165b390aaSDag-Erling Smørgrav /* 265b390aaSDag-Erling Smørgrav * edns-subnet/subnet-whitelist.h - Hosts we actively try to send subnet option 365b390aaSDag-Erling Smørgrav * to. 465b390aaSDag-Erling Smørgrav * 565b390aaSDag-Erling Smørgrav * Copyright (c) 2013, NLnet Labs. All rights reserved. 665b390aaSDag-Erling Smørgrav * 765b390aaSDag-Erling Smørgrav * This software is open source. 865b390aaSDag-Erling Smørgrav * 965b390aaSDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 1065b390aaSDag-Erling Smørgrav * modification, are permitted provided that the following conditions 1165b390aaSDag-Erling Smørgrav * are met: 1265b390aaSDag-Erling Smørgrav * 1365b390aaSDag-Erling Smørgrav * Redistributions of source code must retain the above copyright notice, 1465b390aaSDag-Erling Smørgrav * this list of conditions and the following disclaimer. 1565b390aaSDag-Erling Smørgrav * 1665b390aaSDag-Erling Smørgrav * Redistributions in binary form must reproduce the above copyright notice, 1765b390aaSDag-Erling Smørgrav * this list of conditions and the following disclaimer in the documentation 1865b390aaSDag-Erling Smørgrav * and/or other materials provided with the distribution. 1965b390aaSDag-Erling Smørgrav * 2065b390aaSDag-Erling Smørgrav * Neither the name of the NLNET LABS nor the names of its contributors may 2165b390aaSDag-Erling Smørgrav * be used to endorse or promote products derived from this software without 2265b390aaSDag-Erling Smørgrav * specific prior written permission. 2365b390aaSDag-Erling Smørgrav * 2465b390aaSDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 2565b390aaSDag-Erling Smørgrav * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 2665b390aaSDag-Erling Smørgrav * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 2765b390aaSDag-Erling Smørgrav * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 2865b390aaSDag-Erling Smørgrav * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 2965b390aaSDag-Erling Smørgrav * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 3065b390aaSDag-Erling Smørgrav * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 3165b390aaSDag-Erling Smørgrav * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 3265b390aaSDag-Erling Smørgrav * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 3365b390aaSDag-Erling Smørgrav * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 3465b390aaSDag-Erling Smørgrav * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 3565b390aaSDag-Erling Smørgrav */ 3665b390aaSDag-Erling Smørgrav /** 3765b390aaSDag-Erling Smørgrav * \file 3865b390aaSDag-Erling Smørgrav * 39*c7f4d7adSDag-Erling Smørgrav * Keep track of the white listed servers and domain names for subnet option. 40*c7f4d7adSDag-Erling Smørgrav * Based on acl_list.c|h 4165b390aaSDag-Erling Smørgrav */ 4265b390aaSDag-Erling Smørgrav 4365b390aaSDag-Erling Smørgrav #ifndef EDNSSUBNET_WHITELIST_H 4465b390aaSDag-Erling Smørgrav #define EDNSSUBNET_WHITELIST_H 4565b390aaSDag-Erling Smørgrav #include "util/storage/dnstree.h" 4665b390aaSDag-Erling Smørgrav 4765b390aaSDag-Erling Smørgrav struct config_file; 4865b390aaSDag-Erling Smørgrav struct regional; 4965b390aaSDag-Erling Smørgrav 5065b390aaSDag-Erling Smørgrav /** 51*c7f4d7adSDag-Erling Smørgrav * ecs_whitelist structure 5265b390aaSDag-Erling Smørgrav */ 53*c7f4d7adSDag-Erling Smørgrav struct ecs_whitelist { 5465b390aaSDag-Erling Smørgrav /** regional for allocation */ 5565b390aaSDag-Erling Smørgrav struct regional* region; 5665b390aaSDag-Erling Smørgrav /** 5765b390aaSDag-Erling Smørgrav * Tree of the address spans that are whitelisted. 