From 2c9b548ebd81228d29af2fe02ef4dc4f1e0a3bb4 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 16 Apr 2021 16:07:04 +0200 Subject: [PATCH 01/38] Simple zonefile printer (maybe I should have called it printzone?) --- Makefile.in | 486 +++++++++++++++++++------------------------- testcode/readzone.c | 107 ++++++++++ 2 files changed, 313 insertions(+), 280 deletions(-) create mode 100644 testcode/readzone.c diff --git a/Makefile.in b/Makefile.in index 8d5c7ee83..81b188bde 100644 --- a/Makefile.in +++ b/Makefile.in @@ -244,6 +244,9 @@ DELAYER_SRC=testcode/delayer.c DELAYER_OBJ=delayer.lo DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) +READZONE_SRC=testcode/readzone.c +READZONE_OBJ=readzone.lo +READZONE_OBJ_LINK=$(READZONE_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ) IPSET_SRC=@IPSET_SRC@ IPSET_OBJ=@IPSET_OBJ@ DNSTAP_SOCKET_SRC=dnstap/unbound-dnstap-socket.c @@ -280,7 +283,7 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \ $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\ $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \ $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \ - $(DOHCLIENT_SRC) + $(DOHCLIENT_SRC) $(READZONE_SRC) ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \ @@ -289,7 +292,7 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) $(DNSTAP_SOCKET_OBJ)\ $(COMPAT_OBJ) $(PYUNBOUND_OBJ) \ $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) \ - $(DOHCLIENT_OBJ) + $(DOHCLIENT_OBJ) $(READZONE_OBJ) COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) @@ -405,6 +408,9 @@ perf$(EXEEXT): $(PERF_OBJ_LINK) delayer$(EXEEXT): $(DELAYER_OBJ_LINK) $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) +readzone$(EXEEXT): $(READZONE_OBJ_LINK) + $(LINK) -o $@ $(READZONE_OBJ_LINK) $(SSLLIB) $(LIBS) + signit$(EXEEXT): testcode/signit.c $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS) @@ -701,7 +707,8 @@ infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrde rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ @@ -790,7 +797,8 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outside_network.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ @@ -837,11 +845,7 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \ - $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h + $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -872,8 +876,7 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \ - + $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -894,8 +897,7 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/util/iana_ports.inc + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ @@ -924,8 +926,9 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/service $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_sigcrypt.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ @@ -934,7 +937,7 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ @@ -942,13 +945,18 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) \ - $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h + $(srcdir)/libunbound/worker.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h -mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h +mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h @@ -961,14 +969,12 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h \ - + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -1022,8 +1028,7 @@ tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/u $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h \ - + $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ @@ -1033,8 +1038,7 @@ ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ @@ -1047,8 +1051,7 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ - + $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \ @@ -1078,13 +1081,11 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/ val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - -val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h +val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \ @@ -1102,17 +1103,15 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h \ - + $(srcdir)/sldns/sbuffer.h val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ @@ -1133,43 +1132,13 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h -edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h -subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ - $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h +subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h -subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h -cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h -redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \ - $(srcdir)/sldns/sbuffer.h +subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ @@ -1182,42 +1151,8 @@ respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localz $(srcdir)/util/regional.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h -dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h dnstap/dnstap.pb-c.h -dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \ - -dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h -dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/sldns/sbuffer.h \ - -ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h -ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ - $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ - $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h -ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h +ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h +ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h @@ -1226,8 +1161,7 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h -unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ +unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ @@ -1268,14 +1202,7 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ $(srcdir)/sldns/parseutil.h -unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/services/authzone.h -unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ - $(srcdir)/edns-subnet/edns-subnet.h +unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ @@ -1286,49 +1213,56 @@ unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/service $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/wire2str.h +unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/util/log.h \ + $(srcdir)/testcode/unitmain.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/authzone.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \ + $(srcdir)/validator/val_anchor.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ - $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/keyraw.h -remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ +cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h +remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ @@ -1353,21 +1287,19 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ @@ -1375,32 +1307,32 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h @@ -1411,39 +1343,38 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/keyraw.h +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -1457,9 +1388,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ @@ -1476,7 +1405,7 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/daemon/remote.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ @@ -1511,8 +1440,7 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ @@ -1546,70 +1474,72 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h -libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h +libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \ - + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ - $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h +unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/listen_dnsport.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ - -petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ - + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h +petal.lo petal.o: $(srcdir)/testcode/petal.c config.h unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \ $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ - dnstap/dnstap.pb-c.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h -pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ - + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ + $(srcdir)/libunbound/unbound-event.h +pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h \ + $(srcdir)/pythonmod/pythonmod_utils.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h \ @@ -1617,8 +1547,8 @@ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \ + $(srcdir)/util/net_help.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ $(srcdir)/winrc/w_inst.h @@ -1626,14 +1556,12 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv $(srcdir)/winrc/w_inst.h anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h -keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/rrdef.h \ - +keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/keyraw.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h + $(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/sbuffer.h parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h @@ -1644,8 +1572,8 @@ dohclient.lo dohclient.o: $(srcdir)/testcode/dohclient.c config.h $(srcdir)/sldn $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h \ - + $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h +readzone.lo readzone.o: $(srcdir)/testcode/readzone.c ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h @@ -1660,11 +1588,9 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c -getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ - +getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c -getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \ - +getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h diff --git a/testcode/readzone.c b/testcode/readzone.c new file mode 100644 index 000000000..927d55f53 --- /dev/null +++ b/testcode/readzone.c @@ -0,0 +1,107 @@ +#include +#include +#include +#include +#include + +#include +#include "config.h" +#include "sldns/str2wire.h" +#include "sldns/wire2str.h" + +int print_usage(FILE *out, const char *progname) +{ + fprintf(out, "usage: %s [ -u ] []\n", progname); + fprintf(out, "\t-u\tprint in unknown type (RFC3597) format\n"); + return out == stdout ? EXIT_SUCCESS : EXIT_FAILURE; +} + +int main(int argc, char *const *argv) +{ + char *progname = argv[0]; + uint8_t rr[LDNS_RR_BUF_SIZE]; + char *str = malloc(1024 * 1024); + size_t str_len = sizeof(str); + struct sldns_file_parse_state state; + FILE *in = NULL; + int s = -1; + int opt; + int print_in_unknown_type_format = 0; + + while ((opt = getopt(argc, argv, "hu")) != -1) { + switch (opt) { + case 'h': + return print_usage(stdout, progname); + case 'u': + print_in_unknown_type_format = 1; + break; + default: + return print_usage(stderr, progname); + } + } + argc -= optind; + argv += optind; + + memset(&state, 0, sizeof(state)); + state.default_ttl = 3600; + state.lineno = 1; + if (argc == 2) { + state.origin_len = sizeof(state.origin); + s = sldns_str2wire_dname_buf(argv[1], state.origin + , &state.origin_len); + if (s) { + fprintf(stderr, "Error parsing origin: %s\n" + , sldns_get_errorstr_parse(s)); + return EXIT_FAILURE; + } + s = -1; + } + if (!str) + fprintf(stderr, "Memory allocation error: %s\n" + , strerror(errno)); + + else if (argc != 1 && argc != 2) + return print_usage(stderr, progname); + + else if (!(in = fopen(argv[0], "r"))) + fprintf(stderr, "Error opening \"%s\": %s\n" + , argv[0], strerror(errno)); + else while (!feof(in)) { + size_t rr_len = sizeof(rr), dname_len = 0; + size_t written; + + s = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len, &state); + if (s) { + fprintf( stderr, "parse error %d:%d: %s" + , state.lineno, LDNS_WIREPARSE_OFFSET(s) + , sldns_get_errorstr_parse(s)); + break; + } + if (rr_len == 0) + continue; + + if (print_in_unknown_type_format) + written = sldns_wire2str_rr_unknown_buf( + rr, rr_len, str, str_len); + else + written = sldns_wire2str_rr_buf( + rr, rr_len, str, str_len); + + if (written > str_len) { + while (written > str_len) + str_len *= 2; + free(str); + if (!(str = malloc(str_len))) { + fprintf(stderr, "Memory allocation error: %s\n" + , strerror(errno)); + s = -1; + break; + } + (void) sldns_wire2str_rr_buf(rr, rr_len, str, str_len); + } + fprintf(stdout, "%s", str); + } + if (in) + fclose(in); + return !in || s ? EXIT_FAILURE : EXIT_SUCCESS; +} From 5b28b213fafc0cc6ce131495044645d298f01687 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Mon, 10 May 2021 11:03:08 +0200 Subject: [PATCH 02/38] basic implementation of a selection of svcb params --- sldns/rrdef.c | 6 +- sldns/rrdef.h | 9 +- sldns/str2wire.c | 365 ++++++++++++++++++++++++++++++++++++++++++++++- sldns/str2wire.h | 15 ++ sldns/wire2str.c | 181 +++++++++++++++++++++++ sldns/wire2str.h | 3 + 6 files changed, 576 insertions(+), 3 deletions(-) diff --git a/sldns/rrdef.c b/sldns/rrdef.c index 54051313a..125d3d0ab 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -153,6 +153,9 @@ static const sldns_rdf_type type_csync_wireformat[] = { static const sldns_rdf_type type_zonemd_wireformat[] = { LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX }; +static const sldns_rdf_type type_svcb_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; /* nsec3 is some vars, followed by same type of data of nsec */ static const sldns_rdf_type type_nsec3_wireformat[] = { /* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ @@ -377,7 +380,8 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 63 */ {LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{(enum sldns_enum_rr_type)0, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 64 */ + {LDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, diff --git a/sldns/rrdef.h b/sldns/rrdef.h index ece632c3c..cd65c4126 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -196,6 +196,8 @@ enum sldns_enum_rr_type LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */ + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */ + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ @@ -353,8 +355,13 @@ enum sldns_enum_rdf_type /** TSIG extended 16bit error value */ LDNS_RDF_TYPE_TSIGERROR, + /* draft-ietf-dnsop-svcb-https-04: + * each SvcParam consisting of a SvcParamKey=SvcParamValue pair or + * a standalone SvcParamKey */ + LDNS_RDF_TYPE_SVCPARAM, + /* Aliases */ - LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC + LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC, }; typedef enum sldns_enum_rdf_type sldns_rdf_type; diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 70eec6dab..8a3a1e22a 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -29,7 +29,6 @@ #define RET_ERR(e, off) ((int)((e)|((off)<= 4 && key_len <= 8 && !strncmp(key, "key", 3)) { + memcpy(buf, key + 3, key_len - 3); + buf[key_len - 3] = 0; + key_value = strtoul(buf, &endptr, 10); + if (endptr > buf /* digits seen */ + && *endptr == 0 /* no non-digit chars after digits */ + && key_value <= 65535) /* no overflow */ + return key_value; + + } else switch (key_len) { + case sizeof("mandatory")-1: + if (!strncmp(key, "mandatory", sizeof("mandatory")-1)) + return SVCB_KEY_MANDATORY; + if (!strncmp(key, "echconfig", sizeof("echconfig")-1)) + return SVCB_KEY_ECH; /* allow "echconfig as well as "ech" */ + break; + + case sizeof("alpn")-1: + if (!strncmp(key, "alpn", sizeof("alpn")-1)) + return SVCB_KEY_ALPN; + if (!strncmp(key, "port", sizeof("port")-1)) + return SVCB_KEY_PORT; + break; + + case sizeof("no-default-alpn")-1: + if (!strncmp( key , "no-default-alpn" + , sizeof("no-default-alpn")-1)) + return SVCB_KEY_NO_DEFAULT_ALPN; + break; + + case sizeof("ipv4hint")-1: + if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1)) + return SVCB_KEY_IPV4HINT; + if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1)) + return SVCB_KEY_IPV6HINT; + break; + case sizeof("ech")-1: + if (!strncmp(key, "ech", sizeof("ech")-1)) + return SVCB_KEY_ECH; + break; + default: + break; + } + if (key_len > sizeof(buf) - 1) {} + // ERROR: Unknown SvcParamKey + else { + memcpy(buf, key, key_len); + buf[key_len] = 0; + // Error: "Unknown SvcParamKey: %s" + } + /* Although the returned value might be used by the caller, + * the parser has erred, so the zone will not be loaded. + */ + return -1; +} + +static int +sldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len) +{ + unsigned long int port; + char *endptr; + + if (*rd_len < 6) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + port = strtoul(val, &endptr, 10); + + if (endptr > val /* digits seen */ + && *endptr == 0 /* no non-digit chars after digits */ + && port <= 65535) { /* no overflow */ + + sldns_write_uint16(rd, htons(SVCB_KEY_PORT)); + sldns_write_uint16(rd + 2, htons(sizeof(uint16_t))); + sldns_write_uint16(rd + 4, htons(port)); + *rd_len = 6; + + return LDNS_WIREPARSE_ERR_OK; + } + // ERROR: "Could not parse port SvcParamValue" + return -1; +} + +static int +sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) +{ + + int count; + char ip_str[INET_ADDRSTRLEN+1]; + char *next_ip_str; + uint32_t *ip_wire_dst; + size_t i; + + for (i = 0, count = 1; val[i]; i++) { + if (val[i] == ',') + count += 1; + if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { + // ERROR "Too many IPV4 addresses in ipv4hint" + return -1; + } + } + + if (*rd_len < (LDNS_IP4ADDRLEN * count) + 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + /* count is number of comma's in val + 1; so the actual number of IPv4 + * addresses in val + */ + sldns_write_uint16(rd, htons(SVCB_KEY_IPV4HINT)); + sldns_write_uint16(rd + 2, htons(LDNS_IP4ADDRLEN * count)); + *rd_len = 4; + + while (count) { + if (!(next_ip_str = strchr(val, ','))) { + if (inet_pton(AF_INET, val, rd + *rd_len) != 1) + *rd_len += LDNS_IP4ADDRLEN; + break; + + assert(count == 1); + + } else if (next_ip_str - val >= (int)sizeof(ip_str)) + break; + + else { + memcpy(ip_str, val, next_ip_str - val); + ip_str[next_ip_str - val] = 0; + if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) { + *rd_len += LDNS_IP4ADDRLEN; + val = ip_str; /* to use in error reporting below */ + break; + } + + val = next_ip_str + 1; + } + ip_wire_dst++; + count--; + } + // if (count) /* verify that we parsed all values */ + // ERROR "Could not parse ipv4hint SvcParamValue: " + + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) +{ + int count; + char ip_str[INET_ADDRSTRLEN+1]; + char *next_ip_str; + uint32_t *ip_wire_dst; + size_t i; + + for (i = 0, count = 1; val[i]; i++) { + if (val[i] == ',') + count += 1; + if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { + // ERROR "Too many IPV4 addresses in ipv4hint" + return -1; + } + } + + if (*rd_len < (LDNS_IP6ADDRLEN * count) + 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + /* count is number of comma's in val + 1; so the actual number of IPv6 + * addresses in val + */ + sldns_write_uint16(rd, htons(SVCB_KEY_IPV6HINT)); + sldns_write_uint16(rd + 2, htons(LDNS_IP6ADDRLEN * count)); + *rd_len = 4; + + while (count) { + if (!(next_ip_str = strchr(val, ','))) { + if (inet_pton(AF_INET, val, rd + *rd_len) != 1) + *rd_len += LDNS_IP6ADDRLEN; + break; + + assert(count == 1); + + } else if (next_ip_str - val >= (int)sizeof(ip_str)) + break; + + else { + memcpy(ip_str, val, next_ip_str - val); + ip_str[next_ip_str - val] = 0; + if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) { + *rd_len += LDNS_IP6ADDRLEN; + + val = ip_str; /* to use in error reporting below */ + break; + } + + val = next_ip_str + 1; + } + ip_wire_dst++; + count--; + } + // if (count) /* verify that we parsed all values */ + // ERROR "Could not parse ipv6hint SvcParamValue: " + + return LDNS_WIREPARSE_ERR_OK; +} + +/* compare function used for sorting uint16_t's */ +static int +sldns_network_uint16_cmp(const void *a, const void *b) +{ + return ((int)sldns_read_uint16(a)) - ((int)sldns_read_uint16(b)); +} + +static int +sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) +{ + size_t i, count, val_len; + char* next_key; + uint16_t* key_dst; + + val_len = strlen(val); + + for (i = 0, count = 1; val[i]; i++) { + if (val[i] == ',') + count += 1; + if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { + // ERROR "Too many keys in mandatory" + return -1; + } + } + + // @TODO check if we have space to write in rd_len; look for the best spot + + sldns_write_uint16(rd, htons(SVCB_KEY_MANDATORY)); + sldns_write_uint16(rd + 2, htons(sizeof(uint16_t) * count)); + *rd_len = 4; + + for(;;) { + if (!(next_key = strchr(val, ','))) { + sldns_write_uint16(rd + *rd_len, + htons(sldns_str2wire_svcparam_key_lookup(val, val_len))); + *rd_len += LDNS_IP6ADDRLEN; + break; + } else { + sldns_write_uint16(rd + *rd_len, + htons(sldns_str2wire_svcparam_key_lookup(val, next_key - val))); + *rd_len += LDNS_IP6ADDRLEN; + } + + val_len -= next_key - val + 1; + val = next_key + 1; /* skip the comma */ + key_dst += 1; + } + + /* In draft-ietf-dnsop-svcb-https-04 Section 7: + * + * "In wire format, the keys are represented by their numeric + * values in network byte order, concatenated in ascending order." + */ + qsort((void *)(rd + 4), count, sizeof(uint16_t), sldns_network_uint16_cmp); + + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcbparam_no_default_alpn(const char* val, uint8_t* rd, size_t* rd_len) +{ + if (*rd_len < 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + sldns_write_uint16(rd, htons(SVCB_KEY_NO_DEFAULT_ALPN)); + sldns_write_uint16(rd + 2, htons(0)); + *rd_len = 4; + + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) +{ + uint8_t buffer[LDNS_MAX_RDFLEN]; + int wire_len; + + // @TODO fix this + // if(strcmp(b64, "0") == 0) { + /* single 0 represents empty buffer */ + // } + + wire_len = sldns_b64_pton(val, buffer, LDNS_MAX_RDFLEN); + + if (wire_len == -1) { + // zc_error_prev_line("invalid base64 data in ech"); + return LDNS_WIREPARSE_ERR_INVALID_STR; + } else { + sldns_write_uint16(rd, htons(SVCB_KEY_ECH)); + sldns_write_uint16(rd + 2, htons(wire_len)); + + // @TODO memcpy? + sldns_write_uint16(rd + 4, htons(buffer)); + *rd_len = 4 + wire_len; + + return LDNS_WIREPARSE_ERR_OK; + } +} + +static int +sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, + const char *val, uint8_t* rd, size_t* rd_len) +{ + uint16_t svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len); + + switch (svcparamkey) { + case SVCB_KEY_PORT: + return sldns_str2wire_svcparam_port(val, rd, rd_len); + case SVCB_KEY_IPV4HINT: + return sldns_str2wire_svcbparam_ipv4hint(val, rd, rd_len); + case SVCB_KEY_IPV6HINT: + return sldns_str2wire_svcbparam_ipv6hint(val, rd, rd_len); + case SVCB_KEY_MANDATORY: + return sldns_str2wire_svcbparam_mandatory(val, rd, rd_len); + case SVCB_KEY_NO_DEFAULT_ALPN: + return sldns_str2wire_svcbparam_no_default_alpn(val, rd, rd_len); + // if(zone_is_slave(parser->current_zone->opts)) + // zc_warning_prev_line("no-default-alpn should not have a value"); + // else + // zc_error_prev_line("no-default-alpn should not have a value"); + // break; + case SVCB_KEY_ECH: + return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len); + case SVCB_KEY_ALPN: + // return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); + default: + break; + } + + // @TODO change to error? + return LDNS_WIREPARSE_ERR_OK; +} + +int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) +{ + const char* eq_pos; + + int ret; + + eq_pos = strchr(str, '='); + + // @TODO handle "key=" case + + /* Verify that we have a have a value */ + if (eq_pos != NULL) { + return sldns_str2wire_svcparam_key_value(str, eq_pos - str, eq_pos + 1, rd, rd_len); + } else { + return sldns_str2wire_svcparam_key_value(str, strlen(str), NULL, rd, rd_len); + } + + return LDNS_WIREPARSE_ERR_OK; +} + int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len, sldns_rdf_type rdftype) { @@ -1006,6 +1367,8 @@ int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len, return sldns_str2wire_hip_buf(str, rd, len); case LDNS_RDF_TYPE_INT16_DATA: return sldns_str2wire_int16_data_buf(str, rd, len); + case LDNS_RDF_TYPE_SVCPARAM: + return sldns_str2wire_svcparam_buf(str, rd, len); case LDNS_RDF_TYPE_UNKNOWN: case LDNS_RDF_TYPE_SERVICE: return LDNS_WIREPARSE_ERR_NOT_IMPL; diff --git a/sldns/str2wire.h b/sldns/str2wire.h index 70070e4f5..b687546a7 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -23,10 +23,25 @@ extern "C" { #endif struct sldns_struct_lookup_table; +#define LDNS_IP4ADDRLEN (32/8) +#define LDNS_IP6ADDRLEN (128/8) + /** buffer to read an RR, cannot be larger than 64K because of packet size */ #define LDNS_RR_BUF_SIZE 65535 /* bytes */ #define LDNS_DEFAULT_TTL 3600 +/* SVCB keys currently defined in draft-ietf-dnsop-svcb-https */ +#define SVCB_KEY_MANDATORY 0 +#define SVCB_KEY_ALPN 1 +#define SVCB_KEY_NO_DEFAULT_ALPN 2 +#define SVCB_KEY_PORT 3 +#define SVCB_KEY_IPV4HINT 4 +#define SVCB_KEY_ECH 5 +#define SVCB_KEY_IPV6HINT 6 +#define SVCPARAMKEY_COUNT 7 + +#define SVCB_MAX_COMMA_SEPARATED_VALUES 1000 + /* * To convert class and type to string see * sldns_get_rr_class_by_name(str) diff --git a/sldns/wire2str.c b/sldns/wire2str.c index d0d1632d4..3fea10fcd 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -196,6 +196,12 @@ static sldns_lookup_table sldns_tsig_errors_data[] = { }; sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data; +/* draft-ietf-dnsop-svcb-https-04: 6. Initial SvcParamKeys */ +const char *svcparamkey_strs[] = { + "mandatory", "alpn", "no-default-alpn", "port", + "ipv4hint", "echconfig", "ipv6hint" +}; + char* sldns_wire2str_pkt(uint8_t* data, size_t len) { size_t slen = (size_t)sldns_wire2str_pkt_buf(data, len, NULL, 0); @@ -940,6 +946,179 @@ int sldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) return sldns_str_print(s, slen, "%u", (unsigned)ttl); } +static int +sldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey) +{ + if (svcparamkey < SVCPARAMKEY_COUNT) { + // fprintf(stderr, "HERE\n"); + return sldns_str_print(s, slen, "%s", svcparamkey_strs[svcparamkey]); + } + else { + return sldns_str_print(s, slen, "key%d", (int)svcparamkey); + } +} + +int sldns_wire2str_svcparam_port2str(char** s, + size_t* slen, uint16_t val_len, uint16_t val) +{ + int w = 0; + + if (val_len != 2) + return -1; /* wireformat error, a short is 2 bytes */ + w = sldns_str_print(s, slen, "=%d", (int)ntohs(val)); + return w; +} + +static int +sldns_wire2str_svcparam_ipv4hint2str(char** s, + size_t* slen, uint16_t val_len, uint8_t* data) +{ + char ip_str[INET_ADDRSTRLEN + 1]; + + // @TODO actually incorporate this + int w = 0; + + assert(val_len > 0); + + if ((val_len % LDNS_IP4ADDRLEN) == 0) { + if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) + return 0; /* wireformat error, incorrect size or inet family */ + + sldns_str_print(s, slen, "=%s", ip_str); + data += LDNS_IP4ADDRLEN / sizeof(uint16_t); + + while ((val_len -= LDNS_IP4ADDRLEN) > 0) { + if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) + return 0; /* wireformat error, incorrect size or inet family */ + + sldns_str_print(s, slen, ",%s", ip_str); + data += LDNS_IP4ADDRLEN / sizeof(uint16_t); + } + return 1; + } else + return 0; +} + +int sldns_wire2str_svcparam_ipv6hint2str(char** s, + size_t* slen, uint16_t val_len, uint8_t* data) +{ + char ip_str[INET6_ADDRSTRLEN + 1]; + + // @TODO actually incorporate this + int w = 0; + + assert(val_len > 0); + + if ((val_len % LDNS_IP6ADDRLEN) == 0) { + if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) + return 0; /* wireformat error, incorrect size or inet family */ + + sldns_str_print(s, slen, "=%s", ip_str); + data += LDNS_IP6ADDRLEN / sizeof(uint16_t); + + while ((val_len -= LDNS_IP6ADDRLEN) > 0) { + if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) + return 0; /* wireformat error, incorrect size or inet family */ + + sldns_str_print(s, slen, ",%s", ip_str); + data += LDNS_IP6ADDRLEN / sizeof(uint16_t); + } + return 1; + } else + return 0; +} + +int sldns_wire2str_svcparam_mandatory2str(char** s, + size_t* slen, uint16_t val_len, uint8_t* data) +{ + int w = 0; + + assert(val_len > 0); + + // if (val_len % sizeof(uint16_t)) + // return 0; // wireformat error, val_len must be multiple of shorts + w += sldns_str_print(s, slen, "="); + w += sldns_print_svcparamkey(s, slen, ntohs(sldns_read_uint16(data))); + data += 2; + + while ((val_len -= sizeof(uint16_t))) { + w += sldns_str_print(s, slen, ","); + w += sldns_print_svcparamkey(s, slen, ntohs(sldns_read_uint16(data))); + data += 2; + } + + return w; +} + +int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) +{ + uint16_t svcparamkey, val_len; + uint8_t* data = *d; + int written_chars = 0; + + if(*dlen == 0) return 0; /* verify that we actualy have data */ + + svcparamkey = ntohs(sldns_read_uint16(data)); + + written_chars += sldns_print_svcparamkey(s, slen, svcparamkey); + + // (*dlen) -= written_chars; + + // @TODO fix this to be dynamic and correct + // fprintf(stderr, "*dlen2: %zu\n", *dlen); + // fprintf(stderr, "val_len %zu\n", val_len); + (*dlen) = 0; + + val_len = ntohs(sldns_read_uint16(data+2)); + + // if (size != val_len + 4) + // return 0; wireformat error + + // if (!val_len) { + // /* Some SvcParams MUST have values */ + // switch (svcparamkey) { + // case SVCB_KEY_ALPN: + // case SVCB_KEY_PORT: + // case SVCB_KEY_IPV4HINT: + // case SVCB_KEY_IPV6HINT: + // case SVCB_KEY_MANDATORY: + // return 0; + // default: + // return 1; + // } + // } + switch (svcparamkey) { + case SVCB_KEY_PORT: + written_chars += sldns_wire2str_svcparam_port2str(s, slen, val_len, sldns_read_uint16(data+4)); + break; + case SVCB_KEY_IPV4HINT: + written_chars += sldns_wire2str_svcparam_ipv4hint2str(s, slen, val_len, data+4); + break; + case SVCB_KEY_IPV6HINT: + written_chars += sldns_wire2str_svcparam_ipv6hint2str(s, slen, val_len, data+4); + break; + case SVCB_KEY_MANDATORY: + written_chars += sldns_wire2str_svcparam_mandatory2str(s, slen, val_len, data+4); + break; + case SVCB_KEY_NO_DEFAULT_ALPN: + return 0; /* wireformat error, should not have a value */ + case SVCB_KEY_ALPN: + // written_chars += sldns_wire2str_svcparam_alpn2str(output, val_len, data+2); + // break; + case SVCB_KEY_ECH: + // written_chars += sldns_wire2str_svcparam_ech2str(output, val_len, data+2); + // break; + default: + break; + } + + // @TODO set str_len to 0: "If the end of the + // * output string is reached, *str_len is set to 0" + // *str_len = 0; + + return written_chars; +} + int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, int rdftype, uint8_t* pkt, size_t pktlen, int* comprloop) { @@ -1017,6 +1196,8 @@ int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, return sldns_wire2str_tag_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_LONG_STR: return sldns_wire2str_long_str_scan(d, dlen, s, slen); + case LDNS_RDF_TYPE_SVCPARAM: + return sldns_wire2str_svcparam_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_TSIGERROR: return sldns_wire2str_tsigerror_scan(d, dlen, s, slen); } diff --git a/sldns/wire2str.h b/sldns/wire2str.h index 0167fe7c1..3c777367c 100644 --- a/sldns/wire2str.h +++ b/sldns/wire2str.h @@ -41,6 +41,9 @@ extern struct sldns_struct_lookup_table* sldns_wireparse_errors; /** tsig errors are the rcodes with extra (higher) values */ extern struct sldns_struct_lookup_table* sldns_tsig_errors; +/* draft-ietf-dnsop-svcb-https-04: 6. Initial SvcParamKeys */ +extern const char *svcparamkey_strs[]; + /** * Convert wireformat packet to a string representation * @param data: wireformat packet data (starting at ID bytes). From b61d098950d444432b3bb385953370a67425b06f Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Mon, 10 May 2021 12:19:50 +0000 Subject: [PATCH 03/38] fix memcpy of buffer for ech --- sldns/str2wire.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 8a3a1e22a..5a9c5eed8 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1206,8 +1206,8 @@ sldns_str2wire_svcbparam_no_default_alpn(const char* val, uint8_t* rd, size_t* r if (*rd_len < 4) return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - sldns_write_uint16(rd, htons(SVCB_KEY_NO_DEFAULT_ALPN)); - sldns_write_uint16(rd + 2, htons(0)); + sldns_write_uint16(rd, SVCB_KEY_NO_DEFAULT_ALPN); + sldns_write_uint16(rd + 2, 0); *rd_len = 4; return LDNS_WIREPARSE_ERR_OK; @@ -1229,14 +1229,13 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) if (wire_len == -1) { // zc_error_prev_line("invalid base64 data in ech"); return LDNS_WIREPARSE_ERR_INVALID_STR; + } else if (wire_len + 4 > *rd_len) { + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; } else { - sldns_write_uint16(rd, htons(SVCB_KEY_ECH)); - sldns_write_uint16(rd + 2, htons(wire_len)); - - // @TODO memcpy? - sldns_write_uint16(rd + 4, htons(buffer)); + sldns_write_uint16(rd, SVCB_KEY_ECH); + sldns_write_uint16(rd + 2, wire_len); + memcpy(rd + 4, buffer, wire_len); *rd_len = 4 + wire_len; - return LDNS_WIREPARSE_ERR_OK; } } From 1a28a276376158f07e90f89b50965960bfe3e48a Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Thu, 20 May 2021 13:28:34 +0200 Subject: [PATCH 04/38] happyflow for all signle svcparams --- sldns/str2wire.c | 117 ++++++++++++++++++++++++++++++----- sldns/wire2str.c | 157 ++++++++++++++++++++++++++++++++++------------- 2 files changed, 216 insertions(+), 58 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 5a9c5eed8..665c6da1d 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1011,13 +1011,14 @@ sldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len) && *endptr == 0 /* no non-digit chars after digits */ && port <= 65535) { /* no overflow */ - sldns_write_uint16(rd, htons(SVCB_KEY_PORT)); - sldns_write_uint16(rd + 2, htons(sizeof(uint16_t))); - sldns_write_uint16(rd + 4, htons(port)); + sldns_write_uint16(rd, SVCB_KEY_PORT); + sldns_write_uint16(rd + 2, sizeof(uint16_t)); + sldns_write_uint16(rd + 4, port); *rd_len = 6; return LDNS_WIREPARSE_ERR_OK; } + // ERROR: "Could not parse port SvcParamValue" return -1; } @@ -1047,8 +1048,8 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) /* count is number of comma's in val + 1; so the actual number of IPv4 * addresses in val */ - sldns_write_uint16(rd, htons(SVCB_KEY_IPV4HINT)); - sldns_write_uint16(rd + 2, htons(LDNS_IP4ADDRLEN * count)); + sldns_write_uint16(rd, SVCB_KEY_IPV4HINT); + sldns_write_uint16(rd + 2, LDNS_IP4ADDRLEN * count); *rd_len = 4; while (count) { @@ -1106,8 +1107,8 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) /* count is number of comma's in val + 1; so the actual number of IPv6 * addresses in val */ - sldns_write_uint16(rd, htons(SVCB_KEY_IPV6HINT)); - sldns_write_uint16(rd + 2, htons(LDNS_IP6ADDRLEN * count)); + sldns_write_uint16(rd, SVCB_KEY_IPV6HINT); + sldns_write_uint16(rd + 2, LDNS_IP6ADDRLEN * count); *rd_len = 4; while (count) { @@ -1169,19 +1170,19 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) // @TODO check if we have space to write in rd_len; look for the best spot - sldns_write_uint16(rd, htons(SVCB_KEY_MANDATORY)); - sldns_write_uint16(rd + 2, htons(sizeof(uint16_t) * count)); + sldns_write_uint16(rd, SVCB_KEY_MANDATORY); + sldns_write_uint16(rd + 2, sizeof(uint16_t) * count); *rd_len = 4; - for(;;) { + while (1) { if (!(next_key = strchr(val, ','))) { sldns_write_uint16(rd + *rd_len, - htons(sldns_str2wire_svcparam_key_lookup(val, val_len))); + sldns_str2wire_svcparam_key_lookup(val, val_len)); *rd_len += LDNS_IP6ADDRLEN; break; } else { sldns_write_uint16(rd + *rd_len, - htons(sldns_str2wire_svcparam_key_lookup(val, next_key - val))); + sldns_str2wire_svcparam_key_lookup(val, next_key - val)); *rd_len += LDNS_IP6ADDRLEN; } @@ -1228,7 +1229,7 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) if (wire_len == -1) { // zc_error_prev_line("invalid base64 data in ech"); - return LDNS_WIREPARSE_ERR_INVALID_STR; + return LDNS_WIREPARSE_ERR_SYNTAX_B64; } else if (wire_len + 4 > *rd_len) { return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; } else { @@ -1236,16 +1237,104 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) sldns_write_uint16(rd + 2, wire_len); memcpy(rd + 4, buffer, wire_len); *rd_len = 4 + wire_len; + return LDNS_WIREPARSE_ERR_OK; } } +static const char* +sldns_str2wire_svcbparam_parse_alpn_next_unescaped_comma(const char *val) +{ + while (*val) { + /* Only return when the comma is not escaped*/ + if (*val == '\\'){ + ++val; + if (!*val) + break; + } else if (*val == ',') + return val; + + val++; + } + return NULL; +} + +static size_t +sldns_str2wire_svcbparam_parse_alpn_copy_unescaped(uint8_t *dst, + const char *src, size_t len) +{ + uint8_t *orig_dst = dst; + + while (len) { + if (*src == '\\') { + src++; + len--; + if (!len) + break; + } + *dst++ = *src++; + len--; + } + return (size_t)(dst - orig_dst); +} + +int sldns_str2wire_svcbparam_alpn_value(const char* val, + uint8_t* rd, size_t* rd_len) +{ + uint8_t unescaped_dst[65536]; + uint8_t *dst = unescaped_dst; + const char *next_str; + size_t str_len; + size_t dst_len; + size_t val_len; + int wire_len; + + val_len = strlen(val); + + if (val_len > sizeof(unescaped_dst)) { + return LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW; + } + while (val_len) { + size_t dst_len; + + str_len = (next_str = sldns_str2wire_svcbparam_parse_alpn_next_unescaped_comma(val)) + ? (size_t)(next_str - val) : val_len; + + if (str_len > 255) { + // ERROR "alpn strings need to be smaller than 255 chars" + return LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW; + } + dst_len = sldns_str2wire_svcbparam_parse_alpn_copy_unescaped(dst + 1, val, str_len); + *dst++ = dst_len; + dst += dst_len; + + if (!next_str) + break; + + /* skip the comma for the next iteration */ + val_len -= next_str - val + 1; + val = next_str + 1; + } + dst_len = dst - unescaped_dst; + + sldns_write_uint16(rd, SVCB_KEY_ALPN); + sldns_write_uint16(rd + 2, dst_len); + memcpy(rd + 4, unescaped_dst, dst_len); + *rd_len = 4 + dst_len; + + return LDNS_WIREPARSE_ERR_OK; +} + static int sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, const char *val, uint8_t* rd, size_t* rd_len) { uint16_t svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len); + + fprintf(stderr, "key: %s\n", key); + fprintf(stderr, "val: %s\n", val); + switch (svcparamkey) { case SVCB_KEY_PORT: return sldns_str2wire_svcparam_port(val, rd, rd_len); @@ -1265,7 +1354,7 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, case SVCB_KEY_ECH: return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len); case SVCB_KEY_ALPN: - // return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); + return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); default: break; } diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 3fea10fcd..21f6195ce 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -950,7 +950,6 @@ static int sldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey) { if (svcparamkey < SVCPARAMKEY_COUNT) { - // fprintf(stderr, "HERE\n"); return sldns_str_print(s, slen, "%s", svcparamkey_strs[svcparamkey]); } else { @@ -959,106 +958,175 @@ sldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey) } int sldns_wire2str_svcparam_port2str(char** s, - size_t* slen, uint16_t val_len, uint16_t val) + size_t* slen, uint16_t data_len, uint16_t data) { int w = 0; - if (val_len != 2) + if (data_len != 2) return -1; /* wireformat error, a short is 2 bytes */ - w = sldns_str_print(s, slen, "=%d", (int)ntohs(val)); + w = sldns_str_print(s, slen, "=%d", (int)data); return w; } static int sldns_wire2str_svcparam_ipv4hint2str(char** s, - size_t* slen, uint16_t val_len, uint8_t* data) + size_t* slen, uint16_t data_len, uint8_t* data) { char ip_str[INET_ADDRSTRLEN + 1]; // @TODO actually incorporate this int w = 0; - assert(val_len > 0); + assert(data_len > 0); - if ((val_len % LDNS_IP4ADDRLEN) == 0) { + if ((data_len % LDNS_IP4ADDRLEN) == 0) { if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) return 0; /* wireformat error, incorrect size or inet family */ - sldns_str_print(s, slen, "=%s", ip_str); + w += sldns_str_print(s, slen, "=%s", ip_str); data += LDNS_IP4ADDRLEN / sizeof(uint16_t); - while ((val_len -= LDNS_IP4ADDRLEN) > 0) { + while ((data_len -= LDNS_IP4ADDRLEN) > 0) { if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) return 0; /* wireformat error, incorrect size or inet family */ - sldns_str_print(s, slen, ",%s", ip_str); + w += sldns_str_print(s, slen, ",%s", ip_str); data += LDNS_IP4ADDRLEN / sizeof(uint16_t); } - return 1; - } else - return 0; + } + + return w; } int sldns_wire2str_svcparam_ipv6hint2str(char** s, - size_t* slen, uint16_t val_len, uint8_t* data) + size_t* slen, uint16_t data_len, uint8_t* data) { char ip_str[INET6_ADDRSTRLEN + 1]; - // @TODO actually incorporate this + // @TODO actually incorporate this -> is this correct now? int w = 0; - assert(val_len > 0); + assert(data_len > 0); - if ((val_len % LDNS_IP6ADDRLEN) == 0) { + // @TODO fix ntohs -> see output + + if ((data_len % LDNS_IP6ADDRLEN) == 0) { if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) return 0; /* wireformat error, incorrect size or inet family */ - sldns_str_print(s, slen, "=%s", ip_str); + w += sldns_str_print(s, slen, "=%s", ip_str); data += LDNS_IP6ADDRLEN / sizeof(uint16_t); - while ((val_len -= LDNS_IP6ADDRLEN) > 0) { + while ((data_len -= LDNS_IP6ADDRLEN) > 0) { if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) return 0; /* wireformat error, incorrect size or inet family */ - sldns_str_print(s, slen, ",%s", ip_str); + w += sldns_str_print(s, slen, ",%s", ip_str); data += LDNS_IP6ADDRLEN / sizeof(uint16_t); } - return 1; - } else - return 0; + } + + return w; } int sldns_wire2str_svcparam_mandatory2str(char** s, - size_t* slen, uint16_t val_len, uint8_t* data) + size_t* slen, uint16_t data_len, uint8_t* data) { int w = 0; - assert(val_len > 0); + assert(data_len > 0); - // if (val_len % sizeof(uint16_t)) - // return 0; // wireformat error, val_len must be multiple of shorts + // if (data_len % sizeof(uint16_t)) + // return 0; // wireformat error, data_len must be multiple of shorts w += sldns_str_print(s, slen, "="); - w += sldns_print_svcparamkey(s, slen, ntohs(sldns_read_uint16(data))); + w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data)); data += 2; - while ((val_len -= sizeof(uint16_t))) { + while ((data_len -= sizeof(uint16_t))) { w += sldns_str_print(s, slen, ","); - w += sldns_print_svcparamkey(s, slen, ntohs(sldns_read_uint16(data))); + w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data)); data += 2; } return w; } +int sldns_wire2str_svcparam_alpn2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) +{ + uint8_t *dp = (void *)data; + int w = 0; + + assert(data_len > 0); /* Guaranteed by rdata_svcparam_to_string */ + + w += sldns_str_print(s, slen, "=\""); + while (data_len) { + uint8_t i, str_len = *dp++; + + if (str_len > --data_len) + return 0; + + for (i = 0; i < str_len; i++) { + if (dp[i] == '"' || dp[i] == '\\') + w += sldns_str_print(s, slen, "\\\\\\%c", dp[i]); + + else if (dp[i] == ',') + w += sldns_str_print(s, slen, "\\\\%c", dp[i]); + + else if (!isprint(dp[i])) + w += sldns_str_print(s, slen, "\\%03u", (unsigned) dp[i]); + + else + w += sldns_str_print(s, slen, "%c", dp[i]); + } + dp += str_len; + if ((data_len -= str_len)) + w += sldns_str_print(s, slen, "%s", ","); + } + w += sldns_str_print(s, slen, "\""); + + return w; +} + +int sldns_wire2str_svcparam_ech2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) +{ + int size; + int w; + + assert(data_len > 0); /* Guaranteed by rdata_svcparam_to_string */ + + w += sldns_str_print(s, slen, "=\""); + + /* b64_ntop_calculate size includes null at the end */ + size = sldns_b64_ntop_calculate_size(data_len); + + fprintf(stderr, "size %d\n", size); + + // @TODO store return value? + sldns_b64_ntop(data, data_len, *s, *slen); + (*s) += size; + (*slen) -= size; + + w += sldns_str_print(s, slen, "\""); + + // @TODO fix check + // if(size > *slen) { + // buffer_skip(output, size); + // } + + return w + size; +} + int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) { - uint16_t svcparamkey, val_len; + uint16_t svcparamkey, data_len; uint8_t* data = *d; int written_chars = 0; if(*dlen == 0) return 0; /* verify that we actualy have data */ - svcparamkey = ntohs(sldns_read_uint16(data)); + svcparamkey = sldns_read_uint16(data); written_chars += sldns_print_svcparamkey(s, slen, svcparamkey); @@ -1066,15 +1134,15 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl // @TODO fix this to be dynamic and correct // fprintf(stderr, "*dlen2: %zu\n", *dlen); - // fprintf(stderr, "val_len %zu\n", val_len); + // fprintf(stderr, "data_len %zu\n", data_len); (*dlen) = 0; - val_len = ntohs(sldns_read_uint16(data+2)); + data_len = sldns_read_uint16(data+2); // if (size != val_len + 4) // return 0; wireformat error - // if (!val_len) { + // if (!data_len) { // /* Some SvcParams MUST have values */ // switch (svcparamkey) { // case SVCB_KEY_ALPN: @@ -1087,34 +1155,35 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl // return 1; // } // } + switch (svcparamkey) { case SVCB_KEY_PORT: - written_chars += sldns_wire2str_svcparam_port2str(s, slen, val_len, sldns_read_uint16(data+4)); + written_chars += sldns_wire2str_svcparam_port2str(s, slen, data_len, sldns_read_uint16(data+4)); break; case SVCB_KEY_IPV4HINT: - written_chars += sldns_wire2str_svcparam_ipv4hint2str(s, slen, val_len, data+4); + written_chars += sldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, data+4); break; case SVCB_KEY_IPV6HINT: - written_chars += sldns_wire2str_svcparam_ipv6hint2str(s, slen, val_len, data+4); + written_chars += sldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, data+4); break; case SVCB_KEY_MANDATORY: - written_chars += sldns_wire2str_svcparam_mandatory2str(s, slen, val_len, data+4); + written_chars += sldns_wire2str_svcparam_mandatory2str(s, slen, data_len, data+4); break; case SVCB_KEY_NO_DEFAULT_ALPN: return 0; /* wireformat error, should not have a value */ case SVCB_KEY_ALPN: - // written_chars += sldns_wire2str_svcparam_alpn2str(output, val_len, data+2); - // break; + written_chars += sldns_wire2str_svcparam_alpn2str(s, slen, data_len, data+4); + break; case SVCB_KEY_ECH: - // written_chars += sldns_wire2str_svcparam_ech2str(output, val_len, data+2); - // break; + written_chars += sldns_wire2str_svcparam_ech2str(s, slen, data_len, data+4); + break; default: break; } // @TODO set str_len to 0: "If the end of the // * output string is reached, *str_len is set to 0" - // *str_len = 0; + // *slen = 0; return written_chars; } From eca19fe1d186353ad6a21ee9998f735c76562863 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Thu, 20 May 2021 13:39:24 +0200 Subject: [PATCH 05/38] happyflow for all signle svcparams (now without debug prints) --- sldns/str2wire.c | 4 ---- sldns/wire2str.c | 2 -- 2 files changed, 6 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 665c6da1d..a35dfc836 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1331,10 +1331,6 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, { uint16_t svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len); - - fprintf(stderr, "key: %s\n", key); - fprintf(stderr, "val: %s\n", val); - switch (svcparamkey) { case SVCB_KEY_PORT: return sldns_str2wire_svcparam_port(val, rd, rd_len); diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 21f6195ce..7d1143c6d 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -1101,8 +1101,6 @@ int sldns_wire2str_svcparam_ech2str(char** s, /* b64_ntop_calculate size includes null at the end */ size = sldns_b64_ntop_calculate_size(data_len); - fprintf(stderr, "size %d\n", size); - // @TODO store return value? sldns_b64_ntop(data, data_len, *s, *slen); (*s) += size; From 24e39a09a8cc2353d9698c7baef0e60f467a00f2 Mon Sep 17 00:00:00 2001 From: TCY16 <8014108+TCY16@users.noreply.github.com> Date: Fri, 21 May 2021 15:42:56 +0200 Subject: [PATCH 06/38] Apply suggestions from code review Co-authored-by: Willem Toorop --- sldns/rrdef.c | 2 +- sldns/rrdef.h | 2 +- sldns/str2wire.c | 4 ++-- sldns/wire2str.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sldns/rrdef.c b/sldns/rrdef.c index 125d3d0ab..803a0fa7d 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -382,7 +382,7 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 64 */ {LDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 }, -{(enum sldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + {LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, diff --git a/sldns/rrdef.h b/sldns/rrdef.h index cd65c4126..42d5de064 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -355,7 +355,7 @@ enum sldns_enum_rdf_type /** TSIG extended 16bit error value */ LDNS_RDF_TYPE_TSIGERROR, - /* draft-ietf-dnsop-svcb-https-04: + /* draft-ietf-dnsop-svcb-https-05: * each SvcParam consisting of a SvcParamKey=SvcParamValue pair or * a standalone SvcParamKey */ LDNS_RDF_TYPE_SVCPARAM, diff --git a/sldns/str2wire.c b/sldns/str2wire.c index a35dfc836..f905939fd 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1055,8 +1055,8 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) while (count) { if (!(next_ip_str = strchr(val, ','))) { if (inet_pton(AF_INET, val, rd + *rd_len) != 1) - *rd_len += LDNS_IP4ADDRLEN; break; + *rd_len += LDNS_IP4ADDRLEN; assert(count == 1); @@ -1067,10 +1067,10 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) memcpy(ip_str, val, next_ip_str - val); ip_str[next_ip_str - val] = 0; if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) { - *rd_len += LDNS_IP4ADDRLEN; val = ip_str; /* to use in error reporting below */ break; } + *rd_len += LDNS_IP4ADDRLEN; val = next_ip_str + 1; } diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 7d1143c6d..8ade3daca 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -1122,7 +1122,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl uint8_t* data = *d; int written_chars = 0; - if(*dlen == 0) return 0; /* verify that we actualy have data */ + if(*dlen < 4) return 0; /* verify that we actualy have data */ svcparamkey = sldns_read_uint16(data); From 21c5aadbcdcb5acc1f6d2b9c0f2e44b0275f1d41 Mon Sep 17 00:00:00 2001 From: TCY16 <8014108+TCY16@users.noreply.github.com> Date: Fri, 21 May 2021 16:09:18 +0200 Subject: [PATCH 07/38] Apply suggestions from code review Co-authored-by: Willem Toorop --- sldns/str2wire.c | 4 ++-- sldns/wire2str.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index f905939fd..05a623a2d 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1077,8 +1077,8 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) ip_wire_dst++; count--; } - // if (count) /* verify that we parsed all values */ - // ERROR "Could not parse ipv4hint SvcParamValue: " + if (count) /* verify that we parsed all values */ + return LDNS_WIREPARSE_ERR_SYNTAX_IP4; return LDNS_WIREPARSE_ERR_OK; } diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 8ade3daca..0d41a2bb8 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -984,14 +984,14 @@ sldns_wire2str_svcparam_ipv4hint2str(char** s, return 0; /* wireformat error, incorrect size or inet family */ w += sldns_str_print(s, slen, "=%s", ip_str); - data += LDNS_IP4ADDRLEN / sizeof(uint16_t); + data += LDNS_IP4ADDRLEN; while ((data_len -= LDNS_IP4ADDRLEN) > 0) { if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) return 0; /* wireformat error, incorrect size or inet family */ w += sldns_str_print(s, slen, ",%s", ip_str); - data += LDNS_IP4ADDRLEN / sizeof(uint16_t); + data += LDNS_IP4ADDRLEN; } } From 76cd9390da2fc40cbd344d6d8d83e1e3460ac350 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Tue, 25 May 2021 10:37:44 +0200 Subject: [PATCH 08/38] Fix str2wire ipv6hint like ipv4hint was fixed --- sldns/str2wire.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 05a623a2d..1ed41764d 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1087,7 +1087,7 @@ static int sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) { int count; - char ip_str[INET_ADDRSTRLEN+1]; + char ip_str[INET6_ADDRSTRLEN+1]; char *next_ip_str; uint32_t *ip_wire_dst; size_t i; @@ -1113,10 +1113,11 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) while (count) { if (!