1 /* 2 * util/net_help.h - network help functions 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains functions to perform network related tasks. 40 */ 41 42 #ifndef NET_HELP_H 43 #define NET_HELP_H 44 #include "util/log.h" 45 struct sock_list; 46 struct regional; 47 48 /** DNS constants for uint16_t style flag manipulation. host byteorder. 49 * 1 1 1 1 1 1 50 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 51 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 52 * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | 53 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 54 */ 55 /** CD flag */ 56 #define BIT_CD 0x0010 57 /** AD flag */ 58 #define BIT_AD 0x0020 59 /** Z flag */ 60 #define BIT_Z 0x0040 61 /** RA flag */ 62 #define BIT_RA 0x0080 63 /** RD flag */ 64 #define BIT_RD 0x0100 65 /** TC flag */ 66 #define BIT_TC 0x0200 67 /** AA flag */ 68 #define BIT_AA 0x0400 69 /** QR flag */ 70 #define BIT_QR 0x8000 71 /** get RCODE bits from uint16 flags */ 72 #define FLAGS_GET_RCODE(f) ((f) & 0xf) 73 /** set RCODE bits in uint16 flags */ 74 #define FLAGS_SET_RCODE(f, r) (f = (((f) & 0xfff0) | (r))) 75 76 /** timeout in seconds for UDP queries to auth servers. */ 77 #define UDP_AUTH_QUERY_TIMEOUT 4 78 /** timeout in seconds for TCP queries to auth servers. */ 79 #define TCP_AUTH_QUERY_TIMEOUT 30 80 /** Advertised version of EDNS capabilities */ 81 #define EDNS_ADVERTISED_VERSION 0 82 /** Advertised size of EDNS capabilities */ 83 extern uint16_t EDNS_ADVERTISED_SIZE; 84 /** bits for EDNS bitfield */ 85 #define EDNS_DO 0x8000 /* Dnssec Ok */ 86 /** byte size of ip4 address */ 87 #define INET_SIZE 4 88 /** byte size of ip6 address */ 89 #define INET6_SIZE 16 90 91 /** DNSKEY zone sign key flag */ 92 #define DNSKEY_BIT_ZSK 0x0100 93 /** DNSKEY secure entry point, KSK flag */ 94 #define DNSKEY_BIT_SEP 0x0001 95 96 /** minimal responses when positive answer */ 97 extern int MINIMAL_RESPONSES; 98 99 /** rrset order roundrobin */ 100 extern int RRSET_ROUNDROBIN; 101 102 /** 103 * See if string is ip4 or ip6. 104 * @param str: IP specification. 105 * @return: true if string addr is an ip6 specced address. 106 */ 107 int str_is_ip6(const char* str); 108 109 /** 110 * Set fd nonblocking. 111 * @param s: file descriptor. 112 * @return: 0 on error (error is printed to log). 113 */ 114 int fd_set_nonblock(int s); 115 116 /** 117 * Set fd (back to) blocking. 118 * @param s: file descriptor. 119 * @return: 0 on error (error is printed to log). 120 */ 121 int fd_set_block(int s); 122 123 /** 124 * See if number is a power of 2. 125 * @param num: the value. 126 * @return: true if the number is a power of 2. 127 */ 128 int is_pow2(size_t num); 129 130 /** 131 * Allocate memory and copy over contents. 132 * @param data: what to copy over. 133 * @param len: length of data. 134 * @return: NULL on malloc failure, or newly malloced data. 135 */ 136 void* memdup(void* data, size_t len); 137 138 /** 139 * Prints the sockaddr in readable format with log_info. Debug helper. 140 * @param v: at what verbosity level to print this. 141 * @param str: descriptive string printed with it. 142 * @param addr: the sockaddr to print. Can be ip4 or ip6. 143 * @param addrlen: length of addr. 144 */ 145 void log_addr(enum verbosity_value v, const char* str, 146 struct sockaddr_storage* addr, socklen_t addrlen); 147 148 /** 149 * Prints zone name and sockaddr in readable format with log_info. Debug. 150 * @param v: at what verbosity level to print this. 151 * @param str: descriptive string printed with it. 152 * @param zone: DNS domain name, uncompressed wireformat. 153 * @param addr: the sockaddr to print. Can be ip4 or ip6. 154 * @param addrlen: length of addr. 155 */ 156 void log_name_addr(enum verbosity_value v, const char* str, uint8_t* zone, 157 struct sockaddr_storage* addr, socklen_t addrlen); 158 159 /** 160 * Log errno and addr. 161 * @param str: descriptive string printed with it. 162 * @param err: errno string to print, i.e. strerror(errno). 163 * @param addr: the sockaddr to print. Can be ip4 or ip6. 164 * @param addrlen: length of addr. 165 */ 166 void log_err_addr(const char* str, const char* err, 167 struct sockaddr_storage* addr, socklen_t addrlen); 168 169 /** 170 * Convert address string, with "@port" appendix, to sockaddr. 