5865b390aaSDag-Erling Smørgrav * contents of type addr_tree_node. Each node is an address span 5965b390aaSDag-Erling Smørgrav * Unbound will append subnet option for. 6065b390aaSDag-Erling Smørgrav */ 61*c7f4d7adSDag-Erling Smørgrav rbtree_type upstream; 62*c7f4d7adSDag-Erling Smørgrav /** 63*c7f4d7adSDag-Erling Smørgrav * Tree of domain names for which Unbound will append an ECS option. 64*c7f4d7adSDag-Erling Smørgrav * rbtree of struct name_tree_node. 65*c7f4d7adSDag-Erling Smørgrav */ 66*c7f4d7adSDag-Erling Smørgrav rbtree_type dname; 6765b390aaSDag-Erling Smørgrav }; 6865b390aaSDag-Erling Smørgrav 6965b390aaSDag-Erling Smørgrav /** 70*c7f4d7adSDag-Erling Smørgrav * Create ecs_whitelist structure 7165b390aaSDag-Erling Smørgrav * @return new structure or NULL on error. 7265b390aaSDag-Erling Smørgrav */ 73*c7f4d7adSDag-Erling Smørgrav struct ecs_whitelist* ecs_whitelist_create(void); 7465b390aaSDag-Erling Smørgrav 7565b390aaSDag-Erling Smørgrav /** 76*c7f4d7adSDag-Erling Smørgrav * Delete ecs_whitelist structure. 77*c7f4d7adSDag-Erling Smørgrav * @param whitelist: to delete. 7865b390aaSDag-Erling Smørgrav */ 79*c7f4d7adSDag-Erling Smørgrav void ecs_whitelist_delete(struct ecs_whitelist* whitelist); 8065b390aaSDag-Erling Smørgrav 8165b390aaSDag-Erling Smørgrav /** 82*c7f4d7adSDag-Erling Smørgrav * Process ecs_whitelist config. 83*c7f4d7adSDag-Erling Smørgrav * @param whitelist: where to store. 8465b390aaSDag-Erling Smørgrav * @param cfg: config options. 8565b390aaSDag-Erling Smørgrav * @return 0 on error. 8665b390aaSDag-Erling Smørgrav */ 87*c7f4d7adSDag-Erling Smørgrav int ecs_whitelist_apply_cfg(struct ecs_whitelist* whitelist, 8865b390aaSDag-Erling Smørgrav struct config_file* cfg); 8965b390aaSDag-Erling Smørgrav 9065b390aaSDag-Erling Smørgrav /** 91*c7f4d7adSDag-Erling Smørgrav * See if an address or domain is whitelisted. 92*c7f4d7adSDag-Erling Smørgrav * @param whitelist: structure for address storage. 9365b390aaSDag-Erling Smørgrav * @param addr: address to check 9465b390aaSDag-Erling Smørgrav * @param addrlen: length of addr. 95*c7f4d7adSDag-Erling Smørgrav * @param qname: dname in query 96*c7f4d7adSDag-Erling Smørgrav * @param qname_len: length of dname 97*c7f4d7adSDag-Erling Smørgrav * @param qclass: class in query 9865b390aaSDag-Erling Smørgrav * @return: true if the address is whitelisted for subnet option. 9965b390aaSDag-Erling Smørgrav */ 100*c7f4d7adSDag-Erling Smørgrav int ecs_is_whitelisted(struct ecs_whitelist* whitelist, 101*c7f4d7adSDag-Erling Smørgrav struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* qname, 102*c7f4d7adSDag-Erling Smørgrav size_t qname_len, uint16_t qclass); 10365b390aaSDag-Erling Smørgrav 10465b390aaSDag-Erling Smørgrav /** 105*c7f4d7adSDag-Erling Smørgrav * Get memory used by ecs_whitelist structure. 106*c7f4d7adSDag-Erling Smørgrav * @param whitelist: structure for address storage. 10765b390aaSDag-Erling Smørgrav * @return bytes in use. 10865b390aaSDag-Erling Smørgrav */ 109*c7f4d7adSDag-Erling Smørgrav size_t ecs_whitelist_get_mem(struct ecs_whitelist* whitelist); 11065b390aaSDag-Erling Smørgrav 11165b390aaSDag-Erling Smørgrav #endif /* EDNSSUBNET_WHITELIST_H */ 112