(next_ip_str = strchr(val, ','))) { - if (inet_pton(AF_INET, val, rd + *rd_len) != 1) - *rd_len += LDNS_IP6ADDRLEN; + if (inet_pton(AF_INET6, val, rd + *rd_len) != 1) break; + *rd_len += LDNS_IP6ADDRLEN; + assert(count == 1); } else if (next_ip_str - val >= (int)sizeof(ip_str)) @@ -1125,12 +1126,11 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) else { memcpy(ip_str, val, next_ip_str - val); ip_str[next_ip_str - val] = 0; - if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) { - *rd_len += LDNS_IP6ADDRLEN; - + if (inet_pton(AF_INET6, ip_str, rd + *rd_len) != 1) { val = ip_str; /* to use in error reporting below */ break; } + *rd_len += LDNS_IP6ADDRLEN; val = next_ip_str + 1; } From 5f22f3a9cf108903ef107ef1a147674ce637bdde Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Tue, 25 May 2021 10:41:00 +0200 Subject: [PATCH 09/38] Shift data pointer when scanning svcb wire data Also make internal auxilary functions static --- sldns/wire2str.c | 97 +++++++++++++++++++++++------------------------- 1 file changed, 46 insertions(+), 51 deletions(-) diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 0d41a2bb8..a0d3ee3e9 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -957,19 +957,18 @@ sldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey) } } -int sldns_wire2str_svcparam_port2str(char** s, - size_t* slen, uint16_t data_len, uint16_t data) +static int sldns_wire2str_svcparam_port2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) { int w = 0; if (data_len != 2) return -1; /* wireformat error, a short is 2 bytes */ - w = sldns_str_print(s, slen, "=%d", (int)data); + w = sldns_str_print(s, slen, "=%d", (int)sldns_read_uint16(data)); return w; } -static int -sldns_wire2str_svcparam_ipv4hint2str(char** s, +static int sldns_wire2str_svcparam_ipv4hint2str(char** s, size_t* slen, uint16_t data_len, uint8_t* data) { char ip_str[INET_ADDRSTRLEN + 1]; @@ -998,7 +997,7 @@ sldns_wire2str_svcparam_ipv4hint2str(char** s, return w; } -int sldns_wire2str_svcparam_ipv6hint2str(char** s, +static int sldns_wire2str_svcparam_ipv6hint2str(char** s, size_t* slen, uint16_t data_len, uint8_t* data) { char ip_str[INET6_ADDRSTRLEN + 1]; @@ -1029,7 +1028,7 @@ int sldns_wire2str_svcparam_ipv6hint2str(char** s, return w; } -int sldns_wire2str_svcparam_mandatory2str(char** s, +static int sldns_wire2str_svcparam_mandatory2str(char** s, size_t* slen, uint16_t data_len, uint8_t* data) { int w = 0; @@ -1051,7 +1050,7 @@ int sldns_wire2str_svcparam_mandatory2str(char** s, return w; } -int sldns_wire2str_svcparam_alpn2str(char** s, +static int sldns_wire2str_svcparam_alpn2str(char** s, size_t* slen, uint16_t data_len, uint8_t* data) { uint8_t *dp = (void *)data; @@ -1088,7 +1087,7 @@ int sldns_wire2str_svcparam_alpn2str(char** s, return w; } -int sldns_wire2str_svcparam_ech2str(char** s, +static int sldns_wire2str_svcparam_ech2str(char** s, size_t* slen, uint16_t data_len, uint8_t* data) { int size; @@ -1119,70 +1118,66 @@ int sldns_wire2str_svcparam_ech2str(char** s, int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) { uint16_t svcparamkey, data_len; - uint8_t* data = *d; int written_chars = 0; + int r; - if(*dlen < 4) return 0; /* verify that we actualy have data */ + /* verify that we have enough data to read svcparamkey and data_len */ + if(*dlen < 4) + return -1; - svcparamkey = sldns_read_uint16(data); + svcparamkey = sldns_read_uint16(*d); + data_len = sldns_read_uint16(*d+2); + *d += 4; + *dlen -= 4; + + /* verify that we have data_len data */ + if (data_len > *dlen) + return -1; written_chars += sldns_print_svcparamkey(s, slen, svcparamkey); - - // (*dlen) -= written_chars; - - // @TODO fix this to be dynamic and correct - // fprintf(stderr, "*dlen2: %zu\n", *dlen); - // fprintf(stderr, "data_len %zu\n", data_len); - (*dlen) = 0; - - data_len = sldns_read_uint16(data+2); - - // if (size != val_len + 4) - // return 0; wireformat error - - // if (!data_len) { - // /* Some SvcParams MUST have values */ - // switch (svcparamkey) { - // case SVCB_KEY_ALPN: - // case SVCB_KEY_PORT: - // case SVCB_KEY_IPV4HINT: - // case SVCB_KEY_IPV6HINT: - // case SVCB_KEY_MANDATORY: - // return 0; - // default: - // return 1; - // } - // } - + if (!data_len) { + /* Some SvcParams MUST have values */ + switch (svcparamkey) { + case SVCB_KEY_ALPN: + case SVCB_KEY_PORT: + case SVCB_KEY_IPV4HINT: + case SVCB_KEY_IPV6HINT: + case SVCB_KEY_MANDATORY: + return -1; + default: + return written_chars; + } + } switch (svcparamkey) { case SVCB_KEY_PORT: - written_chars += sldns_wire2str_svcparam_port2str(s, slen, data_len, sldns_read_uint16(data+4)); + r = sldns_wire2str_svcparam_port2str(s, slen, data_len, *d); break; case SVCB_KEY_IPV4HINT: - written_chars += sldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, data+4); + r = sldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, *d); break; case SVCB_KEY_IPV6HINT: - written_chars += sldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, data+4); + r = sldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, *d); break; case SVCB_KEY_MANDATORY: - written_chars += sldns_wire2str_svcparam_mandatory2str(s, slen, data_len, data+4); + r = sldns_wire2str_svcparam_mandatory2str(s, slen, data_len, *d); break; case SVCB_KEY_NO_DEFAULT_ALPN: - return 0; /* wireformat error, should not have a value */ + return -1; /* wireformat error, should not have a value */ case SVCB_KEY_ALPN: - written_chars += sldns_wire2str_svcparam_alpn2str(s, slen, data_len, data+4); + r = sldns_wire2str_svcparam_alpn2str(s, slen, data_len, *d); break; case SVCB_KEY_ECH: - written_chars += sldns_wire2str_svcparam_ech2str(s, slen, data_len, data+4); + r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d); break; default: break; } - - // @TODO set str_len to 0: "If the end of the - // * output string is reached, *str_len is set to 0" - // *slen = 0; - + if (r <= 0) + return -1; /* wireformat error */ + + written_chars += r; + *d += data_len; + *dlen -= data_len; return written_chars; } From 36093b0b8a41a19b8d2cdbc56c05cc98a7e85a39 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Tue, 25 May 2021 11:43:46 +0200 Subject: [PATCH 10/38] fix multiple ipv6hints entries --- sldns/str2wire.c | 11 +++++------ sldns/wire2str.c | 4 ++-- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 05a623a2d..dba21a093 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1087,7 +1087,7 @@ static int sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) { int count; - char ip_str[INET_ADDRSTRLEN+1]; + char ip_str[INET6_ADDRSTRLEN+1]; char *next_ip_str; uint32_t *ip_wire_dst; size_t i; @@ -1113,9 +1113,9 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) while (count) { if (!(next_ip_str = strchr(val, ','))) { - if (inet_pton(AF_INET, val, rd + *rd_len) != 1) - *rd_len += LDNS_IP6ADDRLEN; + if (inet_pton(AF_INET6, val, rd + *rd_len) != 1) break; + *rd_len += LDNS_IP6ADDRLEN; assert(count == 1); @@ -1125,12 +1125,11 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) else { memcpy(ip_str, val, next_ip_str - val); ip_str[next_ip_str - val] = 0; - if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) { - *rd_len += LDNS_IP6ADDRLEN; - + if (inet_pton(AF_INET6, ip_str, rd + *rd_len) != 1) { val = ip_str; /* to use in error reporting below */ break; } + *rd_len += LDNS_IP6ADDRLEN; val = next_ip_str + 1; } diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 0d41a2bb8..4c5065ee5 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -1015,14 +1015,14 @@ int sldns_wire2str_svcparam_ipv6hint2str(char** s, return 0; /* wireformat error, incorrect size or inet family */ w += sldns_str_print(s, slen, "=%s", ip_str); - data += LDNS_IP6ADDRLEN / sizeof(uint16_t); + data += LDNS_IP6ADDRLEN; while ((data_len -= LDNS_IP6ADDRLEN) > 0) { if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) return 0; /* wireformat error, incorrect size or inet family */ w += sldns_str_print(s, slen, ",%s", ip_str); - data += LDNS_IP6ADDRLEN / sizeof(uint16_t); + data += LDNS_IP6ADDRLEN; } } From 71904eb0d4cf3415a63e3f417a1e5c75d86b4f65 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Tue, 25 May 2021 15:44:49 +0200 Subject: [PATCH 11/38] add svcb tpkg tests --- testdata/svcb.tdir/crypto.cloudflare.com.zone | 9 + testdata/svcb.tdir/failure-cases.zone | 95 +++++++ testdata/svcb.tdir/svcb.dsc | 16 ++ testdata/svcb.tdir/svcb.failure-cases-01 | 10 + testdata/svcb.tdir/svcb.failure-cases-02 | 8 + testdata/svcb.tdir/svcb.failure-cases-03 | 8 + testdata/svcb.tdir/svcb.failure-cases-04 | 8 + testdata/svcb.tdir/svcb.failure-cases-05 | 8 + testdata/svcb.tdir/svcb.failure-cases-06 | 8 + testdata/svcb.tdir/svcb.failure-cases-07 | 8 + testdata/svcb.tdir/svcb.failure-cases-08 | 8 + testdata/svcb.tdir/svcb.failure-cases-09 | 9 + testdata/svcb.tdir/svcb.failure-cases-10 | 10 + testdata/svcb.tdir/svcb.failure-cases-11 | 10 + testdata/svcb.tdir/svcb.failure-cases-12 | 8 + testdata/svcb.tdir/svcb.failure-cases-13 | 8 + testdata/svcb.tdir/svcb.failure-cases-14 | 8 + testdata/svcb.tdir/svcb.failure-cases-15 | 8 + testdata/svcb.tdir/svcb.failure-cases-16 | 8 + testdata/svcb.tdir/svcb.failure-cases-17 | 8 + testdata/svcb.tdir/svcb.failure-cases-18 | 8 + testdata/svcb.tdir/svcb.failure-cases-19 | 9 + testdata/svcb.tdir/svcb.failure-cases-20 | 10 + testdata/svcb.tdir/svcb.failure-cases-21 | 9 + testdata/svcb.tdir/svcb.failure-cases-22 | 8 + testdata/svcb.tdir/svcb.success-cases.zone | 40 +++ .../svcb.tdir/svcb.success-cases.zone.cmp | 12 + testdata/svcb.tdir/svcb.test | 234 ++++++++++++++++++ testdata/svcb.tdir/svcb.test-vectors-pf.zone | 92 +++++++ testdata/svcb.tdir/svcb.test-vectors-wf.zone | 232 +++++++++++++++++ 30 files changed, 917 insertions(+) create mode 100644 testdata/svcb.tdir/crypto.cloudflare.com.zone create mode 100644 testdata/svcb.tdir/failure-cases.zone create mode 100644 testdata/svcb.tdir/svcb.dsc create mode 100644 testdata/svcb.tdir/svcb.failure-cases-01 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-02 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-03 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-04 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-05 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-06 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-07 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-08 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-09 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-10 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-11 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-12 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-13 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-14 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-15 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-16 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-17 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-18 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-19 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-20 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-21 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-22 create mode 100644 testdata/svcb.tdir/svcb.success-cases.zone create mode 100644 testdata/svcb.tdir/svcb.success-cases.zone.cmp create mode 100644 testdata/svcb.tdir/svcb.test create mode 100644 testdata/svcb.tdir/svcb.test-vectors-pf.zone create mode 100644 testdata/svcb.tdir/svcb.test-vectors-wf.zone diff --git a/testdata/svcb.tdir/crypto.cloudflare.com.zone b/testdata/svcb.tdir/crypto.cloudflare.com.zone new file mode 100644 index 000000000..53c89c735 --- /dev/null +++ b/testdata/svcb.tdir/crypto.cloudflare.com.zone @@ -0,0 +1,9 @@ +crypto.cloudflare.com. 3600 IN SOA jobs.ns.cloudflare.com. dns.cloudflare.com. ( + 2037099480 ; serial + 10000 ; refresh (2 hours 46 minutes 40 seconds) + 2400 ; retry (40 minutes) + 604800 ; expire (1 week) + 3600 ; minimum (1 hour) + ) +crypto.cloudflare.com. 300 IN HTTPS 1 . alpn=h2 ipv4hint=162.159.135.79,162.159.136.79 echconfig=AEj+CgBETwAgACDeVpr34JzYHDGNFoGWhksj5mpBxradonbqH3X9+h7jHgAEAAEAAQAAABNjbG91ZGZsYXJlLWVzbmkuY29tAAA= ipv6hint=2606:4700:7::a29f:874f,2606:4700:7::a29f:884f + diff --git a/testdata/svcb.tdir/failure-cases.zone b/testdata/svcb.tdir/failure-cases.zone new file mode 100644 index 000000000..9ca222ea9 --- /dev/null +++ b/testdata/svcb.tdir/failure-cases.zone @@ -0,0 +1,95 @@ +$ORIGIN failure-cases. +$TTL 3600 + + +@ SOA primary admin 1 3600 1800 7200 3600 + NS primary +primary A 127.0.0.1 + +; This example has multiple instances of the same SvcParamKey + +f01 SVCB 1 foo.example.com. ( + key123=abc key123=def + ) +; In the next examples the SvcParamKeys are missing their values. + +f02 SVCB 1 foo.example.com. mandatory + +; In the next examples the SvcParamKeys are missing their values. + +f03 SVCB 1 foo.example.com. alpn + +; In the next examples the SvcParamKeys are missing their values. + +f04 SVCB 1 foo.example.com. port + +; In the next examples the SvcParamKeys are missing their values. + +f05 SVCB 1 foo.example.com. ipv4hint + +; In the next examples the SvcParamKeys are missing their values. + +f06 SVCB 1 foo.example.com. ipv6hint + +; The "no-default-alpn" SvcParamKey value MUST be empty + +f07 SVCB 1 foo.example.com. no-default-alpn=abc + +; In this record a mandatory SvcParam is missing + +f08 SVCB 1 foo.example.com. mandatory=key123 + +; The "mandatory" SvcParamKey MUST not be included in mandatory list + +f09 SVCB 1 foo.example.com. mandatory=mandatory + +; Here there are multiple instances of the same SvcParamKey in the mandatory list + +f10 SVCB 1 foo.example.com. ( + mandatory=key123,key123 key123=abc + ) + +; This example has multiple instances of the same SvcParamKey + +f11 HTTPS 1 foo.example.com. ( + key123=abc key123=def + ) + +; In the next examples the SvcParamKeys are missing their values. + +f12 HTTPS 1 foo.example.com. mandatory + +; In the next examples the SvcParamKeys are missing their values. + +f13 HTTPS 1 foo.example.com. alpn + +; In the next examples the SvcParamKeys are missing their values. + +f14 HTTPS 1 foo.example.com. port + +; In the next examples the SvcParamKeys are missing their values. + +f15 HTTPS 1 foo.example.com. ipv4hint + +; In the next examples the SvcParamKeys are missing their values. + +f16 HTTPS 1 foo.example.com. ipv6hint + +; The "no-default-alpn" SvcParamKey value MUST be empty + +f17 HTTPS 1 foo.example.com. no-default-alpn=abc + +; In this record a mandatory SvcParam is missing + +f18 HTTPS 1 foo.example.com. mandatory=key123 + +; The "mandatory" SvcParamKey MUST not be included in mandatory list + +f19 HTTPS 1 foo.example.com. mandatory=mandatory + +; Here there are multiple instances of the same SvcParamKey in the mandatory list + +f20 HTTPS 1 foo.example.com. ( + mandatory=key123,key123 key123=abc + ) + diff --git a/testdata/svcb.tdir/svcb.dsc b/testdata/svcb.tdir/svcb.dsc new file mode 100644 index 000000000..6eae7638e --- /dev/null +++ b/testdata/svcb.tdir/svcb.dsc @@ -0,0 +1,16 @@ +BaseName: svcb +Version: 1.0 +Description: Test SVCB and HTTPS parsing +CreationDate: Fri May 25 12:51:22 UTC 2021 +Maintainer: Tom Carpay +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: +Post: +Test: svcb.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/svcb.tdir/svcb.failure-cases-01 b/testdata/svcb.tdir/svcb.failure-cases-01 new file mode 100644 index 000000000..497098b1f --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-01 @@ -0,0 +1,10 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; This example has multiple instances of the same SvcParamKey + +f01 SVCB 1 foo.example.com. ( + key123=abc key123=def + ) diff --git a/testdata/svcb.tdir/svcb.failure-cases-02 b/testdata/svcb.tdir/svcb.failure-cases-02 new file mode 100644 index 000000000..73656171f --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-02 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f02 SVCB 1 foo.example.com. mandatory diff --git a/testdata/svcb.tdir/svcb.failure-cases-03 b/testdata/svcb.tdir/svcb.failure-cases-03 new file mode 100644 index 000000000..8ae6c4ab2 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-03 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f03 SVCB 1 foo.example.com. alpn diff --git a/testdata/svcb.tdir/svcb.failure-cases-04 b/testdata/svcb.tdir/svcb.failure-cases-04 new file mode 100644 index 000000000..5aa32a83e --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-04 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f04 SVCB 1 foo.example.com. port diff --git a/testdata/svcb.tdir/svcb.failure-cases-05 b/testdata/svcb.tdir/svcb.failure-cases-05 new file mode 100644 index 000000000..4b2f95cc0 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-05 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f05 SVCB 1 foo.example.com. ipv4hint diff --git a/testdata/svcb.tdir/svcb.failure-cases-06 b/testdata/svcb.tdir/svcb.failure-cases-06 new file mode 100644 index 000000000..a111846f1 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-06 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f06 SVCB 1 foo.example.com. ipv6hint diff --git a/testdata/svcb.tdir/svcb.failure-cases-07 b/testdata/svcb.tdir/svcb.failure-cases-07 new file mode 100644 index 000000000..a8512ad4c --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-07 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; The "no-default-alpn" SvcParamKey value MUST be empty + +f07 SVCB 1 foo.example.com. no-default-alpn=abc diff --git a/testdata/svcb.tdir/svcb.failure-cases-08 b/testdata/svcb.tdir/svcb.failure-cases-08 new file mode 100644 index 000000000..4bbf618cd --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-08 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In this record a mandatory SvcParam is missing + +f08 SVCB 1 foo.example.com. mandatory=key123 diff --git a/testdata/svcb.tdir/svcb.failure-cases-09 b/testdata/svcb.tdir/svcb.failure-cases-09 new file mode 100644 index 000000000..408e937d4 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-09 @@ -0,0 +1,9 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; The "mandatory" SvcParamKey MUST not be included in mandatory list + +f09 SVCB 1 foo.example.com. mandatory=mandatory + diff --git a/testdata/svcb.tdir/svcb.failure-cases-10 b/testdata/svcb.tdir/svcb.failure-cases-10 new file mode 100644 index 000000000..b1e6ccf5f --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-10 @@ -0,0 +1,10 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; Here there are multiple instances of the same SvcParamKey in the mandatory list + +f10 SVCB 1 foo.example.com. ( + mandatory=key123,key123 key123=abc + ) diff --git a/testdata/svcb.tdir/svcb.failure-cases-11 b/testdata/svcb.tdir/svcb.failure-cases-11 new file mode 100644 index 000000000..ee4d5a431 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-11 @@ -0,0 +1,10 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; This example has multiple instances of the same SvcParamKey + +f01 HTTPS 1 foo.example.com. ( + key123=abc key123=def + ) diff --git a/testdata/svcb.tdir/svcb.failure-cases-12 b/testdata/svcb.tdir/svcb.failure-cases-12 new file mode 100644 index 000000000..e57fa8819 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-12 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f02 HTTPS 1 foo.example.com. mandatory diff --git a/testdata/svcb.tdir/svcb.failure-cases-13 b/testdata/svcb.tdir/svcb.failure-cases-13 new file mode 100644 index 000000000..52f3e6242 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-13 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f03 HTTPS 1 foo.example.com. alpn diff --git a/testdata/svcb.tdir/svcb.failure-cases-14 b/testdata/svcb.tdir/svcb.failure-cases-14 new file mode 100644 index 000000000..3525d26d3 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-14 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f04 HTTPS 1 foo.example.com. port diff --git a/testdata/svcb.tdir/svcb.failure-cases-15 b/testdata/svcb.tdir/svcb.failure-cases-15 new file mode 100644 index 000000000..1ab513725 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-15 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f05 HTTPS 1 foo.example.com. ipv4hint diff --git a/testdata/svcb.tdir/svcb.failure-cases-16 b/testdata/svcb.tdir/svcb.failure-cases-16 new file mode 100644 index 000000000..78bed5c24 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-16 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In the next examples the SvcParamKeys are missing their values. + +f06 HTTPS 1 foo.example.com. ipv6hint diff --git a/testdata/svcb.tdir/svcb.failure-cases-17 b/testdata/svcb.tdir/svcb.failure-cases-17 new file mode 100644 index 000000000..84aede049 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-17 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; The "no-default-alpn" SvcParamKey value MUST be empty + +f07 HTTPS 1 foo.example.com. no-default-alpn=abc diff --git a/testdata/svcb.tdir/svcb.failure-cases-18 b/testdata/svcb.tdir/svcb.failure-cases-18 new file mode 100644 index 000000000..0ecbc545f --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-18 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; In this record a mandatory SvcParam is missing + +f08 HTTPS 1 foo.example.com. mandatory=key123 diff --git a/testdata/svcb.tdir/svcb.failure-cases-19 b/testdata/svcb.tdir/svcb.failure-cases-19 new file mode 100644 index 000000000..576556490 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-19 @@ -0,0 +1,9 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; The "mandatory" SvcParamKey MUST not be included in mandatory list + +f09 HTTPS 1 foo.example.com. mandatory=mandatory + diff --git a/testdata/svcb.tdir/svcb.failure-cases-20 b/testdata/svcb.tdir/svcb.failure-cases-20 new file mode 100644 index 000000000..fc4781eaa --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-20 @@ -0,0 +1,10 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; Here there are multiple instances of the same SvcParamKey in the mandatory list + +f10 HTTPS 1 foo.example.com. ( + mandatory=key123,key123 key123=abc + ) diff --git a/testdata/svcb.tdir/svcb.failure-cases-21 b/testdata/svcb.tdir/svcb.failure-cases-21 new file mode 100644 index 000000000..c60151692 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-21 @@ -0,0 +1,9 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; Here there are multiple instances of the same SvcParamKey in the mandatory list + +f21 HTTPS 1 foo.example.com. ech="123" +f21 HTTPS 1 foo.example.com. echconfig="123" diff --git a/testdata/svcb.tdir/svcb.failure-cases-22 b/testdata/svcb.tdir/svcb.failure-cases-22 new file mode 100644 index 000000000..d01b69700 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-22 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; Port mus be a positive number < 65536 + +f22 HTTPS 1 foo.example.com. port=65536 diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone new file mode 100644 index 000000000..0a96659d8 --- /dev/null +++ b/testdata/svcb.tdir/svcb.success-cases.zone @@ -0,0 +1,40 @@ +$ORIGIN success-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + + +; A particular key does not need to have a value + +s01 SVCB 0 . key123 + + +; echconfig does not need to have a value + +s02 SVCB 0 . echconfig + + +; When "no-default-alpn" is specified in an RR, "alpn" must also be specified +; in order for the RR to be "self-consistent" + +s03 HTTPS 0 . alpn="h2,h3" no-default-alpn + + +; SHOULD is not MUST (so allowed) +; Zone-file implementations SHOULD enforce self-consistency + +s04 HTTPS 0 . no-default-alpn + + +; SHOULD is not MUST (so allowed) +; (port and no-default-alpn are automatically mandatory keys with HTTPS) +; Other automatically mandatory keys SHOULD NOT appear in the list either. + +s05 HTTPS 0 . alpn="dot" no-default-alpn port=853 mandatory=port + +; Any valid base64 is okay for ech +s06 HTTPS 0 . ech="aGVsbG93b3JsZCE=" + +; echconfig is an alias for ech +s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE=" + diff --git a/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/testdata/svcb.tdir/svcb.success-cases.zone.cmp new file mode 100644 index 000000000..540b541c4 --- /dev/null +++ b/testdata/svcb.tdir/svcb.success-cases.zone.cmp @@ -0,0 +1,12 @@ +$ORIGIN . +success-cases 3600 IN SOA primary.success-cases. admin.success-cases. ( + 0 0 0 0 0 ) +$ORIGIN success-cases. +s01 3600 IN SVCB 0 . key123 +s02 3600 IN SVCB 0 . ech +s03 3600 IN HTTPS 0 . alpn="h2,h3" no-default-alpn +s04 3600 IN HTTPS 0 . no-default-alpn +s05 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853 +s06 3600 IN HTTPS 0 . ech=aGVsbG93b3JsZCE= +s07 3600 IN HTTPS 0 . ech=aGVsbG93b3JsZCE= +; zone success-cases is ok diff --git a/testdata/svcb.tdir/svcb.test b/testdata/svcb.tdir/svcb.test new file mode 100644 index 000000000..48a754512 --- /dev/null +++ b/testdata/svcb.tdir/svcb.test @@ -0,0 +1,234 @@ +# #-- svcb.