xref: /minix3/external/bsd/bind/dist/lib/dns/include/dns/dns64.h (revision 00b67f09dd46474d133c95011a48590a8e8f94c7) 
1 /*	$NetBSD: dns64.h,v 1.5 2014/12/10 04:37:58 christos Exp $	*/
2 
3 /*
4  * Copyright (C) 2010, 2014  Internet Systems Consortium, Inc. ("ISC")
5  *
6  * Permission to use, copy, modify, and/or distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16  * PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 /* Id: dns64.h,v 1.3 2010/12/08 23:51:56 tbox Exp  */
20 
21 #ifndef DNS_DNS64_H
22 #define DNS_DNS64_H 1
23 
24 #include <isc/lang.h>
25 
26 #include <dns/types.h>
27 
28 ISC_LANG_BEGINDECLS
29 
30 /*
31  * dns_dns64_create() flags.
32  */
33 #define DNS_DNS64_RECURSIVE_ONLY	0x01	/* If set then this record
34 						 * only applies to recursive
35 						 * queries.
36 						 */
37 #define DNS_DNS64_BREAK_DNSSEC		0x02	/* If set then still perform
38 						 * DNSSEC synthesis even
39 						 * though the result would
40 						 * fail validation.
41 						 */
42 
43 /*
44  * dns_dns64_aaaaok() and dns_dns64_aaaafroma() flags.
45  */
46 #define DNS_DNS64_RECURSIVE		0x01	/* Recursive query. */
47 #define DNS_DNS64_DNSSEC		0x02	/* DNSSEC sensitive query. */
48 
49 isc_result_t
50 dns_dns64_create(isc_mem_t *mctx, isc_netaddr_t *prefix,
51 		 unsigned int prefixlen, isc_netaddr_t *suffix,
52 		 dns_acl_t *client, dns_acl_t *mapped, dns_acl_t *excluded,
53 		 unsigned int flags, dns_dns64_t **dns64);
54 /*
55  * Create a dns64 record which is used to identify the set of clients
56  * it applies to and how to perform the DNS64 synthesis.
57  *
58  * 'prefix' and 'prefixlen' defined the leading bits of the AAAA records
59  * to be synthesised.  'suffix' defines the bits after the A records bits.
60  * If suffix is NULL zeros will be used for these bits.  'client' defines
61  * for which clients this record applies.  If 'client' is NULL then all
62  * clients apply.  'mapped' defines which A records are candidated for
63  * mapping.  If 'mapped' is NULL then all A records will be mapped.
64  * 'excluded' defines which AAAA are to be treated as non-existent for the
65  * purposed of determining whether to perform syntesis.  If 'excluded' is
66  * NULL then no AAAA records prevent synthesis.
67  *
68  * If DNS_DNS64_RECURSIVE_ONLY is set then the record will only match if
69  * DNS_DNS64_RECURSIVE is set when calling  dns_dns64_aaaaok() and
70  * dns_dns64_aaaafroma().
71  *
72  * If DNS_DNS64_BREAK_DNSSEC is set then the record will still apply if
73  * DNS_DNS64_DNSSEC is set when calling  dns_dns64_aaaaok() and
74  * dns_dns64_aaaafroma() otherwise the record will be ignored.
75  *
76  * Requires:
77  *      'mctx'          to be valid.
78  *      'prefix'        to be valid and the address family to AF_INET6.
79  *      'prefixlen'     to be one of 32, 40, 48, 56, 72 and 96.
80  *                      the bits not covered by prefixlen in prefix to
81  *                      be zero.
82  *      'suffix'        to be NULL or the address family be set to AF_INET6
83  *                      and the leading 'prefixlen' + 32 bits of the 'suffix'
84  *                      to be zero.  If 'prefixlen' is 40, 48 or 56 then the
85  *                      the leading 'prefixlen' + 40 bits of 'suffix' must be
86  *                      zero.
87  *	'client'	to be NULL or a valid acl.
88  *	'mapped'	to be NULL or a valid acl.
89  *	'excluded'	to be NULL or a valid acl.
90  *
91  * Returns:
92  *	ISC_R_SUCCESS
93  *	ISC_R_NOMEMORY
94  */
95 
96 void
97 dns_dns64_destroy(dns_dns64_t **dns64p);
98 /*
99  * Destroys a dns64 record.
100  *
101  * Requires the record to not be linked.
102  */
103 
104 isc_result_t
105 dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
106 		    const dns_name_t *reqsigner, const dns_aclenv_t *env,
107 		    unsigned int flags, unsigned char *a, unsigned char *aaaa);
108 /*
109  * dns_dns64_aaaafroma() determines whether to perform a DNS64 address
110  * synthesis from 'a' based on 'dns64', 'reqaddr', 'reqsigner', 'env',
111  * 'flags' and 'aaaa'.  If synthesis is performed then the result is
112  * written to '*aaaa'.
113  *
114  * The synthesised address will be of the form:
115  *
116  *	 <prefix bits><a bits><suffix bits>
117  *
118  * If <a bits> straddle bits 64-71 of the AAAA record, then 8 zero bits will
119  * be inserted at bits 64-71.
120  *
121  * Requires:
122  *	'dns64'		to be valid.
123  *	'reqaddr'	to be valid.
124  *	'reqsigner'	to be NULL or valid.
125  *	'env'		to be valid.
126  *	'a'		to point to a IPv4 address in network order.
127  *	'aaaa'		to point to a IPv6 address buffer in network order.
128  *
129  * Returns:
130  *	ISC_R_SUCCESS		if synthesis was performed.
131  *	DNS_R_DISALLOWED	if there is no match.
132  */
133 
134 dns_dns64_t *
135 dns_dns64_next(dns_dns64_t *dns64);
136 /*
137  * Return the next dns64 record in the list.
138  */
139 
140 void
141 dns_dns64_append(dns_dns64list_t *list, dns_dns64_t *dns64);
142 /*
143  * Append the dns64 record to the list.
144  */
145 
146 void
147 dns_dns64_unlink(dns_dns64list_t *list, dns_dns64_t *dns64);
148 /*
149  * Unlink the dns64 record from the list.
150  */
151 
152 isc_boolean_t
153 dns_dns64_aaaaok(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
154 		 const dns_name_t *reqsigner, const dns_aclenv_t *env,
155 		 unsigned int flags, dns_rdataset_t *rdataset,
156 		 isc_boolean_t *aaaaok, size_t aaaaoklen);
157 /*
158  * Determine if there are any non-excluded AAAA records in from the
159  * matching dns64 records in the list starting at 'dns64'.  If there
160  * is a non-exluded address return ISC_TRUE.  If all addresses are
161  * excluded in the matched records return ISC_FALSE.   If no records
162  * match then return ISC_TRUE.
163  *
164  * If aaaaok is defined then dns_dns64_aaaaok() return a array of which
165  * addresses in 'rdataset' were deemed to not be exclude by any matching
166  * record.  If there are no matching records then all entries are set
167  * to ISC_TRUE.
168  *
169  * Requires
170  * 	'rdataset'	to be valid and to be for type AAAA and class IN.
171  *	'aaaaoklen'	must match the number of records in 'rdataset'
172  *			if 'aaaaok' in non NULL.
173  */
174 
175 ISC_LANG_ENDDECLS
176 
177 #endif /* DNS_DNS64_H */
178