171 * Uses DNS port by default. 172 * @param str: the string 173 * @param addr: where to store sockaddr. 174 * @param addrlen: length of stored sockaddr is returned. 175 * @return 0 on error. 176 */ 177 int extstrtoaddr(const char* str, struct sockaddr_storage* addr, 178 socklen_t* addrlen); 179 180 /** 181 * Convert ip address string and port to sockaddr. 182 * @param ip: ip4 or ip6 address string. 183 * @param port: port number, host format. 184 * @param addr: where to store sockaddr. 185 * @param addrlen: length of stored sockaddr is returned. 186 * @return 0 on error. 187 */ 188 int ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 189 socklen_t* addrlen); 190 191 /** 192 * Convert ip netblock (ip/netsize) string and port to sockaddr. 193 * *SLOW*, does a malloc internally to avoid writing over 'ip' string. 194 * @param ip: ip4 or ip6 address string. 195 * @param port: port number, host format. 196 * @param addr: where to store sockaddr. 197 * @param addrlen: length of stored sockaddr is returned. 198 * @param net: netblock size is returned. 199 * @return 0 on error. 200 */ 201 int netblockstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 202 socklen_t* addrlen, int* net); 203 204 /** 205 * Store port number into sockaddr structure 206 * @param addr: sockaddr structure, ip4 or ip6. 207 * @param addrlen: length of addr. 208 * @param port: port number to put into the addr. 209 */ 210 void sockaddr_store_port(struct sockaddr_storage* addr, socklen_t addrlen, 211 int port); 212 213 /** 214 * Print string with neat domain name, type and class. 215 * @param v: at what verbosity level to print this. 216 * @param str: string of message. 217 * @param name: domain name uncompressed wireformat. 218 * @param type: host format RR type. 219 * @param dclass: host format RR class. 220 */ 221 void log_nametypeclass(enum verbosity_value v, const char* str, 222 uint8_t* name, uint16_t type, uint16_t dclass); 223 224 /** 225 * Compare two sockaddrs. Imposes an ordering on the addresses. 226 * Compares address and port. 227 * @param addr1: address 1. 228 * @param len1: lengths of addr1. 229 * @param addr2: address 2. 230 * @param len2: lengths of addr2. 231 * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 232 */ 233 int sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1, 234 struct sockaddr_storage* addr2, socklen_t len2); 235 236 /** 237 * Compare two sockaddrs. Compares address, not the port. 238 * @param addr1: address 1. 239 * @param len1: lengths of addr1. 240 * @param addr2: address 2. 241 * @param len2: lengths of addr2. 242 * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 243 */ 244 int sockaddr_cmp_addr(struct sockaddr_storage* addr1, socklen_t len1, 245 struct sockaddr_storage* addr2, socklen_t len2); 246 247 /** 248 * Checkout address family. 249 * @param addr: the sockaddr to examine. 250 * @param len: the length of addr. 251 * @return: true if sockaddr is ip6. 252 */ 253 int addr_is_ip6(struct sockaddr_storage* addr, socklen_t len); 254 255 /** 256 * Make sure the sockaddr ends in zeroes. For tree insertion and subsequent 257 * comparison. 258 * @param addr: the ip4 or ip6 addr. 259 * @param len: length of addr. 260 * @param net: number of bits to leave untouched, the rest of the netblock 261 * address is zeroed. 262 */ 263 void addr_mask(struct sockaddr_storage* addr, socklen_t len, int net); 264 265 /** 266 * See how many bits are shared, equal, between two addrs. 267 * @param addr1: first addr. 268 * @param net1: netblock size of first addr. 269 * @param addr2: second addr. 270 * @param net2: netblock size of second addr. 271 * @param addrlen: length of first addr and of second addr. 272 * They must be of the same length (i.e. same type IP4, IP6). 273 * @return: number of bits the same. 274 */ 275 int addr_in_common(struct sockaddr_storage* addr1, int net1, 276 struct sockaddr_storage* addr2, int net2, socklen_t addrlen); 277 278 /** 279 * Put address into string, works for IPv4 and IPv6. 280 * @param addr: address 281 * @param addrlen: length of address 282 * @param buf: result string stored here 283 * @param len: length of buf. 284 * On failure a string with "error" is stored inside. 