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + + +# check and write the test vectors in their respective formats +PRE=../.. +if ! $PRE/readzone svcb.test-vectors-pf.zone > svcb.test-vectors-pf.zone.out +then + echo "Could not parse presentation format zone" + exit 1 + +elif ! $PRE/readzone svcb.test-vectors-pf.zone.out > svcb.test-vectors-pf.zone.out.out +then + echo "Could not parse output from presentation format zone" + exit 1 + +elif ! $PRE/readzone svcb.test-vectors-wf.zone > svcb.test-vectors-wf.zone.out +then + echo "Could not parse RFC3597 formatted zone" + exit 1 + +elif ! $PRE/readzone svcb.test-vectors-wf.zone.out > svcb.test-vectors-wf.zone.out.out +then + echo "Could not parse output from RFC3597 formatted zone" + exit 1 +else + echo "All test zones parsed successfully" +fi + + +# check the formatting of the written files +if ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-pf.zone.out.out +then + echo "Parsing inconsistency 1" + exit 1 + +elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out +then + echo "Parsing inconsistency 2" + exit 1 + +elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out.out +then + echo "Parsing inconsistency 3" + exit 1 +else + echo "Parsing of SVCB and HTTPS was consistent" +fi + + +# check all the failure cases +if svcb.failure-cases-01 +then + echo "Failure case 1: Multiple instances of the same SvcParamKey" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-02 +then + echo "Failure case 2: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-03 +then + echo "Failure case 3: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-04 +then + echo "Failure case 4: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-05 +then + echo "Failure case 5: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-06 +then + echo "Failure case 6: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-07 +then + echo "Failure case 7: The \no-default-alpn\" SvcParamKey value MUST be empty + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-08 +then + echo "Failure case 8: a mandatory SvcParam is missing" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-09 +then + echo "Failure case 9: The \"mandatory\" SvcParamKey MUST not be included in mandatory list" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-10 +then + echo "Failure case 10: multiple instances of the same SvcParamKey in the mandatory list" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-11 +then + echo "Failure case 11: Multiple instances of the same SvcParamKey" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-12 +then + echo "Failure case 12: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-13 +then + echo "Failure case 13: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-14 +then + echo "Failure case 14: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-15 +then + echo "Failure case 15: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-16 +then + echo "Failure case 16: a SvcParamKey is missing a value" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-17 +then + echo "Failure case 17: The \no-default-alpn\" SvcParamKey value MUST be empty + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-18 +then + echo "Failure case 18: a mandatory SvcParam is missing" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-19 +then + echo "Failure case 19: The \"mandatory\" SvcParamKey MUST not be included in mandatory list" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-20 +then + echo "Failure case 20: multiple instances of the same SvcParamKey in the mandatory list" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-21 +then + echo "Failure case 21: ech value is not base64 encoded" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-22 +then + echo "Failure case 22: port value needs to be a positive integer < 65536" + echo "Incorrectly succeeded" + exit 1 +else + echo "All failure cases test successfully" +fi + + +# check all the succes and write them +if ! $PRE/nsd-checkzone -p success-cases svcb.success-cases.zone > svcb.success-cases.zone.out +then + echo "Some particular success cases did not succeed to parse" + exit 1 + +elif ! diff svcb.success-cases.zone.out svcb.success-cases.zone.cmp +then + echo "Some success cases could not be printed" + exit 1 +else + echo "All particular success cases parsed and printed successfully" +fi + + +rem $PRE/nsd-control -c svcb.secondary.conf write +rem while [ ! -f test-vectors-secondary.zone ] +rem do +rem sleep 1 +rem done +rem while ! grep '^v20' test-vectors-secondary.zone +rem do +rem sleep 1 +rem done +rem grep -v '^;' svcb.test-vectors-pf.zone.out > svcb.test-vectors-pf.zone.out2 +rem grep -v '^;' test-vectors-secondary.zone > test-vectors-secondary.zone.out +rem if ! diff svcb.test-vectors-pf.zone.out2 test-vectors-secondary.zone.out +rem then +rem echo "Output from secondary did not match output from primary" +rem exit 1 +rem else +rem echo "Output from secondary did match output from primary" +rem fi + +rem dig @127.0.0.1 -p $TPKG_SEC_PORT f01.failure-cases. TYPE64 > f01.failure-cases.out +rem if grep 'status: NOERROR' f01.failure-cases.out +rem then +rem echo "Failure case 1: Multiple instances of the same SvcParamKey" +rem echo "allowed for secondary" +rem else +rem echo "Could not load failure-cases zone in secondary" +rem exit 1 +rem fi + diff --git a/testdata/svcb.tdir/svcb.test-vectors-pf.zone b/testdata/svcb.tdir/svcb.test-vectors-pf.zone new file mode 100644 index 000000000..d2cb5087b --- /dev/null +++ b/testdata/svcb.tdir/svcb.test-vectors-pf.zone @@ -0,0 +1,92 @@ +$ORIGIN test-vectors. +$TTL 3600 + +@ SOA primary admin 1 3600 1800 7200 3600 + + NS primary +primary A 127.0.0.1 +; D.1. AliasForm + +v01 SVCB 0 foo.example.com. + +; D.2. ServiceForm +; The first form is the simple "use the ownername". + +v02 SVCB 1 . + +; This vector only has a port. + +v03 SVCB 16 foo.example.com. port=53 + +; This example has a key that is not registered, its value is unquoted. + +v04 SVCB 1 foo.example.com. key667=hello + +; This example has a key that is not registered, its value is quoted and +; contains a decimal-escaped character. + +v05 SVCB 1 foo.example.com. key667="hello\210qoo" + +; Here, two IPv6 hints are quoted in the presentation format. + +v06 SVCB 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1" + +; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. + +v07 SVCB 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100" + +; In the next vector, neither the SvcParamValues nor the mandatory keys are +; sorted in presentation format, but are correctly sorted in the wire-format. + +v08 SVCB 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn + ipv4hint=192.0.2.1) + +; This last (two) vectors has an alpn value with an escaped comma and an +; escaped backslash in two presentation formats. + +v09 SVCB 16 foo.example.org. alpn="f\\\\oo\\,bar,h2" +v10 SVCB 16 foo.example.org. alpn=f\\\092oo\092,bar,h2 + + +; D.1. AliasForm + +v11 HTTPS 0 foo.example.com. + +; D.2. ServiceForm +; The first form is the simple "use the ownername". + +v12 HTTPS 1 . + +; This vector only has a port. + +v13 HTTPS 16 foo.example.com. port=53 + +; This example has a key that is not registered, its value is unquoted. + +v14 HTTPS 1 foo.example.com. key667=hello + +; This example has a key that is not registered, its value is quoted and +; contains a decimal-escaped character. + +v15 HTTPS 1 foo.example.com. key667="hello\210qoo" + +; Here, two IPv6 hints are quoted in the presentation format. + +v16 HTTPS 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1" + +; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. + +v17 HTTPS 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100" + +; In the next vector, neither the SvcParamValues nor the mandatory keys are +; sorted in presentation format, but are correctly sorted in the wire-format. + +v18 HTTPS 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn + ipv4hint=192.0.2.1) + +; This last (two) vectors has an alpn value with an escaped comma and an +; escaped backslash in two presentation formats. + +v19 HTTPS 16 foo.example.org. alpn="f\\\\oo\\,bar,h2" +v20 HTTPS 16 foo.example.org. alpn=f\\\092oo\092,bar,h2 + diff --git a/testdata/svcb.tdir/svcb.test-vectors-wf.zone b/testdata/svcb.tdir/svcb.test-vectors-wf.zone new file mode 100644 index 000000000..bf47ab75c --- /dev/null +++ b/testdata/svcb.tdir/svcb.test-vectors-wf.zone @@ -0,0 +1,232 @@ +$ORIGIN test-vectors. +$TTL 3600 + +@ SOA primary admin 1 3600 1800 7200 3600 + + NS primary +primary A 127.0.0.1 + +; D.1. AliasForm + +v01 SVCB \# 19 ( +00 00 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +) + +; D.2. ServiceForm +; The first form is the simple "use the ownername". + +v02 SVCB \# 3 ( +00 01 ; priority +00 ; target (root label) +) + +; This vector only has a port. + +v03 SVCB \# 25 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 03 ; key 3 +00 02 ; length 2 +00 35 ; value +) + +; This example has a key that is not registered, its value is unquoted. + +v04 SVCB \# 28 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +02 9b ; key 667 +00 05 ; length 5 +68 65 6c 6c 6f ; value +) + +; This example has a key that is not registered, its value is quoted and +; contains a decimal-escaped character. + +v05 SVCB \# 32 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +02 9b ; key 667 +00 09 ; length 9 +68 65 6c 6c 6f d2 71 6f 6f ; value +) + +; Here, two IPv6 hints are quoted in the presentation format. + +v06 SVCB \# 55 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 06 ; key 6 +00 20 ; length 32 +20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address +20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address +) + +; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. + +v07 SVCB \# 35 ( +00 01 ; priority +07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 06 ; key 6 +00 10 ; length 16 +20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address +) + +; In the next vector, neither the SvcParamValues nor the mandatory keys are +; sorted in presentation format, but are correctly sorted in the wire-format. + +v08 SVCB \# 48 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 00 ; key 0 +00 04 ; param length 4 +00 01 ; value: key 1 +00 04 ; value: key 4 +00 01 ; key 1 +00 09 ; param length 9 +02 ; alpn length 2 +68 32 ; alpn value +05 ; alpn length 5 +68 33 2d 31 39 ; alpn value +00 04 ; key 4 +00 04 ; param length 4 +c0 00 02 01 ; param value +) + +; This last (two) vectors has an alpn value with an escaped comma and an +; escaped backslash in two presentation formats. + +v09 SVCB \# 35 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 01 ; key 1 +00 0c ; param length 12 +08 ; alpn length 8 +66 5c 6f 6f 2c 62 61 72 ; alpn value +02 ; alpn length 2 +68 32 ; alpn value +) +v10 SVCB \# 35 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 01 ; key 1 +00 0c ; param length 12 +08 ; alpn length 8 +66 5c 6f 6f 2c 62 61 72 ; alpn value +02 ; alpn length 2 +68 32 ; alpn value +) + +; D.1. AliasForm + +v11 HTTPS \# 19 ( +00 00 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +) + +; D.2. ServiceForm +; The first form is the simple "use the ownername". + +v12 HTTPS \# 3 ( +00 01 ; priority +00 ; target (root label) +) + +; This vector only has a port. + +v13 HTTPS \# 25 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 03 ; key 3 +00 02 ; length 2 +00 35 ; value +) + +; This example has a key that is not registered, its value is unquoted. + +v14 HTTPS \# 28 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +02 9b ; key 667 +00 05 ; length 5 +68 65 6c 6c 6f ; value +) + +; This example has a key that is not registered, its value is quoted and +; contains a decimal-escaped character. + +v15 HTTPS \# 32 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +02 9b ; key 667 +00 09 ; length 9 +68 65 6c 6c 6f d2 71 6f 6f ; value +) + +; Here, two IPv6 hints are quoted in the presentation format. + +v16 HTTPS \# 55 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 06 ; key 6 +00 20 ; length 32 +20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address +20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address +) + +; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. + +v17 HTTPS \# 35 ( +00 01 ; priority +07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 06 ; key 6 +00 10 ; length 16 +20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address +) + +; In the next vector, neither the SvcParamValues nor the mandatory keys are +; sorted in presentation format, but are correctly sorted in the wire-format. + +v18 HTTPS \# 48 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 00 ; key 0 +00 04 ; param length 4 +00 01 ; value: key 1 +00 04 ; value: key 4 +00 01 ; key 1 +00 09 ; param length 9 +02 ; alpn length 2 +68 32 ; alpn value +05 ; alpn length 5 +68 33 2d 31 39 ; alpn value +00 04 ; key 4 +00 04 ; param length 4 +c0 00 02 01 ; param value +) + +; This last (two) vectors has an alpn value with an escaped comma and an +; escaped backslash in two presentation formats. + +v19 HTTPS \# 35 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 01 ; key 1 +00 0c ; param length 12 +08 ; alpn length 8 +66 5c 6f 6f 2c 62 61 72 ; alpn value +02 ; alpn length 2 +68 32 ; alpn value +) +v20 HTTPS \# 35 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 01 ; key 1 +00 0c ; param length 12 +08 ; alpn length 8 +66 5c 6f 6f 2c 62 61 72 ; alpn value +02 ; alpn length 2 +68 32 ; alpn value +) + From 956d7d4e44f15dd53241e3e15c60d91af79743e8 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Tue, 25 May 2021 15:56:19 +0200 Subject: [PATCH 12/38] Fix mandatory parsing and ech printing --- sldns/str2wire.c | 8 ++++---- sldns/wire2str.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 1b09766bc..df244910e 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1168,8 +1168,8 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) return -1; } } - - // @TODO check if we have space to write in rd_len; look for the best spot + if (sizeof(uint16_t) * (count + 2) > *rd_len) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; sldns_write_uint16(rd, SVCB_KEY_MANDATORY); sldns_write_uint16(rd + 2, sizeof(uint16_t) * count); @@ -1179,12 +1179,12 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) if (!(next_key = strchr(val, ','))) { sldns_write_uint16(rd + *rd_len, sldns_str2wire_svcparam_key_lookup(val, val_len)); - *rd_len += LDNS_IP6ADDRLEN; + *rd_len += 2; break; } else { sldns_write_uint16(rd + *rd_len, sldns_str2wire_svcparam_key_lookup(val, next_key - val)); - *rd_len += LDNS_IP6ADDRLEN; + *rd_len += 2; } val_len -= next_key - val + 1; diff --git a/sldns/wire2str.c b/sldns/wire2str.c index f6c32cfe3..07a4911c4 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -1091,14 +1091,14 @@ static int sldns_wire2str_svcparam_ech2str(char** s, size_t* slen, uint16_t data_len, uint8_t* data) { int size; - int w; + int w = 0; assert(data_len > 0); /* Guaranteed by rdata_svcparam_to_string */ w += sldns_str_print(s, slen, "=\""); /* b64_ntop_calculate size includes null at the end */ - size = sldns_b64_ntop_calculate_size(data_len); + size = sldns_b64_ntop_calculate_size(data_len) - 1; // @TODO store return value? sldns_b64_ntop(data, data_len, *s, *slen); From 21413aed78da849e0e036a6ae61c32162097dfa2 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Tue, 25 May 2021 16:02:22 +0200 Subject: [PATCH 13/38] fix merge error in ipv6hints --- sldns/str2wire.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index df244910e..aec8e51fe 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1117,8 +1117,6 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) break; *rd_len += LDNS_IP6ADDRLEN; - *rd_len += LDNS_IP6ADDRLEN; - assert(count == 1); } else if (next_ip_str - val >= (int)sizeof(ip_str)) From eb0e029dda38d9df317f0ee1e8872576c5b75318 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Thu, 27 May 2021 15:22:32 +0200 Subject: [PATCH 14/38] add escaping --- sldns/str2wire.c | 87 +++++++++++++++++++++++++++++++++++++++--------- sldns/wire2str.c | 31 ++++++++++++++--- 2 files changed, 99 insertions(+), 19 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index aec8e51fe..83eca3524 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -711,6 +711,18 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, /* write rdata length */ sldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10)); *rr_len = rr_cur_len; + /* SVCB/HTTPS handling */ + if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) { + + + + // 1. Find the size + // 2. qsort the data according to the keys + // 3. verify that keys are unique + // 4. verify that mandatory keys are present and unique + + + } return LDNS_WIREPARSE_ERR_OK; } @@ -976,14 +988,17 @@ sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len) if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1)) return SVCB_KEY_IPV6HINT; break; + case sizeof("ech")-1: if (!strncmp(key, "ech", sizeof("ech")-1)) return SVCB_KEY_ECH; break; + default: break; } - if (key_len > sizeof(buf) - 1) {} + + if (key_len > sizeof(buf) - 1) {} // ERROR: Unknown SvcParamKey else { memcpy(buf, key, key_len); @@ -1286,7 +1301,6 @@ int sldns_str2wire_svcbparam_alpn_value(const char* val, size_t str_len; size_t dst_len; size_t val_len; - int wire_len; val_len = strlen(val); @@ -1328,8 +1342,28 @@ static int sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, const char *val, uint8_t* rd, size_t* rd_len) { + size_t str_len; uint16_t svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len); + + // @TODO add case where svcparamkey == -1 + + /* key and no value case*/ + if (val == NULL) { + sldns_write_uint16(rd, svcparamkey); + sldns_write_uint16(rd + 2, 0); + *rd_len = 4; + + return LDNS_WIREPARSE_ERR_OK; + } + + // @TODO unescape characters in the value list + + // if (val[0] == '"' && val[str_len - 1]) { + + // } + + /* value is non-empty */ switch (svcparamkey) { case SVCB_KEY_PORT: return sldns_str2wire_svcparam_port(val, rd, rd_len); @@ -1340,18 +1374,24 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, case SVCB_KEY_MANDATORY: return sldns_str2wire_svcbparam_mandatory(val, rd, rd_len); case SVCB_KEY_NO_DEFAULT_ALPN: + + // @TODO is this superfluous now? + return sldns_str2wire_svcbparam_no_default_alpn(val, rd, rd_len); - // if(zone_is_slave(parser->current_zone->opts)) - // zc_warning_prev_line("no-default-alpn should not have a value"); - // else - // zc_error_prev_line("no-default-alpn should not have a value"); - // break; case SVCB_KEY_ECH: return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len); case SVCB_KEY_ALPN: return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); default: - break; + // @TODO escaping here -> copy from alpn? + + str_len = strlen(val); + sldns_write_uint16(rd, svcparamkey); + sldns_write_uint16(rd + 2, str_len); + memcpy(rd + 4, val, str_len); + *rd_len = 4 + str_len; + + return LDNS_WIREPARSE_ERR_OK; } // @TODO change to error? @@ -1360,18 +1400,35 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) { + size_t str_len; const char* eq_pos; - - int ret; + char unescaped_val[65536]; + char* val_out = unescaped_val; + const char* val_in; eq_pos = strchr(str, '='); - // @TODO handle "key=" case + if (eq_pos != NULL && eq_pos[1]) { /* case: key=value */ + val_in = eq_pos + 1; + + /* unescape characters and "" blocks */ + if (*val_in == '"') { + val_in++; + while (*val_in != '"' && sldns_parse_char( (uint8_t*) val_out, &val_in)) { + val_out++; + } + } else { + while ( sldns_parse_char( (uint8_t*) val_out, &val_in)) { + val_out++; + } + } + *val_out = 0; - /* Verify that we have a have a value */ - if (eq_pos != NULL) { - return sldns_str2wire_svcparam_key_value(str, eq_pos - str, eq_pos + 1, rd, rd_len); - } else { + return sldns_str2wire_svcparam_key_value(str, eq_pos - str, + unescaped_val[0] ? unescaped_val : NULL, rd, rd_len); + } else if (eq_pos != NULL && !(eq_pos[1])) { /* case: key= */ + return sldns_str2wire_svcparam_key_value(str, eq_pos - str, NULL, rd, rd_len); + } else { /* case: key */ return sldns_str2wire_svcparam_key_value(str, strlen(str), NULL, rd, rd_len); } diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 07a4911c4..cf87f0aa8 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -199,7 +199,7 @@ sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data; /* draft-ietf-dnsop-svcb-https-04: 6. Initial SvcParamKeys */ const char *svcparamkey_strs[] = { "mandatory", "alpn", "no-default-alpn", "port", - "ipv4hint", "echconfig", "ipv6hint" + "ipv4hint", "ech", "ipv6hint" }; char* sldns_wire2str_pkt(uint8_t* data, size_t len) @@ -965,6 +965,8 @@ static int sldns_wire2str_svcparam_port2str(char** s, if (data_len != 2) return -1; /* wireformat error, a short is 2 bytes */ w = sldns_str_print(s, slen, "=%d", (int)sldns_read_uint16(data)); + *data += 2; + return w; } @@ -1117,9 +1119,10 @@ static int sldns_wire2str_svcparam_ech2str(char** s, int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) { + char ch; uint16_t svcparamkey, data_len; int written_chars = 0; - int r; + int r, i; /* verify that we have enough data to read svcparamkey and data_len */ if(*dlen < 4) @@ -1130,12 +1133,15 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl *d += 4; *dlen -= 4; + // fprintf(stderr, "data_len: %hu\n", data_len); + /* verify that we have data_len data */ if (data_len > *dlen) return -1; written_chars += sldns_print_svcparamkey(s, slen, svcparamkey); if (!data_len) { + /* Some SvcParams MUST have values */ switch (svcparamkey) { case SVCB_KEY_ALPN: @@ -1143,11 +1149,12 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: case SVCB_KEY_MANDATORY: - return -1; + return LDNS_WIREPARSE_ERR_SYNTAX_MISSING_VALUE; default: - return written_chars; + return LDNS_WIREPARSE_ERR_OK; } } + switch (svcparamkey) { case SVCB_KEY_PORT: r = sldns_wire2str_svcparam_port2str(s, slen, data_len, *d); @@ -1170,6 +1177,22 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d); break; default: + r += sldns_str_print(s, slen, "=\""); + + for (i = 0; i < data_len; i++) { + ch = (*d)[i]; + + if (ch == '"' || ch == '\\') + r += sldns_str_print(s, slen, "\\%c", ch); + + else if (!isprint(ch)) + r += sldns_str_print(s, slen, "\\%03u", (unsigned) ch); + + else + r += sldns_str_print(s, slen, "%c", ch); + + } + r += sldns_str_print(s, slen, "%c", '"'); break; } if (r <= 0) From 9dcfc90225f356aa5c1ad868a201629875c54539 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Thu, 27 May 2021 14:15:15 +0000 Subject: [PATCH 15/38] start of sldns_heck_svcbparams --- sldns/str2wire.c | 69 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 64 insertions(+), 5 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 83eca3524..8eafca042 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -614,6 +614,43 @@ sldns_affix_token(sldns_buffer* strbuf, char* token, size_t* token_len, return 1; } +static void sldns_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) +{ + size_t nparams = 0, i; + uint8_t* svcparams[10240]; // @TODO change array size in actual max number of svcbparams + + // 1. Find the SvcParams + while (rdata_len) { + uint16_t svcbparam_len; + + svcparams[nparams] = rdata; + if (rdata_len < 4) + return; + svcbparam_len = sldns_read_uint16(rdata + 2); + rdata_len -= 4; + rdata += 4; + + if (rdata_len < svcbparam_len) + return; + rdata_len -= svcbparam_len; + rdata += svcbparam_len; + + nparams += 1; + } + + for (i = 0; i < nparams; i++) { + uint8_t* svcparam_data = svcparams[i]; + uint16_t svcparam_key = sldns_read_uint16(svcparam_data); + uint16_t svcparam_len = sldns_read_uint16(svcparam_data + 2); + + fprintf(stderr, "param %zu, key: %d, len: %d\n" + , i, (int)svcparam_key, (int)svcparam_len); + } + // 2. qsort the data according to the keys + // 3. verify that keys are unique + // 4. verify that mandatory keys are present and unique +} + /** parse rdata from string into rr buffer(-remainder after dname). */ static int rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, @@ -713,15 +750,37 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, *rr_len = rr_cur_len; /* SVCB/HTTPS handling */ if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) { - + uint16_t rdata_len = rr_cur_len - dname_len - 10; + uint8_t *rdata = rr+dname_len + 10; + /* skip 1st rdata field SvcPriority (uint16_t) */ + if (rdata_len < sizeof(uint16_t)) + return LDNS_WIREPARSE_ERR_OK; - // 1. Find the size - // 2. qsort the data according to the keys - // 3. verify that keys are unique - // 4. verify that mandatory keys are present and unique + rdata_len -= sizeof(uint16_t); + rdata += sizeof(uint16_t); + /* skip 2nd rdata field dname */ + while (rdata_len && *rdata != 0) { + uint8_t label_len; + if (*rdata & 0xC0) + return LDNS_WIREPARSE_ERR_OK; + + label_len = *rdata + 1; + if (rdata_len < label_len) + return LDNS_WIREPARSE_ERR_OK; + + rdata_len -= label_len; + rdata += label_len; + } + assert(*rdata == 0); + if (rdata_len < 2) + return LDNS_WIREPARSE_ERR_OK; + + rdata_len -= 1; + rdata += 1; + check_svcbparams(rdata, rdata_len); } return LDNS_WIREPARSE_ERR_OK; } From e89743b2b8c37910b74b18fc7ad85981876afd74 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Wed, 2 Jun 2021 10:10:05 +0200 Subject: [PATCH 16/38] add check_svcbparams --- sldns/str2wire.c | 108 +++++++++++++++++++++++++++++++++++++++-------- sldns/str2wire.h | 5 +++ sldns/wire2str.c | 9 +++- 3 files changed, 102 insertions(+), 20 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 8eafca042..1ae173014 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -614,41 +614,91 @@ sldns_affix_token(sldns_buffer* strbuf, char* token, size_t* token_len, return 1; } -static void sldns_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) +static int sldns_str2wire_svcparam_key_cmp(const void *a, const void *b) { - size_t nparams = 0, i; - uint8_t* svcparams[10240]; // @TODO change array size in actual max number of svcbparams + return sldns_read_uint16(*(uint8_t**) a) + - sldns_read_uint16(*(uint8_t**) b); +} - // 1. Find the SvcParams +static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) +{ + size_t nparams = 0, i, j; + uint8_t* svcparams[10240]; // @TODO change array size in actual max number of svcbparams + uint8_t* mandatory = NULL; + + /* find the SvcParams */ while (rdata_len) { uint16_t svcbparam_len; svcparams[nparams] = rdata; if (rdata_len < 4) - return; + // @TODO verify that these are correct + return LDNS_WIREPARSE_ERR_OK; svcbparam_len = sldns_read_uint16(rdata + 2); rdata_len -= 4; rdata += 4; if (rdata_len < svcbparam_len) - return; + // @TODO verify that these are correct + return LDNS_WIREPARSE_ERR_OK; rdata_len -= svcbparam_len; rdata += svcbparam_len; nparams += 1; } - for (i = 0; i < nparams; i++) { - uint8_t* svcparam_data = svcparams[i]; - uint16_t svcparam_key = sldns_read_uint16(svcparam_data); - uint16_t svcparam_len = sldns_read_uint16(svcparam_data + 2); + /* In draft-ietf-dnsop-svcb-https-05 Section 7: + * + * In wire format, the keys are represented by their numeric + * values in network byte order, concatenated in ascending order. + */ + qsort((void *)svcparams + ,nparams + ,sizeof(uint8_t*) + ,sldns_str2wire_svcparam_key_cmp); - fprintf(stderr, "param %zu, key: %d, len: %d\n" - , i, (int)svcparam_key, (int)svcparam_len); + /* In draft-ietf-dnsop-svcb-https-05 Section 7: + * + * Keys (...) MUST NOT appear more than once. + * + * If they key has already been seen, we have a duplicate + */ + for (i = 0; i < nparams - 1; i++) { + uint16_t key = sldns_read_uint16(svcparams[i]); + + if (i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1])) + return LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS; + + if (key == SVCB_KEY_MANDATORY) + mandatory = svcparams[i]; } - // 2. qsort the data according to the keys - // 3. verify that keys are unique - // 4. verify that mandatory keys are present and unique + + /* 4. verify that all the SvcParamKeys in mandatory are present */ + if (mandatory) { + /* divide by sizeof(uint16_t)*/ + uint16_t mandatory_len = sldns_read_uint16(mandatory + 2) >> 1; + + // @TODO do we need this? + if (mandatory_len < 1) + return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; + + for (i = 0; i < mandatory_len; i++) { + // @TODO fix ugly math + uint16_t mandatory_key = sldns_read_uint16(mandatory + 2 + 2 * i); + uint8_t found = 0; + + for (j = 0; j < nparams; j++) { + if (mandatory_key == sldns_read_uint16(svcparams[j])) + found = 1; + } + + if (!found) + return LDNS_WIREPARSE_ERR_SVCB_MISSING_MANDATORY; + } + + } + + return LDNS_WIREPARSE_ERR_OK; } /** parse rdata from string into rr buffer(-remainder after dname). */ @@ -750,7 +800,7 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, *rr_len = rr_cur_len; /* SVCB/HTTPS handling */ if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) { - uint16_t rdata_len = rr_cur_len - dname_len - 10; + size_t rdata_len = rr_cur_len - dname_len - 10; uint8_t *rdata = rr+dname_len + 10; /* skip 1st rdata field SvcPriority (uint16_t) */ @@ -780,7 +830,8 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, rdata_len -= 1; rdata += 1; - check_svcbparams(rdata, rdata_len); + return