Functions
iter_priv.c File Reference

This file contains functions to assist the iterator module. More...

#include "config.h"
#include "iterator/iter_priv.h"
#include "util/regional.h"
#include "util/log.h"
#include "util/config_file.h"
#include "util/data/dname.h"
#include "util/data/msgparse.h"
#include "util/net_help.h"
#include "util/storage/dnstree.h"
#include "sldns/str2wire.h"
#include "sldns/sbuffer.h"

Functions

struct iter_privpriv_create (void)
 Create priv structure.
 
void priv_delete (struct iter_priv *priv)
 Delete priv structure.
 
static int read_addrs (struct iter_priv *priv, struct config_file *cfg)
 Read private-addr declarations from config.
 
static int read_names (struct iter_priv *priv, struct config_file *cfg)
 Read private-domain declarations from config.
 
int priv_apply_cfg (struct iter_priv *priv, struct config_file *cfg)
 Process priv config.
 
static int priv_lookup_addr (struct iter_priv *priv, struct sockaddr_storage *addr, socklen_t addrlen)
 See if an address is blocked.
 
static int priv_lookup_name (struct iter_priv *priv, sldns_buffer *pkt, uint8_t *name, size_t name_len, uint16_t dclass)
 See if a name is whitelisted.
 
size_t priv_get_mem (struct iter_priv *priv)
 Get memory used by priv structure.
 
static int svcb_ipv4hint_contains_priv_addr (struct iter_priv *priv, uint8_t *d, uint16_t data_len, struct sockaddr_storage *addr, socklen_t *addrlen)
 Check if svcparam ipv4hint contains a private address.
 
static int svcb_ipv6hint_contains_priv_addr (struct iter_priv *priv, uint8_t *d, uint16_t data_len, struct sockaddr_storage *addr, socklen_t *addrlen)
 Check if svcparam ipv6hint contains a private address.
 
static int svcb_rr_contains_priv_addr (struct iter_priv *priv, sldns_buffer *pkt, struct rr_parse *rr, struct sockaddr_storage *addr, socklen_t *addrlen)
 Check if type SVCB and HTTPS rdata contains a private address.
 
static int priv_svcb_rrset_bad (struct iter_priv *priv, sldns_buffer *pkt, struct rrset_parse *rrset)
 Check if the SVCB and HTTPS rrset is bad.
 
int priv_rrset_bad (struct iter_priv *priv, sldns_buffer *pkt, struct rrset_parse *rrset)
 See if rrset is bad.
 

Detailed Description

This file contains functions to assist the iterator module.

Keep track of the private addresses and lookup fast.

Function Documentation

◆ priv_create()

struct iter_priv * priv_create ( void  )

Create priv structure.

Returns
new structure or NULL on error.

References iter_priv::a, addr_tree_init(), iter_priv::n, name_tree_init(), priv_delete(), iter_priv::region, and regional_create().

Referenced by fr_construct_from_config(), and iter_apply_cfg().

◆ priv_delete()

void priv_delete ( struct iter_priv priv)

Delete priv structure.

Parameters
privto delete.

References iter_priv::region, and regional_destroy().

Referenced by fr_construct_clear(), iter_deinit(), and priv_create().

◆ priv_apply_cfg()

int priv_apply_cfg ( struct iter_priv priv,
struct config_file cfg 
)

Process priv config.

Parameters
privwhere to store.
cfgconfig options.
Returns
0 on error.

References iter_priv::a, addr_tree_init(), addr_tree_init_parents(), iter_priv::n, name_tree_init(), name_tree_init_parents(), read_addrs(), read_names(), iter_priv::region, and regional_free_all().

Referenced by fr_construct_from_config(), and iter_apply_cfg().

◆ priv_lookup_addr()

static int priv_lookup_addr ( struct iter_priv priv,
struct sockaddr_storage *  addr,
socklen_t  addrlen 
)
static

See if an address is blocked.

Parameters
privstructure for address storage.
addraddress to check
addrlenlength of addr.
Returns
: true if the address must not be queried. false if unlisted.

References iter_priv::a, and addr_tree_lookup().

Referenced by priv_rrset_bad(), svcb_ipv4hint_contains_priv_addr(), and svcb_ipv6hint_contains_priv_addr().

◆ priv_lookup_name()

static int priv_lookup_name ( struct iter_priv priv,
sldns_buffer pkt,
uint8_t *  name,
size_t  name_len,
uint16_t  dclass 
)
static

See if a name is whitelisted.