285 */ 286 void addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, 287 char* buf, size_t len); 288 289 /** 290 * See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0" 291 * @param addr: address 292 * @param addrlen: length of address 293 * @return true if so 294 */ 295 int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen); 296 297 /** 298 * See if sockaddr is 255.255.255.255. 299 * @param addr: address 300 * @param addrlen: length of address 301 * @return true if so 302 */ 303 int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen); 304 305 /** 306 * See if sockaddr is 0.0.0.0 or ::0. 307 * @param addr: address 308 * @param addrlen: length of address 309 * @return true if so 310 */ 311 int addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen); 312 313 /** 314 * Insert new socket list item. If fails logs error. 315 * @param list: pointer to pointer to first item. 316 * @param addr: address or NULL if 'cache'. 317 * @param len: length of addr, or 0 if 'cache'. 318 * @param region: where to allocate 319 */ 320 void sock_list_insert(struct sock_list** list, struct sockaddr_storage* addr, 321 socklen_t len, struct regional* region); 322 323 /** 324 * Append one list to another. Must both be from same qstate(regional). 325 * @param list: pointer to result list that is modified. 326 * @param add: item(s) to add. They are prepended to list. 327 */ 328 void sock_list_prepend(struct sock_list** list, struct sock_list* add); 329 330 /** 331 * Find addr in list. 332 * @param list: to search in 333 * @param addr: address to look for. 334 * @param len: length. Can be 0, look for 'cache entry'. 335 * @return true if found. 336 */ 337 int sock_list_find(struct sock_list* list, struct sockaddr_storage* addr, 338 socklen_t len); 339 340 /** 341 * Merge socklist into another socket list. Allocates the new entries 342 * freshly and copies them over, so also performs a region switchover. 343 * Allocation failures are logged. 344 * @param list: the destination list (checked for duplicates) 345 * @param region: where to allocate 346 * @param add: the list of entries to add. 347 */ 348 void sock_list_merge(struct sock_list** list, struct regional* region, 349 struct sock_list* add); 350 351 /** 352 * Log libcrypto error with descriptive string. Calls log_err(). 353 * @param str: what failed. 354 */ 355 void log_crypto_err(const char* str); 356 357 /** 358 * Set SSL_OP_NOxxx options on SSL context to disable bad crypto 359 * @param ctxt: SSL_CTX* 360 * @return false on failure. 361 */ 362 int listen_sslctx_setup(void* ctxt); 363 364 /** 365 * Further setup of listening SSL context, after keys loaded. 366 * @param ctxt: SSL_CTX* 367 */ 368 void listen_sslctx_setup_2(void* ctxt); 369 370 /** 371 * create SSL listen context 372 * @param key: private key file. 373 * @param pem: public key cert. 374 * @param verifypem: if nonNULL, verifylocation file. 375 * return SSL_CTX* or NULL on failure (logged). 376 */ 377 void* listen_sslctx_create(char* key, char* pem, char* verifypem); 378 379 /** 380 * create SSL connect context 381 * @param key: if nonNULL (also pem nonNULL), the client private key. 382 * @param pem: client public key (or NULL if key is NULL). 383 * @param verifypem: if nonNULL used for verifylocation file. 384 * @return SSL_CTX* or NULL on failure (logged). 385 */ 386 void* connect_sslctx_create(char* key, char* pem, char* verifypem); 387 388 /** 389 * accept a new fd and wrap it in a BIO in SSL 390 * @param sslctx: the SSL_CTX to use (from listen_sslctx_create()). 391 * @param fd: from accept, nonblocking. 392 * @return SSL or NULL on alloc failure. 393 */ 394 void* incoming_ssl_fd(void* sslctx, int fd); 395 396 /** 397 * connect a new fd and wrap it in a BIO in SSL 398 * @param sslctx: the SSL_CTX to use (from connect_sslctx_create()) 399 * @param fd: from connect. 400 * @return SSL or NULL on alloc failure 401 */ 402 void* outgoing_ssl_fd(void* sslctx, int fd); 403 404 /** 405 * Initialize openssl locking for thread safety 406 * @return false on failure (alloc failure). 407 */ 408 int ub_openssl_lock_init(void); 409 410 /** 411 * De-init the allocated openssl locks 412 */ 413 void ub_openssl_lock_delete(void); 414 415 #endif /* NET_HELP_H */ 416