sldns_str2wire_check_svcbparams(rdata, rdata_len); + } return LDNS_WIREPARSE_ERR_OK; } @@ -1264,13 +1315,32 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) key_dst += 1; } - /* In draft-ietf-dnsop-svcb-https-04 Section 7: + /* In draft-ietf-dnsop-svcb-https-05 Section 7: * * "In wire format, the keys are represented by their numeric * values in network byte order, concatenated in ascending order." */ qsort((void *)(rd + 4), count, sizeof(uint16_t), sldns_network_uint16_cmp); + /* Guarantee key uniqueness. After the sort we only need to + * compare neighbours */ + if (count > 1) { + for (i = 0; i < count - 1; i++) { + uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i)); + uint16_t key = sldns_read_uint16(current_pos); + + /* In draft-ietf-dnsop-svcb-https-05 Section 8 + * automatically mandatory MUST NOT appear in its own value-list + */ + if (key == SVCB_KEY_MANDATORY) + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; + + if (key == sldns_read_uint16(current_pos + 2)) { + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY; + } + } + } + return LDNS_WIREPARSE_ERR_OK; } @@ -1407,6 +1477,8 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, // @TODO add case where svcparamkey == -1 + // @TODO add cases where keys cannot be vallueless -> LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM + /* key and no value case*/ if (val == NULL) { sldns_write_uint16(rd, svcparamkey); diff --git a/sldns/str2wire.h b/sldns/str2wire.h index b687546a7..fbdda66e2 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -219,6 +219,11 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len); #define LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370 #define LDNS_WIREPARSE_ERR_INCLUDE 371 #define LDNS_WIREPARSE_ERR_PARENTHESIS 372 +#define LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 373 +#define LDNS_WIREPARSE_ERR_SVCB_MISSING_MANDATORY 374 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 375 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 376 +#define LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 377 /** * Get reference to a constant string for the (parse) error. diff --git a/sldns/wire2str.c b/sldns/wire2str.c index cf87f0aa8..9426bdb2c 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -149,6 +149,13 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { { LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" }, { LDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" }, { LDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" }, + { LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "Value expected for SvcParam"}, + { LDNS_WIREPARSE_ERR_SVCB_MISSING_MANDATORY, "Mandatory SvcParamKey is missing"}, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY, + "Keys in SvcParam mandatory MUST be unique" }, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, + "mandatory MUST not be included as mandatory parameter" }, + { LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"}, { 0, NULL } }; sldns_lookup_table* sldns_wireparse_errors = sldns_wireparse_errors_data; @@ -1133,8 +1140,6 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl *d += 4; *dlen -= 4; - // fprintf(stderr, "data_len: %hu\n", data_len); - /* verify that we have data_len data */ if (data_len > *dlen) return -1; From 41f642bfb9e44d5263920f766732d9bcfb7c9e56 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Wed, 2 Jun 2021 12:27:48 +0200 Subject: [PATCH 17/38] add error handling --- sldns/str2wire.c | 66 ++++++++++++++++++++++++++++-------------------- sldns/str2wire.h | 16 ++++++++---- sldns/wire2str.c | 15 +++++++++-- 3 files changed, 62 insertions(+), 35 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 1ae173014..0053a757a 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -620,10 +620,15 @@ static int sldns_str2wire_svcparam_key_cmp(const void *a, const void *b) - sldns_read_uint16(*(uint8_t**) b); } +/** + * Add constraints to the SVCB RRs which involve the whole set + */ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) { size_t nparams = 0, i, j; - uint8_t* svcparams[10240]; // @TODO change array size in actual max number of svcbparams + uint8_t new_rdata[65536]; + uint8_t* new_rdata_ptr = new_rdata; + uint8_t* svcparams[64]; uint8_t* mandatory = NULL; /* find the SvcParams */ @@ -684,7 +689,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) for (i = 0; i < mandatory_len; i++) { // @TODO fix ugly math - uint16_t mandatory_key = sldns_read_uint16(mandatory + 2 + 2 * i); + uint16_t mandatory_key = sldns_read_uint16(mandatory + 4 + i * 2); uint8_t found = 0; for (j = 0; j < nparams; j++) { @@ -693,11 +698,21 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) } if (!found) - return LDNS_WIREPARSE_ERR_SVCB_MISSING_MANDATORY; + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM; } } + // Write rdata + for (i = 0; i < nparams; i++) { + uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) + 4; + fprintf(stderr, "svcparam_len: %d\n", svcparam_len); + memcpy(new_rdata_ptr, svcparams[i], svcparam_len); + new_rdata_ptr += svcparam_len; + } + memcpy(rdata, new_rdata, new_rdata_ptr - new_rdata); + fprintf(stderr, "new_rdata_ptr - new_rdata: %d\n", new_rdata_ptr - new_rdata); + return LDNS_WIREPARSE_ERR_OK; } @@ -1107,14 +1122,7 @@ sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len) default: break; } - - if (key_len > sizeof(buf) - 1) {} - // ERROR: Unknown SvcParamKey - else { - memcpy(buf, key, key_len); - buf[key_len] = 0; - // Error: "Unknown SvcParamKey: %s" - } + /* Although the returned value might be used by the caller, * the parser has erred, so the zone will not be loaded. */ @@ -1144,8 +1152,7 @@ sldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len) return LDNS_WIREPARSE_ERR_OK; } - // ERROR: "Could not parse port SvcParamValue" - return -1; + return LDNS_WIREPARSE_ERR_SVCB_PORT_UNKNOWN_KEY; } static int @@ -1162,8 +1169,7 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) if (val[i] == ',') count += 1; if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { - // ERROR "Too many IPV4 addresses in ipv4hint" - return -1; + return LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_KEYS; } } @@ -1192,7 +1198,6 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) memcpy(ip_str, val, next_ip_str - val); ip_str[next_ip_str - val] = 0; if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) { - val = ip_str; /* to use in error reporting below */ break; } *rd_len += LDNS_IP4ADDRLEN; @@ -1221,8 +1226,7 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) if (val[i] == ',') count += 1; if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { - // ERROR "Too many IPV4 addresses in ipv4hint" - return -1; + return LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS; } } @@ -1261,8 +1265,8 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) ip_wire_dst++; count--; } - // if (count) /* verify that we parsed all values */ - // ERROR "Could not parse ipv6hint SvcParamValue: " + if (count) /* verify that we parsed all values */ + return LDNS_WIREPARSE_ERR_SYNTAX_IP6; return LDNS_WIREPARSE_ERR_OK; } @@ -1287,8 +1291,7 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) if (val[i] == ',') count += 1; if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { - // ERROR "Too many keys in mandatory" - return -1; + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS; } } if (sizeof(uint16_t) * (count + 2) > *rd_len) @@ -1443,8 +1446,7 @@ int sldns_str2wire_svcbparam_alpn_value(const char* val, ? (size_t)(next_str - val) : val_len; if (str_len > 255) { - // ERROR "alpn strings need to be smaller than 255 chars" - return LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW; + return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; } dst_len = sldns_str2wire_svcbparam_parse_alpn_copy_unescaped(dst + 1, val, str_len); *dst++ = dst_len; @@ -1474,18 +1476,26 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, size_t str_len; uint16_t svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len); - - // @TODO add case where svcparamkey == -1 - - // @TODO add cases where keys cannot be vallueless -> LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM + if (svcparamkey < 0) { + return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY; + } /* key and no value case*/ if (val == NULL) { + switch (svcparamkey) { + case SVCB_KEY_MANDATORY: + case SVCB_KEY_ALPN: + case SVCB_KEY_PORT: + case SVCB_KEY_IPV4HINT: + case SVCB_KEY_IPV6HINT: + return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; + default: sldns_write_uint16(rd, svcparamkey); sldns_write_uint16(rd + 2, 0); *rd_len = 4; return LDNS_WIREPARSE_ERR_OK; + } } // @TODO unescape characters in the value list diff --git a/sldns/str2wire.h b/sldns/str2wire.h index fbdda66e2..62efe9229 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -219,11 +219,17 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len); #define LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370 #define LDNS_WIREPARSE_ERR_INCLUDE 371 #define LDNS_WIREPARSE_ERR_PARENTHESIS 372 -#define LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 373 -#define LDNS_WIREPARSE_ERR_SVCB_MISSING_MANDATORY 374 -#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 375 -#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 376 -#define LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 377 +#define LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY 373 +#define LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 374 +#define LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 375 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 376 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 377 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 378 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 379 +#define LDNS_WIREPARSE_ERR_SVCB_PORT_UNKNOWN_KEY 380 +#define LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_KEYS 381 +#define LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS 382 +#define LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 383 /** * Get reference to a constant string for the (parse) error. diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 9426bdb2c..48dc55a98 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -149,13 +149,24 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { { LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" }, { LDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" }, { LDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" }, + { LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY, "Unknown SvcParamKey"}, { LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "Value expected for SvcParam"}, - { LDNS_WIREPARSE_ERR_SVCB_MISSING_MANDATORY, "Mandatory SvcParamKey is missing"}, + { LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"}, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" }, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM, + "Mandatory SvcParamKey is missing"}, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY, "Keys in SvcParam mandatory MUST be unique" }, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, "mandatory MUST not be included as mandatory parameter" }, - { LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"}, + { LDNS_WIREPARSE_ERR_SVCB_PORT_UNKNOWN_KEY, + "Could not parse port SvcParamValue" }, + { LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_KEYS, + "Too many IPv4 addresses in ipv4hint" }, + { LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS, + "Too many IPv6 addresses in ipv6hint" }, + { LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE, + "alpn strings need to be smaller than 255 chars"}, { 0, NULL } }; sldns_lookup_table* sldns_wireparse_errors = sldns_wireparse_errors_data; From e5acb8f638c2d1bb224b26fbd44b35898d935b9e Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 2 Jun 2021 12:50:04 +0200 Subject: [PATCH 18/38] Correct sorting of rdata --- sldns/str2wire.c | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 0053a757a..5d3950fa7 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -625,31 +625,37 @@ static int sldns_str2wire_svcparam_key_cmp(const void *a, const void *b) */ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) { - size_t nparams = 0, i, j; - uint8_t new_rdata[65536]; + size_t nparams = 0, i, j; + uint8_t new_rdata[65536]; uint8_t* new_rdata_ptr = new_rdata; uint8_t* svcparams[64]; uint8_t* mandatory = NULL; + uint8_t* rdata_ptr = rdata; + uint16_t rdata_remaining = rdata_len; /* find the SvcParams */ - while (rdata_len) { + while (rdata_remaining) { uint16_t svcbparam_len; - svcparams[nparams] = rdata; - if (rdata_len < 4) + svcparams[nparams] = rdata_ptr; + if (rdata_remaining < 4) // @TODO verify that these are correct return LDNS_WIREPARSE_ERR_OK; - svcbparam_len = sldns_read_uint16(rdata + 2); - rdata_len -= 4; - rdata += 4; + svcbparam_len = sldns_read_uint16(rdata_ptr + 2); + rdata_remaining -= 4; + rdata_ptr += 4; - if (rdata_len < svcbparam_len) + if (rdata_remaining < svcbparam_len) // @TODO verify that these are correct return LDNS_WIREPARSE_ERR_OK; - rdata_len -= svcbparam_len; - rdata += svcbparam_len; + rdata_remaining -= svcbparam_len; + rdata_ptr += svcbparam_len; nparams += 1; + if (nparams > sizeof(svcparams)) + // @TODO Too many svcparams. Unbound allows only + // sizeof(svcparams) svcparams. + return LDNS_WIREPARSE_ERR_OK; } /* In draft-ietf-dnsop-svcb-https-05 Section 7: @@ -703,15 +709,15 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) } - // Write rdata + // Write rdata in correct order for (i = 0; i < nparams; i++) { - uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) + 4; - fprintf(stderr, "svcparam_len: %d\n", svcparam_len); + uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) + + 2 * sizeof(uint16_t); + memcpy(new_rdata_ptr, svcparams[i], svcparam_len); new_rdata_ptr += svcparam_len; } - memcpy(rdata, new_rdata, new_rdata_ptr - new_rdata); - fprintf(stderr, "new_rdata_ptr - new_rdata: %d\n", new_rdata_ptr - new_rdata); + memcpy(rdata, new_rdata, rdata_len); return LDNS_WIREPARSE_ERR_OK; } From cf8418c3194d351f08c02fc7fd9b1a0cc388b5a2 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 2 Jun 2021 12:56:54 +0200 Subject: [PATCH 19/38] Rewrite SVCB rdata in correct order --- sldns/str2wire.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 5d3950fa7..e72037017 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -640,14 +640,14 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) svcparams[nparams] = rdata_ptr; if (rdata_remaining < 4) // @TODO verify that these are correct - return LDNS_WIREPARSE_ERR_OK; + return LDNS_WIREPARSE_ERR_GENERAL; svcbparam_len = sldns_read_uint16(rdata_ptr + 2); rdata_remaining -= 4; rdata_ptr += 4; if (rdata_remaining < svcbparam_len) // @TODO verify that these are correct - return LDNS_WIREPARSE_ERR_OK; + return LDNS_WIREPARSE_ERR_GENERAL; rdata_remaining -= svcbparam_len; rdata_ptr += svcbparam_len; @@ -655,7 +655,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) if (nparams > sizeof(svcparams)) // @TODO Too many svcparams. Unbound allows only // sizeof(svcparams) svcparams. - return LDNS_WIREPARSE_ERR_OK; + return LDNS_WIREPARSE_ERR_GENERAL; } /* In draft-ietf-dnsop-svcb-https-05 Section 7: @@ -714,11 +714,13 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) + 2 * sizeof(uint16_t); + if (new_rdata_ptr + svcparam_len - new_rdata > sizeof(new_rdata)) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + memcpy(new_rdata_ptr, svcparams[i], svcparam_len); new_rdata_ptr += svcparam_len; } memcpy(rdata, new_rdata, rdata_len); - return LDNS_WIREPARSE_ERR_OK; } From 24faac236d4e0d4ab3d57e1340429c271a28aca4 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Wed, 2 Jun 2021 16:26:30 +0200 Subject: [PATCH 20/38] implement todos --- sldns/str2wire.c | 62 ++++++++++++++++++------------------------------ sldns/str2wire.h | 20 +++++++++------- sldns/wire2str.c | 8 +++++-- 3 files changed, 40 insertions(+), 50 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index e72037017..8e27d52aa 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -639,23 +639,19 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) svcparams[nparams] = rdata_ptr; if (rdata_remaining < 4) - // @TODO verify that these are correct return LDNS_WIREPARSE_ERR_GENERAL; svcbparam_len = sldns_read_uint16(rdata_ptr + 2); rdata_remaining -= 4; rdata_ptr += 4; if (rdata_remaining < svcbparam_len) - // @TODO verify that these are correct return LDNS_WIREPARSE_ERR_GENERAL; rdata_remaining -= svcbparam_len; rdata_ptr += svcbparam_len; nparams += 1; if (nparams > sizeof(svcparams)) - // @TODO Too many svcparams. Unbound allows only - // sizeof(svcparams) svcparams. - return LDNS_WIREPARSE_ERR_GENERAL; + return LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS; } /* In draft-ietf-dnsop-svcb-https-05 Section 7: @@ -674,7 +670,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) * * If they key has already been seen, we have a duplicate */ - for (i = 0; i < nparams - 1; i++) { + for (i = 0; i < nparams; i++) { uint16_t key = sldns_read_uint16(svcparams[i]); if (i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1])) @@ -686,16 +682,17 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) /* 4. verify that all the SvcParamKeys in mandatory are present */ if (mandatory) { - /* divide by sizeof(uint16_t)*/ + + /* Divide by sizeof(uint16_t)*/ uint16_t mandatory_len = sldns_read_uint16(mandatory + 2) >> 1; - // @TODO do we need this? - if (mandatory_len < 1) - return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; + /* Guaranteed by sldns_str2wire_svcparam_key_value */ + assert(mandatory_len > 0); for (i = 0; i < mandatory_len; i++) { - // @TODO fix ugly math - uint16_t mandatory_key = sldns_read_uint16(mandatory + 4 + i * 2); + uint16_t mandatory_key = sldns_read_uint16(mandatory + + 2 * sizeof(uint16_t) + + i * sizeof(uint16_t)); uint8_t found = 0; for (j = 0; j < nparams; j++) { @@ -1333,6 +1330,12 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) */ qsort((void *)(rd + 4), count, sizeof(uint16_t), sldns_network_uint16_cmp); + /* In draft-ietf-dnsop-svcb-https-05 Section 8 + * automatically mandatory MUST NOT appear in its own value-list + */ + if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY) + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; + /* Guarantee key uniqueness. After the sort we only need to * compare neighbours */ if (count > 1) { @@ -1340,12 +1343,6 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i)); uint16_t key = sldns_read_uint16(current_pos); - /* In draft-ietf-dnsop-svcb-https-05 Section 8 - * automatically mandatory MUST NOT appear in its own value-list - */ - if (key == SVCB_KEY_MANDATORY) - return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; - if (key == sldns_read_uint16(current_pos + 2)) { return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY; } @@ -1355,29 +1352,19 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) return LDNS_WIREPARSE_ERR_OK; } -static int -sldns_str2wire_svcbparam_no_default_alpn(const char* val, uint8_t* rd, size_t* rd_len) -{ - if (*rd_len < 4) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - - sldns_write_uint16(rd, SVCB_KEY_NO_DEFAULT_ALPN); - sldns_write_uint16(rd + 2, 0); - *rd_len = 4; - - return LDNS_WIREPARSE_ERR_OK; -} - static int sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) { uint8_t buffer[LDNS_MAX_RDFLEN]; int wire_len; - // @TODO fix this - // if(strcmp(b64, "0") == 0) { - /* single 0 represents empty buffer */ - // } + /* single 0 represents empty buffer */ + if(strcmp(val, "0") == 0) { + sldns_write_uint16(rd, SVCB_KEY_ECH); + sldns_write_uint16(rd + 2, 0); + + return LDNS_WIREPARSE_ERR_OK; + } wire_len = sldns_b64_pton(val, buffer, LDNS_MAX_RDFLEN); @@ -1523,10 +1510,7 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, case SVCB_KEY_MANDATORY: return sldns_str2wire_svcbparam_mandatory(val, rd, rd_len); case SVCB_KEY_NO_DEFAULT_ALPN: - - // @TODO is this superfluous now? - - return sldns_str2wire_svcbparam_no_default_alpn(val, rd, rd_len); + return LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE; case SVCB_KEY_ECH: return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len); case SVCB_KEY_ALPN: diff --git a/sldns/str2wire.h b/sldns/str2wire.h index 62efe9229..5fc096b3e 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -221,15 +221,17 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len); #define LDNS_WIREPARSE_ERR_PARENTHESIS 372 #define LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY 373 #define LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 374 -#define LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 375 -#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 376 -#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 377 -#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 378 -#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 379 -#define LDNS_WIREPARSE_ERR_SVCB_PORT_UNKNOWN_KEY 380 -#define LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_KEYS 381 -#define LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS 382 -#define LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 383 +#define LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS 375 +#define LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 376 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 377 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 378 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 379 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 380 +#define LDNS_WIREPARSE_ERR_SVCB_PORT_UNKNOWN_KEY 381 +#define LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_KEYS 382 +#define LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS 383 +#define LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 384 +#define LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385 /** * Get reference to a constant string for the (parse) error. diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 48dc55a98..a7e6ebc90 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -150,9 +150,11 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { { LDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" }, { LDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" }, { LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY, "Unknown SvcParamKey"}, - { LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "Value expected for SvcParam"}, + { LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "SvcParam is missing a SvcParamValue"}, { LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"}, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" }, + { LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS, + "Too many SvcParams. Unbound only allows 64 entries" }, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM, "Mandatory SvcParamKey is missing"}, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY, @@ -166,7 +168,9 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { { LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS, "Too many IPv6 addresses in ipv6hint" }, { LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE, - "alpn strings need to be smaller than 255 chars"}, + "Alpn strings need to be smaller than 255 chars"}, + { LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE, + "No-default-alpn should not have a value" }, { 0, NULL } }; sldns_lookup_table* sldns_wireparse_errors = sldns_wireparse_errors_data; From 19c63fdaf62f67e4834482ce6db1e30e0634300f Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Mon, 7 Jun 2021 09:54:02 +0200 Subject: [PATCH 21/38] add key parsing and edge case tests --- sldns/str2wire.c | 91 +++++++++++++++------- testdata/svcb.tdir/svcb.failure-cases-22 | 2 +- testdata/svcb.tdir/svcb.failure-cases-23 | 8 ++ testdata/svcb.tdir/svcb.failure-cases-24 | 8 ++ testdata/svcb.tdir/svcb.success-cases.zone | 7 ++ 5 files changed, 86 insertions(+), 30 deletions(-) create mode 100644 testdata/svcb.tdir/svcb.failure-cases-23 create mode 100644 testdata/svcb.tdir/svcb.failure-cases-24 diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 8e27d52aa..e4a537093 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -650,7 +650,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) rdata_ptr += svcbparam_len; nparams += 1; - if (nparams > sizeof(svcparams)) + if (nparams > sizeof(svcparams)/8) return LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS; } @@ -1086,6 +1086,7 @@ sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len) memcpy(buf, key + 3, key_len - 3); buf[key_len - 3] = 0; key_value = strtoul(buf, &endptr, 10); + if (endptr > buf /* digits seen */ && *endptr == 0 /* no non-digit chars after digits */ && key_value <= 65535) /* no overflow */ @@ -1384,7 +1385,7 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) } static const char* -sldns_str2wire_svcbparam_parse_alpn_next_unescaped_comma(const char *val) +sldns_str2wire_svcbparam_parse_next_unescaped_comma(const char *val) { while (*val) { /* Only return when the comma is not escaped*/ @@ -1401,7 +1402,7 @@ sldns_str2wire_svcbparam_parse_alpn_next_unescaped_comma(const char *val) } static size_t -sldns_str2wire_svcbparam_parse_alpn_copy_unescaped(uint8_t *dst, +sldns_str2wire_svcbparam_parse_copy_unescaped(uint8_t *dst, const char *src, size_t len) { uint8_t *orig_dst = dst; @@ -1419,7 +1420,8 @@ sldns_str2wire_svcbparam_parse_alpn_copy_unescaped(uint8_t *dst, return (size_t)(dst - orig_dst); } -int sldns_str2wire_svcbparam_alpn_value(const char* val, +static int +sldns_str2wire_svcbparam_alpn_value(const char* val, uint8_t* rd, size_t* rd_len) { uint8_t unescaped_dst[65536]; @@ -1437,13 +1439,14 @@ int sldns_str2wire_svcbparam_alpn_value(const char* val, while (val_len) { size_t dst_len; - str_len = (next_str = sldns_str2wire_svcbparam_parse_alpn_next_unescaped_comma(val)) + str_len = (next_str = sldns_str2wire_svcbparam_parse_next_unescaped_comma(val)) ? (size_t)(next_str - val) : val_len; if (str_len > 255) { return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; } - dst_len = sldns_str2wire_svcbparam_parse_alpn_copy_unescaped(dst + 1, val, str_len); + + dst_len = sldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len); *dst++ = dst_len; dst += dst_len; @@ -1465,7 +1468,51 @@ int sldns_str2wire_svcbparam_alpn_value(const char* val, } static int -sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, +sldns_str2wire_svcbparam_key_value(uint16_t svcparamkey, const char* val, + uint8_t* rd, size_t* rd_len) +{ + uint8_t unescaped_dst[65536]; + uint8_t *dst = unescaped_dst; + const char *next_str; + size_t str_len; + size_t dst_len; + size_t val_len; + + val_len = strlen(val); + + if (val_len > sizeof(unescaped_dst)) { + return LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW; + } + while (val_len) { + str_len = (next_str = sldns_str2wire_svcbparam_parse_next_unescaped_comma(val)) + ? (size_t)(next_str - val) : val_len; + + if (str_len > 255) { + return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; + } + dst_len = sldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len); + *dst++ = dst_len; + dst += dst_len; + + if (!next_str) + break; + + /* skip the comma for the next iteration */ + val_len -= next_str - val + 1; + val = next_str + 1; + } + dst_len = dst - unescaped_dst; + + sldns_write_uint16(rd, svcparamkey); + sldns_write_uint16(rd + 2, dst_len); + memcpy(rd + 4, unescaped_dst, dst_len); + *rd_len = 4 + dst_len; + + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcparam_value(const char *key, size_t key_len, const char *val, uint8_t* rd, size_t* rd_len) { size_t str_len; @@ -1485,20 +1532,14 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, case SVCB_KEY_IPV6HINT: return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; default: - sldns_write_uint16(rd, svcparamkey); - sldns_write_uint16(rd + 2, 0); - *rd_len = 4; + sldns_write_uint16(rd, svcparamkey); + sldns_write_uint16(rd + 2, 0); + *rd_len = 4; - return LDNS_WIREPARSE_ERR_OK; + return LDNS_WIREPARSE_ERR_OK; } } - // @TODO unescape characters in the value list - - // if (val[0] == '"' && val[str_len - 1]) { - - // } - /* value is non-empty */ switch (svcparamkey) { case SVCB_KEY_PORT: @@ -1516,15 +1557,7 @@ sldns_str2wire_svcparam_key_value(const char *key, size_t key_len, case SVCB_KEY_ALPN: return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); default: - // @TODO escaping here -> copy from alpn? - - str_len = strlen(val); - sldns_write_uint16(rd, svcparamkey); - sldns_write_uint16(rd + 2, str_len); - memcpy(rd + 4, val, str_len); - *rd_len = 4 + str_len; - - return LDNS_WIREPARSE_ERR_OK; + return sldns_str2wire_svcbparam_key_value(svcparamkey, val, rd, rd_len); } // @TODO change to error? @@ -1557,12 +1590,12 @@ int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) } *val_out = 0; - return sldns_str2wire_svcparam_key_value(str, eq_pos - str, + return sldns_str2wire_svcparam_value(str, eq_pos - str, unescaped_val[0] ? unescaped_val : NULL, rd, rd_len); } else if (eq_pos != NULL && !