address to look for. 360 * @param len: length. Can be 0, look for 'cache entry'. 361 * @return true if found. 362 */ 363 int sock_list_find(struct sock_list* list, struct sockaddr_storage* addr, 364 socklen_t len); 365 366 /** 367 * Merge socklist into another socket list. Allocates the new entries 368 * freshly and copies them over, so also performs a region switchover. 369 * Allocation failures are logged. 370 * @param list: the destination list (checked for duplicates) 371 * @param region: where to allocate 372 * @param add: the list of entries to add. 373 */ 374 void sock_list_merge(struct sock_list** list, struct regional* region, 375 struct sock_list* add); 376 377 /** 378 * Log libcrypto error with descriptive string. Calls log_err(). 379 * @param str: what failed. 380 */ 381 void log_crypto_err(const char* str); 382 383 /** 384 * Log libcrypto error from errcode with descriptive string, calls log_err. 385 * @param str: what failed. 386 * @param err: error code from ERR_get_error. 387 */ 388 void log_crypto_err_code(const char* str, unsigned long err); 389 390 /** 391 * Log certificate details verbosity, string, of X509 cert 392 * @param level: verbosity level 393 * @param str: string to prefix on output 394 * @param cert: X509* structure. 395 */ 396 void log_cert(unsigned level, const char* str, void* cert); 397 398 /** 399 * Set SSL_OP_NOxxx options on SSL context to disable bad crypto 400 * @param ctxt: SSL_CTX* 401 * @return false on failure. 402 */ 403 int listen_sslctx_setup(void* ctxt); 404 405 /** 406 * Further setup of listening SSL context, after keys loaded. 407 * @param ctxt: SSL_CTX* 408 */ 409 void listen_sslctx_setup_2(void* ctxt); 410 411 /** 412 * create SSL listen context 413 * @param key: private key file. 414 * @param pem: public key cert. 415 * @param verifypem: if nonNULL, verifylocation file. 416 * return SSL_CTX* or NULL on failure (logged). 417 */ 418 void* listen_sslctx_create(char* key, char* pem, char* verifypem); 419 420 /** 421 * create SSL connect context 422 * @param key: if nonNULL (also pem nonNULL), the client private key. 423 * @param pem: client public key (or NULL if key is NULL). 424 * @param verifypem: if nonNULL used for verifylocation file. 425 * @param wincert: add system certificate store to ctx (add to verifypem ca 426 * certs). 427 * @return SSL_CTX* or NULL on failure (logged). 428 */ 429 void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert); 430 431 /** 432 * accept a new fd and wrap it in a BIO in SSL 433 * @param sslctx: the SSL_CTX to use (from listen_sslctx_create()). 434 * @param fd: from accept, nonblocking. 435 * @return SSL or NULL on alloc failure. 436 */ 437 void* incoming_ssl_fd(void* sslctx, int fd); 438 439 /** 440 * connect a new fd and wrap it in a BIO in SSL 441 * @param sslctx: the SSL_CTX to use (from connect_sslctx_create()) 442 * @param fd: from connect. 443 * @return SSL or NULL on alloc failure 444 */ 445 void* outgoing_ssl_fd(void* sslctx, int fd); 446 447 /** 448 * check if authname SSL functionality is available, false if not 449 * @param auth_name: the name for the remote server, used for error print. 450 * @return false if SSL functionality to check the SSL name is not available. 451 */ 452 int check_auth_name_for_ssl(char* auth_name); 453 454 /** 455 * set auth name on SSL for verification 456 * @param ssl: SSL* to set 457 * @param auth_name: if NULL nothing happens, otherwise the name to check. 458 * @param use_sni: if SNI will be used. 459 * @return 1 on success or NULL auth_name, 0 on failure. 460 */ 461 int set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni); 462 463 /** 464 * Initialize openssl locking for thread safety 465 * @return false on failure (alloc failure). 466 */ 467 int ub_openssl_lock_init(void); 468 469 /** 470 * De-init the allocated openssl locks 471 */ 472 void ub_openssl_lock_delete(void); 473 474 /** 475 * setup TLS session ticket 476 * @param sslctx: the SSL_CTX to use (from connect_sslctx_create()) 477 * @param tls_session_ticket_keys: TLS ticket secret filenames 478 * @return false on failure (alloc failure). 479 */ 480 int listen_sslctx_setup_ticket_keys(void* sslctx, 481 struct config_strlist* tls_session_ticket_keys); 482 483 /** Free memory used for TLS session ticket keys */ 484 void listen_sslctx_delete_ticket_keys(void); 485 486 /** 487 * RPZ format netblock to network byte order address and netblock 488 * example RPZ netblock format dnames: 489 * - 24.10.100.51.198.rpz-ip -> 198.51.100.10/24 490 * - 32.10.zz.db8.2001.rpz-ip -> 2001:db8:0:0:0:0:0:10/32 491 * @param dname: the dname containing RPZ format netblock 492 * @param dnamelen: length of dname 493 * @param addr: where to store sockaddr. 494 * @param addrlen: length of stored sockaddr is returned. 495 * @param net: where to store netmask 496 * @param af: where to store address family. 497 * @return 0 on error. 498 */ 499 int netblockdnametoaddr(uint8_t* dname, size_t dnamelen, 500 struct sockaddr_storage* addr, socklen_t* addrlen, int* net, int* af); 501 502 /** Return strerror or wsastrerror for socket error printout */ 503 char* sock_strerror(int errn); 504 /** close the socket with close, or wsa closesocket */ 505 void sock_close(int socket); 506 507 #endif /* NET_HELP_H */ 508