Lines Matching refs:header
554 static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
576 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
637 static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
651 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
652 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
669 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, (MAXDNAME * 2) - left1, &p1, &dp1)) == 0)
680 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, (MAXDNAME *2) - left2, &p2, &dp2)) == 0)
724 static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
739 if (!(p = skip_questions(header, plen)))
745 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
753 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
764 if (!CHECK_LEN(header, p, plen, rdlen))
796 if (!ADD_RDLEN(header, p, plen, rdlen))
811 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
835 if (!extract_name(header, plen, &p, keyname, 1, 0))
890 if (!extract_name(header, plen, &p, name, 1, 10))
921 if (!CHECK_LEN(header, p, plen, rdlen))
930 for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)) != 0; len += seg);
938 while ((seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)))
948 extract_name(header, plen, &p, name, 1, 0);
979 int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
981 unsigned char *psave, *p = (unsigned char *)(header+1);
987 if (ntohs(header->qdcount) != 1 ||
988 !extract_name(header, plen, &p, name, 1, 4))
994 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
1022 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
1025 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1033 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
1057 if (!ADD_RDLEN(header, p, plen, rdlen))
1094 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
1109 p = skip_questions(header, plen);
1111 for (j = ntohs(header->ancount); j != 0; j--)
1114 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1122 if (!CHECK_LEN(header, p, plen, rdlen))
1195 if (!ADD_RDLEN(header, p, plen, rdlen))
1218 int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1220 unsigned char *p = (unsigned char *)(header+1);
1223 if (ntohs(header->qdcount) != 1 ||
1224 !(p = skip_name(p, header, plen, 4)))
1233 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer, &nons);
1239 p = (unsigned char *)(header+1);
1240 extract_name(header, plen, &p, name, 1, 4);
1243 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
1266 if (RCODE(header) == NXDOMAIN)
1274 for (i = ntohs(header->nscount); i != 0; i--)
1276 if (!(p = skip_name(p, header, plen, 0)))
1284 if (!CHECK_LEN(header, p, plen, rdlen))
1297 if (!(p = skip_name(p, header, plen, 0)))
1300 if (!(p = skip_name(p, header, plen, 20)))
1395 static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1401 unsigned char *p = skip_questions(header, plen);
1405 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1408 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1412 if (!(p = skip_name(p, header, plen, 10)))
1436 if (!ADD_RDLEN(header, p, plen, rdlen))
1446 static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1461 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1466 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1488 if (!CHECK_LEN(header, p, plen, rdlen))
1586 static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
1595 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1607 if (!CHECK_LEN(header, p, plen, hash_len))
1625 if (!CHECK_LEN(header, p, plen, rdlen))
1667 static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1687 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1705 if (!CHECK_LEN(header, salt, plen, salt_len))
1716 if (!(p = skip_name(nsec3p, header, plen, 15)))
1733 if (!CHECK_LEN(header, p, plen, salt_len))
1750 if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons))
1772 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1795 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
1810 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
1819 int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
1830 if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
1833 if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
1836 qname = p1 = (unsigned char *)(header+1);
1838 if (!extract_name(header, plen, &p1, name, 1, 4))
1853 for (j = ntohs(header->ancount); j != 0; j--)
1857 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1878 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
1886 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1894 if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1900 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
1902 if (!extract_name(header, plen, &p1, name, 1, 10))
1916 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1927 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1942 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
1952 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
1956 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, NULL);
1958 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
1974 if (cname_count == CNAME_CHAIN || i < ntohs(header->ancount))
1977 else if (!extract_name(header, plen, &qname, keyname, 1, 0))
1987 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
1989 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1997 if (!CHECK_LEN(header, p2, plen, rdlen2))
2074 if (!ADD_RDLEN(header, p2, plen, rdlen2))
2082 if (!ADD_RDLEN(header, p1, plen, rdlen1))
2092 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
2099 else if (!extract_name(header, plen, &qname, keyname, 1, 0))
2106 if (!extract_name(header, plen, &qname, name, 1, 0))
2110 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, nons);
2112 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL, nons);
2121 int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
2123 unsigned char *p = (unsigned char *)(header+1);
2129 if (!extract_name(header, plen, &p, name, 1, 4))
2137 for (j = ntohs(header->ancount); j != 0; j--)
2139 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
2150 if (!ADD_RDLEN(header, p, plen, rdlen))
2160 rc = validate_rrset(now, header, plen, class, type, name, keyname, &wildname, NULL, 0, 0, 0);
2171 if (!(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class)))
2181 if (!extract_name(header, plen, &p1, daemon->workspacename, 1, 0))
2184 rc = validate_rrset(now, header, plen, class, nsec_type, daemon->workspacename, keyname, NULL, NULL, 0, 0, 0);
2195 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type, NULL);
2197 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
2213 !extract_name(header, plen, &p, name, 1, 0) ||
2214 !(p = skip_questions(header, plen)))
2248 size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class,
2262 header->qdcount = htons(1);
2263 header->ancount = htons(0);
2264 header->nscount = htons(0);
2265 header->arcount = htons(0);
2267 header->hb3 = HB3_RD;
2268 SET_OPCODE(header, QUERY);
2271 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
2275 p = (unsigned char *)(header+1);
2282 ret = add_do_bit(header, p - (unsigned char *)header, end);
2284 if (find_pseudoheader(header, ret, NULL, &p, NULL))
2292 static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2300 if (!CHECK_LEN(header, ansp, plen, 1))
2312 if (!CHECK_LEN(header, ansp, plen, 2))
2318 p = offset + (unsigned char *)header;
2347 if (!CHECK_LEN(header, ansp, plen, 2))
2364 if (!ADD_RDLEN(header, ansp, plen, len))
2378 static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2383 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
2387 if (!(p = skip_name(p, header, plen, 10)))
2398 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2409 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2415 if (!ADD_RDLEN(header, p, plen, rdlen))
2423 size_t filter_rrsigs(struct dns_header *header, size_t plen)
2428 unsigned char *p = (unsigned char *)(header+1);
2431 if (ntohs(header->qdcount) != 1 ||
2432 !(p = skip_name(p, header, plen, 4)))
2441 i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
2447 if (!(p = skip_name(p, header, plen, 10)))
2463 if (!ADD_RDLEN(header, p, plen, rdlen))
2468 if (i < ntohs(header->ancount))
2470 else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
2475 else if (!ADD_RDLEN(header, p, plen, rdlen))
2486 p = (unsigned char *)(header+1);
2489 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2494 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2501 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2507 plen = p - (unsigned char *)header;
2508 header->ancount = htons(ntohs(header->ancount) - chop_an);
2509 header->nscount = htons(ntohs(header->nscount) - chop_ns);
2510 header->arcount = htons(ntohs(header->arcount) - chop_ar);
2513 p = (unsigned char *)(header+1);
2515 check_name(&p, header, plen, 1, rrs, rr_found);
2518 check_rrs(p, header, plen, 1, rrs, rr_found);
2523 unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2527 unsigned char *p = (unsigned char *)(header+1);
2535 for (q = ntohs(header->qdcount); q != 0; q--)
2537 if (!extract_name(header, plen, &p, name, 1, 4))
2546 if (!CHECK_LEN(header, p, plen, 0))