(eq_pos[1])) { /* case: key= */ - return sldns_str2wire_svcparam_key_value(str, eq_pos - str, NULL, rd, rd_len); + return sldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len); } else { /* case: key */ - return sldns_str2wire_svcparam_key_value(str, strlen(str), NULL, rd, rd_len); + return sldns_str2wire_svcparam_value(str, strlen(str), NULL, rd, rd_len); } return LDNS_WIREPARSE_ERR_OK; diff --git a/testdata/svcb.tdir/svcb.failure-cases-22 b/testdata/svcb.tdir/svcb.failure-cases-22 index d01b69700..9d6f0186d 100644 --- a/testdata/svcb.tdir/svcb.failure-cases-22 +++ b/testdata/svcb.tdir/svcb.failure-cases-22 @@ -3,6 +3,6 @@ $TTL 3600 @ SOA primary admin 0 0 0 0 0 -; Port mus be a positive number < 65536 +; Port must be a positive number < 65536 f22 HTTPS 1 foo.example.com. port=65536 diff --git a/testdata/svcb.tdir/svcb.failure-cases-23 b/testdata/svcb.tdir/svcb.failure-cases-23 new file mode 100644 index 000000000..bb819daae --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-23 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; 65 SvcParams is too many SvcParams; the limit is 64 + +f23 HTTPS 1 foo.example.com. ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a key165=a ) \ No newline at end of file diff --git a/testdata/svcb.tdir/svcb.failure-cases-24 b/testdata/svcb.tdir/svcb.failure-cases-24 new file mode 100644 index 000000000..ae02ac417 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-24 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; 256 is too many characters for an alpn; maximum is 255 + +f23 HTTPS 1 foo.example.com. ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) \ No newline at end of file diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone index 0a96659d8..1852fb207 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone +++ b/testdata/svcb.tdir/svcb.success-cases.zone @@ -38,3 +38,10 @@ s06 HTTPS 0 . ech="aGVsbG93b3JsZCE=" ; echconfig is an alias for ech s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE=" +; maximum size allowed in a svcb rdata set (64 SvcParams) + +s07 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a) + +; maximum alpn size allowed (255 characters) + +s07 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) From 7562edbb8ca85fd74a676a5c4b060812e3110ca8 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Mon, 7 Jun 2021 08:39:05 +0000 Subject: [PATCH 22/38] remove superfluous double escaping --- sldns/str2wire.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index e4a537093..978839ba5 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1557,7 +1557,12 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, case SVCB_KEY_ALPN: return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); default: - return sldns_str2wire_svcbparam_key_value(svcparamkey, val, rd, rd_len); + sldns_write_uint16(rd, svcparamkey); + sldns_write_uint16(rd + 2, strlen(val)); + memcpy(rd + 4, val, strlen(val)); + *rd_len = 4 + strlen(val); + break; + //return sldns_str2wire_svcbparam_key_value(svcparamkey, val, rd, rd_len); } // @TODO change to error? From 9beea6a00ccfa47f045e32ecb2d6a5a53ab52ed1 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Mon, 7 Jun 2021 14:05:14 +0200 Subject: [PATCH 23/38] fix key parsing and incorporate testcases --- sldns/str2wire.c | 69 ++++--------------- sldns/wire2str.c | 13 +--- testdata/svcb.tdir/svcb.success-cases.zone | 4 +- .../svcb.tdir/svcb.success-cases.zone.cmp | 22 +++--- testdata/svcb.tdir/svcb.test | 51 +++++--------- 5 files changed, 44 insertions(+), 115 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 978839ba5..25d2f1337 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1168,7 +1168,7 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) int count; char ip_str[INET_ADDRSTRLEN+1]; char *next_ip_str; - uint32_t *ip_wire_dst; + uint32_t *ip_wire_dst = NULL; size_t i; for (i = 0, count = 1; val[i]; i++) { @@ -1225,7 +1225,7 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) int count; char ip_str[INET6_ADDRSTRLEN+1]; char *next_ip_str; - uint32_t *ip_wire_dst; + uint32_t *ip_wire_dst = NULL; size_t i; for (i = 0, count = 1; val[i]; i++) { @@ -1289,7 +1289,7 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) { size_t i, count, val_len; char* next_key; - uint16_t* key_dst; + uint16_t* key_dst = NULL; val_len = strlen(val); @@ -1369,8 +1369,7 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) wire_len = sldns_b64_pton(val, buffer, LDNS_MAX_RDFLEN); - if (wire_len == -1) { - // zc_error_prev_line("invalid base64 data in ech"); + if (wire_len == 0) { return LDNS_WIREPARSE_ERR_SYNTAX_B64; } else if (wire_len + 4 > *rd_len) { return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; @@ -1467,50 +1466,6 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, return LDNS_WIREPARSE_ERR_OK; } -static int -sldns_str2wire_svcbparam_key_value(uint16_t svcparamkey, const char* val, - uint8_t* rd, size_t* rd_len) -{ - uint8_t unescaped_dst[65536]; - uint8_t *dst = unescaped_dst; - const char *next_str; - size_t str_len; - size_t dst_len; - size_t val_len; - - val_len = strlen(val); - - if (val_len > sizeof(unescaped_dst)) { - return LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW; - } - while (val_len) { - str_len = (next_str = sldns_str2wire_svcbparam_parse_next_unescaped_comma(val)) - ? (size_t)(next_str - val) : val_len; - - if (str_len > 255) { - return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; - } - dst_len = sldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len); - *dst++ = dst_len; - dst += dst_len; - - if (!next_str) - break; - - /* skip the comma for the next iteration */ - val_len -= next_str - val + 1; - val = next_str + 1; - } - dst_len = dst - unescaped_dst; - - sldns_write_uint16(rd, svcparamkey); - sldns_write_uint16(rd + 2, dst_len); - memcpy(rd + 4, unescaped_dst, dst_len); - *rd_len = 4 + dst_len; - - return LDNS_WIREPARSE_ERR_OK; -} - static int sldns_str2wire_svcparam_value(const char *key, size_t key_len, const char *val, uint8_t* rd, size_t* rd_len) @@ -1557,21 +1512,21 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, case SVCB_KEY_ALPN: return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); default: + str_len = strlen(val); sldns_write_uint16(rd, svcparamkey); - sldns_write_uint16(rd + 2, strlen(val)); - memcpy(rd + 4, val, strlen(val)); - *rd_len = 4 + strlen(val); - break; - //return sldns_str2wire_svcbparam_key_value(svcparamkey, val, rd, rd_len); + sldns_write_uint16(rd + 2, str_len); + memcpy(rd + 4, val, str_len); + *rd_len = 4 + str_len; + + return LDNS_WIREPARSE_ERR_OK; } - // @TODO change to error? - return LDNS_WIREPARSE_ERR_OK; + // @TODO is this supposed to be an error? + return LDNS_WIREPARSE_ERR_GENERAL; } int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) { - size_t str_len; const char* eq_pos; char unescaped_val[65536]; char* val_out = unescaped_val; diff --git a/sldns/wire2str.c b/sldns/wire2str.c index a7e6ebc90..99ce5574e 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -997,7 +997,6 @@ static int sldns_wire2str_svcparam_ipv4hint2str(char** s, { char ip_str[INET_ADDRSTRLEN + 1]; - // @TODO actually incorporate this int w = 0; assert(data_len > 0); @@ -1026,13 +1025,10 @@ static int sldns_wire2str_svcparam_ipv6hint2str(char** s, { char ip_str[INET6_ADDRSTRLEN + 1]; - // @TODO actually incorporate this -> is this correct now? int w = 0; assert(data_len > 0); - // @TODO fix ntohs -> see output - if ((data_len % LDNS_IP6ADDRLEN) == 0) { if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) return 0; /* wireformat error, incorrect size or inet family */ @@ -1121,11 +1117,8 @@ static int sldns_wire2str_svcparam_ech2str(char** s, w += sldns_str_print(s, slen, "=\""); - /* b64_ntop_calculate size includes null at the end */ - size = sldns_b64_ntop_calculate_size(data_len) - 1; + size = sldns_b64_ntop(data, data_len, *s, *slen); - // @TODO store return value? - sldns_b64_ntop(data, data_len, *s, *slen); (*s) += size; (*slen) -= size; @@ -1141,7 +1134,7 @@ static int sldns_wire2str_svcparam_ech2str(char** s, int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) { - char ch; + uint8_t ch; uint16_t svcparamkey, data_len; int written_chars = 0; int r, i; @@ -1197,7 +1190,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d); break; default: - r += sldns_str_print(s, slen, "=\""); + r = sldns_str_print(s, slen, "=\""); for (i = 0; i < data_len; i++) { ch = (*d)[i]; diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone index 1852fb207..896304757 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone +++ b/testdata/svcb.tdir/svcb.success-cases.zone @@ -40,8 +40,8 @@ s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE=" ; maximum size allowed in a svcb rdata set (64 SvcParams) -s07 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a) +s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a) ; maximum alpn size allowed (255 characters) -s07 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) +s09 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) diff --git a/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/testdata/svcb.tdir/svcb.success-cases.zone.cmp index 540b541c4..f28bd2ce5 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone.cmp +++ b/testdata/svcb.tdir/svcb.success-cases.zone.cmp @@ -1,12 +1,10 @@ -$ORIGIN . -success-cases 3600 IN SOA primary.success-cases. admin.success-cases. ( - 0 0 0 0 0 ) -$ORIGIN success-cases. -s01 3600 IN SVCB 0 . key123 -s02 3600 IN SVCB 0 . ech -s03 3600 IN HTTPS 0 . alpn="h2,h3" no-default-alpn -s04 3600 IN HTTPS 0 . no-default-alpn -s05 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853 -s06 3600 IN HTTPS 0 . ech=aGVsbG93b3JsZCE= -s07 3600 IN HTTPS 0 . ech=aGVsbG93b3JsZCE= -; zone success-cases is ok +success-cases. 3600 IN SOA primary.success-cases. admin.success-cases. 0 0 0 0 0 +s01.success-cases. 3600 IN SVCB 0 . key123 +s02.success-cases. 3600 IN SVCB 0 . ech +s03.success-cases. 3600 IN HTTPS 0 . alpn="h2,h3" no-default-alpn +s04.success-cases. 3600 IN HTTPS 0 . no-default-alpn +s05.success-cases. 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853 +s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" +s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" +s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a" key164="a" +s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" diff --git a/testdata/svcb.tdir/svcb.test b/testdata/svcb.tdir/svcb.test index 48a754512..47968be5f 100644 --- a/testdata/svcb.tdir/svcb.test +++ b/testdata/svcb.tdir/svcb.test @@ -183,52 +183,35 @@ then echo "Failure case 22: port value needs to be a positive integer < 65536" echo "Incorrectly succeeded" exit 1 + +elif $PRE/readzone svcb.failure-cases-23 +then + echo "Failure case 23: 65 SvcParams is too many SvcParams; the limit is 64" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-23 +then + echo "Failure case 24: 256 is too many characters for an alpn; maximum is 255" + echo "Incorrectly succeeded" + exit 1 else echo "All failure cases test successfully" fi # check all the succes and write them -if ! $PRE/nsd-checkzone -p success-cases svcb.success-cases.zone > svcb.success-cases.zone.out +if ! $PRE/readzone svcb.success-cases.zone > svcb.success-cases.zone.out then - echo "Some particular success cases did not succeed to parse" - exit 1 + echo "Some particular success cases did not succeed to parse" + exit 1 elif ! diff svcb.success-cases.zone.out svcb.success-cases.zone.cmp then echo "Some success cases could not be printed" - exit 1 + exit 1 else - echo "All particular success cases parsed and printed successfully" + echo "All particular success cases parsed and printed successfully" fi -rem $PRE/nsd-control -c svcb.secondary.conf write -rem while [ ! -f test-vectors-secondary.zone ] -rem do -rem sleep 1 -rem done -rem while ! grep '^v20' test-vectors-secondary.zone -rem do -rem sleep 1 -rem done -rem grep -v '^;' svcb.test-vectors-pf.zone.out > svcb.test-vectors-pf.zone.out2 -rem grep -v '^;' test-vectors-secondary.zone > test-vectors-secondary.zone.out -rem if ! diff svcb.test-vectors-pf.zone.out2 test-vectors-secondary.zone.out -rem then -rem echo "Output from secondary did not match output from primary" -rem exit 1 -rem else -rem echo "Output from secondary did match output from primary" -rem fi - -rem dig @127.0.0.1 -p $TPKG_SEC_PORT f01.failure-cases. TYPE64 > f01.failure-cases.out -rem if grep 'status: NOERROR' f01.failure-cases.out -rem then -rem echo "Failure case 1: Multiple instances of the same SvcParamKey" -rem echo "allowed for secondary" -rem else -rem echo "Could not load failure-cases zone in secondary" -rem exit 1 -rem fi - From 307613ea838ca43c8aa733acae553740ff5b52c7 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Mon, 7 Jun 2021 15:29:06 +0200 Subject: [PATCH 24/38] comment changes --- sldns/str2wire.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 25d2f1337..275cc7e8c 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1164,7 +1164,6 @@ sldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len) static int sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) { - int count; char ip_str[INET_ADDRSTRLEN+1]; char *next_ip_str; @@ -1338,7 +1337,7 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; /* Guarantee key uniqueness. After the sort we only need to - * compare neighbours */ + * compare neighbouring keys */ if (count > 1) { for (i = 0; i < count - 1; i++) { uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i)); @@ -1452,7 +1451,7 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, if (!next_str) break; - /* skip the comma for the next iteration */ + /* skip the comma in the next iteration */ val_len -= next_str - val + 1; val = next_str + 1; } @@ -1477,7 +1476,7 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY; } - /* key and no value case*/ + /* key without value */ if (val == NULL) { switch (svcparamkey) { case SVCB_KEY_MANDATORY: @@ -1517,11 +1516,11 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, sldns_write_uint16(rd + 2, str_len); memcpy(rd + 4, val, str_len); *rd_len = 4 + str_len; - + return LDNS_WIREPARSE_ERR_OK; } - // @TODO is this supposed to be an error? + // @TODO think about if this is supposed to be an error? return LDNS_WIREPARSE_ERR_GENERAL; } @@ -1534,7 +1533,8 @@ int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) eq_pos = strchr(str, '='); - if (eq_pos != NULL && eq_pos[1]) { /* case: key=value */ + /* case: key=value */ + if (eq_pos != NULL && eq_pos[1]) { val_in = eq_pos + 1; /* unescape characters and "" blocks */ @@ -1552,9 +1552,13 @@ int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) return sldns_str2wire_svcparam_value(str, eq_pos - str, unescaped_val[0] ? unescaped_val : NULL, rd, rd_len); - } else if (eq_pos != NULL && !(eq_pos[1])) { /* case: key= */ + } + /* case: key= */ + else if (eq_pos != NULL && !(eq_pos[1])) { return sldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len); - } else { /* case: key */ + } + /* case: key */ + else { return sldns_str2wire_svcparam_value(str, strlen(str), NULL, rd, rd_len); } From eb9891f4ed522e7fa519189aa2783cb0da3e592c Mon Sep 17 00:00:00 2001 From: tcarpay <8014108+TCY16@users.noreply.github.com> Date: Wed, 23 Jun 2021 10:53:11 +0200 Subject: [PATCH 25/38] Apply suggestions from code review Co-authored-by: Willem Toorop --- sldns/str2wire.c | 33 ++++++++++++++++++++++----------- sldns/str2wire.h | 2 +- sldns/wire2str.c | 39 +++++++++++++++++++-------------------- sldns/wire2str.h | 3 --- testcode/readzone.c | 3 ++- 5 files changed, 44 insertions(+), 36 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 275cc7e8c..abc55a7c1 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -626,7 +626,7 @@ static int sldns_str2wire_svcparam_key_cmp(const void *a, const void *b) static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) { size_t nparams = 0, i, j; - uint8_t new_rdata[65536]; + uint8_t new_rdata[LDNS_MAX_RDFLEN]; uint8_t* new_rdata_ptr = new_rdata; uint8_t* svcparams[64]; uint8_t* mandatory = NULL; @@ -650,7 +650,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) rdata_ptr += svcbparam_len; nparams += 1; - if (nparams > sizeof(svcparams)/8) + if (nparams > MAX_NUMBER_OF_SVCPARAMS) return LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS; } @@ -684,7 +684,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) if (mandatory) { /* Divide by sizeof(uint16_t)*/ - uint16_t mandatory_len = sldns_read_uint16(mandatory + 2) >> 1; + uint16_t mandatory_len = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); /* Guaranteed by sldns_str2wire_svcparam_key_value */ assert(mandatory_len > 0); @@ -1360,6 +1360,8 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) /* single 0 represents empty buffer */ if(strcmp(val, "0") == 0) { + if (*rd_len < 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL sldns_write_uint16(rd, SVCB_KEY_ECH); sldns_write_uint16(rd + 2, 0); @@ -1399,6 +1401,9 @@ sldns_str2wire_svcbparam_parse_next_unescaped_comma(const char *val) return NULL; } +/* The source is already properly unescaped, this double unescaping is purely to allow for + * comma's in comma seperated alpn lists. + */ static size_t sldns_str2wire_svcbparam_parse_copy_unescaped(uint8_t *dst, const char *src, size_t len) @@ -1422,12 +1427,12 @@ static int sldns_str2wire_svcbparam_alpn_value(const char* val, uint8_t* rd, size_t* rd_len) { - uint8_t unescaped_dst[65536]; + uint8_t unescaped_dst[LDNS_MAX_RDFLEN]; uint8_t *dst = unescaped_dst; const char *next_str; size_t str_len; size_t dst_len; - size_t val_len; + size_t val_len; val_len = strlen(val); @@ -1456,7 +1461,8 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, val = next_str + 1; } dst_len = dst - unescaped_dst; - + if (*rd_len < 4 + dst_len) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; sldns_write_uint16(rd, SVCB_KEY_ALPN); sldns_write_uint16(rd + 2, dst_len); memcpy(rd + 4, unescaped_dst, dst_len); @@ -1486,6 +1492,8 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, case SVCB_KEY_IPV6HINT: return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; default: + if (*rd_len < 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; sldns_write_uint16(rd, svcparamkey); sldns_write_uint16(rd + 2, 0); *rd_len = 4; @@ -1512,6 +1520,8 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); default: str_len = strlen(val); + if (*rd_len < 4 + str_len) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; sldns_write_uint16(rd, svcparamkey); sldns_write_uint16(rd + 2, str_len); memcpy(rd + 4, val, str_len); @@ -1527,7 +1537,7 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) { const char* eq_pos; - char unescaped_val[65536]; + char unescaped_val[LDNS_MAX_RDFLEN]; char* val_out = unescaped_val; const char* val_in; @@ -1540,11 +1550,14 @@ int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) /* unescape characters and "" blocks */ if (*val_in == '"') { val_in++; - while (*val_in != '"' && sldns_parse_char( (uint8_t*) val_out, &val_in)) { + while (*val_in != '"' + && val_out - unescaped_val < sizeof(unescaped_val) - 1 + && sldns_parse_char( (uint8_t*) val_out, &val_in)) { val_out++; } } else { - while ( sldns_parse_char( (uint8_t*) val_out, &val_in)) { + while (val_out - unescaped_val < sizeof(unescaped_val) - 1 + && sldns_parse_char( (uint8_t*) val_out, &val_in)) { val_out++; } } @@ -1561,8 +1574,6 @@ int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) else { return sldns_str2wire_svcparam_value(str, strlen(str), NULL, rd, rd_len); } - - return LDNS_WIREPARSE_ERR_OK; } int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len, diff --git a/sldns/str2wire.h b/sldns/str2wire.h index 5fc096b3e..60dab77ae 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -36,7 +36,7 @@ struct sldns_struct_lookup_table; #define SVCB_KEY_NO_DEFAULT_ALPN 2 #define SVCB_KEY_PORT 3 #define SVCB_KEY_IPV4HINT 4 -#define SVCB_KEY_ECH 5 +#define SVCB_KEY_ECH 5 #define SVCB_KEY_IPV6HINT 6 #define SVCPARAMKEY_COUNT 7 diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 99ce5574e..6ed94760a 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -1003,19 +1003,20 @@ static int sldns_wire2str_svcparam_ipv4hint2str(char** s, if ((data_len % LDNS_IP4ADDRLEN) == 0) { if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) - return 0; /* wireformat error, incorrect size or inet family */ + return -1; /* wireformat error, incorrect size or inet family */ w += sldns_str_print(s, slen, "=%s", ip_str); data += LDNS_IP4ADDRLEN; while ((data_len -= LDNS_IP4ADDRLEN) > 0) { if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) - return 0; /* wireformat error, incorrect size or inet family */ + return -1; /* wireformat error, incorrect size or inet family */ w += sldns_str_print(s, slen, ",%s", ip_str); data += LDNS_IP4ADDRLEN; } - } + } else + return -1; return w; } @@ -1031,19 +1032,20 @@ static int sldns_wire2str_svcparam_ipv6hint2str(char** s, if ((data_len % LDNS_IP6ADDRLEN) == 0) { if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) - return 0; /* wireformat error, incorrect size or inet family */ + return -1; /* wireformat error, incorrect size or inet family */ w += sldns_str_print(s, slen, "=%s", ip_str); data += LDNS_IP6ADDRLEN; while ((data_len -= LDNS_IP6ADDRLEN) > 0) { if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) - return 0; /* wireformat error, incorrect size or inet family */ + return -1; /* wireformat error, incorrect size or inet family */ w += sldns_str_print(s, slen, ",%s", ip_str); data += LDNS_IP6ADDRLEN; } - } + } else + return -1; return w; } @@ -1055,8 +1057,8 @@ static int sldns_wire2str_svcparam_mandatory2str(char** s, assert(data_len > 0); - // if (data_len % sizeof(uint16_t)) - // return 0; // wireformat error, data_len must be multiple of shorts + if (data_len % sizeof(uint16_t)) + return -1; // wireformat error, data_len must be multiple of shorts w += sldns_str_print(s, slen, "="); w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data)); data += 2; @@ -1076,14 +1078,15 @@ static int sldns_wire2str_svcparam_alpn2str(char** s, uint8_t *dp = (void *)data; int w = 0; - assert(data_len > 0); /* Guaranteed by rdata_svcparam_to_string */ + assert(data_len > 0); /* Guaranteed by sldns_wire2str_svcparam_scan */ w += sldns_str_print(s, slen, "=\""); while (data_len) { + /* alpn is list of length byte (str_len) followed by a string of that size */ uint8_t i, str_len = *dp++; if (str_len > --data_len) - return 0; + return -1; for (i = 0; i < str_len; i++) { if (dp[i] == '"' || dp[i] == '\\') @@ -1113,22 +1116,18 @@ static int sldns_wire2str_svcparam_ech2str(char** s, int size; int w = 0; - assert(data_len > 0); /* Guaranteed by rdata_svcparam_to_string */ + assert(data_len > 0); /* Guaranteed by sldns_wire2str_svcparam_scan */ w += sldns_str_print(s, slen, "=\""); - size = sldns_b64_ntop(data, data_len, *s, *slen); + if ((size = sldns_b64_ntop(data, data_len, *s, *slen)) < 0) + return -1; (*s) += size; (*slen) -= size; w += sldns_str_print(s, slen, "\""); - // @TODO fix check - // if(size > *slen) { - // buffer_skip(output, size); - // } - return w + size; } @@ -1162,9 +1161,9 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: case SVCB_KEY_MANDATORY: - return LDNS_WIREPARSE_ERR_SYNTAX_MISSING_VALUE; + return -1; default: - return LDNS_WIREPARSE_ERR_OK; + return written_chars; } } @@ -1205,7 +1204,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl r += sldns_str_print(s, slen, "%c", ch); } - r += sldns_str_print(s, slen, "%c", '"'); + r += sldns_str_print(s, slen, "\""); break; } if (r <= 0) diff --git a/sldns/wire2str.h b/sldns/wire2str.h index 3c777367c..0167fe7c1 100644 --- a/sldns/wire2str.h +++ b/sldns/wire2str.h @@ -41,9 +41,6 @@ extern struct sldns_struct_lookup_table* sldns_wireparse_errors; /** tsig errors are the rcodes with extra (higher) values */ extern struct sldns_struct_lookup_table* sldns_tsig_errors; -/* draft-ietf-dnsop-svcb-https-04: 6. Initial