Parameters
privstructure for address storage.
pktthe packet (for compression ptrs).
namename to check.
name_lenuncompressed length of the name to check.
dclassclass to check.
Returns
: true if the name is OK. false if unlisted.

References name_tree_node::dclass, dname_count_size_labels(), dname_pkt_copy(), name_tree_node::labs, name_tree_node::len, log_assert, iter_priv::n, name_tree_node::name, and name_tree_lookup().

Referenced by priv_rrset_bad().

◆ priv_get_mem()

size_t priv_get_mem ( struct iter_priv priv)

Get memory used by priv structure.

Parameters
privstructure for address storage.
Returns
bytes in use.

References iter_priv::region, and regional_get_mem().

Referenced by iter_get_mem().

◆ svcb_ipv4hint_contains_priv_addr()

static int svcb_ipv4hint_contains_priv_addr ( struct iter_priv priv,
uint8_t *  d,
uint16_t  data_len,
struct sockaddr_storage *  addr,
socklen_t *  addrlen 
)
static

Check if svcparam ipv4hint contains a private address.

Parameters
privprivate address lookup struct.
dthe data bytes.
data_lennumber of data bytes in the svcparam.
addraddress to return the private address to log in to. It has space for IPv4 and IPv6 addresses.
addrlenlength of the addr. Returns the correct size for the addr.
Returns
true if the rdata contains a private address.

References priv_lookup_addr().

Referenced by svcb_rr_contains_priv_addr().

◆ svcb_ipv6hint_contains_priv_addr()

static int svcb_ipv6hint_contains_priv_addr ( struct iter_priv priv,
uint8_t *  d,
uint16_t  data_len,
struct sockaddr_storage *  addr,
socklen_t *  addrlen 
)
static

Check if svcparam ipv6hint contains a private address.

Parameters
privprivate address lookup struct.
dthe data bytes.
data_lennumber of data bytes in the svcparam.
addraddress to return the private address to log in to. It has space for IPv4 and IPv6 addresses.
addrlenlength of the addr. Returns the correct size for the addr.
Returns
true if the rdata contains a private address.

References priv_lookup_addr().

Referenced by svcb_rr_contains_priv_addr().

◆ svcb_rr_contains_priv_addr()

static int svcb_rr_contains_priv_addr ( struct iter_priv priv,
sldns_buffer pkt,
struct rr_parse rr,
struct sockaddr_storage *  addr,
socklen_t *  addrlen 
)
static

Check if type SVCB and HTTPS rdata contains a private address.

Parameters
privprivate address lookup struct.
pktthe packet.
rrthe rr with rdata to check.
addraddress to return the private address to log in to.
addrlenlength of the addr. Initially the total size, on return the correct size for the addr.
Returns
true if the rdata contains a private address.

References pkt_dname_len(), sldns_buffer_begin(), sldns_buffer_position(), sldns_buffer_set_position(), svcb_ipv4hint_contains_priv_addr(), svcb_ipv6hint_contains_priv_addr(), and rr_parse::ttl_data.

Referenced by priv_svcb_rrset_bad().

◆ priv_svcb_rrset_bad()

static int priv_svcb_rrset_bad ( struct iter_priv priv,
sldns_buffer pkt,
struct rrset_parse rrset 
)
static

Check if the SVCB and HTTPS rrset is bad.

Parameters
privprivate address lookup struct.
pktthe packet.
rrsetthe rrset to check.
Returns
1 if the entire rrset has to be removed. 0 if not. It removes RRs if they have private addresses, and log that.

References msgparse_rrset_remove_rr(), rr_parse::next, rrset_parse::rr_first, and svcb_rr_contains_priv_addr().

Referenced by priv_rrset_bad().

◆ priv_rrset_bad()

int priv_rrset_bad ( struct iter_priv priv,
struct sldns_buffer pkt,
struct rrset_parse rrset 
)

See if rrset is bad.

Will remove individual RRs that are bad (if possible) to sanitize the RRset without removing it completely.

Parameters
privstructure for private address storage.
pktpacket to decompress rrset name in.
rrsetthe rrset to examine, A or AAAA.
Returns
true if the rrset is bad and should be removed.

References iter_priv::a, rbtree_type::count, rrset_parse::dname, rrset_parse::dname_len, INET6_SIZE, INET_SIZE, LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, msgparse_rrset_remove_rr(), rr_parse::next, priv_lookup_addr(), priv_lookup_name(), priv_svcb_rrset_bad(), rrset_parse::rr_first, rrset_parse::rrset_class, rr_parse::ttl_data, and rrset_parse::type.

Referenced by scrub_sanitize().