SvcParamKeys */ -extern const char *svcparamkey_strs[]; - /** * Convert wireformat packet to a string representation * @param data: wireformat packet data (starting at ID bytes). diff --git a/testcode/readzone.c b/testcode/readzone.c index 927d55f53..3854465eb 100644 --- a/testcode/readzone.c +++ b/testcode/readzone.c @@ -72,7 +72,7 @@ int main(int argc, char *const *argv) s = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len, &state); if (s) { - fprintf( stderr, "parse error %d:%d: %s" + fprintf( stderr, "parse error %d:%d: %s\n" , state.lineno, LDNS_WIREPARSE_OFFSET(s) , sldns_get_errorstr_parse(s)); break; @@ -103,5 +103,6 @@ int main(int argc, char *const *argv) } if (in) fclose(in); + free(str); return !in || s ? EXIT_FAILURE : EXIT_SUCCESS; } From f02d9b596369dd021c98dbf83466cda42809cd54 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Wed, 23 Jun 2021 11:04:19 +0200 Subject: [PATCH 26/38] fix broken ci-build --- sldns/str2wire.c | 2 +- sldns/str2wire.h | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index abc55a7c1..bb05abc1c 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1361,7 +1361,7 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) /* single 0 represents empty buffer */ if(strcmp(val, "0") == 0) { if (*rd_len < 4) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; sldns_write_uint16(rd, SVCB_KEY_ECH); sldns_write_uint16(rd + 2, 0); diff --git a/sldns/str2wire.h b/sldns/str2wire.h index 60dab77ae..cc1fd2078 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -38,9 +38,11 @@ struct sldns_struct_lookup_table; #define SVCB_KEY_IPV4HINT 4 #define SVCB_KEY_ECH 5 #define SVCB_KEY_IPV6HINT 6 -#define SVCPARAMKEY_COUNT 7 +#define SVCPARAMKEY_COUNT 7 -#define SVCB_MAX_COMMA_SEPARATED_VALUES 1000 +#define MAX_NUMBER_OF_SVCPARAMS 64 + +#define SVCB_MAX_COMMA_SEPARATED_VALUES 1000 /* * To convert class and type to string see From ff41de4ec37c45d36108b2c03aeb1f26ba1dddaf Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Wed, 23 Jun 2021 14:44:03 +0200 Subject: [PATCH 27/38] resolve comments --- sldns/str2wire.c | 52 ++++++++++++++++++++++++++++++++---------------- sldns/str2wire.h | 7 ++++--- sldns/wire2str.c | 10 ++++++---- sldns/wire2str.h | 12 +++++++++++ 4 files changed, 57 insertions(+), 24 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index bb05abc1c..b7eae2024 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -639,13 +639,13 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) svcparams[nparams] = rdata_ptr; if (rdata_remaining < 4) - return LDNS_WIREPARSE_ERR_GENERAL; + return LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA; svcbparam_len = sldns_read_uint16(rdata_ptr + 2); rdata_remaining -= 4; rdata_ptr += 4; if (rdata_remaining < svcbparam_len) - return LDNS_WIREPARSE_ERR_GENERAL; + return LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA; rdata_remaining -= svcbparam_len; rdata_ptr += svcbparam_len; @@ -654,7 +654,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) return LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS; } - /* In draft-ietf-dnsop-svcb-https-05 Section 7: + /* In draft-ietf-dnsop-svcb-https-06 Section 7: * * In wire format, the keys are represented by their numeric * values in network byte order, concatenated in ascending order. @@ -664,7 +664,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) ,sizeof(uint8_t*) ,sldns_str2wire_svcparam_key_cmp); - /* In draft-ietf-dnsop-svcb-https-05 Section 7: + /* In draft-ietf-dnsop-svcb-https-06 Section 7: * * Keys (...) MUST NOT appear more than once. * @@ -684,12 +684,12 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) if (mandatory) { /* Divide by sizeof(uint16_t)*/ - uint16_t mandatory_len = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); + uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); /* Guaranteed by sldns_str2wire_svcparam_key_value */ - assert(mandatory_len > 0); + assert(mandatory_nkeys > 0); - for (i = 0; i < mandatory_len; i++) { + for (i = 0; i < mandatory_nkeys; i++) { uint16_t mandatory_key = sldns_read_uint16(mandatory + 2 * sizeof(uint16_t) + i * sizeof(uint16_t)); @@ -844,6 +844,8 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, rdata_len -= label_len; rdata += label_len; } + /* The root label is one more character, so smaller + * than 1 + 1 means no Svcparam Keys */ assert(*rdata == 0); if (rdata_len < 2) return LDNS_WIREPARSE_ERR_OK; @@ -1075,7 +1077,7 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len, return LDNS_WIREPARSE_ERR_OK; } -static uint16_t +static int sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len) { char buf[64]; @@ -1158,7 +1160,7 @@ sldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len) return LDNS_WIREPARSE_ERR_OK; } - return LDNS_WIREPARSE_ERR_SVCB_PORT_UNKNOWN_KEY; + return LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX; } static int @@ -1174,7 +1176,7 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) if (val[i] == ',') count += 1; if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { - return LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_KEYS; + return LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES; } } @@ -1231,7 +1233,7 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) if (val[i] == ',') count += 1; if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { - return LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS; + return LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES; } } @@ -1307,14 +1309,27 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) *rd_len = 4; while (1) { + int svcparamkey; + if (!(next_key = strchr(val, ','))) { - sldns_write_uint16(rd + *rd_len, - sldns_str2wire_svcparam_key_lookup(val, val_len)); + svcparamkey = sldns_str2wire_svcparam_key_lookup(val, val_len); + + if (svcparamkey < 0) { + return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY; + } + + sldns_write_uint16(rd + *rd_len, svcparamkey); *rd_len += 2; break; } else { + svcparamkey = sldns_str2wire_svcparam_key_lookup(val, next_key - val); + + if (svcparamkey < 0) { + return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY; + } + sldns_write_uint16(rd + *rd_len, - sldns_str2wire_svcparam_key_lookup(val, next_key - val)); + svcparamkey); *rd_len += 2; } @@ -1323,14 +1338,14 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) key_dst += 1; } - /* In draft-ietf-dnsop-svcb-https-05 Section 7: + /* In draft-ietf-dnsop-svcb-https-06 Section 7: * * "In wire format, the keys are represented by their numeric * values in network byte order, concatenated in ascending order." */ qsort((void *)(rd + 4), count, sizeof(uint16_t), sldns_network_uint16_cmp); - /* In draft-ietf-dnsop-svcb-https-05 Section 8 + /* In draft-ietf-dnsop-svcb-https-06 Section 8 * automatically mandatory MUST NOT appear in its own value-list */ if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY) @@ -1403,6 +1418,9 @@ sldns_str2wire_svcbparam_parse_next_unescaped_comma(const char *val) /* The source is already properly unescaped, this double unescaping is purely to allow for * comma's in comma seperated alpn lists. + * + * In draft-ietf-dnsop-svcb-https-06 Section 7: + * To enable simpler parsing, this SvcParamValue MUST NOT contain escape sequences. */ static size_t sldns_str2wire_svcbparam_parse_copy_unescaped(uint8_t *dst, @@ -1476,7 +1494,7 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, const char *val, uint8_t* rd, size_t* rd_len) { size_t str_len; - uint16_t svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len); + int svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len); if (svcparamkey < 0) { return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY; diff --git a/sldns/str2wire.h b/sldns/str2wire.h index cc1fd2078..0c3164989 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -229,11 +229,12 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len); #define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 378 #define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 379 #define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 380 -#define LDNS_WIREPARSE_ERR_SVCB_PORT_UNKNOWN_KEY 381 -#define LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_KEYS 382 -#define LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS 383 +#define LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX 381 +#define LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES 382 +#define LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES 383 #define LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 384 #define LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385 +#define LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386 /** * Get reference to a constant string for the (parse) error. diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 6ed94760a..0437477d9 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -161,16 +161,18 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { "Keys in SvcParam mandatory MUST be unique" }, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, "mandatory MUST not be included as mandatory parameter" }, - { LDNS_WIREPARSE_ERR_SVCB_PORT_UNKNOWN_KEY, + { LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX, "Could not parse port SvcParamValue" }, - { LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_KEYS, + { LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES, "Too many IPv4 addresses in ipv4hint" }, - { LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_KEYS, + { LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES, "Too many IPv6 addresses in ipv6hint" }, { LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE, "Alpn strings need to be smaller than 255 chars"}, { LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE, "No-default-alpn should not have a value" }, + { LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA, + "General SVCParam error" }, { 0, NULL } }; sldns_lookup_table* sldns_wireparse_errors = sldns_wireparse_errors_data; @@ -218,7 +220,7 @@ static sldns_lookup_table sldns_tsig_errors_data[] = { }; sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data; -/* draft-ietf-dnsop-svcb-https-04: 6. Initial SvcParamKeys */ +/* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */ const char *svcparamkey_strs[] = { "mandatory", "alpn", "no-default-alpn", "port", "ipv4hint", "ech", "ipv6hint" diff --git a/sldns/wire2str.h b/sldns/wire2str.h index 0167fe7c1..b1ad459e3 100644 --- a/sldns/wire2str.h +++ b/sldns/wire2str.h @@ -494,6 +494,18 @@ int sldns_wire2str_opcode_buf(int opcode, char* str, size_t len); int sldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str, size_t len); +/** + * Convert wire SVCB to a string with user buffer. + * @param d: the SVCB data in uncompressed wireformat. + * @param dlen: length of the SVCB data. + * @param s: the string to write to. + * @param slen: length of string. + * @return the number of characters for this element, excluding zerobyte. + * Is larger or equal than str_len if output was truncated. + */ +int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, + size_t* slen); + /** * Scan wireformat rdf field to string, with user buffers. * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). From cf02b3167596a732fb1d24a4d7157ec42ed7d08a Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Wed, 23 Jun 2021 15:03:35 +0200 Subject: [PATCH 28/38] comment out sematic errors to default to secondary resolver behaviour --- sldns/str2wire.c | 104 ++++++++++++++++++++++++++--------------------- 1 file changed, 57 insertions(+), 47 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index b7eae2024..e7eab4354 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -664,60 +664,66 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) ,sizeof(uint8_t*) ,sldns_str2wire_svcparam_key_cmp); + + /* The code below revolves around sematic errors in the SVCParam set. + * So long as we do not distinguish between running Unbound as a primary + * or as a secondary, we default to secondary behavior and we ignore the + * sematic errors. */ + /* In draft-ietf-dnsop-svcb-https-06 Section 7: * * Keys (...) MUST NOT appear more than once. * * If they key has already been seen, we have a duplicate */ - for (i = 0; i < nparams; i++) { - uint16_t key = sldns_read_uint16(svcparams[i]); + // for (i = 0; i < nparams; i++) { + // uint16_t key = sldns_read_uint16(svcparams[i]); - if (i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1])) - return LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS; + // if (i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1])) + // return LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS; - if (key == SVCB_KEY_MANDATORY) - mandatory = svcparams[i]; - } + // if (key == SVCB_KEY_MANDATORY) + // mandatory = svcparams[i]; + // } /* 4. verify that all the SvcParamKeys in mandatory are present */ - if (mandatory) { + // if (mandatory) { - /* Divide by sizeof(uint16_t)*/ - uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); + // /* Divide by sizeof(uint16_t)*/ + // uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); - /* Guaranteed by sldns_str2wire_svcparam_key_value */ - assert(mandatory_nkeys > 0); + // /* Guaranteed by sldns_str2wire_svcparam_key_value */ + // assert(mandatory_nkeys > 0); - for (i = 0; i < mandatory_nkeys; i++) { - uint16_t mandatory_key = sldns_read_uint16(mandatory - + 2 * sizeof(uint16_t) - + i * sizeof(uint16_t)); - uint8_t found = 0; + // for (i = 0; i < mandatory_nkeys; i++) { + // uint16_t mandatory_key = sldns_read_uint16(mandatory + // + 2 * sizeof(uint16_t) + // + i * sizeof(uint16_t)); + // uint8_t found = 0; - for (j = 0; j < nparams; j++) { - if (mandatory_key == sldns_read_uint16(svcparams[j])) - found = 1; - } + // for (j = 0; j < nparams; j++) { + // if (mandatory_key == sldns_read_uint16(svcparams[j])) + // found = 1; + // } - if (!found) - return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM; - } + // if (!found) + // return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM; + // } - } + // } - // Write rdata in correct order - for (i = 0; i < nparams; i++) { - uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) - + 2 * sizeof(uint16_t); + /* Write rdata in correct order */ + // for (i = 0; i < nparams; i++) { + // uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) + // + 2 * sizeof(uint16_t); - if (new_rdata_ptr + svcparam_len - new_rdata > sizeof(new_rdata)) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + // if (new_rdata_ptr + svcparam_len - new_rdata > sizeof(new_rdata)) + // return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - memcpy(new_rdata_ptr, svcparams[i], svcparam_len); - new_rdata_ptr += svcparam_len; - } - memcpy(rdata, new_rdata, rdata_len); + // memcpy(new_rdata_ptr, svcparams[i], svcparam_len); + // new_rdata_ptr += svcparam_len; + // } + // memcpy(rdata, new_rdata, rdata_len); return LDNS_WIREPARSE_ERR_OK; } @@ -1345,24 +1351,29 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) */ qsort((void *)(rd + 4), count, sizeof(uint16_t), sldns_network_uint16_cmp); + /* The code below revolves around sematic errors in the SVCParam set. + * So long as we do not distinguish between running Unbound as a primary + * or as a secondary, we default to secondary behavior and we ignore the + * sematic errors. */ + /* In draft-ietf-dnsop-svcb-https-06 Section 8 * automatically mandatory MUST NOT appear in its own value-list */ - if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY) - return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; + // if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY) + // return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; /* Guarantee key uniqueness. After the sort we only need to * compare neighbouring keys */ - if (count > 1) { - for (i = 0; i < count - 1; i++) { - uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i)); - uint16_t key = sldns_read_uint16(current_pos); + // if (count > 1) { + // for (i = 0; i < count - 1; i++) { + // uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i)); + // uint16_t key = sldns_read_uint16(current_pos); - if (key == sldns_read_uint16(current_pos + 2)) { - return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY; - } - } - } + // if (key == sldns_read_uint16(current_pos + 2)) { + // return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY; + // } + // } + // } return LDNS_WIREPARSE_ERR_OK; } @@ -1548,7 +1559,6 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, return LDNS_WIREPARSE_ERR_OK; } - // @TODO think about if this is supposed to be an error? return LDNS_WIREPARSE_ERR_GENERAL; } From 8f27a67d017b6f70465e97fc02fdd6d488700fab Mon Sep 17 00:00:00 2001 From: tcarpay <8014108+TCY16@users.noreply.github.com> Date: Thu, 24 Jun 2021 09:45:08 +0200 Subject: [PATCH 29/38] Add code point comment to HTTPS Co-authored-by: Willem Toorop --- sldns/rrdef.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sldns/rrdef.c b/sldns/rrdef.c index 803a0fa7d..fe5c8e104 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -382,6 +382,7 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 64 */ {LDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 }, + /* 65 */ {LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, From cebdf52c4ee419524ab781cca729c7c265e15255 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Thu, 24 Jun 2021 10:00:12 +0200 Subject: [PATCH 30/38] fix erroneous test --- testdata/svcb.tdir/svcb.test | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testdata/svcb.tdir/svcb.test b/testdata/svcb.tdir/svcb.test index 47968be5f..ac6e90d3f 100644 --- a/testdata/svcb.tdir/svcb.test +++ b/testdata/svcb.tdir/svcb.test @@ -52,7 +52,7 @@ fi # check all the failure cases -if svcb.failure-cases-01 +if $PRE/readzone svcb.failure-cases-01 then echo "Failure case 1: Multiple instances of the same SvcParamKey" echo "Incorrectly succeeded" From 98800771908dfcb8f85682fa7602803ec91b304d Mon Sep 17 00:00:00 2001 From: tcarpay <8014108+TCY16@users.noreply.github.com> Date: Thu, 24 Jun 2021 11:20:41 +0200 Subject: [PATCH 31/38] Apply suggestions from code review Co-authored-by: Willem Toorop --- sldns/str2wire.c | 77 ++++++++++++++++++++++++++---------------------- 1 file changed, 41 insertions(+), 36 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index e7eab4354..db572e4e1 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -628,7 +628,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) size_t nparams = 0, i, j; uint8_t new_rdata[LDNS_MAX_RDFLEN]; uint8_t* new_rdata_ptr = new_rdata; - uint8_t* svcparams[64]; + uint8_t* svcparams[MAX_NUMBER_OF_SVCPARAMS]; uint8_t* mandatory = NULL; uint8_t* rdata_ptr = rdata; uint16_t rdata_remaining = rdata_len; @@ -670,60 +670,61 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) * or as a secondary, we default to secondary behavior and we ignore the * sematic errors. */ +#ifdef SVCB_SEMANTIC_ERRORS /* In draft-ietf-dnsop-svcb-https-06 Section 7: * * Keys (...) MUST NOT appear more than once. * * If they key has already been seen, we have a duplicate */ - // for (i = 0; i < nparams; i++) { - // uint16_t key = sldns_read_uint16(svcparams[i]); + for (i = 0; i < nparams; i++) { + uint16_t key = sldns_read_uint16(svcparams[i]); - // if (i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1])) - // return LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS; + if (i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1])) + return LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS; - // if (key == SVCB_KEY_MANDATORY) - // mandatory = svcparams[i]; - // } + if (key == SVCB_KEY_MANDATORY) + mandatory = svcparams[i]; + } /* 4. verify that all the SvcParamKeys in mandatory are present */ - // if (mandatory) { + if (mandatory) { - // /* Divide by sizeof(uint16_t)*/ - // uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); + /* Divide by sizeof(uint16_t)*/ + uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); - // /* Guaranteed by sldns_str2wire_svcparam_key_value */ - // assert(mandatory_nkeys > 0); + /* Guaranteed by sldns_str2wire_svcparam_key_value */ + assert(mandatory_nkeys > 0); - // for (i = 0; i < mandatory_nkeys; i++) { - // uint16_t mandatory_key = sldns_read_uint16(mandatory - // + 2 * sizeof(uint16_t) - // + i * sizeof(uint16_t)); - // uint8_t found = 0; + for (i = 0; i < mandatory_nkeys; i++) { + uint16_t mandatory_key = sldns_read_uint16(mandatory + + 2 * sizeof(uint16_t) + + i * sizeof(uint16_t)); + uint8_t found = 0; - // for (j = 0; j < nparams; j++) { - // if (mandatory_key == sldns_read_uint16(svcparams[j])) - // found = 1; - // } + for (j = 0; j < nparams; j++) { + if (mandatory_key == sldns_read_uint16(svcparams[j])) + found = 1; + } - // if (!found) - // return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM; - // } - - // } + if (!found) + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM; + } + } +#endif /* Write rdata in correct order */ - // for (i = 0; i < nparams; i++) { - // uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) - // + 2 * sizeof(uint16_t); + for (i = 0; i < nparams; i++) { + uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) + + 2 * sizeof(uint16_t); - // if (new_rdata_ptr + svcparam_len - new_rdata > sizeof(new_rdata)) - // return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + if (new_rdata_ptr + svcparam_len - new_rdata > sizeof(new_rdata)) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - // memcpy(new_rdata_ptr, svcparams[i], svcparam_len); - // new_rdata_ptr += svcparam_len; - // } - // memcpy(rdata, new_rdata, rdata_len); + memcpy(new_rdata_ptr, svcparams[i], svcparam_len); + new_rdata_ptr += svcparam_len; + } + memcpy(rdata, new_rdata, rdata_len); return LDNS_WIREPARSE_ERR_OK; } @@ -1514,12 +1515,14 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, /* key without value */ if (val == NULL) { switch (svcparamkey) { +#ifdef SVCB_SEMANTIC_ERRORS case SVCB_KEY_MANDATORY: case SVCB_KEY_ALPN: case SVCB_KEY_PORT: case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; +#endif default: if (*rd_len < 4) return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; @@ -1541,8 +1544,10 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, return sldns_str2wire_svcbparam_ipv6hint(val, rd, rd_len); case SVCB_KEY_MANDATORY: return sldns_str2wire_svcbparam_mandatory(val, rd, rd_len); +#ifdef SVCB_SEMANTIC_ERRORS case SVCB_KEY_NO_DEFAULT_ALPN: return LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE; +#endif case SVCB_KEY_ECH: return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len); case SVCB_KEY_ALPN: From 9cd15f7ebf62237316e8477526cb134e9af3a36b Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Thu, 24 Jun 2021 15:20:32 +0200 Subject: [PATCH 32/38] remove tests for svcparam semantics --- testdata/svcb.tdir/failure-cases.zone | 95 ----------------- testdata/svcb.tdir/svcb.failure-cases-01 | 7 +- testdata/svcb.tdir/svcb.failure-cases-02 | 4 +- testdata/svcb.tdir/svcb.failure-cases-03 | 4 +- testdata/svcb.tdir/svcb.failure-cases-04 | 4 +- testdata/svcb.tdir/svcb.failure-cases-05 | 8 -- testdata/svcb.tdir/svcb.failure-cases-06 | 8 -- testdata/svcb.tdir/svcb.failure-cases-07 | 8 -- testdata/svcb.tdir/svcb.failure-cases-08 | 8 -- testdata/svcb.tdir/svcb.failure-cases-09 | 9 -- testdata/svcb.tdir/svcb.failure-cases-10 | 10 -- testdata/svcb.tdir/svcb.failure-cases-11 | 10 -- testdata/svcb.tdir/svcb.failure-cases-12 | 8 -- testdata/svcb.tdir/svcb.failure-cases-13 | 8 -- testdata/svcb.tdir/svcb.failure-cases-14 | 8 -- testdata/svcb.tdir/svcb.failure-cases-15 | 8 -- testdata/svcb.tdir/svcb.failure-cases-16 | 8 -- testdata/svcb.tdir/svcb.failure-cases-17 | 8 -- testdata/svcb.tdir/svcb.failure-cases-18 | 8 -- testdata/svcb.tdir/svcb.failure-cases-19 | 9 -- testdata/svcb.tdir/svcb.failure-cases-20 | 10 -- testdata/svcb.tdir/svcb.failure-cases-21 | 9 -- testdata/svcb.tdir/svcb.failure-cases-22 | 8 -- testdata/svcb.tdir/svcb.failure-cases-23 | 8 -- testdata/svcb.tdir/svcb.failure-cases-24 | 8 -- testdata/svcb.tdir/svcb.test | 126 +---------------------- 26 files changed, 12 insertions(+), 397 deletions(-) delete mode 100644 testdata/svcb.tdir/failure-cases.zone delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-05 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-06 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-07 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-08 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-09 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-10 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-11 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-12 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-13 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-14 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-15 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-16 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-17 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-18 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-19 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-20 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-21 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-22 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-23 delete mode 100644 testdata/svcb.tdir/svcb.failure-cases-24 diff --git a/testdata/svcb.tdir/failure-cases.zone b/testdata/svcb.tdir/failure-cases.zone deleted file mode 100644 index 9ca222ea9..000000000 --- a/testdata/svcb.tdir/failure-cases.zone +++ /dev/null @@ -1,95 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - - -@ SOA primary admin 1 3600 1800 7200 3600 - NS primary -primary A 127.0.0.1 - -; This example has multiple instances of the same SvcParamKey - -f01 SVCB 1 foo.example.com. ( - key123=abc key123=def - ) -; In the next examples the SvcParamKeys are missing their values. - -f02 SVCB 1 foo.example.com. mandatory - -; In the next examples the SvcParamKeys are missing their values. - -f03 SVCB 1 foo.example.com. alpn - -; In the next examples the SvcParamKeys are missing their values. - -f04 SVCB 1 foo.example.com. port - -; In the next examples the SvcParamKeys are missing their values. - -f05 SVCB 1 foo.example.com. ipv4hint - -; In the next examples the SvcParamKeys are missing their values. - -f06 SVCB 1 foo.example.com. ipv6hint - -; The "no-default-alpn" SvcParamKey value MUST be empty - -f07 SVCB 1 foo.example.com. no-default-alpn=abc - -; In this record a mandatory SvcParam is missing - -f08 SVCB 1 foo.example.com. mandatory=key123 - -; The "mandatory" SvcParamKey MUST not be included in mandatory list - -f09 SVCB 1 foo.example.com. mandatory=mandatory - -; Here there are multiple instances of the same SvcParamKey in the mandatory list - -f10 SVCB 1 foo.example.com. ( - mandatory=key123,key123 key123=abc - ) - -; This example has multiple instances of the same SvcParamKey - -f11 HTTPS 1 foo.example.com. ( - key123=abc key123=def - ) - -; In the next examples the SvcParamKeys are missing their values. - -f12 HTTPS 1 foo.example.com. mandatory - -; In the next examples the SvcParamKeys are missing their values. - -f13 HTTPS 1 foo.example.com. alpn - -; In the next examples the SvcParamKeys are missing their values. - -f14 HTTPS 1 foo.example.com. port - -; In the next examples the SvcParamKeys are missing their values. - -f15 HTTPS 1 foo.example.com. ipv4hint - -; In the next examples the SvcParamKeys are missing their values. - -f16 HTTPS 1 foo.example.com. ipv6hint - -; The "no-default-alpn" SvcParamKey value MUST be empty - -f17 HTTPS 1 foo.example.com. no-default-alpn=abc - -; In this record a mandatory SvcParam is missing - -f18 HTTPS 1 foo.example.com. mandatory=key123 - -; The "mandatory" SvcParamKey MUST not be included in mandatory list - -f19 HTTPS 1 foo.example.com. mandatory=mandatory - -; Here there are multiple instances of the same SvcParamKey in the mandatory list - -f20 HTTPS 1 foo.example.com. ( - mandatory=key123,key123 key123=abc - ) - diff --git a/testdata/svcb.tdir/svcb.failure-cases-01 b/testdata/svcb.tdir/svcb.failure-cases-01 index 497098b1f..c60151692 100644 --- a/testdata/svcb.tdir/svcb.failure-cases-01 +++ b/testdata/svcb.tdir/svcb.failure-cases-01 @@ -3,8 +3,7 @@ $TTL 3600 @ SOA primary admin 0 0 0 0 0 -; This example has multiple instances of the same SvcParamKey +; Here there are multiple instances of the same SvcParamKey in the mandatory list -f01 SVCB 1 foo.example.com. ( - key123=abc key123=def - ) +f21 HTTPS 1 foo.example.com. ech="123" +f21 HTTPS 1 foo.example.com. echconfig="123" diff --git a/testdata/svcb.tdir/svcb.failure-cases-02 b/testdata/svcb.tdir/svcb.failure-cases-02 index 73656171f..9d6f0186d 100644 --- a/testdata/svcb.tdir/svcb.failure-cases-02 +++ b/testdata/svcb.tdir/svcb.failure-cases-02 @@ -3,6 +3,6 @@ $TTL 3600 @ SOA primary admin 0 0 0 0 0 -; In the next examples the SvcParamKeys are missing their values. +; Port must be a positive number < 65536 -f02 SVCB 1 foo.example.com. mandatory +f22 HTTPS 1 foo.example.com. port=65536 diff --git a/testdata/svcb.tdir/svcb.failure-cases-03 b/testdata/svcb.tdir/svcb.failure-cases-03 index 8ae6c4ab2..bb819daae 100644 --- a/testdata/svcb.tdir/svcb.failure-cases-03 +++ b/testdata/svcb.tdir/svcb.failure-cases-03 @@ -3,6 +3,6 @@ $TTL 3600 @ SOA primary admin 0 0 0 0 0 -; In the next examples the SvcParamKeys are missing their values. +; 65 SvcParams is too many SvcParams; the limit is 64 -f03 SVCB 1 foo.example.com. alpn +f23 HTTPS 1 foo.example.com. ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a key165=a ) \ No newline at end of file diff --git a/testdata/svcb.tdir/svcb.failure-cases-04 b/testdata/svcb.tdir/svcb.failure-cases-04 index 5aa32a83e..ae02ac417 100644 --- a/testdata/svcb.tdir/svcb.failure-cases-04 +++ b/testdata/svcb.tdir/svcb.failure-cases-04 @@ -3,6 +3,6 @@ $TTL 3600 @ SOA primary admin 0 0 0 0 0 -; In the next examples the SvcParamKeys are missing their values. +; 256 is too many characters for an alpn; maximum is 255 -f04 SVCB 1 foo.example.com. port +f23 HTTPS 1 foo.example.com. ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) \ No newline at end of file diff --git a/testdata/svcb.tdir/svcb.failure-cases-05 b/testdata/svcb.tdir/svcb.failure-cases-05 deleted file mode 100644 index 4b2f95cc0..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-05 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In the next examples the SvcParamKeys are missing their values. - -f05 SVCB 1 foo.example.com. ipv4hint diff --git a/testdata/svcb.tdir/svcb.failure-cases-06 b/testdata/svcb.tdir/svcb.failure-cases-06 deleted file mode 100644 index a111846f1..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-06 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In the next examples the SvcParamKeys are missing their values. - -f06 SVCB 1 foo.example.com. ipv6hint diff --git a/testdata/svcb.tdir/svcb.failure-cases-07 b/testdata/svcb.tdir/svcb.failure-cases-07 deleted file mode 100644 index a8512ad4c..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-07 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; The "no-default-alpn" SvcParamKey value MUST be empty - -f07 SVCB 1 foo.example.com. no-default-alpn=abc diff --git a/testdata/svcb.tdir/svcb.failure-cases-08 b/testdata/svcb.tdir/svcb.failure-cases-08 deleted file mode 100644 index 4bbf618cd..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-08 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In this record a mandatory SvcParam is missing - -f08 SVCB 1 foo.example.com. mandatory=key123 diff --git a/testdata/svcb.tdir/svcb.failure-cases-09 b/testdata/svcb.tdir/svcb.failure-cases-09 deleted file mode 100644 index 408e937d4..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-09 +++ /dev/null @@ -1,9 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; The "mandatory" SvcParamKey MUST not be included in mandatory list - -f09 SVCB 1 foo.example.com. mandatory=mandatory - diff --git a/testdata/svcb.tdir/svcb.failure-cases-10 b/testdata/svcb.tdir/svcb.failure-cases-10 deleted file mode 100644 index b1e6ccf5f..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-10 +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; Here there are multiple instances of the same SvcParamKey in the mandatory list - -f10 SVCB 1 foo.example.com. ( - mandatory=key123,key123 key123=abc - ) diff --git a/testdata/svcb.tdir/svcb.failure-cases-11 b/testdata/svcb.tdir/svcb.failure-cases-11 deleted file mode 100644 index ee4d5a431..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-11 +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; This example has multiple instances of the same SvcParamKey - -f01 HTTPS 1 foo.example.com. ( - key123=abc key123=def - ) diff --git a/testdata/svcb.tdir/svcb.failure-cases-12 b/testdata/svcb.tdir/svcb.failure-cases-12 deleted file mode 100644 index e57fa8819..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-12 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In the next examples the SvcParamKeys are missing their values. - -f02 HTTPS 1 foo.example.com. mandatory diff --git a/testdata/svcb.tdir/svcb.failure-cases-13 b/testdata/svcb.tdir/svcb.failure-cases-13 deleted file mode 100644 index 52f3e6242..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-13 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In the next examples the SvcParamKeys are missing their values. - -f03 HTTPS 1 foo.example.com. alpn diff --git a/testdata/svcb.tdir/svcb.failure-cases-14 b/testdata/svcb.tdir/svcb.failure-cases-14 deleted file mode 100644 index 3525d26d3..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-14 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In the next examples the SvcParamKeys are missing their values. - -f04 HTTPS 1 foo.example.com. port diff --git a/testdata/svcb.tdir/svcb.failure-cases-15 b/testdata/svcb.tdir/svcb.failure-cases-15 deleted file mode 100644 index 1ab513725..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-15 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In the next examples the SvcParamKeys are missing their values. - -f05 HTTPS 1 foo.example.com. ipv4hint diff --git a/testdata/svcb.tdir/svcb.failure-cases-16 b/testdata/svcb.tdir/svcb.failure-cases-16 deleted file mode 100644 index 78bed5c24..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-16 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In the next examples the SvcParamKeys are missing their values. - -f06 HTTPS 1 foo.example.com. ipv6hint diff --git a/testdata/svcb.tdir/svcb.failure-cases-17 b/testdata/svcb.tdir/svcb.failure-cases-17 deleted file mode 100644 index 84aede049..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-17 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; The "no-default-alpn" SvcParamKey value MUST be empty - -f07 HTTPS 1 foo.example.com. no-default-alpn=abc diff --git a/testdata/svcb.tdir/svcb.failure-cases-18 b/testdata/svcb.tdir/svcb.failure-cases-18 deleted file mode 100644 index 0ecbc545f..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-18 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; In this record a mandatory SvcParam is missing - -f08 HTTPS 1 foo.example.com. mandatory=key123 diff --git a/testdata/svcb.tdir/svcb.failure-cases-19 b/testdata/svcb.tdir/svcb.failure-cases-19 deleted file mode 100644 index 576556490..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-19 +++ /dev/null @@ -1,9 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; The "mandatory" SvcParamKey MUST not be included in mandatory list - -f09 HTTPS 1 foo.example.com. mandatory=mandatory - diff --git a/testdata/svcb.tdir/svcb.failure-cases-20 b/testdata/svcb.tdir/svcb.failure-cases-20 deleted file mode 100644 index fc4781eaa..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-20 +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; Here there are multiple instances of the same SvcParamKey in the mandatory list - -f10 HTTPS 1 foo.example.com. ( - mandatory=key123,key123 key123=abc - ) diff --git a/testdata/svcb.tdir/svcb.failure-cases-21 b/testdata/svcb.tdir/svcb.failure-cases-21 deleted file mode 100644 index c60151692..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-21 +++ /dev/null @@ -1,9 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; Here there are multiple instances of the same SvcParamKey in the mandatory list - -f21 HTTPS 1 foo.example.com. ech="123" -f21 HTTPS 1 foo.example.com. echconfig="123" diff --git a/testdata/svcb.tdir/svcb.failure-cases-22 b/testdata/svcb.tdir/svcb.failure-cases-22 deleted file mode 100644 index 9d6f0186d..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-22 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; Port must be a positive number < 65536 - -f22 HTTPS 1 foo.example.com. port=65536 diff --git a/testdata/svcb.tdir/svcb.failure-cases-23 b/testdata/svcb.tdir/svcb.failure-cases-23 deleted file mode 100644 index bb819daae..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-23 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; 65 SvcParams is too many SvcParams; the limit is 64 - -f23 HTTPS 1 foo.example.com. ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a key165=a ) \ No newline at end of file diff --git a/testdata/svcb.tdir/svcb.failure-cases-24 b/testdata/svcb.tdir/svcb.failure-cases-24 deleted file mode 100644 index ae02ac417..000000000 --- a/testdata/svcb.tdir/svcb.failure-cases-24 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; 256 is too many characters for an alpn; maximum is 255 - -f23 HTTPS 1 foo.example.com. ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) \ No newline at end of file diff --git a/testdata/svcb.tdir/svcb.test b/testdata/svcb.tdir/svcb.test index ac6e90d3f..c997fbb07 100644 --- a/testdata/svcb.tdir/svcb.test +++ b/testdata/svcb.tdir/svcb.test @@ -54,143 +54,23 @@ fi # check all the failure cases if $PRE/readzone svcb.failure-cases-01 then - echo "Failure case 1: Multiple instances of the same SvcParamKey" + echo "Failure case 21: ech value is not base64 encoded" echo "Incorrectly succeeded" exit 1 elif $PRE/readzone svcb.failure-cases-02 then - echo "Failure case 2: a SvcParamKey is missing a value" + echo "Failure case 22: port value needs to be a positive integer < 65536" echo "Incorrectly succeeded" exit 1 elif $PRE/readzone svcb.failure-cases-03 -then - echo "Failure case 3: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-04 -then - echo "Failure case 4: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-05 -then - echo "Failure case 5: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-06 -then - echo "Failure case 6: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-07 -then - echo "Failure case 7: The \no-default-alpn\" SvcParamKey value MUST be empty - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-08 -then - echo "Failure case 8: a mandatory SvcParam is missing" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-09 -then - echo "Failure case 9: The \"mandatory\" SvcParamKey MUST not be included in mandatory list" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-10 -then - echo "Failure case 10: multiple instances of the same SvcParamKey in the mandatory list" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-11 -then - echo "Failure case 11: Multiple instances of the same SvcParamKey" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-12 -then - echo "Failure case 12: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-13 -then - echo "Failure case 13: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-14 -then - echo "Failure case 14: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-15 -then - echo "Failure case 15: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-16 -then - echo "Failure case 16: a SvcParamKey is missing a value" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-17 -then - echo "Failure case 17: The \no-default-alpn\" SvcParamKey value MUST be empty - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-18 -then - echo "Failure case 18: a mandatory SvcParam is missing" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-19 -then - echo "Failure case 19: The \"mandatory\" SvcParamKey MUST not be included in mandatory list" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-20 -then - echo "Failure case 20: multiple instances of the same SvcParamKey in the mandatory list" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-21 -then - echo "Failure case 21: ech value is not base64 encoded" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-22 -then - echo "Failure case 22: port value needs to be a positive integer < 65536" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-23 then echo "Failure case 23: 65 SvcParams is too many SvcParams; the limit is 64" echo "Incorrectly succeeded" exit 1 -elif $PRE/readzone svcb.failure-cases-23 +elif $PRE/readzone svcb.failure-cases-04 then echo "Failure case 24: 256 is too many characters for an alpn; maximum is 255" echo "Incorrectly succeeded" From e41125495df6033811989d471621d0d16ba20aa3 Mon Sep 17 00:00:00 2001 From: tcarpay <8014108+TCY16@users.noreply.github.com> Date: Thu, 1 Jul 2021 12:45:14 +0200 Subject: [PATCH 33/38] Apply suggestions from code review Co-authored-by: Wouter Wijngaards --- sldns/str2wire.c | 6 +++--- testcode/readzone.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index db572e4e1..642134ecc 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -650,7 +650,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) rdata_ptr += svcbparam_len; nparams += 1; - if (nparams > MAX_NUMBER_OF_SVCPARAMS) + if (nparams >= MAX_NUMBER_OF_SVCPARAMS) return LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS; } @@ -1355,7 +1355,7 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) /* The code below revolves around sematic errors in the SVCParam set. * So long as we do not distinguish between running Unbound as a primary * or as a secondary, we default to secondary behavior and we ignore the - * sematic errors. */ + * semantic errors. */ /* In draft-ietf-dnsop-svcb-https-06 Section 8 * automatically mandatory MUST NOT appear in its own value-list @@ -1467,7 +1467,7 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, val_len = strlen(val); if (val_len > sizeof(unescaped_dst)) { - return LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW; + return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; } while (val_len) { size_t dst_len; diff --git a/testcode/readzone.c b/testcode/readzone.c index 3854465eb..eeab6155d 100644 --- a/testcode/readzone.c +++ b/testcode/readzone.c @@ -1,3 +1,4 @@ +#include "config.h" #include #include #include @@ -5,7 +6,6 @@ #include #include -#include "config.h" #include "sldns/str2wire.h" #include "sldns/wire2str.h" From 3d50c25f5b4d709f3fc1c7229b232289af48ed24 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Thu, 1 Jul 2021 16:59:48 +0200 Subject: [PATCH 34/38] fix comments - 1 --- Makefile.in | 2 +- sldns/str2wire.c | 9 --------- sldns/wire2str.c | 2 +- 3 files changed, 2 insertions(+), 11 deletions(-) diff --git a/Makefile.in b/Makefile.in index 81b188bde..9fbb8f8e0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -330,7 +330,7 @@ TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \ lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \ petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \ $(DNSTAP_SOCKET_TESTBIN) dohclient$(EXEEXT) \ - testbound$(EXEEXT) unittest$(EXEEXT) + testbound$(EXEEXT) unittest$(EXEEXT) readzone$(EXEEXT) tests: all $(TEST_BIN) check: test diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 642134ecc..983074e1e 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1176,7 +1176,6 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) int count; char ip_str[INET_ADDRSTRLEN+1]; char *next_ip_str; - uint32_t *ip_wire_dst = NULL; size_t i; for (i = 0, count = 1; val[i]; i++) { @@ -1218,7 +1217,6 @@ sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) val = next_ip_str + 1; } - ip_wire_dst++; count--; } if (count) /* verify that we parsed all values */ @@ -1233,7 +1231,6 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) int count; char ip_str[INET6_ADDRSTRLEN+1]; char *next_ip_str; - uint32_t *ip_wire_dst = NULL; size_t i; for (i = 0, count = 1; val[i]; i++) { @@ -1269,14 +1266,12 @@ sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) memcpy(ip_str, val, next_ip_str - val); ip_str[next_ip_str - val] = 0; if (inet_pton(AF_INET6, ip_str, rd + *rd_len) != 1) { - val = ip_str; /* to use in error reporting below */ break; } *rd_len += LDNS_IP6ADDRLEN; val = next_ip_str + 1; } - ip_wire_dst++; count--; } if (count) /* verify that we parsed all values */ @@ -1297,7 +1292,6 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) { size_t i, count, val_len; char* next_key; - uint16_t* key_dst = NULL; val_len = strlen(val); @@ -1342,7 +1336,6 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) val_len -= next_key - val + 1; val = next_key + 1; /* skip the comma */ - key_dst += 1; } /* In draft-ietf-dnsop-svcb-https-06 Section 7: @@ -1470,8 +1463,6 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; } while (val_len) { - size_t dst_len; - str_len = (next_str = sldns_str2wire_svcbparam_parse_next_unescaped_comma(val)) ? (size_t)(next_str - val) : val_len; diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 0437477d9..83f0abceb 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -989,7 +989,7 @@ static int sldns_wire2str_svcparam_port2str(char** s, if (data_len != 2) return -1; /* wireformat error, a short is 2 bytes */ w = sldns_str_print(s, slen, "=%d", (int)sldns_read_uint16(data)); - *data += 2; + data += 2; return w; } From 543d6d5c139e192a24f2e0fc6bf9f61109c9bc41 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Fri, 2 Jul 2021 10:53:50 +0200 Subject: [PATCH 35/38] fix final comment: remove superfluous assert --- sldns/str2wire.c | 1 - 1 file changed, 1 deletion(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 983074e1e..9f94f69cd 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -853,7 +853,6 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, } /* The root label is one more character, so smaller * than 1 + 1 means no Svcparam Keys */ - assert(*rdata == 0); if (rdata_len < 2) return LDNS_WIREPARSE_ERR_OK; From a6020e41860bd82032d57cf41996592ebb994f01 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Fri, 2 Jul 2021 11:21:19 +0200 Subject: [PATCH 36/38] change test and error to be in line with new maximum svcb params (nparams >= MAX_NUMBER_OF_SVCPARAMS) --- sldns/wire2str.c | 2 +- testdata/svcb.tdir/svcb.success-cases.zone | 4 ++-- testdata/svcb.tdir/svcb.success-cases.zone.cmp | 2 +- testdata/svcb.tdir/svcb.test | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 83f0abceb..5bfa9f43d 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -154,7 +154,7 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { { LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"}, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" }, { LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS, - "Too many SvcParams. Unbound only allows 64 entries" }, + "Too many SvcParams. Unbound only allows 63 entries" }, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM, "Mandatory SvcParamKey is missing"}, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY, diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone index 896304757..5d6339542 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone +++ b/testdata/svcb.tdir/svcb.success-cases.zone @@ -38,9 +38,9 @@ s06 HTTPS 0 . ech="aGVsbG93b3JsZCE=" ; echconfig is an alias for ech s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE=" -; maximum size allowed in a svcb rdata set (64 SvcParams) +; maximum size allowed in a svcb rdata set (63 SvcParams) -s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a) +s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a) ; maximum alpn size allowed (255 characters) diff --git a/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/testdata/svcb.tdir/svcb.success-cases.zone.cmp index f28bd2ce5..e504e7b18 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone.cmp +++ b/testdata/svcb.tdir/svcb.success-cases.zone.cmp @@ -6,5 +6,5 @@ s04.success-cases. 3600 IN HTTPS 0 . no-default-alpn s05.success-cases. 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853 s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" -s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a" key164="a" +s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a" s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" diff --git a/testdata/svcb.tdir/svcb.test b/testdata/svcb.tdir/svcb.test index c997fbb07..707287d5c 100644 --- a/testdata/svcb.tdir/svcb.test +++ b/testdata/svcb.tdir/svcb.test @@ -54,25 +54,25 @@ fi # check all the failure cases if $PRE/readzone svcb.failure-cases-01 then - echo "Failure case 21: ech value is not base64 encoded" + echo "Failure case 01: ech value is not base64 encoded" echo "Incorrectly succeeded" exit 1 elif $PRE/readzone svcb.failure-cases-02 then - echo "Failure case 22: port value needs to be a positive integer < 65536" + echo "Failure case 02: port value needs to be a positive integer < 65536" echo "Incorrectly succeeded" exit 1 elif $PRE/readzone svcb.failure-cases-03 then - echo "Failure case 23: 65 SvcParams is too many SvcParams; the limit is 64" + echo "Failure case 02: 65 SvcParams is too many SvcParams; the limit is 64" echo "Incorrectly succeeded" exit 1 elif $PRE/readzone svcb.failure-cases-04 then - echo "Failure case 24: 256 is too many characters for an alpn; maximum is 255" + echo "Failure case 04: 256 is too many characters for an alpn; maximum is 255" echo "Incorrectly succeeded" exit 1 else From 877aa8df55bea67dac6b66cbe2435bfbe93a09a3 Mon Sep 17 00:00:00 2001 From: tcarpay <8014108+TCY16@users.noreply.github.com> Date: Fri, 2 Jul 2021 13:14:47 +0200 Subject: [PATCH 37/38] Apply suggestions from code review Co-authored-by: Willem Toorop --- sldns/str2wire.c | 28 ++++++++++++++-------------- sldns/wire2str.c | 1 - 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 9f94f69cd..55c38e12d 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -853,7 +853,7 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, } /* The root label is one more character, so smaller * than 1 + 1 means no Svcparam Keys */ - if (rdata_len < 2) + if (rdata_len < 2 || *rdata != 0) return LDNS_WIREPARSE_ERR_OK; rdata_len -= 1; @@ -1348,26 +1348,26 @@ sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) * So long as we do not distinguish between running Unbound as a primary * or as a secondary, we default to secondary behavior and we ignore the * semantic errors. */ - +#ifdef SVCB_SEMANTIC_ERRORS /* In draft-ietf-dnsop-svcb-https-06 Section 8 * automatically mandatory MUST NOT appear in its own value-list */ - // if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY) - // return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; + if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY) + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; /* Guarantee key uniqueness. After the sort we only need to * compare neighbouring keys */ - // if (count > 1) { - // for (i = 0; i < count - 1; i++) { - // uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i)); - // uint16_t key = sldns_read_uint16(current_pos); - - // if (key == sldns_read_uint16(current_pos + 2)) { - // return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY; - // } - // } - // } + if (count > 1) { + for (i = 0; i < count - 1; i++) { + uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i)); + uint16_t key = sldns_read_uint16(current_pos); + if (key == sldns_read_uint16(current_pos + 2)) { + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY; + } + } + } +#endif return LDNS_WIREPARSE_ERR_OK; } diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 5bfa9f43d..6a177ec0b 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -989,7 +989,6 @@ static int sldns_wire2str_svcparam_port2str(char** s, if (data_len != 2) return -1; /* wireformat error, a short is 2 bytes */ w = sldns_str_print(s, slen, "=%d", (int)sldns_read_uint16(data)); - data += 2; return w; } From 711087bb13b44699b2d1fcb25aff04a1fe4e6ce5 Mon Sep 17 00:00:00 2001 From: Tom Carpay Date: Fri, 2 Jul 2021 14:15:33 +0200 Subject: [PATCH 38/38] rename var to remove shadow variable --- sldns/str2wire.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 150b4513c..8e2b0dbd8 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1466,6 +1466,8 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; } while (val_len) { + size_t key_len; + str_len = (next_str = sldns_str2wire_svcbparam_parse_next_unescaped_comma(val)) ? (size_t)(next_str - val) : val_len; @@ -1473,9 +1475,9 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; } - dst_len = sldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len); - *dst++ = dst_len; - dst += dst_len; + key_len = sldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len); + *dst++ = key_len; + dst += key_len; if (!next_str) break;